Is Virgin Media traffic shaping protocol 41 (6in4 IPv6)?

Virgin Media logo

Setting up the test

Because my Linode VPS already has native IPv6, I have made some changes to the typical default configuration. Mainly not wanting the default IPv6 gateway to be Hurricane Electric, so I am overriding the default routes, with a separate route command with a numeric metric value that’s greater than the default IPv6 route from Linode, so it’s not used by default. This allows me to have the tunnel configured, but without sending all IPv6 traffic through it, which is what I want.

  • he-ipv6 — Sit tunnel interface, default IPv6 gateway overridden

Testing methodology

A lot of the tests carried out by other Virgin Media customers were mainly IPv6 HTTP speed tests in a web browser and traceroute analysis. HTTP speed test websites in a browser aren’t really going to be possible on this VPS for two reasons:

  1. IPv6 speed tests can be quite wild and inconsistent based on previous experience with 6in4, so I’m going to avoid them for the test.
Speed test result of Linode native IPv6

Testing the 6in4 IPv6 performance

Here are the results of the 1GB download test comparing the Linode VPS and my Virgin Media connection with 6in4 IPv6 deployed.

[root@web ~]# curl -6 --interface eth0 http://ipv6.download.thinkbroadband.com/1GB.zip -o tb_1GB.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 64.4M 0 0:00:15 0:00:15 --:--:-- 63.1M
[root@web ~]# curl -6 --interface he-ipv6 http://ipv6.download.thinkbroadband.com/1GB.zip -o tb_1GB.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 77.3M 0 0:00:13 0:00:13 --:--:-- 87.3M
root@linksys-wrt3200acm:~# curl -4 http://ipv4.download.thinkbroadband.com/1GB.zip -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 13.1M 0 0:01:17 0:01:17 --:--:-- 13.2M
root@linksys-wrt3200acm:~# curl -6 http://ipv6.download.thinkbroadband.com/1GB.zip -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 1587k 0 0:11:00 0:11:00 --:--:-- 1657k
HTTP IPv6 speed test through Think Broadband on my Virgin Media connection

Bonus IPv6 test with Mullvad

More recently I configured a Wireguard client connecting to Mullvad (which has IPv6 support) because I was curious about the outcome. With Mullvad their IPv6 is using NAT66, so you only get a single /128 ULA address to use on the client side, but it’s enough to test IPv6 here. Here’s the same download test using Mullvad with Wireguard on the same router, same connection, same test, just a different protocol (IPv6 over UDP).

root@linksys-wrt3200acm:/tmp# curl -6 --interface wg http://speedtest.tele2.net/1GB.zip -o /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1024M 100 1024M 0 0 11.5M 0 0:01:28 0:01:28 --:--:-- 11.2

iperf3 tests

Using iperf3 the story is also quite clear. Here I used a public iperf server to test both IPv4 and IPv6 with reverse mode.

Connecting to host bouygues.iperf.fr, port 5201
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local 82.xx.xx.xxx port 38146 connected to 89.84.1.222 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 11.5 MBytes 96.8 Mbits/sec
[ 5] 1.00-2.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 2.00-3.00 sec 12.7 MBytes 106 Mbits/sec
[ 5] 3.00-4.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 4.00-5.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 5.00-6.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 6.00-7.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 7.00-8.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 8.00-9.00 sec 13.3 MBytes 112 Mbits/sec
[ 5] 9.00-10.00 sec 13.3 MBytes 112 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.05 sec 139 MBytes 116 Mbits/sec 4 sender
[ 5] 0.00-10.00 sec 131 MBytes 110 Mbits/sec receiver
iperf Done.
Connecting to host bouygues.iperf.fr, port 5201
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local 2001:470:xxxx:xx::2 port 35558 connected to 2001:860:deff:1000::2 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 1.62 MBytes 13.6 Mbits/sec
[ 5] 1.00-2.00 sec 1.44 MBytes 12.1 Mbits/sec
[ 5] 2.00-3.00 sec 1.93 MBytes 16.2 Mbits/sec
[ 5] 3.00-4.00 sec 1.42 MBytes 11.9 Mbits/sec
[ 5] 4.00-5.00 sec 1.79 MBytes 15.0 Mbits/sec
[ 5] 5.00-6.00 sec 1.56 MBytes 13.1 Mbits/sec
[ 5] 6.00-7.00 sec 1.82 MBytes 15.2 Mbits/sec
[ 5] 7.00-8.00 sec 1.30 MBytes 10.9 Mbits/sec
[ 5] 8.00-9.00 sec 1.52 MBytes 12.8 Mbits/sec
[ 5] 9.00-10.00 sec 1.31 MBytes 11.0 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.08 sec 16.9 MBytes 14.1 Mbits/sec 58 sender
[ 5] 0.00-10.00 sec 15.7 MBytes 13.2 Mbits/sec receiver
iperf Done.
Reverse mode, remote host bouygues.iperf.fr is sending
[ 5] local fc00:bbbb:bbbb:bb01::1:611c port 34967 connected to 2001:860:deff:1000::2 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 8.16 MBytes 68.5 Mbits/sec
[ 5] 1.00-2.00 sec 12.1 MBytes 101 Mbits/sec
[ 5] 2.00-3.00 sec 12.1 MBytes 101 Mbits/sec
[ 5] 3.00-4.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 4.00-5.00 sec 12.6 MBytes 105 Mbits/sec
[ 5] 5.00-6.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 6.00-7.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 7.00-8.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 8.00-9.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 9.00-10.00 sec 11.6 MBytes 97.1 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.06 sec 124 MBytes 104 Mbits/sec 2 sender
[ 5] 0.00-10.00 sec 119 MBytes 100 Mbits/sec receiver
iperf Done.

Possible theories on what could be happening

Because Virgin Media have consistently denied there is no traffic management of protocol 41 going on, there is no mention of this in their official traffic management policy or any mention of IPv6 tunnels specifically, we have to look at other potential possibilities.

  1. The Super Hub 3. It’s well known within the Virgin Media community that the Super Hub 3 (The CPE router/modem provided by Virgin Media) suffers from latency and performance issues because of the bugs within the Puma 6 SoC. Intel even officially acknowledged the issues with an advisory, it’s possible that 6in4 is being hampered by these issues in the SoC, but in my own personal experience I have experienced the same performance issues on the first version of the Super Hub (you know, the one that doesn’t do dual band wireless) in modem mode. So I’m not sure the Super Hub 3 is entirely the problem but it certainly won’t be helping either.
  2. Are Hurricane Electric throttling tunnels based on their usage? After all, it is a free service right? Well, they aren’t. I received an official acknowledgement of this from one of their engineers. The only policies in place are filtering SMTP and IRC to prevent abuse, but otherwise there is no shaping or traffic management occurring.
  3. Is my tunnel on my Virgin Media connection misconfigured? My router is running OpenWrt and have my IPv6 tunnel on the wan6 interface where the /48 prefix is delegated across my LAN (br-lan), as far as I know, I have followed the configuration recommended by documentation from OpenWrt and other sources and it is working correctly. 10/10 on test-ipv6.com etc. The default MTU when configuring 6in4 with OpenWrt is 1280, which is a little low, so increasing this to 1480, may help a bit (if not already set), but it isn’t a magic bullet.
  4. Virgin Media are traffic shaping but either the forum staff who have previously stated they aren’t are either generally not aware or being deceptive about it. I really hope it isn’t the latter, as that’s pretty shady if it’s the case. Really, only Virgin Media’s network/engineering team would be able to confirm it, but I don’t think we’ll get a response from someone in that part of the company officially in the public domain. There’s also the chance that there is a disconnect (ha, get it?!) between the forum staff and other parts of the company e.g. if the request didn’t get to the right department from within Virgin Media to answer the question.

My personal thoughts on the issue

Based on my findings and looking at this issue it shows that this seems to be specific to 6in4 traffic. Encapsulating 6in4 itself over UDP doesn’t seem to have the same performance problems. So the problem appears to be when the Client IPv4 Address of the tunnel is pointing to a Virgin Media IP address and it’s 6in4 traffic specifically. The obvious conclusion would suggest a shaping issue or how this traffic is being treated within the Virgin Media core network, but there could also be evidence to suggests it is actually a CPE problem.

The real solution

Of course the answer will always be native IPv6. Something which Virgin Media have yet to deploy, despite a lot of the more technical customers on Virgin Media being vocal about it (I’m one of them!). What is known about Virgin Media and it’s IPv6 plans is they are likely to use DS-Lite, which I have a whole other article about.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store