cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NEED SOME HELP?

We’re here 24/7. 365 days a year.
Ask questions. Find your answers. Connect.

IPv6 ROUTERS

Billx
Super Duper Contributor
Private Message TalkTalk
Message 18 of 18

Just a general question.

 

Do any of TalkTalk's routers support IPv6? Does TalkTalk support IPv6, using a third party router?

Similarly,  do any of TalkTalk's routers support  WPA3-Personal WIFI Security?

 

Thanks

Bill

 

0 Likes
17 REPLIES 17

Billx
Super Duper Contributor
Private Message TalkTalk
Message 1 of 18

OK. Thanks, @KeithFrench 

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 2 of 18

Their effect will be either on ICMP (inc v6) traffic in & out of the PC's firewall. I wouldn't bother about them, but you could probably disable the rules if you really want & wait to see what no longer works. However, if Windows puts them there by default, I would leave them well alone. I do not use the Windows firewall, preferring the one that is part of the security suite I use.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

Billx
Super Duper Contributor
Private Message TalkTalk
Message 3 of 18

@KeithFrench 

 

I understand that they are perfectly normal, but could they be currently in effect, after previously, some time ago, having disabled IPv6 for the 2 network adapters in the computer? Could they just be operating within the computer, without having any effect outside of it?

Or not having any effect at all, even though they show in the firewall?

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 4 of 18

Hi @Billx 

 

These rules are perfectly normal, they are just showing what type of ICMP & ICMPv6 packets to allow through the firewall & in which direction. Some if blocked will stop ICMP & v6 from doing their normal functions, although as I said before, it is often common to block ICMP PINGs particularly incoming from other devices, as a PING response identifies that there is a device on that IP address.

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Super Duper Contributor
Private Message TalkTalk
Private Message TalkTalk

Message 5 of 18

@KeithFrench 

I attach what I extracted from Windows Firewall.

I note that some of these entries are marked as 'Allow edge traversal'.

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 6 of 18

Without seeing these entries @Billx, I couldn't possibly comment. If you want to PM them to me I'll take a look.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Super Duper Contributor
Private Message TalkTalk
Message 7 of 18

@KeithFrench 

 

So, you are saying, that as I have disabled the 2 network adapters' IPv6 functionality, the dozen or so ICMPv6 entries in the Windows PC firewall have no effect and it is as if these entries weren't there? Because ICMPv6 is controlled from above, that is IPv6?

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 8 of 18

Hi @Billx 

 

ICMPv6 is the IPv6 version of ICMP (Internet Control Message Protocol). ICMP carries messaging such as PING and it also advises the originator of an IP packet that encounters a problem, a few of these include:-

 

  • Network unreachable
  • Host unreachable
  • Protocol unreachable
  • Port unreachable

A lot of routers block ICMP by default on all interfaces other than the local IP network. When I mention router here, I am talking about the router engine itself, not all the other components that I outlined in post #4.

 

If IPv6 is disabled in your PC, then ICMPv6 does not do anything as such, because it is only there to react to IPv6 communication problems. I have never bothered to disable IPv6 on a PC myself as it does not normally cause much problem.

 

Most protocols are end-to-end above the IP layer (i.e. client & server). They use either TCP or UDP and are addressable with their relevant port numbers. ICMP is different, it is there to inform the client of network problems reaching the server at the IP layer and therefore, does not use any ports at all.

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Super Duper Contributor
Private Message TalkTalk
Message 9 of 18

Hi @KeithFrench 

I was wondering whether we can extend the IPv6 discussion a bit?

 

We agree that Sagemcom does not support IPv6, also possibly the Eero.

I have also disabled IPv6 on my PC, at each of the wired and wireless adapters, as it is possible to do so.

 

My question is regarding ICMPv6, within the PC.

Is ICMPv6 part of IPv6? Does it remain operational while IPv6 is disabled?

Checking in my Windows PC firewall, it seems that ICMPv6 is well and truly alive, even though I have turned IPv6 off.

And if it is alive, what might be its special purpose? Why not just use TCP, UDP?

 

Thanking you in advance.

Bill

 

 

 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 10 of 18

Yes.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Super Duper Contributor
Private Message TalkTalk
Message 11 of 18

Yes, @KeithFrench 

So, that makes a 'domestic router' quite an extraordinary device. Much more than an AP.

 

Thanks

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 12 of 18

Hi @Billx 

 

One last thing, the domestic router includes another couple of functions that in the commercial environment would be one or more separate servers on a customer's network:-

 

  1. DHCP Server
  2. DNS Server

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 13 of 18

Hi @Billx 

 

I think the term "domestic router" might be better than "Common router"! These routers might be considered as cheap ISP provided routers, but under the hood, they perform some vastly complex tasks.

 

No, the WAN & LAN ports are totally different, although with the Eero, they autoconfigure depending on if they are connected to the ONT (WAN) or Ethernet device (LAN). The data switch as a separate unit is a collection of physical Ethernet ports. In some older units, the ports are 10/100Mbps, but these days they should (hopefully) be capable of operating at Gigabit (1000Mbps) or even 2.5Gbps (2500Mbps). One or more ports connect to a single Ethernet port on the router. These are often referred to as uplink or in more advanced switches, trunk ports (mainly in the commercial sector). In most cheap Gigabit switches you can buy, any of the ports will work as the uplink one. So one way to think of this is that it allows a fixed maximum number of Ethernet ports to use the switch. In the case of the Sagemcoms, this is a maximum of four ports. With one stand alone Eero, there is only one Ethernet port, as the other becomes the WAN port to connect to an ONT. If you have more than one Eero, working as a mesh network, then the gateway Eero only has the one port, whereas each extender node has two.

 

WAn ports are part of the router itself and normally there is just one, but in more advanced installations (mainly in the commercial environment) there can be multiple WAN ports. They are four redundancy & load sharing type operations.

 

If you didn't have the router component, all of the attached local devices using their private IP address range on the same IP network and the WAN port has one public IP address, which crucially is on a different IP network to the local devices. Like that, there is no way to send IP packets to or from the internet, as they are on different IP networks. The local devices though, would still be able to communicate with each other. 

 

The whole point of a router is to route IP packets between different IP networks. Routers work on a different part of an IP packet (trying desperately to keep this as non-technical as possible) than locally connected devices sending data to & from each other.

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Super Duper Contributor
Private Message TalkTalk
Message 14 of 18

@KeithFrench 

Hi

 

Keith, that's very extensive. Thank you.

 

So, it seems that, for us commoners, an AP is less than a common router, as a common router contains a number of access points.

You say that a common router contains 'a data switch for the Ethernet LAN ports'. Does it also contain 'a data switch for the Wireless LAN ports'. Your point 5, this seems similar to the data switch, you refer in point 3? In that the router distributes data, according to which device/port has requested it?

 

Bill

 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 15 of 18

Hi @Billx 

 

Please bear in mind you asked the question & I answered it. If you didn't like some of the answers, which is fair enough, then you will have to take those up with TalkTalk. I am just a customer, therefore I have to influence over their product decisions.

 

It doesn't really matter about the router, as far as IPv6 is concerned, as I have not heard anything to suggest that the TalkTalk network supports IPv6 yet. 

 

Apart from what I mentioned about WPA3 earlier, the only other advantage is better encryption methods. So in a lot of ways, WPA2 Personal is almost as secure with WPA3 Personel, so long as the two main security features from WPA3 have been applied to WPA2 within the relevant APs, which is the case with both the Sagemcoms & Eero.

 

Sorry if I used the correct terminology, that is down to my technical background. For your information, the domestic router is a mixture of parts, in the commercial world these are separate units. For instance, neither the wireless or Ethernet LAN ports do any routing whatsoever. A domestic router consists of the units outlined below, all in the one convenient box:-

  1. Two wiress Access Points (AP). There is one for the 2.4GHz band & one for the 5GHz band. That is the case normally, but with technology improvements over time, some have more APs e.g. WiFi6E and WiFi7 or mesh units. Both the Sagemcom & Eero "routers" have the ability to form a mesh network with the appropriate extra hardware.
  2. A wireless controller to handle cross band operations, such as Band Steering.
  3. A data switch for the Ethernet LAN ports.
  4. A firewall.
  5. The router. The purpose of this is to handle all IP routing operations. This covers the private IP address range of the locally connected devices and the public IP address of the router's WAN interface and hence out to the internet.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Super Duper Contributor
Private Message TalkTalk
Message 16 of 18

@KeithFrench 

So you say, that no Sagemcom supports either IPv6, or WPA3-Personal. That's too bad.

You say that the Eero has just got off the ground.

 

As far as I know AX chip routers and devices, all support WIFI WPA3-Personal Security. There seems to be an abundance of AX-based routers. Both my main devices have AX based WIFI interface and support WPA3-Personal. If only my internet provider supported it as well, I'd be able to test it. My other devices, I don't now what they support, and I don't care that much.

 

By the way, by AP, do you mean what is commonly called a router?

 

Thanks

Bill

 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 17 of 18

I am not sure if the Eero supports IPv6 or not. No Sagemcom does at present. The Eero does support WPA3, but their app & website say that it is in beta and there are some bugs with it (listed on their website). No other router supports WPA3, but how many of your devices do?

 

The WPA3 security mode is a negotiated parameter when a Wi-Fi adapter is associating with an AP. They will agree on the highest security mode that they both support. This is crucial as the AP might support this mode, but a Wi-Fi adapter might only support WPA2 Personal. In that case, the connection will be secured using WPA2 Personal, not WPA3 Personal.

If the WPA3 implementation used by that AP was WPA3 Only, then the previously mentioned Wi-Fi adapter would not be able to associate with that AP at all.

WPA2 Personal has had two main enhancements added to it that are part of WPA3. These are:-
1. The KRAK vulnerability has been patched.
2. 802.11w was ratified back in 2019 and introduces Management Frame Protection (MFP).

This will require changes to the firmware of clients and access points. Alternatively, it might be available as a software-only upgrade to many types of hardware. This is also called Protected Management Frames (PMF).

Therefore, some APs and adapters that support WPA2 Personal are protected & others are not. This is a negotiated parameter on device connection, requiring them both to support 802.11w. Obviously, WPA3 mandates that MFP be supported on all APs & STAs that support WPA3. 802.11w should be implemented now on any device that supports 802.11ac.

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes