Monday, 14 May 2012

Meeting the standard - come on ISOC!

World IPv6 launch is very soon - a few weeks away, but if you look at the ISOC web site you see just two equipment vendors.

Yet there are some DSL CPE manufacturers out there who are really trying. Technicolor for one, but we also have Zoom and Billion with working routers, and others claiming to be working on IPv6 CPE. As an ISP we are shipping the techicolors and they are working (as well as any router does, i.e. with the odd quirk, but working with IPv6, thank you very much).

So why so few equipment vendors? Why not even FireBrick listed?

After all, the current range of FireBrick products has been developed with IPv6 from the start as part of the operating system design and every other level of networking and application. We do IPv6 as well as we do IPv4, so why are we not listed.

The problem is that for any equipment manufacturer, it is almost impossible to be 100% RFC compliant or pass a barrage of strict tests on the RFCs. This is the case for IPv4 and IPv6. I bet most equipment our there does not meet fully a complete compliance test for IPv4. And to be honest, do they need to? If they work well enough to be usable by almost all customers, and they are prepared to take bugs seriously, is that not good enough?

The view we have in FireBrick is that we want to be standards compliant as much as possible, but also to make a product that works well and does the job. If someone comes along and says we do not meet some RFC, and especially if they actually have a good reason why they need that (but even if they don't, in most cases) we'll upgrade the s/w (free of charge) to meet the RFC. There are some cases where we deliberately have options to work differently to the RFC, e.g. we were one of the first BGP routers to have an option to ignore badly formed transient attributes after bugs took down large parts of the Internet (since then,  this is now an RFC I believe). Where an RFC is vague, we work with customers to make sure we have the best way of working. We even have compliance options with some of the April fool's RFCs! This flexibility is key to making the FireBrick a swiss army knife of network appliances and allows a lot of clever stuff.

So, do we pass the formal testing that ISOC want for world IPv6 launch. Probably not 100%, to be honest, no yet. We may be inclined to give it a go. But do any of the home routers people use now pass the same level of testing for their IPv4 stack? I seriously doubt it - but that does not make them unusable.

I would hope that ISOC can consider listing vendors that have working implementations (as self declared) and a stated commitment to IPv6 support. This would cover many vendors that are taking IPv6 seriously, including FireBrick.

Come on ISOC - add us to the list please...


  1. I'd suggest getting the FireBricks submitted to the IPv6Forum testing cycle....there's even tools on their site that let you test compliance yourself.

    1. Indeed - but nobody expects the same hoops to be jumped through for IPv4 on these routers?

  2. Isn't this like when Google made it a hassle for AAISP to be accepted as a sturdy IPv6 provider (am I remembering correctly?)? While IPv4 was deployed in the pioneer spirit, I have formed the impression that a few elite groups are trying to "own" the rollout of IPv6 and won't accept anything less than their own unnecessary conditions.

  3. IMHO the standard for consumer grade routers has been way too low for way too long, so I welcome any push to improve things.

    I've got a bunch of Netgear wifi routers here that have *no* logging for PPPoE (you get a told the internet connection is down... nothing else - no idea if you got your password wrong or something else. Debugging connection problems on these is a job for tcpdump!) The same routers either hard lock-up or reboot when connected to a Fedora machine (it seems to do some UPNP broadcasts that the router doesn't like and causes it to crash). They exhibit various other bugs and "weirdness", such as spontaneously deciding not to talk to specific workstations. Even with the firewall completely disabled, it still often decides that completely legitimate traffic is malicious, logs the fact and starts dropping it. These routers also seem to mangle SIP traffic in a nonsensical way, making it very unreliable (lots of 1-way audio problems caused by the router mangling the SIP packets and changing the RTP port numbers that *don't* match what its NAT is doing).

    I've got a D-Link ADSL router that won't accept ADSL usernames longer than 16 characters - not much good for most UK ADSL logins since they are usually username@domain, which is way over 16 characters in most cases. The way to get this working is to backup the config to a file, hack it with a text editor and then upload it again.

    I have a TP-Link ADSL modem that is completely useless for ADSL2 - it won't retrain when the SNR changes. It connects at a nice high speed in the day, then as the SNR rises in the evening it won't automatically retrain down to a lower speed, you just see all the frames arriving as CRC errors and being discarded - the modem is perfectly happy that its synced, but you won't get any traffic through it until you manually disconnect/reconnect. TP-Link tell me that this is how its expected to work (or not work, as the case may be).

    Plenty of Linksys routers seem to struggle to NAT more than about 10 connections at a time - open too many connections and the old ones vanish.

    I'm sure there are some good consumer grade routers out there, but as the manufacturers don't tend to list "firmware is total crap" on their spec sheet it's quite hard to figure out which, and the life time of most of these devices is so short that once you've found one that works well, its replaced with a "new improved" one with all new bugs.

    1. Kind of my point here - the FireBrick is already way better than that on IPv4 and IPv6, but we have to jump through hoops to be listed.

  4. There are a bunch of lantiq-based ADSL routers which are now supported by OpenWrt. If you haven't looked at OpenWrt recently, it's *definitely* worth doing so.