Re: Help: HOWTO buy IP address blocks from ARIN?
On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. That kind of logic is kind of exactly why they put constraints in place. The idea is, does it need to be a routable address on the public internet. It seems like the answer is no, it'd just be nice so I wouldn't have to worry about conflicts. Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 1:46 PM, Matt Minuti matt.min...@gmail.com wrote: Aren't there IP blocks reserved for exactly this kind of VPN use? I've never seen reserved public IP ranges for this sort of thing. There are reserved block ranges for private networks, but if I understood the OP, the point to reserve a public block of IP addresses, and use them as private addresses, specifically to avoid IP subnet conflicts. Since the private IP ranges are free for all, it's very easy to be on a private network, and try to VPN into your own network, and have a conflict as the remote network uses the same private numbers as yours. If you understand, then I apologize, not trying to sound condescending but it may come across that way if you already knew that and I was missing a point. :-) -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
Sure, using IPv6 for the vpn's address pool would be even better, if the vpn software supports it. The multiple vpn servers on RFC1918 blocks would be an interim Plan B if using IPv6 were not feasible for some reason. A sysadmin team's lack of knowledge and experience with IPv6 might be such a reason, if the vpn solution needs to be rolled out in the immediate future. On Tue, Jan 13, 2015 at 2:07 PM, Mark Komarinski mkomarin...@wayga.org wrote: IPv6? On January 13, 2015 1:29:04 PM EST, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? -- gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
non-routable range IPs are what are used where I'm working now, a company with several thousand employees, at perhaps a dozen sites across North America. Making it work requires an infrastructue team. Going outside requires going through a proxy. Subnets at other sites are, I presume, routed to the proxy, or possibly to a different proxy, which routes to the other site over a VPN or other tunnel. I'm not on the infrastructure team, and don't know the details. But we do make it work. (Getting the proxy settings wrong on your local box, however, is a constant source of entertainment.) On Tue, Jan 13, 2015 at 2:21 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 2:45 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? This sounds lame, and it kind of is, but the correct answer is, 'One that's not what someone would normally use to minimize the likelyhood. Personally, I tend to use ones in the 10.110.120.0/24 or such ranges. If you use say, 192.168.0.0/24, then you need to find a new job. :-P Note, that using public IP addresses for your situation would work from a technical perspective. But if none of the addresses are going to be utilized for public internet use, I would be VERY surprised if they even considered granting you the assignments. Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 2:03 PM, Thomas Charron twaf...@gmail.com wrote: On Tue, Jan 13, 2015 at 1:46 PM, Matt Minuti matt.min...@gmail.com wrote: Aren't there IP blocks reserved for exactly this kind of VPN use? I've never seen reserved public IP ranges for this sort of thing. There are reserved block ranges for private networks, but if I understood the OP, the point to reserve a public block of IP addresses, and use them as private addresses, specifically to avoid IP subnet conflicts. Since the private IP ranges are free for all, it's very easy to be on a private network, and try to VPN into your own network, and have a conflict as the remote network uses the same private numbers as yours. If you understand, then I apologize, not trying to sound condescending but it may come across that way if you already knew that and I was missing a point. :-) No offence taken, I slightly misread the request. Anyways, I was thinking of the RFC1918 blocks, basically exactly what John suggested. Still, IPv6 seems like the perfect solution for this... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
IPv6? On January 13, 2015 1:29:04 PM EST, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. If I needed more than 3 (or 4) vpn servers, I could subdivide the 10.x and 172.16 blocks. On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
Aren't there IP blocks reserved for exactly this kind of VPN use? On Tue, Jan 13, 2015 at 1:42 PM, Thomas Charron twaf...@gmail.com wrote: On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. That kind of logic is kind of exactly why they put constraints in place. The idea is, does it need to be a routable address on the public internet. It seems like the answer is no, it'd just be nice so I wouldn't have to worry about conflicts. Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
You mentioned that 1k addresses go to a main-office LAN. I'd put all of your fixed infrastructure on the main-office LAN, and host the vpn servers there. Granted, using a single IPv6 block instead of multiple RFC1918 blocks would be far less of a headache to get working. On Tue, Jan 13, 2015 at 2:21 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On 2015-01-13 14:54, Thomas Charron wrote: On Tue, Jan 13, 2015 at 2:45 PM, Joshua Judson Rosen roz...@hackerposse.com mailto:roz...@hackerposse.com wrote: And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? This sounds lame, and it kind of is, but the correct answer is, 'One that's not what someone would normally use to minimize the likelyhood. Personally, I tend to use ones in the 10.110.120.0/24 or such ranges. If you use say, 192.168.0.0/24 , then you need to find a new job. :-P Or maybe I _should_ use 192.168.0.0/24--because who else in his right mind would be using that Do you remember that scene in `The Princess Bridge', where Vizzini was trying to pick the right cup to avoid ingesting the iocaine? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On 2015-01-13 14:30, John Abreau wrote: You mentioned that 1k addresses go to a main-office LAN. I'd put all of your fixed infrastructure on the main-office LAN, and host the vpn servers there. OK. Assuming that put all of the fixed infrastructure on one single main-office LAN was even workable, what address block would you use for that LAN? Granted, using a single IPv6 block instead of multiple RFC1918 blocks would be far less of a headache to get working. IPv6 is not a viable solution at this time; partly due to lack of experience with IPv6, partly due to just having way too much equipment from way too many vendors that still doesn't/don't support IPv6. I wish IPv6 were viable; even using an unroutable IPv6 subnet would realistically work, because (still) basically nobody else is using using IPv6. And, given the status of the IPv4 pool, IPv6 viability is way overdue; doesn't affect reality. On Tue, Jan 13, 2015 at 2:21 PM, Joshua Judson Rosen roz...@hackerposse.com mailto:roz...@hackerposse.com wrote: On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org mailto:j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
In our last exciting episode, Matt Minuti (matt.min...@gmail.com) said: Is there any sort of idiot's 5 minute guide to IPv6 out there? My OpenWRT router just kind of magically worked with Comcast, but I don't have a clue how the address syntax works, what a prefix is, what blocks are special-purpose (link-local, example, etc), or generally the what the v6 equivalents of the v4 stuff is. Everything I found so far seems to be a glossy summary (IPv6 is good, it has lots of addresses! The end!), way too in-depth (Cisco guides), or assumes way too much (you already know what config file this is based on its syntax). As much as I hate pointing to Comcast as a source of help, have you investigated http://www.comcast6.net/ ? They have some links to tools and tutorials, some of which I've read. A good pointer they reference is at https://getipv6.info/display/IPv6/IPv6+Info+Home -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E pgp34HqJ5UyN3.pgp Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6?
On 2015-01-13 16:32, Jason T. Nelson wrote: In our last exciting episode, Joshua Judson Rosen (roz...@hackerposse.com) said: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? Pretty sure at least check, somewhere around 25% of my data coming into my network at home is IPv6. (native Comcast IPv6 and Hurricane Electric tunnel as backup) Hm. That prompts a few follow-up questions: - Does native Comcast IPv6 mean that Comcast is actually putting their residential customers on IPv6 addresses now? (I haven't been a Comcast residential customer in years, so I don't know) Is that something that you need to (or can) request, or do they just do it as a matter of course? - How are you going about determining your IPv4/IPv6 traffic split? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
On January 13, 2015 3:18:10 PM EST, Joshua Judson Rosen roz...@hackerposse.com wrote: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? I'm on FIOS who doesn't deploy it natively but I've got a /64 block routed through Hurricane Electric. Did it mostly just so we would be IPv6 capable. The only thing that was the sticking point was setting up OpenWRT to set up the route and radvd(?) to do the address assignments. -Mark ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
In our last exciting episode, Joshua Judson Rosen (roz...@hackerposse.com) said: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? Pretty sure at least check, somewhere around 25% of my data coming into my network at home is IPv6. (native Comcast IPv6 and Hurricane Electric tunnel as backup) -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E pgpqWtnY1UXxp.pgp Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
Is there any sort of idiot's 5 minute guide to IPv6 out there? My OpenWRT router just kind of magically worked with Comcast, but I don't have a clue how the address syntax works, what a prefix is, what blocks are special-purpose (link-local, example, etc), or generally the what the v6 equivalents of the v4 stuff is. Everything I found so far seems to be a glossy summary (IPv6 is good, it has lots of addresses! The end!), way too in-depth (Cisco guides), or assumes way too much (you already know what config file this is based on its syntax). On Tue, Jan 13, 2015 at 4:32 PM, Jason T. Nelson j...@jtn.cx wrote: In our last exciting episode, Joshua Judson Rosen (roz...@hackerposse.com) said: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? Pretty sure at least check, somewhere around 25% of my data coming into my network at home is IPv6. (native Comcast IPv6 and Hurricane Electric tunnel as backup) -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6?
In our last exciting episode, Joshua Judson Rosen (roz...@hackerposse.com) said: Hm. That prompts a few follow-up questions: - Does native Comcast IPv6 mean that Comcast is actually putting their residential customers on IPv6 addresses now? (I haven't been a Comcast residential customer in years, so I don't know) Is that something that you need to (or can) request, or do they just do it as a matter of course? They appear to have pretty good coverage now, they started on the west coast sometime in 2011. I think I received a native (by this I mean non-tunneled, not translated) IPv6 address earlier last year in Manchester. Assuming you have a supported cable modem and your hardware connected to it supports it, you will be provided an IPv6 address via DHCPv6; there's no opt-in or even opt-out. In addition, you can ask for additional prefixes beyond the default /128 address given if your DHCPv6 client supports Prefix Delegation. I'll leave that configuration as an exercise to the reader as it depends on OS and client implementation :) - How are you going about determining your IPv4/IPv6 traffic split? My edge device/router is a small FreeBSD box where I'm using the netflow Netgraph node to export netflow data for analysis. I did it originally as a testbed for $dayjob. -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E pgpXzsEV8vIFb.pgp Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/