Sponsored Links

IPv6 (again)

I don't see any real difference between speeds on IPv6 or 4 on Windows PCs, this is on a 1Gig Openreach line, and using pfSense. I don't think this is a Windows issue.

...
I've just been having a think about this - I am sure your right in that it's not a Windows issue.

When I get a chunk of time though, I may:

(a) Put Linux on a spare laptop and try that, just to prove it's not Windoze being slow on IPv6.

(b) Briefly plumb a Windows box directly into the ONT and see what taking the DrayTek out of the loop reveals (I'd need to check that the NIC will let me spoof the DrayTek's MAC).

The main problem is finding the chunk of time!
 
@macklij

Assuming you still have the Linksys router you should have been given at installation, trying that instead of the Draytek would be worth a go and it should be an “acceptable” device for the network.

I didn’t need to copy the Linksys MAC address to get my Draytek working and you might find the Linksys works without messing or upsetting the Draytek operating when put back.

If you don’t get full speed with the Linksys then you have a question to put to Community Fibre.
 
@Barnet

Thanks. Good to know that the MAC on the supplied Linksys may work without a call to CF to clear the cache. At the moment it’s still sealed in its box.

I probably won’t touch until next week - the sunshine is too appealing. More soon.
 
NAT is simply a firewall rule (IP source => masquerade rule) there is no hardware acceleration used. Firewall rules are processed by the router CPU despite what Draytek marketing may tell you.
The point is, their IPv4 software may be much better optimised than their IPv6.

This is certainly the case for Mikrotik routers. For IPv4 there is "fasttrack" which bypasses most of the routing stack for packets belonging to existing connections that meet certain criteria - but it is not implemented for IPv6.

Using one of their low-end routers (hEX PoE, which has a single-core 800MHz MIPS processor), I was able to route 900Mbps of iperf LAN-to-LAN IPv4 traffic with fasttrack, but only about 300Mbps of IPv6.

The solution is to get a more powerful box. The RB4011, with its quad-core 1.4GHz ARM processor, laughs at a mere gigabit :cool:
 
Last edited:
The point is, their IPv4 software may be much better optimised than their IPv6.

....

The solution is to get a more powerful box. The RB4011, with its quad-core 1.4GHz ARM processor, laughs at a mere gigabit :cool:
Thanks. I think that is almost certainly what is going on.

I have decided the easy way to eliminate Windows being slow with IPv6 is to plug my laptop into a wired connection when I visit a university this week. I can get access to a port that is pretty much guaranteed 1Gb on both IPv4 and 6.

Then the only way to rule out poor DrayTek IPv6 performance is to, as you say, put something with more power in it's place. The thing is I am trying to be a least a little eco - I don't want something that uses more watts that the Draytek when at idle. I like the idea of playing with pfSense though. I'll investigate power consumption of those little boxes that run it well.
 
Sponsored Links
This is certainly the case for Mikrotik routers. For IPv4 there is "fasttrack" which bypasses most of the routing stack for packets belonging to existing connections that meet certain criteria - but it is not implemented for IPv6.
Nope, Mikrotik FastTrack connections bypass the *firewall* not the routing stack. Fast Track can't be used for all connection types (the router gets to choose) and generally only on existing established or *marked* connections.

And its still not *hardware accelerated*

Screenshot_20231010_084137.png
 
Nope, Mikrotik FastTrack connections bypass the *firewall* not the routing stack. Fast Track can't be used for all connection types (the router gets to choose) and generally only on existing established or *marked* connections.
It bypasses more than just the firewall, exactly as the section you quoted says: it bypasses connection tracking, queuing, IP accounting, IPSec, VRFs etc.

If you just want to short-circuit the firewall, there is "conntrack". Conntrack picks up some things which fasttrack doesn't, so you need two rules at the top of your chain:

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-mark=no-mark connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related

Conntrack works for IPv6 too, but there's no fasttrack.

Both of these only work for established sessions, so at least the first packet needs to go through the full firewall chain.
And its still not *hardware accelerated*
I never said it was, and I'm not sure anyone else did either.

It was an example of why a pure software router may perform better on throughput tests for IPv4 than it does for IPv6.
 
it bypasses connection tracking, queuing, IP accounting, IPSec, VRFs etc.
All firewall functions.. connection tracking is *how* the firewall is able to operate.. if it bypasses the firewall using Fast Track it also bypasses all associated functions, as is noted in the screengrab
I never said it was, and I'm not sure anyone else did either.

Post #2

It is possible the Draytek might be slower on IPv6 depending on the SoC, as with IPv4 it might be mostly, or all, hardware accelerated but IPv6 could be routed via software. They might say in the specifications for your model what it should do with hardware enabled and disabled.

Draytek Vigor 2866 marketing..

Screenshot_20231012_231717.png
 
Just to follow up on the slow IPv6 performance. It was the Draytek that does IPv4 at full speed (with hardware acceleration), but is slow on IPv6 which isn't accelerated.

I ordered a little 'router PC' from AliExpress and installed OPNsense on it. It's based on an Intel N100 and uses about 10W in total. After a bit of confusion on my part about the size of the IPv6 prefix that CF issue (it's /56), I am now getting full speed on IPv6 and IPv4.

Happy to do a post with the settings for OPNsense on a CGNAT CF connection if it would help anyone.
 
Happy to do a post with the settings for OPNsense on a CGNAT CF connection if it would help anyone.

Would the settings be different for those not on CGNAT?


the person in this post used a /48 prefix delegation instead of /56

I'm looking at building an OPNsense router
 
Sponsored Links
After a bit of confusion on my part about the size of the IPv6 prefix that CF issue (it's /56), I am now getting full speed on IPv6 and IPv4.
CF IPv6 prefix delegation allocated is /48.

Glad you got it working, can you share a link to the hardware you purchased and speedtest results.
 
Would the settings be different for those not on CGNAT?


the person in this post used a /48 prefix delegation instead of /56

I'm looking at building an OPNsense router

That's useful, thanks.

I spent a bit of time messing around with subnet sizes in OPNsense for CF. /56 is what OPNsense says it was being given (see attached). If I set /48 as the prefix delegation size then I still get given a /56 but things like DHCP says the subnet is incorrect.

I don't know, but think its entirely possible that different customers will get a different prefix depending on the package (inc CGNAT) they are on.
 

Attachments

  • Capture.JPG
    Capture.JPG
    82.3 KB · Views: 34
/56 prefix delegation provides 256 /64 subnets, whereas /48 prefix delegation provides 65,536 subnets. Home users will typically use one /64 subnet, so plenty! If you have an advanced router such as OPNsense then you can delegate prefixes to each interface/VLAN.

Once it’s working not worth fiddling anymore.
 
CF IPv6 prefix delegation allocated is /48.

Glad you got it working, can you share a link to the hardware you purchased and speedtest results.

Definitely 56 - see post above? But's what's a few extra subnets. 256 is fine!

It is one of these https://www.aliexpress.us/item/3256805846674072.html I was lucky it arrived in just over a week.

Speeds normally around the 940Mbps - see attached for a good one :)
 

Attachments

  • speedtest.jpg
    speedtest.jpg
    31.4 KB · Views: 27
Would the settings be different for those not on CGNAT?


the person in this post used a /48 prefix delegation instead of /56

I'm looking at building an OPNsense router
Avoiding PF after the “free Plus” fiasco? :)
 
Avoiding PF after the “free Plus” fiasco? :)

Not bothered tbh. CE works fine and I have a Plus license for a while longer. Anyway on the CE version I think I've got it all working with Toob and IPV6. Just updated from 2.7 to 2.7.2 last night. Its not on my connection, mine is Virgin sadly.

May look at opnsense on a spare Dell R220/Sophos XG210 I have over Christmas
 
Top
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: None
  • UtilityWarehouse £19.99
    Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • NOW £23.00
    Speed 63Mbps, Unlimited
    Gift: None
  • Vodafone £24.00
    Speed 73 - 82Mbps, Unlimited
    Gift: None
  • Shell Energy £24.99
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Gigaclear £17.00
    Speed: 200Mbps, Unlimited
    Gift: None
  • Zzoomm £19.95
    Speed: 150Mbps, Unlimited
    Gift: None
  • YouFibre £19.99
    Speed: 150Mbps, Unlimited
    Gift: None
  • Community Fibre £20.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • BeFibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: £25 Love2Shop Card
Large Availability | View All
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored Links
The Top 20 Category Tags
  1. FTTP (5384)
  2. BT (3489)
  3. Politics (2494)
  4. Openreach (2275)
  5. Business (2221)
  6. Building Digital UK (2215)
  7. FTTC (2038)
  8. Mobile Broadband (1940)
  9. Statistics (1763)
  10. 4G (1639)
  11. Virgin Media (1589)
  12. Ofcom Regulation (1438)
  13. FTTH (1379)
  14. Wireless Internet (1377)
  15. Fibre Optic (1375)
  16. 5G (1215)
  17. Vodafone (1126)
  18. EE (1110)
  19. TalkTalk (927)
  20. O2 (914)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules