Re: [IPv6 Users] Tunnel Broker Daemon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [re-send as this list doesn't like pgp sigs] Graham Beneke wrote: Hi All Are there any freely available/open source IPv6 tunnel broker daemons available? CSELT used to have one. Do note that most IPv6 Tunnel Brokers don't follow RFC3053 that much anymore, as that is only for proto-41 and doesn't provide automatic clients nor NAT-capable tunnels nor any other such features. The IETF apparently was not really interested in standardizing those methods either, even TSP never made it to RFC status. The tunnel broker clients for various services seem to be easy to obtain from public repositories and SixXS has a write up on the protocol that they use. I haven't been able to find any implementations of the server side. That is because that code is not publicly available. It is available as a free service for ISPs (http://www.sixxs.net/faq/sixxs/?faq=isp). Note that a PoP might be made available only for (paying) users of the ISP, that just depends on the intentions of the ISP who owns the PoP; SixXS just does the provisioning based on the policies defined by the ISP. You can also buy a service/box from Hexago (http://www.hexago.com). It all depends of course on what you are trying to accomplish. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFJ0dkAKaooUjM+fCMRAvHxAJ9VzmicFwODRki13IXrDhcy8cT47wCcCqYf 5UoqnZtzD1CwLKRP1weK1zk= =kR4S -END PGP SIGNATURE- ___ Users mailing list Users@ipv6.org https://lists.ipv6.org/mailman/listinfo/users
Re: [IPv6 Users] Ftp redirection to another machine in my LAN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rick Karcher wrote: hi , I would like to ask you How can I redirect incoming ftp conections to another server in my LAN ? I have an Ipv4/ipv6 Ftp server (vsftpd) and have only one dynamic ipv4 ... The Idea is redirect the ipv4 ftp2.domain2.com to my internal server which is inside the LAN . You would need to use Passive FTP everywhere for this work. In general you will want to simply avoid this as it is nasty and requires clients t reconfigure. When it is a private FTP, just go the SCP way and start using SCP for filetransfers which doesn't have this problem and works over NATs and portforwards without issues. Also your user/pass are then secure. You could try doing a PREROUTING NAT trick: 8-- modprobe ip_nat_ftp modprobe ip_conntrack_ftp iptables -t nat -A PREROUTING -i $OUTSIDE -d $INET_IP -p tcp --dport 21 - -j DNAT --to $PRIVIP - --8 (guessed from head, so you might need to tweak it a bit, depending on the firewall it self you might need some extra accept's) Greets, Jeroen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iHUEARECADUFAkcWc5ouFIAAFQAQcGthLWFkZHJlc3NAZ251cGcub3JnamVy b2VuQHVuZml4Lm9yZwAKCRApqihSMz58I2eyAJ9HIvxXvGZoCiaZGKidSedYcCpg 0QCeOpQ1+XT1j5PvO220tHhsoy1pLlw= =Qynp -END PGP SIGNATURE- ___ Users mailing list Users@ipv6.org https://lists.ipv6.org/mailman/listinfo/users
Re: Connecting to remote IPv6 addresses from Linux machine requires local scope id
On Mon, 2006-07-24 at 18:36 +0530, Dhiren Chandvania wrote: Configuration details: eth0 Link encap:Ethernet HWaddr 00:30:6E:38:EA:EF [..] inet6 addr: fe80::230:6eff:fe38:eaef/64 Scope:Link [..] sigfs Link encap:IPv6-in-IPv4 inet6 addr: fe80::c0a8:1df/128 Scope:Link [..] Solaris: [..] hme0: flags=2000841UP,RUNNING,MULTICAST,IPv6 mtu 1500 index 2 [..] inet6 fe80::203:baff:fe02:ccee/10 [..] Issues that I have: I] All outbound traffic from a Linux machine needs scope id. Why? Because you are using link-local address space. In short, those are only available on the local link. If you have multiple interface they all get assigned out of fe80::/64, which is actually part of fe80::/10 which is reserved for Link Local. You should either use ULA (http://www.kame.net/~suz/gen-ula.html / RFC4193) or use global addresses, see http://en.wikipedia.org/wiki/Tunnel_Broker for a long list of them or of course contact your local ISP. If you don't want to ULA for whatever reason, you can always abuse 2001:db8::/32 which is the documentation prefix, but do note that a lot of things break when using that. Please read http://noc.sixxs.net/faq/ipv6/?faq=whatisipv6 or a real IPv6 book to get into this topic. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Inexpensive hub/switch for testing home IPv6 network?
On Mon, 2006-07-10 at 01:44 -0400, Stephen Fulton wrote: Hi all, I want to set up IPv6 on my home network, and before I do so, I was wondering if I could solicit recommendations on an inexpensive hub or switch that would work for that purpose? I've got a router, so that's covered. Thoughts? The router, which is Layer 3, is most likely the problem as that thing should support IPv6. Switches are Layer 2, and thus only cover Ethernet and don't care about IPv4 or IPv6. Also as you are saying 'router', I guess you actually mean a NAT gateway and not a real router, aka something that routes packets. Be aware that when it is a NAT you will have to put it in DMZ mode when you want to tunnel proto-41 packets over it to a machine behind the NAT. In any case, Linksys WRT's come to mind, especially when you load them up with DD-WRT (http://www.dd-wrt.com) or OpenWRT (http://www.openwrt.org), these make them capable of doing IPv6 and even setting up a tunnel to any of the various free (that is gratuit) IPv6 providers. See http://en.wikipedia.org/wiki/Tunnel_Broker for a long list of the latter. The advantage of the WRT's is that they can act as routers while they are also switches, so especially for the power-users that is very nice. Oh and accidentitally they do wireless ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: 2003:: prefix?
On Tue, 2006-04-04 at 00:14 -1000, Antonio Querubin wrote: Anybody know whether 2003::/16 is a valid prefix? I'm seeing traceroutes to www.iptel.org terminate in an unusual address when done from a 6to4 host: traceroute6 to fox.iptel.org (2001:638:806:2001:202:b3ff:fe38:c1cc) from 2002:4041:4e16::1, 64 hops max, 12 byte packets 1 2002:c058:6301:: 10.238 ms 14.324 ms 10.640 ms 2 akepa-e0-0-7.lava.net 9.986 ms 10.933 ms 9.766 ms inet6num: 2003:::/19 netname:DE-TELEKOM-20050113 descr: Deutsche Telekom AG country:DE [..] 19 2003:100:1014:3100::1 325.120 ms !P 259.674 ms !P 259.193 ms !P If you have an up-to-date whois client (eg the one from Marco d'Itri which is the best client ;) inet6num: 2003:0100:1014::/48 netname:FOKUS-V6 descr: IPv6 area of Fraunhofer FOKUS descr: temporary for IPv6 show case project country:DE Also see http://www.sixxs.net/tools/grh/ of course. www.iptel.org CNAME fox.iptel.org fox.iptel.org 2001:638:806:2001:202:B3FF:FE38:C1CC The weird part is that the traceroute for me ends in: 8 t2fokus.nr-ber1.6win.dfn.de (2001:638:f:800::806:2) 41.703 ms 41.825 ms 41.685 ms 9 2001:638:806:3100::1 (2001:638:806:3100::1) 42.434 ms 59.916 ms 42.662 ms 10 2001:638:806:3100::1 (2001:638:806:3100::1) 42.276 ms !S 42.159 ms !S 42.153 ms !S I guess the reason you see the 2003:: addresses is because the address selection routines pick the 2003:: interface as they are the closest to 2002::/16. 6to4 is fun to debug ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Routing doesn't work all the time
On Sun, 2006-03-12 at 11:15 +0100, Steven LatrŽe wrote: Jeroen Massar schreef: On Sat, 2006-03-11 at 16:07 +0100, Steven LatrŽe wrote: [..] Which Debian? Or more to the point which exact kernel version? [..] I'm using kernel version 2.4.31 There have been a *lot* of fixes in 2.6.15, copied back from the USAGI project, which most likely are not ported to 2.4.x series. I have no experience with 2.4.x hosts doing IPv6. It should work, but there might be oddities. and fd9f:187c:6e81:3e::1:fe dev eth3 metric 1 mtu 1500 advmss 1440 fd9f:187c:6e81:3e::/64 dev eth1 metric 256 mtu 1500 advmss 1440 fd9f:187c:6e81:3e::/64 via fd9f:187c:6e81:3e::1:fe dev eth3 metric 1024 mtu 1500 advmss 1440 The interresting question here: Why are you point the same /64 towards eth1 and to the eth3 via that nexthop? This will, with some luck, load-balance or better said, randomly send packets out over eth1 or eth3. Which causes the problem you explained. Thanks for pointing out that problem! That was indeed a mistake. Unfortunately it didn't solve my initial problem. I still get the same ping problems. Check all the routing tables again for faults. Then start doing things like 'ping6 -I ethX ff02::1' to find all hosts and 'ping6 -I ethX ff02::2' to find routers on that subnet (hosts with forwarding enabled). Otherwise tcpdump or tethereal are your friend and then you will need to debug it out, you should see a Neighbour Discovery on the link when trying to reach that host and of course a response where it is. Dumping on both ends makes this of course easier to do. Also check 'ip -6 nei sho' to see if the neighbours can be found by the kernel and not only seen by tcpdump. Which networkcards do you use? Some network cards have problems with multicast, try setting the MULTICAST flag (ifconfig ethX multicast) to force them to grab multicast packets from the wire. Some other cards require PROMISC to be set for this. But this is only the case with some very bad networking cards anyway. BTW, why use Unique Local Unicast addresses anyway? I have two reasons (but I'm a newbie so they can be wrong): - I'm developing a dynamic network that still works even if there's a link down. The network will reconfigure itself so that when a link is down two independent networks will be formed. It is important that although those networks can't communicate with eachother they still have different network id's. I read that the unique local unicast addresses must form a random network id and that was what I want. With 'link' you mean an internet link or simply something in your own network? If it is a internet link you will end up in NAT at one point or the other as the ULA's can't be used on the internet (unless you pay folks enough to announce and transit them for you ;) - If I'm not mistaken the unique local unicast addresses are a semi-alternative for the private IPv4 addresses. And the network I'm developing is private. ULA's are indeed meant for 'private' networks, aka ones that are not connected to the internet but might want to connect to other networks. The ULA is (mostly) unique so it should not cause a clash with other networks easily, interconnecting thus because easy in that case. Is there any reason why I shouldn't use those addresses? Nope, just wondering why you don't use any global address space. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: HI
Jun Yin wrote: Hi, now it seems the tspc works and tunnel was established, what's the next step? I got the ipv6 routing table: [EMAIL PROTECTED] tspc]# route -A inet6 Kernel IPv6 routing table Destination Next Hop Flags Metric RefUse Iface ::1/128 :: U 0 71 lo 2001:5c0:8fff:::22/128 2001:5c0:8fff:::22 UC0 31 tun 2001:5c0:8fff:::23/128 :: U 0 33 0 lo 3ffe::0:f101::5/128 :: U 0 36 0 lo 3ffe::0:f101::/64 :: UA25600 eth0 2000::/3:: U 1 00 tun [..] ::/0:: U 1 00 tun ::/0:: UDA 25600 eth0 ::/0:: UDA 25600 eth1 You seem to have that 'broken kernel' (at least in my opinion), which creates default routes to interfaces (how silly is that it doesn't accomplish anything). Anyhow, remove them with: # ip -6 route del ::/0 dev eth0 # ip -6 route del ::/0 dev eth1 Not that it matters much as you have a 'default' over the 2000::/3 route and the metric for the default over eth0/eth1 is much higher than the one over the tunnel. Next to that you seem to have both 6bone and RIR space as source addresses. Clean those out too, as you most likely can't use them anyway unless you already had IPv6 connectivity over eth0 but it doesn't look like it, it could be that you are trying to use these addresses and that then breaks. The address bound to the loopback but the actual route on dev eth0 looks weird anyway, thus better purge them: # ip addr del 3ffe::0:f101::5/128 dev lo # ip ro del 3ffe::0:f101::/64 dev eth0 Then try: # ping6 2001:5c0:8fff:::23 This demonstrates that you can ping yourself # ping6 2001:5c0:8fff:::22 This demonstrates that you can ping the remote endpoint Then try: # traceroute6 www.kame.net Or something else to see how far it goes. After that you can try websites and other things (or skip directly here of course ;) and then I hope I can access some ipv6 sites by the ipv6 tunnel. I tried http://www.sixxs.net/main/ and www.kame.net, but they alwasys said I'm using ipv4 address. How can I force the traffic to use ipv6 tunnel? Do I need some special ipv6 dns setup? That mostly depends on your browser, but you can always try: http://www.ipv6.sixxs.net/ which is IPv6 only, then look at the bottom what you are using. Another nice site to visit is of course http://ipv6gate.sixxs.net ;) Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: HI
Jun Yin wrote: HI, I'm a newbian in ipv6, I just installed fedora core4 and tested ipv6 address, it works. next step I hope I can access some public ipv6 resource through ipv6 network, How can I do it? my PC is behind a nat device and using a private IPv4 address, can i access public ipv6 network? NAT crossing can work with Teredo, AYIYA and the v6udpv4 protocol that the Hexago brokers support as part of TSP. Another trick is to try to configure the NAT box to forward proto-41 traffic to your internal machine, usually by configuring it as the DMZ machine, then you are able to use normal proto-41 tunnels. how can I get an ipv6 address for test? From one of the various tunnel brokers, see the following url for an extensive list of brokers. You should pick the closest one to your area/country. http://www.sixxs.net/tools/aiccu/brokers/ I tried to download tspc software from freenet6 but failed to compile it, don't know what's the reason. Is there another way to do it? What about showing where it failed to compile. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: ipv6 dns server.
Kenneth Porter wrote: --On Monday, January 02, 2006 4:02 AM +0800 Lawrence Hughes [EMAIL PROTECTED] wrote: Most client computers (DNS resolvers) that support IPv6 will (and should) use the IPv6 addresses preferentially over IPv4 when both are returned from the DNS. With most ISP's not providing an IPv6 gateway, is that yet wise? AFAIK Windows is currently the only OS that doesn't resolve using IPv6 as a transport. Most *ix (*BSD/Linux) implementations do. Also note that if a DNS server is configured to use both IPv4 and IPv6 as a transport it will first try IPv6 to contact the DNS server in question and after that IPv4. In most setups I have encountered there was a dual-stack DNS server which would speak to other DNS servers using IPv6 where possible. It properly falls back to IPv4 when noted that the IPv6 server is unreachable or gives slow responses, those are default properties of the DNS protocol. I have not yet heard any complaints from folks who where using these kind of setups yet. So it appears to work pretty well. Notez bien there are no published IPv6 root-servers and one will need a dual-stack DNS server somewhere to be able to reach about 99% of the Internet anyway. For an endhost, using only IPv6 as a DNS transport is of course very well possible and should not cause any problems, unless your connectivity to the DNS server goes down ;) Even Speakeasy, one of the more technically competent ISP's, doesn't yet provide native IPv6. From GRH (http://www.sixxs.net/tools/grh/dfp/arin/): 2001:1858::/32 [us] SPEK-V6-0 Speakeasy Network Allocated: 2003-08-07 First Announced:2005-12-07 13:33:56 Last seen: 2006-01-03 22:17:22 Apparently they have connectivity, at least the BGP route is there, it is actually severely broken due to HE.net's immeasurably superior IPv6 routing (read: they are playing Tier-1 without being one), see below. Also it is very simple to solve, if they don't provide it: tunnel it! Check: http://en.wikipedia.org/wiki/Tunnel_Broker Tunneling of course should only be done when one is an endsite, tunnels should not be used for transit also see: http://ip6.de.easynet.net/ipv6-minimum-peering.txt Greets, Jeroen -- traceroute to 2001:1858::1 (2001:1858::1) from 2001:7b8:20d:0:20c:29ff:fe36:4f, 30 hops max, 16 byte packets 1 purgatory.unfix.org (2001:7b8:20d:0:290:27ff:fe24:c19f) 25.292 ms 8.73 ms 8.042 ms 2 2001:7b8:5:10:74::1 (2001:7b8:5:10:74::1) 12.208 ms 21.739 ms 13.612 ms 3 i49.ge-0-1-0.jun1.kelvin.ipv6.network.bit.nl (2001:7b8:3:31:290:6900:31c6:d81f) 17.384 ms 13.5 ms 19.189 ms 4 jun1.sara.ipv6.network.bit.nl (2001:7b8::205:8500:120:7c1f) 13.987 ms 6.541 ms 13.334 ms 5 v6-transit.glbx.net (2001:7b8:40:7::1) 4.856 ms 7.186 ms 9.46 ms 6 eth10-0-0.xr1.ams1.gblx.net (2001:7f8:1::a500:3549:1) 12.342 ms 11.113 ms 10.055 ms 7 nl-ams04a-re1-fe-0-0.ipv6.aorta.net (2001:7f8:1::a500:6830:1) 11.989 ms 10.971 ms 9.904 ms 8 nl-ams06d-re1-t-2.ipv6.aorta.net (2001:730::1:c) 9.937 ms 16.968 ms 11.934 ms 9 hurrican.net-gw1.nl.ipv6.aorta.net (2001:730::1:2f) 102 ms 109.078 ms 113.883 ms 10 3ffe:81d0::1::1 (3ffe:81d0::1::1) 128.097 ms 119.002 ms 109.196 ms 11 3ffe:80a::e (3ffe:80a::e) 121.231 ms 133.967 ms 132.948 ms 12 * * * 13 * * * 14 * * Hop 9 is Hurricane Electric Hop 10 is Hurricane Electric's 6bone address space (going away 6/6/6) Hop 11 is ISI-LAP then it gets lost in 6bone space... signature.asc Description: OpenPGP digital signature
Re: source code for MLD
Srikanth Rao wrote: Hi, Is there any free source code available in netBSD or other OS for MLD (Multicast Listener Discovery protocol - an equivalent of IGMP in ipV4). Of course, just look in the source of your favourite 'free/opensource' kernel. Also see http://www.kame.net for the base of *BSD. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 reverse lookup by Windows
JINMEI Tatuya / 神明達哉 wrote: We are considering four possible implementations: 1. try only ip6.arpa This is the only one that should exist in current and new implementations. For deployed stacks, the ones people don't want/forget to upgrade there is a very simple solution to all of this: DNAME 8-- [EMAIL PROTECTED]:~$ dig @ns2.sixxs.net 8.b.d.0.1.0.0.2.ip6.int. any ; DiG 9.3.1 @ns2.sixxs.net 8.b.d.0.1.0.0.2.ip6.int. any ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 35661 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;8.b.d.0.1.0.0.2.ip6.int. IN ANY ;; ANSWER SECTION: ip6.int.604800 IN DNAME ip6.arpa. 8.b.d.0.1.0.0.2.ip6.int. 0 IN CNAME 8.b.d.0.1.0.0.2.ip6.arpa. 8 For SixXS we implemented the above on 9-9-2004 and we have, till date, not received a single report of problems in doing this. Except for people trying to put their reverse under ip6.int and not under ip6.arpa, but those where easily fixed. RIR's and other 'high level' DNS servers could thus easily DNAME ip6.int to ip6.arpa, moving current ip6.int NS delegations to ip6.arpa, if there is no delegating there and notifying the admins that this was done. Note for resolvers not supporting DNAME a CNAME is emitted and resolvers do support this. Also most resolvers will understand DNAME when they are from a timeframe where the host is also IPv6 capable. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: Getting prefix from address?
Stig Venaas wrote: On Sat, Dec 10, 2005 at 11:42:05AM +0900, JINMEI Tatuya / [EMAIL PROTECTED]@C#:H wrote: On Fri, 9 Dec 2005 18:28:14 -0500, Roy Smith [EMAIL PROTECTED] said: Is there a standard API for getting the prefix given an address and a prefix length? I.e., I've got FFEE:0200:0045::::0123:0012 and 64 and I want to get FFEE:0200:0045:::::. I looked in RFC 3493 and 3542 and didn't see anything in either one that looked like it did this. Did I just miss it, or does it not exist? There's no standard API for this as far as I know. Pretty sure there isn't. I don't see the need for it myself, it is easy enough to implement. There should actually not be a need for programs to use it as most programs should not be bothering with address masks and such in the first place, they should base around getaddrinfo() and struct addr_storage and not care about anything else. Referencing anything inside these structures would make the program depend on a specific IP version which is a bad design decision. See http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html for details about keeping your program AI independent. Of course there are programs (monitoring,routing,firewalling etc) that require to do this but people programming those tools can easily come up with the simple piece of code that Stig showed. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 routing
Evelyne wrote: Hi, I have a freeBSD box on my LAN with two NICs and is running on Quagga.The box already has IPv6 connectivity via a tunnel broker.I want to configure it internally (using private IP addresses) so that the rest of the clients in my LAN can receive IPv6 packets. Why private addresses? What you should do is ask your upstream, the tunnelbroker in this case, for a /48 subnet, which they route down your tunnel. You can then use this address space on your network. As for setup instructions: * Tunnels to hosts http://www.sixxs.net/faq/connectivity/?faq=ossetup * Connectivity to endhosts http://www.sixxs.net/faq/connectivity/?faq=usingsubnet Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: Default address used
Jason Gauthier wrote: When I capture packets on Windows XP and that I've set up an IPv6 address with a DHCP server, the capture says the request is from the default address that we can't delete on Windows XP. Any idea how I could delete it or change the default address to use? With 'default' address you most likely (as you didn't supply any further info) mean the RFC3041 address. Execute the following to disable it: netsh int ipv6 set privacy disabled Do also note that Windows XP per default doesn't come with a DHCPv6 client nor server. But dibbler can do both. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: Default address used
Jason Gauthier wrote: That's what I did, but I'll try it again. Yeah I'm using dibbler now :) For the privacy setting to take real effect you have to disablere-enable the interface or reboot. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: iperf
Sylvia SCHUH wrote: Hi I want to do some bandwidth, etc. measuring to see how this has changed after migrating a whole network in comparison to ipv4. i used iperf and i found documentation that iperf is ipv6 enabled (2.0.2) but it doesnt work i start the server with iperg -s -V i start the client with iperf -c marge.sylvia.test -V -- i get a message as if dns does not work Can you do a 'ping6 marge.sylvia.test' ? (cant give the original error now; i am not physically there at the moment but will be tomorrow) when i start the client with iperf -c 2001:x -V i get the message unknown host Ordering of arguments has some significance, use the -V always as the first option, eg: $ iperf -c 2001:db8:1:1:210:dcff:fe20:7c7c -V multicast ttl failed: Invalid argument connect failed: Connection refused SNIP Now we get a multicast error!? $ iperf -V -c 2001:db8:1:1:210:dcff:fe20:7c7c connect failed: Connection refused SNIP Now we don't get that warning. Thus option handling seems to be a bit odd. any ideas? someone out there who tried that yet?? Debian packages have been working fine for quite some time: srv$ iperf -V -s Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) [ 4] local 2001:db8:1:1:210:dcff:fe20:7c7c port 5001 connected with 2001:db8:2:1:2a0:24ff:feab:3b53 port 60185 [ 4] 0.0-10.0 sec 68.4 MBytes 57.3 Mbits/sec client$ iperf -V -c srv Client connecting to srv, TCP port 5001 TCP window size: 16.0 KByte (default) [ 5] local 2001:db8:2:1:2a0:24ff:feab:3b53 port 60185 connected with 2001:db8:1:1:210:dcff:fe20:7c7c port 5001 [ 5] 0.0-10.0 sec 68.4 MBytes 57.4 Mbits/sec srv$ iperf --version iperf version 2.0.2 (03 May 2005) pthreads client$ iperf --version iperf version 2.0.2 (03 May 2005) pthreads Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 on IBM z/OS
mclellan, dave wrote: Hi everyone: I know you're mostly not z/OS (AKA MVS) technicians. I apologize for the corner case posting. We are researching testing options for testing IPv6 on z/OS which has been implemented in Communications Server subsystem for a couple of releases. Is there anyone out there who knows anything about this specific environment, or who knows someone who knows someone? I've forwarded your message to a couple of people who should be able to tell you more about this subject. We can't easily upgrade the physical networking infrastructure in our mainframe labs, so I'm especially looking for testing options where we can exercise the protocol enough to validate our current IPv6 support (high level address lookups and reverse lookup, and TCP over IPv6). You can always use tunneling, which is something which is supported. Any pointers or references would be much appreciated. IBM's z/OS is IPv6 Ready Phase 1 compliant: http://www.ipv6ready.org/logo_db/logo_search2.php?logoid_number=01-000156btm=Search Fredrik Tolf wrote: I'm sorry, but I really don't understand why you would want to upgrade the physical network. IPv6 should run on most physical networks that IPv4 can run on, AFAIK. One has to upgrade routers, which are part of the physical network. The cabling/wiring/wireless itself should indeed not care much, though some silly switches don't really like IPv6, not really many fortunately. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 multicast routing on Linux
On Tue, 2005-09-27 at 00:59 +0200, Fredrik Tolf wrote: Hi List! I'm wondering if someone knows a good source of documentation on IPv6 multicast routing on Linux. What I'm wondering, more specifically, is how I define on what interfaces packets with certain multicast scopes are to be routed onto. I guess you will have to take a look into mrd6 (http://hng.av.it.pt/mrd6/) by Hugo Santos (cc'd). It can already do or easily be modified to configure these scopes so that the router (mrd6 in that case) won't forward packets over certain boundaries etc. For the rest, I'd suggest you join the m6bone mailinglist. See http://www.m6bone.net for more details. Hugo can explain you the rest ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Tcpdump doesn't print all dhcp6 info
Steven Latre wrote: Hi again, Sorry that I'm asking two questions at a time. It's just that I'm trying all possibilities. In my script I'm using tcpdump to get some information from the network configuration. Try 'tethereal', which is the console/text-only version of the extremely cool Ethereal. You can put tethereal into XML mode which should make parsing really easy. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: IPv6 autoconf and DNS
On Sun, 2005-07-24 at 00:43 +0200, Fredrik Tolf wrote: Hi List! Does anyone know what the current plans are to get DNS working through stateless autoconfiguration? I'm thinking that there should an anycast address or something that denotes the closest DNS server or similarly, but I haven't seen any material on any solution whatsoever. http://www.ietf.org/internet-drafts/draft-massar-dnsop-service-00.txt Which I am trying to get into the big queue Let's see what others think about that next week. In short: - anycast address where a recursive dns server answers on - it also has a _service. domain for autoconfiguration of other services using SRV records. eg configure a IPv6 tunnel: http://www.ietf.org/internet-drafts/draft-massar-v6ops-tunneldiscovery-00.txt Which will be what AICCU will do in the next release, thus making it provider independent ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: IPv6 autoconf and DNS
On Sun, 2005-07-24 at 13:45 +0200, Fredrik Tolf wrote: On Sun, 2005-07-24 at 12:28 +0200, Jeroen Massar wrote: On Sun, 2005-07-24 at 00:43 +0200, Fredrik Tolf wrote: Does anyone know what the current plans are to get DNS working through stateless autoconfiguration? I'm thinking that there should an anycast address or something that denotes the closest DNS server or similarly, but I haven't seen any material on any solution whatsoever. http://www.ietf.org/internet-drafts/draft-massar-dnsop-service-00.txt Which I am trying to get into the big queue Let's see what others think about that next week. In short: - anycast address where a recursive dns server answers on Nice! - it also has a _service. domain for autoconfiguration of other services using SRV records. That's very nice. However, reading through it makes it seem extremely similar to the mechanism described by DNS-SD. Is there any particular reason to duplicate that effort? It *adds* to DNS-SD, which is why this draft is so short ;) dns-sd defines stuff like: _http._tcp.domainname SRV .. host This defines: _website._service PTR _http._tcp.domain PTR _https._tcp.domain Thus also allowing multiple protocols for a single service. eg an email client could then do: (tbird = thunderbird, user = you) tbrd: what is your email address? user: [EMAIL PROTECTED] tbrd: cool, lets see what I can find out: $ host -t ptr _email._service.unfix.org _email._service.unfix.org domain name pointer _imap._tcp.unfix.org. $ host -t srv _imap._tcp.unfix.org _imap._tcp.unfix.org has SRV record 0 0 993 purgatory.unfix.org. Protocol imap, port 993 on purgatory.unfix.org it is ;) No more entry of manual configuration stuff. Btw, this could also work with clusters as one can have multiple SRV records with different weights etc. The anycast address make it able to use the local service, then the user only has to pass it's username, it will use _service. in this case, though an identity based on email is likely better. DNS Search paths allows the _service domain to come from a remote place, maybe on the other side of the world, you still haven't configured anything most likely. But lets see what a lot of other folks think about this thing. Most likely there will be quite some though comments on it. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: IPv6 autoconf and DNS
On Sun, 2005-07-24 at 14:19 +0200, Fredrik Tolf wrote: On Sun, 2005-07-24 at 14:01 +0200, Jeroen Massar wrote: On Sun, 2005-07-24 at 13:45 +0200, Fredrik Tolf wrote: On Sun, 2005-07-24 at 12:28 +0200, Jeroen Massar wrote: - it also has a _service. domain for autoconfiguration of other services using SRV records. That's very nice. However, reading through it makes it seem extremely similar to the mechanism described by DNS-SD. Is there any particular reason to duplicate that effort? It *adds* to DNS-SD, which is why this draft is so short ;) dns-sd defines stuff like: _http._tcp.domainname SRV .. host I'm sorry if I'm misunderstanding you now, but that example seems like only DNS SRV, not DNS-SD. SRV records only describe the record, while DNS-SD also describes that there for most protocols there is a TXT field that gives some extra configuration/option arguments on how to use that protocol. This defines: _website._service PTR _http._tcp.domain PTR _https._tcp.domain Precisely; that seems very similar to the _services._dns-sd facility suggested by the DNS-SD document: http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt But that one is only _services._dns-sd with a lot of PTR's, while there can be many different services. One can already do exactly that by querying the _http._tcp itself and hoping to get back pointers to the subtypes. It is also worth noticing that that document makes another interesting point: It is very seldomly (never?) interesting to find out all the service names for a website. Browsers will typically know that they can handle e.g. HTTP, HTTPS and FTP, and there query the _http._tcp, _https._tcp and _ftp._tcp pointer entries as defined by dns-sd. See section 10 of the linked document for more info. Probing a lot of SRV records and findout out afterwards that they actually don't exist and are not in use or are not supposed to be used for that type of service is a bad thing due to latency, tryal-and-error etc. When the SRV records point to dead instances, that is another problem, but this way one at least avoids them. eg from unfix.org: _http._tcp PTR Unfix._http._tcp _http._tcp PTR Heaven._http._tcp _http._tcp PTR Purgatory._http._tcp Unfix._http._tcpSRV 13 100 80 unfix.org. Heaven._http._tcp SRV 42 100 80 heaven Purgatory._http._tcpSRV 42 100 80 purgatory Sheol._http._tcpSRV 42 100 80 sheol _https._tcp PTR Purgatory._https._tcp Purgatory._https._tcp SRV 42 100 443 purgatory _website._service PTR unfix._http._tcp When a webbrowser gets 'unfix.org', it will only ever try http://unfix.org with my proposal, while with the above way, it would also go to https://purgatory.unfix.org, which is wrong as that is not the same instance of the web service. This is also really important for the IPv6 Tunnel Service discovery, as then what would you want to do, try to do proto-41/ayiya/heartbeat/tsp/tic/... to a box which is going to drop your packets anyway? Users don't like latency, thus making this information available is quite useful. Port probing is a bad thing(tm). Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: bind() behavior with family AF_INET6, INADDR6_ANY
On Tue, 2005-06-07 at 13:01 -0400, mclellan, dave wrote: Hi everyone: I'm kind of new to IPv6, and I'm enhancing a client/server application to support it. It's a simple application from the addressing point of view, but running the server in a dual stack environment adds some complexity. Essentially, the server needs to be availble to both IPv6 and IPv4 clients. It seems that binding to the INADDR6_ANY address would be a good thing to do, but this works differetnly on different OS's. For all your answers, read Eva's excellent document at: http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html I have found that Solaris allows bind() with socket using AF_INET6, INADDR6_ANY, and that connections from IPv6 and IPv4 clients reach the server and can be accepted. Using silly compatibility addresses This is accomplished using only on passive socket. Does this make sense? It was a tiny surprize (AF_INET6 was clearly specified, and AF_INET was not), but from a migration and interoperability point of view, it's a good thing. No it is not a good thing (IMHO), as your application gets a IPv6 connection and you suddenly have to handle it separately when displaying the information to the user. What I do actually in all my apps is strip the ::: from compatibility addresses, this to not confuse the user. It is very clear to them that 192.0.2.42 is IPv4, ::192.0.0.2.42 though must be a failure. There is another huge side effect, if you have application-side IP-based ACL's, the user might specify 192.0.2.0/24 to restrict access from that block. Because of the compatibility addresses one also has to apply those to all the incoming connections in IPv6 space, very convenient. Indeed great on first site, but starts crumbling down after that. However, the same behavior is not true when the server is running on, e.g., AIX or WIN2K. for these OSs, only IPv6 clients can connect to a server who called bind with the same family and address. These both have split Btw, Win2k's stack works but is not complete and has minor issues, test your stuff on a XP SP1 box or higher (Win2k3 etc). Here's the main question: - should it work consistently as a definition of the protocol: bind(socket,sockaddr,len) where the socket is AF_INET6 and the IP address is INADDR6_ANY. No, this will only bind to AF_INET6. Some OS's support the compatibility addresses, while some don't. - server binds as described and clients connect from IP4 or IP6 families. On some platforms it does, on some it doesn't - Are there some OSs that won't allow this? On these do I have to listen on multiple sockets in different families, callling select() and then accept()? Always use multiple sockets, for that matter, use getaddrinfo(). Any shared experience would be helpful. I'm supporting Solaris, AIX, HP-UX, Tru64, WIN2K, Linux various kernels, and some other oddball OS's. Read Eva's URL, that explains how you are supposed to be doing it :) And I can say, that except for HP-UX and Tru64 that trick works fine. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Documentation
On Thu, 2005-05-26 at 18:10 +1000, Carl Brewer wrote: Jeroen Massar wrote: On Wed, 2005-05-25 at 13:18 -0400, Alex Kirk wrote: Hello All, I'm trying to set up an OpenBSD 3.5 box to work with broker.freenet6.net, and I've run into a *massive* shortage of documentation on the subject. OpenBSD's official site is missing good info on the subject; all of the mailing lists I've found so far have had no apparent archives; generally speaking, how-to and FAQ docs are vague to nonexistent. Even Googling on the subject is turning up very little. Google(openbsd ipv6) first hit: http://rollcage.bl.echidna.id.au/IPv6/openbsd.html heh, I wrote that -years- ago, it's probably completely out of date and wrong now! Except for the (6bone) addresses, it is not ;) And it has pictures :) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Documentation
On Thu, 2005-05-26 at 09:39 -0400, Alex Kirk wrote: Google(openbsd ipv6) first hit: http://rollcage.bl.echidna.id.au/IPv6/openbsd.html heh, I wrote that -years- ago, it's probably completely out of date and wrong now! Ding! We have a winner! :-) Seriously, I ran across this pretty quickly myself, but seeing as how this is for 2.9 and the current version is 3.7, it's really, *really* out of date. There's a whole new firewall, among other things...and to give you an idea of the age of that page, there's a new release every 6 months. I'm not a total idiot, I was just hoping for docs that aren't 4 years old. ;-) You asked how to setup a tunnel, not anything else, and that didn't change much from what is on the above page. As for routing tables, etc., here you go: schnarff.com:~$ route -n show -inet6 Routing tables Internet6: Destination GatewayFlags default ::1UG default ::1UG default 2001:5c0:8fff:fffe::28f4 UG Remove the first two defaults. SNIP gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1280 physical address inet 66.92.172.50 -- 206.123.31.116 inet6 fe80::210:4bff:fecc:1f2e%gif0 - prefixlen 64 scopeid 0x7 inet6 2001:5c0:8fff:fffe::28f5 - 2001:5c0:8fff:fffe::28f4 prefixlen 128 Try pinging 2001:5c0:8fff:fffe::28f5, 2001:5c0:8fff:fffe::28f4 etc and then try something remote, or just try something remote and see if that works. If you can't ping the ::28f4 then your tunnel is broken, use tcpdump on the IPv4 interface (fxp0 in your case) to see if you get any packets, like proto-41 unreach back from the remote side or from intermediate routers. Or if you get packets back but the kernel filters them out - firewall issue. Relevant pieces of tspc.conf: auth_method=any userid=schnarff password=like I said, not a total idiot ;-) You do have 3 default routes otherwise ;) SNIP I suspect that my problem is that I have default ::1UG Of course that is the issue, you are sending most traffic to yourself. in my inet6 routing tables before anything else. The reason I haven't just tried route delete -inet6 -net ::0 (or whatever the address syntax would be for a default route, since for IPv4 it's -net 0.0.0.0) is that I'm not at the same physical location as the box in question (which is running my mail, among other things), and I *really* don't want to accidentally whack my IPv4 default route Good thing about IPv6, you can destroy it and IPv4 keeps working. Alternatively when you have IPv4 and IPv6 native, like me, either of the two can die, get firewalled and it will still work ;) route -6 delete -inet6 default, twice, should work. The reason why you have it twice though, might only be when it is on two interfaces, looks weird and is wrong either way. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Documentation
On Thu, 2005-05-26 at 10:22 -0400, Alex Kirk wrote: SNIP Internet6: Destination GatewayFlags default ::1UG default ::1UG SNIP Further attempts at route deletion result in: schnarff.com:~$ sudo route delete -inet6 default writing to routing socket: No such process delete net default: not in table Try route delete -inet6 default gw ::1 to remove them. This looks thoroughly broken, but as I'm not the IPv6 expert here, I don't know how to fix it. man route :) Try pinging 2001:5c0:8fff:fffe::28f5, 2001:5c0:8fff:fffe::28f4 etc and then try something remote, or just try something remote and see if that works. If you can't ping the ::28f4 then your tunnel is broken, use tcpdump on the IPv4 interface (fxp0 in your case) to see if you get any packets, like proto-41 unreach back from the remote side or from intermediate routers. Or if you get packets back but the kernel filters them out - firewall issue. I can't ping the ::28f4 address. When I run tcpdump (which I have to do on gif0, not fxp0, if I want IPv6 traffic), I get: schnarff.com:~$ sudo tcpdump -n -i gif0 tcpdump: WARNING: gif0: no IPv4 address assigned tcpdump: listening on gif0 10:12:37.890333 2001:5c0:8fff:fffe::28f5 2001:5c0:8fff:fffe::28f4: icmp6: echo request 10:12:38.890316 2001:5c0:8fff:fffe::28f5 2001:5c0:8fff:fffe::28f4: icmp6: echo request 10:12:39.890308 2001:5c0:8fff:fffe::28f5 2001:5c0:8fff:fffe::28f4: icmp6: echo request 10:12:40.890305 2001:5c0:8fff:fffe::28f5 2001:5c0:8fff:fffe::28f4: icmp6: echo request As I mentioned, dump fxp0 as now you don't see which source/dest IPv4 you are using and neither are you seeing any ICMP (v4) proto-41 unreaches if the remote side actually doesn't like you. Looks like the other side isn't paying any attention to me. Of course, seeing this, I noted that ::28f5 appeared to be where I was coming from, so I tried setting that as my default route. At that point, I could ping myself (at ::28f5), but I couldn't hit, say, 2001:200:0:8002:203:47ff:fea5:3085: How exactly did your routing table look like after you did exactly what? You should end up with something like: default 2001:5c0:8fff:fffe::28f4 2001:5c0:8fff:fffe::28f5 :: dev gif0 2001:5c0:8fff:fffe::28f4 2001:5c0:8fff:fffe::28f5 dev gif0 schnarff.com:~$ ping6 www.kame.net PING6(56=40+8+8 bytes) 2001:5c0:8fff:fffe::28f5 -- 2001:200:0:8002:203:47ff:fea5:3085 ping6: sendmsg: No route to host ping6: wrote www.kame.net 16 chars, ret=-1 ping6: sendmsg: No route to host ping6: wrote www.kame.net 16 chars, ret=-1 Good thing about IPv6, you can destroy it and IPv4 keeps working. Alternatively when you have IPv4 and IPv6 native, like me, either of the two can die, get firewalled and it will still work ;) I'm well aware of this...I just didn't want to start touching default routes, since a simple syntax error on my part could result in the whacking of my IPv4 default route. IPv6 tools don't touch the IPv4 ones, unless they are severely broken. Given this, does the need to have some modern documentation on the subject seem a bit more clear? ;-) TSP client should do it already for you. For the rest: google(openbsd rc.conf ipv6) eg http://schvin.net/writings/openbsd-ipv6.html http://www.fbunet.de/ipv6.shtml The latter being OpenBSD 3.5, just need to search correctly ;) As KAME (used on *BSD) is the most used IPv6 stack it really works. Or dump your route table + interfaces again and do the ping tests, on the IPv4 interface (fxp0) I mentioned. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Application tool to acquire all ipv6 addresses on a specified int erface
On Fri, 2005-05-06 at 08:29 -0400, Bellino, Phil wrote: Hello, I am running 2.6.11 linux and have IPv6 addresses on eth0, eth1, tun6to4, etc. I am looking for a tool that my applcation can use that will give me back all of the IPv6 addresses that are on a specified interface. I am trying to prevent having to execute a shell command(such as ip or ifconfig) and then having to parse all that is returned for the IPv6 addresses in question. Does anyone know of such a tool? It is called 'cat', or grep if you want a single entry [EMAIL PROTECTED]:~$ cat /proc/net/if_inet6 0001 02 80 10 80 lo fe800a002bfffee702b3 03 40 20 80 eth1 200107b8000500100f710002 03 50 00 80 eth1 200107b80300029027fffe24c19f 01 40 00 80 eth0 fe80029027fffe24c19f 01 40 20 80 eth0 Notez bien, this will only work on linux and not any other platform. Then again doing it crossplatform is I guess almost impossible anyway except if one codes a part for every separate OS. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: IPv6 Scope:Compat
On Tue, 2005-04-26 at 08:14 -0400, Bellino, Phil wrote: Hello, Running 2.6.11 kernel. I set up a tunnel with the following commands: ip tunnel add tun6to4 mode sit ttl 255 remote any local 140.175.165.63 ip link set dev tun6to4 up ip -6 addr add 2002:8caf:a53f::1/16 dev tun6to4 This all works fine, but I get the following output from the ifconfig tun6to4 command: tun6to4 Link encap:IPv6-in-IPv4 inet6 addr: 2002:8caf:a53f::1/16 Scope:Global inet6 addr: ::140.175.165.63/128 Scope:Compat UP RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Can anyone explain to me what the function of the Scope:Compat is in the above configuration and how I can use it to my benefit? Compat - Compatibility. In other words, this is only used for compatibility between IPv4 and IPv6 and should only be used during the transition phase. The benefit of this is that 'compat' scope has a low priority when selecting an outbound address, because it might go away. This thus allows for expected longer sessions. Btw, don't forget to do a: ip -6 ro add 2002:8caf:a54f::/48 dev lo to nullroute traffic being sent towards your 6to4 /48. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Trouble with 2.6.11 Linux
On Tue, 2005-04-05 at 12:33 -0400, Bellino, Phil wrote: Hello, I have a 2.6.5 Linux running router radvd. I also have 2.6.5 clients(and a 2.4.20 client) that accept the router advertisements from the router and acquire a Link-Global address and also autoconfigures their Link-Local address. Their configs: ipv6.conf.eth0.accept_ra=1 ipv6.conf.all.accept_ra=1 ipv6.conf.default.accept_ra=1 I have a 2.6.11 client host that does not accept any router advertisements even though it's config is the same as above. (I have compared the sysctl -a output on both the 2.6.5 and 2.6.11 and they are identical). In fact the following is what occurs at boot time: 1. When I boot up this client, eth0 does not have the inet6 Link-local address. If I then issue: ifconfig eth0 down ifconfig eth0 up The inet6 Link-local address then appears. The important question: what kind of network card do you have, and thus which driver do you use. In Linux (and most likely in most OS's) the network card driver is responsible for configuring the linklocal address. Next to that the above can very well be because the IPv6 module is loaded later than the network card is activated. Fix your init scripts in that case. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: testing dns server for ipv6
On Mon, 2005-04-04 at 11:03 +0800, PM WONG wrote: SNIP What does this indicate ? What's the best way to test out the dns ipv6 hosts query? Use 'dig +trace www.6bone.net' to find out what goes wrong where. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: v6 - v4 redirection?
On Mon, 2005-04-04 at 00:22 -0700, Mike Warren wrote: I'm looking for an application that will open a listening v6 socket and open a v4 socket to a pre-defined remote host/port. The application would pass all input data from the v6 client through to the v4 socket and vice versa. Does such an application exist? I tried xinetd's redirection but that didn't seem to work. I wrote something in perl but would prefer something in C. Google *wink* for '6tunnel', 'netcat6' etc ;) What tool exactly do you want to upgrade to support IPv6? There might be better tools for doing the job directly, or why not make the tool natively support IPv6? Remember that when using any of the above tricks you will loose the real source address... In any case, if you need help, yell... Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: Acquiring IPv6 address space
On Fri, 2005-03-25 at 10:29 -0500, Bellino, Phil wrote: Hello, We are in the beginning stages of providing IPv6 support for our company and our products. For IPv4, our company has an assigned range of IP addresses. Can someone point me to the best source for acquiring a range of IPv6 address space? The same place you got your IPv4 space from most likely: ARIN See: http://www.arin.net/registration/ipv6/ http://www.apnic.net/info/faq/IPv6-FAQ.html Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: 2002 addresses
On Thu, 2005-03-17 at 17:45 -0500, Michael Banta wrote: Things are even clearer now But. I am running radvd on the firewall, and I have it advertising a /48 to You should announce a /64. A /48 contains 65535 /64's and afaik there are no OS's that configure themselves when they receive a /48 RA, which would not make sense anyway. my internal machines. radvd avertises on eth1, which is the lan side of the router. The winxp and linux clients on the inside both pick up addresses from the advertising router. I can ping from the clients to eth1 on the router, but not to eth0 (outside interface). Is forwarding enable on the router? (sysctl -a | grep forward) Next to that, try traceroutes, ethereal dumps etc. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: 6to4 question
On Tue, 2005-03-15 at 21:02 -0500, Michael Banta wrote: Hello. New to ipv6, have read a lot, still confused... SNIP Should the /48 block actually be a 2002: block to be a compatible 6to4 address? If so, why would Hurricane Electric give me a 2001: prefix unstead of a 2002? Check this picture: http://unfix.org/projects/ipv6/IPv6andIPv4.gif You are the bottom left computer. You have native IPv4 and a proto-41 tunnel to a 6in4 router (Hurricane Electric). If you thus want to send traffic to other IPv4 hosts they go through the blue IPv4 cloud, where a lot of routers are and take care that the packets get delivered. If you want to talk to IPv6 hosts, the packets get sent to Hurricane Electric's router, which is connected to the red cloud, which takes care that it gets sent to the correct endhost. If you thus want to send a packet to a 6to4 host (anything in 2002::/48) the HE router will send it into the red cloud and the red cloud will send it on to a 6to4 relay, which will deliver it to the 6to4 host. See the current assignments here: http://www.iana.org/assignments/ipv6-unicast-address-assignments It does not really matter where you are in this list, the routers will take care of delivery of packets. That said, it _could_ be useful to setup a 6to4 relay your own, but this can cause problems because you actually are using non-6to4 addresses, security issues. Avoiding 6to4 is generally a good idea. 6to4 in general should only be used if you need a temporary address and don't really care about quality or reachability IMHO. The number of relays is fairly limited and debugging the traffic is quite difficult caused by asymmetric paths and other nastyness. This is so confusing. Then I hope my short explanation helped a bit ;) Also, if you have eth0 for instance, you should announce a /64 on that wire, not the /48, which is comprised of 65k /64's. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: IPv6 Best practice
On Tue, 2004-07-20 at 16:54, [EMAIL PROTECTED] wrote: Hello all, I have been playing with ipv6 for a while now (mostly on Linux and osX) and I have started to turn my thoughts to networking and servers. The easy one I guess is servers. Presumably a static ipaddress is best to use because of DNS etc. If a static address is allocated, radvd will not be required because there is no ipv4 DHCP type requirement. Is this a correct assumption? Correct, but then you can't renumber easily. The 'best' would be the number your _services_ eg: 2001:db8:2000::80 = webserver (port 80 tcp ;) 2001:db8:2000::110 = pop3server (port 110 tcp) etc... but still having the host main IP be assigned by radvd. The service IP then never changes (1,2,3) but you can swap around the real host. Also see: http://www.ams-ix.net/more/aiad/xs4all.pdf Second, networks. On an ipv4 based ip network, it is usual on wan links (unless they are unnumbered serial lines) to use a .252 or /30 mask with 4 addresses in the subnet (net, ip1, ip2, broadcast). Is this wise to implement in ipv6? eg use a /126 mask to allow four valid ipv6 addresses. In that case, if I get a /48, I would need to use the first allowed block (/49 mask?) carved up into much smaller chunks, ultimately down to the /126's for wan lines. Use /64's per tunnel then you can use that same /64 when there are more hosts (read: more routers) on the same link in the future. There are also proposals for using IP's as crypto identifiers. Given a working ipv4 network where each remote site has a /24 ipv4 allocation (and is more than enough given the number of pc's there), would it be sensible to use a /120 for each site or perhaps be profligate(!) and use /118 to allow for all the ipv6 toasters we are likely to be able to buy next year? Every site gets a /48, if one needs something bigger then let them draw up an allocation plan. Or the words (not exactly but almost) from Timothy Lowe from RIPE NCC: --- - when you are very very very sure that only 1 'link' will ever be connected, then give a /64. - in every other case delegate a /48. --- Why a /48? well so you can move around to other ISP's and always be sure that you get a /48 so that you don't have to reorganize your network every time. Next to that there are 'only' 65k /64's in a /48 and every link gets a /64. At the moment there might not be such a demand, but think about 10/20 years or even more.. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: teredo client on winXp not working
On Fri, 2004-07-16 at 08:49, Philippe Bogaerts wrote: Hallo, I was reading the http://www.ipv6style.jp/en/tryout/20040428/index.shtml. Has somebody got this working? I also tried the microsoft server teredo server, but no luck. Ethereal shows that it is not encapsulating, It only see neighbor solicitations, but I suppose that this is wrong. At startup of teredo it tries to figure out your kind of NAT and thus try to contact the server, you should see at least that part of the communication. This is described in: http://www.ietf.org/internet-drafts/draft-huitema-v6ops-teredo-02.txt Somebody some idea? I going through a NAT router (hide NAT), but it shows no logging. What kind of NAT do you have? (cone/restricted/...) Also due note that the IPv6 implementation in XP SP1 and up are supported products by M$ so just call them ;) Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: IPv6 stack windowsXP problem
On Thu, 2004-04-22 at 21:44, Antnio Amaral wrote: Dear All, I am using IPv6 Windows XP stack and I have two questions: 1. Why it is created two IPv6 addresses on the Ethernet Interface? It should be created only one base on EUI-64, right? Next I show my interface output SNIP preferred global 2001:690:2380:7770:ac34:34a:30d5:1aaa, life 6d19h33m46s/19h32m30s (temporary) preferred global 2001:690:2380:7770:290:27ff:fea7:b0b, life 29d23h58m20s/6d23h58m20s (public) The first one is a RFC3041 anonymous address (that is why it is marked temporary), the second is the normal EUI-64 based one. netsh int ipv6 set privacy disabled to turn it off See: http://www.microsoft.com/windowsserver2003/technologies/ipv6/ipv62netshtable.mspx SNIP 2. Why can I not ping to my IPv6 addresses? I can ping to others IPv6 addresses, and the others can ping my addresses. Is this a bug? Not a bug, but a feature, it is called Default Firewalling. Read the XP docs and turn off the firewall: http://www.microsoft.com/technet/itsolutions/network/security/ipv6fw/hcfgv601.mspx Greets, Jeroen signature.asc Description: This is a digitally signed message part
RE: ipv6 packet loss in lan
-BEGIN PGP SIGNED MESSAGE- mark [mailto:[EMAIL PROTECTED] wrote: Jeroen Massar wrote: mark wrote: You are pinging the otherside of the world with a load of crappy routers between them. True that, but fact is my client ping timeouts while my server keeps receiving pings back at the same time. And that's the bit I need some help with :) Got any spare clues left? I'm having the feeling it's a kernel bug. tcpdump both sides and diff it... I can't see why it would be a bug though as many people have been running that code for quite some time already. It could be a driver bug in your NIC though. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP6V0xSmqKFIzPnwjEQIaYQCeI58mKKDEQ4OE+qpcE3hdqRgL/loAnAig Vlf3p7eEvEHlMjX6MErWRHeZ =R8A+ -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: ipv6 packet loss in lan
-BEGIN PGP SIGNED MESSAGE- mark wrote: My linux 2.4.20-gentoo1.4 computer makes a pptp-connection to the Dutch ISP xs4all and also makes an ipv6-connection. The latter as follows: echo 1 /proc/sys/net/ipv6/conf/default/forwarding echo 1 /proc/sys/net/ipv6/conf/all/forwarding ip tunnel add unixc mode sit local 80.126.113.xxx remote 194.109.5.241 ttl 64 ip link set unixc up ip -6 route add 2000::/3 dev unixc ip -6 route add ::/0 dev unixc ip -6 route add ::/0 via 2001:888:10:c::1 Two default routes? One is sufficient :) SNIP I could press ctrl+c and see what the output is of ping www.kame.net: --- www.kame.net ping statistics --- 5212 packets transmitted, 4403 received, +48 errors, 15% packet loss, time 5217762ms rtt min/avg/max/mdev = 357.390/383.197/1577.899/56.565 ms, pipe 2 tratz $ 15% is too much and so are 48 errors. I just don't know how to repair this, so does anyone else have the time to help me? You are pinging the otherside of the world with a load of crappy routers between them. You might want to test with a more 'local' IP, eg the endpoint of your tunnel. Also XS4ALL have their own support staff for IPv6 related so try their helpdesk, they will prolly tell you the same thing. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP6RPxCmqKFIzPnwjEQKCCwCgpzQBGSxaxZ53zTgGY3mxVx0WdaAAnibF op09YulMv6T9Un7kAYQ+Pty8 =W/Aw -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: ipv6 problems
-BEGIN PGP SIGNED MESSAGE- David Arendt wrote: I have configured my linux (kernel 2.6.0-test7) for 6to4 access (using 2002:... addresses). Iptables for ipv6 is enabled but no rules are defined and default policy is accept. Connection to the internet over this tun6to4 device seems to work without any problems, but the person which who I tested the connect by telnet over ipv6 get no connection. Start debugging: - - Do traceroute6's to the other end. - - tcpdump the connection to see icmp's etc. - - check your routing table (2000::/3 or ::/0 in use? - - interfaces - - firewalls (though you mentioned that) Problem with 6to4 is that you never know where your traffic is flowing from/to especially as the backpath can be really completely different as the forward path. You can also try to telnet to port 80 of IPv6 enabled webservers and issue HTTP commands by hand etc. Have fun ;) Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP43ScSmqKFIzPnwjEQKOYACeP6DZqD+ndtG9K7ggyJV4WwhnlO8AoKvx eOWUwLi2DdIDoPtcj5In3Oac =ioNG -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: reverse lookups without nibbling
-BEGIN PGP SIGNED MESSAGE- Joseph Birthisel wrote: Beyond ip6_int does anyone know of an easy way to save nibbling one's way through an IPv6 address? Check IPv6calc http://www.deepspace6.net/projects/ipv6calc.html Btw ip6_int.pl is old and still loved by many but edit it to replace the ip6.int part to ip6.arpa ofcourse ;) Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP4uunSmqKFIzPnwjEQIbWACfZxOle3DbRxwG9VIiIeqqO/w6otsAnRCT oxc0vdygET2lP7j5Kyw9iUa7 =tIj1 -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: how to get IPv6 prefix length on Tru64
-BEGIN PGP SIGNED MESSAGE- Vladislav Yasevich wrote: Jinmei This allows for a shortcut. The 'ip6prefix' keyword allows the user a fake autoconfig. It will use the provide prefix (iff it's /64) with the IID to create an address. For example, on my system: # ifconfig -v tu0 tu0: flags=c63UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX HWaddr 08:00:2b:e5:4e:f7 inet6 fe80::a00:2bff:fee5:4ef7 # ifconfig tu0 inet6 ip6prefix 3ffe:1200:4110:1::/64 # ifconifg tu0 tu0: flags=c63UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX inet6 fe80::a00:2bff:fee5:4ef7 inet6 3ffe:1200:4110:1:a00:2bff:fee5:4ef7 Is there also a switch which allows to assign the EUI-64 part? Which could be very handy for servers and the likes. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP3nt+CmqKFIzPnwjEQIHdACgi3nfjk3RzsHYHDO3zPc76lrlukQAn3yL f6RulG0SzDYpMIOvgQfiy8ej =uOky -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: 128-bits is alot, ins't it? Well I mean...
-BEGIN PGP SIGNED MESSAGE- Tim Soderstrom wrote: Just a couple of concerns: So this has been bugging me since I first read technical reports on the whole thing quite a few years ago: Isn't 128-bits kinda, well, a lot? I mean that's 4 times bigger than 32-bits, so doesn't that mean it will incur 4x more overhead? No as other header elements have been removed. Read/View the presentation on: http://www.isoc.nl/activ/2002-Masterclass-IETF-IPv6.htm thus: http://www.isoc.nl/activ/cursusmateriaal/2002-Masterclass-IETF-IPv6.ppt http://www.isoc.nl/activ/cursusmateriaal/2002-Masterclass-IETF-IPv6.sxi That will clear up a lot of things for you I think :) For example, I have a 160bps upstream with my DSL provider...right now is just barely enough to stream mp3's on IPv4. 160 *bits* per second? I hope that is Kilobytes :) On IPv6, however, I worry that a much bigger chunk of my bits will be used simply for addressing. How does IPv6 answer this (as it is really the only thing holding me back). Check the presentation :) Also, does IPv6 or could IPv6, 7, or 8 :) Employ a type of 'smart addressing' feature? For example, if all I need to do is communicate amongst my subnet or my local network, it seems wasteful to send 128-bits for that. So why not simply send the number of bits that is in the subnet mask or assume a right justification of the bits recieved so that the computer can and it to a mask and know where it came from or something similar? Then every router and host suddenly should know and adapt to those conditions which is much more overhead then a few bits. On a grand scale that would be awesome because if I was just playing a game with local friends in the say Austin, TX area I could save a few bits, could I not? And if not why not? :) A few bits versus major overhead, not done really... :) I have been burning to ask these questions for quite some time, so thanks very much for you patience in reading them :) Cheers and Take Care, Tim Soderstrom Computer Science Major at University of Texas @ Austin Throw around that presentation and hint your tutors to get some good IPv6 books and teach a lot more about router internals, processing etc... Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP2nN2SmqKFIzPnwjEQKAuwCeMe6zGaPwh/vQ4X/hMNXIkZTG9q4An2aa lli12UOBtUnvXLD0Q4wbkqnk =CT01 -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Awareness of breaking RFC3056 with 6to4 more specifics
-BEGIN PGP SIGNED MESSAGE- Antonio Querubin wrote: On Fri, 12 Sep 2003, Jeroen Massar wrote: Antonio Querubin [mailto:[EMAIL PROTECTED] wrote: [cut off long list of people, except ml's] On Fri, 12 Sep 2003, Jeroen Massar wrote: 2002:c058:6301::/48 192.88.99.1/32 AS786 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable And you don't own it either, please read RFC3068 and stop that foolish announcement. In whois.ripe.net this network is documented: Whoa there! Just because a block is anycast doesn't mean it's NOT routable. It just means there may be multiple destinations and multiple routes to those destinations. Otherwise what use is it? It's for making 2002::/16 reachable, not for making the IPv4 version reachable over IPv6 ;) Oops. I thought you were advocating that 192.88.99.0 should never be announced. Sorry for the misunderstanding :) Au contraire mon ami :) I would rather see more and more ISP's deploy anycast capable 6to4 relays. They should then at least put the route into their IGP so that clients employing 6to4 have a fast way out. It would also mean that the ISP itself has some IPv6 deployment and could be looking into native connectivity to the rest of the world, both being a good thing. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP2QqHymqKFIzPnwjEQI4BgCeJqWbLHPX1IcaXUeL5qVP/MeCZlEAn2O3 26bfTL2i4mt5w8HSTx+ImodK =I0+Z -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Awareness of breaking RFC3056 with 6to4 more specifics
-BEGIN PGP SIGNED MESSAGE- Antonio Querubin [mailto:[EMAIL PROTECTED] wrote: [cut off long list of people, except ml's] On Fri, 12 Sep 2003, Jeroen Massar wrote: 2002:c058:6301::/48 192.88.99.1/32 AS786 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable And you don't own it either, please read RFC3068 and stop that foolish announcement. In whois.ripe.net this network is documented: Whoa there! Just because a block is anycast doesn't mean it's NOT routable. It just means there may be multiple destinations and multiple routes to those destinations. Otherwise what use is it? It's for making 2002::/16 reachable, not for making the IPv4 version reachable over IPv6 ;) The RFC has specific information on restrictions for announcement if you do want to provide the service to those outside your AS. If you where announcing 192.88.99.1/32 you would be right, though announcing a /32 is really dubieus :) They _where_ (it got fixed directly) announcing 2002:c058:6301::/48 which really doesn't make any sense. Or are you implying that anyone can just announce a block out of 192.88.99.0/24 and use it for 6to4? Announcements of 192.88.99.0/24 should also be backed up by the relevant entry in the RIPE (or ARIN/LACNIC/APNIC) databases. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP2IsnSmqKFIzPnwjEQIaIgCcDM4CuLIELIht+9Gw0wsayAwXtGEAnAsQ V7X2DfgVLhXsw1MVlMgFuiIa =jun7 -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
Awareness of breaking RFC3056 with 6to4 more specifics
-BEGIN PGP SIGNED MESSAGE- Hi, Are the ones in the To line aware that you are breaking RFC3056 by announcing 6to4 more specifics? RFC3056 Section 5.2 point 3: 8 6to4 prefixes more specific than 2002::/16 must not be propagated in native IPv6 routing, to prevent pollution of the IPv6 routing table by elements of the IPv4 routing table. Therefore, a 6to4 site which also has a native IPv6 connection MUST NOT advertise its 2002::/48 routing prefix on that connection, and all native IPv6 network operators MUST filter out and discard any 2002:: routing prefix advertisements longer than /16. - 8 Currently you are announcing, to the rest of the world: http://www.sixxs.net/tools/grh/lg/?find=2002::/16 2002:8c6d:106::/48 8447 1853 786 5623 6939 11537 9264 2002:8c6d:106::/48 12779 3549 6939 11537 9264 2002:8c6d:106::/48 6939 11537 9264 2002:c058:6301::/48 8447 1853 786 2002:c0e7:d405::/48 8447 1853 6680 1103 11537 7570 2002:c0e7:d405::/48 1103 11537 7570 2002:c0e7:d405::/48 12779 3549 6939 11537 7570 2002:c0e7:d405::/48 6939 11537 7570 2002:c8a2::/33 8447 1853 6680 1103 11537 6939 6939 15180 2002:c8a2::/33 12337 12337 12337 6939 6939 15180 2002:c8a2::/33 1103 11537 6939 6939 15180 2002:c8a2::/33 12779 3549 6939 6939 15180 2002:c8a2::/33 6939 6939 15180 2002:c8c6:4000::/34 8447 1853 6680 1103 11537 6939 6939 15180 2002:c8c6:4000::/34 12337 12337 12337 6939 6939 15180 2002:c8c6:4000::/34 1103 11537 6939 6939 15180 2002:c8c6:4000::/34 12779 3549 6939 6939 15180 2002:c8c6:4000::/34 6939 6939 15180 2002:c8ca:7000::/36 8447 1853 6680 1103 11537 6939 6939 15180 2002:c8ca:7000::/36 1103 11537 6939 6939 15180 2002:c8ca:7000::/36 12779 3549 6939 6939 15180 2002:c8ca:7000::/36 6939 6939 15180 Summing them up: 2002:8c6d:106::/48 140.109.1.6/32 AS9264 2002:c058:6301::/48 192.88.99.1/32 AS786 2002:c0e7:d405::/48 192.231.212.5/32AS7570 2002:c8a2::/33 200.162.0.0/17 AS15180 2002:c8c6:4000::/34 200.198.64.0/18 AS15180 2002:c8ca:7000::/36 200.202.112.0/20AS15180 NOTEZ BIEN: % Not assigned. Free in Brazilian block: 200.198.64.0/18 Is LACNIC the RIR or is NIC.BR the one? Seeing that a complete IPv4 /9 has been carved up to them and LACNIC doesn't handle anything else? 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable And you don't own it either, please read RFC3068 and stop that foolish announcement. In whois.ripe.net this network is documented: route:192.88.99.0/24 descr:RFC3068-ECIX origin: AS9033 mnt-by: ECIX-MNT mnt-routes: RFC3068-MNT changed: [EMAIL PROTECTED] 20030711 source: RIPE remarks: See RFC 3068 remarks: An Anycast Prefix for 6to4 Relay Routers remarks: Christian Huitema remarks: June 2001 Feel free to notify your upstreams that they should be filtering anything more specific in 2002::/16 and should probably not be announcing cross-RIR prefixes unaggregated. Please read: IPv6 Filter Recommendations by Gert Döring http://www.space.net/~gert/RIPE/ipv6-filters.html Minimal IPv6 Peering by Robert Kießling http://ip6.de.easynet.net/ipv6-minimum-peering.txt Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP2G0kSmqKFIzPnwjEQJi4wCgkfxKSBKl/zzvPBGyFTQp3Bjx9CIAoJAO caSxGRfOBcF0VQ1G15QvNjaP =kO2/ -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: [6bone] Awareness of breaking RFC3056 with 6to4 more specifics
-BEGIN PGP SIGNED MESSAGE- Duncan Rogerson [mailto:[EMAIL PROTECTED] wrote: Jeroen, Are the ones in the To line aware that you are breaking RFC3056 by announcing 6to4 more specifics? Thanks for bringing this to our (AS786) attention. We are aware of the RFCs, however were not aware this route was leaking. Hopefully it is fixed now. It is indeed gone out of the tables collected by GRT. So is another anomaly I reported in private to which was carrying a private ASN in it's ASPath. And so is the one carried from ACO.Net. Thank you all for the quick responses and fixes. Only 5 prefixes to go sourced from 3 ASN's. (btw, I don't know if it was intended, or if it was a non-native English speaker problem, but fyi, the tone of your message was pretty offensive) That was certainly _not_ my intention. Raising awareness in these kind of 'problems', which are not really destructive, goes much better when you don't offend someone and does solve the problems. The reason for CC'ing the several lists is thus also for raising awareness, not for laughing at people in the To: line. I should have bcc'd them. This is a bigger issue as apparently many ISP's don't filter this prefix, which they should according to the RFC. Excuses if I offended anyone unintended. If you can followup in private which wordings you think where offensive I can alter them next time as indeed I am not a native english speaker, though I do try to do my best. Greets, Jeroen ps: cut off everybody except the ml's and bcc'd them now. Which I should have done in the first place actually... -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP2HWnymqKFIzPnwjEQKHqACfUihmEs+SuDBXGjfa3hphxb6AhIsAn0MI TooZRIrc6QR3GCOpyxT3o7+A =GtFq -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: how many ISPs provide native ipv6 connectivity ?
-BEGIN PGP SIGNED MESSAGE- Bill Manning wrote: % i am just wondering, aprox. how many ISPs provide native ipv6 % connectivity to their customers ? % % -- % Kostko [EMAIL PROTECTED] % JWeb-Network % % - % The IPv6 Users Mailing List % Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED] my SWAG: ~150 or so. Checking http://www.sixxs.net/tools/grh/tla/all/ There are 565 TLA's of which 378 at least get announced. This could be seen as ~300 ISP's (taking away the 6bone/RIR dupes) who have at least an announcement for an IPv6 prefix. These ISP's are quite possibly also giving IPv6 access to their customers. Natively the 150 number sounds quite reasonable. Including tunneling it's more like ~300. Then again it all depends on exactly what you want to know as an ISP itself can be a customer of itself and will always be native for itself. And if you have a l2 colo facility having one router enabled makes everything native too. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBPzlw1imqKFIzPnwjEQJguQCgrZOGgK3h00tWT1QlUWcmb+8Ayf8An2iD zm+2sZqlHaAc9gKI03/TxfxU =sx2C -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Check whether a host is running IPv4 or IPv6
-BEGIN PGP SIGNED MESSAGE- Brian Widdas wrote: On Thu, 7 Aug 2003, Markus Nigbur wrote: Subject says it: Is it possible to determine if any random host is running IPv6? No. On an unswitched LAN, you could probably show that it was. Anything else introduces too many unknowns (is the host down? Is it ignoring my IPv6 traffic? What's its IPv6 address anyway?). Ehm ofcourse there is :) ping6 -I interface ff02::1 bingo, all hosts on your local network, even switched. (ff02::2 for all routers etc) Ofcourse hosts could filter that but then they are not entirely RFC-compliant. Greets, Jeroen -BEGIN PGP SIGNATURE- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBPzJr4ymqKFIzPnwjEQImhACgot+GUAdoWTMHL1QKzPoKCpxuk4EAn2rr vBA+dVdvzloeNgHqq8TQIG5T =UnnP -END PGP SIGNATURE- - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: [Fwd: RE: IPv6 connectivity problems to www.deepspace6.net from 6to4 addresses] (fwd)
Mauro Tortonesi [mailto:[EMAIL PROTECTED] wrote: Jeroen Massar wrote: Peter Bieringer wrote: sorry for requesting help here, but hopefully there are some people on the list who can check this world-wide (and perhaps the problem and a solution) Me and some others to here in Germany have much troubles connecting to www.deepspace6.net with 6to4 address as source: SNIP Check hop 3 which effectively says it goes over viagenie... Let's inquiry the lookingglass (http://www.sixxs.net/tools/grh/lg/) and indeed most paths go over the US (viagenie and esnet) this really seems to be a problem in the cnit routing config. gianluca, perhaps you can check this problem? Prod : 2001:760:204:10:10:a7ff:fe16:27f4 That doesn't even trace.. SNIP are you sure? i can trace your host from ds6: [EMAIL PROTECTED] mauro]$ /usr/sbin/traceroute6 -s 2001:760:204:10:10:a7ff:fe16:27f4 3ffe:8114:2000:240:290:27ff:fe24:c19f traceroute to 3ffe:8114:2000:240:290:27ff:fe24:c19f (3ffe:8114:2000:240:290:27ff:fe24:c19f) from 2001:760:204:10:10:a7ff:fe16:27f4, 30 hops max, 16 byte packets 1 2001:760:204:10:202:16ff:febc:1fc1 (2001:760:204:10:202:16ff:febc:1fc1) 1.366 ms * 0.791 ms 2 3ffe:830f::a (3ffe:830f::a) 76.262 ms * 67.166 ms 3 3ffe:8100:102::1:6 (3ffe:8100:102::1:6) 175.268 ms 179.469 ms 187.643 ms 4 3ffe:8120::19:2 (3ffe:8120::19:2) 208.773 ms 232.596 ms 202.754 ms 5 ipng.nl (2001:6e0::250:4ff:fe4a:7708) 190.97 ms 181.706 ms 182.735 ms 6 3ffe:8114:2000:240:290:27ff:fe24:c19f (3ffe:8114:2000:240:290:27ff:fe24:c19f) 219.356 ms 228.461 ms 215.707 ms You have to realize that the internet is a dynamic thing. And my previous message was some days ago. The routing is thus also a lot different now. Hop 4 above matches hop 2 below. Hop 5 above matches hop 1 below, hop 6 is my endpoint. So far so good. But then there is renater in between... traceroute to 2001:760:204:10:10:a7ff:fe16:27f4 (2001:760:204:10:10:a7ff:fe16:27f4) from 3ffe:8114:2000:240:290:27ff:fe24:c19f, 30 hops max, 16 byte packets 1 gw-20.ams-02.nl.sixxs.net (3ffe:8114:1000::26) 19.703 ms 19.312 ms 19.369 ms 2 Amsterdam.core.ipv6.intouch.net (2001:6e0::2) 19 ms 19.669 ms 19.917 ms 3 3ffe:8120::19:1 (3ffe:8120::19:1) 49.353 ms 55.394 ms 49.947 ms 4 renater.gtpv6.renater.fr (2001:660:1102:4003::1) 311.005 ms 286.745 ms 286.65 ms 5 gsr-nio.gsr-nio_gtpv6.projets.renater.fr (2001:660:3007:16:1::) 415.911 ms 287.458 ms 287.868 ms 6 gsr-6net.gsr-nio_gsr-6net.projets.renater.fr (2001:660:3007:12:2::) 286.993 ms 287.094 ms 289.085 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 2001:798:20:200::2 (2001:798:20:200::2) 93.296 ms 93.137 ms 93.764 ms 13 rtg-6net.mi.garr.net (2001:760::100::5) 93.34 ms 93.508 ms * 14 bo-mi-g.garr.net (2001:760::::12) 97.957 ms 97.034 ms 96.999 ms 15 6net-rtg.bo.garr.net (2001:760::200::6) 97.926 ms 98.771 ms 97.261 ms 16 unife-bo.6net.garr.net (2001:760:fff:4::15) 100.431 ms 101.128 ms 99.461 ms 17 gw-ing-fe.ipv6.cnit.it (3ffe:8300::9) 214.396 ms 220.364 ms * 18 gw-fe-na.ipv6.cnit.it (3ffe:8300::4) 215.619 ms * 217.453 ms 19 2001:760:204:10:10:a7ff:fe16:27f4 (2001:760:204:10:10:a7ff:fe16:27f4) 216.207 ms 216.52 ms 213.339 ms Completely different and note to CERN, then to renater in france and then to italy. Apparently the CERN box is quite lagged: 8 r3gen.vianw.net (213.2.254.10) 31.608 ms 32.268 ms 31.430 ms 9 cern-atm7.cern.ch (192.65.185.7) 188.931 ms * 188.776 ms This should be fixed also imho, will notice the admin. You are also announcing both your /32 and your /35: 2001:760::/32 2001:778:11:4:: 2847 20965 137LITNET GEANT GARR 2001:760::/35 3ffe:8120::19:1 513 559 137 CERN SWITCH GARR The best path taken here is the /35 (3rd hop :) And apparent from your traceroute these routes are very asynch. I hope your stack is sending out it's packets on the correct interface. There are good ISP's who drop packets from mismatching origins. I wonder why the /35 all have a completely different path from the /32. [EMAIL PROTECTED] mauro]$ /usr/sbin/traceroute6 -s 3ffe:8300:0:1:10:a7ff:fe16:27f4 3ffe:8114:2000:240:290:27ff:fe24:c19f traceroute to 3ffe:8114:2000:240:290:27ff:fe24:c19f (3ffe:8114:2000:240:290:27ff:fe24:c19f) from 3ffe:8300:0:1:10:a7ff:fe16:27f4, 30 hops max, 16 byte packets 1 3ffe:8300:0:1:202:16ff:febc:1fc1 (3ffe:8300:0:1:202:16ff:febc:1fc1) 0.948 ms * 1.07 ms 2 3ffe:8300::5 (3ffe:8300::5) 24.308 ms * 25.03 ms 3 3ffe:8100:102::1:6 (3ffe:8100:102::1:6) 189.886 ms 212.803 ms 202.296 ms 4 3ffe:b00:c18::61 (3ffe:b00:c18::61) 290.605 ms 300.884 ms 290.953 ms 5 ipng.nl (2001:6e0::250:4ff:fe4a:7708) 297.034 ms 295.936 ms 292.553 ms 6 3ffe:8114:2000:240:290:27ff:fe24:c19f (3ffe:8114:2000:240:290:27ff:fe24:c19f) 310.646 ms 316.277 ms 342.222 ms [EMAIL PROTECTED]:~$ traceroute6 3ffe:8300:0:1:10:a7ff:fe16
RE: IPv6 connectivity problems to www.deepspace6.net from 6to4 addresses
Peter Bieringer wrote: sorry for requesting help here, but hopefully there are some people on the list who can check this world-wide (and perhaps the problem and a solution) Me and some others to here in Germany have much troubles connecting to www.deepspace6.net with 6to4 address as source: Server has 2 IPv6 addresses: 6bone: 3ffe:8300:0:1:10:a7ff:fe16:27f4 traceroute to deepspace6.net (3ffe:8300:0:1:10:a7ff:fe16:27f4) from 3ffe:8114:2000:240:290:27ff:fe24:c19f, 30 hops max, 16 byte packets 1 gw-20.ams-02.nl.sixxs.net (3ffe:8114:1000::26) 41.729 ms 18.702 ms 28.987 ms 2 Amsterdam.core.ipv6.intouch.net (2001:6e0::2) 44.545 ms 38.93 ms 19.663 ms 3 gw-viagenie-cnit.ipv6.cnit.it (3ffe:830f::3) 123.507 ms 134.928 ms 137.097 ms 4 gw-cnit-tilab.ipv6.cnit.it (3ffe:830f::c) 182.188 ms * 208.621 ms 5 gw-fe-na.ipv6.cnit.it (3ffe:8300::4) 220.987 ms * 207.466 ms 6 3ffe:8300:0:1:10:a7ff:fe16:27f4 (3ffe:8300:0:1:10:a7ff:fe16:27f4) 233.201 ms 235.604 ms 230.61 ms It's more that their prefix is oddly routed: traceroute to fs.ipv6.cnit.it (3ffe:8300:0:1:201:2ff:fe94:df20) from 3ffe:8114:2000:240:290:27ff:fe24:c19f, 30 hops max, 16 byte packets 1 gw-20.ams-02.nl.sixxs.net (3ffe:8114:1000::26) 32.863 ms 61.985 ms 20.157 ms 2 Amsterdam.core.ipv6.intouch.net (2001:6e0::2) 20.134 ms 20.513 ms 33.92 ms 3 gw-viagenie-cnit.ipv6.cnit.it (3ffe:830f::3) 123.253 ms 124.119 ms 131.484 ms 4 gw-cnit-tilab.ipv6.cnit.it (3ffe:830f::c) 183.053 ms * 205.704 ms 5 gw-fe-na.ipv6.cnit.it (3ffe:8300::4) 240.375 ms * 218.757 ms 6 * * fs.ipv6.cnit.it (3ffe:8300:0:1:201:2ff:fe94:df20) 375.714 ms Check hop 3 which effectively says it goes over viagenie... Let's inquiry the lookingglass (http://www.sixxs.net/tools/grh/lg/) and indeed most paths go over the US (viagenie and esnet) Prod : 2001:760:204:10:10:a7ff:fe16:27f4 That doesn't even trace.. traceroute to 2001:760:204:10:10:a7ff:fe16:27f4 (2001:760:204:10:10:a7ff:fe16:27f4) from 3ffe:8114:2000:240:290:27ff:fe24:c19f, 30 hops max, 16 byte packets 1 gw-20.ams-02.nl.sixxs.net (3ffe:8114:1000::26) 19.376 ms 19.863 ms 18.647 ms 2 Amsterdam.core.ipv6.intouch.net (2001:6e0::2) 19.79 ms 18.625 ms 18.785 ms 3 gw.ipv6.lt (2001:778:11:5::1) 92.729 ms 97.113 ms 93.586 ms 4 se-gw.nordu.net (2001:6e0:0:10f::2) 149.247 ms 149.174 ms 149.116 ms 5 6net-gw.nordu.net (2001:948:0:f008::1) 149.569 ms 149.165 ms 149.517 ms 6 * * * 7 * * * 8 * No wonder IE doesn't want to open the site using IPv6... Problem exists since two weeks or so. Perhaps someone could check this from different 6to4 addresses and/or look into routing tables of such routers. See traceroutes below for more. I rather think it is a problem at cnit then in the 6to4 setup. They really should be checking their routing tables. And clean them up a lot. Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 bogon template
Michel Py wrote: Jeroen Massar wrote: Actually with IPv6 it's currently easier to use an ALLOW and not a deny section, they also are a bit shorter :) This is a very valid point but it does present challenges with route servers. Could you come up with a route-map valid for ALLOW routes received from the route server? For DENY routes it's easy: you set the next hop to an address that is routed to null0. No comment ;) Though, dear vendors, maybe it would be nice to have some kind of distribution method for filters, another use of this would be to quickly distribute a prefix which would need to be dropped (ddos etc). Then again, that would be a completely different project and would require quite some trust and security. I will post shortly a statement of applicability for IPv6 bogon route servers. That would be a nice addition indeed. Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: 6to4 Problem
6to4 Problem wrote: Hello, I am trying to connect to many ipv6 sites from a 6to4 only site (via relay router). Many of the destinations are not responding, and no ICMPv6 message is coming back. Somebody knows what could be the problem? One of the sites we tried is www.6bone.net, and we tried many others listed in www.ipv6.org site, without succes. Could you show: - configuration info (interfaces,routes,firewall rules...) - traceroutes to gateways in IPv4 and IPv6 - tcpdumps - error messages etc? But based on your email address from .uy I wonder if there is any near 6to4 - 6bone connectivity. Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6-ISP´s
Danny Terweij wrote: The dutch provider www.xs4all.nl gives a /64 space to a user that wants IPv6. Currently you even get 2 /48's, one from 6bone space, which you should not be using any more (it's going out), and one block out of RIPE space (2001:888::/32) 'production quality' ;) Every customer that gets a static IP also receives these /48 IPv6 blocks along with a tunnel to route them to their IPv4 endpoint. Xs4all also has a PowerDSL service which allows one to get those blocks using PPPv6. See http://www.ams-ix.net/aiad/xs4all.pdf Its free for use and in test. Some services from xs4all are also on IPv6 now, Shell servers, News server, www server. $ host -t www.xs4all.nl www.xs4all.nl record currently not present $ host -t www6.xs4all.nl www6.xs4all.nl does not exist (Authoritative answer) $ host -t www.ipv6.xs4all.nl www.ipv6.xs4all.nl does not exist (Authoritative answer) Prolly due to loadbalancing and other odd issues this isn't available yet though. Like most ISP's and heavy websites. But http://www.xs4all.nl.sixxs.org works ;) Also if you want a list of ISP's who already have IPv6 space available, though that doesn't say if they really use it unfortunatly you might check the TLA section of Ghost Route Buster at: http://www.sixxs.net/tools/grh/ Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Little problem setting IPv6 in Windows XP SP1
Marcelo Taube wrote: h, i guess IPv6 developers prefer system with unix/linux installed but unfortunatelly this is not me!! I'm developing a programm which will run in Win32 using WinSocks. I want to make it foward-comàtible so i want it to work in IPv6 nets. In order to test the programm i'm trying to install IPv6 in my computer (WIndows XP SP1). This should be very easy according to microsoft but it seems it isn't. SNIP COPIED_MESSAGE I'm trying to get started with IPv6. I installed XP SP1 and installed IPv6 protocol. So everything should be working but it isn't. The 6to4 Pseudo-Interface is not working, it should be automatically configured according to the article IPv6 Configurations and Test Lab on Microsoft site. VínculoPreferido 4294967295 4294967295 fe80::5efe:192.168.1.100 Bingo... welcome to the world of NAT (192.168.1.100 is RFC1918 space) This prohibits the use of 6to4 and possibly all other tunnels except if you use some nice pptp/ssh/http tunnel and forward through that. You should try a local 6in4 tunnelbroker or 6to4 relay. As you X-originating-IP is 200.71.8.60 which is way down in Uruguay Checking up at www.lancks.ac.uk/ipv6/6Bone/ there is one other 6bone site: origin: AS1797 descr: RAU - Red Académica Uruguaya descr: SeCIU - Universidad de la Republica descr: Uruguayan research network See http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/RAU.html As they are closest by (countrywise, not networkwise) you should contact them to set up a good 6bone uplink. Other good possibility are: - Freenet6 (www.freenet6.net) - Hurricane (www.tunnelbroker.net) You could also pest your uplink to get you a real IPv6 connection ofcourse. Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Solaris IPv6 Quickstart Guide
Steven F Siirila wrote: I am interested in setting up IPv6 in a Solaris environment. I attempted to go to just that link (shown at http://www.ipv6.org/howtos.html) and found that it does not exist. The broken link is: http://www.ipv6.org/solaris-quick.html Can anyone point me in the right direction? http://www.google.com Solaris http://hs247.com https://www.sixxs.net/faq/?faq=ossetupos=solaris And ofcourse (linked from the last one ;) http://wwws.sun.com/software/solaris/ipv6/ Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 with Windows-XP/2K
Bruce Campbell [mailto:bruce.campbell;ripe.net] wrote: Sent: Thursday, 31 October 2002 20:43 To: Jeroen Massar Cc: 'Mark Leary'; [EMAIL PROTECTED] Subject: RE: IPv6 with Windows-XP/2K On Thu, 31 Oct 2002, Jeroen Massar wrote: If you found the whitepapers why didn't you find: www.microsoft.com/ipv6/ which simply states: XP + .NET have builtin IPv6 support 2k needs the patch Note that its explicitly W2k SP1 . The patch will not apply if (I think) SP2 or (confirmed) SP3 have been applied. But we fixed that some time ago :) See: https://www.sixxs.net/faq/?faq=ossetupos=windows Where I planted SP2 + SP3 able versions. Also the official MS IPv6 FAQ notes how to do this. Only difference is I also hexedited the wininet.dll so that it works with IE6 :) These files are also available from the left hand upper corner of http://www.hs247.com Greets, Jeroen (proud Win2k IPv6 user since a long time :) - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 with Windows-XP/2K
Tony Langdon [mailto:tlangdon;atctraining.com.au] wrote: Also the official MS IPv6 FAQ notes how to do this. Only difference is I also hexedited the wininet.dll so that it works with IE6 :) Cool! Do I have to reinstall IPv6 with your version to install this DLL, or can I simply replace it while nothing's using it? Simply run the hotfix.ini like before and it will be automatically replaced. Notez bien that it _is_ an older version of wininet.dll any fixes that have been implemented in the mean time are not in it so I don't know which consequences this bears. These files are also available from the left hand upper corner of http://www.hs247.com Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 with Windows-XP/2K
Tony Langdon [mailto:tlangdon;atctraining.com.au] wrote: Simply run the hotfix.ini like before and it will be automatically replaced. run a .ini file? Never done a rightmouse on a ini file and found out that it had a Install option? :) Hitting the hotfix.exe will do the job too though. SNIP --- Outgoing mail has been scanned for Viruses Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender. Eek isn't a #include stddisclaimer.h; enough? :) Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Some troubles with windows xp (long message)
Danny Terweij wrote: SNIP Same here, but from XP and Win2k Server i got an Timed out message from ping6. I am playing with routes but it seems that radvd is not routing at all? radvd stands for Router ADVertisement Daemon. It doesn't route, it _advertises_ them. Ofcourse only if properly configured: jeroen@purgatory:~$ cat /etc/radvd.conf interface eth1 { AdvSendAdvert on; prefix 3ffe:8114:2000:240::/64 { }; }; Ofcourse, fill in your _OWN_ prefix ;) Turn on forwarding and do something like: ip -6 addr add 3ffe:8114:2000:240:290:27ff:fe24:c19f/64 dev eth1 Fill in your own IP in the range as defined above, start radvd et tada, it should work. For more info on radvd and generic configging, check Peter Bieringer's site: http://www.bieringer.de/linux/IPv6/index.html Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Using ipv6 extensively (was: Re: What can I do about IPv6?)
Daniele Nicolucci (Jollino) wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sabato, luglio 27, 2002, alle 04:53 , Mark Liu ha scritto: [...] Yes, this is also a good idea. [...] I think that the real problem is when will we able to really use ipv6?. Many OSes support IPv6, but the probably most used OS in a desktop environment does not. I'm talking about MS-Windows 98 (and possibly 95 too). http://www.trumpet.com.au/winsock/winsoc5.html Trumpet Winsock v5.0 is a fully-featured 32-bit dialler used with Windows 95/98 and Windows NT and comrising of IPv6 capabilities. Next question ;) SNIP if MS shipped an official patch for Windows 98 to allow a decent ipv6 support, with automatic 6to4 and everything, we would see many sites adding ipv6 connectivity and maybe switching completely to ipv6. But this will happen in a long time, when most home users will have Windows XP happily installed and won't even know about this strange ipv6 thing. There isn't a _production_ stack for NT/2000/XP either from MS... The .Net stack _will_ be production quality, even though the others (including Trumpet's) work just fine... Look at it from the provider's point of view. I represent a company, and I want as much visibility on the net as possible. Since most of my target is using a non-ipv6-compatible operating system, I -must- provide my service on ipv4 connectivity, and -possibly- on ipv6 too. But why bother, then? Would my services have more visibility for home users if I allowed them to reach my services via ipv6? No, not really, since most of them don't even know why a dvd holds much more data than a cd. Chicken and egg problem, big corporations/organisations/universities didn't want to come of their IPX/SAP/DECNET etc protocols either... it's just a matter of time. I am service provider, and I'm not into experiments, so I won't use ipv6. That's your choice ;) Nobody is forcing you. And therefore, since most of the services are reachable only by ipv4 connectivity, new productivity (i.e. non experimental) services won't come out with ipv6 connectivity. And if they were, like the gnutella thing, very few people would use it, since under w98 wouldn't allow it, and this would turn out into a negative spyral. Trumpet is ringing and they have been for over a couple of years now. Now, I'm not a programmer; or at least, I wouldn't be able to help about this. So I'm asking this mailing list: is it really so difficult to implement an ipv6 stack for windows 98 which works on every machine, even if it hasn't got a network interface card? This would be a nice challenge for the open-source world, and the benefits would be enormous, allowing the 6bone to become a full and real 6internet. If maybe you did actually even used it once you would know that there is no '6internet' There is simply _1_ internet that's why it's called an internet. Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Using ipv6 extensively (was: Re: What can I do about IPv6?)
Daniele Nicolucci (Jollino) [mailto:[EMAIL PROTECTED]] wrote: Sabato, luglio 27, 2002, alle 10:49 , Jeroen Massar ha scritto: http://www.trumpet.com.au/winsock/winsoc5.html Trumpet Winsock v5.0 is a fully-featured 32-bit dialler used with Windows 95/98 and Windows NT and comrising of IPv6 capabilities. That is not free though. :) At this point, one would buy And what's the problem with that? Windows 95 == ~1995 Windows 98 == ~1998 It's 2002, this is computers, stuff gets renewed. And as these are commercial applications/OS's one needs to pay. Otherwise port over the KAME stack at your own pleasure. Other one: http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm Windows XP and get a new set of bugs at the same price =) I am service provider, and I'm not into experiments, so I won't use ipv6. That's your choice ;) Nobody is forcing you. I was just transcribing the possible way of thought of a service provider. A simple service provider won't bother with v6 connectivity if it won't be useful to catch potential customers, and in this way the use of the ipng technology gets delayed even more. Chicken and egg. No software and No connetivity Software is being addressed, we just have to nag everyone a bit. At least for MS OS's Microsoft is going to support it's most crucial apps for .Net to have IPv6 support. I personally would love to see Netmeeting with IPv6 support hint Connectivity is being addressed by the ISP's check: http://www.ripe.net/ipv6/ipv6allocs.html Total Allocated for the 3 RIRs: 178 15 Allocations this month in only the RIPE region, it _will_ catch on... In Japan/APNIC region you simply call up your ISP and say I want IPv6 connectivity and you get it ;) It will come, one can hop on the train now, or miss the train. And therefore, since most of the services are reachable only by ipv4 connectivity, new productivity (i.e. non experimental) services won't come out with ipv6 connectivity. And if they were, like the gnutella thing, very few people would use it, since under w98 wouldn't allow it, and this would turn out into a negative spyral. Trumpet is ringing and they have been for over a couple of years now. That is not freeware, as I already pointed out. :) Windows XXX isn't freeware either, where is your problem? Also Microsoft doesn't want one to run 9x simply because they don't want to keep supporting stuff from almost 7 years ago. In computer terms that's another century. For further questions and explainations you should ask it the microsoft people: http://www.research.microsoft.com/msripv6/ [EMAIL PROTECTED] handled by [EMAIL PROTECTED] allowing the 6bone to become a full and real 6internet. If maybe you did actually even used it once you would know that there is no '6internet' There is simply _1_ internet that's why it's called an internet. It was just a way to identify it as the internet after the Big Switch to ipv6. :) There will be no big switch. It will all evolve. The current time schedule can be found at: http://isoc.nl/activ/cursusmateriaal/2002-Masterclass-IETF-IPv6.ppt http://isoc.nl/activ/cursusmateriaal/2002-Masterclass-IETF-IPv6.sxi At least this is the forecast ;) For the rest you should prolly check http://www.hs247.com/ Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
PuTTY 2002-04-25 IPv6
Boo, A new version of PuTTY IPv6 has seen the daylight. Get it at: http://unfix.org/projects/ipv6/ In short, the cool new stuff that now also works: - IPv6 tunneling. - X Forwarding over IPv6. - Issues. - much more... Greets, Jeroen From the PuTTY IPv6 changelog, which will be in the CVS soon(tm): 8-- * IPv6 patch 5 (25 April 2002) Jeroen Massar [EMAIL PROTECTED] * - patch against CVS of yesterday, submitted as a 'cvs diff -u'. * - removed some 'old' debug statements. * - commented away ':' removal in window.c, which breaks direct IPv6 (eg 3ffe:8114::1) addressing. *We should find a neater workaround, common is to use [3ffe:8114::1]:22 (3ffe:8114::1 port 22). * - IPv6 tunnels work, including X forwarding. * - Added address to string conversion for IPv6 addresses. * - sk_newlistener() now sports an address_family argument. *PuTTY should give along the current connected IP version here. *Note that if we want to listen on both IPv4 and IPv6 we need to do two (2) sk_newlistener()'s *One for each protocol: sk_newlistener(..., AF_INET); sk_newlistener(..., AF_INET6); * - IPv6 builds (including tools) can be found on http://unfix.org/projects/ipv6/ *They work on IPv4-only, IPv6-only and IPv4IPv6 dualstacked hosts. --8 - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 Web Bug for IPv4-only sites
Nathan Lutchansky wrote: I've started a service that lets sites put a web bug on the webpages on their IPv4-only site to figure out how many of their site visitors are IPv6-enabled. SNIP Check http://6bone.informatik.uni-leipzig.de/ipv6/stats/stats.php3 http://6bone.informatik.uni-leipzig.de/ipv6/stats/why-en.html : 8 Official 6bone Webserver List * What is this list for ? When you want to test/use your ipv6-browser at present, it is not easy to find the few available v6-webservers. Thats is why in this list the existing sites are collected and sorted according to their popularity. * What is logged ? Only ipv6 hits are counted. In order to avoid effects which can be produced by multiple reloads of the same page, only one access per page and ipv6-address is counted per day. * How to get on the list ? Simply add the following link to the homepage: A HREF=http://6bone.informatik.uni-leipzig.de/ipv6/stats/stats.php3; IMG SRC=http://6bone.informatik.uni-leipzig.de/ipv6/stats/log.php3?URL=dns of the webserver/a 8 Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Samba 2.2.3a IPv6 patch
Nathan Lutchansky wrote: Hi all, I hate to send software announcements like this, but I need testers and I don't know of a better place to find them than here. :-) I've released an IPv6 patch for Samba 2.2.3a that enables SMB over IPv6. Neato ;) I'll be testing this out when I get back. on the Making Windows work with SMB-over-IPv6 as stated on your site; Windows.Net does support samba over IPv6, and almost any protocol (HTTP/SMTP/...). XP does RPC over IPv6 btw. I really need to get my hands on a Windows.Net developer beta ;) And one of those nice Apple G4 Powerbook's, but that's a different story. Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Samba 2.2.3a IPv6 patch
Nathan Lutchansky wrote: on the Making Windows work with SMB-over-IPv6 as stated on your site; Windows.Net does support samba over IPv6, and almost any protocol (HTTP/SMTP/...). XP does RPC over IPv6 btw. I really need to get my hands on a Windows.Net developer beta ;) I wasn't aware that *all* .NET services supported IPv6. I've updated the webpage. Re-read that part... Windows.NET is the successor to Windows 2000 (no not XP, at least I hope they have dumped the XP enhancements ;) The .NET part does have to do with .NET services as currently deployed on Win2k XP. But it hasn't have a thing (afaik ;) to do with the fact that file print services support IPv6. If anybody does have a copy of the .NET package that supports SMB over IPv6, please, please let us know if SMB runs properly over IPv6, and if possible, test .NET with the Samba IPv6 patch. It would really be silly to add IPv6 support to Samba if it wasn't compatible with an existing SMB-over-IPv6 implementation. -Nathan As far as I understood it uses IPv6 as a transport, so it _should_ work with your patches. No guarantees there though... http://www.microsoft.com/windows.netserver/evaluation/features/default.a sp#ipv6 http://www.microsoft.com/windows.netserver/evaluation/overview/technolog ies/networking.asp reads: 8 IPv6 is the next generation of TCP/IP. IPv6 addresses limitations inherent within Internet Protocol Version 4 (IPv4) and is intentionally targeted for minimal impact on upper and lower layer protocols. Windows .NET Server introduces Remote Procedure Call (RPC) support and basic socket interface extensions, per RFC 2553, for IPv6. For applications developers, the Developer Edition of the IPv6 protocol driver and utilities, API set, and IPv6-enabled key system components such as Internet Explorer, Telnet, FTP, IIS 6.0, printing, file sharing, and others, is provided -8 IE/Telnet/FTP worked already on NT4/W2k/XP... but IIS6.0, printingfile sharing NEATO :) I've CC:'d the mslist they at least do have access to the development beta's to test it out. btw... http://v6web.litech.org/samba/ is the url for the patch. Greets, Jeroen PS: And unfortunatly those nice powerbooks are very expensive ;( - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: A DNS question re 6to6/IPv6 host IN A records.
Pim van Pelt [mailto:[EMAIL PROTECTED]] wrote: Hi, I agree with Pekka mostly. Having the same IN A/ RRs for the hostnames in your zonefile can make for awkward situations. One example might be the NL-BIT6 deployment. We have a C3640 with a 10 mbps port acting as vlan router for IPv6. It then pushes the traffic to the AMS-IX. If I am sitting at any IPv6 peer-site, and ssh/ftp/telnet to my machine at the colo, and it were to have both protocols reachable via the same name, then I would connect using IPv6 because this is preferred. ssh -4 purgatory.unfix.org or the 'ssh purgatory.ipv4.unfix.org' trick but I don't have that one in the outside dns apparently ;) However, I like my pron to transfer fast, so the gigabit IPv4 connection (yes I have a 1000SX board in my colo-box :) is preferrable over the turtle-speed IPv6 connection. IMHO you should upgrade that IPv6 connect. Fortunatly 10mbit is still 2mbit more than my inet-uplink is capable of And: --- purgatory.unfix.org ping statistics --- 5 packets transmitted, 5 received, 0% loss, time 4035ms rtt min/avg/max/mdev = 19.342/21.498/24.997/2.005 ms vs: --- purgatory.unfix.org ping6 statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 19.9/21.9/27.3 ms Doesn't differ much for me, latency wise. Besides that I don't have that heavy pr0n traffic desirement ;) Btw.. did you see that nice 10/100/1000mbit port on those cute Powerbook G4's ? And they can do IPv6, now I'll only have to find some financial aid and that gbit uplink grin The other point one might make is that IPv6 is often less well maintained than the IPv4 network. Some tunnel might go down, zebra might crash (or even IOS) and the connection will be left unattended by many administrators. This is why I normally make some distinction either by hostname 'hog.colo.bit.nl IN A' vs 'hog.colo.ipv6.bit.nl IN ' or by domain name 'hog.colo.bit.nl IN A' vs 'hog.ipng.nl IN '. Absolutely, but I personally know who to kick when you bring down my IPv6 uplink evil grin Also IPng.nl fortunatly has only been down due to scheduled maintainances and not because it 'failed' suddenly. And you probably also remember how the couple of times we saved a box because the IPv4 routing was peeped and we still could reach it over IPv6; Long live native IPv6. This whole story ofcourse all depends on the fact how far one is in the transition process and if you take IPv6 for granted as a 'must-work' service level just like IPv4. Personal taste also comes in mind ofcourse ;) Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: [Freenet6] Does Apache-2 listen for IPv6 on a 6to4 network?
Robert [mailto:[EMAIL PROTECTED]] wrote: SNIP I have Win 2K, Advanced Server, SP2, and the Install wininet.dll wont install because it is looking for SP1. The wininet.dll that came in the package msripv6-bin-1.4.exe is not suitable for IE-6, or anything on W2K-AS as it states in it's readme file. It's early IE and NT suitable only The wininet.dll that comes in the package tpipv6-001205.exe won't install because it looks for SP1, and I'm sp2. So in short, with W2K-AS + SP2, I have no IPv6 connectivity for IE-6. I might add the IPv6 package itself works fine. Just can't get any browsers to understand IPv6. Including last nights Mozilla download. If you have a wininet.dll that works on my set up - I'd sure appreciate a copy. http://www.ipng.nl/index.php3?page=setup.htmlforcepage=windows.html for instructions stuff... Or directly http://www.ipng.nl/tpipv6-001205-SP2-IE6.zip for the 'fixed' package. Note that it's also in the MS FAQ which tells you how to do this and ofcourse it can be found on http://hs247.com Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: [Freenet6] Does Apache-2 listen for IPv6 on a 6to4 network?
Harald Koch wrote: and does IE understand IPV6? good question ? It's version 6, on W2K - but that doesn't mean a lot. You have to re-install the IPv6 kit every time you upgrade (and sometimes patch) Internet Explorer, to get the IPv6 enabled version of wininet.dll. Not entirely true; If you install the patch I engineered you will also get a wininet.dll versioned 6.58.1.1, and with the comment IPv6 Technology Preview. This will be 'safe' for quite some time as wininet.dll isn't revised that much. At least it survived on my box for quite some time now ;) And XP works out of the box, you only need to type the ipv6 install part. By the way I heared only XP Pro (consumer Pro that is ;) does support IPv6 and that XP Home doesn't.. unverified though as I will be skipping XP completely, drivers support and colors blabla Maybe it's time to 'engineer' a stolen-dll version from XP, but I don't know if that's legal, editing resources probably isn't either but heh... Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: A DNS question re 6to6/IPv6 host IN A records.
[EMAIL PROTECTED] wrote: In the forward/reverse zones on a 6to4 setup, should I have nanguo IN A203.1.96.5 nanguo-v6 IN 2002:cb01:6005:2::1 or nanguo IN A203.1.96.5 nanguo IN 2002:cb01:6005:2::1 When referring to the particular host ? Either works - but which is ... errr... correct? i recommend the latter, definitely. with the latter you will be able o transition to IPv6 much smoother. Definitely the latter one even with reverses. I do usually add something like: purgatory A 195.64.92.136 purgatory 3ffe:8114:2000:240:290:27ff:fe24:c19f purgatory.ipv4 A 195.64.92.136 purgatory.ipv6 3ffe:8114:2000:240:290:27ff:fe24:c19f Reason: some programs can't be told to only use IPv6 or only IPv4 (usually -6 or -4 option). This way one can 'force' it to use either transport. I do usually leave out the ipv4 though as I don't use that much any more anyways ;) Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Mac OS X and IPv6
Daniel Delaney wrote: Does anyone have any resources describing how to build IPv6 into the Darwin kernel. The following things: http://www.apple.com/pr/library/2000/march/21wwdc.html http://www.opensource.apple.com/projects/darwin/1.3/release.html And some betters: http://gongon.com/persons/iseki/ipv6.png as seen on: (use the babelfish luke ;) http://gongon.com/persons/iseki/IPv6onMacOSX.html http://www.jp.ipv6.org/ml/users/200107/msg00028.html http://gnu-darwin.sourceforge.net/ and so on. use the google and the babelfish luke... :) Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 address
Michael Kjorling wrote: SNIP Speaking of 6to4... I got into a discussion with a guy in Australia who is setting up 6to4 on a bunch of systems (he has an IPv4 /24) and after a while I got to wonder... I seem to recall that the 6to4 IPv6 prefix was created by taking 2002:, appending the IPv4 address of the router, and using that as a 48-bit prefix. However, now I find pages saying that it's the *host's* IPv4 address which is used - making both the SLA and Interface ID parts of the IPv6 address irrelevant. Which is it...? The host's IPv4 address. Though you could use the routers IPv4 address too if you want too. And use the /48 for the machines in the networks 'under' it. http://www.kfu.com/~nsayer/6to4/ for 6to4 information http://www.bieringer.de/linux/IPv6/index.html explains almost all linux (and common ipv6 setup), also those nice ping behaviours for our dear useruser :) Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
Quake2 IPv4 IPv6
We are proud to present : Quake2 II IPv4 *AND* IPv6 capable server running at game-2.concepts.nl Thanks to Concepts ICT (www.concepts.nl) for the hosting, and Viagenie (www.viagenie.gc.ca / www.freenet6.net) for the patching of Quake2 to support IPv6 and even implementing a very nice use of IPv6 multicast. The code can be downloaded from: http://www.viagenie.qc.ca/en/ipv6/quake2/ipv6-quake2.shtml They have Win32 and FreeBSD binaries available. The server in question is reachable over IPv4 and IPv6 and is using a bit modified code from the viagenie source. This as the IPv4 capability needed some changes. Patch will be forwarded soon to viagenie. The server can be found with normal Gamespy and similar applications as it's announcing itself to IPv4 gamelist servers. (q2master.planetquake.com amongst others) IPv4 IPv6 capable Quake1 will follow this day, and then it will become the official Concepts Quake server (quake.concepts.nl). Unfortunaly there is no support for IPv6 Quake 3 (yet) but our beloved people at Viagenie will surely fix that if they get the chance :) Questions? Reply to this subject on the [EMAIL PROTECTED] mailinglist (see http://mailman.ipng.nl/mailman/listinfo/ipv6) or query around on #linux.nl @ IRCNet. Greets, Jeroen PS: sorry for the crosspost ;) - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: IPv6 DoS from 3ffe:3200:f:f::2
Itojun [EMAIL PROTECTED] wrote: the node (3ffe:3200:f:f::2) is still sending bogus http requests (over IPv6) to multiple servers we have. it could be web crawler of some sort that went mad, but anyway, it is too annoying. again, please stop it. whoever you are, if you are reading it, please stop it. thanks. I've cc:'d the people in the 6bone range for you... Give them 24 hours to reply (they are very prolly in your timezone) and then call them up... And if they don't reply... simply add some nice rerouting to that ::1 target and wait till they wake up... that should be quite soon if they have any activity on the 6bone :) Ofcourse this is taking into consideration RFC 2772, section 7 on page 10: 8-- -- 2. The pTLA Applicant MUST have the ability and intent to provide production-quality 6Bone backbone service. Applicants must provide a statement and information in support of this claim. This MUST include the following: a. A support staff of two persons minimum, three preferable, with person attributes registered for each in the ipv6-site object for the pTLA applicant. b. A common mailbox for support contact purposes that all support staff have acess to, pointed to with a notify attribute in the ipv6-site object for the pTLA Applicant. 8 Would not be very handy if they are 'running rogue'... Greets and goodluck, Jeroen 8-- jeroen@purgatory:~$ whois -h whois.6bone.net 3ffe:3200:f:f::2 % RIPEdb(3.0.0b2) with ISI RPSL extensions inet6num: 3FFE:3200::/24 netname: CERNET descr:pTLA delegation for the 6bone country: CN admin-c: LX1-6BONE tech-c: CMK1-6BONE remarks: This object is automatically converted from the RIPE181 registry notify: [EMAIL PROTECTED] mnt-by: MNT-TH-CERNET changed: [EMAIL PROTECTED] 19981201 changed: [EMAIL PROTECTED] 20010117 source: 6BONE SNIP person: Li Xing address: Department of Electronic Engineering Tsinghua University, Beijing, 100084 China phone:+86 10 6278 5982 phone:+86 10 6275 2614 e-mail: [EMAIL PROTECTED] SNIP person: Chen Maoke address: Department of Electronic Engineering Tsinghua University, Beijing, 100084, China phone:+86 10 6277 7734 phone:+86 10 6278 5005 525 e-mail: [EMAIL PROTECTED] SNIP person: Wu Haisang address: Department of Electronic Engineering Tsinghua University, Beijing, 100084, China phone:+86 10 6277 4369 phone:+86 10 6278 5005 525 e-mail: [EMAIL PROTECTED] --8 - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]
RE: Who is 2001:230:201:1:203:31ff:fe4b:4000, it's ping-reply flooding me
Peter Bieringer [EMAIL PROTECTED]: I got a ICMPv6 ping echo reply flood from that host to my tunnel: Who the hell is using an IPv6 address out of my space as source address? Looks like IPv6 gateways need anti spoofing filters! Ofcourse it needs it 15:10:17.567312 128.176.191.66 195.226.187.50: 2001:230:201:1:203:31ff:fe4b:4000 3ffe:400:100:f101::40: icmp6: echo reply (encap) from inet - you 15:10:17.567669 195.226.187.50 128.176.191.66: 2001:230:201:1:203:31ff:fe4b:4000 3ffe:400:100:f101::40: icmp6: echo reply (encap) from you - inet which would mean that the ::40 is on the outside of your tunnel I presume... :) And where are the echo requests? :) traceroute6 to 2001:230:201:1:203:31ff:fe4b:4000 (2001:230:201:1:203:31ff:fe4b:4000) from 2001:6e0::250:4ff:fe4a:7708, 30 hops max, 16 byte packets 1 Amsterdam.core.ipv6.intouch.net (2001:6e0::2) 1.157 ms 1.237 ms 0.875 ms 2 2001:200:0:4402::2 (2001:200:0:4402::2) 79.461 ms 78.731 ms 79.332 ms 3 3ffe:2e00:e:fffa::1 (3ffe:2e00:e:fffa::1) 529.963 ms 931.205 ms 858.571 ms 4 2001:230:e:a::2 (2001:230:e:a::2) 663.898 ms * 511.524 ms hmmm $ whois -h whois.6bone.net 3ffe:2e00:e:fffa::1 inet6num: 3FFE:2E00::/24 netname: ETRI descr:pTLA delegation for the 6bone country: KR admin-c: MS3-6BONE tech-c: MS3-6BONE remarks: This object is automatically converted from the RIPE181 registry mnt-by: MNT-ETRI changed: [EMAIL PROTECTED] 19980723 changed: [EMAIL PROTECTED] 20010117 source: 6BONE $ whois -h whois.apnic.net 2001:230:201:1:203:31ff:fe4b:4000 % Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html % (whois7.apnic.net) inet6num:2001:230:201::/48 netname: OPICOM-KRV6-ETRI-2622 descr: OPICOM IPv6 Network country: KR admin-c: MS75-AP tech-c: MS75-AP status: NLA notify: [EMAIL PROTECTED] mnt-by: MAINT-KR-ETRI changed: [EMAIL PROTECTED] 2622 source: APNIC person: Myung-Ki Shin address: 161 Kajong-Dong, Yusong-Gu, address: Taejon, 305-350, Korea country: KR phone: +82-42-860-4847 fax-no: +82-42-861-5404 e-mail: [EMAIL PROTECTED] nic-hdl: MS75-AP mnt-by: MAINT-KR-ETRI changed: [EMAIL PROTECTED] 2309 source: APNIC Also found on http://www.krv6.net/whois.htm with google... Hope this little extra info helps... Oh btw the other registries I always try are: whois.[apnic.net|arin.org|ripe.net] these cover the most space... and if it isn't in there check http://www.apnic.net/maps/tld-list.html for the tld's :) And don't forget to contact your upstreams if you want to stop it this instant... Greets, Jeroen - The IPv6 Users Mailing List Unsubscribe by sending unsubscribe users to [EMAIL PROTECTED]