Several US companies (including my employes) simply use the same ARIN prefix
everywhere and inject local routes at each WW locations. As long as the prefix
length is short enough, there will be no issue about routing or about RIR.
-éric
On 21/05/18 06:47,
See also
https://tools.ietf.org/html/draft-vyncke-v6ops-happy-eyeballs-cookie-01
Kind of a well-known problem when "naive" applications/CMS/middleware
trust an IP address to protect cookies
-éric
On 29/04/16 14:46, "ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de on
behalf of re"
See also RFC 6946 on this topic and the more controversial
draft-ietf-6man-deprecate-atomfrag-generation
-éric
On 29/04/16 08:43, "ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de on
behalf of Seth Mos" wrote:
AFAIK, they were announcing the same IPv6 RDNSS over RA & DHCPv6... But
Android was the only OS to stick to IPv6 RDNSS (again my guess)
-éric
On 25/04/16 18:01, "Bjørn Mork" wrote:
>Lorenzo Colitti writes:
>> On Tue, Apr 26, 2016 at 12:48 AM, Bjørn Mork
over IPv6.
Bad DNS and/or network configurations. Once these were fixed, the problems
cleared up.
On Sunday, April 24, 2016, Erik Kline <e...@google.com<mailto:e...@google.com>>
wrote:
On 24 April 2016 at 19:53, Jeroen Massar <jer...@massar.ch<javascript:;>> wrote:
> On 2016-
Interesting situation indeed :-)
As we all known, Microsoft DirectAccess uses IPsec over IPv6 (and
potentially over Teredo or SSL-VPN if the host does not have native IPv6).
So, if your DirectAccess head-end is dual-stack, it now receives Ipsec
packets over IPv6 rather than HTTLS or Teredo over
Fernando et al.,
A couple of quick comments:
- this reminds me of taylor-v6ops-fragdrop (which you cite at the end),
did you approach any of this old I-D authors?
- not sure whether the security implications should be re-stated again in
this document, let's rather split the security &
Please read some IETF draft related to NDP/multicast/WiFi issues (Lorenzo
is very active there).
Multicast RA are not really needed anyway, some 'high market' (see my
email address) AP have dozens of tricks to reply to RS with a UNIcast RA,
and trying to reduce the amount of NDP mcast.
If you
And you are not alone... While my employer has deployed a lot of IPv6
internally (still not 100% though), some internal DNS servers are
blacklisted by Google. Probably because a lot of our internal labs (which
are also IPv6-enabled of course) are managed by the engineers using the
lab, so, ending
Is it related to the paranoid option of blocking all inbound traffic? To
mimick NAT44 ?
-éric
On 12/02/15 14:00, Thomas Schäfer tho...@cis.uni-muenchen.de wrote:
Am 12.02.2015 um 13:40 schrieb erik.tarald...@telenor.com:
This might be so in Norway. In German customer portals the gamers
mostly
[As a side note, it seems that the European 'google' statistics are now more in
line with the expectation]
Several countries have recently made good progress dixit Google Apnic (URL
are simply a different way of presenting Google data):
* US has reached 10%, welcome to the 10%-club
*
For a couple of weeks, it seems that Google IPv6 measurements are heading down
mainly for Europe. For example, here is a link to a presentation of the Google
measurements for several European countries and USA. There is a clear drop in
the last days/weeks for European countries but not for USA.
not assume some magical knowledge of mine based on my email
address)
-éric
On 28/08/14 16:31, Enno Rey e...@ernw.de wrote:
Eric, guys,
On Thu, Aug 28, 2014 at 02:28:53PM +, Eric Vyncke (evyncke) wrote:
The mapped IPv4 address is probably coming out of a 6PE (or 6VPE) MPLS
router where
Yannis
While I cannot speak for all vendors or even for all of my employer's
products, you will indeed find that control-plane policing (=
rate-limiting) is either on by default or can be configured on most
routers.
Alternatively, you may want to use plain ACL to drop all those
Not sure whether I fully understand the question in all details, but:
1. on a LAN/WLAN (basically where NS/NA is required to work, = broadcast
domain with MAC addresses), the use of a /64 prefix is recommended
2. Each host (being server or client) must have at least one global address
address.
--Te
On Wed, Jun 18, 2014 at 1:14 PM, Eric Vyncke (evyncke)
evyn...@cisco.commailto:evyn...@cisco.com wrote:
Not sure whether I fully understand the question in all details, but:
1. on a LAN/WLAN (basically where NS/NA is required to work, = broadcast
domain with MAC addresses
I know that Merit run an IPv6 darknet in 2012, but, but looking at
http://www.vyncke.org/ipv6status/plotbgp.php?country= (showing the amount of
not aggregated announced prefixes based on route views.org data) it appears
that ASN 237 had announced 2600::/12, 2800::/12, … From 2013-10-28 to
I used Little Snitch for a while on my device but too intrusive, let's
rather use pfctl ;-)
On 21/03/14 15:21, Jeroen Massar jer...@massar.ch wrote:
On 2014-03-21 08:54, Eric Vyncke (evyncke) wrote:
And Stig, if you are using our 'employer-paid' laptop sold by Cupertino,
then, you are also
On 14/03/14 00:21, Marco Sommani marcosomm...@gmail.com wrote:
AVM is not alone in its choices: they just do what is suggested in RFC
6092 - Recommended Simple Security Capabilities in Customer Premises
Equipment (CPE) for Providing Residential IPv6 Internet Service. I don't
like what they do,
Jakob
What annoys me more if the fact that AVM (and they are not the only one --
see Technicolor others) naively believes that NAT44 offered some
security by preventing inbound connections... This means that there is NO
open connectivity between two X/Box behind a closed AVM CPE... Hence X/Box
Or is it because AVM blocks all inbound IPv6 connection and X/Box has no
choice but falling back on Teredo?
I am really unclear on the exact situation
-éric
On 13/03/14 21:46, Gert Doering g...@space.net wrote:
Hi
On Thu, Mar 13, 2014 at 07:12:54PM +, Eric Vyncke (evyncke) wrote:
What
Fernando
Wrt to the Cisco DHCPv6 server (CNR):
1) sequential or random per configuration (can send multiple IA_NA/IA_TA
if there are multiple prefixes configured for this link)
2) while client can send a 'hint' to re-use previous addresses, the server
can do the same thing, we called this
Dick
464XLAT is contained within a host, so, you will need an implementation for all
your end host (laptop, tablets, ...)
But, I am sure that you already know that ;-)
-Original Message-
From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de
Jeroen
AFAIK, only Teredo is disabled when the Windows host detects AD
-éric
-Original Message-
From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de [mailto:ipv6-ops-
bounces+evyncke=cisco@lists.cluenet.de] On Behalf Of Jeroen Massar
Sent: mercredi 17 juillet 2013 15:20
There is indeed a noticeable change in the Google IPv6 statistics (my web site
is only an graphical layer on their data) with a generalized drop in all
countries except US, Switzerland (but SwissCom has made a recent major move!)
and Peru (Telefonica -- dixit WV6L web site -- appears to deploy
25 matches
Mail list logo