pfSense Support Subscription

Author Topic: pfSense 6to4?  (Read 3043 times)

0 Members and 1 Guest are viewing this topic.

Offline Transeau

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
pfSense 6to4?
« on: August 14, 2011, 09:51:34 am »
Hello,

With my Apple AEBS, I am able to leave the IPv6 tunnel set to "Automatic" and my LAN will have ipv6 access.  I'm assuming this is via Charter's 6to4 gateway. (Please correct me if I'm wrong)

Is there any way to have pfSense do the same?  I'm using the current 2.1-Dev and I'm able to configure an HE tunnel, but the 2mbps throughput is pretty limiting, given that I have 60/5 through Charter.

Thanks in advance.

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: pfSense 6to4?
« Reply #1 on: August 14, 2011, 02:45:19 pm »
You must be terminated on a very unlucky PoP of hurricane electric. They have no speed limits set for their IPv6 tunnels.

At home I can do about 30 via the tunnel and 40 native v4. So 2 sounds like a possible issue on the terminal server you are located on.

One of the most frequent issue is that some ISPs have poor peering with Hurricane Electric for IPv4. You might be able to find a terminal server closer by with a lower latency which directly reflects the amount of bandwidth available.

I have not investigated 6to4 support. It's also deprecated by the ietf, meaning that it should not be added to cpe devices at this point.

Offline Transeau

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: pfSense 6to4?
« Reply #2 on: August 14, 2011, 03:13:50 pm »
Interesting.  

My ping response to HE is 9ms and I'm only 7 hops to the server.
My router is an Atom D510 1.6Ghz dual core, 4GB with Intel NIC's.
Can you think of anything I should be looking at?

Thanks Again.
« Last Edit: August 14, 2011, 03:18:20 pm by Transeau »

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: pfSense 6to4?
« Reply #3 on: August 14, 2011, 04:25:18 pm »
The d510 is good for atleast 200 mbit. Nothing offhandnoffhand. Try a different pop or send a question to ipv6@he.net.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: pfSense 6to4?
« Reply #4 on: August 15, 2011, 08:03:21 am »
My HE tunnel does OK, I see between 7 and 10Mbps down and normally a bit less than 1Mbps up -- and everything I read says they do not throttle, etc.

Native ipv4 I see sustained values of around 16Mbps and 2Mbps up, speedboost shows more like 25Mbps and 4Mbps.. 

Im in chicago so use the chicago tunnel, but they do not peer with comcast so my tunnel ends up going through NY before getting back to Chicago ;) heheh I see around 40 to 44ms to the tunnel endpoint.

It works for what I am doing with ipv6 which is just playing, but I could see how lower bandwidth could cause people some grief.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline tebeve

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +0/-0
    • View Profile
Re: pfSense 6to4?
« Reply #5 on: August 15, 2011, 02:03:29 pm »
My HE tunnel does OK, I see between 7 and 10Mbps down and normally a bit less than 1Mbps up -- and everything I read says they do not throttle, etc.

Native ipv4 I see sustained values of around 16Mbps and 2Mbps up, speedboost shows more like 25Mbps and 4Mbps.. 

Im in chicago so use the chicago tunnel, but they do not peer with comcast so my tunnel ends up going through NY before getting back to Chicago ;) heheh I see around 40 to 44ms to the tunnel endpoint.

It works for what I am doing with ipv6 which is just playing, but I could see how lower bandwidth could cause people some grief.

John, I think you and I are on the same HE CHI tunnel (I'm just about 3 hours southwest of Chicago) and I also have Comcast. Down here from comcast I usually get 30Mbps down and ~1Mbps up... I had my connection pegged at 30Mbps via IPv6 the other day for well over an hour downloading ISO's from freebsd.org.

I thought I just had a straight hop to chicago... would be typical comcast to bounce you to NY first tho.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: pfSense 6to4?
« Reply #6 on: August 15, 2011, 03:35:20 pm »
I have never seen my ipv6 tunnel get more than like 11Mbps down on test sites, I should prob grab a large iso from ftp or something for a better test.

As to comcast hoping to New York, yeah something comcast would do for sure ;)  But not something that makes any sense at all if you ask me ;)

I keep toying with just changing my tunnel to the new york one to remove a hop, until such time that comcast either peers with HE or I get native connectivity..

Here is a trace to the chicago HE tunnel endpoint from my connection, how does yours look?

traceroute to tserv9.chi1.ipv6.he.net (209.51.181.2), 30 hops max, 60 byte packets
 1  pfsense.local.lan (192.168.1.253)  1.838 ms  1.750 ms  1.700 ms
 2  c-24-13-176-1.hsd1.il.comcast.net (24.13.176.1)  12.224 ms  16.532 ms  16.621 ms
 3  te-1-2-ur08.mtprospect.il.chicago.comcast.net (68.85.131.153)  11.130 ms  11.941 ms  11.861 ms
 4  68.86.187.193 (68.86.187.193)  12.992 ms  18.556 ms  18.475 ms
 5  pos-3-10-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.93.181)  17.551 ms  17.507 ms  18.116 ms
 6  pos-1-6-0-0-pe01.350ecermak.il.ibone.comcast.net (68.86.87.130)  17.581 ms  12.611 ms  17.919 ms
 7  208.178.58.61 (208.178.58.61)  16.588 ms  13.761 ms  13.957 ms
 8  HURRICANE-ELECTRIC-LLC-New-York.TenGigabitEthernet1-3.ar5.NYC1.gblx.net (64.209.92.98)  37.521 ms  38.730 ms  41.057 ms
 9  10gigabitethernet8-3.core1.chi1.he.net (72.52.92.178)  37.542 ms  37.786 ms  38.804 ms
10  tserv9.chi1.ipv6.he.net (209.51.181.2)  39.982 ms  39.942 ms  37.151 ms
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html

Offline tebeve

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +0/-0
    • View Profile
Re: pfSense 6to4?
« Reply #7 on: August 15, 2011, 04:03:10 pm »
Go get yourself an ISO off of freebsd.org, amazingly fast! (I thought I had some screenshots of it around here, as up until then, I'd never seen my v6 traffic graph work so hard!)

as to the IL -> NY -> CHI hop... yep, I get an almost identical traceroute...

Code: [Select]
traceroute to tserv9.chi1.ipv6.he.net (209.51.181.2), 30 hops max, 60 byte packets
 1  firewall.xxxxxxxxx.net (10.10.0.1)  0.222 ms  0.186 ms  0.160 ms
 2  c-98-212-78-1.hsd1.il.comcast.net (98.212.78.1)  10.381 ms  17.966 ms  37.926 ms
 3  68.85.178.141 (68.85.178.141)  17.920 ms  17.859 ms  17.835 ms
 4  te-3-2-ur04.peoria.il.chicago.comcast.net (68.87.211.145)  18.634 ms  18.615 ms  18.593 ms
 5  te-1-3-0-7-ar01.elmhurst.il.chicago.comcast.net (68.85.177.81)  27.660 ms  27.613 ms  27.591 ms
 6  pos-0-0-0-0-ar01.area4.il.chicago.comcast.net (68.87.230.233)  27.785 ms  27.213 ms  27.173 ms
 7  pos-3-10-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.93.181)  26.898 ms  19.453 ms  23.704 ms
 8  pos-1-0-0-0-pe01.350ecermak.il.ibone.comcast.net (68.86.86.34)  25.563 ms  25.683 ms  25.663 ms
 9  208.178.58.73 (208.178.58.73)  23.586 ms  23.577 ms  23.555 ms
10  HURRICANE-ELECTRIC-LLC-New-York.TenGigabitEthernet1-3.ar5.NYC1.gblx.net (64.209.92.98)  46.168 ms  46.128 ms  46.101 ms
11  10gigabitethernet8-3.core1.chi1.he.net (72.52.92.178)  49.307 ms  49.270 ms  49.258 ms
12  tserv9.chi1.ipv6.he.net (209.51.181.2)  45.760 ms  45.734 ms  45.631 ms

here here to native on Comcast... SOONER rather than later!


EDIT: Well, not quite identical... I have to first go to chicago, so I can get sent to NY, to be sent back! bah!
« Last Edit: August 15, 2011, 04:07:08 pm by tebeve »

Offline Transeau

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: pfSense 6to4?
« Reply #8 on: August 16, 2011, 11:54:23 am »
After doing more research Charter provides info for setting up a "6rd relay".  Is this supported by 2.1?

Offline databeestje

  • Administrator
  • Hero Member
  • *****
  • Posts: 1048
  • Karma: +0/-0
  • It just might be your luck day, if you only knew.
    • View Profile
Re: pfSense 6to4?
« Reply #9 on: August 19, 2011, 09:12:50 am »
I have no access to those either. So that's a bit hard.

6rd is a rather specific type of rollout which I don't think will be widely supported in the feature. Free.fr does have a huge deployment but needs to renumber before they actually give clients native Ipv6.

I sent a message to the support list detailing that you can now configure DHCP6 on your WAN interface of choice, either dynamic, static or pppoe.
It should basically work. I tested on a lab setup with a Cisco 1811 PPPoE server with DHCP6 Server, similar to what Comcast uses for their native deployments.
« Last Edit: August 19, 2011, 09:18:25 am by databeestje »