Re: Web expert on his 'catastrophe' key for the internet
On Jul 30, 2010, at 12:55 AM, James Hess wrote: On Thu, Jul 29, 2010 at 10:23 PM, Franck Martin fra...@genius.com wrote: Hmmm, from the interview of the British guy, the smart card seems to be in UK (he did a lapsus on it), which differs from what you describe. You gotta read up on the whole ceremony and their statement of practices: https://www.iana.org/dnssec/icann-dps.txt ... Hmm. Looks like an RFC, but isn't. Do you know if there are any plans to actually publish this ? Regards Marshall Crypto Officers are different from Recovery Key Share Holders. Crypto officers hold a key to a safe deposit box in the safe room Safe 2, containing the operator cards. Tier 5 Each vault contains a Tamper-evident bag (TEB) with a smart card required to authenticate with the HSM to perform crypto operations. Those cards don't leave the facility. The operatorscards are only authentication tokens, the key is stored on the hardware security modules. Hardware security modules, and the laptop+DVD+USB Flash stick required to operate them are stored in tamper evident bags in Safe 1. There are 7 crypto officers per site, but only 3 are required to authenticate to the HSM to enable it to perform operations. The recovery key share holders have a key to a bank safety deposit box under _their own_ control, containing a smartcard in tamper-evident bag, holding part of the HSM's internal encryption key. Each RKSH has to provide and maintain records of where they are storing their smartcard. 7 RKSH per site, but only 5 are required for recovery operations. -- -J
Re: Addressing plan exercise for our IPv6 course
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. With all due respect, I can't see it. Why would a home user need multiple subnets? Are they really likely to have CPE capable of routing between subnets at 21st Century LAN speeds? Isn't that needlessly complicating the home environment? Additionally, when it comes to address size, Andy Davidson et al make a good point - you request what you expect to assign, and due to the massive availability of the IPv6 address space, you generally get it assigned within a few days. It just seems *wasteful* to me. /32 is a lot of space, if most customers are only going to have a few machines on one subnet, why not just give them a /64 and have an easy way to just click on a button on your customer portal or similar to assign a /48 and get it routed to them. M
Re: Addressing plan exercise for our IPv6 course
On 2010-07-30 09:27, Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. With all due respect, I can't see it. Why would a home user need multiple subnets? * Wireless * Wired * DMZ Those three I see a lot at various people's places. Also note that you should stop thinking of today, think about what might be possible in 10, 20, 30, 40, 50 years... You don't have to bother your customers and your customers don't have to bother you anymore. The /48 for end-users might indeed be a bit on the much side, but a /56 is IMHO perfect fit for any home-site. The huge advantage of just giving out /48s though is that you don't have to care about if the connection is terminated at a home or a big corporation, as they say with shirts: one size fits all, simply as it is way too big. Greets, Jeroen
Re: Addressing plan exercise for our IPv6 course
On 30 July 2010 08:32, Jeroen Massar jer...@unfix.org wrote: On 2010-07-30 09:27, Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. With all due respect, I can't see it. Why would a home user need multiple subnets? * Wireless * Wired * DMZ Those three I see a lot at various people's places. I have *never* seen those three security zones separated outside of a business or the house of a nerd who runs his own Linux distro (Smoothwall etc). Furthermore, you're then pushing all that traffic into a $30 router which almost guaranteed will be underpowered. Look at it this way: When I signed up at tunnelbroker.net, I received a /64. I was happy, and I went about my business. I wanted to have a play with something a bit bigger, I pressed Assign /48 and it was ready to go in under a second. That's how it *should* work, or at least, in my opinion. Also note that you should stop thinking of today, think about what might be possible in 10, 20, 30, 40, 50 years... I'm not thinking of today, I'm thinking about the people who use these services. They don't know about networking, they don't know about security apart from install this virus checker. Most of them will laboriously transfer files from system to system using a USB drive (or floppy disk!) even though there's a big flashing icon on their desktop saying put files here and they'll magically appear on your other machine. These people don't know and don't *care* about networks. They care about the service they get. That isn't going to change in 50 years. If you genuinely think that regular residential users need multiple subnets to create a zoned config... You're wrong. It *will* piss them off, even if transparent. It's not just because of the speed (which as you say, will improve over time) it's because suddenly their wired-in Xbox in front of the TV just won't talk to the wireless Xbox their mate just brought round to have a play with. If you say that's down to education, you've entirely missed the point. The /48 for end-users might indeed be a bit on the much side, but a /56 is IMHO perfect fit for any home-site. The huge advantage of just giving out /48s though is that you don't have to care about if the connection is terminated at a home or a big corporation, as they say with shirts: one size fits all, simply as it is way too big. Completely agree. M
Re: Addressing plan exercise for our IPv6 course
Matthew, On Jul 30, 2010, at 9:27 AM, Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. Why would a home user need multiple subnets? Even today, people are deploying multiple subnets in their homes. For example, Apple's Airport allows you to trivially set up a guest network that uses a different prefix (192.168.0.0/24) and different SSID than your normal network (10.0.1.0/24). Are they really likely to have CPE capable of routing between subnets at 21st Century LAN speeds? Sure. Given time and Moore's law, I figure that's pretty much guaranteed. Isn't that needlessly complicating the home environment? It's really a question of time horizons. If you buy into a future world of sensornets and massive home automation, rooms in houses would have tens or hundreds of devices, all individually addressable. And that's ignoring devices hung off your body attached via a personal area network. In such an environment, I can easily imagine multiple subnets. Of course, not everyone buys into these ideas (and they're certainly not going to happen tomorrow), however I believe one of the rationales behind /48s is why architect in impediments if you don't have to?. It just seems *wasteful* to me. It is (mindboggling so), in the sense of address utilization. However, there are a lot of /48s in IPv6 (if you multiply the current IPv4 address consumption rate by 1000, the 1/8th of the IPv6 address space currently used for global unicast allocations would last about 120 years), so people are suggesting we optimize for flexibility. As various people have noted, innovation is greatly facilitated when you have plentiful resources (mechanical power: industrial revolution, cpu power: GUIs, bandwidth: on-demand entertainment, etc). I gather the theory is that if you remove the need to be efficient with addresses, you'll see new innovations in the use of the network. /32 is a lot of space, if most customers are only going to have a few machines on one subnet, why not just give them a /64 and have an easy way to just click on a button on your customer portal or similar to assign a /48 and get it routed to them. Unless you allocate the /64 out of the /48 you'd assign to them (in which case, why not simply assign the /48), it would force the customer to renumber. Perhaps not that big a deal, but it seems like work for little benefit. Regards, -drc
Re: Addressing plan exercise for our IPv6 course
On 30 July 2010 09:20, David Conrad d...@virtualized.org wrote: Even today, people are deploying multiple subnets in their homes. For example, Apple's Airport allows you to trivially set up a guest network that uses a different prefix (192.168.0.0/24) and different SSID than your normal network (10.0.1.0/24). Clearly, you think you're in the right and that you're making a valid and salient point. I see the above as unreasonable rationale. The very definition of trivial I would contend here - I honestly don't know a single resi user who has even logged into their modem/router. They're shipped with the username/password already entered by many ISPs these days, so they don't even have to set it up, they just plug it an and use the internet. There's no point in arguing this further. As you rightly say, there's plenty of IPv6 space, I don't dispute the /48 point. I'm saying that there is no need for a /63 let alone a /48. No, I'm not saying /63 is a sensible allocation policy. I've yet to be convinced of any need for more than one subnet in the vast majority of residential internet cases. sensornets or otherwise (a concept invented in the early 20th Century and still not present outside of science fiction and commerce). M
Re: Addressing plan exercise for our IPv6 course
On Jul 30, 2010, at 12:27 AM, Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. With all due respect, I can't see it. Why would a home user need multiple subnets? Are they really likely to have CPE capable of routing between subnets at 21st Century LAN speeds? Isn't that needlessly complicating the home environment? 1. Because eventually, home environments will become cognizant of the fact that they need more than one security profile for more than one usage. Because the number of devices present in home networks today is a very tiny fraction of the likely number in just a few years as new applications are developed to take advantage of the restoration of the end-to-end model of the internet. Because the devices in homes today represent a small fraction of the diversity that is likely within the next 10 years. 2. Yes, they are already available. A moderate PC with 4 Gig-E ports can actually route all four of them at near wire speed. For 10/100Mbps, you can get full featured CPE like the SRX-100 for around $500. That's the upper end of the residential CPE price range, but, it's a small fraction of the cost of that functionality just 2 years ago. 3. Not at all. In fact, one could argue that limited address space, NAT, uPNP, and a number of the things home users live with today complicate the home environment much more than a relatively simple router with DHCP-PD and some basic default security policies for such subnets as: Home sensor network and/or appliances Kids net (nanny software?) Home entertainment systems Guest wireless General purpose network Additionally, when it comes to address size, Andy Davidson et al make a good point - you request what you expect to assign, and due to the massive availability of the IPv6 address space, you generally get it assigned within a few days. It just seems *wasteful* to me. /32 is a lot of space, if most customers are only going to have a few machines on one subnet, why not just give them a /64 and have an easy way to just click on a button on your customer portal or similar to assign a /48 and get it routed to them. Why go to all that extra effort instead of just giving them the /48 to begin with? What is the gain to the preservation of integers? How's this sound... Try IPv6 as designed with liberal address assignments in favor of good aggregation for 2000::/3. If we run out of that, I'll support any reasonable proposal to be conservative with the other 7/8ths of the address space if I'm still alive when we get there. Owen
Monitoring tools for IPv6 tools
Hello, I am looking for monitoring tools that already have support to IPv6. I am looking for both freeware and commercial tools. Please, do you know what network management system are already supporting IPv6 ? Thanks ./diogo -montagner
Re: 33-Bit Addressing via ONE bit or TWO bits ? does NANOG care?
On Thu, Jul 29, 2010 at 11:38:56PM -0400, Atticus wrote: What world do live in? Yes, we extend the life of IPv4 by increasing the numeric range. As for only needing port 80, I'm not really sure where you've been for the last decade or so. There's are hundreds of services using different ports, and tunneling them all makes absolutely no sense. Yes, we don't really need 65k ports, but stealing bits in the header from them is the most ridiculous thing I've heard yet. Fark, Tom, he's gone straight past the hook, line, and sinker, and taken it all the way up to the second line guide. Better get the big pliers. - Matt
Re: Addressing plan exercise for our IPv6 course
On Jul 30, 2010, at 1:13 AM, Matthew Walster wrote: On 30 July 2010 08:32, Jeroen Massar jer...@unfix.org wrote: On 2010-07-30 09:27, Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. With all due respect, I can't see it. Why would a home user need multiple subnets? * Wireless * Wired * DMZ Those three I see a lot at various people's places. I have *never* seen those three security zones separated outside of a business or the house of a nerd who runs his own Linux distro (Smoothwall etc). Furthermore, you're then pushing all that traffic into a $30 router which almost guaranteed will be underpowered. If you'd like to come by my house, we can arrange that. I don't run linux on anything except one server. It doesn't do any routing. The routers that provide security boundaries are: 1. Juniper SRX-100 2. Apple Airport Extreme Look at it this way: When I signed up at tunnelbroker.net, I received a /64. I was happy, and I went about my business. I wanted to have a play with something a bit bigger, I pressed Assign /48 and it was ready to go in under a second. That's how it *should* work, or at least, in my opinion. That's certainly one way to do it. However, I'm not sure it's how we would do it if we were starting today knowing what we know now. It does add a certain amount of complexity to our address planning and to our systems to make it work that way. IMHO, that complexity is unnecessary. Also note that you should stop thinking of today, think about what might be possible in 10, 20, 30, 40, 50 years... I'm not thinking of today, I'm thinking about the people who use these services. They don't know about networking, they don't know about security apart from install this virus checker. Most of them will laboriously transfer files from system to system using a USB drive (or floppy disk!) even though there's a big flashing icon on their desktop saying put files here and they'll magically appear on your other machine. These people don't know and don't *care* about networks. They care about the service they get. That isn't going to change in 50 years. First, your assumption that their knowledge level remains constant is absurd, so, in that statement you are thinking only of today. 10 years ago, most of those users wouldn't know what a web site was. Most of the do today. Just 10 years ago, most of them didn't know what email was. Most of them use email on a daily basis today. Second, with DHCP-PD and likely future CPE products, they will be able to simply connect pre-defined security zones to the right ports on the CPE based on the port labels. There will likely be a reasonable default security policy pre-installed for each zone. Even my parents could handle plugging things like TiVo, the stereo, etc. into ports labeled Home Entertainment while plugging the Kids computers into Nanny ports and their own computers into General Access ports. It's not significantly harder than the current need to get the LAN and WAN ports right on today's CPE. If you genuinely think that regular residential users need multiple subnets to create a zoned config... You're wrong. It *will* piss them off, even if transparent. It's not just because of the speed (which as you say, will improve over time) it's because suddenly their wired-in Xbox in front of the TV just won't talk to the wireless Xbox their mate just brought round to have a play with. If you say that's down to education, you've entirely missed the point. Why wouldn't they be able to talk to each other? You make assumptions about the future implementations of CPE there that I don't think are entirely accurate. I don't even see a reason to expect that wireless devices wouldn't be able to register for an appropriate security zone by device type in some implementations. Alternatively, the wired Xbox may need to initiate the connection to the wireless, or, vice-versa depending on implementation, but, I would expect CPE vendors to be able to solve that problem in the future. Owen
Re: Monitoring tools for IPv6 tools
Hi, I am looking for monitoring tools that already have support to IPv6. I am looking for both freeware and commercial tools. Please, do you know what network management system are already supporting IPv6 ? we keep the list in the LIR Handbook (page #64) http://www.ripe.net/training/material/LIR-Training-Course/LIR-Handbook.pdf here is a list of some of the free (and/or open source) tools: # IPAT (IP Allocation Tool) http://nethead.de/index.php/ipat # NetDot https://netdot.uoregon.edu/trac/ # HaCi http://sourceforge.net/projects/haci/ # FreeIPdb http://home.globalcrossing.net/~freeipdb/ # Infoblox IPAM Freeware http://www.infoblox.com/services/infoblox-ipam-freeware.cfm Following tools do not support IPv6 yet, but is in the list of planned features: IPplan http://iptrack.sourceforge.net/ TIPP http://tipp.tobez.org/ http://github.com/tobez/tipp ONA (OpenNetAdmin) http://opennetadmin.com/ Commercial IP Address Management (IPAM) Tools with IPv6 support In alphabetic order: Alcatel-Lucent VitalQIP DNS/DHCP IP Management Software Appliance Bluecat Networks / Proteus Enterprise IPAM Appliance BT Diamond IP - IPControl(TM) Sapphyre Appliances BT Diamond – IPControl(TM) Software Crypton UK - EasyIP(TM) Incognito / Address Commander(TM) Infoblox IPAM Express™ Solution Internet Associates IPal Men Mice Suite: IPAM management module Nixu NameSurfer Suite Other related commercial products that also support IPv6: EMC Ionix IPv6 Availability Manager NetCracker (Operational Support Systems or OSS) tool OPNET IT Guru (R) Network Planner These lists are for information purposes only and are not necessarily complete. RIPE NCC does not recommend any of them. There will be an article on RIPE Labs soon covering this in more detail... http://labs.ripe.net Regards, Vesna Manojlovic RIPE NCC Trainer
Re: Addressing plan exercise for our IPv6 course
Hi, * Matthew Walster On 30 July 2010 09:20, David Conradd...@virtualized.org wrote: Even today, people are deploying multiple subnets in their homes. For example, Apple's Airport allows you to trivially set up a guest network that uses a different prefix (192.168.0.0/24) and different SSID than your normal network (10.0.1.0/24). Clearly, you think you're in the right and that you're making a valid and salient point. I see the above as unreasonable rationale. The very definition of trivial I would contend here - I honestly don't know a single resi user who has even logged into their modem/router. They're shipped with the username/password already entered by many ISPs these days, so they don't even have to set it up, they just plug it an and use the internet. I can order VOIP and IP-TV services from the broadband provider I use at home. This is realised by using a separate subnet per service, so with VOIP+IPTV+Internet I'm already using three distinct subnets. I don't have to configure anything - that's all handled by my ISP. I just have to connect the IP telephone and IPTV tuner to the correct port on the CPE and I'm ready to go. Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27
Re: Addressing plan exercise for our IPv6 course
On 30 July 2010 09:53, Owen DeLong o...@delong.com wrote: 2. Yes, they are already available. A moderate PC with 4 Gig-E ports can actually route all four of them at near wire speed. For 10/100Mbps, you can get full featured CPE like the SRX-100 for around $500. That's the upper end of the residential CPE price range, but, it's a small fraction of the cost of that functionality just 2 years ago. A moderate PC is not a typical CPE. An SRX-100 is not a typical CPE. A Draytek DSL modem/router is not a typical CPE. Your typical CPE is, and always will be, a simple device. It will (and should) contain no user configuration that is required for operation. If it does, it's too complicated for the average user. Home sensor network and/or appliances If it's really necessary to put these on a separate network, I highly doubt anyone but the true gadget geek will bother. Kids net (nanny software?) Should be sorted at the PC-level, not the network level. If it really is going to be a network service, it should be off the home network and a managed service by an ISP somewhere. Home entertainment systems Really? A separate network just for an HTPC? Guest wireless Wireless is polluted enough. Supposing everything's fixed in the future and there is near-unlimited wireless spectrum, your average user is just going to give the encryption key to the router to the guest. Network management is not on the radar for 99.9% of resi users. Seriously, this is getting silly. I'm not even going to respond any more - if you genuinely think users care about network management, you're wrong. They treat it as a black box, and that isn't going to change for a long, long, long time. M
Re: Addressing plan exercise for our IPv6 course
On Fri, 30 Jul 2010 11:11:04 BST, Matthew Walster said: Seriously, this is getting silly. I'm not even going to respond any more - if you genuinely think users care about network management, you're wrong. They treat it as a black box, and that isn't going to change for a long, long, long time. The point you're missing is that users may not care about network management *directly* - but they may care very much about the *features* that the network-ready appliance they bought at Best Buy provides them using multiple subnets under the hood. If the box says provides separate 'Guest' wireless access, that can be a selling point even if the user doesn't know it happens because the unit uses separate subnets for the home and guest addresses. End users are already used to a world where they plug in some hardware, run a program off the CD, have it ask a few questions about how you want to use the device, click the 'Do It!' button, and it all works. If networking is any different experience *for the end user*, we've as an industry screwed up big time. pgppXQSd3SHuA.pgp Description: PGP signature
Re: Monitoring tools for IPv6 tools
I think he was looking for something more in the nature of network monitoring/analysis systems that support IPv6, like NTOP. ntop has been ported to ipv6--although I am unsure of the results. http://www.ntop.org/trac/wiki/ntop cold is a snffer/analyzer with ipv6 support. http://mailman.isi.edu/pipermail/6bone/2000-August/003161.html wireshark is a fantastic sniffer/analyzer, and it supports ipv6. http://wiki.wireshark.org/ snoop comes with Solaris 10, and it supports ipv6. http://docs.sun.com/app/docs/doc/816-4554/gexky?a=view tracepath6 and traceroute6 come with the iptraf package for linux. ethereal has a non-commercial version. http://www.ethereal.com/ iperf lets you simply monitor ipv6 tcp/udp performance. http://dast.nlanr.net/projects/Iperf/ mtr uses traceroute and ping, http://www.bitwizard.nl/mtr/ nagios is a host/server/service monitoring tool. http://www.nagios.org/ weathermap creates a visual network diagram showing health. http://netmon.grnet.gr/weathermap/ Is this what you wanted? --p On 07/30/2010 05:45 AM, Vesna Manojlovic wrote: Hi, I am looking for monitoring tools that already have support to IPv6. I am looking for both freeware and commercial tools. Please, do you know what network management system are already supporting IPv6 ? we keep the list in the LIR Handbook (page #64) http://www.ripe.net/training/material/LIR-Training-Course/LIR-Handbook.pdf here is a list of some of the free (and/or open source) tools: # IPAT (IP Allocation Tool) http://nethead.de/index.php/ipat # NetDot https://netdot.uoregon.edu/trac/ # HaCi http://sourceforge.net/projects/haci/ # FreeIPdb http://home.globalcrossing.net/~freeipdb/ # Infoblox IPAM Freeware http://www.infoblox.com/services/infoblox-ipam-freeware.cfm Following tools do not support IPv6 yet, but is in the list of planned features: IPplan http://iptrack.sourceforge.net/ TIPP http://tipp.tobez.org/ http://github.com/tobez/tipp ONA (OpenNetAdmin) http://opennetadmin.com/ Commercial IP Address Management (IPAM) Tools with IPv6 support In alphabetic order: Alcatel-Lucent VitalQIP DNS/DHCP IP Management Software Appliance Bluecat Networks / Proteus Enterprise IPAM Appliance BT Diamond IP - IPControl(TM) Sapphyre Appliances BT Diamond – IPControl(TM) Software Crypton UK - EasyIP(TM) Incognito / Address Commander(TM) Infoblox IPAM Express™ Solution Internet Associates IPal Men Mice Suite: IPAM management module Nixu NameSurfer Suite Other related commercial products that also support IPv6: EMC Ionix IPv6 Availability Manager NetCracker (Operational Support Systems or OSS) tool OPNET IT Guru (R) Network Planner These lists are for information purposes only and are not necessarily complete. RIPE NCC does not recommend any of them. There will be an article on RIPE Labs soon covering this in more detail... http://labs.ripe.net Regards, Vesna Manojlovic RIPE NCC Trainer
Re: Monitoring tools for IPv6 tools
Yes. This one. But also looking for IPv6 support for tools like OpenView, Infovista, Concord eHealth. Thanks ./diogo -montagner On Fri, Jul 30, 2010 at 8:21 PM, Patrick Darden dar...@armc.org wrote: I think he was looking for something more in the nature of network monitoring/analysis systems that support IPv6, like NTOP. ntop has been ported to ipv6--although I am unsure of the results. http://www.ntop.org/trac/wiki/ntop cold is a snffer/analyzer with ipv6 support. http://mailman.isi.edu/pipermail/6bone/2000-August/003161.html wireshark is a fantastic sniffer/analyzer, and it supports ipv6. http://wiki.wireshark.org/ snoop comes with Solaris 10, and it supports ipv6. http://docs.sun.com/app/docs/doc/816-4554/gexky?a=view tracepath6 and traceroute6 come with the iptraf package for linux. ethereal has a non-commercial version. http://www.ethereal.com/ iperf lets you simply monitor ipv6 tcp/udp performance. http://dast.nlanr.net/projects/Iperf/ mtr uses traceroute and ping, http://www.bitwizard.nl/mtr/ nagios is a host/server/service monitoring tool. http://www.nagios.org/ weathermap creates a visual network diagram showing health. http://netmon.grnet.gr/weathermap/ Is this what you wanted? --p On 07/30/2010 05:45 AM, Vesna Manojlovic wrote: Hi, I am looking for monitoring tools that already have support to IPv6. I am looking for both freeware and commercial tools. Please, do you know what network management system are already supporting IPv6 ? we keep the list in the LIR Handbook (page #64) http://www.ripe.net/training/material/LIR-Training-Course/LIR-Handbook.pdf here is a list of some of the free (and/or open source) tools: # IPAT (IP Allocation Tool) http://nethead.de/index.php/ipat # NetDot https://netdot.uoregon.edu/trac/ # HaCi http://sourceforge.net/projects/haci/ # FreeIPdb http://home.globalcrossing.net/~freeipdb/ # Infoblox IPAM Freeware http://www.infoblox.com/services/infoblox-ipam-freeware.cfm Following tools do not support IPv6 yet, but is in the list of planned features: IPplan http://iptrack.sourceforge.net/ TIPP http://tipp.tobez.org/ http://github.com/tobez/tipp ONA (OpenNetAdmin) http://opennetadmin.com/ Commercial IP Address Management (IPAM) Tools with IPv6 support In alphabetic order: Alcatel-Lucent VitalQIP DNS/DHCP IP Management Software Appliance Bluecat Networks / Proteus Enterprise IPAM Appliance BT Diamond IP - IPControl(TM) Sapphyre Appliances BT Diamond – IPControl(TM) Software Crypton UK - EasyIP(TM) Incognito / Address Commander(TM) Infoblox IPAM Express™ Solution Internet Associates IPal Men Mice Suite: IPAM management module Nixu NameSurfer Suite Other related commercial products that also support IPv6: EMC Ionix IPv6 Availability Manager NetCracker (Operational Support Systems or OSS) tool OPNET IT Guru (R) Network Planner These lists are for information purposes only and are not necessarily complete. RIPE NCC does not recommend any of them. There will be an article on RIPE Labs soon covering this in more detail... http://labs.ripe.net Regards, Vesna Manojlovic RIPE NCC Trainer
Re: Addressing plan exercise for our IPv6 course
In a message written on Fri, Jul 30, 2010 at 09:13:54AM +0100, Matthew Walster wrote: On 30 July 2010 08:32, Jeroen Massar jer...@unfix.org wrote: On 2010-07-30 09:27, Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: With all due respect, I can't see it. Why would a home user need multiple subnets? * Wireless * Wired * DMZ Those three I see a lot at various people's places. I have *never* seen those three security zones separated outside of a business or the house of a nerd who runs his own Linux distro (Smoothwall etc). Furthermore, you're then pushing all that traffic into a $30 router which almost guaranteed will be underpowered. I know of at least one nationwide DSL provider that ships (with higher end products) a WiFi router with a single checkbox for guest network, which provides a captive portal style guest WiFi network for folks who visit your house. The same box has had for years a DMZ function for your gaming console/machine. The guest network is a separate subnet. The DMZ today is not, it's the wierd IPv4 pass-through thing many NAT boxes do to make weird games work. Still, it's all in a box thats given away for free by an ISP to a new signup; and with IPv6 having more addresses I see no reason each might not be its own subnet in 5-10 more years when IPv6 has taken hold. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpWwj31r4ty2.pgp Description: PGP signature
Re: Monitoring tools for IPv6 tools
https://docs.google.com/viewer?url=http://www.6diss.org/tutorials/management.pdf http://tools.6net.org/ --- diogo.montag...@gmail.com wrote: From: Diogo Montagner diogo.montag...@gmail.com To: nanog@nanog.org Subject: Monitoring tools for IPv6 tools Date: Fri, 30 Jul 2010 17:06:31 +0800 Hello, I am looking for monitoring tools that already have support to IPv6. I am looking for both freeware and commercial tools. Please, do you know what network management system are already supporting IPv6 ? Thanks ./diogo -montagner _ Get your own *free* email address like this one from www.OwnEmail.com
Re: Addressing plan exercise for our IPv6 course
Matthew Walster wrote: On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote: There's a good chance that in the long run multi-subnet home networks will become the norm. With all due respect, I can't see it. Why would a home user need multiple subnets? Are they really likely to have CPE capable of routing between subnets at 21st Century LAN speeds? Isn't that needlessly complicating the home environment? I strongly urge all my competitors to approach IPv6 with this philosophy. In other words, in the long run it will push up your labor costs (for admins, for customer support), and push down your customer satisfaction because you were needlessly worried about the scarcity of a plentiful resource and didn't think ahead to new technologies, new ideas, and hampered your network with an allocation scheme that didn't expand gracefully to acomodate new uses. Look at it this way - most (ISPs, businesses, consumers, appliance vendors) are going to allocate according to the recommendations or be using an allocation according to the recommendations. Why are you even *considering* using a different allocation scheme? What do *you* gain? All I see are headaches from doing it differently. When you hire you will need to retrain admins who are accustomed to the recommended system. When you get new customers, you will have to retrain them to use your non-standard system. When they try to use appliances that are pre-configured to use the recommended system, their appliances won't work right or will need special configuration. Etc. If - IF the recommendations are not conservative enough (which is considered to be a very remote possibility), then we can change the recommendations when we put the next 1/8 of the IPv6 IPs into service. But consider the possible use case where we actually start to run out of IPs in this first 1/8 segment of the IPv6 space. It's not going to happen by IP usage from current services. It's going to happen by IP consumption from new, as yet unimagined, services. And if we have all these new services (devices, appliances) that require IP addresses then it means we WILL need to do subnetting at end user premises. jc
SingTel (AS7473) is only announcing ConnectPlus (AS9911) routes to Level3 (AS3356) in SJC?
Anyone on the list who can offer an explanation about the following scenario? We have taken this up with providers at either end but it will take awhile to filter up to the ASes in question. We were seeing a London to Singapore connection go via San Jose causing a 50%+ increase in latency. It appears that SingTel (AS7473) is only announcing ConnectPlus (AS9911) routes to Level3 (AS3356) in SJC. However they have many adjacencies in many countries and other routes of both AS7473 and it's other downstreams don't appear to be affected (although I haven't tested them all). Traceroutes are appended at the end but to see for yourself use 202.176.222.0 as a BGP or traceroute query in the Level3 looking glass for both London and any other location, then compare with 167.172.93.0 Checking another large AS at random, they see AS7473 announcing AS9911 routes in London. thanks Marty Show Level 3 (London, England) Traceroute to 202.176.222.212 1 ae-34-52.ebr2.London1.Level3.net (4.69.139.97) 0 msec 0 msec 0 msec 2 ae-42-42.ebr1.NewYork1.Level3.net (4.69.137.70) 68 msec 68 msec ae-41-41.ebr1.NewYork1.Level3.net (4.69.137.66) 72 msec 3 ae-71-71.csw2.NewYork1.Level3.net (4.69.134.70) 68 msec ae-81-81.csw3.NewYork1.Level3.net (4.69.134.74) 72 msec ae-61-61.csw1.NewYork1.Level3.net (4.69.134.66) 76 msec 4 ae-82-82.ebr2.NewYork1.Level3.net (4.69.148.41) 80 msec ae-92-92.ebr2.NewYork1.Level3.net (4.69.148.45) 84 msec ae-72-72.ebr2.NewYork1.Level3.net (4.69.148.37) 80 msec 5 ae-2-2.ebr4.SanJose1.Level3.net (4.69.135.185) 144 msec 144 msec 144 msec 6 ae-74-74.csw2.SanJose1.Level3.net (4.69.134.246) 140 msec ae-94-94.csw4.SanJose1.Level3.net (4.69.134.254) 148 msec ae-64-64.csw1.SanJose1.Level3.net (4.69.134.242) 144 msec 7 ae-12-69.car2.SanJose1.Level3.net (4.68.18.4) 140 msec ae-32-89.car2.SanJose1.Level3.net (4.68.18.132) 140 msec ae-22-79.car2.SanJose1.Level3.net (4.68.18.68) 140 msec 8 SINGAPORE-T.car2.SanJose1.Level3.net (4.79.42.230) 140 msec 140 msec 136 msec 9 POS3-2.sngtp-ar2.ix.singtel.com (203.208.182.205) [AS7473 {APNIC-AS-2-BLOCK}] 148 msec 152 msec 203.208.182.105 [AS7473 {APNIC-AS-2-BLOCK}] 136 msec 10 ge-4-0-0-0.plapx-cr2.ix.singtel.com (203.208.183.173) [AS7473 {APNIC-AS-2-BLOCK}] 148 msec xe-1-0-0-0.plapx-cr3.ix.singtel.com (203.208.183.170) [AS7473 {APNIC-AS-2-BLOCK}] 140 msec 140 msec 11 ge-2-1-0-0.sngtp-dr1.ix.singtel.com (203.208.183.62) [AS7473 {APNIC-AS-2-BLOCK}] 348 msec so-2-0-0-0.sngtp-cr1.ix.singtel.com (203.208.149.181) [AS7473 {APNIC-AS-2-BLOCK}] 336 msec ge-3-0-0-0.sngtp-dr1.ix.singtel.com (203.208.183.66) [AS7473 {APNIC-AS-2-BLOCK}] 360 msec 12 ae0-0.sngtp-cr1.ix.singtel.com (203.208.183.57) [AS7473 {APNIC-AS-2-BLOCK}] 328 msec ge-4-0-0-0.sngtp-cr2.ix.singtel.com (203.208.182.102) [AS7473 {APNIC-AS-2-BLOCK}] 336 msec 202.160.250.226 [AS7473 {APNIC-AS-2-BLOCK}] 336 msec 13 ge-3-0-0-0.sngtp-dr1.ix.singtel.com (203.208.183.66) [AS7473 {APNIC-AS-2-BLOCK}] 348 msec 524 msec 416 msec 14 202.160.250.226 [AS7473 {APNIC-AS-2-BLOCK}] 328 msec 344 msec 203.208.232.234 [AS9911 {APNIC-AS-3-BLOCK}] 336 msec 15 203.208.129.29 [AS9911 {APNIC-AS-3-BLOCK}] 308 msec * 412 msec 16 203.208.232.234 [AS9911 {APNIC-AS-3-BLOCK}] 376 msec * * 17 * * * Show Level 3 (London, England) Traceroute to 167.172.93.1 1 SINGAPORE-T.car1.London1.Level3.net (212.187.160.190) 0 msec 4 msec 0 msec 2 so-0-2-0-0.sngtp-ar6.ix.singtel.com (203.208.151.133) [AS7473 {APNIC-AS-2-BLOCK}] 284 msec 276 msec 276 msec 3 203.208.152.134 [AS7473 {APNIC-AS-2-BLOCK}] 288 msec 284 msec 288 msec 4 ge-5-0-8-0.hkgcw-cr3.ix.singtel.com (203.208.152.37) [AS7473 {APNIC-AS-2-BLOCK}] 276 msec 276 msec ge-5-0-2-0.hkgcw-cr3.ix.singtel.com (203.208.152.117) [AS7473 {APNIC-AS-2-BLOCK}] 284 msec 5 * * * Router: mpr1.lhr1.uk.above.net Command: traceroute 202.176.222.212 traceroute to 202.176.222.212 (202.176.222.212), 30 hops max, 40 byte packets 1 195.66.225.10 (195.66.225.10) 0.991 ms 2.433 ms 0.927 ms 2 so-0-2-0-0.sngtp-ar6.ix.singtel.com (203.208.151.133) 455.799 ms 271.095 ms 254.167 ms 3 203.208.149.210 (203.208.149.210) 255.751 ms 254.794 ms 254.838 ms 4 202.160.250.226 (202.160.250.226) 263.850 ms 263.912 ms 292.504 ms 5 203.208.129.29 (203.208.129.29) 275.109 ms 282.247 ms 313.901 ms 6 203.208.232.234 (203.208.232.234) 265.677 ms 265.604 ms 266.072 ms 7 * * *
Re: Addressing plan exercise for our IPv6 course
On Jul 30, 2010, at 3:11 AM, Matthew Walster wrote: On 30 July 2010 09:53, Owen DeLong o...@delong.com wrote: 2. Yes, they are already available. A moderate PC with 4 Gig-E ports can actually route all four of them at near wire speed. For 10/100Mbps, you can get full featured CPE like the SRX-100 for around $500. That's the upper end of the residential CPE price range, but, it's a small fraction of the cost of that functionality just 2 years ago. A moderate PC is not a typical CPE. An SRX-100 is not a typical CPE. A Draytek DSL modem/router is not a typical CPE. Your typical CPE is, and always will be, a simple device. It will (and should) contain no user configuration that is required for operation. If it does, it's too complicated for the average user. An Apple Airport Extreme is relatively typical CEP and meets your criteria. I have one forwarding packets at 800Mbps throughput between the LAN and WAN ports. On a gig-E network, that seems close enough to LAN speed. A lot of your simple devices are actually PCs running linux under the hood, so, in fact, a moderate PC today is likely to be tomorrows toaster. Home sensor network and/or appliances If it's really necessary to put these on a separate network, I highly doubt anyone but the true gadget geek will bother. Then you will be surprised. Kids net (nanny software?) Should be sorted at the PC-level, not the network level. If it really is going to be a network service, it should be off the home network and a managed service by an ISP somewhere. We can agree to disagree about this. Home entertainment systems Really? A separate network just for an HTPC? No. A separate network for: Playstation/Wii/etc. Amplifier (See Yamaha RXV-3900 for example) HTPCs Apple TVs TiVOs Mac Minis operating in that role (the new one rocks for that) DVD players Blue Ray players Monitors/Televisions etc. Just because the only home entertainment thing you have today with an ethernet port is an HTPC (which, btw, is way geekier than half the CPE you argued against at this point) does not mean that everyone will be subject to such limitations. Guest wireless Wireless is polluted enough. Supposing everything's fixed in the future and there is near-unlimited wireless spectrum, your average user is just going to give the encryption key to the router to the guest. Network management is not on the radar for 99.9% of resi users. Again, we can agree to disagree. Lots of people I know, including non-technical ones have turned on the guest wireless capability with their Airport Extremes. Seriously, this is getting silly. I'm not even going to respond any more - if you genuinely think users care about network management, you're wrong. They treat it as a black box, and that isn't going to change for a long, long, long time. I don't think they care. I think it will be automated for them in the future. The argument wasn't about whether users care or not. The argument was about whether households would eventually come to a point where the norm was to require more than one subnet per household. You remain in denial, and, that's fine, but, I think enough use cases have been shown and enough people have told you that they already have multiple subnets in IPv4 as a result of default service they receive from their provider to prove that multiple subnets in the average home will be commonplace in the future. Owen
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith p...@cisco.com. Routing Table Report 04:00 +10GMT Sat 31 Jul, 2010 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 327096 Prefixes after maximum aggregation: 150524 Deaggregation factor: 2.17 Unique aggregates announced to Internet: 159810 Total ASes present in the Internet Routing Table: 34482 Prefixes per ASN: 9.49 Origin-only ASes present in the Internet Routing Table: 29935 Origin ASes announcing only one prefix: 14512 Transit ASes present in the Internet Routing Table:4547 Transit-only ASes present in the Internet Routing Table:101 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 38 Max AS path prepend of ASN (22394) 35 Prefixes from unregistered ASNs in the Routing Table: 306 Unregistered ASNs in the Routing Table: 113 Number of 32-bit ASNs allocated by the RIRs:716 Prefixes from 32-bit ASNs in the Routing Table: 874 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:165 Number of addresses announced to Internet: 2281256256 Equivalent to 135 /8s, 249 /16s and 53 /24s Percentage of available address space announced: 61.5 Percentage of allocated address space announced: 66.4 Percentage of available address space allocated: 92.8 Percentage of address space in use by end-sites: 84.0 Total number of prefixes smaller than registry allocations: 155817 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:79192 Total APNIC prefixes after maximum aggregation: 27270 APNIC Deaggregation factor:2.90 Prefixes being announced from the APNIC address blocks: 76117 Unique aggregates announced from the APNIC address blocks:33644 APNIC Region origin ASes present in the Internet Routing Table:4145 APNIC Prefixes per ASN: 18.36 APNIC Region origin ASes announcing only one prefix: 1154 APNIC Region transit ASes present in the Internet Routing Table:633 Average APNIC Region AS path length visible:3.7 Max APNIC Region AS path length visible: 15 Number of APNIC addresses announced to Internet: 536013088 Equivalent to 31 /8s, 242 /16s and 233 /24s Percentage of available APNIC address space announced: 79.9 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 55296-56319, 131072-132095 APNIC Address Blocks 1/8, 14/8, 27/8, 43/8, 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:134849 Total ARIN prefixes after maximum aggregation:69675 ARIN Deaggregation factor: 1.94 Prefixes being announced from the ARIN address blocks: 107709 Unique aggregates announced from the ARIN address blocks: 42178 ARIN Region origin ASes present in the Internet Routing Table:13823 ARIN Prefixes per ASN: 7.79 ARIN Region origin ASes announcing only one prefix:5299 ARIN Region transit ASes present in the Internet Routing Table:1367 Average ARIN Region AS path length visible: 3.4 Max ARIN Region AS path length visible: 38 Number of ARIN addresses announced to
BGP Update Report
BGP Update Report Interval: 22-Jul-10 -to- 29-Jul-10 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS472542987 2.5% 333.2 -- ODN SOFTBANK TELECOM Corp. 2 - AS25620 25906 1.5% 155.1 -- COTAS LTDA. 3 - AS30890 23547 1.4% 52.7 -- EVOLVA Evolva Telecom s.r.l. 4 - AS553617248 1.0% 155.4 -- Internet-Egypt 5 - AS453816596 1.0% 56.6 -- ERX-CERNET-BKB China Education and Research Network Center 6 - AS35805 13596 0.8% 20.7 -- SILKNET-AS SILKNET AS 7 - AS14420 13130 0.8% 24.1 -- CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP 8 - AS35931 12653 0.7%2108.8 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 9 - AS845212390 0.7% 10.5 -- TEDATA TEDATA 10 - AS638912249 0.7% 3.1 -- BELLSOUTH-NET-BLK - BellSouth.net Inc. 11 - AS16526 11337 0.7% 68.7 -- BIRCH-TELECOM - Birch Telecom, Inc. 12 - AS982911077 0.7% 13.6 -- BSNL-NIB National Internet Backbone 13 - AS48754 10172 0.6% 10172.0 -- SOBIS-AS SOBIS SOLUTIONS SRL 14 - AS4323 9027 0.5% 3.2 -- TWTC - tw telecom holdings, inc. 15 - AS8151 8956 0.5% 5.8 -- Uninet S.A. de C.V. 16 - AS454648700 0.5% 202.3 -- NEXTWEB-AS-AP Room 201, TGU Bldg 17 - AS3816 8541 0.5% 16.6 -- COLOMBIA TELECOMUNICACIONES S.A. ESP 18 - AS114928475 0.5% 7.2 -- CABLEONE - CABLE ONE, INC. 19 - AS5800 8120 0.5% 40.4 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 20 - AS210 8069 0.5% 7.2 -- WEST-NET-WEST - Utah Education Network TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS48754 10172 0.6% 10172.0 -- SOBIS-AS SOBIS SOLUTIONS SRL 2 - AS191745197 0.3%5197.0 -- CNC-USA - China Netcom (USA) Operations Ltd. 3 - AS250902415 0.1%2415.0 -- EOS-AS Energie Ouest Suisse Autonomous System 4 - AS35931 12653 0.7%2108.8 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 5 - AS236701757 0.1%1757.0 -- OZSERVERS-AU Oz Servers, Data Centres, Australia Wide 6 - AS298436886 0.4%1147.7 -- FIVEA-AS1 - FIVE AREA SYSTEMS, INC 7 - AS8792 893 0.1% 893.0 -- ASVNET Axel Springer Verlag AG 8 - AS11613 748 0.0% 748.0 -- U-SAVE - U-Save Auto Rental of America, Inc. 9 - AS325285369 0.3% 671.1 -- ABBOTT Abbot Labs 10 - AS306001988 0.1% 497.0 -- AS-CMN - Cinergy Metronet, Inc. 11 - AS47593 402 0.0% 402.0 -- ATELECOM A-Telcom Ltd 12 - AS38467 394 0.0% 394.0 -- DBAMOYLAN-TRANSIT-AS-AP DBA Moylan 13 - AS44630 389 0.0% 389.0 -- A1799-AS A1799 Military Unit 14 - AS7513 381 0.0% 381.0 -- NETFORWARD Hitachi Information Systems, Ltd. 15 - AS7677 379 0.0% 379.0 -- DNP Dai Nippon Printing Co., Ltd 16 - AS7517 754 0.0% 377.0 -- MII ICOMT Inc. 17 - AS48275 374 0.0% 374.0 -- TSMS-ABKHAZIA-AS Technical Service of Trunk Communications of UPI and SMK of the President of Republic of Abkhazia 18 - AS9352 1080 0.1% 360.0 -- KUMAGAYA KuMaGaYaNet 19 - AS38063 359 0.0% 359.0 -- SANMEDIA-AS SANMEDIA Corporation, Local ISP in JAPAN YONAGO 20 - AS242891795 0.1% 359.0 -- KBN Kagawa T.V Broadcast Network Co,.Ltd TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 91.212.23.0/2410172 0.5% AS48754 -- SOBIS-AS SOBIS SOLUTIONS SRL 2 - 198.140.43.0/246980 0.3% AS35931 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 3 - 190.65.228.0/226027 0.3% AS3816 -- COLOMBIA TELECOMUNICACIONES S.A. ESP 4 - 63.211.68.0/22 5647 0.3% AS35931 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 5 - 207.254.176.0/20 5197 0.2% AS19174 -- CNC-USA - China Netcom (USA) Operations Ltd. 6 - 41.34.29.0/24 4202 0.2% AS8452 -- TEDATA TEDATA 7 - 206.184.16.0/243146 0.1% AS174 -- COGENT Cogent/PSI 8 - 130.36.34.0/24 2600 0.1% AS32528 -- ABBOTT Abbot Labs 9 - 130.36.35.0/24 2598 0.1% AS32528 -- ABBOTT Abbot Labs 10 - 202.92.235.0/242440 0.1% AS9498 -- BBIL-AP BHARTI Airtel Ltd. 11 - 193.8.222.0/24 2415 0.1% AS25090 -- EOS-AS Energie Ouest Suisse Autonomous System 12 - 129.66.0.0/17 1918 0.1% AS3464 -- ASC-NET - Alabama Supercomputer Network 13 - 129.66.128.0/171913 0.1% AS3464 -- ASC-NET - Alabama Supercomputer Network 14 - 117.20.0.0/24 1757 0.1% AS23670 -- OZSERVERS-AU Oz Servers, Data Centres, Australia Wide 15 - 143.138.107.0/24 1590 0.1% AS747 -- TAEGU-AS - Headquarters, USAISC
The Cidr Report
This report has been generated at Fri Jul 30 21:11:44 2010 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date PrefixesCIDR Agg 23-07-10329517 203177 24-07-10330008 203237 25-07-10329997 203298 26-07-10329978 203486 27-07-10330171 203377 28-07-10330486 203379 29-07-10330636 203594 30-07-10330809 203570 AS Summary 34995 Number of ASes in routing system 14852 Number of ASes announcing only one prefix 4490 Largest number of prefixes announced by an AS AS4323 : TWTC - tw telecom holdings, inc. 95297344 Largest address span announced by an AS (/32s) AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 30Jul10 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 330870 203434 12743638.5% All ASes AS6389 3881 289 359292.6% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS4323 4490 1833 265759.2% TWTC - tw telecom holdings, inc. AS19262 1948 279 166985.7% VZGNI-TRANSIT - Verizon Internet Services Inc. AS4766 1856 502 135473.0% KIXS-AS-KR Korea Telecom AS22773 1174 66 110894.4% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4755 1477 401 107672.9% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS18566 1088 63 102594.2% COVAD - Covad Communications Co. AS17488 1343 320 102376.2% HATHWAY-NET-AP Hathway IP Over Cable Internet AS5668 1098 85 101392.3% AS-5668 - CenturyTel Internet Holdings, Inc. AS8151 1455 554 90161.9% Uninet S.A. de C.V. AS6478 1266 391 87569.1% ATT-INTERNET3 - ATT WorldNet Services AS10620 1077 295 78272.6% Telmex Colombia S.A. AS8452 1177 402 77565.8% TEDATA TEDATA AS7545 1389 710 67948.9% TPG-INTERNET-AP TPG Internet Pty Ltd AS7303 775 121 65484.4% Telecom Argentina S.A. AS4804 682 72 61089.4% MPX-AS Microplex PTY LTD AS35805 654 55 59991.6% SILKNET-AS SILKNET AS AS4808 833 248 58570.2% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS4780 694 161 53376.8% SEEDNET Digital United Inc. AS7552 653 137 51679.0% VIETEL-AS-AP Vietel Corporation AS7018 1467 955 51234.9% ATT-INTERNET4 - ATT WorldNet Services AS17676 581 80 50186.2% GIGAINFRA Softbank BB Corp. AS24560 994 493 50150.4% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS1785 1782 1282 50028.1% AS-PAETEC-NET - PaeTec Communications, Inc. AS3356 1161 664 49742.8% LEVEL3 Level 3 Communications AS9443 572 76 49686.7% INTERNETPRIMUS-AS-AP Primus Telecommunications AS7011 1135 653 48242.5% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS22047 555 83 47285.0% VTR BANDA ANCHA S.A. AS9198 499 40 45992.0% KAZTELECOM-AS JSC Kazakhtelecom AS7738 477 30 44793.7% Telecomunicacoes da Bahia S.A. Total 38233113402689370.3% Top 30 total Possible Bogus Routes
Re: Monitoring tools for IPv6 tools
Hi, thanks for the link. This was the best compilation that I found before. Unfortunately, this presentation is a little bit old (2006). I am supposing that most of commercial tools have improved your IPv6 support. Thanks ./diogo -montagner On Fri, Jul 30, 2010 at 11:07 PM, nanogf . nan...@spoofer.com wrote: https://docs.google.com/viewer?url=http://www.6diss.org/tutorials/management.pdf http://tools.6net.org/ --- diogo.montag...@gmail.com wrote: From: Diogo Montagner diogo.montag...@gmail.com To: nanog@nanog.org Subject: Monitoring tools for IPv6 tools Date: Fri, 30 Jul 2010 17:06:31 +0800 Hello, I am looking for monitoring tools that already have support to IPv6. I am looking for both freeware and commercial tools. Please, do you know what network management system are already supporting IPv6 ? Thanks ./diogo -montagner _ Get your own *free* email address like this one from www.OwnEmail.com