Have Virgin Media enabled IPv6? Sort of…

James White
4 min readMay 14, 2021

--

Virgin Media have historically not been in a rush to deploy IPv6. More recently I created this little website as a bit of a fun, because the IPv6 story with Virgin Media is long and complicated. However something interesting was discovered recently by Luke Granger-Brown (@lukegb) on Twitter. Virgin Media might have technically deployed some form of IPv6 for a while but it has been hiding in plain sight!

Luke’s tweet around IPv6 connectivity.
Luke showing test-ipv6.com results as 10/10 with a manually configured IPv6 address from a valid Virgin Media IPv6 subnet.

I happened to notice evidence of at least some IPv6 back in December 2020. I discovered it by accident. When I changed a kernel parameter on my OpenWrt router, I suddenly noticed two IPv6 routes in my routing table.

Doing a quick WHOIS, I was surprised when they came back as Virgin Media. The following routes were added to my router:

  • 2a02:8800:f000:18b0::/64
  • 2a02:88fd:18:a::/64

These were picked up from router advertisements that have been technically present for a while but just not really visible unless you know where to look.

In order to reveal these router advertisements I had to change the kernel parameter accept_ra, specifically /proc/sys/net/ipv6/conf/eth1.2/accept_ra. In my case eth1.2 is the WAN interface on my router for Virgin Media, accept_ra needs to be set to 2 to reveal these routes. This confirmed that there is in fact some IPv6 activity on the WAN side.

These can be seen as subnets part of Virgin Media AS number 5089 and announced v6 prefixes: https://bgp.he.net/AS5089 from 2a02:8801::/32 and 2a02:8880::/25.

Luke however has done a bit more digging than I did when I last looked at it and found a few more interesting areas around the unofficial IPv6 connectivity that’s available.

The first prefix appears to be some form of internal/management network as Luke reports these addresses give administratively denied responses when routing to the internet. The latter does appear to be a publicly routed subnet and if you manually assign yourself a valid IPv6 address within the subnet routed, you can in fact get IPv6 connectivity as per the test-ipv6.com result.

Luke also notes from their post on Reddit:

  • No IPv6 direct peering with Cloudflare (the traffic goes via Telia instead)
  • Comcast IPv6 is completely inaccessible at the moment (although this might be just transient, apparently Liberty Global were having some “difficulties” configuring their networking equipment earlier…)

Luke’s tests were on Virgin Media Business and I’ve also tested this on the residential side. Virgin Media Business is technically a different service but likely still uses the same core network.

We are both using modem mode. It is interesting this is available in modem mode as the latest information available around IPv6 suggested Virgin Media would deploy IPv6 using DS-Lite and modem mode was not going to be supported for their IPv6 configuration. Here however it at least confirms it’s not exactly far away from dual stack.

This is what the router advertisements look like from tcpdump:

tcpdump: listening on eth1.2, link-type EN10MB (Ethernet), capture size 262144 bytes
00:00:00.000000 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 80) fe80::201:5cff:fe9c:2847 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 80
hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 9000s, reachable time 3600000ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a02:8800:f000:18b0::/64, Flags [onlink], valid time 2592000s, pref. time 604800s
0x0000: 4080 0027 8d00 0009 3a80 0000 0000 2a02
0x0010: 8800 f000 18b0 0000 0000 0000 0000
prefix info option (3), length 32 (4): 2a02:88fd:18:a::/64, Flags [onlink], valid time infinity, pref. time infinity
0x0000: 4080 ffff ffff ffff ffff 0000 0000 2a02
0x0010: 88fd 0018 000a 0000 0000 0000 0000

Note that the managed flag is present but as there is no DHCPv6, your router won’t really do anything by default. It is suspected that Virgin Media may be filtering DHCPv6 traffic out to prevent any IPv6 connectivity from being configured automatically.

It is however important to note that this is something that Virgin Media likely do not expect their customers to be playing with as you’ll need a router that can pick up the Router Advertisements (which will likely not be revealed without specific configuration) and then doing some manual configuration yourself as there is no prefix delegation or response from DHCPv6. Likewise manually assigning an IPv6 address like this isn’t necessarily a good idea as the address technically might not be actually “yours” without a proper prefix being delegated, so sorry Virgin Media network engineers if they are suddenly wondering why two customers are pushing IPv6 traffic from random locations and IPv6 addresses! It is highly possible this will be turned off if Virgin Media realise it has been discovered.

Another interesting point to note is the router advertisements don’t seem to be visible to everyone. It is hard to verify given you actually need to essentially force the RAs to be visible to your router anyway, but I’d expect this to be deployed across the live network, rather than selective unless there is specific filtering occurring via MAC address or similar.

Whether or not this is a sign of a pending IPv6 rollout, I’m sceptical. I believe this IPv6 configuration has in fact been present for sometime now but just not really visible. Equally, speaking with a Liberty Global employee within the networking side, they seem to suggest this isn’t anything new. I get the impression that while Virgin Media still won’t deploy IPv6 to its customers officially, their engineers have in fact got a IPv6 network likely ready to go and it just needs “turning on”.

--

--

James White

I'm a web developer, but also like writing about technical networking and security related topics, because I'm a massive nerd!