Re: Is it time to abandon bogon prefix filters?

On Tue, 19 Aug 2008, Kevin Loch wrote: While you're at it, you also placed the reachable-via rx on all your customer interfaces. If you're paranoid, start with the 'any' rpf and then move to the strict rpf. The strict rpf also helps with routing loops. Be careful not to enable stri

Re: Open Source CA / PKI

On 19/08/08 19:23, Jon Kibler wrote: > I am looking at deploying an open source CA/PKI for a client. It would > be only for internal users and systems. It would have to manage a few > hundred certificates against the organization's self-signed root cert. > It would be installed on a CentOS 5.x plat

Re: uTorrent, IPv6

On 20/08/2008, at 6:57 AM, Mikael Abrahamsson wrote: On Tue, 19 Aug 2008, Jay R. Ashworth wrote: http://tech.slashdot.org/article.pl?sid=08/08/18/226228&from=rss Well, IPv6 usage is actually increasing fairly rapidly, anyway:

Re: uTorrent, IPv6

On 20/08/2008, at 6:39 AM, Jay R. Ashworth wrote: On Tue, Aug 19, 2008 at 04:56:33PM +1200, Nathan Ward wrote: Sit up and pay attention, even if you don't now run IPv6, or even if you don't ever intend to run IPv6. Your off-net bandwidth is going to increase, unless you put some relays in. As a

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

matsuzaki-san's preso, i think the copy he will present next week at apops: http://www.attn.jp/presentation/apnic26-maz-ipv6-p2p.pdf randy

Re: Smallest netblock that providers will accept?

On Tue, Aug 19, 2008 at 1:26 AM, Anton Kapela <[EMAIL PROTECTED]> wrote: > The part that Kevin spares you from reading is the "please don't" > part. [...] Instead of going down this road, I would suggest that you: > > -call up cisco and purchase a GSS (global dns lb with application > availability

RE: uTorrent, IPv6

We have seen the same growth curve on the Freenet6.net tunnelling service. There hasn't been a peak in number of users so it seems people are just using it more. Our link has actually been maxed out the last two months but hopefully we will add more capacity soon and then we will see if the trend c

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

What I was told is that, yes, the packet get routed through the ASIC, but it has to go there twice... Hence reducing the pps by a factor of 2 compare to IPv4. Some vendors had shortcuts that, if the prefix len was < 64, only one pass was necessary. Caveat, this may not be true for all vendors or a

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

Randy Bush wrote: In practice, many routers require the packet to go twice in the hardware if the prefix length is > 64 bits, so even though it is a total waste of space, it is not stupid to use /64 for point-to-point links and even for loopbacks! some of us remember when we thought similarly f

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> Date: Tue, 19 Aug 2008 14:30:38 -0400 > From: Alain Durand <[EMAIL PROTECTED]> > > On 8/19/08 1:50 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > >> In practice, many routers require the packet to go twice in the hardware if > >> the prefix length is > 64 bits, so even though it is a to

Re: OT: Again, sorry for the noise

On Tue, Aug 19, 2008 at 2:47 PM, Joe Blanchard <[EMAIL PROTECTED]> wrote: > Hughes Net DNS issue. I am 72.169.156.122. Notice the Source is port 53, > destination is 20xx. > Because I am not a large company like McDonalds this apparently cannot be > resolved. wow that was a lot of really hard to r

Re: uTorrent, IPv6

On Tue, 19 Aug 2008, Jay R. Ashworth wrote: http://tech.slashdot.org/article.pl?sid=08/08/18/226228&from=rss Well, IPv6 usage is actually increasing fairly rapidly, anyway: So, still, usage is not very impressive (and some of t

OT: Again, sorry for the noise

Hughes Net DNS issue. I am 72.169.156.122. Notice the Source is port 53, destination is 20xx. Because I am not a large company like McDonalds this apparently cannot be resolved. No. TimeSourceDestination Protocol Info 190 51.553317 72.169.156.121

Re: uTorrent, IPv6

On Tue, Aug 19, 2008 at 04:56:33PM +1200, Nathan Ward wrote: > Sit up and pay attention, even if you don't now run IPv6, or even if > you don't ever intend to run IPv6. Your off-net bandwidth is going to > increase, unless you put some relays in. As a friend of mine just said > to me: "Welcome to y

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On 8/19/08 1:50 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: >> In practice, many routers require the packet to go twice in the hardware if >> the prefix length is > 64 bits, so even though it is a total waste of space, >> it is not stupid to use /64 for point-to-point links and even for loo

RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum

>-Original Message- >>> On Tue, 19 Aug 2008, [EMAIL PROTECTED] wrote: > I don't have a problem with assigning customers a /64 of v6 space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if you want to keep track of

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On Tue, 19 Aug 2008, Michael Thomas wrote: > Justin M. Streiner wrote: > > > > I don't operate an ISP network (not anymore, anyway...). My customers > > are departments within my organization, so a /64 per department/VLAN > > is more sane/reasonable for my environment. > > Uh, the lower 64 bits of

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> In practice, many routers require the packet to go twice in the hardware if > the prefix length is > 64 bits, so even though it is a total waste of space, > it is not stupid to use /64 for point-to-point links and even for loopbacks! some of us remember when we thought similarly for /24s for p2p

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On 8/19/08 1:36 PM, "Nathan Ward" <[EMAIL PROTECTED]> wrote: > 64 bits is not a magical boundary. > > 112 bits is widely recommended for linknets, for example. > > 64 bits is common, because of EUI-64 and friends. That's it. > There is nothing, anywhere, that says that the first 64 bits is fo

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

Michael Thomas wrote: > Justin M. Streiner wrote: >> On Tue, 19 Aug 2008, [EMAIL PROTECTED] wrote: >> I don't have a problem with assigning customers a /64 of v6 space. >>> >>> Why so little? Normally customers get a /48 except for residential >>> customers who can be given a /56 if you w

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On 20/08/2008, at 5:25 AM, Michael Thomas wrote: Justin M. Streiner wrote: On Tue, 19 Aug 2008, [EMAIL PROTECTED] wrote: I don't have a problem with assigning customers a /64 of v6 space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if yo

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> Uh, the lower 64 bits of an IP6 address aren't used for routing they are. the /64 boundary is not in harwhere randy

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

Justin M. Streiner wrote: On Tue, 19 Aug 2008, [EMAIL PROTECTED] wrote: I don't have a problem with assigning customers a /64 of v6 space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if you want to keep track of different block sizes. If

Re: SLAAC(autoconfig) vs DHCPv6

On Mon, Aug 18, 2008 at 03:42:29PM -0400, Howard C. Berkowitz wrote: > If you want to test a resource, be it the end user or an infrastructure > interface, how do you know how to foo it (foo being some value of ping, > traceroute, look it up in SNMP/NetFlow, etc)? > > I submit that if you use dyna

Re: RouterOS performance?

Am 19.08.2008 um 16:28 schrieb Robert E. Seastrom: What I want to do is have a minimal functionality netbootable image that is sufficient to set up network interfaces and then do: ftp> get pfsense.img "| dd of=/dev/ad0" and completely blow away what's on the flash and replace it with somethin

RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On Tue, 19 Aug 2008, [EMAIL PROTECTED] wrote: I don't have a problem with assigning customers a /64 of v6 space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if you want to keep track of different block sizes. If ARIN will give you a /48 f

Re: Is it time to abandon bogon prefix filters?

Jared Mauch wrote: While you're at it, you also placed the reachable-via rx on all your customer interfaces. If you're paranoid, start with the 'any' rpf and then move to the strict rpf. The strict rpf also helps with routing loops. Be careful not to enable strict rpf on multihomed c

Re: RouterOS performance?

Nathan Ward <[EMAIL PROTECTED]> writes: > On 19/08/2008, at 11:32 PM, Robert E. Seastrom wrote: >> Also, from time to time I have to reflash these to repurpose them >> (NanoBSD vs. pfSense vs. AskoziaPBX). It's a complete pain to >> disassemble their enclosures so I can get at the CF cards. I'v

Re: RouterOS performance?

[EMAIL PROTECTED] ("Robert E. Seastrom") writes: > Joel Jaeggli <[EMAIL PROTECTED]> writes: > >> I actually use freebsd as a router on soekris, but I do need a general >> purpose os on the system as well. > > Speaking of Soekris (and the PCEngines ALIX by extension, of which I > have several): > >

RE: SLAAC(autoconfig) vs DHCPv6

1. I think ARP is effectively a ping for a mac. It verifies connectivity on level 2 between two hosts. You have to be on the same segment though To make it work, you would have to know the mac address of the remote host, clear the arp table the local host, then send the ARP request out.

Re: uTorrent, IPv6

My recollection is that there were complaints about them reconfiguring people's TCP stacks and uTorrent stopped enabling IPv6. - Laird Popkin, CTO, Pando Networks http://www.pandonetworks.com 520 Broadway, 10th Floor, NY, NY, 10012 [EMAIL PROTECTED], 646/465-0570. Sent from my iPhone. Ap

Re: RouterOS performance?

On 19/08/2008, at 11:32 PM, Robert E. Seastrom wrote: Also, from time to time I have to reflash these to repurpose them (NanoBSD vs. pfSense vs. AskoziaPBX). It's a complete pain to disassemble their enclosures so I can get at the CF cards. I've often thought that if someone had whipped up a me

Re: RouterOS performance?

Joel Jaeggli <[EMAIL PROTECTED]> writes: > I actually use freebsd as a router on soekris, but I do need a general > purpose os on the system as well. Speaking of Soekris (and the PCEngines ALIX by extension, of which I have several): Does anyone know of a comparable small SBC that doesn't have

Open Source CA / PKI

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, I am looking at deploying an open source CA/PKI for a client. It would be only for internal users and systems. It would have to manage a few hundred certificates against the organization's self-signed root cert. It would be installed on a C

RE: uTorrent, IPv6

> So, if you run a network today, deploy 6to4 and Teredo > relays, regardless of whether you have customer facing IPv6 or not. > If you serve IPv6 content, you are already running Teredo and > 6to4 relays, so that Windows Vista users get near to > IPv4-speed access to your IPv6 content, right? R

RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> I don't have a problem with assigning customers a /64 of v6 > space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if you want to keep track of different block sizes. If ARIN will give you a /48 for every customer, then why be miserly with a