Bell

See here for an explanation on matter enabled devices.

Matter is a technical standard for smart home and IoT (Internet of Things) devices.[2][3][4] It aims to improve interoperability and compatibility between different manufacturers and security, and always allowing local control as an option

While it can leverage IPV6, it's not a requirement to make them work.

Agreed, and supports what I wrote "Matter-certified devices. Thread, the underlying networking protocol often used with Matter, is explicitly built on IPv6. As found on various sites in a Google search. It can run on v4, but it limits it's full ability for expandability as IoTdevices are in greater use as v4 is being pushed to its limits of devices and will result in conflicts. "

Correct it can run on external IP V6, and if you implement with a IP V6 matter hub, your internal security and IoT will be totally seperated from the IPV4.  I have to say, my head is spinning after doing more research, and I say to myself, hey Bruce, you retired from this whole question back in 2003, and became an elementary teacher.  Why bother wasting my remaining life, debating over what I know nothing about anyway, and as I read more, I found there is so much information, that unless one is fully certified in the standards defined back in 2000, and forwards on IP v6 implementation, it appears that there is so much information out there, that I can't confidently say much of anything on this topic, and suspect that is probably true of many conversations.  With full respect for all, I have forgotten that the Internet is fed by lots of misinformed, people, including myself.  I was well certified in network design and implementation, but when I did my courses, we were all on switches, modems and internal firewall hardware such as  Watchguard firebox firewalls between modems with Telus, two modems and connections for redundancy, and basic 3 com switches with GB backbones, and 100 to the desktops.  We had smaller fireboxes in the homes of people who worked at home, and at remote sites.  

All of this, I didn't need to know how to manage, it was all handed outside of my department to a specialist remote and internal computing service, who handled all servers, DNS servers, Email, data servers and security testing.

It was already getting beyond my staff.  They started with no Internet and we were on 10 base T ethernet and coax with broadcast hubs.

So, now I have done my tread into IPv6, and I have a few things I have learned.

1. For me as a home user, it doesn't matter.  Everything in my home is current and IPv6 connectable, except for my cheaper switches, which all use IP v4.  My newer stuff is matter and capable of IPv6, but it doesn't come into play until I put a matter hub in to seperate my IoT from the outside world, and is then routed via IPv4 over bell because that is all they offer, to Bell, to my thermostat company, to google for google home appliances, etc.  The article I read did say that all this routing from google home, to google servers, to my dlink switch servers, back to my app, and to the light switches and other dlink devices, and back to the google home to tell me it is done can create delays, and timeouts, which it does, not often, but it does.  Theoretically, in a total IPv6 connected system, which many businesses will have, and there in lies why business accounts can request it, it is device back to the server via the hub, and back to our apps and software controls via IP, and NAT as we know it and routing as we know it becomes a very different beast, but is still plug and play when the whole system is set up.  I am theorizing somehwat here, so will say no more on that, because truthfully, after researching, I have no idea what I am talking about.\

2. We on bell Gigahubs do have an interal link IPv6 running in our homes, that facilitates a closed network on IPv6, but it will go out on IPv4.  My Fibe tv box has IPv4 and v6 id's, and I learned that if you see ip internal link on Microsoft Win 10, and it is prefaced fe80, it is an internal network.  For my use, I have no need, and have no single device in my network that needs IP v6 exclusively, and are running on IPv4. If I were to add a hub to the system and facilitate IPv6 across all of my eventually IPv6 matter, thread devices, I will move to a full internal network on that stuff run over a hub, which makes the most sense, as the hubs support 2.4 wifi cameras, as well as matter devices, and are controlled internally via my application attached to the hub via wifi, or ethernet.  I can still access the internal network securely via v4 over the bell network, as the hub does the translation to the internal network and maintains security.

3. I also learned that cable based networks moved to ipv6 support for one basic reason.  To be able to manage tv devices, which was introduced by Comcast to support diagnostic tools and box accessability end to end because a company of the size of Comcast with so many devices out there running off their servers, that they were soon at risk of outrunning their total allocation of IPv4 addresses, and did need direct access to the devices.

Maybe this is why Bell is running an internal virtual IPv6, to give direct access into the TV boxes.  I have once had a support person log directly into my box by providing him the mac address, of which there were two.  He had me give the one for ethernet and wifi so he could do his work.  Don't know what that meant, didn't ask, but he then had full view of all statistics on the box and could do remote.

So why they provide internal ip v6 on the private side of things, I don't know, and at this time in my life, I don't really care.

So that is what I know, except I have learned, that whether I have IP v4 only, it really doesn't matter.  I am not designing engineering and testing IPv6 applications or hardware, which I would need it for, nor do I exceed 254 IP addresses in my home and if I did, would just need to figure out how to set up routers and managed switches.  If you need this level, and want to stay with Bell or any other telcom it seems, then get a business account.

So that ends my dip of my tow into this discussion.  It was interesting, but not worth the time, but I can see why the question remains why does cable have IPv6 external addresses, while bell does not.  I am not a certified networking specialist anymore, and never was in this area.  I am 25 years out of date.  That is why I hired outside consultants, that team is now owned by Nokia and is the exclusive provider of Nokia networking, internetworking and security solutions, and a top awarded industry wide.  I lucked out when they were smaller, and from there forward, I just needed to know what they were doing for us.  I am sure they could explain IPv6 to me, but I couldn't afford their time.

Over and out, Bruce

You may want to do some research into IPv6. I left Bell and I am currently using a third party Internet provider via Bell's Fibre.

I have been assigned a single IPv4 address, but I have been assigned 18,446,744,073,709,551,616 IPv6 addresses a /64. All of the IPv6 devices behind my router don't have to use NAT to reach their destination, just my firewall that may stop some traffic.

On a side note, I used the same third party Internet provide that I am with now on Bell's DSL lines for years. No trickery, just a basic configuration on my router. When I was briefly with Bell I tried to resort to an IPv6 tunnel, but it never ran cleanly.

If Bell does ipv6 correctly the home user can be assigned a prefix delegation like a /56 or /60 THEN all their ipv6 capable devices on the LAN/Subnets would get a IPv6 global unicast address that's globally unique and routable on the internet … 

BTW that is what Rogers does for their Residential Internet Customers …. And to be competitive I would assume the Bell would do the very same 

My IPv6 firewall blocks a fair bit of stuff inbound and some outbound stuff as well, so I am not worries for the moment.

Interestingly enough when I first got IPv6 on my DSL connection a few years ago, I ran one of the test tools that gave a report about IPv6 readiness. At home things were okay, but some ICMP stuff was blocked, a couple of months later I ran the same tool while visiting my parents who used Rogers, all of the tools passed with a 100% pass rate. This actually concerned me. I logged into my Linux server at my house and then I was able to SSH directly into my laptop via IPv6 on my parents connection. Rogers hadn't implemented any sort of IPv6 firewall and had enabled IPv6 by default. Given the scale of addresses in IPv6 you could argue that this wasn't that big of a deal, but I bought them a new gateway the next day that had a IPv6 firewall.

@SteveD thanks for that update. Question. Is my iot, ecobee, dlink tapo matter, dlink kasa wifi 2.4 and bell doorbell over wifi any more or less secure via nat or ipv6 and I am guessing that you would put a ipv6 firewall in between gateway and internal network and how does one do that on bell fibe lines over 3rd party, or do they go modem and your own router firewall. 

All of this is above my knowledge level, but 8 can still learn. We don't have 3rd party of bell fibre to the home in our area. Discussion is all moot since I am leaving bell shortly to cable based provider. 1gb down and 40 up is still overkill for me. My offspring will have to wait a bit while I upload HD pictures and videos. Then again I do that on my phone and from my DSLR to my phone. Poor 4G to my home not the 5G I pay for works fine. 

After I leave I will follow this discussion to learn more. I like your discussions of actual testing on ipv6 device outside to inside and your suggestions of ipv6 firewall. I am going to bridge my cable to to link ac1900 with mesh capable extenders. Any thoughts, also any thoughts on how to firewall ipv6 3rd party if I can get it given the challenge of bridging over ppoe with Bell gateways. Or maybe by the time I come back, because over time I get fed up easily and my therapists advice has always been, find another option and start fresh. Bells support model has driven me away plus tv model, but tech and companies so change. 

Thanks all. Great informative discussion. 

Bruce

10th new service, 11rh bye bye bell home services. An expensive bell smart home system that is just a doorbell that they have replaced 4 times. I use the proprietors plug to the hub zwave all proprietary so you can't just add a z-wave device anymore. Best solution for security I see is move all critical security and as much as possible to internal network seperates from your own network and external via its own hub/router. If you know how you could also go clans or managed switch.  But yes agree I would want a firewall between my internal ipv6 and external to control what is going in and out. 

Ahg to be naive and not think about this stuff. 

Bruce