Re: IPv6 Wow
On Mon, 13 Oct 2008, Nathan Ward wrote: 6to4 is enabled by default in Vista - any Vista machine with a non-RFC1918 address will use 6to4. It is also available in some linksys routers, and is enabled by default in Apple Airport Extreme. I've been told there is a difference between OEM and non-OEM Vista machines when it comes to Teredo being activated or not. Perhaps a good way to do it is advertise outside Europe, but have the providers that get your advertisement out there prepend their AS a few times as it leaves. That way, US providers will still prefer US 6to4 relays (ie lower latency) but any who don't get a 192.88.99.0/24 route from the US will us your relay in Europe. Kinda gets you best of both worlds. Yeah, that's been one option as well, prepending 2-3 times to our peers/transit in the US is probably a good middle way. Regarding some numbers on 6to4 and Teredo usage, I'd like to point people to this thread on the ipv6ops IETF list: http://www.ops.ietf.org/lists/v6ops/v6ops.2008/msg01582.html If someone has some nice code that'll take a list of IPv6 addresses and break it down to geographical distribution of native/teredo/6to4, I'd be more than happy to run it on my data. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: IPv6 Wow
On Sun, 12 Oct 2008, Daniel Senie wrote: I do wonder whether where the Vista machines on public IPs really are. I also have to wonder if performance is really better when those users are routed over 6to4 in Europe from, say California, or whether they'd actually get better performance if they stuck in a NAT box, resulting in their using IPv4 instead? I'd say it's very rare where IPv6 will give you better performance than IPv4 right now. Regarding where they are, I'd say all over the place. It's very common in my regional market to hand out one or more public IPs, and if the customer doesn't put their own NAT box there, then their Vista computer(s) will have public IPs and will use 6to4. Regarding 6to4 or Teredo, I've done some testing of my own and the statelessness of 6to4 makes it avoid some of the session setup/NAT travesal magic of Teredo that slows Teredo down. I'd much rather see the NAT boxes do 6to4 and run native on their local LAN segment, than having end hosts do Teredo to get thru the NAT. It'll give the end user a better IPv6 experience. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: IPv6 Wow
On 13/10/2008, at 7:24 PM, Mikael Abrahamsson wrote: On Sun, 12 Oct 2008, Daniel Senie wrote: I do wonder whether where the Vista machines on public IPs really are. I also have to wonder if performance is really better when those users are routed over 6to4 in Europe from, say California, or whether they'd actually get better performance if they stuck in a NAT box, resulting in their using IPv4 instead? I'd say it's very rare where IPv6 will give you better performance than IPv4 right now. Regarding where they are, I'd say all over the place. It's very common in my regional market to hand out one or more public IPs, and if the customer doesn't put their own NAT box there, then their Vista computer(s) will have public IPs and will use 6to4. Regarding 6to4 or Teredo, I've done some testing of my own and the statelessness of 6to4 makes it avoid some of the session setup/NAT travesal magic of Teredo that slows Teredo down. I'd much rather see the NAT boxes do 6to4 and run native on their local LAN segment, than having end hosts do Teredo to get thru the NAT. It'll give the end user a better IPv6 experience. Long term I agree, but short term I prefer Teredo for regular end users' experience. Where regular end user means an end user communicates with a relatively small number of remote hosts. Several reasons: 1) 6to4 currently lacks a testing mechanism to ensure that it is functioning at startup, and that it is still functioning. Packets are sent and blackholed by the network, resulting in a 90s timeout waiting for a response to the three SYN packets in a TCP connection set up. 90s is a long time for users today, and my experience shows that they consider a service to be 'broken' before they wait for the timeout to expire. 2) If Teredo relays are deployed close to the service (ie. content, etc.) then performance is almost equivalent to IPv4. 6to4 relies on relays being close to both the client and the server, which requires end users' ISPs to build at least *some* IPv6 infrastructure, maintain transit, etc. When you consider that this infrastructure and transit is quite likely to be over long tunnels to weird parts of the world, this is a bad thing. Putting relays close to the content helps for the reverse path (ie. content - client), however the forward path (client - content) is likely to perform poorly. -- Nathan Ward
Re: IPv6 Wow
On Mon, 13 Oct 2008, Mikael Abrahamsson wrote: On Sun, 12 Oct 2008, Daniel Senie wrote: I do wonder whether where the Vista machines on public IPs really are. I also have to wonder if performance is really better when those users are routed over 6to4 in Europe from, say California, or whether they'd actually get better performance if they stuck in a NAT box, resulting in their using IPv4 instead? I'd say it's very rare where IPv6 will give you better performance than IPv4 right now. Rare = Absolutely Yes. Impossible = No :-) Regarding where they are, I'd say all over the place. It's very common in my regional market to hand out one or more public IPs, and if the customer doesn't put their own NAT box there, then their Vista computer(s) will have public IPs and will use 6to4. Regarding 6to4 or Teredo, I've done some testing of my own and the statelessness of 6to4 makes it avoid some of the session setup/NAT travesal magic of Teredo that slows Teredo down. I'd much rather see the NAT boxes do 6to4 and run native on their local LAN segment, than having end hosts do Teredo to get thru the NAT. It'll give the end user a better IPv6 experience. Fully agree. Unfortunately not every NATbox/cheap-consumer-router is happy to pass on 6to4 packets to its next hop :-( -- Mikael Abrahamssonemail: [EMAIL PROTECTED] Cheers, - Carlos Friac,as See: Wide Area Network Working Group (WAN) www.gigapix.pt FCCN - Fundacao para a Computacao Cientifica Nacional www.6deploy.org Av. do Brasil, n.101 www.ipv6.eu 1700-066 Lisboa, Portugal, Europe Tel: +351 218440100 Fax: +351 218472167 www.fccn.pt - The end is near see http://ipv4.potaroo.net Internet is just routes (282391/1511), naming (billions) and... people! Esta mensagem foi enviada de: / This message was sent from: 2001:690:2080:8004:250:daff:fe3b:2830 Aviso de Confidencialidade Esta mensagem e' exclusivamente destinada ao seu destinatario, podendo conter informacao CONFIDENCIAL, cuja divulgacao esta' expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via ou para o telefone +351 218440100 devendo apagar o seu conteudo de imediato. Warning This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received due to any error, please notify us via e-mail or by telephone +351 218440100 and delete it immediately.
Re: IPv6 Wow
On 13/10/2008, at 7:18 PM, Mikael Abrahamsson wrote: On Mon, 13 Oct 2008, Nathan Ward wrote: 6to4 is enabled by default in Vista - any Vista machine with a non- RFC1918 address will use 6to4. It is also available in some linksys routers, and is enabled by default in Apple Airport Extreme. I've been told there is a difference between OEM and non-OEM Vista machines when it comes to Teredo being activated or not. I've not heard that, I'll be interested if someone can confirm? Perhaps certain vendors disable IPv6 because of the lack of relays etc. in the network causing performance problems. Perhaps a good way to do it is advertise outside Europe, but have the providers that get your advertisement out there prepend their AS a few times as it leaves. That way, US providers will still prefer US 6to4 relays (ie lower latency) but any who don't get a 192.88.99.0/24 route from the US will us your relay in Europe. Kinda gets you best of both worlds. Yeah, that's been one option as well, prepending 2-3 times to our peers/transit in the US is probably a good middle way. Regarding some numbers on 6to4 and Teredo usage, I'd like to point people to this thread on the ipv6ops IETF list: http://www.ops.ietf.org/lists/v6ops/v6ops.2008/msg01582.html If someone has some nice code that'll take a list of IPv6 addresses and break it down to geographical distribution of native/teredo/ 6to4, I'd be more than happy to run it on my data. Teredo and 6to4 is easy - translate the addresses to IPv4 and geolocate with maxmind geoip or something. IPv6 is harder, you have to build a geolocation database, which I suppose you'd have to build from either origin AS location, or whatever location data the RIR has, for the prefix an address is in. I have been intending on building a map from Teredo and 6to4 using IPv6 addresses from my bittorrent population stuff, and have that as one output of a periodic study. I'm not sure how to do non-Teredo/6to4 addresses though, so if you've got some ideas there I'll whip something up, the Teredo/6to4 stuff is very simple. -- Nathan Ward -- Nathan Ward
Hostexploit report/Intercage/Esthost
Hello, My name is Konstantin Poltev and I'm with Esthost. I'd like to ask you to read through this email before hastily replying. As you are probably aware, Esthost has been accused of pretty much every mortal sin - from cybercrime to being KGB-sponsored part of Russian Business Network involved in information warfare against Georgia [R1]. However, that's just one side of the story. I'd like to present our side, in this email, and in person - I am right here at NANOG, ready to answer your questions. I've initially planned to make a short presentation during security BOF, but decided against it - I believe tempers are still too hot to hear our side of the story, also, my English is not quite as good to be able to stand up before 1000 people. However, I'll be around, in the hotel bar, should anyone want to ask me any questions in person - or should any law enforcement officer wish to arrest me :) Now, on to the story: First, few words on the community police that is accusing us of all the misdeeds. The accusations initially were made by (anonymous) John Reid from Spamhaus, then continued with anonymous rbnexploit blog, then by Jart Armin from the hostexploit. All of those are (to my knowledge) are very much anonymous. I'd love to debate the report and their accusations, in public, but, regretfully, I don't see this happening anytime soon - while I'm very much willing to travel to US and subject myself to US jurisdiction, my accuser John Reid in Spamhaus is anonymous, and Spamhaus itself claims not to be subject to any US laws, where it clearly does business. It begs the question - how come the alleged criminals are so brazen, and alleged community police so anonymous? One possible conclusion is that there's no evidence of a crime, and community police is nothing short of a lynch mob, that needs no evidence, heeds no laws, and acts as a judge, jury and executioner. However, more on spamhaus later. Finally, the last point was the publication of an article in Washington Post by Brian Krebs. Brian, as it appears, has commissioned the hostexploit report, and it makes a wonderful media story - you have full-on thriller, with cybercriminals out of Estonia being aided by corporations small and large in US - it doesn't get any better than that. Unfortunately, said report is full of unsubstantiated allegations - in fact, not just unsubstantiated, but clearly known to be false to anyone who is actually in the industry (more on this later). Brian has attempted to ask us for our side of the story. However, the questions asked were How many EstHost employees have graduated the KGB military public information school?, How often does KGB/GRU/FSB ask Esthost to implement special measures against Western visitors, Does Esthost provide GRU/SVR with information about Western visitors, What percentage of Est's revenue is reinvested by FSB into Est's infrastructure. I'm dead serious - those were the questions - I can't make this up. You can draw your own conclusions on Brian's bias and the desire of a sensational story. I'd like to point out that Esthost doesn't hide behind anonymity - names of the owners of Esthost are well known, and we live in Estonia, which, despite what you think, is as much of a Western-world country with rule of law as, say, France or Germany - with criminal police, extradition treaties, Interpol membership, etc. What is the truth? We have no affiliation with Russian Business Network (if there ever was such a thing). We have no affiliation with Emil or Atrivo (other than being an ex-customer). We have no affiliation with HostFresh. We don't know what *they* do with their network, or their abuse complaints - we can only speak for ourselves. Onto the discussion of the hostexploit report itself: I am surprised that it appears that nobody actually have taken time to read the report - as inaccuracies are glaring enough to be immediately noticable. Report is hardly unbiased - it is a very beautifully typeset piece whose purpose is to smear our company (and our vendors' vendors' vendors, and our customers, and just about anyone else, maybe short of the guys who deliver pizza to our office). As I point out flaws in the report, I'd like to again emphasize, we are not atrivo. I believe Emil and Atrivo were unfairly smeared, and as much as Esthost, they deserve fairness, although I can't speak for the rest of Atrivo's customers, not affiliated with Esthost. Report itself is located at: http://hostexploit.com/downloads/Atrivo%20white%20paper%20082808ac.pdf First part of report is fluff - using spamhaus pages as evidence of wrongdoing. Let's start with obvious: ** Page 16 - the page with the actual data: Google has 4 times more infections than Atrivo, and approximately same infection rate. Are they also cyber-criminals? Chinanet-backbone - has 48 times number of Atrivo's infections - they are
Re: IPv6 Wow
On Sun, 12 Oct 2008, Stephen Sprunk wrote: Mikael Abrahamsson wrote: This brings up an interesting question, should we stop announcing our 6to4 relays outside of Europe? Is there consensus in the business how this should be done? I have heard opinions both ways. I can understand why some folks would say stop, but unfortunately Europe has the closest public 6to4 relays to the US, and our own providers don't seem to want to put any up. That means 6to4 will break for a great many folks who _are_ trying to use IPv6 (like developers trying to get ahead of the curve and make sure their apps don't break when the transition finally happens) but whose providers haven't clued in yet. (My traceroutes to 192.88.99.1 have a next-to-last hop in Amsterdam, and I'm on one of the largest ISPs in the US, which apparently hasn't figured out 6to4, much less native IPv6.) The problem is that every tunneling mechanisms is selecting detination without the real knowldege about the underlying technology/distance etc. It was horrible during the 6bone - documented by Pekka Savola. We are not learning, from the past... 6to4 can generate same amount of problem Basically if they would obey the default address selection rules they would use 6to4 addresses only if there would be no global addressess and a resource would be acessible only from IPv6. This is the intended and recommended behaviour which is implemented by Windows (XP, Vista), *BSD systems and recent Linux systems. Unfortunately there is a broken idea of Apple to not implment RFC 3484 style Default Address Selection into the protocol stack, however it is implemented in its ancestors (*BSD + KAME) for more than 4 years now. Best Regards, Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
RE: Help needed - Cisco Netflow
Lee, Steven (NSG Malaysia) [EMAIL PROTECTED] wrote on 10/10/2008 01:20:30 PM: Does anyone aware of the sampled netflow accuracy? If you mean how well you can extrapolate real numbers from samples by multiplying by the inverse sample rate, my (initial and somewhat limited) testing showed a surprising correlation. A pretty good first approximation. Joe
Re: Hostexploit report/Intercage/Esthost
On Monday 13 October 2008 15:30:07 Konstantin Poltev wrote: and Spamhaus itself claims not to be subject to any US laws, where it clearly does business. The Spamhaus website lists addresses in the UK and Switzerland. They appear to operate from the UK, and they claim to be subject to UK law. Searching for spamhaus jurisdiction answers this in the first paragraph of the first result, not that Google is always this accurate. Spamhaus might not be perfect, but they demonstrably provide the best public source of information on spam sources on the Internet. As such criticizing them makes you look suspect in the eyes of those who have very positive experiences of spamhaus's data, and who are use to seeing criticism of them come almost exclusively from shady characters. If they are wrong say so, and tell them, they've always been very responsive to communications in the past, but don't rant.
Study on Minium Route Advertisement Interval ..
Hi, I am studying the MRAI timer and its effects on BGP - how it affects the overall BGP convergence, route flap damping, persistent oscillations, etc. It is wrt this that i would like to know the default setting that most service providers use? Do they use the default value as provider by their vendor, or do they disable it, or do they explictly set it to a value lower than the default? Please feel free to unicast me your responses. I would summarize the results and send it out on the list, without the specifics of who uses what kind of timer values. Thanks in advance, Abhishek
NANOG 44 and ARIN XXII - Live from Los Angeles in HD video
We've got a simple HDV (1440x1088 p29.976) camera setup aimed at the speaker podium area. It only has front stage video, no presenter slides. For a more full presentation experience check out the Quicktime/Winmedia streams at http://nanog.org/streaming.php The following streams will carry both NANOG and ARIN meetings for the week of October 13, 2008: ~27 megabit MPEG2 HD: 233.0.236.20:1234 (udp, mp2ts) ~3 megabit H.264/AVC HD: 233.0.59.44:1234 (udp, mp2ts) ~3 megabit H.264/AVC HD, unicast style: http://kona.doit.wisc.edu:8044 Use VLC to play these streams. When using http streams, tell vlc to buffer 5 or 6 seconds worth. Download VLC here: http://www.videolan.org/ Enjoy! -Tk
Re: NANOG 44 and ARIN XXII - Live from Los Angeles in HD video
Oh, forgot one thing. Please don't bother playing the streams on-site. :) -Tk
peeringdb admin contact?
Been trying to get someone from [EMAIL PROTECTED] to get back to me but haven't had any luck. Anyone?
Re: peeringdb admin contact?
Hi! Been trying to get someone from [EMAIL PROTECTED] to get back to me but haven't had any luck. Anyone? If you have someone responding. we have created accounts there for a couple of our customers, but still are read only level. Not really handu if you ask people on peeringforum.eu to join and not handle their request accordingly. Bye, Raymond.
RE: peeringdb admin contact?
They always respond very quickly anytime I email them you sure there isn't any spam filters etc. playing nasty on you? ;) -Original Message- From: matthew zeier [mailto:[EMAIL PROTECTED] Sent: October 13, 2008 3:53 PM To: NANOG Subject: peeringdb admin contact? Been trying to get someone from [EMAIL PROTECTED] to get back to me but haven't had any luck. Anyone? The information transmitted is intended only for the person or entity to which it is addressed and contains confidential and/or privileged material. If you received this in error, please contact the sender immediately and then destroy this transmission, including all attachments, without copying, distributing or disclosing same. Thank you.