ISP Prefix Delegation conversation pointers

[ToasterPC]

Hello everyone!

So over the past week, several of my Homelab's projects started behaving erratically while on the go, since fortunately my phone's carrier finally started deploying IPv6 to regular customers (with a faulty DNS server, but at least they're working on it).

Turns out that now since my phone can try to use a dual-stack connection instead of only a CGNAT, anything I had configured with an AAAA record would freeze and timeout, only going back to the A record after several retries.

Thing is, my ISP only gives its customers a /64 from what I'm able to gather, and considering asking for anything beyond a reboot during troubleshooting with them tends to go sideways (I had to sue them to be allowed to use the bridge mode on my ONT), so I was wondering if anyone had any pointers on how to bring up the topic of prefix delegation with an ISP and successfully getting to at least a quote and/or reasonable answer.

I do work from home at the moment, and while I have a residential connection, upgrading to a small business contract is not out of the question if needed.

Under normal circumstances, even bringing up the topic of subnetting, using anything aside from their GPON ONT CPE in the network, or PPPoE to the personnel at their end tends to receive puzzled looks at worst, or them trying to justify their usage as Enterprise-only features that would make the bill increase tenfold at the best of times.

So if there's anything in particular I should try to mention, I'd love to hear from others in similar situations how they were able to get the point across.

Cheers and thanks in advance!

[OPNenthu]

Just one opinion: unless you have business class service, don't even bring this up with the support agent.  If you have options where you live try to find an ISP that you already know, from online research or word of mouth, that does prefix delegation with more than a /64.  For example here in the northeast US region, I know from experience that Comcast Xfinity honors a /60 PD request and Verizon Fios honors /56 at the time of writing.  You can call and ask before signing a contract, too.

Some ISPs maintain lists of supported 3rd party devices.  You'll typically find retail devices on the list, the likes of Motorola, Asus, TP-Link, etc.  Some Ubiquiti devices show up on the Comcast list now.   IMO, if the ISP lists retail devices that support VLANs and sub-netting as a core function, that's a good sign.  You likely won't find Deciso, Netgate, Protectli, etc.  That doesn't mean those won't work, just that the ISP doesn't officially support them.  You're on your own and if you mention it to the support agent they might escalate in an unhelpful way.

[EricPerl]

While I haven't had to deal with IPv6 yet (my ISP doesn't support it), I've done a little bit of reading on that subject, to be prepared (it's supposedly in the works).
RFC 6177 is the guidance.

While /64 is legit, it makes the case for smaller prefixes to allow multiple subnets.
That RFC was written in 2011...
GUEST or IOT subnets are even more prevalent today than they were back then.

Personally, I don't really understand the ISP pushback here.
It doesn't seem like allocating a /56 or /60 versus a /64 is costing them anything but the software costs of managing the smaller allocations (which is trivial).
I might understand a small add-on but nothing like switching to a business tier...

[ToasterPC]

Just one opinion: unless you have business class service, don't even bring this up with the support agent.  If you have options where you live try to find an ISP that you already know, from online research or word of mouth, that does prefix delegation with more than a /64.  For example here in the northeast US region, I know from experience that Comcast Xfinity honors a /60 PD request and Verizon Fios honors /56 at the time of writing.  You can call and ask before signing a contract, too.

Some ISPs maintain lists of supported 3rd party devices.  You'll typically find retail devices on the list, the likes of Motorola, Asus, TP-Link, etc.  Some Ubiquiti devices show up on the Comcast list now.  IMO, if the ISP lists retail devices that support VLANs and sub-netting as a core function, that's a good sign.  You likely won't find Deciso, Netgate, Protectli, etc.  That doesn't mean those won't work, just that the ISP doesn't officially support them.  You're on your own and if you mention it to the support agent they might escalate in an unhelpful way.

To be completely honest, I agree with you. Thing is, here in Mexico there's a single sided monopoly over networking that's pretty inescapable most of the time.

Be it for business or residential use, there are only four ISPs operating within the country (Telmex, Izzi, TotalPlay and Megacable), though in practice there's only one (Telmex).

Except for the last one (they still operate using Coaxial), every other provider works with FTTH, even though they all encapsulate traffic with PPPoE and none of them offer symmetrical connectivity for residential services (you're only able to ask for it with a business contract and just if you agree to an additional 60% markup fee).

Only Telmex gives out dynamic IPv4 addresses that change only when the link drops, all the others use CG-NAT and coverage is a hit or miss.

The final nail in the coffin is that the parent company of Telmex is also the majority owner of the biggest two cell carriers (Telcel and Movistar), while all of them fall under the umbrella of America Móvil (who operates several providers under different names for most of Latin America, be it Telmex, Telnor, Claro, or others), so even if you ignore them as an option to make the contract, sooner or later your connection to the rest of the world will go through their infrastructure in some fashion (be it as a gateway, ASN, or even a submarine cable).

For better or worse the service is decent as long as you only need an uplink, even their own IPv6 address blocks have been registered since around 2013. The main problem arises with implementation times (it took them till last week to enable IPv6 on the mobile side, and they still had issues routing DNS traffic over it). So as far as choice comes, in practice there's no other provider within the country no matter where you look.

If nothing else, let this be a decent cautionary tale of the end result of a monopoly.

[ToasterPC]

While I haven't had to deal with IPv6 yet (my ISP doesn't support it), I've done a little bit of reading on that subject, to be prepared (it's supposedly in the works).
RFC 6177 is the guidance.

While /64 is legit, it makes the case for smaller prefixes to allow multiple subnets.
That RFC was written in 2011...
GUEST or IOT subnets are even more prevalent today than they were back then.

Personally, I don't really understand the ISP pushback here.
It doesn't seem like allocating a /56 or /60 versus a /64 is costing them anything but the software costs of managing the smaller allocations (which is trivial).
I might understand a small add-on but nothing like switching to a business tier...

I also agree with you.
I've been looking into this since switching to fiber on some fashion or other, and it definitely seems that from the support standpoint there's a marginally better chance of getting anywhere with a business contract (lucky for me, this wouldn't even make any difference from a price standpoint at the moment).

Getting anyone to listen on their end is still a shot in the dark from what I can tell, but this thread has convinced me of at least trying to upgrade my contract for the time being. So, thanks everyone for helping me organize my thoughts on the matter!

[EricPerl]

Even the basic tier of support should understand GUEST and IOT subnets. It's 2025.
With IPv4, all of this ends up being hidden behind NAT (and centrally handled on the edge router in many scenarios, including homes).
The ISP is blissfully unaware.

How do ISPs only providing a /64 IP expect customers to handle this for IPv6?
If the service tier getting a smaller prefix is called "business", doesn't cost more and doesn't come with additional burden, then by all means...
I was under the impression from your original post that the cost could be x10 (probably with other benefits like higher bandwidth or better SLAs and support).

[OPNenthu]

[...] though in practice there's only one

This comment resonates with me here in the U.S. as well.

We have multiple ISPs doing business so they technically get to evade any accusation of being a monopoly, but if you look closely they do not really compete with each other.  They have gerrymandered the service areas where they operate such that one ISP operates in one neighborhood, but the other one has the next neighborhood.

Where I live the two main residential providers for terrestrial internet are Verizon and Comcast, but one of them does not offer service to my address.  A nearby neighbor however was able to get the service.  Make that make sense.

Other providers such as AT&T and T-Mobile are not terrestrial.  You can get satellite or 5G cellular, but IMO these are a different class of service altogether and not the best for gamers or work-from-home situations where Teams/Zoom calls are common.

Google Fiber has been in service for years now, but for some reason they still haven't rolled out to my area where Comcast is headquartered.  How interesting.

How do ISPs only providing a /64 IP expect customers to handle this for IPv6?

They don't.  Most of their residential customers are going to be using the ISP-provided WiFi gateway which limits them to a flat network.  The typical home has everything on the same subnet, and I think the ISPs still operate with this mindset.

[EricPerl]

A Guest Wi-Fi network for visitors is fairly common, even on consumer routers.
It's been years since I've used one of those, but I suspect they use subnetting.
How would this work with a /64 prefix?

Fortunately, it seems my ISP (I technically have a choice but my other option is Comcast) is deploying IPv6 with /56 prefixes, per the RFC.
I'll know more when it's actually available (within a few months supposedly. I'm not holding my breath because it's been in the works for ~5 years).
It may have to do with the fact that there are a lot of tech folks around here, so more complex network topologies could be more common.

[OPNenthu]

A Guest Wi-Fi network for visitors is fairly common, even on consumer routers.

One way to achieve this for guests is via client device isolation on a separate SSID.  I'm not sure that the guest "network" needs to be a separate subnet, per se.  Someone check me :)

[EricPerl]

The separate SSID is a given. That's how you "identify" the Wi-Fi guests.

Apparently, there are implementations that hack guest behavior by just dropping packets to RFC1918 networks in code or via iptables.
That works for IPv4. I don't believe there's an equivalent for IPv6.

And that's limited to Wi-Fi clients.

[OPNenthu]

Maybe different implementations out there (?)  From what I remember my old Asus router which supported one "Guest" SSID per frequency band was handing out IPs in the same 192.168.1.0/24 range as the non-Guest SSIDs, but memory fails me now.  I wasn't using IPv6 at the time so can't speak to that.  But from what I'm reading the feature doesn't rely on Layer 3 filtering at all.  If it's doing some trickery based on encryption keys or MAC address filtering, then you're set in either case.  https://security.stackexchange.com/questions/16751/wireless-client-isolation-how-does-it-work-and-can-it-be-bypassed

I just watched a video that challenged my view on the ISP discussion.

I knew that Comcast was bleeding subscribers for a while now, but I thought it was mostly impacting the cable TV business.  I didn't realize that they posted massive broadband subscriber losses in Q1.  The interesting thing he talks about in the video is that people are choosing non-terrestrial options or lesser service plans elsewhere even if it costs the same or a bit more.  I didn't expect that.  So, competition is there, but it's not apples-to-apples service types.

[meyergru]

Even if the AP has means to separate out WiFi clients on the same (Unifi APs can do that) or different SSIDs, it would not solve the problem that those WiFi clients could still talk to clients beyond the AP, e.g. LAN clients on the same IPv6 network. The smallest netmask for IPv6 is /64 and if you want a routed connection betwenn two of such networks, you obviously need seomthing bigger than /64.

You might get away with one /64 if you use static reservations and no IPv6 privacy, but it is a PITA and probably infeasible when the prefix is dynamic, as well. I was glad that my cloud hoster, Hetzner, issued a free /56 prefix besides their one default /64 range (and both of them are static, too, which is a neccessity for mail gateways).

[Maurice]

You could try multiple concurrent PPPoE instances. Probably blocked by your ISP, but it's worth a try.