ISP with native ipv6 in isarael

[Beni Cherniavsky-Paskin]

2016-01-12 19:18 GMT+02:00 Shachar Shemesh <shachar at shemesh.biz>:
>
> Down sides:
> You are still going to be using NAT. Since the IPv6 support in Israel is virtually non-existent, which means you will be using your IPv4 address quite a lot. You only get one of those.

Do you mean still using NAT for IPv4 connections, or everything?
My machines all get world-addressable IPv6 addresses on Xfone (after
disabling firewall in bezeq's router, see below),
so there seems to be no NAT involved with IPv6.
IPv4 functions normally, obviously using NAT.  It's hard to call that
a downside, since getting a dozen IPv4 addresses can't be cheap.

==== dump of mail (with small edits) I thought I sent Shachar and the
list about a year ago, but I see haven't reached the list ====

I've been using Xfone summer 2015 and am satisfied — but see problems
(A) (B) below.

I'm on Bezeq ADSL which gave me a free modem with wifi router
(DSL-6850U), whose wifi I really can't recommend (see (B)).
With zero configuration on my part every device (ubuntu, chromebox,
android) got an IPv6 address and outgoing IPv6 connections Just Worked
:-)
All it took* to get incoming IPv6 to any device to work is:
  Setup -> WAN Service -> PPPoE -> ppp1.1: disabled firewall
(I believe this disables both IPv4 and IPv6 firewall, which I'm fine
with.  There is a separate NAT setting which I left on — AFAICT all
NAT and port forwarding settings only affect IPv4.)
* after a lot of trial-and-error, but I logged all config chages and
am pretty confident this is all it takes.

AFAICT Xfone gives me a /64 block.  Sounds enough to me, but I've seen
claims that ideally I should want /48 or /56 to allow subnetting
(really?  all this fuss to go from 2^32 homes to 2^48 homes?  what a
waste.  RFC1606 notwithstanding, I haven't yet bought 2^64
individually addressable atoms...)

I'll be happy to answer any questions.

----

Problems:

(A) Speed on fastest plan is not so fastest?
    For half a year I was on Xfone's 30/40 plan and Bezeq's "T40"
plan, which is their brilliantly devious marketing speak for "at least
20Mbps and *at most* 40Mbps" — in practice I was getting around 20,
but technically can't complain.
    On the upside I'm always seeing a bit over the promised 3Mbps upload.
    But yesterday I noticed that Bezeq upgraded me to "T100" — without
asking or telling me! — though for same 85/NIS price (at least till
first year ends), so I upgraded Xfone to the "all speeds above" plan
for only 10NIS more — and now I'm getting around 30Mbps (and same
3Mbps upload).
    I don't know what's the physical ADSL limit here but modem reports
"B0 Line Rate - Upstream (Kbps): 5021, Downstream (Kbps): 49231" so I
could hope for a bit more?
    Oh well, it's still faster and cheaper than I had in Los Angeles :-)

    I'm mostly mentioning this because I've read a friend on facebook
saying a similar thing - that he was happy with Xfone until he
upgraded to the highest speed where they didn't deliver.

    [UPDATE: a year later, I'm still on T100 & 100 plans, but
regularly measuring only 15~17Mbps.  Time to complain and/or
downgrade...  BTW, Nezeq's site advertises T100 as "maximum 100M
minimum 0.01M"!?]

(B) Internet connectivity lost several times a day (wifi still thinks
it's connected, but packets don't go anywhere), easily fixed by
disabling and re-enabling wifi on the device.  Happens on both laptops
and android tablet.
    This is lousy, I've never really managed to debug this but I'm
pretty sure Bezeq's router wifi is to blame, and not Xfone:
    - It can happen on one device while others have fine connectivity.
Toggling wifi helps.  Resetting the router helps.
    - Most tellingly, a 2nd ethernet-chained wifi router behaves quite reliably.
      However, that one only supports IPv4, so theoretically the
problem could be IPv6-specific (and due to no NAT, could involve the
ISP).
    - Anecdotally, it happens less after I reduced the number of wifi
networks Bezeq's router maintains from 6 ({encrypted net, open guest
net, Bezeq Free captive portal net} X {2.4GHz, 5Ghz}) to 2 or 3...

----

Brain dump & tips on starting with IPv6 [I imagine Shachar knows all
this but for others, including future me ;-]:

test & check address: http://ip6.me, http://ipv6-test.com,
http://nmapv6.tools.uebi.net/
speed tests: http://speedtest.comcast.net/, http://proof.ovh.net/,
http://sixy.ch/tags/speed, http://ipv6-speedtest.net/

commands: ping6, curl -6, nmap -6.  host prints both addresses if
known, -6 only affects how it talks to dhs server.

For a remote shell to test connectivity, Digital ocean is probably
simplest (look for IPv6 checkbox when creating a droplet, available in
most their locations).

IPv6 gives you several address, some local, some periodically rotated
[https://home.regit.org/2011/04/ipv6-privacy/].  To get the public
one:
ip -o addr | grep 'global' | grep -v temporary | grep -v deprecated |
sed -n 's/.*inet6 *\([a-f0-9:]\+\).*/\1/p'

Dynamic DNS (TODO - I still haven't got it to work):

- https://dns.he.net
They're nice even for ipv4 dyndns - free for 50 zones with no "click
here to keep your host alive" - BUT they only serve DNS without
handing out any domain names, so you must own a domain already.

mainline ddclient still don't support IPv6.  A patch has been floating
since 2011.
ez-ipudate has 'heipv6tb' mode but that's for he.net's tunnel broker,
not their dns.

inadyn-mt supports IPv6.
https://github.com/infothrill/python-dyndnsc supports IPv6.

- https://www.duiadns.net/ipv6-for-lan-feature - cool feature but has
to run on router.

- https://nsupdate.info/  - Just saw them, promising.  Recommends
python-dyndnsc.

- dhis.org, updates by dhis-client.
  needs one-time $5 donation and limited to 3 hosts (but could run
your own dhis-server).