1 Like
Summerlin Foundation resting on its laurels. Needs to get in gear. 
2 Likes
Too busy making money on my AI projects. 
1 Like
Is that AI money as in virtual? 
For tax purposes, virtual.
AI = Augmented Income?
1 Like
…or Artificial Income
2 Likes
This seems more likely.
1 Like
Like the interest I get from my Navy Federal Credit Union money market saving account that I have to then pay taxes on. The money that was put in the account was already taxed. 
1 Like
Just like buying a used car (here in Canada, not sure down-south), you pay tax on something that was already taxed when it was bought by t he original owner 
Well yeah, you don’t get rich by paying for stuff
Most states here you then pay an annual tax on it too.
I just couldn’t, but I managed to solve the mystery. It turns out that neither Rogers or Nokia are throttling the router via MAC address. It has everything to do with IPv6. This is what I found on Rogers forum: Solved: Re: Nokia Fastmile 5G Gateway 3.2 and 3rd Party Me... - Page 2 - Rogers Community
It turns out I have two options. Option one as we discussed, connect my Mac directly to the Nokia and have the router run at 35/10 speed or option two, put my Eero in a bridge/AP mode as it doesn’t support IPv6 passthrough (I tested this and the speed goes back to 100/10)
What would you recommend?
Odd, I read through the last few posts, not clear to me why IPv4 will work at 1/3 the download speed, I still interpret it as some sort of ISP imposed limitation (probably intentional maybe not) and someone discovering that IPv6 passthrough mode is a workaround to make their router not realize you are running a router.
Out of curiosity if you disable IPv6 on your hardwired Mac (or maybe in the Nokia) does the speed drop to the Mac?
The only difference between IPv6 native and passthrough is which device provides the IP and other configs to the clients. In passthrough mode, the Nokia handles all of it, where in native mode the Eero becomes involved. So if native mode has a speed drop, it would imply that the Nokia is seeing that it did not hand out the IP, thus the device must be coming through a router. So my guess is someone has just stumbled upon a workaround for their throttling.
You could give it a try in native mode on your Eero just to see what it does (assuming Rogers supports proper IPv6 Prefix Delegation for Native mode, I guess that’s a big assumption, but Comcast does). If speed is still throttled, I guess we go back to the original question, how much do you trust the firewall and security in the Nokia (especially if you leave IPv6 enabled, IPv6 really relies on the firewall since there is no hide NAT)?
If you have the time and desire, I’d test the Mac with IPv4 only connected direct and then the Eero with IPv6 native, just to see. If both are throttled, personally I’d probably stick with your original plan of having the Mac connected directly (make sure you have a decent firewall on the Mac which I’m assuming you do) and let the stuff going via the eero get throttled, since it is unlikely you’ll need the higher speeds there. You’re still getting to take advantage of the full speed with your Mac, so aren’t really losing out per se.
If every device behind the Eero had a firewall and good security then I’d say go for it, but obviously you have IOT devices etc which do not fall into that category.
Funny thing is, that statement from Rogers about 646 NAT/XLAT blocking inbound connections would not apply to devices getting IPv6 IPs from them. So that’s pretty misleading too. I suppose they probably have the firewall in the Nokia set to block all inbound IPv6 connections, but that doesn’t mean nobody can attempt to port scan it like they claimed.
If you do leave IPv6 enabled for the Mac to get full speed, but it doesn’t benefit the eero at all, may want to disable it on the Eero, I guess it is a matter of preference, not sure if it will confuse the Wyze or any other IOT devices, but if it isn’t giving any benefit, it is a smaller attack surface to have it disabled.
Unfortunately I don’t think I can disable IPv6 on the Mac. I only have three options, Automatic, Manual and Link-Local Only. When I disable IPv6 on the Nokia the speed doesn’t change on the Mac.
Also, I tried having IPv6 on and off on both the Nokia and the Eero with no difference in speed.
That is where I am leaning too, just wanted your opinion.
Funny thing happened. Out of curiosity I enabled IPv6 on my Eero at the cottage to see what would happen. My cams loaded instantly, if I turn it off they take few seconds. Is this really happening or am I imagining things
Thanks for your time.
EDIT: Oh one more thing, should I turn the firewall off on the Nokia?
Link Local only is basically the same as disabling it. It won’t get used for internet in that case. But if you disabled it on the Nokia, that’s effectively the same test. So it seems it isn’t anything to do with IPv6 per se - just that someone stumbled on a workaround to make the Nokia not realize a router was in use (passthrough IPv6 which basically hides the router from it).
Yeah seems like it is more when the nokia detects a device is a router (through whatever means they’re using) it is throttling, not anything to do with the IP version in use. Could be wrong but based on your tests it seems that way.
I’m not even sure the cams support IPv6, but I guess at this point they probably do. It is possible that in your setup it will benefit a bit, since on IPv6 you aren’t having to go through the multiple layers of NAT including the carrier’s which could very well be on some overloaded device. Or it could just be that when you enabled IPv6 you reset all the connectivity, cleared out connections, and the first fresh one seemed faster, then when disabling it the cams had to give up on IPv6 and fail back to v4 which took a bit. If it seems consistently faster, you may consider running IPv6 on the Eero, if there are two firewalls in the path (nokia and eero) that should be sufficient security.
The only time I consider running IPv6 for someone is when they’re using an ISP that does carrier NAT (like 646 in your case) in IPv4 but gets direct public IPv6 addresses. But even then, I only do it if there is a compelling reason, usually they are a gamer or need inbound connections. But in your case, if the performance/responsiveness of not having all the NATs seems better, that may be compelling.
I would leave it on, unless you’ve noticed a significant performance improvement with it off, or it causes some other issues. That way your Mac has 2 layers of protection and so do the devices behind the Eero (or 3 for ones that have a firewall on the device itself too). If you ever did want an inbound IPv6 connection for remote access or whatever, you’d just need to add it in both the Nokia and Eero (or Mac firewall etc).
I am curious. I disable ipv6. I didn’t see any need for it.
Are you saying there are advantages to leaving ipv6 enabled? Such as speed?
I am always looking to optimize and to learn.
Thanks.
In this case the thought was that they were throttling IPv4 traffic but letting IPv6 run at full speed (or perhaps their IPv4 to IPv6 NAT infrastructure was overloaded), but doesn’t seem to be the case after all.
Normally, IPv6 won’t give you any performance increase. There are fringe cases where a company has a separate server/load balancer handling IPv6 traffic, or it just happens to take a shorter route through the internet, where people may be able to measure a slight performance difference. But for every one of those cases, you can find a different case where the IPv4 path is faster (or the IPv6 path has issues, as has happened many times with Comcast’s email and DNS). 6 of one, half dozen of the other as they say.
The only time it gives a consistent benefit is if your ISP uses carrier NAT like many of the wireless and newer small fiber ISPs do. If you have a gaming system or other things that rely on uPNP inbound connections to work right, or if you need static inbound connections for VPN or other reasons, then IPv6 is a solution for that, assuming the carrier isn’t blocking inbound connections on IPv6. But as I mentioned also, if the carrier’s IPv4 NAT box is overloaded or just slow, bypassing that (and the multiple other layers of NAT) could yield a latency improvement that can be noticeable, which might explain what @habib was seeing with cameras loading faster (it also could have been a fluke).
Personally, on my FIOS connection that uses public IPs and no NAT (other than the hide NAT my router does) I leave IPv6 disabled. I see no consistent performance difference with it enabled and IPv6 relies more heavily on your router’s firewall, there isn’t that hide-nat “safety net” there like IPv4 has.
So I guess, long story short, unless your ISP uses carrier NAT (either IPv4 CGNAT or 646 etc), probably no reason to enable it and potentially increase your attack surface.
1 Like
You are probably right as whenever I disable/enable IPv6 Eero needs a reboot, Nokia OTOH does not which I find it weird.
Thank you kindly sir, I appreciate all your help.
EDIT: Earlier you mentioned an outbound or inbound VPN to help with Rogers throttling streaming services. Would something like this be the cure:
Possibly, they could be blocking/throttling VPN protocols. You also have to keep in mind that Netflix and Prime and others are getting more and more aggressive with ensuring you aren’t trying to subvert their limits, however if you do a VPN to your main home where you typically use those services, they should not know so it should be ok.
Doesn’t look like the eero has any site to site VPN functionality (client or server). If you want to test it out before buying a dedicated pair of boxes, you could dig out an old router and see if it supports VPN server functionality, then put it on your main home network behind the eero. You can do the same with a computer that is always on, and install a software VPN server on it. You’ll need to forward the necessary ports to it, and make note of your home WAN IP.
Then at the cottage you can use a software VPN client on your Mac to connect to the home WAN IP (assuming your home ISP doesn’t change it on you frequently). If it connects successfully, then you can do a speed test, try Netflix, etc. As long as they aren’t blocking or throttling VPN, that should bypass all their restrictions. Latency may be a tad higher depending how far away your house is but probably not a huge difference.
If that all works, then you can get a pair of hardware VPN boxes, and probably need to set up a dynamic DNS service (some of the hardware VPN boxes may include that, if not there are free ones out there). That way when your home WAN IP changes, it can still reconnect automatically using hostname.
Of course with free returns you could just buy a set of hardware boxes and return them if they don’t work, if you don’t want to go through the trouble of testing with software ones.