Post

Vodafone Cable Internet shenanigans - Part 1: Bridge Mode

Posted Updated
By Robin W. Hunter
21 min read

Motivation

Throughout my quest to improve my home network, the limitations of my ISP-issued modem/router were getting more and more obvious. In particular, as the number of devices in my network grew, I noticed occasional WLAN signal interruptions. Additionally, as covered in my previous article, the software of my ISP-router is extremely limited, and does not give the option to configure some pretty basic features (routing tables, DNS server, etc). For this reason, and as scary as the thought of breaking something and remaining without Internet access for unforeseeable periods of time was, I felt it was finally time to start tinkering with my ISP-issued router.

In this article I would like to cover lessons I learned, and issues I faced on my journey. During my online research, I struggled a bit to find exact information which pertains to my ISP (Vodafone Germany) and to my exact router (The Vodafone Station). Additionally, very little of the information I managed to find online was in English. This last point was enough motivation for me to dedicate an article to just this topic.

The Vodafone Station

Figure 1: The Vodafone Station Figure 1: The Vodafone Station

As mentioned in the previous section, my Internet provider is the German ISP Vodafone. They provide my building with Cable Internet using existing coaxial cable infrastructure used by the Cable Television system. As part of my Internet contract, Vodafone supplied me with a “Vodafone Station” which assumes the three following roles:

  • Modem: Specifically, the Vodafone Stations supports the DOCSIS 3.1 protocol, which permits data transfer over coaxial cable towards the Provider’s Equipment.
  • Router: With support of IPv4 and IPv6.
  • Wireless-access point: Supporting WiFi 5 (i.e. both 2.4GHz and 5GHz bands).

Having to assume these three functions, resulted in a noticeable drop in the quality of my Internet connection as the number of devices on my network grew through the years. A simple remedy to this, would be to split these functionalities, and delegate some of them to other devices. Specifically, it is possible to configure the Vodafone Station to act solely as a modem. A Router can then be connected downstream from the Vodafone Station, thus taking care of routing. Furthermore, wireless access-points can be connected to the router in order to provision wireless access.

Bridge mode

Operating an ISP’s router solely as a modem is referred to as Bridge Mode. In this mode, the device simply operates on the lowest two OSI layers:

  • Physical: transforming the digital (usually Ethernet) signal, to an analog signal which can be sent over the coaxial television cables.
  • Data Link: Managing the direct link connection to the ISP’s equipment.

After switching the ISP’s router/modem into bridge mode, its router functionality is disabled. Thus, only the one IP address given to the household by the ISP is available. In order to connect multiple devices (and assign them different IP addresses), an additional router downstream of the ISP’s is required.

Vodafone has some detailed instructions1 on their website, as well as a video2 on their YouTube channel, explaining the steps required to enable Bridge mode. Both the instructions and video state that switching to Bridge mode is not made available in all German states. Specifically, according to Vodafone, this option is not available in the states of North Rhine-Westphalia, Baden-Württemberg, and Hessen. As it turns out, I just so happen to live in one of these states.

The specific issue, is that the final step of switching bridge mode on, consists on logging into the web interface of the Vodafone Station and enabling it on the corresponding menu item (see Figure 2). This option however, was not available on my router’s interface, and would not show on routers in the states mentioned above.

Figure 2: The option to enable bridge mode on the Vodafone Station's Web UI Figure 2: The option to enable bridge mode on the Vodafone Station’s Web UI

Looking for more information, I came across multiple threads, posts, and online discussions3 4 5 about this topic, and it turns out that this information is not fully correct. In fact, the top comment on Vodafone’s own video on the matter mentions that one can activate bridge mode on the Vodafone station even when living in one of these states (See Figure 3).

Figure 3: Top comment on Vodafone's Bridge mode YouTube video Figure 3: Top comment on Vodafone’s Bridge mode YouTube video

Translation: If you’d like to activate Bridge mode in NRW (North Rhine-Westphalia), call the hotline and ask for the (free) activation of Dual-Stack. Afterwards, the Bridge mode option will be unlocked for your Vodafone Station, and you can use your own router without issue.

As it turns out, this really is all you need to do. Calling the Vodafone hotline, I was able to book the Dual Stack option without any extra cost. Following that, the option to enable Bridge mode appeared on my router’s interface as shown in Figure 2.

I was really glad that this tip really worked. However, I was left with a multitude of questions: Why was this step even necessary? What exactly does activating Dual Stack accomplish? And why is this step only needed in the three states mentioned above and not the remainder of Germany?

Why is Dual-Stack needed for Bridge mode?

Before we move forward, it is important we lay down some ground work. If you are reading this article, then you probably know that IPv4 has been on the way out for a while now, with the first deployments of IPv6 dating back to two decades ago. As of this writing though, IPv6 adoption is still around the 40-something-percent mark6, meaning that for the time being IPv4 and IPv6 need to coexist. This coexistence will probably remain necessary for years to come, as not all software/applications support IPv6 seamlessly. In the meantime, ISPs are left with a multitude of schemes to weather these transitional times.

Dual-Stack

One transitional schemes is Dual-Stack. It refers to the implementation of both IPv4 and IPv6 technologies simultaneously in the Network Layer. In this scenario, ISPs allocate both an IPv4 and and IPv6 address to customer equipment. The traffic between the customer’s and ISP’s equipment can be over either technologies. Dual-Stack is a straight-forward solution to the transition dilemma: If both IPv4 and IPv6 stacks are available for the customer’s equipment, devices and software which can make use of IPv6 can do so, those who cannot, will use the available IPv4 address and route through the ISP’s IPv4 network to reach the internet. This is illustrated in Figure 4.

Figure 4: Dual Stack illustrated Figure 4: Dual Stack illustrated

One issue with the Dual-Stack approach is that it requires each customer router receiving an individual IPv4 address. This is obviously an issue since IPv4 addresses are in short supply (if at all available) and there are always new customers joining the ISP’s network.

Carrier-Grade NATs

One first solution to this problem is the use of Carrier-Grade Network Address Translation (CGNAT). This refers to the same process by which a customer’s router performs NAT in order to map the private IPv4 addresses of devices belonging to the customer’s LAN to the public IPv4 address the router has received from the ISP. In the context of CGNATs, the routers belonging to the customers do not receive a public IPv4 address, but are assigned one from a special IPv4 Shared Address Space which has been reserved exactly for this purpose7. The address range is 100.64.0.0/10(100.64.0.0 to 100.127.255.255), allowing for slightly less than a total of 4.2 million addresses. Notice that this address range is explicitly distinct from the IPv4 Private Address Space reserved for private internets8 to avoid collisions between addresses assigned within customer LANs, and those within the ISP’s network. The customer routers are then connected to a NAT which performs the mapping from the shared internet IPv4 range, to the public IPv4 assigned to the NAT. The end result of this, is all the customers’ routers being able to access the IPv4 Internet behind the NAT’s one public IPv4 address.

The big advantage of the use of CG-NATs is that they allow to lower the demand on public IPv4 addresses. However, this comes at the price of multiple disadvantages9. Namely, because the CGN needs to maintain the state of IPv4 connections from all customer routers connected to it, performance, reliability and scalability issues are to be expected. Furthermore, because customer routers sit behind the ISP’s router, port forwarding is not possible without additional configuration (e.g. using the Port Control Protocol). Finally, This solution does not allow for making services hosted on the customer’s network accessible online.

Dual-Stack Lite

The other solution we will be looking at is called “Dual-Stack Lite” or DS-Lite for short. As the name hints at, this solution is in a way similar to Dual-Stack in that equipment on the customer’s LAN can use both IPv4 and IPv6 to access the Internet. The difference between the two protocols occurs on the ISP’s network. In the case of Dual Stack the customer’s router receives both IPv4 and IPv6 addresses and can communicate with the ISP’s router using both technologies. In contrast to that, if DS-Lite is in use by the ISP, the customers’ routers only receive an IPv6 address, and only IPv6 traffic is routed on the ISP’s network.

The question you might be asking yourself now is: If only IPv6 traffic is allowed on the ISP’s network, how can IPv4 traffic still be functional on the customer’s network? The answer to this is illustrated in Figure 5. Whereas IPv6 packets are forwarded as they are by the customer’s router to the ISP’s router, IPv4 packets on the other hand, are encapsulated into IPv6 packets by the customer’s router before being forwarded. The IPv4 traffic is thus tunneled through the IPv6 network. The destination IPv6 address used by the customer router for the tunneled traffic is that of a special device known as the Address Family Transition Router (AFTR). This router terminates the IPv6 tunnel, and extracts the IPv4 packets. This router is also provisioned with a public IPv4 address, and can thus route the original IPv4 traffic to the public Internet, thus acting as a CG-NAT10.

Figure 5: Dual Stack-Lite illustrated Figure 5: Dual Stack-Lite illustrated

To summarize, in DS-Lite, IPv6 traffic is forwarded as is, whereas IPv4 traffic is tunneled through IPv6 to a special router which forwards the IPv4 traffic and acts as a CG-NAT. This sentence had initially caused me a lot of confusion: If by the end of the day DS-Lite still relies on CG-NAT, what advantage does it bring in comparison to Dual-Stack with CG-NATs? At first, it seemed to me as if DS-Lite simply brings more complication to the table (IPv4 in IPv6 tunneling) without showing any advantages for it. The truth is, there is at least one advantage of DS-Lite. Whereas CG-NATs in the context of Dual-Stack require the use of the Shared Address Space, this is not the case in the context of DS-Lite. In fact, as far as IPv4 is concerned, the customer’s LAN is directly downstream of the AFTR/CG-NAT router. This means that there is no double NAT, and none of the issues it brings with it (at least to my understanding).

Finally, we haven’t covered how the customer’s router learns the IPv6 address of the AFTR node. In order to learn this address, the customer’s router is expected to add the special option OPTION_AFTR_NAME to (a number of) its DHCPv6 requests. When the ISP’s DHCPv6 server sees this option in a request from a client (the customer’s router) it replies with the Fully Qualified Domain Name (FQDN) of the AFTR. The customer’s router can then use DNS in order to obtain the IPv6 address of the AFTR11.

The answer

It took a lot of explanations to get here, but we now have all the necessary knowledge required to answer the question we asked in the previous section: Why did activating Bridge mode on my Vodafone Station require me to activate Dual Stack first?

As it turns out, in the states of North Rhine-Westphalia, Baden-Württemberg, and Hessen, Vodafone makes use of DS-Lite, and uses it as a default for all its cable Internet customers. This is all well and good because Vodafone leases its own hardware to new customers. Meaning that Vodafone can rest assured that the routers its customers will connect in their homes will know to include the required option in their upstream DHCPv6 requests in order to learn the address of the AFTR. Furthermore, these routers will know to correctly encapsulate their IPv4 traffic and send it towards the AFTR, thus enabling both IPv4 and IPv6 for the customer. This situation however changes once a customer wants to switch their modem into Bridge mode. In such a configuration, the customer’s own third party router will be the one communicating with the ISP’s IPv6 router, if it does not know to send the OPTION_AFTR_NAME DHCPv6 option, the router’s DHCPv6 server will not send the FQDN of the AFTR. Furthermore, I am not completely sure how standardized the IPv4-in-IPv6 tunneling is, an it could very well be that the ISP’s implementation is proprietary and diverges from the relevant RFC12. In either scenarios (or other similar scenarios I have not considered here) DS-Lite will end up being wrongly configured on the customer’s third party router. The customer will end up with only IPv6 networking meaning any IPv4-only software or application will stop working, as its traffic will only reach the customer’s router before being dropped because the router has no way to reach the IPv4 Internet.

I believe that it is for this reason that Vodafone disallows the Bridge mode (and why the Vodafone Station’s software hides the option to switch it on) when only DS-Lite is deployed for the customer’s connection. By requiring Dual-Stack as a precondition, once Bridge-mode is activated the customer’s third-party router will directly receive an IPv4 address from the ISP, and will not have to worry about configuring IPv4-in-IPv6 tunneling.

Finally, there remains one part of the question yet un-answered: Why is it that Dual-Stack is precondition to Dual-Stack only in North Rhine-Westphalia, Baden-Württemberg, Hessen and not in the rest of Germany?

Why is Dual-Stack only needed in NRW, BW, and Hessen?

The reason why the Dual Stack is required for Bridge mode activation only in the three states mentioned above and not in the rest of Germany, probably has something to do with the corporate structure of the company. In trying to understand this structure, I ended up going through multiple sources, including Vodafone.de’s Impressum section13 entries in online company registers 14 1516, and a couple Wikipedia articles.

The following is my own understanding of this structure, and I would like to present it with the disclaimer that there is a chance I might have gotten a couple of things wrong. Still, I could not find any one online source with all the information I needed, so I hope this is still worth a read.

Vodafone’s corporate structure

As I understand it, Vodafone GmbH (GmbH is German for company with limited liability) is a German company created in 2000 as a subsidiary of the British Vodafone Group Plc, and under which Vodafone’s operations in Germany are consolidated. Vodafone GmbH itself has subsidiaries which handle some of its activities in specific sectors, such as its Cable Internet business.

Up until 2019 Vodafone’s Cable Internet offering in Germany was limited to 13 states (all states except for North Rhine-Westphalia, Baden-Württemberg, and Hessen). This offering was by the company Vodafone Kabel Deutschland GmbH which resulted from the takeover of the previously existing Kabel Deutschland GmbH by Vodafone Group in 2014. In the remaining three states, Cable Internet was provided by Unitymedia GmbH. I say was, because Unitymedia GmbH itself was bought by Vodafone Group Plc in 2019 thus giving Vodafone a Cable Internet offering in all of Germany. Finally, in 2020 Unitymedia was rebranded into Vodafone West GmbH, and in 2021 Vodafone Kabel Deutschland was renamed to Vodafone Deutschland.

I have tried to illustrate the explanations above in Figure 6.

Figure 6: Vodafone's corporate structure in Germany Figure 6: Vodafone’s corporate structure in Germany

So why have I taken the time to explain the complicated corporate structure above? Honestly, I got carried away a little, at first I just wanted to know what the difference between the three states mentioned above and the remainder of Germany was. This had lead me to learn about the (in my opinion) fascinating history of Cable Internet in Germany. For example, did you know that Kabel Deutschland GmbH itself was created in 1999 in order to split the Cable business away from Deutsche Telekom (The same Deutsche Telekom which now operates T-Mobile)? This was done following a decision by the German “Monopolkommission” (I don’t think I need to translate this one). Kabel Deutschland GmbH was then broken up into separate regional companies to be sold to different investors. The goal of this split being to encourage free market competition. Multiple of these regional entities ended up merging back together, making up the big Cable conglomerate that is Vodafone GmbH. However, there remains multiple regional Cable Internet providers in Germany (at least on paper17).

To me, this split experiment is even more fascinating because of its similarities to the breakup of the Bell System (AT&T) which took place back in 1982 in the US18. The similarities do not stop there, as a most of the regional entities which resulted from the break-up of Bell System also ended up gradually merging back into a small handful of mega telecommunication conglomerates (e.g. AT&T and Verizon).

Vodafone West vs Vodafone Deutschland

Let us get back to our original question of why Dual-Stack is required only in the three states mentioned above and not in the rest of Germany. To be honest, I am still unclear as to why this is, but I think it pretty much is due to the way Vodafone Germany is organized, as depending on where you are in Germany, you are dealing with either Vodafone West or Vodafone Deutschland. The following is what I have learned scouring through posts on multiple forums online19202122:

  • Vodafone Deutschland: Uses Dual-Stack Lite by default for all new customers. As it has used up most of its IPv4 address range, it is not possible to obtain a public IPv4 without paying for a business contract. As such booking Dual-Stack is not possible. Exceptions to this rule seems when the customer activates bridge mode (through the option available in the Vodafone Station web interface), or when the user asks to use their own third-party cable modem. In both scenarios, Dual-Stack is automatically activated for the customer without separate application. This automatic activation, is probably why Dual-Stack is not a prerequisite to activate Bridge mode.
  • Vodafone West: Also uses Dual-Stack Lite by default for all new customers. Similarly to Vodafone Deutschland business customers are able to obtain fixed public IPv4 addresses. However, in contrast to Vodafone Deutschland, Vodafone West allows private customers to book Dual-Stack Lite if they fulfill certain conditions. In order for private customers to be eligible to activate Dual-Stack they need to either have a 1Gbps contract (e.g. the Gigabit or CableMax rates) or have either of the following paying options booked:
    • Power Upload: which allows to double the base upload speed.
    • Homebox (5 or 6): which allows to upgrade the Vodafone Station to a Fritz!Box (6660 or 6690 respectively) cable modem/router.
    Important Note: One remark which I kept seeing being repeated everywhere is that activating Dual-Stack in Vodafone West states, is not an obligation but wholly reliant on the leniency operator one gets a handle on when calling the hotline. It seems that this option is not something codified in the actual customer contract, so the general assumption is that Vodafone would be in its right to refuse the activation of such a service. Some online posts go as far as to warn that Vodafone could even deactivate the option in the future if it sees fit. I am not sure how true this is. I guess it would make sense if Vodafone decides to only activate Dual-Stack in the future for business customers. IPv4 is after all supposedly on the way out, and as more and more applications implement support for IPv6, the need for Dual-Stack (and other transitionary solutions) would subside. I do however have some reservations believing that Vodafone would disable this option for customers who already booked it. Who knows though, everything is possible.

So there you have it: Dual-Stack seems to be required for Bridge mode in all German states, but in those where Vodafone Deutschland operates, the switch from DS-Lite to Dual-Stack is handled automatically by Vodafone.

Conclusion

Well, this article surely ended up being way longer than I anticipated. I had a lot of trouble gathering all the information I used for my write up, and I wanted to create a comprehensive source to summarize all that I learned. Additionally, as mentioned in the first section, most of the information I combed through was in German, and I thought it would be helpful to create one English source on the topic. I have tried to gather the sources that were most helpful to me in my journey, most of the links are archived, and I have listed them all in the References section below.

Finally, my initial plan was to also include a section about the use of third-party modems, and the requirements of connecting one to Vodafone’s network. Seeing how long this article had become, I opted to move that topic to its own separate article, hence the “Part 1” in this article’s title. If that sounds like something you’d like to learn more about, then stay tuned!

References

  1. Vodafone Bridge-Mode aktivieren (Archived on 02.09.2024) ↩︎

  2. YouTube: Vodafone Deutschland - Bridge-Mode: So nutzt Du Deinen eigenen WLAN-Router am Vodafone Kabel-Anschluss ↩︎

  3. Reddit: r/de_EDV - Fritzbox 6660 Cable Bridge Modus (Archived: 2024.08.29) ↩︎

  4. Vodafone Community: Vodafonestation BridgeMode nicht möglich nach Freischaltung eines eigenen Routers, NRW (Archived: 2024.08.31) ↩︎

  5. Vodafone Community: Bridge-Modus nicht einschaltbar+Vodafone Station wird unter „Geräte & Einstellungen“ nicht angezeigt (Archived: 2024.08.31) ↩︎

  6. Google IPv6 Statistics ↩︎

  7. IETF - RFC6598: IANA-Reserved IPv4 Prefix for Shared Address Space ↩︎

  8. IETF - RFC1918: Address Allocation for Private Internets ↩︎

  9. Wikipedia: Carrier-grade NAT # Disadvantages ↩︎

  10. IETF - RFC6333: Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion ↩︎

  11. IETF - RFC6334: Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Option for Dual-Stack Lite ↩︎

  12. IETF - RFC2473: Generic Packet Tunneling in IPv6 Specification ↩︎

  13. Vodafone.de - Impressum (Archived 07.09.2024) ↩︎

  14. North Data - VODAFONE GMBH, DUSSELDORF, GERMANY (Archived 07.09.2024) ↩︎

  15. North Data - VODAFONE DEUTSCHLAND GMBH, UNTERFÖHRING, GERMANY (Archived 07.09.2024) ↩︎

  16. North Data - VODAFONE WEST GMBH, DUSSELDORF, GERMANY (Archived 07.09.2024) ↩︎

  17. Wikipedia: Kabelnetzbetreiber # Deutschland ↩︎

  18. Wikipedia: Breakup of the Bell System ↩︎

  19. Vodafone Community: Dual Stack buchbar (Archived 31.08.2024) ↩︎

  20. Vodafone Community: Dual Stack im BW umstellen (Archived 31.08.2024) ↩︎

  21. Vodafone-Kabel-Forum: Besonderheiten von Vodafone West (Archived: 2024.09.09) ↩︎

  22. Vodafone-Kabel-Forum: Internet Protocol # Welches Verfahren wird bei Vodafone Kabel Deutschland angewendet? (Archived: 2024.09.09) ↩︎

Network organization
networks router modem vodafone isp
This post is licensed under CC BY 4.0 by the author.