Re: IPv6 plan for multisite corporate

Several US companies (including my employes) simply use the same ARIN prefix everywhere and inject local routes at each WW locations. As long as the prefix length is short enough, there will be no issue about routing or about RIR. -éric On 21/05/18 06:47,

Re: ip switching from ipv4 to ipv6

See also https://tools.ietf.org/html/draft-vyncke-v6ops-happy-eyeballs-cookie-01 Kind of a well-known problem when "naive" applications/CMS/middleware trust an IP address to protect cookies -éric On 29/04/16 14:46, "ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de on behalf of re"

Re: MTU/MSS testing IPv6

See also RFC 6946 on this topic and the more controversial draft-ietf-6man-deprecate-atomfrag-generation -éric On 29/04/16 08:43, "ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de on behalf of Seth Mos" wrote:

Re: Slow WiFi with Android Marshmallow & IPv6?

AFAIK, they were announcing the same IPv6 RDNSS over RA & DHCPv6... But Android was the only OS to stick to IPv6 RDNSS (again my guess) -éric On 25/04/16 18:01, "Bjørn Mork" wrote: >Lorenzo Colitti writes: >> On Tue, Apr 26, 2016 at 12:48 AM, Bjørn Mork

Re: Slow WiFi with Android Marshmallow & IPv6?

over IPv6. Bad DNS and/or network configurations. Once these were fixed, the problems cleared up. On Sunday, April 24, 2016, Erik Kline <e...@google.com<mailto:e...@google.com>> wrote: On 24 April 2016 at 19:53, Jeroen Massar <jer...@massar.ch<javascript:;>> wrote: > On 2016-

Re: Curious situation - not urgent, but I'd like to know more

Interesting situation indeed :-) As we all known, Microsoft DirectAccess uses IPsec over IPv6 (and potentially over Teredo or SSL-VPN if the host does not have native IPv6). So, if your DirectAccess head-end is dual-stack, it now receives Ipsec packets over IPv6 rather than HTTLS or Teredo over

Re: [v6ops] Why operators filter IPv6 packets with extension headers?

Fernando et al., A couple of quick comments: - this reminds me of taylor-v6ops-fragdrop (which you cite at the end), did you approach any of this old I-D authors? - not sure whether the security implications should be re-stated again in this document, let's rather split the security &

Re: SV: Samsung phones block WiFi IPv6 when sleeping, delayed notifications

Please read some IETF draft related to NDP/multicast/WiFi issues (Lorenzo is very active there). Multicast RA are not really needed anyway, some 'high market' (see my email address) AP have dozens of tricks to reply to RS with a UNIcast RA, and trying to reduce the amount of NDP mcast. If you

Re: Google no longer returning AAAA records?

And you are not alone... While my employer has deployed a lot of IPv6 internally (still not 100% though), some internal DNS servers are blacklisted by Google. Probably because a lot of our internal labs (which are also IPv6-enabled of course) are managed by the engineers using the lab, so, ending

Re: SV: Why do we still need IPv4 when we are migrating to IPv6...

Is it related to the paranoid option of blocking all inbound traffic? To mimick NAT44 ? -éric On 12/02/15 14:00, Thomas Schäfer tho...@cis.uni-muenchen.de wrote: Am 12.02.2015 um 13:40 schrieb erik.tarald...@telenor.com: This might be so in Norway. In German customer portals the gamers mostly

Some very nice IPv6 growth as measured by Google

[As a side note, it seems that the European 'google' statistics are now more in line with the expectation] Several countries have recently made good progress dixit Google Apnic (URL are simply a different way of presenting Google data): * US has reached 10%, welcome to the 10%-club *

Google IPv6 measurements in Europe appear heading down...

For a couple of weeks, it seems that Google IPv6 measurements are heading down mainly for Europe. For example, here is a link to a presentation of the Google measurements for several European countries and USA. There is a clear drop in the last days/weeks for European countries but not for USA.

Re: Something with filters

not assume some magical knowledge of mine based on my email address) -éric On 28/08/14 16:31, Enno Rey e...@ernw.de wrote: Eric, guys, On Thu, Aug 28, 2014 at 02:28:53PM +, Eric Vyncke (evyncke) wrote: The mapped IPv4 address is probably coming out of a 6PE (or 6VPE) MPLS router where

Re: IPv6 packets with HBH

Yannis While I cannot speak for all vendors or even for all of my employer's products, you will indeed find that control-plane policing (= rate-limiting) is either on by default or can be configured on most routers. Alternatively, you may want to use plain ACL to drop all those

Re: IPv6 Assignment for Server

Not sure whether I fully understand the question in all details, but: 1. on a LAN/WLAN (basically where NS/NA is required to work, = broadcast domain with MAC addresses), the use of a /64 prefix is recommended 2. Each host (being server or client) must have at least one global address

Re: IPv6 Assignment for Server

address. --Te On Wed, Jun 18, 2014 at 1:14 PM, Eric Vyncke (evyncke) evyn...@cisco.commailto:evyn...@cisco.com wrote: Not sure whether I fully understand the question in all details, but: 1. on a LAN/WLAN (basically where NS/NA is required to work, = broadcast domain with MAC addresses

Yet another Merit (ASN 237) IPv6 Darknet in the last months?

I know that Merit run an IPv6 darknet in 2012, but, but looking at http://www.vyncke.org/ipv6status/plotbgp.php?country= (showing the amount of not aggregated announced prefixes based on route views.org data) it appears that ASN 237 had announced 2600::/12, 2800::/12, … From 2013-10-28 to

Re: interesting multicast packet

I used Little Snitch for a while on my device but too intrusive, let's rather use pfctl ;-) On 21/03/14 15:21, Jeroen Massar jer...@massar.ch wrote: On 2014-03-21 08:54, Eric Vyncke (evyncke) wrote: And Stig, if you are using our 'employer-paid' laptop sold by Cupertino, then, you are also

Re: Microsoft: Give Xbox One users IPv6 connectivity

On 14/03/14 00:21, Marco Sommani marcosomm...@gmail.com wrote: AVM is not alone in its choices: they just do what is suggested in RFC 6092 - Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service. I don't like what they do,

Re: Microsoft: Give Xbox One users IPv6 connectivity

Jakob What annoys me more if the fact that AVM (and they are not the only one -- see Technicolor others) naively believes that NAT44 offered some security by preventing inbound connections... This means that there is NO open connectivity between two X/Box behind a closed AVM CPE... Hence X/Box

Re: Microsoft: Give Xbox One users IPv6 connectivity

Or is it because AVM blocks all inbound IPv6 connection and X/Box has no choice but falling back on Teredo? I am really unclear on the exact situation -éric On 13/03/14 21:46, Gert Doering g...@space.net wrote: Hi On Thu, Mar 13, 2014 at 07:12:54PM +, Eric Vyncke (evyncke) wrote: What

Re: Question on DHCPv6 address assignment

Fernando Wrt to the Cisco DHCPv6 server (CNR): 1) sequential or random per configuration (can send multiple IA_NA/IA_TA if there are multiple prefixes configured for this link) 2) while client can send a 'hint' to re-use previous addresses, the server can do the same thing, we called this

RE: 'Upgrading' NAT64 to 464XLAT?

Dick 464XLAT is contained within a host, so, you will need an implementation for all your end host (laptop, tablets, ...) But, I am sure that you already know that ;-) -Original Message- From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de

RE: teredo.ipv6.microsoft.com off?

Jeroen AFAIK, only Teredo is disabled when the Windows host detects AD -éric -Original Message- From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de [mailto:ipv6-ops- bounces+evyncke=cisco@lists.cluenet.de] On Behalf Of Jeroen Massar Sent: mercredi 17 juillet 2013 15:20

RE: New IPv6 king of the hill: Switzerland?

There is indeed a noticeable change in the Google IPv6 statistics (my web site is only an graphical layer on their data) with a generalized drop in all countries except US, Switzerland (but SwissCom has made a recent major move!) and Peru (Telefonica -- dixit WV6L web site -- appears to deploy