Bjørn Mork wrote on 27/10/2019 19:17:
Automating updates of all this is semi-trivial.
this is completely atypical for what we are talking about, which is
residential consumer access, where you connect in, get some IP addresses
and then someone unplugs the CPE because they need to clean the
Bjørn Mork wrote on 26/10/2019 15:06:
I realize that the "can't do stable addresses" might be enforced by
non-technical entities, but this would most likely not happen if it was
a violation of a standards track RFC.
Surely you're joking?
Nick
Brian E Carpenter wrote on 26/10/2019 00:02:
Progress will only come as more and more people stop putting IPv6 in
the "too hard" basket.
maybe it is though? Maybe we underestimate the level of overall
complexity because when we look at any individual component, we can
always explain it away
Michael Sturtz wrote on 25/10/2019 16:21:
Nick I agree! The problem is from an operational support and
protocol level we created this monster by selling the idea of "end to
end connectivity" and "every end site will get a /64" that has been
sold to even end users.
The problem was more a
Michael Sturtz wrote on 25/10/2019 16:03:
This sort of operational nonsense will limit the wider acceptance of
IPv6! I am responsible research and for the documentation and
implementation of IPv6 for a Fortune 200 company. We have locations
worldwide. The allocation of unstable end network
Brian E Carpenter wrote on 18/05/2019 05:05:
% cat *.txt | jq '.[] | select (.rcvd == 0) | .from' | cut -d\" -f2 | grep
^2002 | sort | uniq -c
2 2002:2ea7:331c:0:1ad6:c7ff:fe2a:1a7c
1 2002:4e1a:aba9:10:fa1a:67ff:fe4d:7ee9
1 2002:4e79:421e:0:a62b:b0ff:fee0:ae0
1
Brian E Carpenter wrote on 17/05/2019 21:06:
And surely the question is "What would produce the most help desk calls?".
Filtering something that is presumably working for its remaining users
might not be a good idea from that point of view.
6to4 connectivity is probably already too broken to
Gert Doering wrote on 10/05/2019 22:16:
Just make sure their phones are in the same network segment.
No shouting.
Then they'll all start complaining on WhatsApp over the wifi network ...
waait - I see what you're suggesting here. Brilliantly evil.
Nick
Doug Barton wrote on 10/05/2019 05:27:
It's been a while since I was configuring subnets, and last time I did
the guidance was always no more than 1,000 hosts per subnet/vlan. A lot
of that was IPv4 thinking regarding broadcast domains, but generally
speaking we kept to it for dual stacked
Brian E Carpenter wrote:
> On 25/07/2017 19:07, Gert Doering wrote:
> > So, to stay with Tore's example, if you want to make NDP work on an IXP,
> > you need to permit fe80->fe80, fe80->GUA, etc. in your ACLs - which ends
> > up needing quite a number of lines to cover all cases
>
> Fair enough.
Gert Doering wrote:
> "on the same link"?
return traffic. Not much good in having unidirectional data flow.
Nick
David Farmer wrote:
> Also, in theory a link-local address could talk to a GUA or ULA address
> on the same link. However, in practices does this really happen? If it
> does happen in practice what are circumstances?
will that packet not be dropped because a LL ipv6 packet won't be
routed? (MUST
Harald F. Karlsen wrote:
> If looks like this was finally resolved in the 2017 March cumulative
> update for Windows. I have verified it on Windows 10 Home and Pro, but I
> also got one report claiming it was not resolved in Windows 10
> Enterprise, can someone confirm this?
if this is the case,
Michael Oghia wrote:
> Thanks Nick. Sad to hear, but hopefully we can change that.
you're misunderstanding completely! It means that ipv6 is considered to
be of the same importance as ipv4 in the ixp world from the point of
view of passing production traffic over the ixp fabric. As far as the
> Does anyone knows of recent updates or statements on the IPv6-readines
> of IXPs?
Other than that IPv6 readiness has been a complete non-issue for years
in the IXP community, I can't think of anything new to add to the
euro-ix statement since 2011.
Nick
Lorenzo Colitti wrote:
> Surely there's got to be a better solution here than
> lowest-common-denominator engineering, a.k.a., "design your product for
> your least knowledgeable customer"?
sensible secure defaults for grandma + "Advanced" tab on CPE
configuration page for 10yo grandchild?
Nick
Jens Link wrote:
> Why can't I buy DVDs in the US and watch them in my European DVD Player?
if you can't do that, you bought the wrong DVD player.
Nick
Robert Hosford wrote:
> Unless you use HE like I do. Nice Job Netflix.
you should demand a full refund from HE.
Nick
Templin, Fred L wrote:
> Folks, for real – read AERO. It works. I apologize if that offends anyone.
Not at all. It's just that I'm confused about why we would need to
resort to a tunneling protocol in order to make basic ipv6 functionality
work.
Would it not be better to try to make ipv6 work
Ole Troan wrote:
> It shouldn't be the IETF's job to tell people how to run their networks.
> The IETF provides the building blocks.
Take a DHCP server, an ISP access router and a CPE.
The CPE connects to the ISP access router and issues a dhcp request.
This is relayed by the access device to
Andy Davidson wrote:
> My personal website today, whilst of course not a major web asset,
> utilises a reverse proxy to offer service to suffering people on a
> legacy 4-only connection. The back end is hosted on a v6 only
> network, and a reverse proxy is dual stacked. It’s a perfectly OK
>
On 10/04/2015 21:36, Andy Davidson wrote:
Stage one - [...]
Stage two - [...]
Stage three - [...]
Stage four - utilise your new training and v6 capable edge to roll out
NEW services dual-stack. The incremental cost of adding v6 support to a
NEW rollout when you have to do a bunch of work
On 11/11/2014 15:00, Emanuel Popa wrote:
Is there anyway to intentionally and immediately get on Google's DNS
blacklist in order to avoid similar outages in the future affecting
only IPv6 traffic?
http://www.google.com/intl/en_ALL/ipv6/statistics/data/no_.txt
Or maybe the smart thing to
On 22/09/2014 15:06, Erik Nygren wrote:
Can you pass me along a traceroute6 to 2a02:26f0:6a:18f::eed and I'll pass
it along to the Akamai NOCC? (Or you can email details to n...@akamai.com
mailto:n...@akamai.com). From here I'm able to ping it fine with large
packets:
scamper is your friend
On 22 Aug 2014, at 17:56, Lorenzo Colitti lore...@google.com wrote:
I'm not on the gmail team and don't have those numbers. Nick asked me for an
answer, and I gave him what information I have. My assumption was that since
they do receive a lot of email, they have statistics on this, but of
On 22/08/2014 15:16, Lorenzo Colitti wrote:
Are you following the Additional guidelines for IPv6 section of
https://support.google.com/mail/answer/81126 ?
Lorenzo,
it looks like Google is trying to enforce SPF / DKIM on ipv6 connections
where there is no similar requirement for ipv4. Is
On 17/02/2014 15:16, Ignatios Souvatzis wrote:
Not necessarily. All I'd imagine to do with UUCP can be done with
postfix and maybe transport tables; I've run a connection that way
for a couple of years.
This is rapidly turning into a contest of who's admitting to the greatest
MTA horrors.
On 06/02/2014 14:51, Dick Visser wrote:
http://www.internetsociety.org/deploy360/blog/2013/12/campaign-turn-off-ipv4-on-6-june-2014-for-one-day/
This is a terrible idea which will cause IPv6 to be associated with
gratuitous breakage.
Nick
On 06/02/2014 16:04, Dick Visser wrote:
I know there are different opinions on this.
But between black and white there are many shades of grey.
That's why I was asking.
I know that some stuff will break, I'm looking for ways to put this
'breakage' to positive use.
people don't care about
On 03/02/2014 11:11, Sam Wilson wrote:
Let me de-lurk and make the obvious point that using standard Ethernet
addressing would limit the number of nodes on a single link to 2^47, and
that would require every unicast address assigned to every possible
vendor. Using just the Locally
/64 netmask opens up nd cache exhaustion as a DoS vector.
FUD.
I probably should have qualified this statement a little better before
posting it.
Large locally-connected connected l2 domains can open up nd cache
exhaustion and many other problems as DoS vectors if the operating systems
On 29/01/2014 22:19, Cricket Liu wrote:
Consensus around here is that we support DHCPv6 for non-/64 subnets
(particularly in the context of Prefix Delegation), but the immediate
next question is Why would you need that?
/64 netmask opens up nd cache exhaustion as a DoS vector.
Nick
ndp -an
?
Sent from my iWotsit.
On 30 Jan 2014, at 18:12, Matjaz Straus Istenic mat...@njetwork.si wrote:
Hi list!
I'm struggling to find a way to display IPv6 destination cache on a FreeBSD
or UNIX (not Linux) system.
This is the way on Linux:
ip -6 route get address
Mac OS X:
On 23/01/2014 00:03, Francis Dupont wrote:
= recvfrom() returns the peer address, i.e., the source address of
the request, when you need the local address, i.e., the destination
address.
I was thinking of recvmsg(), as someone else pointed out. It's been way
too long since I've looked at any
On 22/01/2014 16:54, Francis Dupont wrote:
- there is no standard/portable way to do this without the one
socket per address in IPv4 (if you need an argument, just ask what
this discussion is about :-)
i thought recvfrom() fixed this issue? Forgive me if I'm wrong here - it's
been far
On 22/01/2014 17:15, Mateusz Błaszczyk wrote:
put a load-balancer in front of it.
I would do this in an instant if I had an option to do it.
vrrp is for network failover.
it's for ip address failover.
Nick
On 20/01/2014 17:12, Simon Perreault wrote:
IIRC, recent versions of Bind open a socket per address on IPv4
this feature was one of the main reasons I stopped using BIND. It has the
side effect that you cannot necessarily set it up on a system which shares
IP addresses using e.g. VRRP, because
On 20/01/2014 17:21, Philipp Kern wrote:
Can't you simply set up the VIP on the dummy interface and then direct
traffic to the box as needed, making sure that you don't answer ARP
requests for the dummy address in the kernel?
this is getting off topic quite a bit. I didn't try that, but
On 29/12/2013 11:18, Gert Doering wrote:
which is total crap, as HSRP/VRRP
work perfectly fine with RAs sourced from the virtual IP
this is a vendor-specific thing which is not universally supported.
Nick
On 29/12/2013 11:55, Gert Doering wrote:
Uh. And you seriously claim getting vendors to implement *that* is
harder than getting universal no-RA-but-DHCPv6 implementations into
the client stacks?
Time to delivery is not an argument that we shouldn't do something. I
would much prefer to depend
On 29/12/2013 13:12, Philipp Kern wrote:
that's basically what I said. I added the additional point that the DHCP
server gives out different gateways for load balancing reasons.
Right, I just misunderstood what you were saying.
No, you can't do tightly timed failover with RAs […]
How would
On 27/11/2013 20:43, Leo Vegoda wrote:
Can anyone recommend a library or other tool, preferably open source,
that can take non-RFC 5952 formatted IPv6 addresses and convert them to
a compliant format?
inet_ntop(3) is the canonical function for this. Make sure your byte order
is correct.
Nick
On 22/10/2013 17:18, Sam Wilson wrote:
It's stuff like this that makes me think it's *still* not time to offer
a general v6 service.
generally, the sup720 is not a good edge device for third party L3 services
due to rate limiter issues.
Nick
On 03/09/2013 13:46, Marco Sommani wrote:
On 03/set/2013, at 14:38, m...@linux.it (Marco d'Itri) wrote:
On Sep 03, Mikael Abrahamsson swm...@swm.pp.se wrote:
Mostly because it's on by default. Even if you configure a static
address and default gw, as soon as the system sees RAs it might
On 04/08/2013 13:28, Sander Steffann wrote:
Well, I am on that list, so the barrier is not *that* high ;-)
maybe not. I'm just puzzled as to why a fully closed list is necessary -
moderated subscription is one thing, but non-searchable archives is surprising.
Nick
On 02/05/2013 15:37, Steve Simlo (ssimlo) wrote:
IPv6 FHS feature matrix located here:
http://iwe.cisco.com/web/nostg/cisco-software-roadmaps-and-features
this seems to be a cisco internal web site.
Also please see:
On 12/04/2013 20:01, Ivan Pepelnjak wrote:
Loads of self-promotional nonsense. What he's saying is Gee, we need LDPv6
and we'll try to make an RFC out of it. Wow.
uh, it's a blog. what do you expect? :-)
-n
=
Mistyped and autocorrected on a clunky virtual keyboard
On 12. apr. 2013,
47 matches
Mail list logo
