[Nanog-futures] Possible word error in section 18.1 Liability
I'm not a lawyer, but in section 18.1: (a) beach of the director’s or officer’s duty of loyalty to NANOG; I believe that is meant to say (a) breach of the Cheers, Jack Hamm ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
[NANOG-announce] Proposed NANOG bylaws amendments
Please review and comment on the proposed amendments to the NANOG bylaws at: https://sites.google.com/a/newnog.org/bylaws-2012/ It has become apparent that cleaning up and simplifying our bylaws will be a long-term project, more than can be accomplished in a single election cycle. These proposed amendments are intended as the first in a series to accomplish those goals, to fix a few outstanding issues and to provide a framework for future improvement. Please direct discussion to the memb...@nanog.org or nanog-futu...@nanog.org list as appropriate. The board will be voting on final ballot language early in October based on these recommendations and your input. Note that there is also a procedure for members to directly place amendments ballot by petition, as described in section 14 of the bylaws. Thanks, Steve ___ NANOG-announce mailing list nanog-annou...@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 18, 2012, at 21:11 , Mike Hale eyeronic.des...@gmail.com wrote: this is the arin vigilante cultural view of the world. luckily, the disease does not propagate sufficiently to cross oceans. I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? Many of them _ARE_ using them, just not using them directly on the public internet. There is nothing wrong with that. As others have said... !announced != !used. Owen On Tue, Sep 18, 2012 at 8:27 PM, Randy Bush ra...@psg.com wrote: When IPv4 exhaustion pain reaches a sufficiently high level of pain; there is a significant chance people who will be convinced that any use of IPv4 which does not involve announcing and routing the address space on the internet is a Non-Use of IPv4 addresses, and that that particular point of view will prevail over the concept and convenience of being allowed to maintain unique registration for non-connected usage. And perception that those addresses are up for grabs, either for using on RFC1918 networks for NAT, or for insisting that internet registry allocations be recalled and those resources put towards use by connected networks.. If you do have such an unconnected network, it may be prudent to have a connected network as well, and announce all your space anyways (just not route the addresses) this is the arin vigilante cultural view of the world. luckily, the disease does not propagate sufficiently to cross oceans. randy -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: The Department of Work and Pensions, UK has an entire /8
On Tue, 18 Sep 2012, Owen DeLong wrote: On Sep 18, 2012, at 21:11 , Mike Hale eyeronic.des...@gmail.com wrote: this is the arin vigilante cultural view of the world. luckily, the disease does not propagate sufficiently to cross oceans. I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? Many of them _ARE_ using them, just not using them directly on the public internet. There is nothing wrong with that. As others have said... !announced != !used. Is they are not using them directly on the public internet, then there's no reason we can't use them. Problem solved! -Dan
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 18, 2012, at 11:40 PM, goe...@anime.net wrote: Is they are not using them directly on the public internet, then there's no reason we can't use them. Problem solved! Dude, seriously. Just because they aren't in *YOUR* routing table doesn't mean that they aren't in hundreds of other routing tables. Look, more than half of Milnet isn't publicly advertised on the Internet. This doesn't mean that it's okay to advertise Milnet routes to locations which might be closer to you (bgp-wise) than the actual owners of the addresses. You are totally missing the point of unique assignment. This is like claiming that we should reuse the phone numbers of people who block their number when they call you. Yes, really, it makes just as much sense. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
Re: The Department of Work and Pensions, UK has an entire /8
In message pine.lnx.4.64.1209182339200.5...@sasami.anime.net, goe...@anime.ne t writes: On Tue, 18 Sep 2012, Owen DeLong wrote: On Sep 18, 2012, at 21:11 , Mike Hale eyeronic.des...@gmail.com wrote: this is the arin vigilante cultural view of the world. luckily, the disease does not propagate sufficiently to cross oceans. I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? Many of them _ARE_ using them, just not using them directly on the public internet. There is nothing wrong with that. As others have said... !announced != !used. Is they are not using them directly on the public internet, then there's no reason we can't use them. Problem solved! -Dan !announced whole world != !announced. There is a simple rule. DO NOT USE ADDRESSES THAT YOU HAVE NOT BEEN ALLOCATED. Anything else has the potential to cause operational problems. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: The Department of Work and Pensions, UK has an entire /8
On Wed, 19 Sep 2012, Mark Andrews wrote: In message pine.lnx.4.64.1209182339200.5...@sasami.anime.net, goe...@anime.ne t writes: On Tue, 18 Sep 2012, Owen DeLong wrote: On Sep 18, 2012, at 21:11 , Mike Hale eyeronic.des...@gmail.com wrote: this is the arin vigilante cultural view of the world. luckily, the disease does not propagate sufficiently to cross oceans. I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? Many of them _ARE_ using them, just not using them directly on the public internet. There is nothing wrong with that. As others have said... !announced != !used. Is they are not using them directly on the public internet, then there's no reason we can't use them. Problem solved! !announced whole world != !announced. There is a simple rule. i guess my sarcasm was missed. DO NOT USE ADDRESSES THAT YOU HAVE NOT BEEN ALLOCATED. Anything else has the potential to cause operational problems. Tell that to the providers who keep routing hijacked blocks for spammers :) -Dan
Re: Big Temporary Networks
Op 18-9-2012 22:50, William Herrin schreef: On Tue, Sep 18, 2012 at 4:31 PM, Nick Hilliard n...@foobar.org wrote: On 18/09/2012 21:24, William Herrin wrote: IPv6 falls down compared to IPv4 on wifi networks when it responds to a router solicitation with a multicast (instead of unicast) router advertisement. You mean it has one extra potential failure mode in situations where radio retransmission doesn't deal with the packet loss - which will cause RA to retry. Fall down is a slight overstatement. Potayto, potahto. Like I said, I have no interest in defending IPv6. But I'm very interested in how to implement an IPv6 network that's as or more reliable than the equivalent IPv4 network. That makes me interested in the faults which get in the way. Regards, Bill Herrin Yes, radvd has a configuration option to send unicast packets. But I think the effects are slightly overstated. Unless someone fudged the lifetime counters on the ra config nobody will ever notice a RA getting lost. Once every few seconds a RA message will be sent and it will be valid for atleast a couple of minutes. Within that time there will be multiple RA announcements, and unless you missed 5 minutes of RA advertisements everything is fine. And if you do miss 5 minutes of RA multicast traffic, really, you have bigger problems. I see network stacks springing to life in the space of 3 seconds on the 1st message I send out. That's pretty stellar, and faster then some clients perform the DHCPv4 request. Also note that some wifi networks eat DHCPv4 broadcasts too, which is pretty much the same deal as what you are referring to above. They will retry the DHCPv4 request, and so do client that perform router sollicitation requests. No different. And if the wifi network is so bad that you have icmp and udp dropping like mad, I doubt anybody would want to use it. You are more likely that they will disable wifi altogether and use 3g. The 2.4Ghz wifi band is so crowded now that this has become the effective standard. Unless you are a happy camper that actually has a wifi card that supports the 5Ghz band. Which is far too uncommon in phones and tablets. boo. Cheers, Seth
Re: Big Temporary Networks
William Herrin wrote: Unicast since its responding to a solicitation? RFC4861 states: A router MAY choose to unicast the response directly to the soliciting host's address (if the solicitation's source address is not the unspecified address), but the usual case is to multicast the response to the all-nodes group. Ah, okay. So the IPv6 router usually responds to router discovery with Don't ignore how is the implementations in the real world: : and a comment in rtadvd on the solicited advertisement: : : /* : * unicast advertisements : * XXX commented out. reason: though spec does not forbit it, unicast : * advert does not really help But correct me if I'm wrong: the router advertisement daemon could be altered to reply with unicast without changing the standard, right? See above. What do the radvd and rtadvd developers say about this when confronted with the 802.11 multicast problem? I reported the problem to IPv6 (or IPng?) WG more than 10 years ago (before rtadvd was developed) and Christian Huitema acknowledged that the problem does exist. Since then, nothing happened. Are there any Internet drafts active in the IETF to replace that MAY with a SHOULD, noting that replying with multicast can defeat layer 2 error recovery needed for the successful use of some layer 1 media? Didn't you say without changing the standard? What did I miss? Where does IPv6 take the bad turn that IPv4 avoided? You still miss DAD. DupAddrDetectTransmits should be 3, 5 or maybe 10 (depending on level of congestion), which means even more time is wasted. Worse, increasing DupAddrDetectTransmits increases level of congestion, which means congestion collapse occurs with use case senario of IEEE802.11ai. I have no interest in defending IPv6. We're network operators here. You just told us (and offered convincing reasoning) that when selecting a router vendor for use with an IPv6 wifi network, one of our evaluation check boxes should should be, Responds to ICMPv6 router solicitation with a unicast message? Yes or Fail. And when we provide the list of deficiencies to our vendor and wave the wad of cash around, one of them should be, Responds to ICMPv6 router solicitations with a multicast packet - unreliable in a wifi environment. That's strikes me as something valuable to know. Far more valuable than, Dood, IPv6 has problems on wifi networks. The only thing operators have to know about IPv6 is that IPv6, as is currently specified, is not operational. Then, let IETF bother. Masataka Ohta
Re: The Department of Work and Pensions, UK has an entire /8
eyeronic.des...@gmail.com (Mike Hale) wrote: You know what sucks worse than NAT? Memorizing an IPv6 address. ;) I agree. But we'll have to live with it until something better comes along. The assumption behind my original question is that the IP space simply isn't used anywhere near as efficiently as it could be. While reclaiming even a fraction of those /8s won't put off the eventual depletion, it'll make it slightly more painless over the next year or two. I don't see how this would help. We all - and the world - have known for at least three years when the allocatable IPv4 pool would/will run out. Have we done something (at large)? No. Instead, people are whimpering about others having v4 addresses they are obviously not using and couldn't we pull those and redistribute so everyone's happier. Honestly - you'd only push the current situation two months back. Now everybody start using v6 and quit whining. (Or like Randy said - get back to pushing packets) Elmar.
Re: Big Temporary Networks
Subject: Re: Big Temporary Networks Date: Tue, Sep 18, 2012 at 01:03:00PM -0700 Quoting Jo Rhett (jrh...@netconsonance.com): On Sep 13, 2012, at 7:29 AM, Jay Ashworth wrote: I'm talking to the people who will probably be, in 2015, running the first Worldcon I can practically drive to, in Orlando, at -- I think -- the Disney World Resort. I've told them how critical the issue is for this market; they, predictably, replied We look forward to your patch. :-} So I just want to point out that this is an utterly irrelevant topic. Worldcon is full to the brim with really smart people who can build good networks, but in every place large enough to host a Worldcon the owners of the building make money selling Internet access and don't want competition. The very best we've been able to do was create an Internet Lounge with good connectivity, and even that isn't acceptable at most locations. All the IETF and RIPE meetings I've been to have had excellent custom networks. How come? -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 How do you explain Wayne Newton's POWER over millions? It's th' MOUSTACHE ... Have you ever noticed th' way it radiates SINCERITY, HONESTY WARMTH? It's a MOUSTACHE you want to take HOME and introduce to NANCY SINATRA! signature.asc Description: Digital signature
Re: Big Temporary Networks
Seth Mos wrote: Yes, radvd has a configuration option to send unicast packets. But I think the effects are slightly overstated. A senario considered by IEEE11ai is that a very crowded train arrives at a station and all the smart phones of passengers try to connect to APs. Then, it is essential to reduce the number of control packet exchanges. Also note that some wifi networks eat DHCPv4 broadcasts too, As I already stated, DHCP discover/request from STA to AP is unicast. And if the wifi network is so bad that you have icmp and udp dropping I'm afraid you don't understand CSMA/CA at all. Masataka Ohta
Re: The Department of Work and Pensions, UK has an entire /8
On 19/09/12 08:04, goe...@anime.net wrote: On Wed, 19 Sep 2012, Mark Andrews wrote: In message pine.lnx.4.64.1209182339200.5...@sasami.anime.net, goe...@anime.ne t writes: On Tue, 18 Sep 2012, Owen DeLong wrote: On Sep 18, 2012, at 21:11 , Mike Hale eyeronic.des...@gmail.com wrote: this is the arin vigilante cultural view of the world. luckily, the disease does not propagate sufficiently to cross oceans. I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? Many of them _ARE_ using them, just not using them directly on the public internet. There is nothing wrong with that. As others have said... !announced != !used. Is they are not using them directly on the public internet, then there's no reason we can't use them. Problem solved! !announced whole world != !announced. There is a simple rule. i guess my sarcasm was missed. DO NOT USE ADDRESSES THAT YOU HAVE NOT BEEN ALLOCATED. Anything else has the potential to cause operational problems. Tell that to the providers who keep routing hijacked blocks for spammers :) -Dan On the other hand, the scarcity is of *globally unique routable* addresses. You can make a case that private use of (non-RFC1918) IPv4 resources is wasteful in itself at the moment. To be provocative, what on earth is their excuse for not using IPv6 internally? By definition, an internal network that isn't announced to the public Internet doesn't have to worry about happy eyeballs, broken carrier NAT, and the like because it doesn't have to be connected to them if it doesn't want to be. A lot of the transition issues are much less problematic if you're not on the public Internet. Perhaps the military have a lot of weird equipment that is IPv4 only - in fact it's a racing certainty - but DWP is a gigantic enterprise data processing organisation. They also have some big Web sites, but obviously those aren't on the private network. (If they had enough workstations to need the whole /8, we wouldn't need DWP as the unemployment problem would have been definitively solved:-))
Re: The Department of Work and Pensions, UK has an entire /8
So...why do you need publicly routable IP addresses if they aren't publicly routable? Because the RIRs aren't in the business of handing out publicly routable address space. They're in the business of handing out globally unique address space - *one* of the reasons for which may be connection to the public Internet, whatever that is at any given point in time and space. RIPE are really good about making the distinction and using the latter phrase rather than the former. I'm not familiar enough with the corresponding ARIN documents to comment on the language used there. Regards, Tim.
IMPLEMENTING A SOFTWARE BASED ROUTE SERVER
Hi, Hope you are all well. I work at an exchange point and was seeking any assistance on how to implement a software based route server as currently we are using a Cisco Router for that purpose. Any form of assistance will be highly appreciated. regards Muga
Re: IMPLEMENTING A SOFTWARE BASED ROUTE SERVER
On 2012-09-19 14:05 , Joseph M. Owino wrote: Hi, Hope you are all well. I work at an exchange point and was seeking any assistance on how to implement a software based route server as currently we are using a Cisco Router for that purpose. Any form of assistance will be highly appreciated. The IX's seem to be going from software based ones to Cisco's ;) See also amongst others: http://ripe60.ripe.net/presentations/Hilliard-euro-ix-quaggadev.pdf http://conference.apnic.net/__data/assets/pdf_file/0020/50771/osr_apnic34_1346132140.pdf http://www.uknof.org.uk/uknof22/Sanghani-Euro-IX.pdf http://www.uknof.org.uk/uknof13/Hughes-IXP_routeservers.pdf And recently on this very NANOG list: http://www.gossamer-threads.com/lists/nanog/users/155853 Greets, Jeroen
Re: IMPLEMENTING A SOFTWARE BASED ROUTE SERVER
Joseph M. Owino (jpmuga) writes: Hi, Hope you are all well. I work at an exchange point and was seeking any assistance on how to implement a software based route server as currently we are using a Cisco Router for that purpose. Any form of assistance will be highly appreciated. Hello Joseph, You could do this in a number of ways, running Quagga or BIRD (or even BGPD) on a Linux or BSD server. Quagga documentation even has a chapter on this: http://www.nongnu.org/quagga/docs/quagga.html#SEC115 I'm sure several people on this list have experience with this and will contribute. Also, it might be send this inquiry to the AfNOG list as well (afnog.org). Finally (plug) we have some resources that may be of interest to you here: https://nsrc.org/route-bgp-ixp.html Cheers, Phil
Re: The Department of Work and Pensions, UK has an entire /8
In a message written on Tue, Sep 18, 2012 at 09:11:50PM -0700, Mike Hale wrote: I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? While I personally think ARIN should do more to flush out addresses that are actually _not in use at all_, the danger here is very clear. Forcing the return of address space that is in use but not in the global default free routing table is making a value judgement about the use of that address space. Basically it is the community saying that using public address space for private, but possibly interconnected networks is not a worthy use of the space. For a few years the community tried to force name based virtual hosting on the hosting industry, rather than burning one IP address per host. That also was a value judegment that turned out to not be so practical, as people use more than plain HTTP in the hosting world. The sippery slope argument is where does this hunt for underutilized space stop? Disconnected networks are bad? Name based hosting is required? Carrier grade NAT is required for end user networks? More importantly are the RIR's set up to make these value judgements about the usage as they get more and more subjective? There's also a ROI problem. People smarter than I have done the math, and figured out that if X% of the address space can be reclaimed via these efforts, that gains Y years of address space. Turns out Y is pretty darn small no matter how agressive the search for underutilized space. Basically the RIR's would have to spin up more staff and, well, harass pretty much every IP holder for a couple of years just to delay the transition to IPv6 by a couple of years. In the short term moving the date a couple of years may seem like a win, but in the long term its really insignificant. It's also important to note that RIR's are paid for by the users, the ramp up in staff and legal costs of such and effort falls back on the community. Is delaying IPv6 adoption worth having RIR fees double? If the policy to get companies to look at and return such resources had been investigated 10-15 years ago it might have been something that could have been done in a reasonable way with some positive results. It wasn't though, and rushing that effort now just doesn't make a meaningful difference in the IPv4-IPv6 transition, particularly given the pain of a rushed implementation. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpoe687k6sw9.pgp Description: PGP signature
Re: The Department of Work and Pensions, UK has an entire /8
On Wed, Sep 19, 2012 at 12:07:33AM -0500, Jimmy Hess wrote: Assume you have a public IPv4 assignment, and someone else starts routing your assignment... legitimately or not, RIR allocation transferred to them, or not. There might be a record created in a database, and/or internet routing tables regarding someone else using the same range for a connected network. But your unconnected network, is unaffected. Ahh... But the network may not be unconnected. Just because *you* don't have a path to it doesn't mean others are similarly disconnected. All of those others would be affected. You are going to have a hard time getting a court to take your case, if the loss/damages to your operation are $0, because your network is unconnected, and its operation is not impaired by someone else's use, and the address ranges' appearance in the global tables. Think about a company that has thousands of private interconnects with other companies. Unique address space would remove the chance of RFC1918 space clash, and any of the bad effects of NAT. (e.g The network *works* as it was originally designed.) Such a network would not have $0 in loss/damage when the partners can't reach it due to a rogue announcement. The Internet is not the same from all viewpoints.
Re: Big Temporary Networks
SNIP The only thing operators have to know about IPv6 is that IPv6, as is currently specified, is not operational. I think it is safe to say that this is provably false. Are there opportunities for increased efficiency, perhaps ... however: I get native IPv6 at home via my standard residential cable connection using off the shelf CPE gear and standard OSes. I get native IPv6 via my standard LTE devices, again - off the shelf - no customization required. *(Repeated emphasis on the use of standard, off the shelf components here ... no end-user hacking/tweaking, nor custom firmware loads, nor special requests to the provider ... it just works.)* * * Both of these have been properly functioning since being lit up. Clearly, atleast the two *rather large* operators involved *(Comcast Verizon Wireless, if it matters) *have deployed IPv6 in an operational fashion. I bet Hurricane Electric would *strongly* disagree as well. *... Not to mention the enterprise networks and hosting facilities that have also implemented IPv6 rather successfully, all of which are relying on some carrier(s) to provide them connectivity.* /TJ
Re: The Department of Work and Pensions, UK has an entire /8
Op 19-9-2012 14:35, Leo Bicknell schreef: In a message written on Tue, Sep 18, 2012 at 09:11:50PM -0700, Mike Hale wrote: I'd love to hear the reasoning for this. Why would it be bad policy to force companies to use the resources they are assigned or give them back to the general pool? There's also a ROI problem. People smarter than I have done the math, and figured out that if X% of the address space can be reclaimed via these efforts, that gains Y years of address space. Turns out Y is pretty darn small no matter how agressive the search for underutilized space. Basically the RIR's would have to spin up more staff and, well, harass pretty much every IP holder for a couple of years just to delay the transition to IPv6 by a couple of years. In the short term moving the date a couple of years may seem like a win, but in the long term its really insignificant. It's also important to note that RIR's are paid for by the users, the ramp up in staff and legal costs of such and effort falls back on the community. Is delaying IPv6 adoption worth having RIR fees double? Forcing a government organization to renumber their (large!) network to 10/8 just to give it back it to ARIN would be a massive undertaking. There are considerable drawbacks: 1. The renumbering of a government organization is payed for by the UK taxpayers. I'm sure the UK can use the funds somewhere else right now. 2. The time taken to complete this operation would likely run into years, see 1. 3. Even if the renumbering completes by 2015 it would be far too late, since we need it now rather then later. 4. The actual value of the sale of the /8 could either be huge in 2015, or insignificant in 2015. So the irony is that the taxpayer lobbying for return wants to have the /8 returned to or sell it. But there is a significant non-zero cost and he would be paying for it himself. I also like the idea of public services to be reachable in the future. Just because it is not in use now, I'll see them using it in the future. Regards, Seth
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 19, 2012, at 9:24 AM, John Osmon jos...@rigozsaurus.com wrote: On Wed, Sep 19, 2012 at 12:07:33AM -0500, Jimmy Hess wrote: Assume you have a public IPv4 assignment, and someone else starts routing your assignment... legitimately or not, RIR allocation transferred to them, or not. There might be a record created in a database, and/or internet routing tables regarding someone else using the same range for a connected network. But your unconnected network, is unaffected. Ahh... But the network may not be unconnected. Just because *you* don't have a path to it doesn't mean others are similarly disconnected. All of those others would be affected. You are going to have a hard time getting a court to take your case, if the loss/damages to your operation are $0, because your network is unconnected, and its operation is not impaired by someone else's use, and the address ranges' appearance in the global tables. Think about a company that has thousands of private interconnects with other companies. Unique address space would remove the chance of RFC1918 space clash, and any of the bad effects of NAT. (e.g The network *works* as it was originally designed.) Such a network would not have $0 in loss/damage when the partners can't reach it due to a rogue announcement. The Internet is not the same from all viewpoints. This discussion is repeating ones heard hear in the mid 1990s. Having a block of IP addresses not seen in YOUR IP routing tables is NOT evidence of unused addresses. For example, an inter-network SMTP relay correctly forwards messages via MX DNS entries only if unique IP address exist on both sides of the relay. This is just one example of application level gateways used to isolate networks at Layer 3 that has been in use for decades. As noted above, there are many instances of private interconnects which rely on assigned integers to tag destinations in a globally unique fashion. In the case of IP addressing, IANA and the various registries provide this globally unique assignment service. Use of these unique integers for packet routing is left as an exercise for the Network Engineer. IANA and the registries are not in the business of directly policing the use of any assigned integers. Those of us who have been involved in interconnecting private networks with overlapping IP address assignments are well aware of the pitfalls, hazards, and costs of using non-unique addressing. An entity which uses its ignorance of how addresses are used internally by another entity as an excuse to ignore proper IP address assignment is deliberately contributing to network chaos and to the culture of ignoring rules because we can. The bottom line is that Connected does not mean Routable via IPv4/IPv6. This is in addition to Hidden does not mean Unused as pointed out by others.
Recommended Generator Service in Northern Colorado
Looking for some recommendations on a company to do regularly scheduled maintenance work on our Generac Generator in Northern Colorado. The company who did the installation is out of business, and the company who most recently did work does not believe in answering the phone... Any suggestions welcome. --Blake
Re: Big Temporary Networks
On Sep 19, 2012, at 04:25, Masataka Ohta wrote: As I already stated, DHCP discover/request from STA to AP is unicast. This didn't sound right, so I decided to test. With the three clients available to me (laptop running OS X 10.7.4, phone running Android 4.0, and iPod running iOS 4.1.2) all client-server DHCP was broadcast, as well as server-client NACKs. Server-client offers and ACKs were unicast. --- Sean Harlow s...@seanharlow.info
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 19, 2012, at 1:46 AM, Alex Harrowell wrote: To be provocative, what on earth is their excuse for not using IPv6 internally? By definition, an internal network that isn't announced to the public Internet doesn't have to worry about happy eyeballs, broken carrier NAT, and the like because it doesn't have to be connected to them if it doesn't want to be. A lot of the transition issues are much less problematic if you're not on the public Internet. Because next to zero of the common office equipment supports v6, or supports it well. And honestly it's a cost facter that nobody has any incentive to pay. Every enterprise I have spoken with has the exact same intention: IPv4 inside forever to avoid cost they don't need to pay. NAT to v6 externally if necessary. Obviously when IPv6 has a larger footprint and their staff has the experience this will change, but asking the enterprise to pick up this ball and run with it is wasting your time. And second, have you ever worked on a private intranet that wasn't connected to the internet through a firewall? Skipping oob networks for equipment management, neither have I. Perhaps the military have a lot of weird equipment that is IPv4 only - in fact it's a racing certainty - but DWP is a gigantic enterprise data processing organisation. They also have some big Web sites, but obviously those aren't on the private network. (If they had enough workstations to need the whole /8, we wouldn't need DWP as the unemployment problem would have been definitively solved:-)) As a giant enterprise data processing center that works today, what possible motivation do they have for disrupting that? You've got to shake this silliness out of your head. I started my career when there were dozens of networking protocols. The industry eventually shook out by 1992 around IPv4, however many businesses were running some of the obsolete, dead, unsupported protocols well up and past 2000, long long long after IPv4 had become the one true protocol. Even if we flip the entire Internet over to IPv6 next week, enterprises will be running IPv4 internally well into the 2020s. Because they have no gain in paying the cost to change, and massive risk in making the change. Obviously some businesses will need to upgrade and will have the motivation. But don't expect people who don't need to upgrade, don't need to change, to undertake a massive infrastructure upgrade so that you can get more IPv4 addresses. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
Re: The Department of Work and Pensions, UK has an entire /8
On 9/19/12 10:42 AM, Jo Rhett wrote: And second, have you ever worked on a private intranet that wasn't connected to the internet through a firewall? Skipping oob networks for equipment management, neither have I. Plenty of people on this list have worked on private internet(s) with real AS numbers, public IP space and no direct internet connectivity.
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 19, 2012, at 1:42 PM, Jo Rhett jrh...@netconsonance.com wrote: And second, have you ever worked on a private intranet that wasn't connected to the internet through a firewall? Skipping oob networks for equipment management, neither have I. Yes, for many years. External connections only via Application Level Gateways for SMTP, HTTP and Virtual Network connections. And, using assigned IPv4 addresses. And, no one willing to pay for IPv6.
Re: The Department of Work and Pensions, UK has an entire /8
On Tue, Sep 18, 2012 at 9:49 PM, Mike Hale eyeronic.des...@gmail.comwrote: So...why do you need publicly routable IP addresses if they aren't publicly routable? Because doing anything else is Harmful! There's even an RFC that says so! http://tools.ietf.org/html/rfc1627 - Network 10 Considered Harmful Ford's /8 was allocated in 1988, a full 6 years before RFC1597 (the precursor to RFC1918) was released. Scott.
They aren't on *MY* Internet, so I should get their space!
I'm renaming the thread to what the argument really is. On Sep 19, 2012, at 11:01 AM, Cutler James R wrote: On Sep 19, 2012, at 1:42 PM, Jo Rhett jrh...@netconsonance.com wrote: And second, have you ever worked on a private intranet that wasn't connected to the internet through a firewall? Skipping oob networks for equipment management, neither have I. Yes, for many years. External connections only via Application Level Gateways for SMTP, HTTP and Virtual Network connections. And, using assigned IPv4 addresses. And, no one willing to pay for IPv6. You are making my point for me. Does your internet deal with duplication of IP space inside and outside the gateways? Is that easy to deal with? Thus my point is made. Just because you don't have direct connectivity to *every* point on the Internet does not mean that you don't need unique space. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 19, 2012, at 11:02 AM, Scott Howard sc...@doc.net.au wrote: On Tue, Sep 18, 2012 at 9:49 PM, Mike Hale eyeronic.des...@gmail.comwrote: So...why do you need publicly routable IP addresses if they aren't publicly routable? Because doing anything else is Harmful! There's even an RFC that says so! http://tools.ietf.org/html/rfc1627 - Network 10 Considered Harmful Actually, the reference you probably want is http://tools.ietf.org/rfc/rfc1814.txt - Unique Numbers are Good. That RFC caused a bit of consternation with the RIRs at the time as some of us (at least) were trying to suggest that given IPv4 was a limited (albeit not scarce at that time) resource, if you didn't plan on connecting to the Internet, RFC 1597 space was to be encouraged. Regards, -drc
Comcast mail admin contact?
We are having trouble that seems to look like we are being throttled from one of our production nets to Comcast's pop3 service (mail.comcast.net). Service appears to work fine from other addresses in our network, just transactions from one of our more active production source IPs seems to progress like molasses or sometimes connections time out completely though we are not experiencing any packet loss so it looks like throttling of some sort. If there's someone from Comcast or someone else on the list who could point me to the proper contact for admin of that service, I'd be much obliged. It is having significant impact on some of their users who reach them via our services. G
Re: The Department of Work and Pensions, UK has an entire /8
On 9/19/2012 10:52 AM, joel jaeggli wrote: On 9/19/12 10:42 AM, Jo Rhett wrote: And second, have you ever worked on a private intranet that wasn't connected to the internet through a firewall? Skipping oob networks for equipment management, neither have I. Plenty of people on this list have worked on private internet(s) with real AS numbers, public IP space and no direct internet connectivity. *cough* 33/8 *cough* (among others) Can we now let this die a well-deserved death? Pretty please? -- You may want to read RFC 1796, and then retract what you said because it sounds silly. Nick Hilliard (http://tools.ietf.org/rfc/rfc1796.txt)
Re: The Department of Work and Pensions, UK has an entire /8
Those who argue that IPv4 addresses must be reclaimed seem to have forgotten that even for small organizations, converting IPv4 address space to RFC1918 addresses, or IPv6, is a huge task given the fixed IP addresses of many devices (printers, copy machines, etc.), and even worse, the many key business application programs that use hard-coded IP addresses instead of DNS resolution. Many of these application programs were written many years ago, and are poorly supported, such that making code changes places a company's business success on the line. Of course, unused /8 prefixes appear to be an abuse, but as some have noted in this thread, many large organizations were assigned /8s decades ago, and have used them for IP addressing for key business functions. David On Tue, Sep 18, 2012 at 7:07 AM, Eugen Leitl eu...@leitl.org wrote: http://paritynews.com/network/item/325-department-of-work-and-pensions-uk-in-possession-of-169-million-unused-ipv4-addresses Department of Work and Pensions UK in Possession of 16.9 Million Unused IPv4 Addresses Written by Ravi Mandalia Department of Work and Pensions UK in Possession of 16.9 Million Unused IPv4 Addresses The Department of Work and Pensions, UK has an entire block of '/8' IPv4 addresses that is unused and an e-petition has been filed in this regards asking the DWP to sell it off thus easing off the RIPE IPv4 address space scarcity a little. John Graham-Cumming, who found this unused block, wrote in a blog post that the DWP was in possession of 51.0.0.0/8 IPv4 addresses. According to Cumming, these 16.9 million IP addresses are unused at the moment and he derived this conclusion by doing a check in the ASN database. “A check of the ASN database will show that there are no networks for that block of addresses,” he wrote. An e-petition has been filed in this regards. “It has recently come to light that the Department for Work and Pensions has its own allocated block of 16,777,216 addresses (commonly referred to as a /8), covering 51.0.0.0 to 51.255.255.255”, reads the petition. The UK government, if it sells off this /8 block, could end up getting £1 billion mark. “£1 billion of low-effort extra cash would be a very nice thing to throw at our deficit,” read the petition. Cumming ends his post with the remark, “So, Mr. Cameron, I'll accept a 10% finder's fee if you dispose of this asset :-)”.
Re: The Department of Work and Pensions, UK has an entire /8
Am I correct in assuming that the unused IP block would not be sold as is mentioned in the article, but instead be returned to RIPE to be reallocated? Robert On 18 Sep 2012, at 10:07, Eugen Leitl wrote: http://paritynews.com/network/item/325-department-of-work-and-pensions-uk-in-possession-of-169-million-unused-ipv4-addresses Department of Work and Pensions UK in Possession of 16.9 Million Unused IPv4 Addresses Written by Ravi Mandalia Department of Work and Pensions UK in Possession of 16.9 Million Unused IPv4 Addresses The Department of Work and Pensions, UK has an entire block of '/8' IPv4 addresses that is unused and an e-petition has been filed in this regards asking the DWP to sell it off thus easing off the RIPE IPv4 address space scarcity a little. John Graham-Cumming, who found this unused block, wrote in a blog post that the DWP was in possession of 51.0.0.0/8 IPv4 addresses. According to Cumming, these 16.9 million IP addresses are unused at the moment and he derived this conclusion by doing a check in the ASN database. “A check of the ASN database will show that there are no networks for that block of addresses,” he wrote. An e-petition has been filed in this regards. “It has recently come to light that the Department for Work and Pensions has its own allocated block of 16,777,216 addresses (commonly referred to as a /8), covering 51.0.0.0 to 51.255.255.255”, reads the petition. The UK government, if it sells off this /8 block, could end up getting £1 billion mark. “£1 billion of low-effort extra cash would be a very nice thing to throw at our deficit,” read the petition. Cumming ends his post with the remark, “So, Mr. Cameron, I'll accept a 10% finder's fee if you dispose of this asset :-)”.
Re: The Department of Work and Pensions, UK has an entire /8
As the subsequent discussion here shows, unused is a press inaccuracy. The nets are in active use; much of that use is not publicly advertised, but it's still in use. George William Herbert Sent from my iPhone On Sep 19, 2012, at 1:35 PM, Robert Guerra rgue...@privaterra.org wrote: Am I correct in assuming that the unused IP block would not be sold as is mentioned in the article, but instead be returned to RIPE to be reallocated? Robert On 18 Sep 2012, at 10:07, Eugen Leitl wrote: http://paritynews.com/network/item/325-department-of-work-and-pensions-uk-in-possession-of-169-million-unused-ipv4-addresses Department of Work and Pensions UK in Possession of 16.9 Million Unused IPv4 Addresses Written by Ravi Mandalia Department of Work and Pensions UK in Possession of 16.9 Million Unused IPv4 Addresses The Department of Work and Pensions, UK has an entire block of '/8' IPv4 addresses that is unused and an e-petition has been filed in this regards asking the DWP to sell it off thus easing off the RIPE IPv4 address space scarcity a little. John Graham-Cumming, who found this unused block, wrote in a blog post that the DWP was in possession of 51.0.0.0/8 IPv4 addresses. According to Cumming, these 16.9 million IP addresses are unused at the moment and he derived this conclusion by doing a check in the ASN database. “A check of the ASN database will show that there are no networks for that block of addresses,” he wrote. An e-petition has been filed in this regards. “It has recently come to light that the Department for Work and Pensions has its own allocated block of 16,777,216 addresses (commonly referred to as a /8), covering 51.0.0.0 to 51.255.255.255”, reads the petition. The UK government, if it sells off this /8 block, could end up getting £1 billion mark. “£1 billion of low-effort extra cash would be a very nice thing to throw at our deficit,” read the petition. Cumming ends his post with the remark, “So, Mr. Cameron, I'll accept a 10% finder's fee if you dispose of this asset :-)”.
RE: Recommended Generator Service in Northern Colorado (from nanog)
Since I have gotten many off list responses.. I have a submitted an Information Request they sent me back the list which is on their website of 24 shops within 75 miles. Looking for a little bit more information/history, as two of them I called this morning I went to their voicemail. Of course they were the ones with reviews on the Generac website as well so no more real world feedback. Thanks --Blake -Original Message- From: Hal Murray [mailto:hmur...@megapathdsl.net] Sent: Wednesday, September 19, 2012 2:58 PM To: Blake Pfankuch Cc: Hal Murray Subject: Re: Recommended Generator Service in Northern Colorado (from nanog) Looking for some recommendations on a company to do regularly scheduled maintenance work on our Generac Generator in Northern Colorado. The company who did the installation is out of business, and the company who most recently did work does not believe in answering the phone... Have you called the manufacturer? They have a serious interest in making sure that somebody will service their gear. If they don't actually now of a service company, they might know of other customers in your area. -- These are my opinions. I hate spam.
Re: The Department of Work and Pensions, UK has an entire /8
Robert, On Sep 19, 2012, at 1:35 PM, Robert Guerra rgue...@privaterra.org wrote: Am I correct in assuming that the unused IP block would not be sold as is mentioned in the article, but instead be returned to RIPE to be reallocated? Assuming for the sake of argument that the 51/8 is actually unused (which it apparently isn't), the UK gov't would be under no contractual obligation to return the address space to IANA (which is (arguably) the allocating registry, not RIPE) -- I believe that class A was allocated prior to the existence of the RIRs and registration service agreements. Regards, -drc
Re: The Department of Work and Pensions, UK has an entire /8
On 19/09/2012 22:02, David Conrad wrote: Assuming for the sake of argument that the 51/8 is actually unused (which it apparently isn't), the UK gov't would be under no contractual obligation to return the address space to IANA (which is (arguably) the allocating registry, not RIPE) -- I believe that class A was allocated prior to the existence of the RIRs and registration service agreements. the ripe ncc has short-circuited this particular argument by committing to hand back to IANA any legacy address space which is handed back to it. I.e. makes no difference - it ends up at IANA anyway. Nick
Re: The Department of Work and Pensions, UK has an entire /8
In article 450916d8-fa1d-4d43-be8f-451d50dd6...@privaterra.org you write: Am I correct in assuming that the unused IP block would not be sold as is mentioned in the article, but instead be returned to RIPE to be reallocated? Since there is no chance of either one happening, no. R's, John
Re: Big Temporary Networks
Sean Harlow wrote: As I already stated, DHCP discover/request from STA to AP is unicast. This didn't sound right, so I decided to test. Your test is invalid. With the three clients available to me (laptop running OS X 10.7.4, phone running Android 4.0, and iPod running iOS 4.1.2) all client-server DHCP was broadcast Of course. However, at WiFi L2, it is first unicast to AP and then broadcast by the AP. Masataka Ohta
Re: Big Temporary Networks
TJ wrote: The only thing operators have to know about IPv6 is that IPv6, as is currently specified, is not operational. I think it is safe to say that this is provably false. You failed to do so. Are there opportunities for increased efficiency, perhaps ... however: Congestion collapse is not a matter of mere efficiency. I get native IPv6 at home via my standard residential cable connection using off the shelf CPE gear and standard OSes. I get native IPv6 via my standard LTE devices, again - off the shelf - no customization required. That IPv6 works fine sometimes in some environment is not a valid proof that IPv6 is operational. Purposelessly bloated specification of IPv6 cause problems in some environment, against which removal of features is the only cure. It's like not using IP options, even though they are defined in RFC791. Masataka Ohta
Re: The Department of Work and Pensions, UK has an entire /8
Imagine that you are the DWP. You're given a block of addresses, told that they will be yours forever, plan your network accordingly, and implement your plan. Now, decades later, people are telling you that forever is over, and you have to totally re-address your network because you have something that other people want. To make the request that much more interesting, the reason that they want your block is because they failed to implement the actual solution to the problem, IPv6. We were already looking at the IPv4 runout problems when I was at IANA in 2004. We already knew (in large part thanks to folks like Tony Hain and Geoff Huston) that we'd run out in the 2010-2012 time frame, and a lot of us pushed a lot of rocks up a lot of hills to get our part of the IPv6 infrastructure rollout done well in advance of that date. We (and by we here I am explicitly including the RIRs) also heavily discussed every single option for every single block ... holders of legacy blocks were quietly approached and asked about the potential of returning them, and some of them actually did. We scoured ERX space, re-thought a lot of long held assumptions (e.g., we could never allocate 1/8); and squeezed every drop of blood we could from the IPv4 turnip. Of course, this good work was continued long after I left ICANN, and the Internet community should be grateful to those who have spent many thankless hours dealing with this problem. ... and now, we're done. IPv4 is what it is. There are no new solutions, there is no magic bullet, and no quantity of pixie dust is going to cause new space to appear out of thin air. You can spend more time flogging long-concluded arguments, or you can spend your time productively by implementing IPv6. Doug
Re: Big Temporary Networks
On Thu, 20 Sep 2012 06:54:35 +0900, Masataka Ohta said: Sean Harlow wrote: As I already stated, DHCP discover/request from STA to AP is unicast. This didn't sound right, so I decided to test. Your test is invalid. You forgot to include a .jpg of Darth Vader playing bagpipes on a unicycle or similar. http://knowyourmeme.com/memes/your-argument-is-invalid pgps3IrjsdBoW.pgp Description: PGP signature
Re: The Department of Work and Pensions, UK has an entire /8
Doug Barton wrote: We were already looking at the IPv4 runout problems when I was at IANA in 2004. We already knew (in large part thanks to folks like Tony Hain and Geoff Huston) that we'd run out in the 2010-2012 time frame, and a lot of us pushed a lot of rocks up a lot of hills to get our part of the IPv6 infrastructure rollout done well in advance of that date. So 6-8 years to try and rehabilitate 240/4 was not even enough to try? ... and now, we're done. IPv4 is what it is. There are no new solutions, there is no magic bullet, Just old ones that nobody liked at that time, that will continue to be re-examined until nobody needs IPv4 anymore. and no quantity of pixie dust is going to cause new space to appear out of thin air. For the right price the amount of effort required to increase efficiency of the space we already have will become worthwhile. With a decreased burn rate, efforts to retrieve and rehabilitate space become more useful. You can spend more time flogging long-concluded arguments, or you can spend your time productively by implementing IPv6. Doug You know we will be doing both for quite some more time. Joe
Re: Big Temporary Networks
On Wed, Sep 19, 2012 at 11:33 AM, Sean Harlow s...@seanharlow.info wrote: On Sep 19, 2012, at 04:25, Masataka Ohta wrote: As I already stated, DHCP discover/request from STA to AP is unicast. This didn't sound right, so I decided to test. With the three clients available to me (laptop running OS X 10.7.4, phone running Android 4.0, and iPod running iOS 4.1.2) all client-server DHCP was broadcast, as well as server-client NACKs. Server-client offers and ACKs were unicast. I think Masataka meant to say (and said previously) that the DHCP request from the wifi station is, like all packets from the wifi station to the AP, subject to wifi's layer 2 error recovery. It's not unicast but its subject to error recovery anyway. In the return direction (AP to station) broadcast and multicast packets are not subject to error recovery while unicast packets are. Hence the the DHCPv4 server-client unicast offers and acks pass reliably while IPv6's equivalent multicast ICMPv6 router advertisements do not. On Wed, Sep 19, 2012 at 5:54 PM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp wrote: However, at WiFi L2, it is first unicast to AP and then broadcast by the AP. Your use of nomenclature is incorrect. It'd be like saying my ethernet card unicasts a packet to the switch and then the switch broadcasts it out all ports. Or like saying that a packet with an explicit MAC destination is a broadcast packet because the switch doesn't have the address in its MAC table. The packet is flooded out all ports but its not a broadcast packet. A layer 2 packet was unicast, multicast or broadcast moment I attached the appropriate destination MAC. The exact handling on a particular segment of the layer 2 network, while important in other contexts, is irrelevant to the designation unicast, multicast or broadcast. On Wed, Sep 19, 2012 at 3:26 AM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp wrote: The only thing operators have to know about IPv6 is that IPv6, as is currently specified, is not operational. No offense, but it is not for you or I or Owen Delong to declare that IPv6 is or isn't operational. Operators of individual networks can and will decide for themselves whether and when IPv6 is sufficiently operational for their use. Your observation about IPv6's equivalent of an ARP reply using multicast so that it misses wifi's layer 2 error recorvery (and thus performs poorly compared to IPv4) was of value. Got any more or are we ready to move on? Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: The Department of Work and Pensions, UK has an entire /8
On Wed, 19 Sep 2012 18:36:08 -0400, Joe Maimon said: So 6-8 years to try and rehabilitate 240/4 was not even enough to try? 6 years of work to accomplish something that would only buy us 16 /8s, which would be maybe 2 year's supply, instead of actually deploying IPv6. And at the end of the 2 years, you'll *still* have to do the work of deploying IPv6 That sort of trade-off only makes sense for somebody in *serious* denial. pgpuETLm7zAIw.pgp Description: PGP signature
Re: The Department of Work and Pensions, UK has an entire /8
valdis.kletni...@vt.edu wrote: On Wed, 19 Sep 2012 18:36:08 -0400, Joe Maimon said: So 6-8 years to try and rehabilitate 240/4 was not even enough to try? 6 years of work What I said is that they knew they would have had at least 6 years or _more_ to rehabilitate it, had they made a serious effort at the time. In fact, we still do not know how much more is, because the upper bound of more is when IPv4 need actually tapers off and is replaced with IPv6 consumption. When you say you did all you could for IPv4, that is an opinion and hardly an objective one at that. Expect the debates to continue. to accomplish something that would only buy us 16 /8s, which would be maybe 2 year's supply, As supply tightens, consumption slows. Lets see how long the last /8 last RIPE. You have no way of knowing what the consumption rate will be in the final days of IPv4 and how much of an impact 16 /8 would make at that point. We are not there yet. instead of actually deploying IPv6. Right, because it was an either or. And at the end of the 2 years, you'll *still* have to do the work of deploying IPv6 That sort of trade-off only makes sense for somebody in *serious* denial. Turns out it was a neither. Joe
Re: The Department of Work and Pensions, UK has an entire /8 nanog@nanog.org
From: Jo Rhett jrh...@netconsonance.com Date: Wed, 19 Sep 2012 10:42:30 -0700 Subject: Re: The Department of Work and Pensions, UK has an entire /8 [[ sneck ]] And second, have you ever worked on a private intranet that wasn't connected to the internet through a firewall? Skipping oob networks for equipment management, neither have I. Yes, in fact, I have. grin In the financial and/or brokerage communities, there are internal networks with enough 'high value'/sensitive information to justify air gap isolation from the outide world. Also, in those industries, there are 'semi-isolated' networks where all external commnications are mediated through dual-homed _application- layer_ gateways. No packet-level communications between 'inside' and 'outside'. The 'inside' apps onl know how to talk to the gateway; server- side talks only to specific (pre-determined) trusted hosts for the specific request being processed. NO 'transparent pass-through' in either direction.
Re: Big Temporary Networks
William Herrin wrote: I think Masataka meant to say (and said previously) that the DHCP request from the wifi station is, like all packets from the wifi station to the AP, subject to wifi's layer 2 error recovery. It's not unicast but its subject to error recovery anyway. Mostly correct. But, as I already wrote: 1) broadcast/multicast from a STA attacked to an AP is actually unicast to the AP and reliably received by the AP (and relayed unreliably to other STAs). That is, a broadcast ARP request from the STA to the AP is reliably received by the AP. Because of hidden terminals, L2 broadcast/multicast is transmitted only from AP. However, at WiFi L2, it is first unicast to AP and then broadcast by the AP. Your use of nomenclature is incorrect. It'd be like saying my ethernet Ethernet? card unicasts a packet to the switch and then the switch broadcasts it out all ports. Or like saying that a packet with an explicit MAC destination Do you know MAC header of 802.11 contains four, not just source and destination, MAC addresses? Because of hidden terminals and because of impossibility of collision detection, WLAN is a little more complex than your guess. No offense, but it is not for you or I or Owen Delong to declare that IPv6 is or isn't operational. A single counter example is enough to deny IPv6 operational. whether and when IPv6 is sufficiently operational for their use. The scope is not their use but as a protocol for the entire Internet. Masataka Ohta
Re: The Department of Work and Pensions, UK has an entire /8 nanog@nanog.org
On Sep 19, 2012, at 5:59 PM, Robert Bonomi wrote: In the financial and/or brokerage communities, there are internal networks with enough 'high value'/sensitive information to justify air gap isolation from the outide world. Also, in those industries, there are 'semi-isolated' networks where all external commnications are mediated through dual-homed _application- layer_ gateways. No packet-level communications between 'inside' and 'outside'. The 'inside' apps onl know how to talk to the gateway; server- side talks only to specific (pre-determined) trusted hosts for the specific request being processed. NO 'transparent pass-through' in either direction. You're all missing the point in grand style. If you would stop trying to brag about something that nearly everyone has done in their career and pay attention to the topic you'd realize what my point was. This is the last time I'm going to say this. Not only do I know well those networks, I was the admin responsible for the largest commercial one (56k routes) in existence that I'm aware of. I was at one point cooperatively responsible for a very large one in SEANet as well. (120k routes, 22k offices) I get what you are talking about. That's not what I am saying. For these networks to have gateways which connect to the outside, you have to have an understanding of which IP networks are inside, and which IP networks are outside. Your proxy client then forwards connections to outside networks to the gateway. You can't use the same networks inside and outside of the gateway. It doesn't work. The gateway and the proxy clients need to know which way to route those packets. THUS: you can't have your own IP space re-used by another company on the Internet without breaking routing. Duh. RFC1918 is a cooperative venture in doing exactly this, but you simply can't use RFC1918 space if you also connect to a diverse set of other businesses/units/partners/etc. AND there is no requirement in any IP allocation document that you must use RFC1918 space. So acquiring unique space and using it internally has always been legal and permitted. Now let's avoid deliberately misunderstanding me again, alright? -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
Re: Big Temporary Networks
On Wed, Sep 19, 2012 at 9:24 PM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp wrote: A single counter example is enough to deny IPv6 operational. Really? If that is really your opinion, the entire conversation is a rather moot point as I believe you and pretty much the rest of the world (again, including all those who helped develop and have deployed / are deploying IPv6) are not in agreement. *Not saying popularity equals correctness, just that there is a sizable counter-point to your statement. * Yes, the goal should be to minimize the special cases but there will always some of those. That is what the ~IPv6 over Foo series of documents is all about, accommodating those needs ... A single counter example is *only *enough to say that IPv6 does not *currently/ideally* fit *that* deployment scenario and that, just perhaps, *that deployment* needs some special consideration(s) on the part of IPv6. It does not, in any way, invalidate the protocol as a whole. Let me ask, in your opinion: Is the better and easier answer here to start from scratch, or to identify the problem(s) and simply fix it(them) if warranted? /TJ
Re: The Department of Work and Pensions, UK has an entire /8 nanog@nanog.org
On Wed, 19 Sep 2012 18:46:54 -0700, Jo Rhett said: You're all missing the point in grand style. Given that the entire thread is based on somebody who missed the point in totally grand style and managed to get press coverage of said missing the point, I am starting to suspect that several people in the thread are doing so intentionally to see how hard they can troll the NANOG list without anybody catching on. pgpVkyGeR2uJn.pgp Description: PGP signature
Re: The Department of Work and Pensions, UK has an entire /8 nanog@nanog.org
On Wed, Sep 19, 2012 at 06:46:54PM -0700, Jo Rhett wrote: For these networks to have gateways which connect to the outside, you have to have an understanding of which IP networks are inside, and which IP networks are outside. Your proxy client then forwards connections to outside networks to the gateway. You can't use the same networks inside and outside of the gateway. It doesn't work. The gateway and the proxy clients need to know which way to route those packets. It works fine if the gateway has multiple routing tables (VRF or equivalent) and application software that is multiple-routing-table aware. Not disagreeing at all with the point many are making that not on the Internet doesn't mean not in use. Many people for good reason decide to use globally unique space on networks that are not connected to the Internet. But the idea that you *can't* tie two networks togethor with an application gateway unless the address space is unique is an overstatement. It's just harder. -- Brett
Re: The Department of Work and Pensions, UK has an entire /8
On 9/19/12, John Osmon jos...@rigozsaurus.com wrote: On Wed, Sep 19, 2012 at 12:07:33AM -0500, Jimmy Hess wrote: But your unconnected network, is unaffected. Ahh... But the network may not be unconnected. Just because *you* don't have a path to it doesn't mean others are similarly disconnected. I'm aware of the existence of networks that are only connected to limited number of networks. The fact that they exist, doesn't particularly diminish the danger, that their apparently unused addressing will become a target for someone. It would be wrong and broken, but that doesn't mean it is not going to happen. Such a network would not have $0 in loss/damage when the partners can't reach it due to a rogue announcement. If they wanted to make a case about it, they would likely need to find evidence that outweighs even their own negligence in the matter. There's no accepted practice that says accept inter-domain announcements for your own prefixes that aren't supposed to be announced outside your network The announcement also wouldn't be rogue, if the announcer had persuaded the RIR under whatever policy was in effect at the time, to assign the addresses. There's a fork there, between two different sorts of risks * (Non-legitimate) Example: Some networks run by massive Tier 1 providers that for whatever reason decides to stop accepting the whole concept of unconnected networks, an example of this would be Bell Canada, Level3, ATT, or Verizon just decides to pick some random /8 they see as unconnected, claim that /8 and start announcing it,and starts renumbering massive numbers of CPEs into the space. Within a couple weeks, each of the other Tier 1s, grabs one of those unconnected /8s;or the Tier1's work out a deal to share it, totally outside the RIR process. A second similar, but totally unrelated risk, for the operator of the unconnected network, is their RIR policies are adjusted, and revokation of the perceived unconnected /8 becomes imminent. The Internet is not the same from all viewpoints. That works, until there is a sufficient scarcity of resources to make major players desparate. Ultimately it will be the management of networks with the largest numbers of eyeballs, that decide which viewpoint is correct. -- -JH
Re: The Department of Work and Pensions, UK has an entire /8
On Sep 19, 2012, at 5:50 pm, Joe Maimon jmai...@ttec.com wrote: […] So 6-8 years to try and rehabilitate 240/4 was not even enough to try? 6 years of work What I said is that they knew they would have had at least 6 years or _more_ to rehabilitate it, had they made a serious effort at the time. Remind me, who is they? I remember this: http://tools.ietf.org/html/draft-fuller-240space-02 and this: http://tools.ietf.org/html/draft-wilson-class-e-02 There was even a dedicated mailing list. But the drafts never made it beyond drafts, which suggests there was not a consensus in favour of an extra 18 months of IPv4 space with dubious utility value because of issues with deploy-and-forget equipment out in the wild. The consensus seems to have been in favour of skipping 240/4 and just getting on with deploying IPv6, which everyone would have to do anyway no matter what. Is that so terrible? Regards, Leo smime.p7s Description: S/MIME cryptographic signature
Re: The Department of Work and Pensions, UK has an entire /8
On 09/19/2012 15:36, Joe Maimon wrote: So 6-8 years to try and rehabilitate 240/4 was not even enough to try? All the experts I consulted with told me that the effort to make this workable on the big-I Internet, not to mention older private networks; would be equivalent if not greater than the effort to deploy v6 ... and obviously with much less long-term benefit. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909)
Re: The Department of Work and Pensions, UK has an entire /8
In message 505a8828.9040...@dougbarton.us, Doug Barton writes: On 09/19/2012 15:36, Joe Maimon wrote: So 6-8 years to try and rehabilitate 240/4 was not even enough to try? All the experts I consulted with told me that the effort to make this workable on the big-I Internet, not to mention older private networks; would be equivalent if not greater than the effort to deploy v6 ... and obviously with much less long-term benefit. Doug And for those cases I would agree with you and the experts. However it would have been possible to use 240/4 between CPE and a 6rd BR and CGN with CPE signaling that it can use 240/4 address it is assigned one. This could be done incrementally and would have been better than the /10 that was eventually allocated for that purpose. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Big Temporary Networks
TJ wrote: A single counter example is enough to deny IPv6 operational. Really? With the Internet wide scope, yes, of course. In general, as IPv6 was designed to make ND uber Alles, not IP uber Alles, and ND was designed by a committee with only ATM, Ethernet and PPP in mind, ND can not be an adaptation mechanism to run IP over various link with link specific properties. Thus, even though people only using Ethernet and PPP might think ND is good enough, a single example of a link is enough to deny ND uber Alles. Though you wrote: I think it is safe to say that this is provably false. it is impossible because it is probatio diabolica. Instead, a single counter example is enough to totally deny probatio diabolica. Or, if you need another example on how poorly ND behaves under some environment, it's timing constraints are specified mostly in units of second, not millisecond, because the IPv6 committee silently assumed that hosts are immobile. Thus, latency imposed by ND is often too large for links with quickly moving objects. Never claim IPv6 operational with your narrowly scoped experiences, because what you are attempting to do is probatio diabolica. That is what the ~IPv6 over Foo series of documents is all about, accommodating those needs ... Because ND uber Alles is impossible, IPv6 over Foo series specifying ND parameters are not helpful. Masataka Ohta
Re: The Department of Work and Pensions, UK has an entire /8
Leo Vegoda wrote: There was even a dedicated mailing list. But the drafts never made it beyond drafts, which suggests there was not a consensus in favour of an extra 18 months of IPv4 space with dubious utility value because of issues with deploy-and-forget equipment out in the wild. The consensus seems to have been in favour of skipping 240/4 and just getting on with deploying IPv6, which everyone would have to do anyway no matter what. Is that so terrible? Regards, Leo Thats one suggestion. There are others. I cant determine which is more prevalent, the IPv4 hate or the IPv6 victim mentality. How does hindsight slow-mo replay this call of consensus? Why is this cast as a boolean choice? And how has the getting on with IPv6 deployment been working out? That the discussion continues is in and of itself a verdict. Joe
Re: Big Temporary Networks
On 9/19/2012 11:33 PM, Masataka Ohta wrote: TJ wrote: A single counter example is enough to deny IPv6 operational. Really? With the Internet wide scope, yes, of course. So, a single example of IPv4 behaving in a suboptimal manner would be enough to declare IPv4 not operational? Reductio ad absurdum -DMM
Re: The Department of Work and Pensions, UK has an entire /8
On 9/19/12, Joe Maimon jmai...@ttec.com wrote: Why is this cast as a boolean choice? And how has the getting on with IPv6 deployment been working out? getting a single extra /4 is considered, not enough of a return to make the change. I don't accept that, but as far as rehabilitating 240/4, that lot was already cast, I think, and the above was the likely reason, there have been plenty of objections which all amounted to too much trouble to lift the pen and change it. So if you want some address space rehabilitated, by a change of standard, it apparently needs to be more than a /4. There is still no technical reason that 240/4 cannot be rehabilitated, other than continued immaterial objections to doing anything at all with 240/4, and given the rate of IPv6 adoption thus far, if not for those, it could possibly be reopened as unicast IPv4, and be well-supported by new equipment, before the percentage of IPv6-enabled network activity reaches a double digit percentage... That the discussion continues is in and of itself a verdict. Joe -- -JH
Re: The Department of Work and Pensions, UK has an entire /8
So 6-8 years to try and rehabilitate 240/4 was not even enough to try? Since it would require upgrading the IP stack on every host on the internet, uh, no. If you're planning to do that, you might as well make the upgrade handle IPv6. and no quantity of pixie dust is going to cause new space to appear out of thin air. No, but money can work wonders, once the IP address space market comes out of the shadows. R's, John
Re: The Department of Work and Pensions, UK has an entire /8
There is still no technical reason that 240/4 cannot be rehabilitated, other than continued immaterial objections to doing anything at all with 240/4, and given the rate of IPv6 adoption thus far, if not for those, it could possibly be reopened as unicast IPv4, and be well-supported by new equipment, before the percentage of IPv6-enabled network activity reaches a double digit percentage... Don't most IP stacks (still) consider 240/8 and above illegal addresses and won't deal with packets to/from those addresses? If that's still the case, it'd be another good 10-20 years before 240/8 and above could be released for general use, as nothing would work with them. In that case, you might as well start rolling out IPv6 and any new hardware/software changes ready for v6.
Re: The Department of Work and Pensions, UK has an entire /8
In message caaawwbw2oh0-cpsvwyrfdodvjotavaq8wdlussqvshs5cot...@mail.gmail.com , Jimmy Hess writes: On 9/19/12, Joe Maimon jmai...@ttec.com wrote: Why is this cast as a boolean choice? And how has the getting on with IPv6 deployment been working out? getting a single extra /4 is considered, not enough of a return to make the change. I don't accept that, but as far as rehabilitating 240/4, that lot was already cast, I think, and the above was the likely reason, there have been plenty of objections which all amounted to too much trouble to lift the pen and change it. So if you want some address space rehabilitated, by a change of standard, it apparently needs to be more than a /4. There is still no technical reason that 240/4 cannot be rehabilitated, other than continued immaterial objections to doing anything at all with 240/4, and given the rate of IPv6 adoption thus far, if not for those, it could possibly be reopened as unicast IPv4, and be well-supported by new equipment, before the percentage of IPv6-enabled network activity reaches a double digit percentage... The work to fix this on most OS is minimal. The work to ensure that it could be used safely over the big I Internet is enormous. It's not so much about making sure new equipment can support it than getting servers that don't support it upgraded as well as every box in between. That the discussion continues is in and of itself a verdict. Joe -- -JH -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: The Department of Work and Pensions, UK has an entire /8
Op 20 sep 2012, om 07:34 heeft Mark Andrews het volgende geschreven: In message caaawwbw2oh0-cpsvwyrfdodvjotavaq8wdlussqvshs5cot...@mail.gmail.com , Jimmy Hess writes: The work to fix this on most OS is minimal. The work to ensure that it could be used safely over the big I Internet is enormous. It's not so much about making sure new equipment can support it than getting servers that don't support it upgraded as well as every box in between. I'm only afraid it may operate worse then 1/8. Not sure how happy you would be as an ISP or a customer in that range. Cheers, Seth