Re: Mac OS X 10.7, still no DHCPv6
* Mikael Abrahamsson On Sat, 26 Feb 2011, Joel Jaeggli wrote: You can, the actual integration issue is that network mangler (on ubuntu/fedora etal) and the osX airport connection manager will give up on a subnet on which they can't obtain an ipv4 address in prefernce to one where they can... this can also be worked around but it makes v6-only operation (Assuming that were desired, or even a good idea at this point) something that the majority of the users wouldn't be able to achive without the default behavior changing. I'm not that interested in v6 only, I'm after requiring DHCPv6 and disallowing SLAAC, which clients can use IPv6 then? List afaik: Can: Windows Vista/Win7 (default) Linux (with non-default software) *BSD (with non-default software) Actually, with Linux, you do not need any non-default software. For quite some time now, the GNOME NetworkManager have supported most IPv6 flavours: * Static addressing, * SLAAC (including the RDNSS option), * Information-only DHCPv6, * Stateful DHCPv6, and * Any combination of the above. The problem is only that IPv6 support is not enabled in the default connection profile. In the default case, the kernel will on its own do SLAAC, but you won't get any IPv6 resolvers used, nor will it be able to connect to a IPv6-only network, due to the fact that NetworkManager will shut down the interface if it do not get any IPv4 connectivity (at least on wireless connections). See: https://bugzilla.redhat.com/show_bug.cgi?id=538499 Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 2011-02-27 at 07:56 +0100, Mikael Abrahamsson wrote: I'm not that interested in v6 only, I'm after requiring DHCPv6 and disallowing SLAAC, which clients can use IPv6 then? List afaik: [...] Can't: Windows XP [...] The Dibbler DHCPv6 client(non-standard software) works on XP (I think). Not sure about disallowing SLAAC. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part
Re: Mac OS X 10.7, still no DHCPv6
You're going to have to perform stateless autconfiguration in ipv6 and provide an ipv4 nameserver at the very minimum for a long time apple is gonna look very very st00pid on world ipv6 day. and a bunch of folk are considering not turning things off after that day. randy
Re: Mac OS X 10.7, still no DHCPv6
You're going to have to perform stateless autconfiguration in ipv6 and provide an ipv4 nameserver at the very minimum for a long time apple is gonna look very very st00pid on world ipv6 day. and a bunch of folk are considering not turning things off after that day. on second thought, guess where the support calls are gonna go. our customer support lines, because we deliver zipless ipv6. NOC: are you running a macintosh? User: yes, how did you guess? NOC: because it is broken. get vista. randy
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 1:56 AM, Mikael Abrahamsson wrote: On Sat, 26 Feb 2011, Joel Jaeggli wrote: On 2/26/11 9:27 PM, Mikael Abrahamsson wrote: On Sat, 26 Feb 2011, Joel Jaeggli wrote: On 2/26/11 9:05 PM, Randy Bush wrote: With copies out to developers we now have confirmation that Apple still hasn't included DHCPv6 in the next release of OS X. what is it about ipv6 which attracts religious nuts? you sure it's not macos (says joel from a v6 enabled mac). On a more serious note, I can on my Ubuntu machine just apt-get install wide-dhcpv6-client and I get dhcpv6, it'll properly put stuff in resolv.conf for dns-over-ipv6 transport, even though the connection manager knows nothing about it, at least dual stack works properly. Can one do the equivalent easy addition to OSX? You can, the actual integration issue is that network mangler (on ubuntu/fedora etal) and the osX airport connection manager will give up on a subnet on which they can't obtain an ipv4 address in prefernce to one where they can... this can also be worked around but it makes v6-only operation (Assuming that were desired, or even a good idea at this point) something that the majority of the users wouldn't be able to achive without the default behavior changing. I'm not that interested in v6 only, I'm after requiring DHCPv6 and disallowing SLAAC, which clients can use IPv6 then? List afaik: Can: Windows Vista/Win7 (default) Linux (with non-default software) *BSD (with non-default software) Probably: OSX (with non-default software) Can't: Windows XP Don't know: Symbian Android Apple iOS Mikael, try: http://sourceforge.net/projects/wide-dhcpv6/ http://wouter.horre.be/doc/stateless-dhcpv6-on-mac-os-x or http://klub.com.pl/dhcpv6/ There are others out there. I prefer wide for now. Works on 10.6. Haven't tried it on 10.5. Tom
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 6:27 AM, Randy Bush wrote: You're going to have to perform stateless autconfiguration in ipv6 and provide an ipv4 nameserver at the very minimum for a long time apple is gonna look very very st00pid on world ipv6 day. and a bunch of folk are considering not turning things off after that day. Now why would you say that, Randy? My home is dual stacked with a IPv6 tunnel to HE at my router. All off the shelf. No special config. All Apple. So whats the beef? Tom
Re: Mac OS X 10.7, still no DHCPv6
SLAAC is fine (even great) for small environments. For a lot of enterprise (or in our case, academic) networks you really want the central control of what addresses hosts get. Saw some mention of being unsure that it was possible to disable SLAAC. Every OS I've tested so far respects the A flag (which signals whether a prefix can be used for SLAAC or not) of an RA, so of course you can disable SLAAC (right from the prefix you advertise). Apple has said before that they don't want to use DHCPv6 because IPv6 should be easy. I'm not really sure what about DHCPv6 is difficult. Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). Once again, SLAAC and RDNSS is great for quick, small, plug-and-play networks, and maybe even the opposite end: very very large (mobile) networks. But DHCPv6 is a powerful tool and one that shouldn't be thrown out. With SLAAC, as soon as you enable it every host on a network starts talking IPv6, by disabling SLAAC and using DHCPv6, you can selectively respond to hosts and do a phased deployment, enabling IPv6 on a per-host basis. Even though we have good native IPv6 available, we've adopted a DHCPv6 only deployment model. It works great for Windows and Linux systems, and even Android devices (I believe the iPhone even supports DHCPv6), really too bad that OS X doesn't support it because on our network it means they won't be getting IPv6 anytime soon. On Sun, Feb 27, 2011 at 8:05 AM, TR Shaw ts...@oitc.com wrote: On Feb 27, 2011, at 6:27 AM, Randy Bush wrote: You're going to have to perform stateless autconfiguration in ipv6 and provide an ipv4 nameserver at the very minimum for a long time apple is gonna look very very st00pid on world ipv6 day. and a bunch of folk are considering not turning things off after that day. Now why would you say that, Randy? My home is dual stacked with a IPv6 tunnel to HE at my router. All off the shelf. No special config. All Apple. So whats the beef? Tom -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: Mac OS X 10.7, still no DHCPv6
On Sat, Feb 26, 2011 at 09:46:17PM -0800, Joel Jaeggli wrote: On 2/26/11 9:27 PM, Mikael Abrahamsson wrote: On a more serious note, I can on my Ubuntu machine just apt-get install wide-dhcpv6-client and I get dhcpv6, it'll properly put stuff in resolv.conf for dns-over-ipv6 transport, even though the connection manager knows nothing about it, at least dual stack works properly. Can one do the equivalent easy addition to OSX? You can, the actual integration issue is that network mangler (on ubuntu/fedora etal) and the osX airport connection manager will give up on a subnet on which they can't obtain an ipv4 address in prefernce to one where they can... this can also be worked around but it makes v6-only operation (Assuming that were desired, or even a good idea at this point) something that the majority of the users wouldn't be able to achive without the default behavior changing. NetworkManager on Fedora fully supports IPv6 now, including DHCPv6. You can easily configure it to require an IPv4 address or an IPv6 address or both to consider the connection successfull.
Re: Mac OS X 10.7, still no DHCPv6
Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? This is often required for legislation compliance. DHCP does this well. -- Leigh Porter On 27 Feb 2011, at 14:04, Chuck Anderson c...@wpi.edu wrote: On Sat, Feb 26, 2011 at 09:46:17PM -0800, Joel Jaeggli wrote: On 2/26/11 9:27 PM, Mikael Abrahamsson wrote: On a more serious note, I can on my Ubuntu machine just apt-get install wide-dhcpv6-client and I get dhcpv6, it'll properly put stuff in resolv.conf for dns-over-ipv6 transport, even though the connection manager knows nothing about it, at least dual stack works properly. Can one do the equivalent easy addition to OSX? You can, the actual integration issue is that network mangler (on ubuntu/fedora etal) and the osX airport connection manager will give up on a subnet on which they can't obtain an ipv4 address in prefernce to one where they can... this can also be worked around but it makes v6-only operation (Assuming that were desired, or even a good idea at this point) something that the majority of the users wouldn't be able to achive without the default behavior changing. NetworkManager on Fedora fully supports IPv6 now, including DHCPv6. You can easily configure it to require an IPv4 address or an IPv6 address or both to consider the connection successfull.
Re: Mac OS X 10.7, still no DHCPv6
On 2/27/2011 12:05 AM, Randy Bush wrote: With copies out to developers we now have confirmation that Apple still hasn't included DHCPv6 in the next release of OS X. what is it about ipv6 which attracts religious nuts? randy OSX beta (fanbois + journalists who get paid by word) + IPv6 = perfect storm --Patrick
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 27 Feb 2011, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 10:22 PM, Mikael Abrahamsson wrote: Which is one of the reasons why some of us want DHCPv6 support in hosts. Also for traceback when hunting down compromised/abusive hosts. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com The basis of optimism is sheer terror. -- Oscar Wilde
Re: Mac OS X 10.7, still no DHCPv6
Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. Agreed. In our environment Mac OSX hosts will either have to get the necessary DHCPv6 functionality, or the customer will have to buy a router (which can then get DHCPv6 PD from us, and offer RA/SLAAC on the LAN side). SLAAC for our ISP customers just won't happen, for a lot of reasons. Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: Mac OS X 10.7, still no DHCPv6
On 27 Feb 2011, at 15:35, sth...@nethelp.no wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. Agreed. In our environment Mac OSX hosts will either have to get the necessary DHCPv6 functionality, or the customer will have to buy a router (which can then get DHCPv6 PD from us, and offer RA/SLAAC on the LAN side). SLAAC for our ISP customers just won't happen, for a lot of reasons. I really do not get the lack of DHCPv6, the Apple 'it should be easy' is all very well and good, but it really does not help those people who have to run the networks at all. So for the foreseeable future SLAAC seems to be a requirement especially for WiFi operators for example who will have to support a multitude of unknown hosts. Has anybody found a usable method of achieving IPv6 address logs for such networks or will I just have to write some awful sniffer that spits out into a database that later on I'll have to correlate with WiFi AP RADIUS logs? -- Leigh Porter
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 27 Feb 2011, Mikael Abrahamsson wrote: On Sun, 27 Feb 2011, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. So how does DHCP prevent a host from just taking or hijacking an IP address? Antonio Querubin e-mail/xmpp: t...@lava.net
Re: Mac OS X 10.7, still no DHCPv6
On 27 Feb 2011, at 19:07, Antonio Querubin wrote: On Sun, 27 Feb 2011, Mikael Abrahamsson wrote: On Sun, 27 Feb 2011, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. So how does DHCP prevent a host from just taking or hijacking an IP address? Antonio Querubin e-mail/xmpp: t...@lava.net You can have devices that peek at the DHCP messages and then open filters so that you at least know that any host that pops up on the network has used DHCP to obtain an IP address. Now you cannot usually prevent somebody from later hijacking that IP address using a fake MAC unless you do something else as well but at least you have something of a statefull relationship between an host and the IP address it uses. -- Leigh Porter
Re: Mac OS X 10.7, still no DHCPv6
In fairness, said device can do the same sort of inspection of SLAAC traffic. It just looks at neighbor discovery messages instead of DHCP messages. http://tools.ietf.org/html/draft-ietf-savi-fcfs On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter leigh.por...@ukbroadband.com wrote: On 27 Feb 2011, at 19:07, Antonio Querubin wrote: On Sun, 27 Feb 2011, Mikael Abrahamsson wrote: On Sun, 27 Feb 2011, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. So how does DHCP prevent a host from just taking or hijacking an IP address? Antonio Querubin e-mail/xmpp: t...@lava.net You can have devices that peek at the DHCP messages and then open filters so that you at least know that any host that pops up on the network has used DHCP to obtain an IP address. Now you cannot usually prevent somebody from later hijacking that IP address using a fake MAC unless you do something else as well but at least you have something of a statefull relationship between an host and the IP address it uses. -- Leigh Porter
Re: Mac OS X 10.7, still no DHCPv6
In message a73628f8-9d2a-42db-940d-b51d680ec...@ukbroadband.com, Leigh Porte r writes: Does anybody have anything neat to keep logs of what host gets what ipv6 add= ress in an SLAAC environment? This is often required for legislation compliance. DHCP does this well. Does it really matter what address a customer has as long as it comes from the /64, /56 or /48 assigned to them? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Mac OS X 10.7, still no DHCPv6
On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: This is often required for legislation compliance. DHCP does this well. Does it really matter what address a customer has as long as it comes from the /64, /56 or /48 assigned to them? You are assuming an access technology that lends itself to subnet-per-customer. I run a network with 50,000+ end users using ethernet-based access to the user's room. In IPv4, I run 1 or more subnets per building (depending on the number of rooms in the build). I use DHCP to assign IPs, and record the DHCP assignments allow me to trace users in the event of abuse complaints. I use DHCP Option82 to allow me to correlate multiple devices in a user's room. I feed the DHCP information into my bandwidth management platform to enforce different levels (i.e. speeds) of service per user depending on what they've purchased. I have yet to come up with a viable solution to do all of the above in IPv6 without using DHCPv6. At the moment, that means that OSX users are not going to get IPv6. Simon For IPv4, I use DHCP to
Re: Mac OS X 10.7, still no DHCPv6
In fairness, said device can do the same sort of inspection of SLAAC traffic. It just looks at neighbor discovery messages instead of DHCP messages. http://tools.ietf.org/html/draft-ietf-savi-fcfs Any known (existing) or planned implementations of this? Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: Mac OS X 10.7, still no DHCPv6
In fairness, said device can do the same sort of inspection of SLAAC traffic. It just looks at neighbor discovery messages instead of DHCP messages. http://tools.ietf.org/html/draft-ietf-savi-fcfs Any known (existing) or planned implementations of this? None that you can buy off the shelf. I understand that Tsinghua University in Beijing has prototype code running on several types of switches.
Re: Mac OS X 10.7, still no DHCPv6
On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). radvd and rdnssd work together on Linux nicely to provide RDNSS support. Works a treat. - Matt
Re: Weekend Gedankenexperiment - The Kill Switch
Hi, Dave, On 06/02/2011 04:09 p.m., Dave CROCKER wrote: Sorry, but I think the technical implications of a goal to survive 'hostile battlefield conditions' versus 'nuclear attack' are (small pun) massively different. Hence I think the actual language used matters. And the fact that the common language around the net during the '70s was the former and not the latter matters. Which is why it would be helpful to get some credible documentation about use of the latter. How about: Clark, D. 1988. The Design Philosophy of the DARPA Internet Protocols. Computer Communication Review, Vol. 18, No. 4, 1988. ? Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
NTT as a service provider in the US
Anyone have any thoughts on NTT as a service provider in the US ? Anyone currently or previously using them please chime in. thank you
Re: SLA for voice and video over IP/MPLS
On Thu, Feb 24, 2011 at 6:10 PM, Diogo Montagner diogo.montag...@gmail.com wrote: Hello, I am looking for industry standard parameters to base the SLA of one network regarding to voice, video and data application. One won't find many, but a common rule of thumb is most apps will be 'fine' with networks that provide 10E-6 BER or lower loss rates. Which are the the accepted values for jiiter, delay, latency and packet loss for voice, video and data in a IP/MPLS ? This question is being framed backwards -- an engineer should ask ask what the particular codecs can tollerate, then seek out networks which can deliver on those needs. If the a/v equipment vendor can't tell the customer or user what sort of network is required, I recommend selecting a new a/v vendor. In any event, audio codecs such as ILBC, g729, and 722 are well positioned for 'loss concealment' mechanisms in the decoders, masking some reasonable amount of loss. This has been exhaustively tested, and the data is readily available [0]. Video codecs that degrade gracefully are also fairly common, though the industry focus seems to be on concealing loss for generic real-time data, and offloading this work onto a different abstraction. One example would be packetized 'forward error correction' schemes, which can be configured or adapted to nearly arbitrarily 'high' loss rates (eg. ProMPEG [1] and related work). If the a/v system in question can support FEC of any sort, then this should substantially reduce ones transport-layer loss rate concerns. -Tk [0]: http://www.vocal.com/speech_coders/psqm_data.html [1]: http://www.ispa-sat.ru/info/Inside%20Pro-MPEG%20FEC%20(IBC)%20.pdf
Re: Mac OS X 10.7, still no DHCPv6
Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? - Original Message - From: Matthew Palmer mpal...@hezmatt.org To: nanog@nanog.org Sent: Sunday, 27 February, 2011 4:06:29 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). radvd and rdnssd work together on Linux nicely to provide RDNSS support. Works a treat. - Matt
Re: NTT as a service provider in the US
powerzo...@gmail.com powerzo...@gmail.com writes: Anyone have any thoughts on NTT as a service provider in the US ? Anyone currently or previously using them please chime in. can't do it. i have thoughts but i won't answer a freemail address. i'm taking the time to say so because your post looks like trolling to me. if you ask again with a real domain name and a real meatspace signature, i'll be happy to say what i think about ntt as a service provider in the US. -- Paul Vixie KI6YSY
Re: SLA for voice and video over IP/MPLS
For video, the SCTE 168 doc covers this.. (first hit on google) Its fairly strict, but in depth. On Feb 24, 2011 6:12 PM, Diogo Montagner diogo.montag...@gmail.com wrote:
Re: Mac OS X 10.7, still no DHCPv6
The topic should likely be re-written to DHCPv6 expected in OS X 10.7 with rainbows, stars, and prancing unicorns. Apparently I was misinformed. Several people with access to the preview had informed me that DHCPv6 was not in 10.7. This seems to have upset at least one Apple engineer who dropped the NDA bomb on me; while he didn't confirm it was there, he did imply it, and it did make me have people give a second look. (I tried to get him to admit it but he's obviously been through Apple secret keeping training). After having others look more closely it seems that DHCPv6, or the beginnings of DHCPv6 support are in 10.7, though there are no UI options to indicate this, and a reboot of the OS seems to be required before it will make a request (?) Hopefully that is also wrong, or is being worked on. Mainly, the user should have an easy way to determine their DUID. So it looks like the next release of OS X might have a full implementation of DHCPv6 and RDNSS to boot. If that's the case then I applaud Apple at finally delivering on DHCPv6; it's been requested for at least a few years now. It will be interesting to see how this looks when we get closer to a release. Will also be interesting to see some test cases for IPv6 configuration (e.g. can a Mac get both SLAAC and DHCPv6 addresses, if it follows the standard it should be able to). My apologies to Apple and the team that has been working hard on DHCPv6 implementation; If anything the post has shown you that your work is not only worthwhile but also necessary and will be widely appreciated. Funny how Apple keeps everything a secret then get worked up when people don't have correct information to go by ;-) For context, this was incorrect: On Sat, Feb 26, 2011 at 10:10 PM, Ray Soucy r...@maine.edu wrote: With copies out to developers we now have confirmation that Apple still hasn't included DHCPv6 in the next release of OS X. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 2011-02-27 at 16:25 -0500, Franck Martin wrote: Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? Well - that draft very recently (i.e., only a few months, if that) became standards track, so it'll be a while before it's built into everything as a matter of course, but yes, it's fixed. RFC 6109. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 2011-02-27 at 14:47 +, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? How do you define what host? If it's by MAC address (and you are not using temporary, cryptographic or random addresses), then the MAC is in the address the host ends up using. Also, as someone else said, hosts don't get addresses via SLAAC - they generate them. That means that while you may be able to predict what they *will* use, you would need to snoop NDP to find out what they *are* using, and even more so for temporary, cryptographic and random addresses. I have no experience of anything that actually does this, but it would be fairly simple to do. NDP will end up snooped in routers and switches for lots of reasons, so expect to see such features in real kit pretty soon. Make sure you let your vendor know what you want/need... Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part
Re: Mac OS X 10.7, still no DHCPv6
On Mon, 28 Feb 2011, Karl Auer wrote: Well - that draft very recently (i.e., only a few months, if that) became standards track, so it'll be a while before it's built into everything as a matter of course, but yes, it's fixed. RFC 6109. ^ Maybe you mean RFC 6106? Antonio Querubin e-mail/xmpp: t...@lava.net
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: You're going to have to perform stateless autconfiguration in ipv6 and provide an ipv4 nameserver at the very minimum for a long time apple is gonna look very very st00pid on world ipv6 day. and a bunch of folk are considering not turning things off after that day. on second thought, guess where the support calls are gonna go. our customer support lines, because we deliver zipless ipv6. NOC: are you running a macintosh? User: yes, how did you guess? NOC: because it is broken. get vista. randy While I'm as big a fan of IPv6 as anybody, I think in a comparison of relative brokenness, Mac comes out quite favorably compared to Vista in spite of their DHCPv6 deficiencies. Owen
RE: Mac OS X 10.7, still no DHCPv6
From: Leigh Porter Sent: Sunday, February 27, 2011 6:48 AM To: Chuck Anderson Cc: nanog@nanog.org; I2 IPv6 working group Subject: Re: Mac OS X 10.7, still no DHCPv6 Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? This is often required for legislation compliance. DHCP does this well. -- Leigh Porter Do the hosts register themselves in DNS? You might be able to look at your DNS logs.
Re: Mac OS X 10.7, still no DHCPv6
In message 20110227204511.gm27...@virtual.bogons.net, Simon Lockhart writes: On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: This is often required for legislation compliance. DHCP does this well. Does it really matter what address a customer has as long as it comes from the /64, /56 or /48 assigned to them? You are assuming an access technology that lends itself to subnet-per-custome r. I run a network with 50,000+ end users using ethernet-based access to the user's room. In IPv4, I run 1 or more subnets per building (depending on the number of rooms in the build). I use DHCP to assign IPs, and record the DHCP assignments allow me to trace users in the event of abuse complaints. I use DHCP Option82 to allow me to correlate multiple devices in a user's room. I feed the DHCP information into my bandwidth management platform to enforce different levels (i.e. speeds) of service per user depending on what they've purchased. I have yet to come up with a viable solution to do all of the above in IPv6 without using DHCPv6. At the moment, that means that OSX users are not going to get IPv6. Have you *asked* your vendors for a alternate solution? DHCP kills privacy addresses. DHCP kills CGAs. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Mac OS X 10.7, still no DHCPv6
You can write script to poll routers for IPv6 neighbors, and store those in a database. That will get you the IPv6 to MAC association. Then poll L2 devices for MAC address tables for the MAC to port association. We've had such a system in place for a few years now to map addresses to ports, etc., it also checks for rogue RA. It's messy (and I don't like the extra load it causes on routers). If we had things like DHCPv6 snooping, RA guard (which you can implement with PACLs), and IPv6 source verification we wouldn't need it. Thankfully most of these are all in the pipeline. On Sun, Feb 27, 2011 at 5:32 PM, Karl Auer ka...@biplane.com.au wrote: On Sun, 2011-02-27 at 14:47 +, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? How do you define what host? If it's by MAC address (and you are not using temporary, cryptographic or random addresses), then the MAC is in the address the host ends up using. Also, as someone else said, hosts don't get addresses via SLAAC - they generate them. That means that while you may be able to predict what they *will* use, you would need to snoop NDP to find out what they *are* using, and even more so for temporary, cryptographic and random addresses. I have no experience of anything that actually does this, but it would be fairly simple to do. NDP will end up snooped in routers and switches for lots of reasons, so expect to see such features in real kit pretty soon. Make sure you let your vendor know what you want/need... Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: Mac OS X 10.7, still no DHCPv6
But the ND messages don't tell you anything other than the Mac address about which host it actually is. In theory, at least, snooping the DHCP messages might include a hostname or some other useful identifier. Owen On Feb 27, 2011, at 11:53 AM, Richard Barnes wrote: In fairness, said device can do the same sort of inspection of SLAAC traffic. It just looks at neighbor discovery messages instead of DHCP messages. http://tools.ietf.org/html/draft-ietf-savi-fcfs On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter leigh.por...@ukbroadband.com wrote: On 27 Feb 2011, at 19:07, Antonio Querubin wrote: On Sun, 27 Feb 2011, Mikael Abrahamsson wrote: On Sun, 27 Feb 2011, Leigh Porter wrote: Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment? You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't get an IPv6 address, it takes one. This is often required for legislation compliance. DHCP does this well. Which is one of the reasons why some of us want DHCPv6 support in hosts. So how does DHCP prevent a host from just taking or hijacking an IP address? Antonio Querubin e-mail/xmpp: t...@lava.net You can have devices that peek at the DHCP messages and then open filters so that you at least know that any host that pops up on the network has used DHCP to obtain an IP address. Now you cannot usually prevent somebody from later hijacking that IP address using a fake MAC unless you do something else as well but at least you have something of a statefull relationship between an host and the IP address it uses. -- Leigh Porter
Re: Mac OS X 10.7, still no DHCPv6
Look, can we stop arguing about whether someone needs DHCP or not, whether they need SLAAC or not. Let's just get both solutions to a mature and useful state where a network administrator can pick the one that works best for their environment and move on. Devices, routers, OSs, etc. should support both. The IETF should stop letting the two working groups focus on damaging the other protocol and we should stop treating this as a competition or a battle and start treating it as options to accomplish a task. Owen On Feb 27, 2011, at 1:25 PM, Franck Martin wrote: Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? - Original Message - From: Matthew Palmer mpal...@hezmatt.org To: nanog@nanog.org Sent: Sunday, 27 February, 2011 4:06:29 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). radvd and rdnssd work together on Linux nicely to provide RDNSS support. Works a treat. - Matt
Re: Mac OS X 10.7, still no DHCPv6
On 02/27/2011 14:39, Mark Andrews wrote: DHCP kills privacy addresses. DHCP kills CGAs. In some environments that's a feature. :) Also, I think people forget the original motivation behind privacy addresses. If you use RA/SLAAC on every different network that you use IPv6 (say, with your laptop) then the bottom 64 bits are always going to be the same. The theory was that this could provide a way to track the same user across multiple networks, thus the desire to have the ability to generate host identifiers that are unique-but-temporary. If you're on your home network (where the network prefix is always going to be the same) privacy addresses have limited (although non-zero) utility. If you're at work you're subject to the policies there, and if they say dhcpv6 + no privacy addresses then that's that. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 2:39 PM, Mark Andrews wrote: In message 20110227204511.gm27...@virtual.bogons.net, Simon Lockhart writes: On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: This is often required for legislation compliance. DHCP does this well. Does it really matter what address a customer has as long as it comes from the /64, /56 or /48 assigned to them? You are assuming an access technology that lends itself to subnet-per-custome r. I run a network with 50,000+ end users using ethernet-based access to the user's room. In IPv4, I run 1 or more subnets per building (depending on the number of rooms in the build). I use DHCP to assign IPs, and record the DHCP assignments allow me to trace users in the event of abuse complaints. I use DHCP Option82 to allow me to correlate multiple devices in a user's room. I feed the DHCP information into my bandwidth management platform to enforce different levels (i.e. speeds) of service per user depending on what they've purchased. I have yet to come up with a viable solution to do all of the above in IPv6 without using DHCPv6. At the moment, that means that OSX users are not going to get IPv6. Have you *asked* your vendors for a alternate solution? DHCP kills privacy addresses. In many environments, this is a feature, not a bug. DHCP kills CGAs. In many environments, this is a feature, not a bug. I would, in fact, posit that some of the people complaining about the lack of DHCP are doing so precisely because of a desire to kill these things in their environment. Owen
Re: Mac OS X 10.7, still no DHCPv6
On 2/27/11 3:08 PM, Owen DeLong wrote: Look, can we stop arguing about whether someone needs DHCP or not, whether they need SLAAC or not. Let's just get both solutions to a mature and useful state where a network administrator can pick the one that works best for their environment and move on. Devices, routers, OSs, etc. should support both. The IETF should stop letting the two working groups focus on damaging the other protocol and we should stop treating this as a competition or a battle and start treating it as options to accomplish a task. The documents are done at least for sufficient pieces to make it work. it's in the hands of vendors and has been for a while. The simple fact is that if you want to do it a particular way and you have an installed base that doesn't support doing it that way, then you're not doing it that way. Owen On Feb 27, 2011, at 1:25 PM, Franck Martin wrote: Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? - Original Message - From: Matthew Palmer mpal...@hezmatt.org To: nanog@nanog.org Sent: Sunday, 27 February, 2011 4:06:29 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). radvd and rdnssd work together on Linux nicely to provide RDNSS support. Works a treat. - Matt
Re: Mac OS X 10.7, still no DHCPv6
On 2/27/11 3:17 PM, Owen DeLong wrote: On Feb 27, 2011, at 2:39 PM, Mark Andrews wrote: In message 20110227204511.gm27...@virtual.bogons.net, Simon Lockhart writes: On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: This is often required for legislation compliance. DHCP does this well. Does it really matter what address a customer has as long as it comes from the /64, /56 or /48 assigned to them? You are assuming an access technology that lends itself to subnet-per-custome r. I run a network with 50,000+ end users using ethernet-based access to the user's room. In IPv4, I run 1 or more subnets per building (depending on the number of rooms in the build). I use DHCP to assign IPs, and record the DHCP assignments allow me to trace users in the event of abuse complaints. I use DHCP Option82 to allow me to correlate multiple devices in a user's room. I feed the DHCP information into my bandwidth management platform to enforce different levels (i.e. speeds) of service per user depending on what they've purchased. I have yet to come up with a viable solution to do all of the above in IPv6 without using DHCPv6. At the moment, that means that OSX users are not going to get IPv6. Have you *asked* your vendors for a alternate solution? DHCP kills privacy addresses. In many environments, this is a feature, not a bug. DHCP kills CGAs. In many environments, this is a feature, not a bug. I would, in fact, posit that some of the people complaining about the lack of DHCP are doing so precisely because of a desire to kill these things in their environment. which is fine they just have to kill of their legacy software deployments while they're at it. Owen
Re: Mac OS X 10.7, still no DHCPv6
In message ca58d5c5-3826-4da8-bcc6-5057ab912...@delong.com, Owen DeLong writes: On Feb 27, 2011, at 2:39 PM, Mark Andrews wrote: =20 In message 20110227204511.gm27...@virtual.bogons.net, Simon Lockhart = writes: On Mon Feb 28, 2011 at 07:22:08AM +1100, Mark Andrews wrote: This is often required for legislation compliance. DHCP does this = well. =20 Does it really matter what address a customer has as long as it = comes from the /64, /56 or /48 assigned to them? =20 You are assuming an access technology that lends itself to = subnet-per-custome r. =20 I run a network with 50,000+ end users using ethernet-based access to = the user's room. In IPv4, I run 1 or more subnets per building (depending = on the=20 number of rooms in the build). I use DHCP to assign IPs, and record = the=20 DHCP assignments allow me to trace users in the event of abuse = complaints. I use DHCP Option82 to allow me to correlate multiple devices in a = user's room. I feed the DHCP information into my bandwidth management platform to = enforce different levels (i.e. speeds) of service per user depending on what = they've purchased. =20 I have yet to come up with a viable solution to do all of the above = in IPv6 without using DHCPv6. At the moment, that means that OSX users are = not going to get IPv6. =20 Have you *asked* your vendors for a alternate solution? =20 DHCP kills privacy addresses. In many environments, this is a feature, not a bug. DHCP kills CGAs. =20 In many environments, this is a feature, not a bug. I would, in fact, posit that some of the people complaining about the = lack of DHCP are doing so precisely because of a desire to kill these things in = their environment. Owen Sure there are some envionments where it is a feature. But in many you really don't care what address the machine gets. You are actually looking for to tie the address(mac) to a accounting record and DHCP is the only currently available solution and rather than look for a better solution DHCP is being used. One could have the machine generate its own addresses and register them using DHCP. You get the accounting without throwing out the ability to do things like privacy addresses and CGA. The DHCP server can also prevent the machine using a reserved address for the few things on the net that need it. You also get IPv6 reverse maintenance thrown in for free. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Mac OS X 10.7, still no DHCPv6
* Owen DeLong On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: NOC: are you running a macintosh? User: yes, how did you guess? NOC: because it is broken. get vista. While I'm as big a fan of IPv6 as anybody, I think in a comparison of relative brokenness, Mac comes out quite favorably compared to Vista in spite of their DHCPv6 deficiencies. Absolutely not. Mac OS X does not do proper source address selection according to RFC 3484. That makes it do things like preferring the use of link-local IPv6 addresses when connecting to global dual-stacked destinations, which of course won't work - as a result a 75 second long timeout is incurred for every single outgoing TCP connection. Versions earlier than 10.6.5, still in use by a considerable amount of users, will also prefer the use of 6to4 to IPv4, again something which is causing lots of brokenness. (Windows ICS is responsible for causing lots of OS X hosts to have 6to4 addresses in the first place, though.) OS X also has a bug that will make it interpret a router lifetime of 0 in a RA as infinite, causing more troubles when found behind IPv6 CE routers using ULAs in compliance with I-D.ietf-v6ops-ipv6-cpe-router, one example of which is the AVM FritzBox as far as I understand. See also: http://getipv6.info/index.php/Customer_problems_that_could_occur http://fud.no/ipv6/snapshot-20101221/gnuplot/noosx-t10-historic.png My guess is that about 70-80% of the users calling Randy and others to report problems on «World IPv6 Day» will be running Mac OS X. Ray: Do you know if RFC 3484 has been implemented in OS X 10.7? -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27
World IPv6 Day (was: Mac OS X 10.7, still no DHCPv6)
Me: NOC: are you running a macintosh? User: yes, how did you guess? NOC: because it is broken. get vista. btw, i run macosx 10.6.6 Some Clueless Mac Fanchild: While I'm as big a fan of IPv6 as anybody, I think in a comparison of relative brokenness, Mac comes out quite favorably compared to Vista in spite of their DHCPv6 deficiencies. Tore: Absolutely not. Mac OS X does not do proper source address selection according to RFC 3484. That makes it do things like preferring the use of link-local IPv6 addresses when connecting to global dual-stacked destinations, which of course won't work - as a result a 75 second long timeout is incurred for every single outgoing TCP connection. i have hope for lion, and maybe even a patch for 10.6. this stuff just has to be fixed before world ipv6 day. My guess is that about 70-80% of the users calling Randy and others to report problems on «World IPv6 Day» will be running Mac OS X. sad to say, probably not. the biggest problem here in japan is ntt [0]. they provide no global v6 [1], but an ipv6 walled garden against which users will bang heads when they get a quad-a. they own the last km, provide the cpe, and own the government. so we have to use them for transport. our customers will hit their broken implementation and call us. sweet! the isps, in cooperation with ntt, are trying to sort this problem before it occurs. but it is not pretty and there is no good solution. randy --- [0] - not the ntt which provides layers three and above, and even ipv6 in the states and much of asia except japan. this is ntt the telco semi-monopoly local bearer provider in japan and their ngn implementation. [1] - apocrypha of japan being ipv6 rich are utter bs.
Re: Mac OS X 10.7, still no DHCPv6
(I'm just waiting for Apple's lawyers to try an get names out of me...) But yes, it does appear that Apple is addressing the issue: 8 cat /etc/ip6addrctl.conf # default policy table based on RFC 3484. # usage: ip6addrctl install path_to_this_file # # $FreeBSD$ # #Format: #Prefix Precedence Label ::1/128 50 0 ::/0 40 1 2002::/16 30 2 ::/96 20 3 :::0:0/96 10 4 8 On Sun, Feb 27, 2011 at 6:41 PM, Tore Anderson tore.ander...@redpill-linpro.com wrote: * Owen DeLong On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: NOC: are you running a macintosh? User: yes, how did you guess? NOC: because it is broken. get vista. While I'm as big a fan of IPv6 as anybody, I think in a comparison of relative brokenness, Mac comes out quite favorably compared to Vista in spite of their DHCPv6 deficiencies. Absolutely not. Mac OS X does not do proper source address selection according to RFC 3484. That makes it do things like preferring the use of link-local IPv6 addresses when connecting to global dual-stacked destinations, which of course won't work - as a result a 75 second long timeout is incurred for every single outgoing TCP connection. Versions earlier than 10.6.5, still in use by a considerable amount of users, will also prefer the use of 6to4 to IPv4, again something which is causing lots of brokenness. (Windows ICS is responsible for causing lots of OS X hosts to have 6to4 addresses in the first place, though.) OS X also has a bug that will make it interpret a router lifetime of 0 in a RA as infinite, causing more troubles when found behind IPv6 CE routers using ULAs in compliance with I-D.ietf-v6ops-ipv6-cpe-router, one example of which is the AVM FritzBox as far as I understand. See also: http://getipv6.info/index.php/Customer_problems_that_could_occur http://fud.no/ipv6/snapshot-20101221/gnuplot/noosx-t10-historic.png My guess is that about 70-80% of the users calling Randy and others to report problems on «World IPv6 Day» will be running Mac OS X. Ray: Do you know if RFC 3484 has been implemented in OS X 10.7? -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27 -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
DSL/Fiber/MetroE Options for Fort Worth, TX
Hi All, Looking for a provider/contact of a dsl circuit, MetroE, or other 8mbps alternative in the Fort Worth, TX area. Specifically this will be used as internet access for a conference at the Fort Worth Convention center at 1201 Houston St Fort Worth, TX. Sorry for the bandwidth, but we are desperately looking for a provider. Please respond offlist. Thank you, Bobby KF4GTA
Re: Mac OS X 10.7, still no DHCPv6
In a message written on Mon, Feb 28, 2011 at 09:39:24AM +1100, Mark Andrews wrote: Have you *asked* your vendors for a alternate solution? DHCP kills privacy addresses. DHCP kills CGAs. Not true. Some would like to use DHCPv6 to hand a host things like DNS servers, NTP servers, PXE boot information, domain name search paths, and the like. There's no reason once the host gets a DHCP address and that information it can't also generate and use a privacy address or CGA. While this thread has focused on folks who want to use DHCPv6 to preclude these items by for instance having switches and routers filtered to only the allowed address (assigned via DHCP) there's no requirement a network operator do that. DHCP has a couple of hundred defined options. Vendors have tried adding ONE to the RA protocol (DNS servers) as replacement functionality. That leaves them a few hundred options short, in my book. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgppR4vU5BWda.pgp Description: PGP signature
Re: SLA for voice and video over IP/MPLS
On Sun, Feb 27, 2011 at 4:20 PM, Anton Kapela tkap...@gmail.com wrote: On Thu, Feb 24, 2011 at 6:10 PM, Diogo Montagner diogo.montag...@gmail.com wrote: Hello, I am looking for industry standard parameters to base the SLA of one network regarding to voice, video and data application. One won't find many, but a common rule of thumb is most apps will be 'fine' with networks that provide 10E-6 BER or lower loss rates. out of pure curiosity, have you ever gotten a reasonable answer when asking a carrier about this? I can imagine a sale-rep's brain essentially exploding upon asking it. Additionally 'the network' is not 'the path my packets take' ... so what number are you really getting here? -Chris
Re: Mac OS X 10.7, still no DHCPv6
On Sun, Feb 27, 2011 at 4:25 PM, Franck Martin fra...@genius.com wrote: Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? where's my tftp-boot image location? root nfs mount? pick lots of other features used in enterprises today... to flip the coin the other way, what's the harm in dhcpv6? (different strokes and all that) -chris
Re: Mac OS X 10.7, still no DHCPv6
In message 20110228013421.ga32...@ussenterprise.ufp.org, Leo Bicknell writes: In a message written on Mon, Feb 28, 2011 at 09:39:24AM +1100, Mark Andrews= wrote: Have you *asked* your vendors for a alternate solution? =20 DHCP kills privacy addresses. DHCP kills CGAs. Not true. Some would like to use DHCPv6 to hand a host things like DNS servers, NTP servers, PXE boot information, domain name search paths, and the like. And you can do most of that without requiring DHCP for addresses. PXE boot may be the exception. There's no reason once the host gets a DHCP address and that information it can't also generate and use a privacy address or CGA. Except in the senarios being described they are also blocking the other addresses. I would also think setting the M bit would prelude the host from generating such addresses as they are unmanaged. While this thread has focused on folks who want to use DHCPv6 to preclude these items by for instance having switches and routers filtered to only the allowed address (assigned via DHCP) there's no requirement a network operator do that. DHCP has a couple of hundred defined options. Vendors have tried adding ONE to the RA protocol (DNS servers) as replacement functionality. That leaves them a few hundred options short, in my book. Which is what the O bit was for. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Mac OS X 10.7, still no DHCPv6
The documents are done, but, I would argue that neither provides a mature set of features. Yes, they've (sort of) resolved the DNS server issue for SLAAC, but, that's recent and getting it into vendor support will be nice. The lack of NTP and certain other options in SLAAC is still a disappointment and I would argue that a fully matured SLAAC process would include a mechanism for specifying extensible choices of things. For DHCP, the lack of ability to deliver routing policies or recommendations through DHCP is a roadblock for some deployments which is still in place in the documents and should be fixed to produce a mature implementation. Owen On Feb 27, 2011, at 3:23 PM, Joel Jaeggli wrote: On 2/27/11 3:08 PM, Owen DeLong wrote: Look, can we stop arguing about whether someone needs DHCP or not, whether they need SLAAC or not. Let's just get both solutions to a mature and useful state where a network administrator can pick the one that works best for their environment and move on. Devices, routers, OSs, etc. should support both. The IETF should stop letting the two working groups focus on damaging the other protocol and we should stop treating this as a competition or a battle and start treating it as options to accomplish a task. The documents are done at least for sufficient pieces to make it work. it's in the hands of vendors and has been for a while. The simple fact is that if you want to do it a particular way and you have an installed base that doesn't support doing it that way, then you're not doing it that way. Owen On Feb 27, 2011, at 1:25 PM, Franck Martin wrote: Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? - Original Message - From: Matthew Palmer mpal...@hezmatt.org To: nanog@nanog.org Sent: Sunday, 27 February, 2011 4:06:29 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). radvd and rdnssd work together on Linux nicely to provide RDNSS support. Works a treat. - Matt
Sunday Funnies: Using a smart phone as a diagnostic tool
Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) Cheers, -- jra
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 3:41 PM, Tore Anderson wrote: * Owen DeLong On Feb 27, 2011, at 4:21 AM, Randy Bush wrote: NOC: are you running a macintosh? User: yes, how did you guess? NOC: because it is broken. get vista. While I'm as big a fan of IPv6 as anybody, I think in a comparison of relative brokenness, Mac comes out quite favorably compared to Vista in spite of their DHCPv6 deficiencies. Absolutely not. Mac OS X does not do proper source address selection according to RFC 3484. That makes it do things like preferring the use of link-local IPv6 addresses when connecting to global dual-stacked destinations, which of course won't work - as a result a 75 second long timeout is incurred for every single outgoing TCP connection. Versions earlier than 10.6.5, still in use by a considerable amount of users, will also prefer the use of 6to4 to IPv4, again something which is causing lots of brokenness. (Windows ICS is responsible for causing lots of OS X hosts to have 6to4 addresses in the first place, though.) OS X also has a bug that will make it interpret a router lifetime of 0 in a RA as infinite, causing more troubles when found behind IPv6 CE routers using ULAs in compliance with I-D.ietf-v6ops-ipv6-cpe-router, one example of which is the AVM FritzBox as far as I understand. You're talking about IPv6-specific brokenness. I'm talking about overall OS brokenness. On IPv6, yes, Micr0$0ft actually (finally) got something mostly right. On just about everything else... Windows... Nah, can't say I miss it at all. Owen
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/27/2011 06:00 PM, Jay Ashworth wrote: Do you have a smartphone? Blackberry? iPhone? Android? Yes. Had all 3. Android is my only tool now. It's superb. I've used/supported and developed applications for all 3 platforms. Android has been the most pleasant by far. Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? Yes. All the time. For out of band connectivity at customer sites to various diagnostic applications on the phone. If so, what kind of phone, My Touch 3g from t-mobile. and what (if you don't mind letting on) are your magic apps for this sort of work? Built in browser on Froyo (often times need to search something when a network is down), mail client (k9mail). Also netSwissTool. Oh and of course I tether my phone. (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) I keep meaning to pickup a cheap android tablet. Load ubuntu on it (android os is quite nice on a phone. larger system i would prefer to have ubuntu). (before you sneer at me, i've been using linux for almost 15 years, and want something that just works :) - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNayE2AAoJEMvvG/TyLEAtV7oQAI8Ezh8ZUmB4HaAM28gyC4UV aD4KTMSxwDyAKXpGdWzgWMe1kqFcKCmswN4NDhpIkXMi0y1t03B3ZTdlOK+gUYiG i7ZKVD4SusZKJE5QzQpAHPvwQue5Hg1tciD3EeHZHbfg4AhIGF6QnYQFtOdsaPQO WyuTmJ4oNJYqOXCEVmZyEq+kbgl0KEZwhYlDV7kzHFkQSyooYs4+Opq1Evoi0Tbg 9+2vrNpEButSKld2Av2vG+nSXg4Um8qCnU/QepOmHiHcXxC/9KM54xsrABLC66d1 7pc4PncurON8sO6xd0Fzi3mzGHUeaVBqm3V01gT2INOrP0gGE+tYUajoLRmvSmii re0s94Wpaw8WLMYvzLSaOBSJVkFqYPWPyutuj+iYwiKHdqOJhXYXV4jB+tnFXDbB 5Z9U2+WfBpD5WUZrQHhAr/LVRfjE8KPyfFFCQ2bxx78qCQv0KwsLdSFPFnU9gpIj FpAe8V0GAi0nLaItw6sAIsgjgAA52UV0jGYZo6VT0UAKVOQJWe5c6Ofcm3eAZTBi +GAn1Jl8iELbeFkTD+UPNoBCgpz3YuelF4qdhK8mMhjV9Sx1T5PsTwW9nMmQFYpr oOrnOkqUsisz2AHKKg8CvjMeKXA7/od9N6l6Uu0XIlh9+8znbGai2Rs9FbbWquiX /fVRLQ0aSScb6xRF1DLJ =vOOX -END PGP SIGNATURE-
Sunday Funnies: Using a smart phone as a diagnostic tool
I use Android phones, mostly for remote administration. SSH using ConnectBot. If you want a really durable phone, with the option of a little bit of additional functionality, I would take a Motorola Droid 1, throw CyanogenMod on it with a p3droid kernel. The phone itself can survive 3ft falls @ 30 mph (proven myself on accident), the keyboard is very useable, and overall is an amazing phone. You can also use a fair number of command line tools, and add your own statically compiled tools, or dynamically compiled with a bit more work. On Feb 27, 2011 9:03 PM, Jay Ashworth j...@baylink.com wrote: Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) Cheers, -- jra
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
Related topic - ACM's CHIMIT (Computer Human Interfaces for the Management of Information Technology) workshop 2010 was co-located with the Usenix LISA conference this year (http://www.chimit10.org/home.html); I was on a panel discussion on mobile devices in system administration. This topic and the workshop could use more networking people participation. On Sun, Feb 27, 2011 at 6:00 PM, Jay Ashworth j...@baylink.com wrote: Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) Cheers, -- jra -- -george william herbert george.herb...@gmail.com
Re: SLA for voice and video over IP/MPLS
Hi Chris, I never got this answer. Chris, Tim, Anton and Martin, thank you for all inputs. Really appreciate them. Thanks ./diogo -montagner On Mon, Feb 28, 2011 at 9:42 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Sun, Feb 27, 2011 at 4:20 PM, Anton Kapela tkap...@gmail.com wrote: On Thu, Feb 24, 2011 at 6:10 PM, Diogo Montagner diogo.montag...@gmail.com wrote: Hello, I am looking for industry standard parameters to base the SLA of one network regarding to voice, video and data application. One won't find many, but a common rule of thumb is most apps will be 'fine' with networks that provide 10E-6 BER or lower loss rates. out of pure curiosity, have you ever gotten a reasonable answer when asking a carrier about this? I can imagine a sale-rep's brain essentially exploding upon asking it. Additionally 'the network' is not 'the path my packets take' ... so what number are you really getting here? -Chris
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
On Sun, Feb 27, 2011 at 09:00:18PM -0500, Jay Ashworth wrote: Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) Cheers, -- jra Nokia N900. Slide-out, physical keyboard. Debian Linux based OS. Fair amount of free packages/apps available and then there's always GCC. No hackery needed for full system access. IPV6 capable and actually working on T-Mobile. Not quite as slick as newer Android phones and iPhones but more of a workhorse. LaDerrick
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
On 2/27/2011 9:00 PM, Jay Ashworth wrote: Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? I have a Droid2 with the WiFi Analyzer freebie app by Kevin Yuan. Compared to dragging around a real analyzer, it's helpful in the field. Certainly haven't gone to any great lengths to find more, or purposefully use my phone as a test device, but at least that one is handy (was discovered by our WiFi guy) and the price is right. Jeff
Re: SLA for voice and video over IP/MPLS
On Sun, Feb 27, 2011 at 9:33 PM, Diogo Montagner diogo.montag...@gmail.com wrote: Hi Chris, I never got this answer. I suspect you won't... at least not a reasonable/usrful answer.
Re: Mac OS X 10.7, still no DHCPv6
On Feb 27, 2011, at 10:25 25AM, Dobbins, Roland wrote: On Feb 27, 2011, at 10:22 PM, Mikael Abrahamsson wrote: Which is one of the reasons why some of us want DHCPv6 support in hosts. Also for traceback when hunting down compromised/abusive hosts. You really need to look at switch logs for that, even with IPv4: http://www.cs.columbia.edu/~smb/talks/arp-attack.pdf Also don't forget privacy-enhanced addresses. We all know that bad guys make up addresses whenever it suits their needs. (I'm part of an ongoing discussion about a currently-active series of incidents, all relying on spoofed source addresses.) DHCP logs or configurations are not going to help against the folks we really care about. For the ankle-biters -- well, SLAAC is better in many ways, since the IP address itself tells you the MAC address, which makes applying filters so much easier... I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and ending up with equivalent effort. I am saying that security is not a strong argument. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
Jay Ashworth wrote: Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) Cheers, -- jra Please get one that has a mail app that posts to these lists correctly.g
Re: Mac OS X 10.7, still no DHCPv6
On Sun, Feb 27, 2011 at 5:16 PM, Ray Soucy r...@maine.edu wrote: This seems to have upset at least one Apple engineer who dropped the NDA bomb on me; while he didn't confirm it was there, he did imply it, and it did make me have people give a second look. (I tried to get him to admit it but he's obviously been through Apple secret keeping training). If work on DHCPv6 or other common tools are obscured by NDA, and thus information is not available to potential customers, and IT departments who must plan to support those customers, Apple is at fault, not Ray or anyone else. There is a lesson for Apple here. Secrets are cool and there is often a legitimate need to keep new features under wraps until you are actually ready to ship them (competition, delays, whatever.) Somehow, I don't think Steve Jobs is going to give a presentation on DHCPv6, and I doubt Apple's decision to ship it with their OS is going to cause Microsoft or other competitors to .. do anything differently. Obscuring some things behind NDA is good for business. IPv6 matters (specific to DHCPv6 or otherwise) are not among those things, and Apple ought to take notice of this very discussion and make their intentions and progress more public, so IT departments know what to expect. Secrecy is good for business, except when it's not. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 27 Feb 2011, Steven Bellovin wrote: I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and ending up with equivalent effort. I am saying that security is not a strong argument. Well, rest assurend that you have plenty of people disagreeing with you. The again your views are shared by a lot of people for IPv4 as well, thus meaning it took until now before the IETF even hade a SAVI like working group to handle the security issues that has been around since forever but that was solved for IPv4 outside of IETF around 10 years ago but stil has no widespread implementation for IPv6 (but it's getting there). -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Mac OS X 10.7, still no DHCPv6
On Feb 28, 2011, at 10:47 AM, Steven Bellovin wrote: You really need to look at switch logs for that, even with IPv4: http://www.cs.columbia.edu/~smb/talks/arp-attack.pdf And flow telemetry, and so forth, yes. With BCP deployment in terms of anti-ARP-spoofing and DCHP snooping/source guard, traceback becomes whole lot easier. Also don't forget privacy-enhanced addresses. Yes, which have extremely negative opsec connotations in terms of complicating traceback. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com The basis of optimism is sheer terror. -- Oscar Wilde
Re: Mac OS X 10.7, still no DHCPv6
Oh... did not know about the heavy baggage... No, when I first played with IPv6 only network, I found out that RD was silly, it gives an IP adddress but no DNS, and you have to rely on IPv4 to do that. silly, so my understanding is then people saw the mistake, and added some DNS resolution... Because the only option was to get DHCPv6 to get the DNS, but then why create RD in the first place? So I found this whole saga, to put it mildly stupid, like when people were talking about migrating to IPv6 but the root servers did not even have an IPv6 address: silly! So I really don't care between RD and DHCPv6, what I care, is that they should be able to do their job correctly on their own. - Original Message - From: Owen DeLong o...@delong.com To: Franck Martin fra...@genius.com Cc: Matthew Palmer mpal...@hezmatt.org, nanog@nanog.org Sent: Sunday, 27 February, 2011 6:08:28 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 Look, can we stop arguing about whether someone needs DHCP or not, whether they need SLAAC or not. Let's just get both solutions to a mature and useful state where a network administrator can pick the one that works best for their environment and move on. Devices, routers, OSs, etc. should support both. The IETF should stop letting the two working groups focus on damaging the other protocol and we should stop treating this as a competition or a battle and start treating it as options to accomplish a task. Owen On Feb 27, 2011, at 1:25 PM, Franck Martin wrote: Yes I don't understand why we need DHCPv6, true RD did not have DNS information to pass, but that is fixed, no? - Original Message - From: Matthew Palmer mpal...@hezmatt.org To: nanog@nanog.org Sent: Sunday, 27 February, 2011 4:06:29 PM Subject: Re: Mac OS X 10.7, still no DHCPv6 On Sun, Feb 27, 2011 at 08:56:33AM -0500, Ray Soucy wrote: Mac OS X 10.7 does support RDNSS (RFC 5001) so it is able to get DNS server information in an IPv6-only environment. Of course nobody else has implemented that yet, making Apple a special case host once again (I don't even think Cisco supports the option in their T series yet). radvd and rdnssd work together on Linux nicely to provide RDNSS support. Works a treat. - Matt
Re: Mac OS X 10.7, still no DHCPv6
there are two replies here. --- Christopher Morrow morrowc.li...@gmail.com writes: ..., what's the harm in dhcpv6? (different strokes and all that) only the egos and reputations of those who said that stateless autoconf was all ipv6 needed. (which is a small price to pay, according to me.) --- Dobbins, Roland rdobb...@arbor.net writes: On Feb 28, 2011, at 10:47 AM, Steven Bellovin wrote: Also don't forget privacy-enhanced addresses. Yes, which have extremely negative opsec connotations in terms of complicating traceback. /64 csma subnets with low order 64 bits controlled by infectable pc's means we'll be blackholing by /64 when we blackhole in ipv6. it's no big deal. -- Paul Vixie KI6YSY
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
I have a Droid2 with the WiFi Analyzer freebie app by Kevin Yuan. i run it on a nexus one. way coolquite useful. i just can't excuse the $600 cost of a wi-spy. but it sure would be nice to have a general rf peek at the wifi ranges. two weeks ago, in hk, we had rf interference that essentially killed the wifi, but it did not show on wifi analyzer. randy
Re: Mac OS X 10.7, still no DHCPv6
I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and ending up with equivalent effort. add noc and doc costs of all changes, please randy
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
On 2/27/11 10:09 PM, Randy Bush wrote: I have a Droid2 with the WiFi Analyzer freebie app by Kevin Yuan. i run it on a nexus one. way coolquite useful. i just can't excuse the $600 cost of a wi-spy. http://ubnt.com/airview 2.4ghz model is more Like $50 and works nearly as well as the wi-spy. wi-spy DBx is stll about the cheapest I've seen for a 5ghz spectrum analyzer, and is worth it for that alone but the interference problem you're trying to nip in the bud is is likely in 2.4ghz anyway. but it sure would be nice to have a general rf peek at the wifi ranges. two weeks ago, in hk, we had rf interference that essentially killed the wifi, but it did not show on wifi analyzer. randy
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
On 2/27/2011 4:00 PM, Jay Ashworth wrote: Do you have a smartphone? Blackberry? iPhone? Android? Android, a Nexus One. Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? Absolutely, I use it on a regular basis. ConnectbotSSH is small, simple and just works. Integrated VPN on the OS enables me to get in safe and secure, then I can ssh to whatever box I need to. There are various password safe types of programs with native smartphone apps (mostly Android and iPhone as far as I'm aware). USB Tethering and Wireless Hotspot ability (currently no extra charge on T-Mobile network) also enable me to do a quick bit of easy checking from outside infrastructure without need for a separate 3G dongle or similar. (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) I think ultimately I'd prefer a physical keyboard on my phone. Most of the time it's fine with a touch-screen keyboard, texting, e-mailing and surfing, when the keyboard can predict what you're typing (alternative keyboard swiftkey is excellent and learns from SMSs etc.) However with ssh it can occasionally be a little irritating (alternative keyboard Full Keyboard helps.) I'd be a lot faster with a physical keyboard. I often still keep my old Nokia Internet Tablet around, just in case, then pair it to my phone using wifi. Paul
Re: Mac OS X 10.7, still no DHCPv6
On Sun, 2011-02-27 at 12:30 -1000, Antonio Querubin wrote: On Mon, 28 Feb 2011, Karl Auer wrote: Well - that draft very recently (i.e., only a few months, if that) became standards track, so it'll be a while before it's built into everything as a matter of course, but yes, it's fixed. RFC 6109. ^ Maybe you mean RFC 6106? Er - yes. Thanks :-) It comes from being south of the equator - we have to concentrate really hard on the 6 vs 9 thing. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part
Re: Mac OS X 10.7, still no DHCPv6
On Mon, 2011-02-28 at 09:39 +1100, Mark Andrews wrote: DHCP kills privacy addresses. DHCP kills CGAs. For temporary addresses couldn't a client clamp the upper limits of its received lifetimes to the desired lifetimes, then rebind instead of renew, sending a DECLINE if it gets the same address (as it presumably will)? The temporaryness would then be pretty much in the hands of the client (arguably where it belongs). That does kill the privacy aspect of temporary addresses, at least locally. Perhaps that is only a partial loss, as the addresses would still be private as far as the wider world was concerned. How does ISC DHCPv6 allocate addresses? Random, sequential...? Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
On Mon, Feb 28, 2011 at 2:00 AM, Jay Ashworth j...@baylink.com wrote: Do you have a smartphone? Blackberry? iPhone? Android? Try a Nokia N900 Maemo device, Brief History it is a pet project of Nokia, it is 100% Linux (Debian Based), you don't need to hack it or do anything or install any apps on it, full Linux ie, ssh, lamp stack , name it, you can get it for about $300 this a full fledge site for it http://maemo.org/ Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? yes if ur a real IT person and your very well versed in terms of knowledge and you use gadgets then you should know it is a swiss knife among all mobile devices. If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? Android, BB, iOS are cool OS but compared to a real Linux OS stack (Debian) you can easily compare the difference, with N900 you don't need all those APP markets you have all the apps develop for Linux at your disposal, just use apt-get and then ur done. (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) HTC thunderbolt is not a bad looking phone. one most important thing about all the mobile phone devices out there it is only Nokia that support full networking stack of IPV6 on it no hacking needed to get it running. Cheers, -- jra
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
Joel Jaeggli wrote: On 2/27/11 10:09 PM, Randy Bush wrote: I have a Droid2 with the WiFi Analyzer freebie app by Kevin Yuan. i run it on a nexus one. way coolquite useful. i just can't excuse the $600 cost of a wi-spy. http://ubnt.com/airview 2.4ghz model is more Like $50 and works nearly as well as the wi-spy. wi-spy DBx is stll about the cheapest I've seen for a 5ghz spectrum analyzer, and is worth it for that alone but the interference problem you're trying to nip in the bud is is likely in 2.4ghz anyway. but it sure would be nice to have a general rf peek at the wifi ranges. two weeks ago, in hk, we had rf interference that essentially killed the wifi, but it did not show on wifi analyzer. randy If you need some directionality (and more gain), get the AirView-EXT model and get one of these: http://www.superpass.com/SPDG11F.html Mine came without the S/S mounting plate and I just velcroed the thing to the lid of the laptop (~4x2x1 in.). I also have a higher gain omni that goes on the same velcro, so after you identify the interference, switch to the Sector ant. to get the direction if needed. --Michael
Re: Mac OS X 10.7, still no DHCPv6
On Mon, 2011-02-28 at 12:57 +1100, Mark Andrews wrote: Except in the senarios being described they are also blocking the other addresses. I would also think setting the M bit would prelude the host from generating such addresses as they are unmanaged. I think the M flag says you can get an address via DHCP - it doesn't say and don't get an address via any other means. From RFC 4861: M 1-bit Managed address configuration flag. When set, it indicates that addresses are available via Dynamic Host Configuration Protocol [DHCPv6]. If you want to disable SLAAC, you instead use the AdvAutonomousFlag in the Prefix Information option included for the given prefix in the link's Prefix List. DHCP has a couple of hundred defined options. Vendors have tried adding ONE to the RA protocol (DNS servers) as replacement functionality. That leaves them a few hundred options short, in my book. Which is what the O bit was for. Welll - the number of options defined so far for DHCPv6 is very small compared to the number of options defined for DHCPv4. I think that's what Leo meant. The O bit will avail you naught if you want, for example, a boot server address. I do think though, that assuming DHCP is the way to get some of these things might be shooting from the hip. Perhaps there is a better way, with IPv6? The difficulty is that now everyone is in a tearing hurry; they just want everything to work the exact same way, and they want it NOW. There is suddenly no time to work out better ways. And goodness knows there must be a better way to boot a remote image than delivering an address via DHCP! With apologies to the musical Keating: Give us back our comfy little network Take us back to safer days of yore Nothing alien or scary, la-di-da or airy-fairy Just put it back the way it was before... Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part