* Mark Milhollan
> On Thu, 11 Apr 2019, Tore Anderson wrote:
>
>> We've been wanting to replace our all of our ad-hoc OOB links with a
>> standardised setup based on LTE connectivity to an embedded
>> login/console server at each PoP. IPv6 would be perfect due to no
>> CGNAT and infinitesimal
On Thu, 11 Apr 2019, Tore Anderson wrote:
We've been wanting to replace our all of our ad-hoc OOB links with a
standardised setup based on LTE connectivity to an embedded
login/console server at each PoP. IPv6 would be perfect due to no
CGNAT and infinitesimal levels of background scanning.
> On Apr 11, 2019, at 9:45 AM, Fred Baker wrote:
>
>
>
>> On Apr 11, 2019, at 8:43 AM, Owen DeLong wrote:
>>
>> I’m pretty sure that no matter how good your power management is, any cell
>> phone’s battery will die long before its /64 can be scanned.
>
> And that might be the point of
> On Apr 11, 2019, at 8:43 AM, Owen DeLong wrote:
>
> I’m pretty sure that no matter how good your power management is, any cell
> phone’s battery will die long before its /64 can be scanned.
And that might be the point of the scan - not to find the addresses in use, but
to deplete the
> On Apr 10, 2019, at 1:20 PM, Amos Rosenboim wrote:
>
> Owen,
>
> Let me clarify a few points:
>
> 1. I am in favor of end to end connectivity and IPv6 can help restore this.
>
> 2. In the fixed broadband portion of the network this is the case.
> IPv6 is routed to the subscriber CPE.
>
> On Apr 10, 2019, at 10:39 PM, Mikael Abrahamsson wrote:
>
> On Wed, 10 Apr 2019, Jan Chrillesen wrote:
>
>> Also keep in mind that most GGSN/PGW will assign a /64 (and not a /128)
>
> All 3GPP devices assign /64 per bearer because that's what's in the 3GPP
> spec. I've been told 3GPP
* Owen DeLong
> What would be the process for a subscriber who wishes to allow inbound
> connections?
>
> If you are simply saying that as a customer of your ISP you simply can’t
> allow inbound IPv6 connections at all, then you are becoming a very poor
> substitute for an ISP IMHO.
I have
On Wed, 10 Apr 2019, Jan Chrillesen wrote:
Also keep in mind that most GGSN/PGW will assign a /64 (and not a /128)
All 3GPP devices assign /64 per bearer because that's what's in the 3GPP
spec. I've been told 3GPP went to IETF and asked what to do, IETF said
"assign /64 per device" and
On tir., 09 apr. 2019, Amos Rosenboim wrote:
> On the other hand, allowing only subscriber initiated traffic is mostly
> achievable using ACLs on the mobile core facing routers, or is it with the
> growing percentage of UDP traffic ?
>
> BTW – I don’t mention IPv4 traffic on the mobile
I agree with Owen that an always-on firewall which blocks all inbound
traffic would be very frustrating to some users. I do understand your need
as a provider to prevent expensive signaling operations. I think the
suggestion of a toggle in a web portal to disable the firewall is a good
compromise.
Owen,
Let me clarify a few points:
1. I am in favor of end to end connectivity and IPv6 can help restore this.
2. In the fixed broadband portion of the network this is the case.
IPv6 is routed to the subscriber CPE.
Firewall on the CPE is turned on by default, but can be turned off by the user.
> We have an ongoing discussion about Gi firewall (adding a firewall between
> the subscribers and the internet, allowing only subscriber initiated
> connections), for the IPv6 traffic.
>
>
>
> The firewall is doing very little security, the ruleset is very basic,
> allowing anything from
I don't v6 stats yet but it would be interesting to see. I did a tcpdump on
one v6 IP and saw hundreds of requests to port 25.
On Wed, Apr 10, 2019 at 10:43 AM Ca By wrote:
>
>
> On Wed, Apr 10, 2019 at 7:06 AM Dovid Bender wrote:
>
>> I think the traffic Amos is referring to is random
On Wed, Apr 10, 2019 at 7:06 AM Dovid Bender wrote:
> I think the traffic Amos is referring to is random traffic hitting the
> devices causing them to "wake up". Everyone here knows a simple dump on
> port 22 will show traffic. We have a /22 that gets an avg of 1-2 mbit of
> random traffic
I think the traffic Amos is referring to is random traffic hitting the
devices causing them to "wake up". Everyone here knows a simple dump on
port 22 will show traffic. We have a /22 that gets an avg of 1-2 mbit of
random traffic (mainly 22 and 3389).
On Wed, Apr 10, 2019 at 9:49 AM Ca By
On Wed, Apr 10, 2019 at 6:23 AM Amos Rosenboim wrote:
> Hello NANOG,
>
>
>
> We are discussing internally and wanted to get more opinions and
> especially more data on what are people actually doing.
>
> We are running an ISP network with about 150K fixed broadband users,
> running dual stack
Hello NANOG,
We are discussing internally and wanted to get more opinions and especially
more data on what are people actually doing.
We are running an ISP network with about 150K fixed broadband users, running
dual stack (IPv4 behind CGNAT).
On the ISP network IPv6 is simply routed, and is
17 matches
Mail list logo