RE: bloomberg on supermicro: sky is falling

2018-10-12 Thread David Edelman 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I agree that bank fees for transfers between accounts is unusual. There may be 
a limit on the number of transfers you can do each month but typically no fees. 
I agree with the point about using a credit card for gas purchases, since you 
are currently using a debit card, you are going to be paying the credit card 
off each month and there is no interest charge, this assumes that you have a 
credit card already. If you do have a credit card and it isn't one that has 
awards, consider switching to one that does have awards that are useful to you. 
Switch all of the stuff that you would normally pay with the ATM card to the 
credit card but remember treat the credit card like an ATM card and pay in full 
each billing cycle.
I would argue that the liability protections are actually better with an ATM 
card since there is a requirement for the bank to make you whole without even a 
$50 maximum liability. The user experience may be better with the credit card.

Dave Edelman

- -Original Message-
From: NANOG  On Behalf Of William Herrin
Sent: Friday, October 12, 2018 4:53 PM
To: Naslund, Steve 
Cc: nanog@nanog.org
Subject: Re: bloomberg on supermicro: sky is falling

On Fri, Oct 12, 2018 at 4:39 PM Naslund, Steve  wrote:
> >Make a second account at your bank.  One account is 'storage' and has 
> >all your money.  You never use the 'storage account' ATM card for 
> >anything outside your bank's ATM machines.
>
> Doubling the service fees from your bank.

Hi Steve,

Your bank charges you service fees?

When I opened an additional checking account so I'd have something to link 
paypal to, it was free.


> >The second one is where you only keep $50-$100 in it.  When you use 
> >your ATM card it's only this account that's used.  Just before you 
> >make a purchase, move money from your 'storage account' into your 
> >'active account' and make the purchase.
>
> Don’t really want to be doing transfers with service fees every time I 
> decide to fill up the gas tank.

Your bank charges you a service fee to move money from one account to another 
at the same bank? Weird. Also, why would you buy gas (or anything else) with a 
debit card? Your legal liability protections with a credit card are better. 
Under the Fair Credit Billing Act, the consumer's maximum liability for a 
credit card breach is $50 and most banks waive that as well.

Regards,
Bill Herrin


- --
William Herrin  her...@dirtside.com  b...@herrin.us Dirtside 
Systems . Web: 
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQP+UHquEepll566aqXCCyZOY1FIQUCW8EXowAKCRCXCCyZOY1F
Ib9nAKDKOUa+9HbWpWUxLqjHKe+BqQfJQACfbSNVz1rI2RNx004qw3B299L/E8Q=
=LUpC
-END PGP SIGNATURE-

Re: bloomberg on supermicro: sky is falling

2018-10-12 Thread Matt Harris 
On Fri, Oct 12, 2018 at 3:53 PM William Herrin  wrote:

>
> Your bank charges you service fees?
>
> When I opened an additional checking account so I'd have something to
> link paypal to, it was free.
>

Plus you don't earn rewards points.  I use an amex charge card for just
about everything, never pay a dime in interest, and my annual fee is offset
by about 5x by my points earnings.  Any bank that charges for basic
transfers and such is terrible - and yeah I know it's fairly common amongst
the largest banks in the US... I use a small credit union and they're
great.  The only time I've ever paid them a fee for a service was when I
did a very large wire transfer when I bought my house.

I'd recommend checking out some local credit unions to find better, more
consumer-friendly policies and fee schedules.

Take care,
Matt

RE: bloomberg on supermicro: sky is falling

2018-10-12 Thread Scott Weeks 


--- snasl...@medline.com wrote:
From: "Naslund, Steve" 

>Make a second account at your bank.  One account is
>'storage' and has all your money.  You never use
>the 'storage account' ATM card for anything outside
>your bank's ATM machines.

Doubling the service fees from your bank.


No, it's free.  It also depends on the type of accounts
you set up.  Most banks I have heard of do this for free.



>The second one is where you only keep $50-$100 in
>it.  When you use your ATM card it's only this account
>that's used.  Just before you make a purchase, move
>money from your 'storage account' into your 'active
>account' and make the purchase.

Don’t really want to be doing transfers with service fees 
every time I decide to fill up the gas tank.  Also, lots 
of banks will allow overdrafts which creates even more 
fees and some even auto transfer from one account to 
another to cover your overdrafts.  Also, does nothing for 
credit cards at all.
--

This is all under your control.  I don't use ATM cards at 
gas stations or other places like that.  Mostly it's for 
online purchases and to get money from non-bank ATM 
machines and I pay nothing extra.  Last, I don't allow
overdrafts.  No money in the account; nothing can be
bought.


scott

Re: bloomberg on supermicro: sky is falling

2018-10-12 Thread William Herrin 
On Fri, Oct 12, 2018 at 4:39 PM Naslund, Steve  wrote:
> >Make a second account at your bank.  One account is
> >'storage' and has all your money.  You never use
> >the 'storage account' ATM card for anything outside
> >your bank's ATM machines.
>
> Doubling the service fees from your bank.

Hi Steve,

Your bank charges you service fees?

When I opened an additional checking account so I'd have something to
link paypal to, it was free.


> >The second one is where you only keep $50-$100 in
> >it.  When you use your ATM card it's only this account
> >that's used.  Just before you make a purchase, move
> >money from your 'storage account' into your 'active
> >account' and make the purchase.
>
> Don’t really want to be doing transfers with service fees
> every time I decide to fill up the gas tank.

Your bank charges you a service fee to move money from one account to
another at the same bank? Weird. Also, why would you buy gas (or
anything else) with a debit card? Your legal liability protections
with a credit card are better. Under the Fair Credit Billing Act, the
consumer's maximum liability for a credit card breach is $50 and most
banks waive that as well.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: bloomberg on supermicro: sky is falling

2018-10-12 Thread Bryce Wilson 

> Doubling the service fees from your bank. 

Depends on the bank. At my bank if you have a checking account, you can get a 
basic savings acolytes for free. They also have free transfers between accounts 
(which is very nice because on the basic savings account you are not allowed 
and other type of transfer for free).
Your second point about the overdraft fees is again dependent on banks. For 
mine if you don’t have enough money it will just decline the transaction.
It’s true that this does nothing for credit cards though and the constant 
transferring on money is rather annoying.

Thanks ~ Bryce Wilson, AS202313

RE: bloomberg on supermicro: sky is falling

2018-10-12 Thread Naslund, Steve 

>Make a second account at your bank.  One account is
>'storage' and has all your money.  You never use
>the 'storage account' ATM card for anything outside
>your bank's ATM machines.

Doubling the service fees from your bank.

>The second one is where you only keep $50-$100 in
>it.  When you use your ATM card it's only this account
>that's used.  Just before you make a purchase, move
>money from your 'storage account' into your 'active
>account' and make the purchase.

Don’t really want to be doing transfers with service fees every time I decide 
to fill up the gas tank.  Also, lots of banks will allow overdrafts which 
creates even more fees and some even auto transfer from one account to another 
to cover your overdrafts.  Also, does nothing for credit cards at all.

Steven Naslund
Chicago IL

Re: ifIndex

2018-10-12 Thread Mel Beckman 
Cisco has a feature you can enable called “Interface Index Persistence”:

https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/28420-ifIndex-Persistence.html

This solves the problem, at least with Cisco gear.

 -mel beckman

On Oct 12, 2018, at 1:33 PM, Naslund, Steve 
mailto:snasl...@medline.com>> wrote:

I see this all the time.  Especially in module chassis.  It seems like 
sometimes it has to do with when each board goes to a ready state as the system 
boots.  We also see renumbering due to virtual interface and board additions.  
While you are running they seem to get the next ifindex available but when you 
reboot the seem to be in the order they come up or the order they are in the 
configuration.  It is a real pain and some software allows us to rescan a 
device and other software we have no easy way other than to delete and the 
re-add the device.  I feel your pain on this one.

I have no idea why most NMS systems can't seem to understand this and just 
rescan at a set interval or after an up/down device event.

Steven Naslund
Chicago IL

do folk have experience with platforms where ifIndexes are not stable
across reboots etc?  how do you deal with it?  do some of those
platforms trap on change?

RE: ifIndex

2018-10-12 Thread Naslund, Steve 
I see this all the time.  Especially in module chassis.  It seems like 
sometimes it has to do with when each board goes to a ready state as the system 
boots.  We also see renumbering due to virtual interface and board additions.  
While you are running they seem to get the next ifindex available but when you 
reboot the seem to be in the order they come up or the order they are in the 
configuration.  It is a real pain and some software allows us to rescan a 
device and other software we have no easy way other than to delete and the 
re-add the device.  I feel your pain on this one.

I have no idea why most NMS systems can't seem to understand this and just 
rescan at a set interval or after an up/down device event.

Steven Naslund
Chicago IL

> do folk have experience with platforms where ifIndexes are not stable 
> across reboots etc?  how do you deal with it?  do some of those 
> platforms trap on change?

Re: Hurricane Michael: Communication Service Provider status

2018-10-12 Thread Sean Donelan 



Note: although the FCC encourages independent ISPs to report outages, none 
have.




13 fatalities reported as of 10/12/2018

Public Safety Answering Points (9-1-1) outages:
16 Public Safety Answering Points rerouted

Curfews:
Florida: Bay, Franklin, Gadsden, Gulf, Jackson, Liberty

Electric grid outages:

Alabama: 25,652 customers (1.01%)
Florida: 351,433 customers (3.34%)
Georgia: 304,862 customers (6.44%)
North Carolina: 492,058 customers (9.94%)
South Carolina: 7,422 customers (0.29%)
Virginia 523,304 customers (13.92%)

Florida Counties with more than 90% customers outage:
Bradford (91%), Calhoun (100%), Franklin (97%), Gadsden (100%), Gulf 
(99%), Holmes (93%), Jackson (100%), Liberty (100%), Washington (100%)



Airport status:

All commercial airports have re-opened. Various temporary flight 
restrictions announced in NOTAMs.


Sea port status:

Panama City, FL closed
Wilmington, NC closed

Retail fuel stations (out of fuel, power or both):

6.3% of all Florida stations closed
  41% of Florida panhandle stations closed
3.2% of Georgia stations closed
1.7% of Alabama stations closed


NOAA Weather Radio transmitters out of service (hurricane area):

Columbus, AL
Talahassee, FL
Sneads, FL
Westville, FL
East Point, FL
Panama City, FL
Pelham, GA
Lafayette, LA
New Bern, NC
Henderson, NC

Cellular Service (more than 50% out of service):

Bay County, FL (72.8%) 238 sites out of service
Gadsden County, FL (58.10%) 36 sites out of service
Gulf County, FL (65.20%) 15 sites out of service
Washington County, FL (56.40%) 22 sites out of service

Cable systems and Wireline subscriber reported outages (likely more, since 
customers may not have reported problems yet, e.g. no outages reported in 
Virgina)


Alabama: 18,244
Florida: 252,748
Georgia: 103,755

Broadcasters:

4 TV stations out of service
27 FM stations out of service
5 AM stations out of service

Re: ifIndex

2018-10-12 Thread Chris Adams 
Once upon a time, Randy Bush  said:
> do folk have experience with platforms where ifIndexes are not stable
> across reboots etc?  how do you deal with it?  do some of those
> platforms trap on change?

Is there any good excuse that SNMP client software can't handle a basic
design of SNMP - indexed tables?  ifIndex is far from the only index in
SNMP, and many of them still change today at various times.

It isn't that hard to fetch the indexed field in a bulk get, rewalking
the table if you don't get what you expected.  Cricket did this in 1999.
-- 
Chris Adams

Re: ifIndex

2018-10-12 Thread Scott Weeks 



--- ra...@psg.com wrote:
From: Randy Bush 

do folk have experience with platforms where 
ifIndexes are not stable across reboots etc?  
how do you deal with it?  do some of those 
platforms trap on change?
---


I'm surprised everyone doesn't have stable 
ifIndexes these days.  That's straight outta 
the 90s!  Care to name-n-shame the vendor, so 
we can all be aware when evaluating vendors?

scott

Re: ifIndex

2018-10-12 Thread Steve Meuse 
Most platforms I've worked with have a method to make the indexes
persistent, often by additional command-line options.

-Steve



On Fri, Oct 12, 2018 at 2:08 PM Randy Bush  wrote:

> do folk have experience with platforms where ifIndexes are not stable
> across reboots etc?  how do you deal with it?  do some of those
> platforms trap on change?
>
> randy, who hates ifIndex changes
>

ifIndex

2018-10-12 Thread Randy Bush 
do folk have experience with platforms where ifIndexes are not stable
across reboots etc?  how do you deal with it?  do some of those
platforms trap on change?

randy, who hates ifIndex changes

Re: NAT on a Trident/Qumran(/or other?) equipped whitebox?

2018-10-12 Thread Paul Zugnoni 
The key to answering the question of NAT support on a Broadcom switch
forwarding chip, is... another question: What /flavour of NAT/ you're
looking for. Generally Trident (1,2,3), Tomahawk(1,2) and I believe Jericho
all support varying degrees of swapping parts of an IP or Eth header for
other parts - i.e. TTL of 249 in, TTL of 248 out, MPLS tag 500 in, MPLS tag
513 out. And, to your benefit, SRC IP of 10.1.1.1 in, SRC IP of 10.2.2.2
out. That can be handled at line rate (yes 10G); how many of those rules
depends on the chip.

So that's perfectly fine for static NAT. Problem with static NAT (i.e. 1:1)
isn't what I suspect most of us are looking for. PAT, or "nat overload" -
i.e. your internal 10.x or 192.168.x networks to the internet using one or
a few public IPv4's - requires stateful tracking, which is not what any of
those chips do. So you're dependent on what route engine and software is in
use to supply stateful NAT / PAT, and the requirement being higher there
generally means you'll need a firewall or router (which, btw, might
actually be using one of the aforementioned Broadcom switch chips for the
forwarding plane!). To achieve line rate for stateful NAT / PAT there's
more than the switch chip and software in the equation, and can be the
limiting factor to achieving "line rate" for a set of 10G ports.

PZ

On Wed, Oct 10, 2018 at 12:20 PM Wes Felter  wrote:

> On 10/9/18 10:35 AM, Jason Lixfeld wrote:
> > Has anyone played around with this?  Curious if the BCM (or whatever
> other chip) can do this, and if not, if any of the box vendors have tried
> to find a way to get these things to do a bunch of NAT - say some flavour
> of NAT, line-rate @ 10G.  If so, anyone know of a NOS that has support for
> it?  OcNOS, Cumulus Linux, PicOS and Switch Light OS seem to have none, but
> not sure if there are others out there.
>
> For 10G I would use software NAT like a firewall or CGN virtual
> appliance. Switch ASICs generally don't support NAT well; Tofino and
> maybe Jericho II can probably do it but at high cost and as you
> discovered the market isn't trying very hard to provide "routing" or
> "firewalling" functionality on "switching" ASICs.
>
>

Re: Spectrum residential IPv6 rDNS - thank you !

2018-10-12 Thread endre.szabo 

Hi there,

On 10/10/18 3:43 AM, Chris wrote:


Originally I was using the pipe backend with a modified copy of 
"PowerDNS-Dynamic-Reverse-Backend" 
(https://github.com/endreszabo/PowerDNS-Dynamic-Reverse-Backend) but 
ended up writing my own in Perl as the backend was a bit fragile and 
didn't do everything I wanted.


I love you Chris <3

I would really like to know what made you think that it is a bit 
fragile? Crashes, slow responses? PowerDNS can make a great use of the 
so called 'packet caching' to cache pipe backend results. I admit that 
this code was not really in production on a public network just on some 
private ones.


And enhancement ideas? What else did you want the script to do?

Thanks for referencing.

--

Endre

Re: bloomberg on supermicro: sky is falling

2018-10-12 Thread Bryce Wilson 
> Make a second account at your bank.  One account is 
> 'storage' and has all your money.  You never use 
> the 'storage account' ATM card for anything outside 
> your bank's ATM machines.
> 
> The second one is where you only keep $50-$100 in 
> it.  When you use your ATM card it's only this account 
> that's used.  Just before you make a purchase, move 
> money from your 'storage account' into your 'active 
> account' and make the purchase.


I second the idea of having a storage account. I do a similar thing myself but 
for other reasons. I always just keep $100 and every time I make a purchase I 
move money from my storage account over. The only problem is that this does not 
work as well with credit cards. I believe that in the US there is some form of 
company that allows you to make temporary cards for online purchases.

Thanks ~ Bryce Wilson, AS202313

Weekly Routing Table Report

2018-10-12 Thread Routing Analysis Role Account 
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 13 Oct, 2018

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  721096
Prefixes after maximum aggregation (per Origin AS):  277098
Deaggregation factor:  2.60
Unique aggregates announced (without unneeded subnets):  345929
Total ASes present in the Internet Routing Table: 62109
Prefixes per ASN: 11.61
Origin-only ASes present in the Internet Routing Table:   53619
Origin ASes announcing only one prefix:   23335
Transit ASes present in the Internet Routing Table:8490
Transit-only ASes present in the Internet Routing Table:261
Average AS path length visible in the Internet Routing Table:   4.0
Max AS path length visible:  36
Max AS path prepend of ASN ( 30873)  34
Prefixes from unregistered ASNs in the Routing Table:44
Number of instances of unregistered ASNs:44
Number of 32-bit ASNs allocated by the RIRs:  24423
Number of 32-bit ASNs visible in the Routing Table:   19736
Prefixes from 32-bit ASNs in the Routing Table:   83469
Number of bogon 32-bit ASNs visible in the Routing Table:14
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:280
Number of addresses announced to Internet:   2855400963
Equivalent to 170 /8s, 49 /16s and 246 /24s
Percentage of available address space announced:   77.1
Percentage of allocated address space announced:   77.1
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.1
Total number of prefixes smaller than registry allocations:  240920

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   196490
Total APNIC prefixes after maximum aggregation:   55881
APNIC Deaggregation factor:3.52
Prefixes being announced from the APNIC address blocks:  194140
Unique aggregates announced from the APNIC address blocks:80052
APNIC Region origin ASes present in the Internet Routing Table:9171
APNIC Prefixes per ASN:   21.17
APNIC Region origin ASes announcing only one prefix:   2560
APNIC Region transit ASes present in the Internet Routing Table:   1364
Average APNIC Region AS path length visible:4.0
Max APNIC Region AS path length visible: 29
Number of APNIC region 32-bit ASNs visible in the Routing Table:   4133
Number of APNIC addresses announced to Internet:  767752898
Equivalent to 45 /8s, 194 /16s and 250 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-139577
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:214366
Total ARIN prefixes after maximum aggregation:   101616
ARIN Deaggregation factor: 2.11
Prefixes being announced from the ARIN address blocks:   213998
Unique aggregates announced from the ARIN address blocks:101728
ARIN Region origin ASes present in the Internet Routing Table:18266
ARIN Prefixes per ASN:11.72

Re: bloomberg on supermicro: sky is falling

2018-10-12 Thread Scott Weeks 



--- bj...@mork.no wrote:
There is nothing preventing a rogue online shop from 
storing and reusing the CVV you give them.  Or selling
your complete card details including zip code, CVV 
and whatever.
-

As a side note on the tail end of this and as someone
who has had their data compromised and 1000s of 
dollars stolen online...  ATM, though; not CC.

Make a second account at your bank.  One account is 
'storage' and has all your money.  You never use 
the 'storage account' ATM card for anything outside 
your bank's ATM machines.

The second one is where you only keep $50-$100 in 
it.  When you use your ATM card it's only this account 
that's used.  Just before you make a purchase, move 
money from your 'storage account' into your 'active 
account' and make the purchase.  If your 'active 
account' is compromised all they can steal is the 
$50-$100 in the account.

scott

Re: new(ish) ipv6 transition tech status on CPE

2018-10-12 Thread Brock Tice 
On 10/11/2018 09:39 PM, Tom Ammon wrote:
> What did you experience with the dual-stack/CGN approach that keeps you
> from recommending it?

Nothing, sorry if my writing was confusing. It was the 464XLAT that I
don't recommend at this time, lack of vendor support by the brands we
currently use (especially Mikrotik and Ubiquiti) was the main issue.

Re: bloomberg on supermicro: sky is falling

2018-10-12 Thread Bjørn Mork 
"Naslund, Steve"  writes:

> It only proves that you have seen the card at some point.  Useless.

It doesn't even prove that much.  There is nothing preventing a rogue
online shop from storing and reusing the CVV you give them.  Or selling
your complete card details including zip code, CVV and whatever.

In practice, the CVV is just 3 more digits in the card number. No
security whatsoever in that.


Bjørn

RE: new(ish) ipv6 transition tech status on CPE

2018-10-12 Thread Aaron Gould 
In my CGNat environment (~11,000 subs (5,000 dsl & 6,000 cable modem)) I had to 
solve issues with site-to-site vpn, console gaming and some webmail and banking 
web sites that seem to hand off authentication to another site and try to carry 
over the ip address … also had to try to accomplish load sharing amongst (3) 
cgnat nodes on my vrf-to-vrf boundary where I do natting…  here’s some things 
we did…

 

APP - consistent mapping for priv to pub ip's

 

EIM – stabilizes ports outbound

 

EIF - stabilizes ports inbound and allows for some hold-over (actual pinhole 
openings) for further comms from outside---to>inside

 

AMS LB - ams load balancing to occur on src-ip for removing the chance for more 
ip change*

 

AMS Member Failure options - more of adding resilience if/when underlying npu's 
fail

 

IGP (OSPF/LDP) routing - not cgnat related at all, and i recall more for load 
sharing amongst my mx960but was a big win for us when we found the (set 
protocols ldp track-igp-metric) trick or causing my PE's that would then use 
the real igp metric to route to the *igp closest* cgnat node 
(mx960/ms-mpc-128g) thus causing that cgnat node to always be used for that 
pe's set of priv ip subs... you must know that i had a triple cgnat node 
boundary ((3) mx960's w/ms-mpc's) and here again had an issue with all traffic 
going to the lowest bgp loopback ip tiebreaker since apparently inet.3 has 
metric 1 for every prefix... that trick ldp command copies inet.0 metric into 
inet.3 thus giving some real igp metric consideration to the bgp best path 
calculation

 

 

* pub ip pool is divided up over the number for npu/vpic's that are aggregated 
together in an ams... so there is a chance that your priv ip's will be hashed 
over any and all npu's thus causing greater change of pub ip differences

 

Btw, there are keepalives for eif and sessions limits for resource issues to be 
considered

 

- Aaron

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Philip Loenneker
Sent: Thursday, October 11, 2018 10:58 PM
To: NANOG
Subject: RE: new(ish) ipv6 transition tech status on CPE

 

Hi Tom,

 

CGNAT is the most supported by the technology available in pretty much every 
device. Even keeping an audit trail of IP/port mappings is relatively easy 
(look into deterministic NAT – it will save you a lot of headache). You can 
likely lab it up with gear you already have, unlike the newer transition 
technologies that we’ve been discussing.

 

However, from my experience, the customer impact of going through 2 layers of 
NAT (NAT44) causes a lot of unhappy customers. I enabled it on my home 
connection for a few weeks to see how it went, and I was surprised that a lot 
of things just worked… Youtube, Netflix, etc had no issues. But there were key 
things such as Facebook Messenger voice and video calls that broke, which 
caused my family to get rather upset with me. Console gaming is also a common 
area of problems. For these types of Internet services, the profit margin can 
get eaten up quickly by the helpdesk calls.

 

As a side note, from internal discussions here (ie speculation, no real 
evidence to back it up), home users are likely to be impacted far more than 
business users, due to the difference in usage. 

 

Regards,

Philip

 

From: NANOG  On Behalf Of Tom Ammon
Sent: Friday, 12 October 2018 2:39 PM
To: NANOG 
Subject: Re: new(ish) ipv6 transition tech status on CPE

 

 

On Wed, Oct 10, 2018 at 3:08 PM Brock Tice  wrote:

On 10/09/2018 06:24 PM, Philip Loenneker wrote:
> I have asked several vendors we deal with about the newer technologies
> such as 464XLAT, and have had some responses indicating they will
> investigate internally, however we have not made much progress yet. One
> vendor suggested their device supports NAT46 and NAT64 so may support
> 464XLAT, but since it is incidental rather than an official feature, it
> may not support the full CLAT requirements. I have been meaning to do
> some tests but haven’t had a chance yet. It is also a higher price point
> than our current CPEs.
> 
>  
> 
> I have spoken to people who have looked into options such as OpenWRT
> (which supports several of these technolgoies), however the R and
> ongoing support is a significant roadblock to overcome.
> 

We looked into this somewhat intently ~6 months ago and had not much
luck from vendors. Barely on their radar if at all.

We used our own custom OpenWRT build on a few select, tested consumer
routers to do 464XLAT. In the end we went to dual-stack with CGN on
IPv4. I wrote up some documentation on how we did it on my blog, but in
the end I can't recommend the setup we used.

I would love RouterOS and (various mfgr) CPE support for 464XLAT, then I
would be ready to give it another shot.




It sounds like I am where you were 6 months ago. We've been looking at NAT64, 
MAP-T, potentially 464XLAT, and then dual stack with CGN on the v4 side. What 
did you experience with the dual-stack/CGN