> I'm observing a near global outage of DNS services from d.nic.so. This
> appears to be an AfriNIC anycast DNS service.
>From my vantage point in Oslo, Norway, d.nic.so works just fine using
IPv6 but not IPv4.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
> Out of curiosity, which operating systems put anything useful (for use
> in ECMP) into the flow label of IPv6 packets? At the moment, I only
> have access to CentOS 6 and CentOS 7 machines, and both of them set the
> flow label to zero for all traffic.
FreeBSD 11.2-STABLE.
Steinar Haug,
>> Dead for me via:
>> HE
>> NTT
>> COX
>
> Likewise here, via a bunch of other transits. I saw them from HE this morning
> but they appear to have been withdrawn now.
Also gone from HE from my vantage point in Oslo, Norway.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
> I'd greatly appreciate it if readers of this post would help me to to confirm
> that the non-routing of the above block is both universal and complete...
> as it is, at least, from where I am sitting... but at this point I have
> nothing and nobody to rail against. (Or so I thought! But while
> > This also ignores the shift if every house in the world did its own
> > recursion. TLD servers and auth servers all over the world would
> > have to massively up their capacity to cope.
>
> With my TLD operator hat, I tend to say it is not a problem, we
> already have a lot of extra capacity,
> > ULA at inside and 1:1 to operator address in the edge is what I've
> > been recommending to my enterprise customers since we started to offer
> > IPv6 commercially. Fits their existing processes and protects me from
> > creating tainted unusable addresses.
>
> Oh, please. NAT all over again?
> > My wild guess is if we'd just waited a little bit longer to formalize
> > IPng we'd've more seriously considered variable length addressing with
> > a byte indicating how many octets in the address even if only 2
> > lengths were immediately implemented (4 and 16.)
>
> Actually, that got
> > I am hoping to find what other TLD operators may have similar requirements.
> >
>
> .br also has such requirements. OpenSRS reference chart has a good hint of
> which ccTLDs have such requirements:
> http://bit.ly/OpenSRS_TLD_Reference_Chart
It might be advisable to verify the data. For
> Could you list which prefix(es) you saw were being announced with these
> long AS paths?
186.177.184.0/23 - still being announced with 533 occurrences of 262197
in the AS path.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
> If you're on cogent, since 22:30 UTC yesterday or so this has been happening
> (or happened).
Still happening here. I count 562 prepends (563 * 262197) in the
advertisement we receive from Cogent. I see no good reason why we
should accept that many prepends.
Steinar Haug, Nethelp consulting,
> Thank you all for your Ideas. AFAIK one of the main decisions for IPv6
> transition and deployment is the choice of IPv6 IGP. I read somewhere
> that its a good practice to use different IGP protocol for IPv6 and
> IPv4. For example if IGP for IPv4 is IS-IS then use OSPFv3 for IPv6.
> any
> > Null-routing may not be sufficient, if the edge/border router has a
> > route to that /128; the (forwardable) /128 entry will win from the
> > blackholed /64 FIB entry since it is more-specific.
>
> just thought about it a bit.
> As mentioned (in other post) I was thinking of a specific use
> > I see no valid reason for such long AS paths. Time to update filters
> > here. I'm tempted to set the cutoff at 30 - can anybody see a good
> > reason to permit longer AS paths?
>
> Well, as I mentioned in my Net Neutrality filing to the FCC, a TTL of 30
> is OK for intra-planet routing, but
> Just wondering if anyone else saw this yesterday afternoon ?
>
> Jun 20 16:57:29:E:BGP: From Peer 38.X.X.X received Long AS_PATH=3D AS_SEQ(2=
> ) 174 12956 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456 234=
> 56 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456
> > I think people were looking for specifics about the implementation
> > deficits in the junos version which caused enough problems to justify
> > the term "not getting it"?
>
> The only IS-IS implementation we struggle with is Quagga.
>
> For that, we run OSPFv2 and OSPFv3 on Quagga and
> Cisco is the only "real" IS-IS vendor.
>
> Juniper, Brocade, Arista, Avaya, etc you're not getting it. Any of the
> whitebox hardware or real SDN capable solutions, you're going to be on OSPF.
Maybe you need to tell us what the other companies aren't getting?
We're using IS-IS on (mostly)
> I think you misunderstood his point: it's not the knobs, but the
> vendors. Generally, when you're trying to integrate random crap into an
> otherwise well-structured network, you'll find OSPF available, but very
> rarely IS-IS.
We never really want to talk IS-IS with random crap - in that
>From Dyn's statement,
http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html
we have
"After restoring service, Dyn experienced a second wave of attacks
just before noon ET. This second wave was more global in nature
(i.e. not limited to our East Coast
> I was just thing about this WAN jitter issue myself. I'm wondering how many
> folks put NTP traffic in priority queues? At least for devices in your
> managed IP ranges. Seems like that would improve jitter. Would like to
> hear about others doing this successfully prior to suggesting it for
> > That's interesting, given that most larger routers don't support 1:1.
>
> I find that strange, because if you're doing in in HW, doing hash
> lookup for flow and adding packets and bytes to the counter is cheap.
> It's expensive having lot of those flows, but incrementing their
> packet and
> So I'm looking at the policies, recommended configurations, etc. of other
> IXes. We try to model a lot of ourselves on what the Europeans do (even if we
> come up short in some areas). I was reading through the AMS-IX guide.
>
>
> > The DHCP relay could also have injected routes but that is a second
> > class solution.
>
> DHCP relays *are* second class solutions :) Unfortunately they cannot
> always be avoided in the semi-L2-environments like ISP access networks
> often are.
Each to his own, I guess. Some of us are
> > The differences between the two protocols are so small, that people
> > really grasp at straws when 'proving' that one is better over the
> > other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses
> > TLVs so new features are quicker to implement'. While these may be
> > vaguely
> Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need
> to be in the router.
>
> Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service,
> with IPv6 it's built into every device, because IPsec is a mandatory
> component for IPv6, and therefore, the
> > > At first, I thought this was a bug, but then learned that RFCs 1112, 1122
> > > and 1812 all specify that ICMP unreachables not be sent in response to
> > > multicast packets.
> >
> > > I'm struggling to grok the rationale behind not sending unreachables in
> > > response to multicast
What is the current state/use of OSPF-TE?
Something you don't hear about much, for sure. Is this something that
wasn't designed well, supported well, or was it just superseded by label
based switching by the vast Telco market?
I assume you mean RFC 3630 Traffic Engineering (TE) Extensions
In real life people use - bgp ttl security, md5 passwords, control plane
protection of 179 port, inbound/outbound routes filters. So far this has
been enough.
These mechanisms do little or nothing to protect against unauthorized
origination of routing information. There are plenty of examples
Let me disagree - Pakistan Youtube was possible only because their uplink
provider did NOT implement inbound route filters . As always the weakest
link is human factor - and no super-duper newest technology is ever to help
here .
Agreed, the uplink absolutely should have implemented prefix
Wondering if some of the long-time list members
can shed some light on the question--why is the
.gov top level domain only for use by US
government agencies? Where do other world
powers put their government agency domains?
With the exception of the cctlds, shouldn't the
top-level gtlds
The 192.250.24 addresses have been reachable for several months in the
current configuration with no reported issues. Since the 16th we have
been hearing reports that destinations in that block are unavailable
for some.
Several looking glass' report network not in table.
Visible
There are decades of mailing lists archives at nanog and others that have
the same thing -- 1) stressed out ops guy 2) buggy code (tac says need to
load latest code as first step) 3) L2 mess -- most of those examples of
epic failure are ipv4 related, but many are just ethernet fails.
If
We$,1ry(Bve been customers of Hurricane Electric for a number of years now
and always been happy with their service.
In recent months packet loss on some of their major routes has become a very
common (every few days) occurrence. Without knowledge of their network I am
unsure
So, then the only problem, perhaps, is that noone has apparently
bothered to explicitly document that both VRRP and CARP use
00:00:5e:00:01:xx MAC addresses, and that the xx part comes from the
Virtual Router IDentifier (VRID) in VRRP and virtual host ID
(VHID) in CARP, providing a colliding
No, it is LESS robust, because the client identifier changes when the
SOFTWARE changes. Around here, software changes MUCH more often than
hardware. Heck, even a dual-boot scenario breaks the client
identifier stability. Worse yet, DHCPv6 has created a scenario where
a client's IPv4
DHCPv6 as defined in RFC 3315 does not offer client MAC address at all
(thus making the job more difficult for a number of organizations).
Yes it does…
What do you think “Link Layer Address” (RFC 3315, Section 9.1 Type 3)
is? From RFC-3315 Section 9.4, it seems pretty clear that is
The business model seems clearer when offering filtering as a service
to downstream networks, the effects are narrowly scoped, and members
have control over the traffic they accept from the exchange, e.g. I
don't want to accept NTP traffic to any destination that exceeds
1Gbit/s, or is
Premature send - I meant to add 'Or against the authoritative servers for
5kkx.com?'
We've been seeing a spate of reflected (not amplified) DNS attacks against
various authoritative servers in Europe for the past week or so, bounced
through some type of consumer DSL broadband CPE with an
It has been ongoing for a week or so (but not constant). The domain
names have a pattern but are comprised of components that appear to be
randomly generated. The source IP addresses for the queries appear to be
non duplicated and randomly generated.
query logs are available for
Was just trying to get more info from large networks about whether how some
of the things that make theoretical logical sense actually work out in
practice that way e.g. whether fixed header size and the fewer headers
required to decode to read an IPv6 packet (with respect to IPv4) really may
I think there needs to be some clarification on how these tools get used,
how often they're used, and if they're ever cleaned up when no longer part
of an active operation. Of course we'll never get that.
Highly unlikely, I'd say.
The amount of apologists with the attitude this isn't a big
The best response I've seen to all this hype and I completely agree with
Scott:
Do ya think that you wouldn't also notice a drastic increase in outbound
traffic to begin with? It's fun to watch all the hype and things like
that, but to truly sit down and think about what it would actually
Using a 1/10th of a second interval is rather anti-social.
I know we rate-limit ICMP traffic down, and such a
short interval would be detected as attack traffic,
and treated as such.
...
For what it is worth, I used to think the same, until I saw several
providers themselves suggest that
But isn't this all just neo-colonialism? Establish a market in the colony,
but ensure through restrictive trade practices that all trade routes lead
back via the mother country.
Or can I buy myself connectivity to AMS-IX Amsterdam when i'm present at the
LINX Harare exchange?
There are
I actually emailed RAD, MethodE and Avago yesterday and pitched the idea.
MiTOP is my exact justification why it should technically be feasible.
I guess it would be easier to pitch, if there would be commitment to buy,
but I don't personally need many units, just 1-2 here and there.
I
Getting reports from a third party vendor that there's been a line cut in the
Mediterranean that is affecting some Internet traffic. Anyone have any
details?
See the outages list:
https://puck.nether.net/pipermail/outages/2013-March/005386.html
Steinar Haug, Nethelp consulting,
I don't think you can get ethernet and transport out-of-the-area in
some places at a reasonable cost, so having serial-console I think is
still a requirement.
TDM is disappearing quickly in at least some parts of the world. We
may not be quite there yet, but I think it's entirely reasonable to
Again, where're the compelling IPv6-only content/apps/services?
To answer your rhetorical question, http://www.kame.net/ has a dancing
kame. To my knowledge, that's the most compelling IPv6-only content.
Don't forget http://loopsofzen.co.uk/ - that's definitely the most
compelling
as to whether ios/xe is rtc, you may want to see my preso at the last
nanog.
NANOG56? I only found RPKI Propagation by you. Direct URL would be
appreciated.
Look towards the end of the presentation and you'll find run to
completion...
Steinar Haug, Nethelp consulting, sth...@nethelp.no
Is anyone else experiencing similar issues?
Not from here (AS 2116, Norway). No problem getting up the web page,
tcpdump shows MSS 1440.
My traceroute shows they are employing a CDN for s0.wp.com, so not
everyone might be affected.
7 asd2-rou-1022.NL.eurorings.net
Yeah I see the disconnect. I'm assuming that what I see is what I get.
Which means I'm going to stick with HSRP. If our AS team gives me any
good feedback that I can share I will do so. Thanks Nick.
XE: v4: HSRPv1, HSRPv2, VRRPv6: HSRPv2
Not particularly relevant to the
I think it would be far more reliable to simply have two independent
DHCP servers with mutually exclusive address ranges, and have one
system be secondary and delay its responses by 2s so it always
loses when the primary is up and running well.
Yes, you lose the ability for clients to get
The port number of the Layer 4 connection cannot be determined without
executing IP fragment reassembly in that case.Routers normally
reassemble fragments they receive, if possible.
No, routers normally do *not* reassemble fragments. This is typically
done by hosts and firewalls.
Steinar
I disagree. Origin is tremendously useful as a multi-AS weighting
tool, and isn't the blunt hammer that AS_PATH is.
If you think of AS_PATH as a blunt hammer, how would you describe
localpref?
We use AS_PATH in many cases *precisely* because we don't consider it
to be a blunt hammer...
There's new mib support in new IOS's and ASR9k stuffs but there's
still not feature parity with IPv4. It seems the current prevailing
winds indicate less support for SNMP and more for NETCONF. So maybe
we should all get cozy with XML rather than OIDs...
shudder All I've seen of Netconf so
Anyway, not the best devices for an edge router that is for sure.
Which is too bad... for very small DC edge applications, the J6350
was a pretty cool router in earlier versions of JunOS that didn't
decide to re-engineer your network and transit for you.
We have 3 J2320s in the lab, all
Anyone seen signs of this attack actually occurring ?
http://www.nytimes.com/2012/03/31/technology/with-advance-warning-bracing-for-attack-on-internet-by-anonymous.html?_r=1
From my vantage point in Oslo, Norway, there is no sign of any attack
occurring.
Steinar Haug, Nethelp consulting,
We already have this type of attack in Bucharest/Romania since last
Friday. The targets where IP's of some local webhosters, but at one
moment we event saw IP's from Go Daddy.
Tcpdump will show something like:
11:10:41.447079 IP target open_resolver_ip.53: 80+ [1au] ANY? isc.org.
(37)
If you want to know if your resolver talks IPv6 to the world and
supports 4096 EDNS UDP messages the following query will tell you.
dig edns-v6-ok.isc.org txt
Similarly for IPv4.
dig edns-v4-ok.isc.org txt
Both PowerDNS recursor 3.3 and Nominum CNS 3.0.5
Note: An IPv4 route requires only one TCAM entry. Because of the
hardware compression scheme used for IPv6, an IPv6 route can take
more than one TCAM entry, reducing the number of entries forwarded
in hardware. For example, for IPv6 directly connected IP addresses,
the
On the other hand there's also the rule that IPv6 is classless and therefore
routing on any prefix length must be supported, although for some
implementations forwarding based on /64 is somewhat less efficient.
Can you please name names for the somewhat less efficient part? I've
seen this
Most vendors have a TCAM that by default does IPv6 routing for netmasks =64.
They have a separate TCAM (which is usually limited in size) that does
routing for masks 64 and =128.
Please provide references. I haven't seen any documentation of such an
architecture myself.
TCAMs are expensive
Can you please name names for the somewhat less efficient part? I've
seen this and similar claims several times, but the lack of specific
information is rather astounding.
Well, I do know if you look at the specs for most newer L3 switches,
they will often say something like max IPv4
If every route is nicely split at the 64-bit boundary, then it saves a
step in matching the prefix. Admittedly a very inexpensive step.
My point here is that IPv6 is still defined as longest prefix match,
so unless you *know* that all prefixes are = 64 bits, you still need
the longer match.
IPv6 CEF appears to be functioning normally for prefixes longer than
64-bit on my 720(s).
I'm not seeing evidence of unexpected punting.
The CPU utilization of the software process that would handle IPv6
being punted to software, IPv6 Input, is at a steady %0.00 average
(with spikes up
prefixes on the same link. Choosing to make use of a 120-bit prefix
(for example) will do nothing to protect against a rogue RA announcing
its own 64-bit prefix with the A flag set.
I could not find any A flag in the RA. Am i missing something?
It's part of the Prefix Information
I am not sure if this is the reason as this only applies to the link
local IP address. One could still assign a global IPv6 address. So,
why does basic IPv6 (ND process, etc) break if i use a netmask of say
/120?
As long as you assign addresses statically, IPv6 works just fine with a
netmask
We discover there are so many (source) ip not belonging to our network
to go to outside.
We can block it but don't know how to locate the source.
Any tools can be easily found out.
http://lmgtfy.com/?q=unicast+rpf
Steinar Haug, Nethelp consulting, sth...@nethelp.no
I am wondering if anyone else is seeing a sudden increase in DNS attacks
emanating from chinese IP addresses? Over the past 24 hours we've seen a
sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10
million PPS for periods of 5 to 10 mins, repeated every 20 to 30
The practice of filling out the reverse zone with fake PTR record
started before there was wide spread support for UPDATE/DNS. There
isn't any need for this to be done anymore. Machines are capable
of adding records for themselves.
How do I setup this for DHCPv6-PD? Say, I delegate
To pop up the stack a bit it's the fact that an organization willing to
behave in that fashion was in my list of CA certs in the first place.
Yes they're blackballed now, better late than never I suppose. What does
that say about the potential for other CAs to behave in such a fashion?
I'd
And your average home user, whose WiFi network is an open network named
linksys is going to do that how?
Because the routers that come on pantries and refrigerators will probably be
made by people smarter than the folks at Linksys?
One could argue that routing and access control is even
3) I think people do some of both. I think that if people can get static for
the
same price, they will choose static over dynamic. I think that some
will even choose to use their dynamic to run tunnels where they
can get static. You can get free static tunnels for IPv6
Experience from IPv4 suggests otherwise. We (as an ISP) normally hand
out dynamic IPv4 addresses to residential customers, and static IPv4
addresses to business customers.
- We have plenty of business customers who *want* dynamic addresses,
even if static is available as a standard
- Dynamic address: Customer connects PC (defaults to DHCP) or router/
firewall with DHCP for the WAN interface plus NAT for the LAN side.
Necessary configuration: Small to none.
DHCP doesn't imply dynamic address. It implies customer doesn't have to
configure an address him/herself.
Can anyone enlighten me on the pros and cons of MX 80 platform
There's been quite a bit of discussion about the MX80 on the
juniper-nsp list, and I recommend asking on that list instead
(if you don't find what you already need in the list archives).
As a general rule, people are more likely to
Ethernet doesn't scale because of large amounts of broadcast traffic.
We started to introduce multicast, and multicast-aware switches in
IPv4; in IPv6 there is no broadcast traffic. We won't be able to
scale networks up until we can turn off IPv4,
In other words, probably not for another
Are you not using managed switches?
Certainly.
It takes me about 1 second to find exactly which device and which port
a device is connected to. Once you know that; you have a pretty nice
collection of statistics and log messages that usually tell you
exactly what is wrong.
Here is where
Ethernet is not designed for huge LANs. If you want that you need
to make significant changes - http://www.cl.cam.ac.uk/~mas90/MOOSE/
Hm:
Our object is to design a communication system which can grow smoothly to
accommodate several buildings full of personal computers and the
DHCPv6 does not provide route information because this task is handled
by RA in IPv6.
Thankfully this silliness is in the process of being fixed,
So where do I point out the stupidity of trying to fix this non-brokenness?
Several large operators have said, repeatedly, that they want to
Several large operators have said, repeatedly, that they want to use
DHCPv6 without RA. I disagree that this is stupid.
I wonder if it's just a violation of rule #1: stop thinking legacy!
If having a significant infrastructure that supports IPv4 DHCP is
legacy, yes then you could argue
You can actually use DHCPv6 to assign addresses to hosts dynamically
on longer than /64 networks.
However, you may have to go to some effort to add DHCPv6 support to
those hosts first.
Also, there is no prefix-length (or default router) option in DHCPv6,
so you have to configure the
nitpicking
1gige linerate: 1,9mpps
10gige linerate: 19mpps
and intel is proud to achieve 1,6mpps at 2 10gige cards?
I have seen higher values at pc hardware - but still not compareable to
asics.
If you're going to specify line rate pps, please get the figures right.
I am trying to use http://www.rwhois.net/rwhois/prwhois.html to check
my rwhois server
but it is not reachable now
Do you know why the websie is not in existing?
and how can i check it
As somebody else answered on Nanog a couple of weeks ago,
rwhoisd is very old software that has had
No, the same Internet Protocol.
I believe he meant different IP addresses
No, that can't be, he would have said IP addresses.
and I highly recommend doing so.
If you do so, then you can move services around and name things independent
of
the actual host that they happen to be
1) Is there a general convention about addresses for DNS servers? NTP
servers? dhcp servers?
DNS server addresses should be short and easy to tape, as already
mentioned.
2) Are we tending to use different IPs for each service on a device?
In many cases yes - because that makes it possible to
Why o why are isp's and hosters so ignorant in dealing with such issues
and act like they do not care?
they don't act like they do not care. they really *don't* care. no acting.
Well now, I'd say this varies considerably. There are definitely ISPs
that care and *do* work hard at reducing
6to4 is handy as a toy or for experimenting, but it relies on a loose
network of generous volunteers who, while generous, are neither
generous nor numerous enough to support production traffic.
Any ISP that is delivering IPv6 to their clients would be insane
to not run a 6to4 relays for
Requirements are basically just 24/48 SFP ports, PVLAN and
selective QinQ.
Most devices that fit the requirements are Layer 3, which pushes
the cost
per port too high.
...
The ME3600X might be more a more appropriate Cisco solution than the
ME6524. The ME3600X
Juniper MX80 does all this.
1. It's not a switch (so don't expect switch pricing).
2. It doesn't offer 12 x 10GE ports.
And I believe this has been mentioned earlier in the same thread...
Steinar Haug, Nethelp consulting, sth...@nethelp.no
Does anybody have anything neat to keep logs of what host gets what ipv6
address in an SLAAC environment?
You'd have to correlate ND information in the router to some kind of
record of who has what MAC address at any given time. With SLAAC the host
doesn't get an IPv6 address, it takes
In fairness, said device can do the same sort of inspection of SLAAC
traffic. It just looks at neighbor discovery messages instead of DHCP
messages.
http://tools.ietf.org/html/draft-ietf-savi-fcfs
Any known (existing) or planned implementations of this?
Steinar Haug, Nethelp consulting,
Is there a NANOG FAQ we can add this to?
1- Use Public Ipv6 with /122 and do not advertise to Internet
2- Use Public Ipv6 with /127 and do not advertise to Internet
The all zeros address is the all routers anycast address so on most non-Cisco
routers you can't use it, ruling out
A /127 mask is still the best way to handle real point-to-point links
like SDH/SONET today, to avoid the ping-pong problem. Works fine with
Cisco and Juniper, not tried with other vendors.
I know it's immature, but I can't wait for some new hire at vendor C or
vendor J to reread the
Global scope addresses on router-to-router interfaces are necessary
today for traceroute to work. Some ISPs are *requiring* working
traceroute (without MPLS hiding of intermediate hops) in RFPs to
transit providers.
If you can get router ICMP handling changed such that the ICMP packet
A /127 mask is still the best way to handle real point-to-point links
like SDH/SONET today, to avoid the ping-pong problem. Works fine with
Cisco and Juniper, not tried with other vendors.
Can you elaborate on this? What's the ping-pong problem?
This has been well covered in the
The subject says it all... anyone with experience with a setup like
this ?
Unicast addresses must be located in at least a /64 subnet. No doubt
there are vendors which enforce this (perhaps even in the ASICs), so
deviating from this rule will result in some lock-in.
The Juniper and
I'm perfectly happy with an IPv6 network that only has rational people on it
while those who insist on NAT stay behind on IPv4.
There's an inherent conflict between your wish here and the desire to
bring IPv6 to the masses...
Steinar Haug, Nethelp consulting, sth...@nethelp.no
It's a bit of a shame that people who've gotten into networking in the
last 10 to 15 years haven't studied or worked with anything more than
IPv4. They've missed out on seeing a variety of different ways to solve
the same types of problems and therefore been exposed to the various
benefits
- Hosted solutions offer a low barrier entry to smaller organizations
who simply cannot develop their own PKI infrastructure. This is the
case where they also lack the organizational skills to properly manage
the keys themselves, so, in most cases at least, they are *better off*
with a
IPv6 is classless; routers cannot blindly make that assumption for
performance optimization.
Blindly, no. However, it's not impractical to implement fast path switching
that
handles things on /64s and push anything that requires something else
to the slow path.
Any vendor who was
1 - 100 of 183 matches
Mail list logo