I have used Zen Internet for my broadband service for over eight years and they have been very reliable and efficient. Zen are not a “bucket shop” cheap ISP but they are a good ISP!
The main reason that I use Zen is that they provide a /29 of IPv4 public addresses which means that I can have servers at home on the real public internet… however, IPv6 support has been available to all customers since August 2015 and I now wanted to enable this as well.
Limitations of IPv4
The IPv4 address space is limited to 32-bit addresses and as most people know was invented back in the 1970s before the internet boom and everybody wanting a bit of IP address space.
With Zen’s IPv4 implementation the /29 they give you provides 5 usable addresses since one is lost as the subnet/network address, one is used as the broadcast address and one is used by the router itself.
As IPv4 is running out it is clearly time to switch to IPv6.
Zen IPv6 support
Zen are providing each customer with a complete /48 prefix – this allows you to have millions of machines with millions of addresses! Yes, you effectively can have 65536 separate routed networks or subnets each with a 64-bit address space aggregated (routed) over your FTTC or FTTP connection.
First, you need to get Zen to enable IPv6 for you, to do this send an email to firstname.lastname@example.org entitled “Request for IPv6” and provide your Zen details (phoneline and zen123456@zen login name) where 123456 is the 6-digit number that you use on your Zen connection.
You should get an email back within 48 hours with your Neighbour Detection (ND) address/netmask and your Prefix Delegation (PD) address/netmask.
Once you have this information you’re set to go with IPv6… this rest of this article is about configuring a Cisco 887VA router in “dual stack” (IPv4 and IPv6) mode.
Dual stack IPv4 and IPv6 operation
With your IPv4 address space your router is effectively “flattened” since the router doesn’t have an “outside” address on a point-to-point connection with a /30 or /31 sub-set and a separate IP address range for the “inside”. Instead the router configuration uses a trick to combine the IP address assigned to the Ethernet interface with the IP address used on the PPPoE connection.
With IPv6 you get an IP address on the “outside” and a set of addresses for the “inside” – here’s how it works:
Neighbour Discovery (ND) address range
The Neighbour Discovery (ND) address range is, in IPv6 terms, a single subnet or /64 over which the PPPoE between your router and Zen runs – this is effectively on the “outside” or WAN side of your router and looks like this:
Prefix Delegation (PD) address range
The Prefix Delegation (PD) address range is the IPv6 that Zen delegate you you for use on your network(s) and in my case looks like this:
Configuring your Cisco 887VA
I am going to assume that you have basic connectivity already established using your 887VA in VDSL mode, in summary this means that:
- you are running IOS 15.4(3)M4 on the router
- you have the ATM0 controller shutdown
- the VDSL is on the Ethernet0 controller
- your using Ethernet0.101 as 802.11.1q VLAN 101 with BT Wholesale
- you have PPPoE enabled in client mode on Dialler1
- you have interface VLAN1 configured with your IPv4 address/netmask
- you are connected to the internet
Upgrade your firmware
If you’re not already running IOS 15.4(3)M4 on your 887VA stop and upgrade it first. Several earlier releases of IOS didn’t have DHCPv6 working correctly and this is a requirement for this configuration.
- Obtain the IOS image from your CCO login (or elsewhere on the internet)
- Place the IOS image on a TFTP server
- Use the exec command “copy tftp: flash:” and fill in the blanks
- Add the line “boot system flash c880data-universalk9-mz.154-3.M4.bin” to your configuration to ensure it boots the right image
Enable IPv6 on the router
Add the following global configuration items:
! ipv6 source-route ipv6 unicast-routing ipv6 cef ipv6 multicast-routing ipv6 multicast rpf use-bgp !
Enable IPv6 on VLAN1 interface
Update your VLAN1 interface to include the IPv6 settings shown below (but use your addresses; not mine):
! interface Vlan1 description *** Zen internet /29 at TubbyLand(tm) *** ip address 82.68.xx.xx 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress no autostate ipv6 address 2A02:8010:7010::1/64 ipv6 address ZEN-PD ::/64 ipv6 enable !
Enable IPv6 on Dialer1 interface
! interface Dialer1 description *** PPP dialler interface for Zen *** ip unnumbered Vlan1 ip access-group 101 in ip access-group 102 out encapsulation ppp dialer pool 1 dialer-group 1 ipv6 address FE80::1 link-local ipv6 address ZEN-ND 2A02:8010:700F::/64 ipv6 address ZEN-PD 2A02:8010:7010::/64 ipv6 enable ipv6 mtu 1500 ipv6 tcp adjust-mss 1440 ipv6 dhcp client pd ZEN-PD ppp authentication chap callin ppp chap hostname zen<Zen number>@zen ppp chap password 7 <hidden password> ppp direction callout ppp ipcp dns request no cdp enable !
Add IPv6 default route
Add the default route via Dialler1 interface:
! ipv6 route ::/0 Dialer1 !
Add additional IPv6 routes (optional)
Add static routes to other parts of your infrastructure, networks, etc. for example this adds my whole internal network ‘2600’ via a firewall whose outside address is 2a02:8010:7010::666 and connectdd to VLAN1 (ie. the “outside”):
! ipv6 route 2A02:8010:7010:2600::/64 2A02:8010:7010::666 !
Test your new connection
Perform some IPv6 connectivity tests:
Ping Google from the router
router-zen#ping ipv6.google.com Translating "ipv6.google.com"...domain server (220.127.116.11) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A00:1450:4009:80A::200E, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/20 ms router-zen#
Ping an internal host from the router
router-zen#ping ipv6.tubby.org Translating "ipv6.tubby.org"...domain server (18.104.22.168) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A02:8010:7010::1010, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms router-zen#
Ping Google from an internal host
root@public:/etc/init.d# ping6 -n ipv6.google.com PING ipv6.google.com(2a00:1450:4001:804::1008) 56 data bytes 64 bytes from 2a00:1450:4001:804::1008: icmp_seq=1 ttl=52 time=26.3 ms 64 bytes from 2a00:1450:4001:804::1008: icmp_seq=2 ttl=52 time=26.2 ms 64 bytes from 2a00:1450:4001:804::1008: icmp_seq=3 ttl=52 time=26.0 ms 64 bytes from 2a00:1450:4001:804::1008: icmp_seq=4 ttl=52 time=25.9 ms ^C --- ipv6.google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 25.967/26.168/26.383/0.205 ms root@public:/etc/init.d#