enterprise IPv6 only client computers and IPv4 connectivity
Hi, If an enterprise today would decide that they're going to run IPv6 only on their LAN, they would have recent Win7|Win8|OSX|Ubuntu clients on their client computers, what mechanism would they use to access IPv4 Internet? My thinking immediately went to DS-lite, NAT64/DNS64 and MAP-E, but I NAT64/DNS64 isn't good enough without 464XLAT, and DS-lite and MAP-E requires additional software on most of these operating systems, right? Are these kinds of client software even available? What other mechanism could be used to achieve IPv4 Internet reachability over IPv6 only access for end-systems? HTTP proxy or SOCKS-proxy also sounds too cumbersome. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: enterprise IPv6 only client computers and IPv4 connectivity
On Tue, Apr 30, 2013 at 4:03 PM, Mikael Abrahamsson swm...@swm.pp.sewrote: If an enterprise today would decide that they're going to run IPv6 only on their LAN, they would have recent Win7|Win8|OSX|Ubuntu clients on their client computers, what mechanism would they use to access IPv4 Internet? None, and good luck?
Re: enterprise IPv6 only client computers and IPv4 connectivity
My thinking immediately went to DS-lite, NAT64/DNS64 and MAP-E, but I NAT64/DNS64 isn't good enough without 464XLAT, and DS-lite and MAP-E requires additional software on most of these operating systems, right? Are these kinds of client software even available? Is NAT64/DNS64 without 464xlat really not good enough? For Cameron's mobile phones, where Skype is important, that's a clear need for IPv4. But I suspect that /some/ enterprises might consider can't run Skype more of a feature than a bug. My point is simply that not good enough may be more subjective and less objective than I think your statement implies.
Re: A simple test for email via IPv6
Am 30.04.2013 09:28, schrieb Валерий Солдатов: Hello, I wrote a little script-autoresponder, it helps to check delivery of email via IPv6. Simply send an email to t...@mail.v6net.ru. If we get it via IPv6, you will receive a confirmation letter with congratulations. If we get it via IPv4, you will receive an error message about non-existing domain. (MX record for mail.v6net.ru references only to -record). I did such tests in too. (without autoresponder and without public test-service). But the thing is: The Deutsche Telekom hasn't still made their homework. And it comes worse: The second part of your statement is not true. I get no error message, I get no message at all. Normal users would think the email was delivered. May be the Deutsche Telekom is not alone, but that is a bad excuse. Regards, Thomas Schäfer -- There’s no place like ::1 Thomas Schäfer (Systemverwaltung) Ludwig-Maximilians-Universität Centrum für Informations- und Sprachverarbeitung Oettingenstraße 67 Raum C109 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701
Re: A simple test for email via IPv6
Yes, e...@blazing.de works! I sent an email from dual-stack smtp-server, and receive an answer letter via IPv6 Солдатов Валерий, ЗАО Бэст Телеком. - Исходное сообщение - От: Tom Spier tsp...@blazing.de Кому: ipv6-ops@lists.cluenet.de Отправленные: Вторник, 30 Апрель 2013 г 13:26:07 Тема: Re: A simple test for email via IPv6 You may also try e...@blazing.de (v4/v6) A quick-hack which also echoes the complete header. Regards Tom
Re: enterprise IPv6 only client computers and IPv4 connectivity
On 4/30/2013 12:03 AM, Mikael Abrahamsson wrote: Hi, If an enterprise today would decide that they're going to run IPv6 only on their LAN, They wouldn't. This is a self-defeating question. In other words, if you seriously contemplated doing this you would know whether you could do it or not. You would start small, with ONE IPv6-only system, and find some proprietary translator/proxy/whatever box, and test it with all your apps. Almost certainly many would break. So you would work with the developer and they would write fixes into their code and you would try it again. After about 6 months to a year you might have something that would work. Most likely you would not be able to interest someone large like Cisco as they already have their own testers. You would have to find some small outfit and be willing to pay $$$ to them to get them to do it. I can think of several of the open source/closed source firewall vendors that might be interested if you offered enough money. Ted they would have recent Win7|Win8|OSX|Ubuntu clients on their client computers, what mechanism would they use to access IPv4 Internet? My thinking immediately went to DS-lite, NAT64/DNS64 and MAP-E, but I NAT64/DNS64 isn't good enough without 464XLAT, and DS-lite and MAP-E requires additional software on most of these operating systems, right? Are these kinds of client software even available? What other mechanism could be used to achieve IPv4 Internet reachability over IPv6 only access for end-systems? HTTP proxy or SOCKS-proxy also sounds too cumbersome.
Re: A simple test for email via IPv6
Am 30.04.2013 11:25, schrieb Валерий Солдатов: Hi Thomas, Records in a maillog show that an answer via IPv6 has been send to you, hope you receive it. Sorry if you did not receive. This account works. But I tried also my private account at t-online.de With IPv4 you will get an answer about non-existing domain, but possibly your local smtp-server placed your email in outgoing queue and tries repeately to deliver it. Maybe you will receive a negative answer from it later. May be in seven days or never. That's not your fault. That is the willful ignorance of some ISPs - speak IPv4, or we won't talk to you. Last year the Deutsche Telekom was able to receive emails from IPv6-only-networks. Now they are completely disconnected from the internet, at least from emails point of view. Regards, Thomas -- There’s no place like ::1 Thomas Schäfer (Systemverwaltung) Ludwig-Maximilians-Universität Centrum für Informations- und Sprachverarbeitung Oettingenstraße 67 Raum C109 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701
Re: A simple test for email via IPv6
On Tue, Apr 30, 2013 at 03:20:58AM -0700, Ted Mittelstaedt wrote: We aren't talking some opt-in mailing list that could possibly argue that they had a reason to allow a reply to a 3rd party. There is no reason that a proper autoresponder setup for the purpose of testing (that the OP stated) should allow what I did. Most out-of-office autoresponders do so. Obviously they could also be limited to own users, but my feeling is that most aren't. But they are commonly throttled which is what I was hinting at. Even if it did implement throttling that is not an excuse to allow a 3rd party relay unless it's needed. And in this case it's not needed. How is it a 3rd party relay if you don't control the mail that's sent? The cost you have is similar to what you would have by connecting directly, so it's not even amplification. Obviously the reputation of that particular host might suffer. I didn't say it was. I said that it could be abused to stuff up someone's e-mail box. That implied a lack of throttling of course. I assumed that if the OP was ignoring the sender's IP that they would not have implemented throttling either. How does the sender's IP matter in your actions? Everybody can fake everywhere, you are not required to use the outbound MTA of Gmail, for instance. I know we're all excited about IPv6 but the problem is that way too many people are implementing it without any firewalling, or filtering or anything. Please don't think that the spammers are stupid. I'm not sure how this relates to the problem at hand, except for pushing the filtering agenda. Oh good Lord. So, reasonable mail filtering is now an 'agenda'? Since when did mail filtering become undesirable? You did not say mail filtering, didn't you? You said implementing IPv6, which is different. What's happening here does not depend on IPv6 at all. Please publicly post the IP address of a mailserver YOU administer that is NOT filtered and allows unthrottled autoresponses. And for extra credit, why don't you open it for open relaying, too? I said that sane autoreponders implement throttling. You did not post that you tried to mail twice and it replied to both attempts. (Which is well possible, but you did not say that.) Do I really have to explain why it's not polite to walk out into the middle of a crowd in the city and take off all your clothes? (well, for most people to do that, that is - I can think of a few exceptions) I'm not sure how this polemic response is related. For odd reasons there are laws against this, whereas misbehaving mail servers are regulated (i.e., voted down through blacklists) by the internet community at large. Kind regards Philipp Kern signature.asc Description: Digital signature
outlook.office365.com broken via IPv6
Hi, given that Christopher Palmer is on this list, I doubt NANOG ml would be more helpful. CC'ing him for attention. :-) Best regards, Daniel On Tue, Apr 30, 2013 at 11:28:41AM +0100, Nick Hilliard wrote: On 30/04/2013 11:24, Bernhard Schmidt wrote: - Someone advertises records that fail to connect. See for example https://outlook.office365.com that has had broken IPv6 for weeks now. Would megaphone diplomacy work here? I.e. posting to nanog. Nick -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0