Re: Help: HOWTO buy IP address blocks from ARIN?
On 01/13/2015 02:29 PM, Bill Freeman wrote: non-routable range IPs are what are used where I'm working now, a company with several thousand employees, at perhaps a dozen sites across North America. Making it work requires an infrastructue team. Going outside requires going through a proxy. Subnets at other sites are, I presume, routed to the proxy, or possibly to a different proxy, which routes to the other site over a VPN or other tunnel. I'm not on the infrastructure team, and don't know the details. But we do make it work. (Getting the proxy settings wrong on your local box, however, is a constant source of entertainment.) This was actually a helpful response--thanks. I ended up getting a /21 (2048-address block) of routable addresses. -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. That kind of logic is kind of exactly why they put constraints in place. The idea is, does it need to be a routable address on the public internet. It seems like the answer is no, it'd just be nice so I wouldn't have to worry about conflicts. Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 1:46 PM, Matt Minuti matt.min...@gmail.com wrote: Aren't there IP blocks reserved for exactly this kind of VPN use? I've never seen reserved public IP ranges for this sort of thing. There are reserved block ranges for private networks, but if I understood the OP, the point to reserve a public block of IP addresses, and use them as private addresses, specifically to avoid IP subnet conflicts. Since the private IP ranges are free for all, it's very easy to be on a private network, and try to VPN into your own network, and have a conflict as the remote network uses the same private numbers as yours. If you understand, then I apologize, not trying to sound condescending but it may come across that way if you already knew that and I was missing a point. :-) -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
Sure, using IPv6 for the vpn's address pool would be even better, if the vpn software supports it. The multiple vpn servers on RFC1918 blocks would be an interim Plan B if using IPv6 were not feasible for some reason. A sysadmin team's lack of knowledge and experience with IPv6 might be such a reason, if the vpn solution needs to be rolled out in the immediate future. On Tue, Jan 13, 2015 at 2:07 PM, Mark Komarinski mkomarin...@wayga.org wrote: IPv6? On January 13, 2015 1:29:04 PM EST, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? -- gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
non-routable range IPs are what are used where I'm working now, a company with several thousand employees, at perhaps a dozen sites across North America. Making it work requires an infrastructue team. Going outside requires going through a proxy. Subnets at other sites are, I presume, routed to the proxy, or possibly to a different proxy, which routes to the other site over a VPN or other tunnel. I'm not on the infrastructure team, and don't know the details. But we do make it work. (Getting the proxy settings wrong on your local box, however, is a constant source of entertainment.) On Tue, Jan 13, 2015 at 2:21 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 2:45 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? This sounds lame, and it kind of is, but the correct answer is, 'One that's not what someone would normally use to minimize the likelyhood. Personally, I tend to use ones in the 10.110.120.0/24 or such ranges. If you use say, 192.168.0.0/24, then you need to find a new job. :-P Note, that using public IP addresses for your situation would work from a technical perspective. But if none of the addresses are going to be utilized for public internet use, I would be VERY surprised if they even considered granting you the assignments. Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Tue, Jan 13, 2015 at 2:03 PM, Thomas Charron twaf...@gmail.com wrote: On Tue, Jan 13, 2015 at 1:46 PM, Matt Minuti matt.min...@gmail.com wrote: Aren't there IP blocks reserved for exactly this kind of VPN use? I've never seen reserved public IP ranges for this sort of thing. There are reserved block ranges for private networks, but if I understood the OP, the point to reserve a public block of IP addresses, and use them as private addresses, specifically to avoid IP subnet conflicts. Since the private IP ranges are free for all, it's very easy to be on a private network, and try to VPN into your own network, and have a conflict as the remote network uses the same private numbers as yours. If you understand, then I apologize, not trying to sound condescending but it may come across that way if you already knew that and I was missing a point. :-) No offence taken, I slightly misread the request. Anyways, I was thinking of the RFC1918 blocks, basically exactly what John suggested. Still, IPv6 seems like the perfect solution for this... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
IPv6? On January 13, 2015 1:29:04 PM EST, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. If I needed more than 3 (or 4) vpn servers, I could subdivide the 10.x and 172.16 blocks. On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. 1k addresses go to a main-office LAN; the rest of them basically go to site offices. All of these things have the aforementioned routing constraints. Just buy a block of IP addresses that are actually guaranteed routable is the solution that I've seen in place at all of my former companies, though I've never been the one to make it happen before. How would you do it? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam python at venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
Aren't there IP blocks reserved for exactly this kind of VPN use? On Tue, Jan 13, 2015 at 1:42 PM, Thomas Charron twaf...@gmail.com wrote: On Tue, Jan 13, 2015 at 1:29 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On January 9, 2015 5:56:43 PM EST, John Abreau wrote: What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? 'Project' is a geographically-distributed tech company with a bunch of frequently-mobile sub-networks where at least one end of any given 'internal' connection actually needs to be going out from behind someone else's network. There's certainly a chance that, say, our VPN or LAN addresses won't conflict with any of the arbitrarily-addressed host networks where the VPN endpoints reside, but we'd really rather have a routing scheme that 'will work' as opposed to something that 'might work'. That kind of logic is kind of exactly why they put constraints in place. The idea is, does it need to be a routable address on the public internet. It seems like the answer is no, it'd just be nice so I wouldn't have to worry about conflicts. Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
You mentioned that 1k addresses go to a main-office LAN. I'd put all of your fixed infrastructure on the main-office LAN, and host the vpn servers there. Granted, using a single IPv6 block instead of multiple RFC1918 blocks would be far less of a headache to get working. On Tue, Jan 13, 2015 at 2:21 PM, Joshua Judson Rosen roz...@hackerposse.com wrote: On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On 2015-01-13 14:54, Thomas Charron wrote: On Tue, Jan 13, 2015 at 2:45 PM, Joshua Judson Rosen roz...@hackerposse.com mailto:roz...@hackerposse.com wrote: And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? This sounds lame, and it kind of is, but the correct answer is, 'One that's not what someone would normally use to minimize the likelyhood. Personally, I tend to use ones in the 10.110.120.0/24 or such ranges. If you use say, 192.168.0.0/24 , then you need to find a new job. :-P Or maybe I _should_ use 192.168.0.0/24--because who else in his right mind would be using that Do you remember that scene in `The Princess Bridge', where Vizzini was trying to pick the right cup to avoid ingesting the iocaine? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On 2015-01-13 14:30, John Abreau wrote: You mentioned that 1k addresses go to a main-office LAN. I'd put all of your fixed infrastructure on the main-office LAN, and host the vpn servers there. OK. Assuming that put all of the fixed infrastructure on one single main-office LAN was even workable, what address block would you use for that LAN? Granted, using a single IPv6 block instead of multiple RFC1918 blocks would be far less of a headache to get working. IPv6 is not a viable solution at this time; partly due to lack of experience with IPv6, partly due to just having way too much equipment from way too many vendors that still doesn't/don't support IPv6. I wish IPv6 were viable; even using an unroutable IPv6 subnet would realistically work, because (still) basically nobody else is using using IPv6. And, given the status of the IPv4 pool, IPv6 viability is way overdue; doesn't affect reality. On Tue, Jan 13, 2015 at 2:21 PM, Joshua Judson Rosen roz...@hackerposse.com mailto:roz...@hackerposse.com wrote: On 2015-01-13 13:45, John Abreau wrote: If I were doing it, I'd consider setting up several redundant vpn servers. RFC1918 defines three private address blocks: 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 I'd start with 3 vpn servers, each using one of these blocks. Odds are one of them would work at a given customer site. Maybe throw in a fourth one with a small pool of public addresses for the hypothetical pathological cases where the customer is using all three private address blocks. And what subnet would you put all of your fixed infrastructure on to guarantee that hosts coming in through all of those VPNs can actually route to it? And to each other? -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org mailto:j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
In our last exciting episode, Matt Minuti (matt.min...@gmail.com) said: Is there any sort of idiot's 5 minute guide to IPv6 out there? My OpenWRT router just kind of magically worked with Comcast, but I don't have a clue how the address syntax works, what a prefix is, what blocks are special-purpose (link-local, example, etc), or generally the what the v6 equivalents of the v4 stuff is. Everything I found so far seems to be a glossy summary (IPv6 is good, it has lots of addresses! The end!), way too in-depth (Cisco guides), or assumes way too much (you already know what config file this is based on its syntax). As much as I hate pointing to Comcast as a source of help, have you investigated http://www.comcast6.net/ ? They have some links to tools and tutorials, some of which I've read. A good pointer they reference is at https://getipv6.info/display/IPv6/IPv6+Info+Home -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E pgp34HqJ5UyN3.pgp Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
On January 13, 2015 3:18:10 PM EST, Joshua Judson Rosen roz...@hackerposse.com wrote: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? I'm on FIOS who doesn't deploy it natively but I've got a /64 block routed through Hurricane Electric. Did it mostly just so we would be IPv6 capable. The only thing that was the sticking point was setting up OpenWRT to set up the route and radvd(?) to do the address assignments. -Mark ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
In our last exciting episode, Joshua Judson Rosen (roz...@hackerposse.com) said: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? Pretty sure at least check, somewhere around 25% of my data coming into my network at home is IPv6. (native Comcast IPv6 and Hurricane Electric tunnel as backup) -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E pgpqWtnY1UXxp.pgp Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPv6? (was: Help: HOWTO buy IP address blocks from ARIN?)
Is there any sort of idiot's 5 minute guide to IPv6 out there? My OpenWRT router just kind of magically worked with Comcast, but I don't have a clue how the address syntax works, what a prefix is, what blocks are special-purpose (link-local, example, etc), or generally the what the v6 equivalents of the v4 stuff is. Everything I found so far seems to be a glossy summary (IPv6 is good, it has lots of addresses! The end!), way too in-depth (Cisco guides), or assumes way too much (you already know what config file this is based on its syntax). On Tue, Jan 13, 2015 at 4:32 PM, Jason T. Nelson j...@jtn.cx wrote: In our last exciting episode, Joshua Judson Rosen (roz...@hackerposse.com) said: On 2015-01-13 14:07, Mark Komarinski wrote: IPv6? I wish. Quick poll: how many people here are actually using IPv6? How/why or why not? Pretty sure at least check, somewhere around 25% of my data coming into my network at home is IPv6. (native Comcast IPv6 and Hurricane Electric tunnel as backup) -- Jason T. Nelson j...@jtn.cx GPG key 0xFF676C9E ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam pyt...@venix.com wrote: I had not realized that ARIN was still distributing addresses. I had thought they had pretty much given them all out. https://www.arin.net/resources/request/ipv4_countdown.html Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
The way I see it, there's a preferred strategy, and a short-term strategy that should be planned with the expectation that it will be migrated to the preferred strategy in the near future. The reality is that the IPv4 address pool is effectively exhausted, and any new deployments should ideally be based on IPv6. The few remaining IPv4 blocks are essentially a rapidly-eroding safety net reserved for dire emergencies during the transition to IPv6. They're hard to get, and getting even more difficult to get as time goes on. For the short term, assuming you haven't rolled out IPv6 yet, new deployments ideally should use RFC1918 private addresses internally and NAT to map them to public addresses for connecting to the public IPv4 Internet, with the expectation of transitioning to IPv6 addresses as soon as feasible. What are your project's needs that explicitly require 4K distinct public addresses and that cannot function using private addresses and NAT instead? On Fri, Jan 9, 2015 at 4:29 PM, Lloyd Kvam pyt...@venix.com wrote: On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? It sounds like you want to have a fairly generously sized subnet for each group, but the groups are too small to meet the utilization levels (25%, growing to 50%). If it is just a matter of a bit more time and growth, I'd show them how you'll exceed 50% in 18 months (or whatever) and hope for the best. Otherwise you may need to reduce your request I had not realized that ARIN was still distributing addresses. I had thought they had pretty much given them all out. -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://dlslug.org/library.html http://www.librarything.com/catalog/dlslug http://www.librarything.com/catalog/dlslugsort=stamp http://www.librarything.com/rss/recent/dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Help: HOWTO buy IP address blocks from ARIN?
On Thu, 2015-01-08 at 17:26 -0500, Joshua Judson Rosen wrote: Anyone here ever been through the process of procuring an IP block from ARIN? Actually from my upstream ISP (UUNET) many years ago. I was requesting a /21. The requirements were essentially the same back then. You're requesting 4K addresses. They want to know that 1K will be used right now and that at least 2K will be in use within a year. If the only way you can use up that number of addresses is by allocating one thousand /30's they will turn you down. They are basically looking for individual addresses, but you can count the lost addresses from your subnet scheme. I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? It sounds like you want to have a fairly generously sized subnet for each group, but the groups are too small to meet the utilization levels (25%, growing to 50%). If it is just a matter of a bit more time and growth, I'd show them how you'll exceed 50% in 18 months (or whatever) and hope for the best. Otherwise you may need to reduce your request I had not realized that ARIN was still distributing addresses. I had thought they had pretty much given them all out. -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://dlslug.org/library.html http://www.librarything.com/catalog/dlslug http://www.librarything.com/catalog/dlslugsort=stamp http://www.librarything.com/rss/recent/dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Help: HOWTO buy IP address blocks from ARIN?
Anyone here ever been through the process of procuring an IP block from ARIN? I'm trying to interpret the requirements they give for an end-user initial assignment, which are: * provide data demonstrating at least a 25% utilization rate of the requested block immediately upon assignment * provide data demonstrating at least a 50% utilization rate of the requested block within one year .. and maybe I'm just being dense, but it's not entirely obvious to me what utilization rate actually means here: do they mean sub-blocks allocated to specific subnets with some-definition-of-minimal waste, or do they mean individual addresses actually, specifically assigned? I'm trying to rationalise a /20 block, because I can't seem to partition the space such that I end up with 50% allocated immediately or 75% allocated over the next year; but if I count up the actual nodes that I expect to exist on all of my subnets, those counts are definitely short of both the `25% utilization immediately' and `50% utilization within one year' figures. If I'm really supposed to be counting individual addresses and not summing subnet sizes, what am I likely to be doing wrong here? -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/