Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

2020-04-02 Thread Lorenzo Colitti 
On Thu, Apr 2, 2020 at 5:52 PM Gert Doering  wrote:

> > Independent of the prefix distribution mechanism, it may be worth
> revisiting
> > having a single /48 for an organisation of 4 employees.
>
> Sure, but if we start handing out /40s like there's enough of them,
> eventually there won't be.
>

You don't need to hand a /40 to every enterprise that asks for it. The
address space necessary can be roughly extrapolated from how much private
IPv4 space is in use. There are some numbers to this effect in RFC 7934
section 9.2 .

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

2020-04-01 Thread Lorenzo Colitti 
On Wed, Apr 1, 2020 at 9:12 PM  wrote:

> We are already 90% of the way here: Make IA_PD work for hosts, not
> just for routers. That way Android handsets can have as many addresses
> as they want.
>

DHCPv6 PD is one of the means suggested by RFC 7934, yes. I'm not sure that
the folks asking for IA_NA would be happy with IA_PD though. The reason
most often cited for wanting DHCPv6 is that it fits well with tracking
practices and systems that are built to support on-request addressing and
networks assigning individual IP address(es) to devices. DHCPv6 PD provides
request-based addressing, but it wouldn't do much to interoperate with
those tracking systems because they deal with addresses, not subnets. From
that perspective, ND snooping might be more likely to interoperate well.

Re: Why used DHCPv6 when RA has RDNSS and DNSSL?

2020-03-31 Thread Lorenzo Colitti 
On Wed, Apr 1, 2020 at 4:03 AM Gert Doering  wrote:

> (What they *want* is "IPAM shows what IPv6 address is in use on which
> device in the network", which DHCPv6 would do nicely, including
> static assignments via DHCP reservations - while everything else
> relies on "IPv6/MAC ND logging on the router" or other disintegrated
> fumbling...)
>

Gert, have you asked why the solutions listed in Enno's blog post

earlier in this thread don't work for them? Specifically, the router-based
IP snooping and NDP monitoring features in switch platforms? Is it just
that support for these features is patchy, and existing IPAMs do not
support them? Or is there some deeper problem? What can we do to make this
better? Yes, using IA_NA would address this particular need, but it has
disadvantages compared to SLAAC as well.

Re: Fwd: SixXS shutting down 2017-06-06

2017-03-23 Thread Lorenzo Colitti 
+1. So long, and thanks for running the service for many years and making a
meaningful contribution to the deployment and evolution of IPv6.

On Fri, Mar 24, 2017 at 3:34 AM, Doug Barton  wrote:

> I'll add a voice to the chorus. :)  Happy user off and on over many years,
> and deeply appreciative of all that you both have done to support the
> community.
>
> Best regards,
>
> Doug
>

Re: Linux and ULA support and default route

2016-10-12 Thread Lorenzo Colitti 
The linux host is correctly not adding a default route because the RA
specifies a router lifetime of 0, likely due to RFC 7084 requirement G-4.

On Wed, Oct 12, 2016 at 8:25 PM, Brian E Carpenter <
brian.e.carpen...@gmail.com> wrote:

> I'll send you the RA packet off-list.
>
> Brian
>
> On 13/10/2016 14:10, Brian E Carpenter wrote:
> > On 13/10/2016 13:47, Lorenzo Colitti wrote:
> >> On Wed, Oct 12, 2016 at 5:39 PM, Brian E Carpenter <
> >> brian.e.carpen...@gmail.com> wrote:
> >>
> >>> But what it says (before I install the correct default route) is
> >>>
> >>> fd00::/64 via fe80::be05:43ff:fe8e:ce39 dev wlp2s0  proto ra  metric
> 600
> >>> pref medium
> >>> fe80::/64 dev wlp2s0  proto kernel  metric 256  pref medium
> >>>
> >>> No default, as you can see.
> >>>
> >>
> >> Do you have a tcpdump of the RA?
> >
> > No. Any suggestions how I can catch one? Would a Wireshark capture be
> useful?
> >
> > Brian
> >
>

Re: Linux and ULA support and default route

2016-10-12 Thread Lorenzo Colitti 
On Wed, Oct 12, 2016 at 5:30 PM, Brian E Carpenter <
brian.e.carpen...@gmail.com> wrote:

> It's broken, is all.
>

"ip -6 route show" or it didn't happen.

Re: Linux and ULA support and default route

2016-10-12 Thread Lorenzo Colitti 
On Wed, Oct 12, 2016 at 3:51 PM, Brian E Carpenter <
brian.e.carpen...@gmail.com> wrote:

> ::/0   :: !n   -1  1   137
> lo
>

I think !n means network unreachable. Please provide the output of "ip -6
route".

Re: Slow WiFi with Android Marshmallow & IPv6?

2016-04-25 Thread Lorenzo Colitti 
On Tue, Apr 26, 2016 at 12:48 AM, Bjørn Mork  wrote:

> I assume you meant RFC 6106 :)
>
> But why would this problem affect only Android?  And why only a very
> specific Android version?  That doesn't compute...
>

Windows doesn't support RDNSS. Apple prefers IPv4 DNS servers. Therefore,
if the ISP breaks an RDNSS-announced server, it must be a bug in Android.
QED :-)

Re: Why do we still need IPv4 when we are migrating to IPv6...

2015-02-17 Thread Lorenzo Colitti 
On Wed, Feb 18, 2015 at 5:39 AM, Anfinsen, Ragnar 
ragnar.anfin...@altibox.no wrote:

 We are deploying IPv6 (soon) and we are not buying IPv4 for postponing
 IPv6 rollout.


Obviously, if buying IPv4 addresses costs less and is higher quality than
something like MAP-E, then it makes sense to buy addresses and go
dual-stack instead of going IPv6-only.

I'm wondering what will change that equation in the future, industry-wide.
Do we expect that future equipment have MAP-E built in, and thus that the
technology to do MAP-E inline simply becomes available at zero cost as
hardware refreshes? Or do we expect that IPv4 addresses will increase in
price until it becomes a bad idea to keep buying?

Somehow I get the feeling that it won't be IPv4 traffic goes down close to
zero that gets people to move to IPv6-only.

Ragnar, what do you expect will get your network to move IPv6-only
eventually? You likely won't still be running native IPv4 in 2030. How will
you get there?

Re: Why do we still need IPv4 when we are migrating to IPv6...

2015-02-12 Thread Lorenzo Colitti 
On Thu, Feb 12, 2015 at 5:33 AM, olaf.bonn...@telekom.de wrote:

 I wonder if it would make a difference if big eyeballs ISPs (among the
 3 largest in a country) would start talking to content providers, telling
 them hey, you know, your content is quite popular with our users, but
 since it's v4-only, we need to seriously throttle it to avoid overloading
 our CGN.  v6 goes unlimited, btw

 just dreaming...

 [Obo]: Nice idea :). However content is king and your customer hotline
 will turn red because of people blaming you as ISP.


That's not true. ISPs shake down content companies all the time - look at
Comcast vs. Netflix, for example. I'm sure that as a large DT does its
share of that kind of thing too :-)

Re: IPv6-only residential service (MAP, lw4o6)

2014-12-06 Thread Lorenzo Colitti 
They deployed 6rd as well, but not to that many users. I think it was not
turned on by default or something.

Another IPv6-only service here in Japan is v6 plus, which I believe is a
derivative of MAP but with proprietary bits for authentication purposes.
(The reason why IPv6-over-IPv4  is used here is because the fiber
incumbent, NTT, provides a network that's capable of either PPPoE or native
IPv6, but not IPv4; I assume that this unbundling situation requires
authentication in a way that a single-ISP deployment does not.) That
service uses shared IPv4 addressing and requires either an NTT CPE or a
particular buffalo CPE. I don't think this service is very common /
successul.

It won't be easy to prove that DS-Lite is not being deployed, because there
are some fairly large deployments in Germany (Kabel Deutschland and
Unitymedia, both owned by Liberty Global).

If what you're planning to deploy is MAP with a full IPv4 address per user,
then that's proven, because Softbank is doing it. I'm not aware of any
substantial deployments of MAP with shared addressing.

On Sat, Dec 6, 2014 at 4:19 PM, Yannis Nikolopoulos d...@otenet.gr wrote:

  On 12/05/2014 05:48 PM, Lorenzo Colitti wrote:

  On Fri, Dec 5, 2014 at 10:30 PM, Yannis Nikolopoulos d...@otenet.gr
 wrote:

 I'm wondering, have people deployed IPv6-only residential services? I
 know of a couple of DS-lite implementations, but we'd be more interested to
 hear about network operators deploying either MAP or lightweight 4over6
 (not just trials though, but actual commercial services)


  Softbank (Japan) launched an IPv4-over-IPv6 service in August 2012. They
 use what looks to me to be an IPv4-in-IPv6 tunnel, but could be just a
 particular case of MAP-E with no portset. The service is up to 1G down / 1G
 up and they do encapsulation in hardware in a proprietary CPE.


 I remember them deploying 6rd, but I could be wrong.

 We're considering MAP or lw4o6. The problem is that our management prefers
 proven solutions (i.e deployed by other ISPs) and the only proven
 solutions I'm aware of are full blown CGN solutions. That's why I was
 trying to find commercially deployed cases based on either MAP or lw4o6.
 Alternatively, It would also be of value if I could prove that, for
 example, DS-lite is not being deployed either :)

 cheers,
 Yannis

Re: Something with filters

2014-08-27 Thread Lorenzo Colitti 
On Wed, Aug 27, 2014 at 9:01 AM, Jeroen Massar jer...@massar.ch wrote:

  9  2001:5a0:a00::2e (2001:5a0:a00::2e)  79.018 ms  79.910 ms  79.960 ms
 10  :: (::)  101.893 ms  102.004 ms  103.574 ms
 11  rar3.chicago-il.us.xo.net (:::65.106.1.155)  104.732 ms

 Yeah baby, we can use the unspecified address in ICMP replies!


The mapped IPv4 address in there is pretty cool, too...

Re: SMTP over IPv6 : gmail classifying nearly all IPv6 mail as spam since 20140818

2014-08-22 Thread Lorenzo Colitti 
On Fri, Aug 22, 2014 at 7:24 AM, Nick Hilliard n...@foobar.org wrote:

 On 22/08/2014 15:16, Lorenzo Colitti wrote:

 Are you following the Additional guidelines for IPv6 section of
 https://support.google.com/mail/answer/81126 ?


 it looks like Google is trying to enforce SPF / DKIM on ipv6 connections
 where there is no similar requirement for ipv4.  Is there a particular
 reason for this?  It's causing a lot of breakage.


I believe the answer has to do with the fact that a lot of IPv6 email is
spam and the fact that if you can't/won't do what's suggested in the
additional guidelines for IPv6 then you can always continue to use IPv4.
From what I've heard it's somewhat of a consensus position among large
email operators on what to do for IPv6 SMTP inbound.

Note that from the text it sounds like SPF / DKIM is not strictly required,
but it looks like a PTR record is a hard requirement.

Re: enterprise IPv6 only client computers and IPv4 connectivity

2013-04-30 Thread Lorenzo Colitti 
On Tue, Apr 30, 2013 at 4:03 PM, Mikael Abrahamsson swm...@swm.pp.sewrote:

 If an enterprise today would decide that they're going to run IPv6 only on
 their LAN, they would have recent Win7|Win8|OSX|Ubuntu clients on their
 client computers, what mechanism would they use to access IPv4 Internet?


None, and good luck?