Recently signed up, but now wondering again if my setup will be supported?

[josephtgarcia]

Hi all, so I'm currently on AT&T fiber which is alright but monthly billing is high thus my search for something else which led me to Sonic. When I pre-ordered, I asked the salesman if my set up would be supported (which I don't think is anything too crazy/out of the ordinary) and he confirmed it would be fine. My fiber live date is November '23, so it's coming up but now I'm wondering once again if everything will actually work.

My set up right now is:
AT&T ONT <-> AT&T Router <-> Ubiquiti EdgeRouter 4 <-> Juniper EX2200-C

The AT&T Router is set up in passthrough mode, so my ER4 is doing all the work. Up until a day or two ago, I was strictly on IPv4 and this set up has been working perfectly for me. Will this set up still work when or if I switch over to Sonic? Personally, I do not want this to change.

Also, a few more questions assuming my set up will work... are the IP's dynamic or static? If dynamic, how often do they change? What size subnet is provided for IPv6? This one came up over this weekend that is giving me trouble as currently I'm getting a /64 v6 subnet from AT&T and they were looking to charge me extra for a larger subnet.

Anyway, thanks in advance~

[jerrielm]

Hi all, so I'm currently on AT&T fiber which is alright but monthly billing is high thus my search for something else which led me to Sonic. When I pre-ordered, I asked the salesman if my set up would be supported (which I don't think is anything too crazy/out of the ordinary) and he confirmed it would be fine. My fiber live date is November '23, so it's coming up but now I'm wondering once again if everything will actually work.

My set up right now is:
AT&T ONT <-> AT&T Router <-> Ubiquiti EdgeRouter 4 <-> Juniper EX2200-C

The AT&T Router is set up in passthrough mode, so my ER4 is doing all the work. Up until a day or two ago, I was strictly on IPv4 and this set up has been working perfectly for me. Will this set up still work when or if I switch over to Sonic? Personally, I do not want this to change.

Also, a few more questions assuming my set up will work... are the IP's dynamic or static? If dynamic, how often do they change? What size subnet is provided for IPv6? This one came up over this weekend that is giving me trouble as currently I'm getting a /64 v6 subnet from AT&T and they were looking to charge me extra for a larger subnet.

Anyway, thanks in advance~

Hello Joseph!

To my understanding, your setup should work. You would be replacing the AT&T ONT with ours but the AT&T router might be different. Our ONTs don't need special permissions to use so, if my understanding of your setup is correct, hooking our ONT straight to your edgerouter is the only change to your setup you might have.

IPs are Dynamic and can change at random. Most of the time this is done by restarting the router or ONT. Leaving these off for an extended time can also make the IP address change. We do provide IPv6, with a /56 prefix.

Let me know if you have any other questions or if i missed something.

S/F
-Jerriel

[mgoldburg]

Sonic provides a /56 per this.

ATT BGW gateways hand out up to eight /64 prefixes with the base residential service at no extra cost. Don't know about your ER, but there's no clean way to get multiple prefixes in this manner on UniFi gateways (UDM, etc.). No idea why ATT chose this non-standard approach rather than handing out a /61 which would be subnetted to /64s by the subscriber's router.

I'm running this recipe on pfSense+ behind a BGW. The original version is here. It's working well. Maybe there's a way to adapt it for the ER.

[josephtgarcia]

@jerrielm thanks, that's really helpful and eases me a lot haha. I'm glad I should be good to go once everything is set up! I had a follow up question about the subnet size for IPv6, but @mgoldburg answered, so a /56 will be great to have and provided extra info that will likely be helpful when I re-try setting up IPv6 once I'm officially on Sonic.

Thank you both for the prompt replies, I really appreciate it!

[jerrielm]

Sonic provides a /56 per this.

ATT BGW gateways hand out up to eight /64 prefixes with the base residential service at no extra cost. Don't know about your ER, but there's no clean way to get multiple prefixes in this manner on UniFi gateways (UDM, etc.). No idea why ATT chose this non-standard approach rather than handing out a /61 which would be subnetted to /64s by the subscriber's router.

I'm running this recipe on pfSense+ behind a BGW. The original version is here. It's working well. Maybe there's a way to adapt it for the ER.

Dope! Thanks for that info!

@jerrielm thanks, that's really helpful and eases me a lot haha. I'm glad I should be good to go once everything is set up! I had a follow up question about the subnet size for IPv6, but @mgoldburg answered, so a /56 will be great to have and provided extra info that will likely be helpful when I re-try setting up IPv6 once I'm officially on Sonic.

Thank you both for the prompt replies, I really appreciate it!

You are welcome! Happy to help where I can. Thank you again Mgoldburg for the assist!

[daniel15]

a /56 will be great to have and provided extra info that will likely be helpful when I re-try setting up IPv6 once I'm officially on Sonic.

It works well.

My previous router (a TP-Link ER8411) doesn't support IPv6 well, and doesn't even have an IPv6 firewall (every IPv6 host will be exposed publicly!), so I had to switch router. I'm now using a small form factor PC running Proxmox, with OpenWrt running in a VM. It's working well! OpenWrt picks up the /56 from Sonic and splits it into separate /60 subnets for VLANs (e.g. I have "smart" devices firewalled on a separate VLAN to my trusted devices).

It's unfortunate the range is dynamic though, as it negates one of the benefits of IPv6.

[josephtgarcia]

a /56 will be great to have and provided extra info that will likely be helpful when I re-try setting up IPv6 once I'm officially on Sonic.

It works well.

My previous router (a TP-Link ER8411) doesn't support IPv6 well, and doesn't even have an IPv6 firewall (every IPv6 host will be exposed publicly!), so I had to switch router. I'm now using a small form factor PC running Proxmox, with OpenWrt running in a VM. It's working well! OpenWrt picks up the /56 from Sonic and splits it into separate /60 subnets for VLANs (e.g. I have "smart" devices firewalled on a separate VLAN to my trusted devices).

It's unfortunate the range is dynamic though, as it negates one of the benefits of IPv6.

Ooh shoot, I'm glad I came back to look at this again. I just had that router on my shopping cart as a possible option. I may look into using a VM, I have esxi running on a Dell T30 with a handful of VM's. I think I'm barely hitting 5 or 10% of that server's resources so I'll have to experiment with OpenWrt, Opnsense, or other alternative and see how it goes. Time to look for 10G NIC's now.

[daniel15]

Ooh shoot, I'm glad I came back to look at this again. I just had that router on my shopping cart as a possible option. I may look into using a VM, I have esxi running on a Dell T30 with a handful of VM's. I think I'm barely hitting 5 or 10% of that server's resources so I'll have to experiment with OpenWrt, Opnsense, or other alternative and see how it goes. Time to look for 10G NIC's now.

TP-Link just added an IPv6 firewall in the latest firmware beta: https://community.tp-link.com/en/busine ... pic/636166. I switched back to my ER8411 and installed the beta firmware. IPv6 is working great now!

The one tricky thing is allowing incoming connections over IPv6. I want to be able to reach my home server via its public IPv6 address. The usual solution is that the IPv6 range is statically assigned, so you can just hard-code the IPs in firewall rules. Unfortunately, Sonic's IPv6 /56 range allocation is dynamic and changes whenever you reconnect, so this doesn't work.

The ER8411's firewall doesn't provide a way of specifying dynamic destination addresses for rules. However, I'm using an Omada software controller, and TP-Link have a local (non-cloud) API for it, so I'm going to try to update the firewall via the API (i.e. when my server detects that its IPv6 address is different, call the API to update the firewall rule's IP address in addition to updating my dynamic DNS for the server's hostname).

OpenWrt works great. On a Core i5-9500, it was using less than 15% CPU when I was running a speed test reaching ~8.3Gbps. I posted some screenshots over here: viewtopic.php?p=63199#p63199

OpenWrt also lets you create firewalls just based on an IPv6 suffix, which solves the issue of allowing inbound connections to a server even when the IPv6 prefix changes, as long as the end of the server's IPv6 address remains the same.