IPv6 or counteracting Youtube speed throttling

Introduction

If you have:

1. There is a Mikrotik router,

2. White IP address kindly provided by your provider,

3. I want to watch YouTube at normal speed,

4. I have ambitious plans to upgrade my home network,

then let's start the fight for freedom of speed.

The purpose of this article is:

• talk about creating and configuring an IPv6 tunnel,

• demonstrate the setup on the IPv6 broker website

• show router settings (pool forwarding to local network, firewall settings, DNS)

• demonstrate the functionality of the IPv6 connection.

Let's go.

Select a broker and create an account

Not long ago I spent time studying official leadership Mikrotik, where I came across the creation of IPv6 encapsulation. The tunnel broker IPv6 Hurricane Electric was also proposed there.

Ready to experiment, I moved on to website and tried to register. The first problem that awaited me was that the mail domain I specified was not supported (presumably the field is checked for words such as gmail, yandex, mail)

I tried several domains and came to the conclusion that it is easier to use the address on the etlgr.me domain. For this you need a bot in Telegram etlgr_botwhere we create a new box or use the box created by default.

After registering and confirming your email address, go to the website and click: Create Regular Tunnel. We indicate your IP address, choose a tunnel server to taste:

If the error occurs: IP is not ICMP pingable

It is necessary in the router's Firewall above the category of prohibiting rules input create a allow rule:

/ip firewall filter
add action=accept chain=input protocol=icmp src-address=66.220.2.74

Then the tunnel configurations will appear in the browser window. Here Routed IPv6 Prefixes are the addresses that will be forwarded to the local network.

For ease of router configuration, you can use the Example Configurations tab. Select Mikrotik there. Then copy and paste the configuration code into the router terminal:

Local interface settings on the router

In IPv6, addressing is performed as follows: the address is conventionally divided into two parts:

1. the first part is issued by the provider

2. the second part is generated on the end device based on MAC:

For example, in the address 2000:aaaa:aaaa:aaaa:ffff:ffff:ffff:ffff, the part 2000:aaaa:aaaa:aaaa:aaaa is issued by the provider, the second part: ffff:ffff:ffff:ffff is defined by the device.

On the router, it is necessary to define the previously assigned subnet for the local interface. Select IPv6 → Addresses. Insert the IPv6 prefix copied from the site. Select the interface. The checkbox is set: Advertise. Apply the settings.

You need to check and adjust the IPv6 settings → ND (Neighbor Discovery). Here you can either create a separate rule for the local interface or use the default, tweaking it to your taste.

Here we add DNS Serers either Google (2001:4860:4860::8888), or the local interface (in our example 2001:470:1f08:1e8::2 interface sit1)

In IP → DNS and add one or more IPv6 DNS if we want to use our router as a DNS server.

The icing on the cake: IPv6 → Settings.

Disable IPv6, turn on IPv6 Forwarding, as in the image. And save. After which the main mission is completed.

What if I don’t want to reveal the IP addresses of my devices?

In this case, an arbitrary pool of /64 local IP addresses from the fc00::/7 subnet can be issued to the local network (fc00:: addresses – fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)

In Winbox, go to IPv6 → Addresses. By clicking plus, add a new entry in which you select an arbitrary pool for the local interface. For example, pool fc00:aaaa:bbbb:cccc::/64 for interface vlan11_guest.

Don't forget about masquerade (substitution of local IP address for global). Go to IPv6 → Firewall → NAT. Create a record as in the screenshot. As Src. Address specify: fc00::/7 (entire local network). Dst. Address: 2000::/3 (the entire external Internet). This universal rule will allow you to replace requests only from interfaces that are assigned local IP addresses.

/ipv6 firewall nat
add action=masquerade chain=srcnat dst-address=2000::/3 out-interface-list=WAN src-address=fc00::/7

Examination

For testing, you can use specialized sites. Here is just an example of sites:

Don't forget about safety

Since all devices receive an external IPv6 address (you can verify this by checking each device separately), they (including the router) should be protected from the outside world:

/ipv6 firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=drop chain=input in-interface-list=!LAN
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward in-interface-list=!WAN protocol=icmpv6
add action=drop chain=forward

This implies that the interface sit1 I already added to the existing interface list WAN. And the local interface is in the list of interfaces LAN.

Conclusion

One of the options for combating YouTube speed limitation was considered, namely the process of creating a 6in4 tunnel. Practice has shown that the video download speed remained high both from a phone and from a computer.

In the next article I will try to tell how I forwarded an IPv6 pool to another router via Wireguard, via an EoIP tunnel, as well as forwarding and configuring Wireguard clients on a computer, smartphone, through which IPv6 traffic is routed.