Forum Discussion
Home internet service IPv6 traffic is all filtered even when using a Netgear LTE router. No port forwarding. Plz fix!
My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast.
Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:
- Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
- Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
- Connecting to a VPN server hosted on the internet is unreliable and unstable.
- T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)
I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.
Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20.
Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.
T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.
djb14336 wrote:
Not sure you caught all that was posted in there.
I ran a generic search on a specific name (T-Mobile USA), which returned like a dozen unique ASN's.
That why no way encompasses the entirety of their organization's provisioned addresses.
Remember, they also just picked up all those Sprint assets as well, which also has over a dozen ASN's provisioned.
Just ONE ASN had over 12million v4 IP's reserved…
...as in provisioned for their exclusive use.
How many are actively in use, and how many could be repurposed is an important question.
For example, what if they flipped the scriotnonncell and home internet provisioning? Put all the cell/hotspots into the funky XLAT/CGN layer, and give all the vacated IP's to home internet.
Think about this for a moment…
Why is it sooo important to reserve all that super high speed bandwidth and port traversal capability for those mobile devices, as opposed to the home internet users? What is the rational for prioritizing north of 100-200mbps down and 20mbps up as well as a properly functioning network model for mostly single user device cell usage while denying such important things to a home NETWORK.
They very well COULD have set this up properly…
...but for whatever reason, they CHOSE to set it up this way.
They didn't HAVE too.
But they DO have to. They all HAVE to. T-Mobile put the money and time into switching to IPv6 long before they rolled out home internet. They didn’t do it just for fun. After doing so, when it came to home internet, I imagine their thoughts were: Everyone has to switch to IPv6. We are already where we need to be. Why do we want to roll back to IPv4 while our competitors.are still trying to switch their networks over to IPv6. In my opinion, the fact T-Mobile was able to switch IPv6 earlier than most, shows them as a leader. Since they have, most of my traffic is IPv6. And, like I said, please excuse me if I am assuming here, I don’t think your complaint is about IPv6. Your complaint is about not having inbound connectivity. And I agree with that complaint. But that is a different issue IPv6 or not.
Not sure you caught all that was posted in there.
I ran a generic search on a specific name (T-Mobile USA), which returned like a dozen unique ASN's.
That in no way encompasses the entirety of their organization's provisioned addresses.
Remember, they also just picked up all those Sprint assets as well, which also has over a dozen ASN's provisioned.
Just ONE ASN had over 12million v4 IP's reserved…
...as in provisioned for their exclusive use.
How many are actively in use, and how many could be repurposed is an important question.
For example, what if they flipped the script on fully functional cell over to home internet provisioning? Put all the cell/hotspots into the new funky and restrictive XLAT/CGN layer, and give all the vacated fully functional IP's to home internet.
Think about this for a moment…
Why is it sooo important to reserve all that super high speed bandwidth and port traversal capability for those mobile devices, as opposed to the home internet users? What is the rational for prioritizing north of 100-200mbps down and 20mbps up as well as a properly functioning network model for mostly single user device cell usage while denying such important things to HOME NETWORKS?
They very well COULD have set this up properly…
...but for whatever reason, they CHOSE to set it up this way.
They didn't HAVE too.
mobileman82 wrote:
Well that's tough cookies cuz that is what it's like to be a home internet provider in 2021. I wish I had somone who would come up with excuses for me everytime I mad poor choices at work.
I’m not making excuses. I’m just stating the reality of running out of IPv4 addresses. I’m sorry you don’t like reality. Being on an IPv6 network shouldn’t be a problem. However, if your real concern is you cannot have inbound connections, that I understand. Its a brand new service. Hopefully, T-Mobile is listening and working on that. In the meantime, there are workarounds. If you don’t want to use the workarounds until T-Mobile allows more flexibility, I would suggest you use another service until T-Mobile does.
Well that's tough cookies cuz that is what it's like to be a home internet provider in 2021. I wish I had somone who would come up with excuses for me everytime I mad poor choices at work.
djb14336 wrote:
IDK about that angle of them not having/not able to use IPV4.
A Basic dig on their ASN's shows they have a crap ton of IPV4 registered. Over 12 million on just ONE of their USA ID's (AS21928). Granted, some (like AS393494, that appears to be tied to TVision) only have 60-70k... but who is to say how much is actively in use, and how much could be repurposed?
But they DO in fact have and use IPv4. The question is why is it not implemented for home internet instead of the screwy XLAT464 crap.
Who knows why they still own these subnets. Owning them, however, doesn’t mean T-Mobile isn’t an IPv6 network. Indeed they are. They completed the transition years ago. XLAT464 is of course used for compatibility with IPv4. Some of these IP’s are needed for that. At any rate, let's just say they would make the decision to switch back to IPv4, these block’s of IP’s wouldn’t come close to the number of IP’s needed to support IPv4 for all the devices on their network. And the problem only gets worse as their network grows.
IDK about that angle of them not having/not able to use IPV4.
A Basic dig on their ASN's shows they have a crap ton of IPV4 registered. Over 12 million on just ONE of their USA ID's (AS21928). Granted, some (like AS393494, that appears to be tied to TVision) only have 60-70k... but who is to say how much is actively in use, and how much could be repurposed?
But they DO in fact have and use IPv4. The question is why is it not implemented for home internet instead of the screwy XLAT464 crap.
mobileman82 wrote:
You can still buy/rent IPV4 space. If Tmobile has that defeatist attitude this service wont sell well….
Maybe it won’t. Maybe they are counting on there being enough customers who don’t need inbound connectivity. Who knows. So far, they are on track with their home internet additions for the year. For me, I’m saving $720 a year with better speed. I don’t care about having to use a VPN to fix the inbound connection issue especially since, even with the VPN, that traffic is faster than what it was before. I agree: Its not ideal. But its a better solution than what I had with Comcast.
You can still buy/rent IPV4 space. If Tmobile has that defeatist attitude this service wont sell well….
mobileman82 wrote:
I don’t want a wifi hotspot I need “home internet” as this is sold. There is no real solution, only finnicky hacky workarounds such as VPN. Tmobile could have used Ipv4 if they wanted that is not even a question. Not supporting ipv4 breaks many critical components of the internet.
I’m not how you know Tmobile could have used ipv4. T-Mobile stopped using ipv4 on its network years ago. Spending the time and money to bring ipv4 back just for home internet customers probably didn’t make sense. Also, since the global internet is out of ipv4 addresses, I’m not sure where you think T-Mobile will be getting these ipv4 addresses to hand out to each customer. IPv4 still works with T-Moblie. It just cannot be used for inbound traffic.
I don’t want a wifi hotspot I need “home internet” as this is sold. There is no real solution, only finnicky hacky workarounds such as VPN. Tmobile could have used Ipv4 if they wanted that is not even a question. Not supporting ipv4 breaks many critical components of the internet.
