Re: Netflix hates IPv6

On 12/06/2016 22:02, Jens Link wrote: [1] Those are also the people putting "copying DVDs is illegal" videos on DVDs which you are forced to watch using a normal TV/DVD player combination. People who are just copying the DVD will leave out such trailer. You wouldn't steal a BABY!

Re: v6 naming and shaming - *.europa.eu

On 18/05/16 15:32, Tim Chown wrote: The flip side is what evidence do we have that its a problem that is common enough to care about? This is a fair point. Perhaps I'm overreacting - we don't get too many of these.

Re: v6 naming and shaming - *.europa.eu

On 18/05/16 15:03, Jeroen Massar wrote: The best advice for getting IPv6 fixed is for a large well used network (google, facebook) to stop providing IPv4. Then suddenly people will fix things as they won't have working "Internet" and their users will complain really really loud. Ok so

Re: v6 naming and shaming - *.europa.eu

On 18/05/16 14:45, Matthew Ford wrote: Many moons ago, europa.eu IPv6 ‘service’ was a reverse-proxy operated by BT. I have no idea what the current kludge is. Ah, BT. The obvious choice of provider for an IPv6 implementation /sarcasm Whoever runs it, they've broken it a bunch of times

Re: v6 naming and shaming - *.europa.eu

On 18/05/16 14:29, Jeroen Massar wrote: Really, you cannot keep on telling people to finally deploy IPv6, it does not have any effect whatsoever, only their pocket books care and those will only notice when it is too late... So it's hopeless and we should just give up? That doesn't seem like

v6 naming and shaming - *.europa.eu

Broken over IPv6: https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17 (Webserver has , returns 404 over v6, fine over v4) And yet: https://ec.europa.eu/digital-single-market/en/blog/ipv6-more-than-a-reality-a-necessity I'm sick and tired of people doing tickbox IPv6 and then

Re: push apps failing in Android until you disable IPv6

On 10/05/16 14:10, JORDI PALET MARTINEZ wrote: Understood, thanks ! I just read all the Doze thing :-) I also recall something published by Lorenzo about power saving in IPv6, etc., however, I still fail to see if there is no GUA, why Android is affected using only IPv4. Well, it is probably

Re: push apps failing in Android until you disable IPv6

On 10/05/16 13:57, JORDI PALET MARTINEZ wrote: Hi Phil, Not sure if you have seen the previous message with the rdisc6. Your network may be not having a “broken” CPE. I did. You'd asked: """ Right, but how this is affecting IPv4 push notifications ? """ I was trying to convey that the

Re: Curious situation - not urgent, but I'd like to know more

On 23/12/15 10:54, Seth Mos wrote: We use OpenVPN on pfSense with Viscosity on the clients, or the Android OpenVPN app. It is a complete Dual-Stack solution for both the servers and the clients, and because we push more specific IPv6 routes it takes What happens if the client has no local,

Re: [dns-operations] DNSSec and GoDaddy and IPv6 (cross-posted)

On 08/12/15 07:53, Nico CARTRON wrote: On 08 Dec 2015, at 01:26, David Conrad wrote: On Dec 7, 2015, at 3:50 PM, Frank Bulk wrote: Anyone know of a registrar that supports both IPv6 and DNSsec? https://www.gkg.net GANDI (http://www.gandi.net)

Re: Looking for information on IGP choice in dual-stack networks

On 05/06/2015 11:00, Tore Anderson wrote: * Philip Matthews philip_matth...@magma.ca We are looking particularly at combinations of the following IGPs: IS-IS, OSPFv2, OSPFv3, EIGRP. We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6, We do the same, FWIW. Not large

Re: IPv6 QUIC traffic

On 04/06/2015 18:51, Ca By wrote: UDP 80 and 443 are very commonly associated with DDoS in my experience. I think it is common used as a reflection source port. Sadly true. We see this a lot. Not saying I agree with blocking it, but UDP 80/443 is deeply suspicious traffic in my experience.

Re: Google no longer returning AAAA records?

On 15/04/15 16:05, Brian Rak wrote: We noticed that we're no longer getting results back for google.com when we do queries from a few of our recursive servers (other ones are fine). A bit of searching revealed that a few of our servers are listed here

Re: Cost of IPv6 for IT operations team

On 11/04/15 10:27, Nick Hilliard wrote: Uh, lemme just drop this in here: http://imgur.com/AYbpRG2 ;o) The problem with stage 4 is that it requires that the expertise garnered by the initial deployment team is spread throughout the rest of the company, ranging from product development to

Re: Cost of IPv6 for IT operations team

On 13/04/15 09:55, Benedikt Stockebrand wrote: Which is a major effort in some environments because---contrary to what Nick wrote---pretty much anyone involved needs to be familiarized with IPv6. The reason here is that if there is any problem once IPv6 is enabled anywhere, then *all* people

Re: Cost of IPv6 for IT operations team

On 26/03/15 09:04, BERENGUER Christophe wrote: Hello everybody, I work for a consulting firm. For a client, I would like to estimate the work overload for IT operations team to deploy IPv6 dual stack and for day to day operations. On the internet, I have found an estimation around 20% of

Re: Why do we still need IPv4 when we are migrating to IPv6...

On 18/02/15 09:29, Anfinsen, Ragnar wrote: A quick example; A good friend of mine is developing a smart fireplace which can be controlled via API's. He do use a 3. party development company to make the controller and API's. They did not even think of IPv6 until I did my 5 minute speech about

Re: Why do we still need IPv4 when we are migrating to IPv6...

On 13/02/15 11:26, Mikael Abrahamsson wrote: On Fri, 13 Feb 2015, Thomas Schäfer wrote: and the practice in Germany to blocking all IPv6-inbound traffic the result is the problem for some gamers. So I guess applications should use the same technique as one does to traverse NAT44:s, ie both

Re: Why do we still need IPv4 when we are migrating to IPv6...

On 13/02/15 13:27, Mikael Abrahamsson wrote: Packet reaches HGW2, which has no flow state, and is dropped. ICMP error message might be created. In case of ICMP error message, U1 should ignore this. That's an application-layer issue. It all depends on how they're talking to the socket API.

Re: Why do we still need IPv4 when we are migrating to IPv6...

On 13/02/15 14:37, Thomas Schäfer wrote: Why a discussion to drill the firewall with very tricky things? (it's sound to me like the same sh... stun and other legacy ipv4 horrors.) In my opinion the firewall should be configurable (unfortunately DTAG-speedport-series, including the

Re: SV: Why do we still need IPv4 when we are migrating to IPv6...

On 12/02/15 12:40, erik.tarald...@telenor.com wrote: This might be so in Norway. In German customer portals the gamers mostly demand ipv4 (public ipv4 address to their home) instead of DS-Lite. They have already native IPv6 but avm was forced to allow teredo over DS and DS-lite - because xbox

Re: Teredo sunset - did it happen?

On 17 November 2014 17:22:37 GMT+00:00, Michael Chang thenewm...@gmail.com wrote: Presumably because the clients are unmanaged? Correct. It's already disabled by group policy on our managed base. -- Sent from my mobile device, please excuse brevity and typos

Teredo sunset - did it happen?

All, ISTR that Teredo was going to be sunset, Microsoft having tested removing the DNS name teredo.ipv6.microsoft.com. (Ignoring the Xbox One stuff here - just the windows desktop server/relay stuff) However, my Windows 7 machine is still resolving that name and forming a Teredo address,

Re: Teredo sunset - did it happen?

On 17/11/2014 16:40, Jeroen Massar wrote: On 2014-11-17 17:38, Phil Mayers wrote: On 17/11/2014 16:23, Jeroen Massar wrote: What are you trying to achieve by blocking that port? I honestly don't know why you want to talk about other things, but I've no interest in discussing them with you

Re: Teredo sunset - did it happen?

On 17/11/2014 17:43, Darren Pilgrim wrote: Any ideas what's going on? Microsoft, anyone care to comment? Microsoft released an Windows Update for the prefix policy table. The update dropped Teredo's precedence to lower than IPv4. Just to be clear - are you suggesting they did this instead

Clueless national monopoly providers

FFS $ nc -6 -v www.bt.com 80 Ncat: Version 6.40 ( http://nmap.org/ncat ) Ncat: Connected to 2a00:2381:::1:80. GET / HTTP/1.0 Host: www.bt.com Ncat: Connection reset by peer. Maybe I should be glad BT haven't deployed any IPv6 to their residential customers; they'd only find some way to

Re: Clueless national monopoly providers

On 10/10/14 14:50, Bjoern A. Zeeb wrote: % telnet -4 www.bt.com 80 Trying 62.239.186.73... Connected to www.bt.com. Escape character is '^]'. GET / Connection closed by foreign host. Whatever load balancer that is, it needs an upgrade and understand g’ol HTTP 0.9 as well in addition to IPv6

Re: wake on lan / wol with linux in IPv6-LAN (without IPv4)

On 22/09/14 08:42, Ignatios Souvatzis wrote: But I imagine people might want to wake every host once a night and run some backup or software update remotely; so unconcerned machines would see, say, one or two packets times the number of sleeping machines per night. How many hosts do you have

Re: wake on lan / wol with linux in IPv6-LAN (without IPv4)

On 22/09/14 10:51, Phil Mayers wrote: On 22/09/14 08:42, Ignatios Souvatzis wrote: But I imagine people might want to wake every host once a night and run some backup or software update remotely; so unconcerned machines would see, say, one or two packets times the number of sleeping machines

Re: Large IPv6 Multicast Domains

On 20/06/14 07:11, Mark Tinka wrote: On Thursday, June 19, 2014 08:17:07 PM Stig Venaas wrote: I'm hoping SSM will be the way to go for interdomain in general. Agree - prefer SSM also. Who doesn't - app coders AFAICT? ;o)

Re: Large IPv6 Multicast Domains

On 20/06/14 13:08, David Barak wrote: There are specific use cases for ASM (in IPv4) in distributed monitoring (many-few traffic flows) It sure would be a shame for that to go away... Well, I doubt it will go away. Presumably embedded RP will serve those needs in the v6 world. But IME

Administrativa: auto-responder

Could the list admin please un-sub jstr...@cityoftaft.org, who is sending an I'm retiring auto-responder? Cheers, Phil

Re: Administrativa: auto-responder

On 04/06/2014 19:55, Phil Mayers wrote: Could the list admin please un-sub jstr...@cityoftaft.org, who is sending an I'm retiring auto-responder? Oh FFS... and qual...@of2m.fr as well? Has someone bulk-sub'ed a load of people mischeviously?

AMT/vPro MLD storms?

All, In the last week or so, we've started to see a problem on newer PCs with the Intel AMT/vPro (a kind of inline out-of-band management controller, for those unfamiliar with it) which now supports IPv6... after a fashion. The specific issues is that under certain as-yet unidentified

Re: AMT/vPro MLD storms?

On 06/02/14 12:42, Sam Wilson wrote: Note the v6 LL IP is a mutated form of EUI-64 (locally-assigned bit toggled?) Are you sure about that last? Surely the U/L bit should be flipped Oops. Quite right, well spotted.

Re: So, time for some real action?

On 06/02/2014 17:52, Andrew  Yourtchenko wrote: Last time I checked, anyone with available days off can take them at any time for any reason. Most places aren't quite that generous; notice, simultaneous team member leave and exceptional circumstance clauses typically apply. But I take

Re: RA DHCP problem...

On 30/12/2013 12:13, Mikael Abrahamsson wrote: I am not asking these questions to be mean, I'm asking them to bring out all the reasons so someone will document them so they can be presented in a coherent consise manner (for instance an I-D). I know I have to do this when I want things to

Re: RA DHCP problem...

On 30/12/2013 15:13, Lorenzo Colitti wrote: No, I mean - from a *security* perspective there's actually no security, because if there existed a host implementation that always tried all source addresses every time it connected, then that implementation would always work with no issues, even if

Re: RA DHCP problem...

On 30/12/2013 21:40, S.P.Zeidler wrote: Thus wrote Phil Mayers (p.may...@imperial.ac.uk): One problem we have with this setup: If two devices are on a port, in different IPv6-enabled VLANs, they both see both RAs, and IPv6 connectivity breaks. I assume you have considered fixing the route

Re: Over-utilisation of v6 neighbour slots

On 03/11/2013 16:30, Jared Mauch wrote: I've noticed that my ipv6 is about 1ms faster than ipv4 consistently in measurements. I doubt that is enough faster to make a difference in most transactions so they would be equally preferred. Interestingly, that last time I timed the IPv4 versys IPv6

Re: Over-utilisation of v6 neighbour slots

On 21/10/13 20:35, Phil Mayers wrote: Specifically, our Cisco 6500/sup720 ran out of IPv6 FIB slots, as num_routes + num_neighs exceeded 32k (the default IPv4/IPv6 TCAM split on this platform being 192k/32k). I wanted to follow up on this. Some folks from Cisco kindly contacted me off-list

Re: Over-utilisation of v6 neighbour slots

On 10/24/2013 08:18 AM, Benedikt Stockebrand wrote: In my opintion the problem here is not so much Apple, but Cisco. While Well, I think there's more than one problem. Certainly fixed-size (and relatively small) FIBs in Cisco-land are a problem. On devices where the FIB is a relatively

Re: Over-utilisation of v6 neighbour slots

On 22/10/13 10:18, Sam Wilson wrote: On 22 Oct 2013, at 06:03, Eric Vyncke (evyncke) wrote: But, the rapid rate of new RFC 4941 addresses for iOS has another impact because network devices cannot anymore limit the number of IPv6 addresses per MAC address in order to prevent a local DoS. So,

Over-utilisation of v6 neighbour slots

All, We ran into an interesting issue on our wireless network today, caused mainly by the known behaviour of Apple clients in generating fresh privacy addresses every time there's a power sleep/wake state change (i.e. a lot) combined with a non-default NS/ND config on our side.

Re: Over-utilisation of v6 neighbour slots

On 21/10/2013 21:19, Cutler James R wrote: 4. Does Apple's approach to IPv6 privacy addresses properly support the intent of privacy addresses? My tentative answer is, Yes, and we need to learn to cope. The general approach perhaps, but the rollover timing is way, way too aggressive IMO.

Re: The subnet-router anycast address

On 09/10/13 10:41, Harald Terkelsen wrote: Hi! Is anyone actually using the subnet-router anycast address in your network? No. Frankly I've never understood what purpose it served other than to confuse. responds when IPv6 forwarding is enabled. On our wireless subnets, we see lots of DAD

Re: IPv6 duplicate DAD packets from Android clients?

On 10/08/2013 01:02 AM, Erik Kline wrote: It could be a bug, i.e. a client trying to do an NS for the router but for some reason not using its link-local address (whacky race condition where DAD for link-local hasn't completed?). Maybe; we've got a lot of Android clients on the network, and

Re: teredo.ipv6.microsoft.com off?

On 07/18/2013 09:09 PM, Brian E Carpenter wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. AFAIK, every version of windows (i.e.

Re: teredo.ipv6.microsoft.com off?

On 17/07/13 21:09, Brian E Carpenter wrote: On 17/07/2013 19:13, Ignatios Souvatzis wrote: ... Let me ask one thing... a couple of years ago, when I read the specification of Teredo, I was quite impressed by the details (If you accept the premise that you have to work around being jailed

Re: same link-local address on multiple interface and OSPFv3

On 06/29/2013 09:31 PM, Brian E Carpenter wrote: Of course not, but I was trying to see how deep in the product design the issue might go. It sounds like dumb copying of the IPv4 logic That seems like a pretty reasonable guess. OTOH, OSPFv3 is different enough that I expect the code was all

Re: Point-to-point /64

On 02/06/13 22:51, Brian E Carpenter wrote: On 03/06/2013 08:49, Darren Pilgrim wrote: ... I'm not sure about other switches, but for the Catalyst 3750/3750G, it means some quirks with IPv6 ACLs. The 3750/3750D can do ACLs on full /128's, but only if the lower 64 bits are EUI64. Huh? How can

Re: IPV6 in the network core and MPLS

Right now on those platforms afaik mpls needs ipv4 in the core. I have no idea if/when ldpv6 and the relevant bgp stuff will appear in ios/nxos - is it available on any platform (junos?) yet? Jim Trotz jtr...@gmail.com wrote: I have been trying to find out if we can use MPLS LDP to setup MPLS