SV: Application that actually requests "pinholes" ?

2018-09-14 Thread erik.taraldsen
Plex media server for OSX.  
Also I belive iChat uses UPnP.  Listing from my home device:


HiMac:~ eriktar$ upnpc -l
upnpc : miniupnpc library test client, version 2.0.
 (c) 2005-2016 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://10.0.0.138:6/426311d0/gatedesc1.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://10.0.0.138:6/426311d0/upnp/control/WANIPConn1
Local LAN ip address : 10.0.0.1
Connection Type : IP_Routed
Status : Connected, uptime=321271s, LastConnectionError : ERROR_NONE
  Time started : Mon Sep 10 20:43:42 2018
MaxBitRateDown : 1048576000 bps (1048.5 Mbps)   MaxBitRateUp 1048576000 bps 
(1048.5 Mbps)
ExternalIPAddress = 88.95.45.143
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 TCP 12068->10.0.0.1:32400 'Plex Media Server' '' 0
 1 UDP  5354->10.0.0.2:5353  'iC5354' '' 0
 2 UDP  4501->10.0.0.2:4500  'iC4501' '' 0
 3 UDP  4502->10.0.0.1:4500  'iC4502' '' 0
 4 UDP  5355->10.0.0.1:5353  'iC5355' '' 0
 5 UDP  4500->10.0.0.3:4500  'iC4500' '' 0
 6 UDP  5353->10.0.0.3:5353  'iC5353' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)

____
Fra: ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de 
 på vegne av 
Brandon Applegate 
Sendt: 14. september 2018 13:55
Til: ipv6-ops mailing list
Emne: Application that actually requests "pinholes" ?

Hello,

I wanted to see if anyone on the list knows of a current application that 
actually tries to request pinhole/port mapping etc ?  This would be via UPnP 
IGDv2 WANIPv6FirewallControl or the PCP protocol.  I’m playing with miniupnpd 
on my firewall, and I have it configured to the point where this is working.  I 
can use the upnpc utility to manually request an IPv6 pinhole and this works.  
I’d just like to see a “real” application using it and working.

Thanks.

--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
0641 D285 A36F 533A 73E5  2541 4920 533C C616 703A
"For thousands of years men dreamed of pacts with demons.
Only now are such things possible."



SV: BBWF Beer meetup

2016-10-10 Thread erik.taraldsen
For those not yet killed, I've gotten this suggestion off-list
http://www.foxbars.com/foxexcel/excel-bars/

"... our Warehouse Bar is the go to place for post-exhibition goers."

-Erik



Fra: Gert Doering 
Sendt: 8. oktober 2016 12:22
Til: Eric Wisner
Kopi: Anfinsen, Ragnar; Taraldsen Erik; ipv6-ops@lists.cluenet.de
Emne: Re: BBWF Beer meetup

Hi,

On Sat, Oct 08, 2016 at 09:17:53PM +1100, Eric Wisner wrote:
> KILL ME

I take the beer was good, and lots of it?  :-)

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14  Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444   USt-IdNr.: DE813185279


BBWF Beer meetup

2016-10-07 Thread erik.taraldsen
Terribly sorry if this is an misuse of the list.  I know people here are not 
shy to speek up if they feel it is, so feel free to bash my head in that case. 
:)


I'm arriving Tuesday, staying untill Thursday.  How about a meetup at a bar not 
to far from Excel Tuesday?  It's my second visit to London so I have absolutely 
no knowledge of recomended bars.  In my oppinion it should be some where they 
don't play to loud music so we can talk, not shout to each other (yes I'm that 
old and boring)(Anyone who recomends disco, you are banned to IPv4 CGN for the 
rest of your life).  Recomandations?  Say that we start approx 20.00?


-Erik


SV: SV: SV: CPE Residential IPv6 Security Poll

2016-09-29 Thread erik.taraldsen
>>And just to trow this conversation futher of, anybody else here coming to 
>>BBWF this year?
>
> I’ll be there... Beers?

Good idea.  Any non-Norwegians who would like to join? :)

-E

SV: SV: CPE Residential IPv6 Security Poll

2016-09-25 Thread erik.taraldsen
1) In theory you are right.  In practise it is not that black and white.  We 
never buy an excisting product, we buy an future product which has to be 
developed for us.  That include physical features which may not have beed 
release from Broadcom yet (11ac 3x3 we were the first mass order from Broadcom 
for example).  That means that we usualy have an development periode with the 
vendor, and a release target (VDSL launch for example)  Sometimes the have to 
rush the CPE side to meet the network side launch.  This again means that we 
usualy launch with a fair number of bug and un-optimized software, and features 
missing.  And since we don't buy in Comcast type volumes we don not have the 
purchasing power to instruct the vendors to do absolutly everything, we have an 
limited development team working for us and we have to prioritize what they 
should work on.  And so far UPnP has not gotten above that treshold.

(And the above is a bit besides the point, we seem to be the only ISP who want 
UPnP.  That don't help our customers a lot.  In order for UPnP to work you also 
need support in the clients, and those we talk to who do develop clients badly 
want to get away from UPnP)


2) You may have more luck with your forum posts, but on the norwegian forums 
the loudest answer wins the day. Reason cannot stand up to the forces of loud 
ignorance.

3) As stated in 1, limited recources dictates that we prioritice security, 
features which support payable services, then the stuff we network geeks want.  
And since I do know a lot of smaller ISP's and retailers of off-the-shelf 
products, I do know that those products do very seldom get anything other than 
bug fixes for anything other that flaws which may refelct badly on the CPE 
vendor.

4) The customers are paying for internet access.  That used to mean an ethernet 
port and two IPv4 addresses.  Today the costomers define it as wifi access on 
the phone in the room the furthest away from the router.  The level of 
knowledge in the user base is dropping like a stone.  If we can have an 
technical solutin which prevents the customer from having issues and calling 
us, we go for it.


-Erik



Fra: ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de 
<ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de> på vegne av Ted 
Mittelstaedt <t...@ipinc.net>
Sendt: 20. september 2016 18:52
Til: ipv6-ops@lists.cluenet.de
Emne: Re: SV: CPE Residential IPv6 Security Poll

Erik,

I think you have to follow these precepts (keep in mind this is an
American capitalist perspective not a European cooperative socialist
perspective)

1) You got the money, tell your vendors to either do what you want (put
IPv6 UPnP in CPEs they sell you) or you are going to kick their ass.
It's your money!  They want your money do they not?  That's why they are
selling CPEs to you - so why do you tolerate any crap from them?  Tell
them either put UPnP in the code or your going elsewhere for your CPEs
and you are going to tell all your other ISP friends to go elsewhere for
their CPEs.   Enough Mr. Nice Guy.

2) It's not your problem if Ma & Pa Kettle find a wannabe power user.
If you don't like being bad-mouthed by wannabe power users on the online
forums then get your ass on the online forums and start engaging.
Refute those "need bigger antennas" posts with logic and reason.
I guarantee to you that 1 correct post is worth 100 baloney posts from
wannabe power users.

3) How on Earth can you make the case that your ISP router patches
security holes and adds features yet turn around and claim that you
can't push your CPE vendors to add UPnP support?   Either you have power
to get your CPE vendors to issue updates or not.  If you do - then
quit complaining that no CPE's have UPnP support for IPv6.  If you
don't - then quit claiming your CPE is better.

4) What is your customers perception that they are paying for and
what are they REALLY paying for?   If they think they are paying for
access only - and you think they are paying for access plus your
management of their network CPE - then I can see why you might be
wondering why they aren't complaining to you when there's a problem
and going to the wannabe power users.  Maybe you just need to do some
more customer education?

Ted

On 9/20/2016 1:24 AM, erik.tarald...@telenor.com wrote:
> With all due respect to the actual power user out there.  For each one of 
> them, there is at least 20 who think they are power users who base their 
> knowledge on rumors and misconceptions.   They are often vocal (forums and 
> coments on news sites) and they are the once who often are enlisted to help 
> Ma&  Pa Kettle.  At least that is what we see a lot of in Norway.  They 
> simply do not have the ability to correctly diagnose the issues.  Solutions 
> often involve "you need bigger antennas on the router", "Apple routers are 
> 

SV: Samsung phones block WiFi IPv6 when sleeping, delayed notifications

2015-06-10 Thread erik.taraldsen
  I see that. I don’t think the problem is confined to Samsung or that it can 
  be completed solved in isolation from fixing wireless AP router behaviour.
 At the edge of the WiFi network I also see the IPv6 connectivity dropping 
 while IPv4 stays up. I’ve a ZyXEL home router that sends periodic RAs every 
 15 seconds
 and a Huawei home router that sends them every 1800 seconds.

Any opinions on what a sane default value for what the RA interval should be?  
I have not conserned myself with that interval before, but I see that the 
residential devices we ship are on a very low interval.


--
Erik Taraldsen


SV: Samsung phones block WiFi IPv6 when sleeping, delayed notifications

2015-06-10 Thread erik.taraldsen

 I believe our Cisco equipment defaults to 10 minutes (600 seconds). There 
 will also be RAs in response
 to RS messages.

From the googeling I've done it seems that the defaults span from 180 to 600 
seconds.  Have not 
yet found any reccomandation.  Either as a sane dafult value or a calculation 
from the life time.


--
Erik Taraldsen

SV: Some very nice IPv6 growth as measured by Google

2014-11-03 Thread erik.taraldsen
I work with the residential gateways in Telenor Norway.  We have two linux 
based Zyxel devices which support IPv6 native.  We have done pilot trials since 
approx Easter, and since this summer we have started rolling out IPv6 where we 
can.  Not all dslams support IPv6 native, and there is other restrictions as 
well.  But we will be able to provide IPv6 to a majority of the user base 
within the year.  Given that the user has a IPv6 capable RG.

We have some trouble understanding the September dip in the graph, as we have 
not done a rollback.  We were in fact rolling out in that time period.
http://stats.labs.apnic.net/ipv6/AS2119?a=2119c=NOx=0s=1p=1w=10s=0

As for lessons learned, start slow. Try and catch as many bugs as possible 
before doing a large scale roll out.  Even when hitting bugs, try and 
understand user impact before panicking.  Browsers has pretty aggressive happy 
eyeballs algorithms, so you can get away with some (seldom occurring) bugs in 
production.  

We use the same principle for IPv6 security as for IPv4 security.  Meaning 
state full firewall blocking all incoming traffic, allowing all outgoing.  But 
the user has full control to do as she likes.


-Erik Taraldsen




Fra: ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de 
[ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de] p#229; vegne av 
Geoff Huston [g...@apnic.net]
Sendt: 3. november 2014 09:25
Til: Eric Vyncke (evyncke)
Kopi: ipv6-ops@lists.cluenet.de
Emne: Re: Some very nice IPv6 growth as measured by Google

 On 3 Nov 2014, at 6:43 pm, Eric Vyncke (evyncke) evyn...@cisco.com wrote:

 [As a side note, it seems that the European 'google' statistics are now more 
 in line with the expectation]

 Several countries have recently made good progress dixit Google  Apnic (URL 
 are simply a different way of presenting Google data):
   • US has reached 10%, welcome to the 10%-club
   • Estonia has a VERY impressive growth approaching 5%: 
 https://www.vyncke.org/ipv6status/plotpenetration.php?country=ee
   • Other European countries with a recent growth:
   • Austria: 
 https://www.vyncke.org/ipv6status/plotpenetration.php?country=at
   • Czech republic: 
 https://www.vyncke.org/ipv6status/plotpenetration.php?country=cz

Telefonica Czech Republic: 
http://stats.labs.apnic.net/ipv6/AS5610?a=5610c=CZx=1s=1p=1w=1s=0

   • Norway: 
 https://www.vyncke.org/ipv6status/plotpenetration.php?country=no

Telenor : 
http://stats.labs.apnic.net/ipv6/AS2119?a=2119c=NOx=0s=1p=1w=10s=0


   • Greece: 
 https://www.vyncke.org/ipv6status/plotpenetration.php?country=gr

Hellenic Telecommunications: 
http://stats.labs.apnic.net/ipv6/AS6799?a=6799c=GRx=1s=1p=1w=1s=0


   • Portugal: 
 https://www.vyncke.org/ipv6status/plotpenetration.php?country=pt


Telepac PT : 
http://stats.labs.apnic.net/ipv6/AS3243?a=3243c=PTx=1s=1p=1w=1s=0


 If you are behind those growths, I would love to hear more details: 
 technology  used, issues, …


Gepff



SV: Google IPv6 measurements in Europe appear heading down...

2014-10-24 Thread erik.taraldsen
Telenor Norway has had an pretty steep growth in IPv6 enabled subscribers since 
the summer.  We are the larges ISP in Norway, so rollouts we do usually are 
somewhat reflected in the graphs.  On the fixed access (DSL and fiber) we had 
approx. 60.000 lines 1. oct.  Today (24.oct) we have more than 100.000 lines 
activated.  Yet the graph for Norway shows an flattening in the same time 
period. https://www.vyncke.org/ipv6status/compare.php?metric=pcountries=no. 


-Erik



Fra: ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de 
[ipv6-ops-bounces+erik.taraldsen=telenor@lists.cluenet.de] p#229; vegne av 
Sander Steffann [san...@steffann.nl]
Sendt: 24. oktober 2014 02:25
Til: Erik Nygren
Kopi: Eric Vyncke; ipv6-ops@lists.cluenet.de
Emne: Re: Google IPv6 measurements in Europe appear heading down...

Hi Erik,

 Not seeing this in the Akamai data.  See for Germany and Belgium.

Your graphs show the best results (even going over 30% occasionally for 
Belgium) so let's go with your data. :)

Cheers,
Sander

/me likes picking the data that best represents what I *want* to see ;)