Re: Question about migrating to IPv6 with multiple upstreams.
Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven: I have an interesting situation at a business that I am working on. We currently have the office set up with redundant connections for their mission critical servers and such, and also have a (cheap) cable modem for general browsing on client machines. So basically policy routing? The interesting part is that the client machines need to access some customer networks via the main redundant network, so we have a firewall set up to route those connections via the redundant connections, and everything else via the cheaper, faster cable modem. NAT is used on both outbound connections. Yep that sounds like policy routing. With IPv6, we are having some trouble coming up with a way to do this. Since there is no NAT, does anyone have any ideas as to how this could be accomplished? Sure there is NAT, you can use prefix translation to translate your Global Address Range from the redundant ISP to the Cable ISP Global address range when leaving that interface. I've run a similar setup with 3 independent ISPs with IPv6 netblocks. Whichever connection the traffic went out it got the right GUA mapped onto it. Note that this is 1:1 NAT and not N:1. In my case there was no primary GUA range, I used a ULA on the LAN side of things, and mapped the corresponding GUA onto it when leaving the network. I had 3 rules, 1 for each WAN and mapped the ULA/56 to the GUA/56. In your case you already have a primary connection of sorts, so I'd suggest using that on the LAN side and only map the other GUA onto it when it leaves the other interfaces. The policy routing rules on your firewall can make all the routing decissions for you. If you search google for IPv6 network prefix translation there will be a firewall listed that can do this somewhere in the middle of the page. Cheers, Seth
Re: Yup; the Internet is screwed up. - Land Assistance...
On 12/06/2011 1:42 a.m., Lynda wrote: Mostly, I've just ignored this, As do I with most treads on this list. However I found the link in the OP's post offensive on so many different levels that I choose to put some comment in with a great deal of subtly and hopefully a little humour. Clearly, judging by the off list comments I got, some people got it and some people didn't. I'm not sure which comment in the OPs link I found most offensive, but the suggestion that most folk in small rural American towns are drug dealers and addicts was up there with the suggest that the entire reason for poor broadband in USA is the sole fault of ATT. Perhaps that's not what the article was saying. However it is the impression I took from what I read, which is what compelled me to comment. I confess that I didn't even read the entire article... by the time I got though reason 2, I was already offended enough. since it wasn't really contributing to a solution for anything I could see, and wasn't finding it as amusing to read as the author did to write. This statement, however, needs a bit of changing, sir. I am sorry the humour was lost on you. :) I did change the subject heading on purpose, specifically so people, who weren't interested in the obvious direction of the thread, could simply ignore it. I'd say that people in rural America (many of whom are my neighbors) are adept at making do, and very clever at finding solutions to the problems that the author of this piece did not. Agreed. As I come from a country that has an extremely large rural economic component and is as far from market as we are, I very much understand the need to adept and make do. Please note that the author seems to be yet another transplanted city boy, and as such, might not have been aware of how to solve this problem quickly, and in the most expedient manner, but that does not mean you should lump rural America in one large bucket... No it does not mean you should lump rural people in any bucket, being the whole point, of my first post, by suggesting that I should get help with setting up a farm in the centre of down town Manhattan, from the list. Again, it's up there with the suggestion that the only way to get broadband in rural America is to wait until one of your drugged out neighbours dies from an over dose and you can then take over the free port on the DSLAM. I should also point out that the author of the article isn't even *in* a rural setting. Contrary to popular belief, living in a small town is not rural. I've lived 5 five miles out of town, and we barely considered that rural. We had neighbors less than a quarter mile walk away. I've lived in a country where it take 3 hours to drive to your next closes neighbour, while in my own country we call a town rural when it has 3,000 people in it and the housing density is not far off the urban suburb I live in today - at which point we seem to currently consider they don't need ftth and 5mbit's of contended mobile broadband is more than enough. In addition (since my annoyance factor seems to be set on high), I'm a bit curious as to how someone living in New Zealand is so concerned with broadband access in the US. I'm interested in broadband access around the world, not just the USA. New Zealand culture is very influenced by the United States. The United States is a large trading partner from our point of view. What you do in the USA has global impact. For example if the USA says it's ok for rural folk not to have decent broadband then out countries around the world, such as my own, point to the USA as a point of reference. Same if you decide that every farmer must have 100Gbe connections. D
Re: Yup; the Internet is screwed up.
On 12/06/2011 1:02 p.m., Owen DeLong wrote: On Jun 11, 2011, at 15:16, Jeroen van Aartjer...@mompl.net wrote: Randy Bush wrote: some of us try to get work done from home. and anyone who has worked and/or lived in a first world country thinks american 'broadband' speeds are a joke, even for a home network. I understand, but I was referring to the average home internet connection. But even for work 100Mbps seems a bit overkill for most purposes. Whole offices work fine with a mere bonded T1 at 10Mbps. Admitted it's symmetrical and is more stable. But regarding speed it's quite a bit slower than the mentioned 100Mbps home internet. Depends on the office and the user profile at home. I would be very unhappy and so would my coworkers behind a bonded T1 at 10 Mbps. However, I do admit I think my 70 Mbps at home will probably be adequate for a few years to come. Some may find this of interest: http://home.bowenvale.co.nz/wp/apps.gif and this... http://forums.whirlpool.net.au/forum-replies.cfm?t=1515155 (Is there an NBN Killer App? - Australians talking about what they might use the FTTH for). With respect to home v's office, 100 v's 10... Applications such as back up may not even be attempted online in an office, which is why 10mbit is fine. As I said earlier, BIR is what 100mbit is about. In an office you have computers on for 8 hours a day. With QoS you can push data out in a controlled way. For example, when you send a 10mb email, it transfers to the office mail server 'instantly' and is then streamed out at what ever speed the QoS is letting port 25 run at. At home when you send 10mb it goes direct to the ISPs SMTP server and saturates the uplink while that's happening or QoS slows it down and the customer has to wait while their computer 'sends' the message. BIR is also about user experience. We know that when we give users a better experience they stay longer. See: http://home.bowenvale.co.nz/wp/sam where Sam Morgan talks about making sure that TradeMe.co.nz is fast so that users will stick about and use it more. At work you have limited choice. If it's slow, but you have to use it, then you will. Where as at home if it's slow, you'll give up and go read a book. Also at home we're more likely to make massive volumes of content, for example a simple photo shoot with your kid on your new digital camera can chew up 1gb in minutes (my 10mpx camera uses 1gb -- 220 shots which I can shoot off at a birthday party without even trying). How often do businesses produce that volume of content?
Re: Yup; the Internet is screwed up.
100mbit is not luxury, it's something my business needs all it's customers to have to drive more uptake of my services. My customers already have 10/1 today. Now I need them to have 100/40 so they have a reason to buy other CPE that in turn drives my business. See: http://home.bowenvale.co.nz/wp/apps.gif On 01/1 we can't even use half those apps. Which means there is no market for any of the CPE that those apps require. That CPE is a massive global economic driver. With out the ability to use the CPE there is no driver for further development of that CPE. The basic POTS telephone has stayed the same for 3 decades. There is just about no work for anyone designing POTS CPE, there was work 3 decades ago. 4 Decades ago parents around the globe were told that IT and computers where the future. We have to keep growing our data delivery systems in order to keep pushing IT forward. Is a job in IT a luxury? On 12/06/2011 10:20 a.m., Jeroen van Aart wrote: Matthew Palmer wrote: Well, you probably live in a premises with only a couple of people. A household with the standard 2.3 kids might need to stream 4.3 TV channels, Right, but now you're talking about the luxury aspect of it. And then all bets are off. The necessity would already be fulfilled with a lower speed.
Re: The stupidity of trying to fix DHCPv6
On Sat, Jun 11, 2011 at 12:41:17PM -0400, Kevin Loch wrote: VRRPv3 (http://tools.ietf.org/html/rfc5798) is still a bit broken in that it makes mention of MUST advertise RA's That's unintentional as per recent discussion on IETF VRRP mailing list where I seeked for clarification as JUNOS complains on every commit about no RAs for VRRP units. See http://www.ietf.org/mail-archive/web/vrrp/current/msg01447.html and response. I have yet to draft the RFC Erratum clarifying that unintentional interpretation. and inexplicably limits VRRP addresses to link local only (?!)*. I cannot see that in RFC5798, and implementations and operational experience differs. VRRP communications itself is via link-local addresses. There is a requirement to have a link-local virtual address as well, but there might be many more, e.g. global scope. Otherwise a whole lot of IPv6 VRRP setups won't be working here. :) We use global scope addresses as VRRP virtual router addresses. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: The stupidity of trying to fix DHCPv6
On Fri, Jun 10, 2011 at 09:12:26PM -0700, Owen DeLong wrote: You must have RA to at least tell you: Default Router Go ask the DHCP server (M and/or O bit) As it currently stands, an RFC-compliant host will not attempt to solicit a DHCP response unless it receives an RA with the M inclusive-or O bits set. RFC 4862 seems to acknowledge otherwise: 5.5.2. Absence of Router Advertisements Even if a link has no routers, the DHCPv6 service to obtain addresses may still be available, and hosts may want to use the service.[...] Could you point to any RFC which implies or explicitly states that DHCPv6 MUST NOT be used in absence of RA with M and/or O=1? Regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
Re: The stupidity of trying to fix DHCPv6
On 11 jun 2011, at 16:39, David Conrad wrote: There is no point in repeating all the IPv4 mistakes with IPv6, if that's what you want, stay on IPv4. As should be apparent by now, the vast majority of people don't want to move to IPv6. They simply want access to the Internet. ISPs are looking for the easiest/cheapest way to do this, which generally means the way they've done it in the past. Forcing them to change simply slows things down. Ok, removed my snarky comments on trying to be fast this late in the game. The problem is changing DHCPv6 so people want to deploy it more means waiting a couple of years for the changes to start appearing and then many more years for the non-changed systems to disappear. How doing this makes anything faster is a mystery to me. People just have to get over the fact that IPv6 is different from IPv4 in some regards and it's too late now to change that, because we're already way behind deploying IPv6 before the IPv4 addresses run out.
Re: The stupidity of trying to fix DHCPv6
On 11 jun 2011, at 17:05, Owen DeLong wrote: Your doctor doesn't just give you the medicine you ask for either. You are not talking about a doctor/patient scenario here where the doctor is an expert and the people asking for this have no medical training. Here, we are talking about requirements coming from network engineers that are every bit as skilled as you are in the field and every bit as capable of making informed decisions about the correct solution for their environment. It's true that the patient also knows some stuff here. There's a lot of bitching here on the NANOG list about how operators get no respect at the IETF. But that's a two-way street. There's also tons of people in operations who have no appreciation to what the IETF brings to the table. Operators tend to see issues in isolation, or at the very least only see the connections that are relevant to their environment. The IETF has to take into consideration all possible environments. Sometimes things that seem a clear win in a constrained environment could be a disaster if they were used all over the internet. You know what they say: a doctor who treats himself has a fool for a patient. Yes, I'm well familiar with your level of arrogance. Yes, I know I stick out like a sore thumb in these humble parts. BTW, I first went to the IETF 10 years ago and didn't encounter such an attitude (although many others I didn't like). Good for you. Did you try proposing anything that was contrary to the current religion at the time or did you join the ivory tower biggots in supporting solutions that work better in theory than in operational reality and embrace their bold new failure to address major concerns (such as scalable routing) while focusing on irrelevant minutiae such as 8+8 vs. GSE? Judge for yourself: http://www.muada.com/drafts/draft-van-beijnum-multi6-isp-int-aggr-01.txt Let me wrap up this discussion with the following: IPv6 address configuration is a house of cards. Touch it and it all comes crashing down. DHCPv6 has a number of significant flaws, and the interaction between DHCPv6 and router advertisements only barely makes sense. All of this makes it seem like a good idea to tweak stuff to make it better, but in reality that's a mistake: it just means more opportunities for things to fail. What we need is to rethink the host configuration problem from the ground up, starting at the host and what it should do when it sees its interface come up. One model that seems attractive here is the on the iPhone uses, where you can modify the IP configuration on a per-wifi network basis. If we can apply this kind of logic to wired networks, too, then suddenly we're no longer limited to having one monolithic set of client side behavior that must always be followed, but we can be much more flexible.
Re: The stupidity of trying to fix DHCPv6
On 12 jun 2011, at 12:35, Daniel Roesen wrote: Could you point to any RFC which implies or explicitly states that DHCPv6 MUST NOT be used in absence of RA with M and/or O=1? But what's the alternative? Always run DHCPv6 even if there are no router advertisements or router advertisements with O=0, M=0? Like I said before, that would pollute the network with many multicasts which can seriously degrade wifi performance. And networks without RAs are very common. We call those networks IPv4-only networks. And in the current situation DHCPv6 without router advertisements is pointless because you may get an address, but you have no place to send your packets.
Re: IPv6 and DNS
2011/6/11 Matthew Palmer mpal...@hezmatt.org The router isn't assigning an address, it's merely telling everyone on the segment what the local prefix and default route is. As such, there's no reason why the router should try to register a DNS entry. On the other hand, the host could (and should) register it's address with whatever DNS server handles it's name. The protocol for such is already standardised and should be independent of IPv4/IPv6. - Matt Thanks Matt. I was thinking about something like this, it looks the natural way to go, but isn't too dangerous allow hosts to update entries (even if it's their own) in an DNS server ? I preferred to believe that a router would do this because routers are considered to be more reliable than a hosts. In the other hand, I also recognize that this could put a lot of weight in routers' CPU processing. Do you mind to point me out where can I find infos about this protocol that is being standardised ? Fábio
Re: IPv6 and DNS
On 12 Jun 2011, at 09:38, Fabio Mendes wrote: 2011/6/11 Matthew Palmer mpal...@hezmatt.org The router isn't assigning an address, it's merely telling everyone on the segment what the local prefix and default route is. As such, there's no reason why the router should try to register a DNS entry. On the other hand, the host could (and should) register it's address with whatever DNS server handles it's name. The protocol for such is already standardised and should be independent of IPv4/IPv6. - Matt Thanks Matt. I was thinking about something like this, it looks the natural way to go, but isn't too dangerous allow hosts to update entries (even if it's their own) in an DNS server ? I preferred to believe that a router would do this because routers are considered to be more reliable than a hosts. In the other hand, I also recognize that this could put a lot of weight in routers' CPU processing. Routers route packets, otherwise they would be called registrars or something like that. -as
Re: The stupidity of trying to fix DHCPv6
In a message written on Sun, Jun 12, 2011 at 01:04:41PM +0200, Iljitsch van Beijnum wrote: But what's the alternative? Always run DHCPv6 even if there are no router advertisements or router advertisements with O=0, M=0? Yes. Like I said before, that would pollute the network with many multicasts which can seriously degrade wifi performance. Huh? This is no worse than IPv4 where a host comes up and sends a subnet-broadcast to get DHCP. I have never heard of a network brought to its knees from these requests. A single packet each time a host boots is hardly a high PPS rate. And networks without RAs are very common. We call those networks IPv4-only networks. No, we call those server networks. I've seen lots of IPv6 networks with RA's disabled and all static devices on them. Sometimes having hosts dynamically get addresses and default routes is a bad thing. And in the current situation DHCPv6 without router advertisements is pointless because you may get an address, but you have no place to send your packets. Which is what we would like to fix. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgp42BwastNEI.pgp Description: PGP signature
Re: IPv6 and DNS
dynamic dns update has been done by hosts for some time... http://www.ietf.org/rfc/rfc2136.txt On Jun 12, 2011, at 5:38 AM, Fabio Mendes wrote: 2011/6/11 Matthew Palmer mpal...@hezmatt.org The router isn't assigning an address, it's merely telling everyone on the segment what the local prefix and default route is. As such, there's no reason why the router should try to register a DNS entry. On the other hand, the host could (and should) register it's address with whatever DNS server handles it's name. The protocol for such is already standardised and should be independent of IPv4/IPv6. - Matt Thanks Matt. I was thinking about something like this, it looks the natural way to go, but isn't too dangerous allow hosts to update entries (even if it's their own) in an DNS server ? I preferred to believe that a router would do this because routers are considered to be more reliable than a hosts. In the other hand, I also recognize that this could put a lot of weight in routers' CPU processing. Do you mind to point me out where can I find infos about this protocol that is being standardised ? Fábio
Re: IPv6 and DNS
On Sat, Jun 11, 2011 at 9:04 PM, Matthew Palmer mpal...@hezmatt.org wrote: On Sat, Jun 11, 2011 at 10:30:26PM -0300, Fabio Mendes wrote: The router isn't assigning an address, it's merely telling everyone on the segment what the local prefix and default route is. As such, there's no reason why the router should try to register a DNS entry. However, it would be logical to extend the DHCPv6 protocol to allow for registration of the workstation address in DNS by the DHCPv6 management server to be requested (similar to DHCPv4). The DHCPv6 management server needs to become aware of new IP addresses already to send ordinary unicast responses, and a DHCPv6 server is a central server that can be entrusted with the capability to update DNS records, with no need for overtrusting each individual client, or requiring a complicated authentication scheme on DNS servers, for clients to update DNS records corresponding to their own hostname, without each client's credentials being capable of updating any other machine's DNS entry. -- -JH
Re: The stupidity of trying to fix DHCPv6
On Sun, Jun 12, 2011 at 01:04:41PM +0200, Iljitsch van Beijnum wrote: On 12 jun 2011, at 12:35, Daniel Roesen wrote: Could you point to any RFC which implies or explicitly states that DHCPv6 MUST NOT be used in absence of RA with M and/or O=1? But what's the alternative? Always run DHCPv6 even if there are no router advertisements or router advertisements with O=0, M=0? That would seem to be the logical outcome, yes. Like I said before, that would pollute the network with many multicasts which can seriously degrade wifi performance. Regardless of it's potential downsides, the issue at hand was the RFC compliance of such a setup. Owen DeLong contended that: On Fri, Jun 10, 2011 at 09:12:26PM -0700, Owen DeLong wrote: As it currently stands, an RFC-compliant host will not attempt to solicit a DHCP response unless it receives an RA with the M inclusive-or O bits set. Daniel was merely requesting a reference for that assertion. If you have one, I'm sure Daniel (and Owen) would appreciate it. - Matt
Re: IPv6 and DNS
On Sun, Jun 12, 2011 at 09:38:32AM -0300, Fabio Mendes wrote: 2011/6/11 Matthew Palmer mpal...@hezmatt.org The router isn't assigning an address, it's merely telling everyone on the segment what the local prefix and default route is. As such, there's no reason why the router should try to register a DNS entry. On the other hand, the host could (and should) register it's address with whatever DNS server handles it's name. The protocol for such is already standardised and should be independent of IPv4/IPv6. I was thinking about something like this, it looks the natural way to go, but isn't too dangerous allow hosts to update entries (even if it's their own) in an DNS server ? What are the hazards and risks? I preferred to believe that a router would do this because routers are considered to be more reliable than a hosts. Reliable, or trusted? Do you mind to point me out where can I find infos about this protocol that is being standardised ? RFC2136. - Matt
Re: IPv6 and DNS
On Sun, Jun 12, 2011 at 08:59:50AM -0500, Jimmy Hess wrote: On Sat, Jun 11, 2011 at 9:04 PM, Matthew Palmer mpal...@hezmatt.org wrote: The router isn't assigning an address, it's merely telling everyone on the segment what the local prefix and default route is. As such, there's no reason why the router should try to register a DNS entry. However, it would be logical to extend the DHCPv6 protocol to allow for registration of the workstation address in DNS by the DHCPv6 management server to be requested (similar to DHCPv4). I don't believe we were talking about DHCPv6, we were talking about SLAAC. And I *still* think it's a better idea for the client to be registering itself in DNS; the host knows what domain(s) it should be part of, and hence which names refer to itself and should be updated with it's new address. - Matt
Re: Strongest Solar Tsunami in Years to Hit Earth Today
On Fri, Jun 10, 2011 at 8:11 PM, Matthew Palmer mpal...@hezmatt.org wrote: On Fri, Jun 10, 2011 at 03:22:59PM +0300, Hank Nussbacher wrote: http://www.ibtimes.com/articles/159964/20110609/nasa-solar-flare-tsunami-earth-sun-radio-satellite-interference-aurora-displays-coronal-mass-ejectio.htm Someone should tell the IB Times that Tsunami doesn't mean anything big and destructive. Oh, and that popup ads are *s* 1997. While you're at it you might want to let NASA know too... http://www.nasa.gov/mission_pages/stereo/news/solar_tsunami.html Scott
Re: Yup; the Internet is screwed up.
On 6/12/11 1:04 PM, Christopher J. Pilkington wrote: On Jun 11, 2011, at 7:07 PM, Roy wrote: On 6/11/2011 4:29 PM, Christopher Pilkington wrote: Options seem to be limited to HughesNet and dial for the moment, but things may change if I put a tower on the property. HughesNet seems to relax it's bandwidth cap between 2am and 7am, which is helpful, but still a great shift from what I'm used to at the current residence (15/2). No 3G cellphone service? 3G at this location is marginal at best (stand on a hill and hold the phone up above your head.) That said, are there 3G radios that permit external antennas or are well suited to being sealed up in a weatherproof box and being placed on a pole/tower? 3G would get us around the 200-300MiB/day issue, but I'm fairly certain I'll be dealing with similar monthly caps. I can really hope for a wISP nearby, but so far my research hasn't turned up anything. Is there some wISP marketplace/directory about? The final option would be to unofficially put hardware on the roof of my office 50km away with some high-gain antennas, but the path is marginally LOS, I think I might need a very large tower at either end. -cjp www.wispa.org is probably the largest organization.Every state in the US has a broadband mapping project that should be able to tell you who is in the area and what options you have (assuming that you are in the US which might not be true). If there are no other providers around (or they don't do a good job) it's not that hard to build your own. It doesn't take a very large population density to make a viable business. Just don't try to build a wISP with 802.11x equipment. A properly built wISP network competes quite well with HFC networks in speed and reliability. The technology is evolving quickly with capacity and reliability making significant gains. -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015
Re: IPv6 day fun is beginning!
You might want to consider 655 or 825 from Dlink and the Apple Airport Extreme and Time Capsule. We have had a pretty good experience with these models thus far. John = John Jason Brzozowski Comcast Cable e) mailto:john_brzozow...@cable.comcast.com o) 609-377-6594 m) 484-962-0060 w) http://www.comcast6.net = On 6/8/11 9:07 AM, TJ trej...@gmail.com wrote: Just FWIW: US, Amazon, Dlink, DIR615, $35.45 ... /TJ On Wed, Jun 8, 2011 at 08:46, Mark Andrews ma...@isc.org wrote: In message b7872a58-de28-4cc2-8929-931fd3ce0...@delong.com, Owen DeLong write s: On Jun 7, 2011, at 9:15 PM, Mark Andrews wrote: =20 In message = AF24AE2D4A4D334FB9B667985E2AE763A3AC06@mail1-sea.office.spectrumnet .us, John van Oppen writes: I was wondering the same thing... we have v6 enabled to about 700 = users i=3D n our native Ethernet to the home deployment here in Seattle.= Unfortunat=3D ely, user routers don't seem to often support v6 resulting in only = about 2-=3D 8% of users in most buildings using it, and most of those are just = people p=3D lugged directly into the wall jacks we provide without routers. I = wonder =3D how long it will take for everyone to upgrade their home routers. =20 John =20 If all the home CPE router vendors stopped shipping IPv4 only boxes, not that long. At the moment the price point for IPv6 CPE routers is still 2-3x the IPv4 only boxes when you can find one though not all of that difference is IPv6. The IPv6 boxes often have multiple radio and other extras. This shows that CPE vendors still see IPv6 as something *extra* and not something that should be *standard*. =20 The D-Link DIR series v6 capables are not actually more than about a 10% premium over the corresponding ipv4-only competition. I see them in computer stores fairly regularly these days. Owen Wireless G Modem Router $79.00 v4 G N-150 $79.95 v4 G DIR-615 $129.00 v4/v6 G/N DIR-815 $199.95 v4/v6 G/N The IPv6 price point is still well above the IPv4 only price point. 1.00AUD = 1.06USD -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
RE: Yup; the Internet is screwed up. - WISPs
You might contact SkyBeam out of Denver. They have been buying up most of the independent WISPs in my area. They seem to be expanding at a rapid rate. They currently rent my tower for one of their nodes. You might also look for a WISP mailing list to post the question on. I do not know what the most active one is currently. The WISP owners are always getting mad at each other and changing what list they subscribe to. Kenneth M. Chipps Ph.D. -Original Message- From: Christopher J. Pilkington [mailto:c...@0x1.net] Sent: Sunday, June 12, 2011 12:05 PM To: Roy Cc: nanog@nanog.org Subject: Re: Yup; the Internet is screwed up. On Jun 11, 2011, at 7:07 PM, Roy wrote: On 6/11/2011 4:29 PM, Christopher Pilkington wrote: Options seem to be limited to HughesNet and dial for the moment, but things may change if I put a tower on the property. HughesNet seems to relax it's bandwidth cap between 2am and 7am, which is helpful, but still a great shift from what I'm used to at the current residence (15/2). No 3G cellphone service? 3G at this location is marginal at best (stand on a hill and hold the phone up above your head.) That said, are there 3G radios that permit external antennas or are well suited to being sealed up in a weatherproof box and being placed on a pole/tower? 3G would get us around the 200-300MiB/day issue, but I'm fairly certain I'll be dealing with similar monthly caps. I can really hope for a wISP nearby, but so far my research hasn't turned up anything. Is there some wISP marketplace/directory about? The final option would be to unofficially put hardware on the roof of my office 50km away with some high-gain antennas, but the path is marginally LOS, I think I might need a very large tower at either end. -cjp
Re: Yup; the Internet is screwed up.
On Sun, Jun 12, 2011 at 11:04:46AM -0600, Christopher J. Pilkington wrote: On Jun 11, 2011, at 7:07 PM, Roy wrote: On 6/11/2011 4:29 PM, Christopher Pilkington wrote: Options seem to be limited to HughesNet and dial for the moment, but things may change if I put a tower on the property. HughesNet seems to relax it's bandwidth cap between 2am and 7am, which is helpful, but still a great shift from what I'm used to at the current residence (15/2). No 3G cellphone service? 3G at this location is marginal at best (stand on a hill and hold the phone up above your head.) That said, are there 3G radios that permit external antennas or are well suited to being sealed up in a weatherproof box and being placed on a pole/tower? The little USB stick I just retired in favour of tethering (Huawei U160(?); I can dig up the model number if it's important) has a tiny antenna connection port. I've seen people on the train with a small flat antenna hooked up to these sorts of devices; I'd assume that there are big-ass antennas that are much more efficient and more suitable for permanent mounting somewhere useful. - Matt
Re: IPv6 and DNS
On 6/12/2011 11:44 AM, Matthew Palmer wrote: I don't believe we were talking about DHCPv6, we were talking about SLAAC. And I *still* think it's a better idea for the client to be registering itself in DNS; the host knows what domain(s) it should be part of, and hence which names refer to itself and should be updated with it's new address. Register with what/which DNS? If no DHCPv6 no DNS information has been acquired, so you're doing the magical anycast/multicast. Not a fan of self-registration, in IPv4 we have DHCP register the DDNS update; after all, it just handed out an address for a zone/domain that *it* knows for certain. The host knows what domains it should be part of ?? Perhaps a server or a fixed desktop, but otherwise (unless you're a big fan of ActiveDirectory anywhere) the domain is relative to the environment you just inherited. Letting any host register itself in my domain from any address/location is scary as heck :) Jeff
RE: Yup; the Internet is screwed up.
Good point. That is exactly how I got into the business. I had to have a T1 line run to the house to get enough bandwidth. At 425.33 a month, I decided to have some of my students setup a WISP at my place so the neighbors would pay for the data line instead of me. For equipment and software look at Mikrotik. Another option is the T1. If you can get an analog line, you should be able to get an ISDN or T1 line as these are typically tariffed services. -Original Message- From: Mark Radabaugh [mailto:m...@amplex.net] Sent: Sunday, June 12, 2011 12:22 PM To: Christopher J. Pilkington; nanog@nanog.org Subject: Re: Yup; the Internet is screwed up. On 6/12/11 1:04 PM, Christopher J. Pilkington wrote: On Jun 11, 2011, at 7:07 PM, Roy wrote: On 6/11/2011 4:29 PM, Christopher Pilkington wrote: Options seem to be limited to HughesNet and dial for the moment, but things may change if I put a tower on the property. HughesNet seems to relax it's bandwidth cap between 2am and 7am, which is helpful, but still a great shift from what I'm used to at the current residence (15/2). No 3G cellphone service? 3G at this location is marginal at best (stand on a hill and hold the phone up above your head.) That said, are there 3G radios that permit external antennas or are well suited to being sealed up in a weatherproof box and being placed on a pole/tower? 3G would get us around the 200-300MiB/day issue, but I'm fairly certain I'll be dealing with similar monthly caps. I can really hope for a wISP nearby, but so far my research hasn't turned up anything. Is there some wISP marketplace/directory about? The final option would be to unofficially put hardware on the roof of my office 50km away with some high-gain antennas, but the path is marginally LOS, I think I might need a very large tower at either end. -cjp www.wispa.org is probably the largest organization.Every state in the US has a broadband mapping project that should be able to tell you who is in the area and what options you have (assuming that you are in the US which might not be true). If there are no other providers around (or they don't do a good job) it's not that hard to build your own. It doesn't take a very large population density to make a viable business. Just don't try to build a wISP with 802.11x equipment. A properly built wISP network competes quite well with HFC networks in speed and reliability. The technology is evolving quickly with capacity and reliability making significant gains. -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015
Re: Yup; the Internet is screwed up.
On June 11, 2011 at 20:53 jle...@lewis.org (Jon Lewis) wrote: Have you heard the joke...ISDN = I Still Don't kNow? For whatever reason, BRI service is something the US telcos apparently never really wanted to sell...perhaps because it might have cut into their T1 business. FWIW, ISDN is pretty old, standardized in 1988 but worked on for years before that. The BIG VISION of the telcos was that ISDN would carry the whole stack, particularly services like (business) e-mail. If you're really old you remember MCI Mail which was like 20c/message. They never seriously considered a public internet like we got when architecting ISDN. Consequently the whole thing was just too expensive to deliver as a last-mile connectivity-only product. They needed revenue from the rest of the stack to make it profitable. That said, ISDN was very cool in that it was switched which meant you dialed something, a lot like a POTS number. It was usually an actual POTS telephone number with some more digits but whatever. But it could establish a connection in about 50msec which meant you could be dropped, say for idle, hit a key and it'd redial and you'd never notice you were dropped. Try that with POTS dial-up! You could pretty much be dropped and redialed between keystrokes and never much notice. More importantly it meant you could have more than one ISDN ISP, like dial-up (or voice for that matter) just dial a different number. There was discussion, people like Sen Ed Markey of MA was interested (ca 1992?), in trying to get the phone companies to embrace first ISDN (they were reluctant, I had it at home but you really had to know how to order it etc) and then some sort of next generation ISDN which would be faster, maybe 10x, and so on. The attraction of DSL was, among other things, that it was nailed down to one and only one service provider, you couldn't just dial some other provider like with ISDN. This was a very important fork in the history of last-mile services, when we went from mostly switched (dial-up, maybe ISDN) to nailed-up single vendor solutions. I'd love to see some sort of switched last-mile services again, introduce some competition into the system, tho most likely it'd be (more) virtual over some low-level broadband service. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: The stupidity of trying to fix DHCPv6
On 12 jun 2011, at 15:45, Leo Bicknell wrote: Like I said before, that would pollute the network with many multicasts which can seriously degrade wifi performance. Huh? This is no worse than IPv4 where a host comes up and sends a subnet-broadcast to get DHCP. The IPv4 host does this once and gets its lease. If there is no DHCPv6 server then DHCPv6 clients would keep broadcasting forever. Not a good thing.
RE: Yup; the Internet is screwed up.
Sure its old and slow, but it is or at least was readily available to use poor country folk that cannot get DSL and so forth. The failback positions when all else is unavailable is analog, ISDN, or T1 from a landline, satellite or a WISP through the air with cellular data becoming more of an option. When I called ATT to order the ISDN line years ago, their answer was - Huh, What, Do we sell that. -Original Message- From: Barry Shein [mailto:b...@world.std.com] Sent: Sunday, June 12, 2011 1:03 PM To: Jon Lewis Cc: NANOG list Subject: Re: Yup; the Internet is screwed up. On June 11, 2011 at 20:53 jle...@lewis.org (Jon Lewis) wrote: Have you heard the joke...ISDN = I Still Don't kNow? For whatever reason, BRI service is something the US telcos apparently never really wanted to sell...perhaps because it might have cut into their T1 business. FWIW, ISDN is pretty old, standardized in 1988 but worked on for years before that. The BIG VISION of the telcos was that ISDN would carry the whole stack, particularly services like (business) e-mail. If you're really old you remember MCI Mail which was like 20c/message. They never seriously considered a public internet like we got when architecting ISDN. Consequently the whole thing was just too expensive to deliver as a last-mile connectivity-only product. They needed revenue from the rest of the stack to make it profitable. That said, ISDN was very cool in that it was switched which meant you dialed something, a lot like a POTS number. It was usually an actual POTS telephone number with some more digits but whatever. But it could establish a connection in about 50msec which meant you could be dropped, say for idle, hit a key and it'd redial and you'd never notice you were dropped. Try that with POTS dial-up! You could pretty much be dropped and redialed between keystrokes and never much notice. More importantly it meant you could have more than one ISDN ISP, like dial-up (or voice for that matter) just dial a different number. There was discussion, people like Sen Ed Markey of MA was interested (ca 1992?), in trying to get the phone companies to embrace first ISDN (they were reluctant, I had it at home but you really had to know how to order it etc) and then some sort of next generation ISDN which would be faster, maybe 10x, and so on. The attraction of DSL was, among other things, that it was nailed down to one and only one service provider, you couldn't just dial some other provider like with ISDN. This was a very important fork in the history of last-mile services, when we went from mostly switched (dial-up, maybe ISDN) to nailed-up single vendor solutions. I'd love to see some sort of switched last-mile services again, introduce some competition into the system, tho most likely it'd be (more) virtual over some low-level broadband service. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Yup; the Internet is screwed up.
When I had mine years ago I was lucky that ISDN in FL was unmetered which was no the case in other locales. However it took forever to get it installed and working correctly. Bell South had to change out pairs and get a tech from 200 miles away to get it installed right. Today, the central office in my town doesn't even support ISDN any more. As for cellular data being an option I don't think so give the increasing data caps and extra fees for overage (which is probably why the cloud might have big issues for mobile users) I never liked cable as around here it slows down very noticeably when the kids get off school and they don't like giving out fixed IPs unless you get a business account. ATTuniverse has its own issues and became only available around here last year. Its the only DSL option. So I use WISP even at home just south of the space center. Tom On Jun 12, 2011, at 2:20 PM, Kenneth M. Chipps Ph.D. wrote: Sure its old and slow, but it is or at least was readily available to use poor country folk that cannot get DSL and so forth. The failback positions when all else is unavailable is analog, ISDN, or T1 from a landline, satellite or a WISP through the air with cellular data becoming more of an option. When I called ATT to order the ISDN line years ago, their answer was - Huh, What, Do we sell that. -Original Message- From: Barry Shein [mailto:b...@world.std.com] Sent: Sunday, June 12, 2011 1:03 PM To: Jon Lewis Cc: NANOG list Subject: Re: Yup; the Internet is screwed up. On June 11, 2011 at 20:53 jle...@lewis.org (Jon Lewis) wrote: Have you heard the joke...ISDN = I Still Don't kNow? For whatever reason, BRI service is something the US telcos apparently never really wanted to sell...perhaps because it might have cut into their T1 business. FWIW, ISDN is pretty old, standardized in 1988 but worked on for years before that. The BIG VISION of the telcos was that ISDN would carry the whole stack, particularly services like (business) e-mail. If you're really old you remember MCI Mail which was like 20c/message. They never seriously considered a public internet like we got when architecting ISDN. Consequently the whole thing was just too expensive to deliver as a last-mile connectivity-only product. They needed revenue from the rest of the stack to make it profitable. That said, ISDN was very cool in that it was switched which meant you dialed something, a lot like a POTS number. It was usually an actual POTS telephone number with some more digits but whatever. But it could establish a connection in about 50msec which meant you could be dropped, say for idle, hit a key and it'd redial and you'd never notice you were dropped. Try that with POTS dial-up! You could pretty much be dropped and redialed between keystrokes and never much notice. More importantly it meant you could have more than one ISDN ISP, like dial-up (or voice for that matter) just dial a different number. There was discussion, people like Sen Ed Markey of MA was interested (ca 1992?), in trying to get the phone companies to embrace first ISDN (they were reluctant, I had it at home but you really had to know how to order it etc) and then some sort of next generation ISDN which would be faster, maybe 10x, and so on. The attraction of DSL was, among other things, that it was nailed down to one and only one service provider, you couldn't just dial some other provider like with ISDN. This was a very important fork in the history of last-mile services, when we went from mostly switched (dial-up, maybe ISDN) to nailed-up single vendor solutions. I'd love to see some sort of switched last-mile services again, introduce some competition into the system, tho most likely it'd be (more) virtual over some low-level broadband service. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Question about migrating to IPv6 with multiple upstreams.
Prefix translation looks to be exactly what we need to do here. Thanks for all of the replies. -Randy On Jun 12, 2011, at 2:42, Seth Mos seth@dds.nl wrote: Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven: I have an interesting situation at a business that I am working on. We currently have the office set up with redundant connections for their mission critical servers and such, and also have a (cheap) cable modem for general browsing on client machines. So basically policy routing? The interesting part is that the client machines need to access some customer networks via the main redundant network, so we have a firewall set up to route those connections via the redundant connections, and everything else via the cheaper, faster cable modem. NAT is used on both outbound connections. Yep that sounds like policy routing. With IPv6, we are having some trouble coming up with a way to do this. Since there is no NAT, does anyone have any ideas as to how this could be accomplished? Sure there is NAT, you can use prefix translation to translate your Global Address Range from the redundant ISP to the Cable ISP Global address range when leaving that interface. I've run a similar setup with 3 independent ISPs with IPv6 netblocks. Whichever connection the traffic went out it got the right GUA mapped onto it. Note that this is 1:1 NAT and not N:1. In my case there was no primary GUA range, I used a ULA on the LAN side of things, and mapped the corresponding GUA onto it when leaving the network. I had 3 rules, 1 for each WAN and mapped the ULA/56 to the GUA/56. In your case you already have a primary connection of sorts, so I'd suggest using that on the LAN side and only map the other GUA onto it when it leaves the other interfaces. The policy routing rules on your firewall can make all the routing decissions for you. If you search google for IPv6 network prefix translation there will be a firewall listed that can do this somewhere in the middle of the page. Cheers, Seth
ip 6 questions
Hi Our company will prepare ipv6. I have the following questions We will apply ipv6 from ARIN and try to use it in hosting business 1/ Can we use it in our current AS which is using ipv4? If not. Do we have to apply new AS? 2/ Can arin not allow us to apply ipv4 for the future after we apply ipv6? 3/ Any advices to do ipv6 in hosting business Thank you for your help
Re: Yup; the Internet is screwed up.
On 6/10/2011 7:04 AM, Scott Brim wrote: The Internet is now more important than electricity or water -- This being a silly Sunday, I'm rolling that around on my tongue and savoring it a bit. While the image of a desiccated user, still typing away, is appealing -- but possibly not all that remarkable, given recent reports of Internet addiction -- what's especially tasty is the idea of having an Internet connection that works without electricity... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: Yup; the Internet is screwed up.
Once upon a time, Barry Shein b...@world.std.com said: The attraction of DSL was, among other things, that it was nailed down to one and only one service provider, you couldn't just dial some other provider like with ISDN. When BellSouth switched their DSL from PVC-per-customer to PPPoE, it was set up with the ability for a single line to be subscribed to multiple providers. The domain in the username used for PPPoE authentication was to determine to which provider the session was connected. I don't know if that capability was ever used (or even actually available). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
On Sun, Jun 12, 2011 at 01:16, Jeroen van Aart jer...@mompl.net wrote: Randy Bush wrote: some of us try to get work done from home. and anyone who has worked and/or lived in a first world country thinks american 'broadband' speeds are a joke, even for a home network. I understand, but I was referring to the average home internet connection. But even for work 100Mbps seems a bit overkill for most purposes. Whole offices work fine with a mere bonded T1 at 10Mbps. Admitted it's symmetrical and is more stable. But regarding speed it's quite a bit slower than the mentioned 100Mbps home internet. I need 100Mbs at home because I want to see a streamed movie NOW, not in a month because someone considers broadband a luxury :) Pretty simple usage scenario I might say.
Re: Yup; the Internet is screwed up.
Once upon a time, Eugeniu Patrascu eu...@imacandi.net said: I need 100Mbs at home because I want to see a streamed movie NOW, not in a month because someone considers broadband a luxury :) Pretty simple usage scenario I might say. The top profile for Blu-Ray is 36 megabits per second, and that is not used on most titles. Over-the-air HDTV is 19 megabits or less. Cable HD channels are often only 12-15 megabits per second. OTA and cable HD is typically MPEG2, and MPEG4 can reach similar quality in half the bandwidth, which means TV quality HD can be 6-10 megabits per second. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
When BellSouth switched their DSL from PVC-per-customer to PPPoE I remember having to compress the config due to static pvc config on many of 7204/6 kit, the switch made it much more intuitive to manage. -- m On Sun, Jun 12, 2011 at 2:31 PM, Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Barry Shein b...@world.std.com said: The attraction of DSL was, among other things, that it was nailed down to one and only one service provider, you couldn't just dial some other provider like with ISDN. When BellSouth switched their DSL from PVC-per-customer to PPPoE, it was set up with the ability for a single line to be subscribed to multiple providers. The domain in the username used for PPPoE authentication was to determine to which provider the session was connected. I don't know if that capability was ever used (or even actually available). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: The stupidity of trying to fix DHCPv6
On 6/12/2011 4:01 AM, Iljitsch van Beijnum wrote: IPv6 address configuration is a house of cards. Touch it and it all comes crashing down. DHCPv6 has a number of significant flaws, and the interaction between DHCPv6 and router advertisements only barely makes sense. Well, at least you're being honest here. :) -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Re: Yup; the Internet is screwed up.
- Original Message - From: Chris Adams cmad...@hiwaay.net The top profile for Blu-Ray is 36 megabits per second, and that is not used on most titles. Over-the-air HDTV is 19 megabits or less. Cable HD channels are often only 12-15 megabits per second. Chris glances off, but doesn't quite say, that cable providers are prone to *reencode* OTA HDTV, leaving cable subscribers with a worse -- sometimes a *substantially* worse -- picture than they'd get from an OTA antenna. Bandwidth surfing is rarely so end-user visible. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: ip 6 questions
On Sun, 2011-06-12 at 14:46 -0400, Deric Kwok wrote: We will apply ipv6 from ARIN and try to use it in hosting business 1/ Can we use it in our current AS which is using ipv4? If not. Do we have to apply new AS? No, you can route IPv6 IPv4 from the same ASN. 2/ Can arin not allow us to apply ipv4 for the future after we apply ipv6? If you need IPv4, apply for it. You might have a *better* chance if you already have a plan to implement IPv6, than if you have not considered it. 3/ Any advices to do ipv6 in hosting business Software. Plesk barely has IPv6 support (10.2) and I'm yet to hear about it from CPanel. Furthermore connection tracking in RHEL/CentOS 5 is totally broken for IPv6 if you're using it for IPv4 also... But mostly: you just have to dive in and see what works/what doesn't. Just don't test it on your live servers! Tom
Re: ip 6 questions
On 12 jun 2011, at 20:46, Deric Kwok wrote: 1/ Can we use it in our current AS which is using ipv4? Yes. 2/ Can arin not allow us to apply ipv4 for the future after we apply ipv6? They're going to do that anyway once they run out, but it's not like you have v6 so you don't need more v4. 3/ Any advices to do ipv6 in hosting business Read a good book. :-) There's also tons of informatin out there on the web and in meetings. For hosting you really want to think about how to set up your VLANs. Each customer in their own VLAN is ideal but not always possible, mostly depending on how IPv4 is set up.
Re: Yup; the Internet is screwed up.
Once upon a time, Jay Ashworth j...@baylink.com said: - Original Message - From: Chris Adams cmad...@hiwaay.net The top profile for Blu-Ray is 36 megabits per second, and that is not used on most titles. Over-the-air HDTV is 19 megabits or less. Cable HD channels are often only 12-15 megabits per second. Chris glances off, but doesn't quite say, that cable providers are prone to *reencode* OTA HDTV, leaving cable subscribers with a worse -- sometimes a *substantially* worse -- picture than they'd get from an OTA antenna. Well, the OTA providers are doing it to the network feeds first, so I don't see focusing on the cable providers doing it to the OTA providers as the sole source of quality issues. The OTA providers also reencode to add bugs, weather/breaking news crawls, etc., and they don't always do a good job of that before feeding the signal to the statmuxer. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
dcroc...@bbiw.net wrote: While the image of a desiccated user, still typing away, is appealing -- but possibly not all that remarkable, given recent reports of Internet addiction -- what's especially tasty is the idea of having an Internet connection that works without electricity... About as useful as a phone that works without electricity. Oh, thats different, nevermind. d/ --Johnny
Re: The stupidity of trying to fix DHCPv6
Op 12 jun 2011, om 12:05 heeft Daniel Roesen het volgende geschreven: VRRP communications itself is via link-local addresses. There is a requirement to have a link-local virtual address as well, but there might be many more, e.g. global scope. In FreeBSD with pfSense I use CARP with a v6 addresses which are GUA, the isp routes my /48 to the GUA address, failover time when rebooting firewalls is in the order of seconds. I see no missed http requests and no existing requests drop. The servers behind it are also configured to use the LAN side GUA CARP ipv6 address as the default gateway. pfsync makes sure that traffic state is being kept. Otherwise a whole lot of IPv6 VRRP setups won't be working here. :) We use global scope addresses as VRRP virtual router addresses. Indeed, same here. We have a open ticket iirc to patch our radvd daemon to also announce properly when active on a v6 CARP Address. It's that or being able to manually sending a GUA address as being the gateway. Wait, that sounds suspicously like trying to send a gateway bit by way of DHCP. Luckily servers are statically configured. But now comes the deal that I want all my client nodes on the corporate lan to also use the GUA address (which has stateful failover) for the gateway instead of the link local address of one of my CARP cluster nodes. Other options include crafting a link local address for the CARP address and make sure that radvd uses that. The backup carp node won't hear anything or be heard when the address has BACKUP status. It's on the todo list. Regards, Seth
Re: IPv6 and DNS
On Mon, 2011-06-13 at 01:44 +1000, Matthew Palmer wrote: And I *still* think it's a better idea for the client to be registering itself in DNS; the host knows what domain(s) it should be part of, and hence which names refer to itself and should be updated with it's new address. Having tried that, we ended up doing it via DHCP (v4 at the time). We only had probably 15-20K hosts trying to register their names, but the results were sobering. At a rough estimate, one in a hundred was properly configured. We saw obscenities, random strings, thousand-byte names, empty names, invalid names, names with a hundred labels, my name is Andrew - you name it, it came and tried to register itself. And then there were the clients. Clients that tried as fast as they could to register their name dozens of times per second, clients that tried to register many names, clients that registered and then immediately deregistered their names, clients that never deregistered their names at all, clients that tried to register important names like www.ourdomain, clients that had completely broken protocol support... Our logs were filling at thousands of lines per second. So we moved the job to the DHCP server, and most of the problems went away. The server got the desired name from the client, could check it for some level of sanity and could register it properly. The server could also deregister the names when the clients went away, or at least at the end of the lease period. Most hosts *did* speak the DHCP protocol adequately well. Instead of having to allow open slather, we could allow just two hosts to make TSIG-protected updates. The logs became useful again. So although YMMV, I can highly recommend letting your DHCP servers do DDNS instead of letting the clients do it themselves. No doubt it depends on a multitude of factors, not least being whether you actually use DHCP, but in general, it worked a LOT better for us. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 signature.asc Description: This is a digitally signed message part
Re: The stupidity of trying to fix DHCPv6
On Sun, Jun 12, 2011 at 08:12:02PM +0200, Iljitsch van Beijnum wrote: On 12 jun 2011, at 15:45, Leo Bicknell wrote: Like I said before, that would pollute the network with many multicasts which can seriously degrade wifi performance. Huh? This is no worse than IPv4 where a host comes up and sends a subnet-broadcast to get DHCP. The IPv4 host does this once and gets its lease. If there is no DHCPv6 server then DHCPv6 clients would keep broadcasting forever. Not a good thing. You're not working from comparable situations. An IPv4 network without a DHCP server will probably have lots of IPv4 hosts banging out broadcast packets constantly as well. - Matt -- A committee is a cul-de-sac down which ideas are lured and then quietly strangled. -- Sir Barnett Cocks (1907-1989) (QOTD 20 Feb 2003)
Re: IPv6 and DNS
On Sun, Jun 12, 2011 at 01:46:20PM -0400, Jeff Kell wrote: On 6/12/2011 11:44 AM, Matthew Palmer wrote: I don't believe we were talking about DHCPv6, we were talking about SLAAC. And I *still* think it's a better idea for the client to be registering itself in DNS; the host knows what domain(s) it should be part of, and hence which names refer to itself and should be updated with it's new address. Register with what/which DNS? If no DHCPv6 no DNS information has been acquired, so you're doing the magical anycast/multicast. RFC6106, or local recursive resolver. Also, recursive resolution is not the same as DDNS registration with an authoritative server. Not a fan of self-registration, in IPv4 we have DHCP register the DDNS update; after all, it just handed out an address for a zone/domain that *it* knows for certain. No, it handed out *an* *address*. Assuming that everything that wants an address also wants the whole shebang is a whole other issue. The host knows what domains it should be part of ?? Perhaps a server or a fixed desktop, but otherwise (unless you're a big fan of ActiveDirectory anywhere) the domain is relative to the environment you just inherited. No it isn't. If I want someone to talk to my laptop, and I happen to be roadwarrioring at a client site, do I want to say hey, just hit floozy.hezmatt.org, or do I want to have to ask someone what domain will my laptop be registered as? and then work it out from there? Letting any host register itself in my domain from any address/location is scary as heck :) So don't do that, then. Only let hosts that you want to have in your domain register whatever their current address is. - Matt -- A polar bear is a rectangular bear after a coordinate transform.
Re: IPv6 and DNS
On Mon, Jun 13, 2011 at 09:56:59AM +1000, Karl Auer wrote: On Mon, 2011-06-13 at 01:44 +1000, Matthew Palmer wrote: And I *still* think it's a better idea for the client to be registering itself in DNS; the host knows what domain(s) it should be part of, and hence which names refer to itself and should be updated with it's new address. Having tried that, we ended up doing it via DHCP (v4 at the time). We only had probably 15-20K hosts trying to register their names, but the results were sobering. At a rough estimate, one in a hundred was properly configured. We saw obscenities, random strings, thousand-byte names, empty names, invalid names, names with a hundred labels, my name is Andrew - you name it, it came and tried to register itself. Why were you letting such ill-configured clients register themselves in your DNS? And then there were the clients. Clients that tried as fast as they could to register their name dozens of times per second, clients that tried to register many names, clients that registered and then immediately deregistered their names, clients that never deregistered their names at all, clients that tried to register important names like www.ourdomain, clients that had completely broken protocol support... Ibid. So we moved the job to the DHCP server, and most of the problems went away. The server got the desired name from the client, could check it for some level of sanity and could register it properly. The server could also deregister the names when the clients went away, or at least at the end of the lease period. Most hosts *did* speak the DHCP protocol adequately well. Instead of having to allow open slather, we could allow just two hosts to make TSIG-protected updates. The logs became useful again. But if I come to roadwarrior in your network, I'd have to allow updates from your DHCP server, and your DHCP server would have to be sending those updates. Similarly, if your clients go roadwarrioring elsewhere, the same (or, rather, inverse) configuration would have to be done there. So although YMMV, I can highly recommend letting your DHCP servers do DDNS instead of letting the clients do it themselves. No doubt it depends on a multitude of factors, not least being whether you actually use DHCP, but in general, it worked a LOT better for us. If you've just got a single-location, never-goes-anywhere network and client list, sure you can just get the DHCP server to do the registration. But if you've got that setup, DDNS isn't needed at all -- your set of hosts, addresses, and names is fixed sufficiently that you can just statically allocate everything. - Matt
Re: The stupidity of trying to fix DHCPv6
In a message written on Sun, Jun 12, 2011 at 08:12:02PM +0200, Iljitsch van Beijnum wrote: The IPv4 host does this once and gets its lease. If there is no DHCPv6 server then DHCPv6 clients would keep broadcasting forever. Not a good thing. DHCP today uses an exponential backoff if there is no response, I don't see why that can't be kept in IPv6. Plus I wonder how long users would keep on machines that get no useable network connectivity. I really think the number of broadcast packets is a total non-issue. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpfIuE4NcuY4.pgp Description: PGP signature
Re: The stupidity of trying to fix DHCPv6
On Sun, Jun 12, 2011 at 8:29 PM, Leo Bicknell bickn...@ufp.org wrote: DHCP today uses an exponential backoff if there is no response, I don't see why that can't be kept in IPv6. Plus I wonder how long users would keep on machines that get no useable network connectivity. I really think the number of broadcast packets is a total non-issue. Rather than deem it a non-issue; I would say The impact of broadcast packets depends on the network they are transmitted over. If you have a Layer 2 domain with 5 hosts on it; the number of per-host broadcast packets will be much more important than if you have a broadcast domain with 1000 hosts. This could have been (but was unfortunately not) mitigated in the v6 specs by adding options to DHCPv4 to configure IPv6 address and gateway at the same time IPv4 configuration is received, in lieu of using v6 based protocols for config; Requiring configuration to be grabbed _two_ times per host is inefficient -- ONE DHCP discovery for every host on the LAN (either RA+DHCPv6 or DHCPv4) would be more efficient. If v6 hosts are dual stack, and v4 information is already pulled from DHCP how much sense does it really make to need a second discovery process to find a v6 server to config the host, particularly when there exists possibility of conflicting options; DHCP can config some non-interface-specific things such as time zone, hostname, etc. There is a potential for greater issues on networks where the number of broadcasts may not have been an issue for IPv4;the IPv6 broadcast messages have a larger payload, because there are 96 more bits in an IPv6 address than an IPv4 address. The broadcasts for configuring IPv6 are incurred _on top_ of the broadcasts already existing for IPv4 on a dual stack network, since IPv6 hosts still have to config IPv4 simultaneously. -- -JH
Actual IPv6 test day issue
So I found out I had an actual end-user issue related to IPv6 test day. My mother couldn't get to our webmail with her BN Nook Color (based on Android 2.3). I went over and couldn't connect with my T-Mobile G2 (Android 2.2) either. Their connection is via DSL and does not have IPv6 configured, but they do have a D-Link DIR-825 wireless router (just running as a wireless bridge with DHCP disabled). The DIR-825 was running an older code, 2.02NA, which was IPv6 ready; it had router advertisements enabled (there was no config option to disable them). The problem was that while HTTP would work on Android, HTTPS would not (you'd just get the standard page not available error). It appears that there is a bug in Android that keeps it from falling back to IPv4 for HTTPS connections. I don't know if that's somebody's idea of an extra level of security or what. I upgraded the DIR-825 to 2.05NA, which doesn't have RA always enabled, and everything works now (on IPv4 only). I haven't had a chance to set up a more detailed test; I just figured I'd throw it out there to see if anybody else saw such. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Anyone from Charter on here?
Howdy, Would someone with network clue at Charter hit me up offlist? Need some assistance and I can't get past your wonderful support personnel. Thanks! Mike