On Tue, Feb 27, 2024 at 12:03 PM 푀풶퓇풸표 풟풶퓋풾풹퓈 via NANOG
wrote:
>
> Op 27-02-24 om 16:22 schreef Brotman, Alex:
>
> > We are seeing the same,
>
> Thanks.
>
> > You may also want to ask the mailop list.
>
>
> I was about to do that, when I noticed that the problem seems solved.
sorry about the
Op 27-02-24 om 16:22 schreef Brotman, Alex:
We are seeing the same,
Thanks.
You may also want to ask the mailop list.
I was about to do that, when I noticed that the problem seems solved.
--
푀풶퓇풸표
We are seeing the same, but seems like it's mostly affecting delivery for
broadcom.com, and a few other smaller domains. However, connectivity to the MX
listed by gmail.com (and most other domains using GSuite, etc) are working fine
over IPv6.
You may also want to ask the mailop list.
--
On Mon, Feb 19, 2024 at 10:31 AM Tim Howe wrote:
> On Mon, 19 Feb 2024 10:01:06 -0800
> William Herrin wrote:
> > So when the user wants to run a home server, their IPv4 options are to
> > create a TCP or UDP port forward for a single service port or perhaps
> > create a generic port forward for
Some responses below.
On Mon, 19 Feb 2024 10:01:06 -0800
William Herrin wrote:
> > I've never once seen a device
> > that has v6 support and didn't have a stateful v6 firewall on by
> > default (if v6 was "on").
>
> Acknowledged.
>
> So when the user wants to run a home server, their IPv4
On Mon, Feb 19, 2024 at 9:44 AM Tim Howe wrote:
> FWIW, in the decade we have been providing dual-stack by default, I
> have made a bit of a hobby out of testing every CPE and SOHO router
> that I get may hands on in my PON lab.
Hi Tim,
I have not, so I'll defer to your experience.
> I've
OpenWrt, from which much is derived, is default deny on ipv4 and ipv6.
The ipv6 firewall on most cable devices prior to the XB6 is very, very limited.
On Mon, Feb 19, 2024 at 12:44 PM William Herrin wrote:
>
> On Mon, Feb 19, 2024 at 9:23 AM Hunter Fuller wrote:
> > On Mon, Feb 19, 2024 at
On Mon, 19 Feb 2024 09:16:00 -0800
William Herrin wrote:
> I disagree with that one. Limiting discussion to the original security
> context (rather than the wider world of how useful IPv6 is without
> IPv4), IPv6 is typically delivered to "most people" without border
> security, while IPv4 is
On Mon, Feb 19, 2024 at 9:23 AM Hunter Fuller wrote:
> On Mon, Feb 19, 2024 at 11:16 AM William Herrin wrote:
> > > There isn't really an advantage to using v4 NAT.
> > I disagree with that one. Limiting discussion to the original security
> > context (rather than the wider world of how useful
On Mon, Feb 19, 2024 at 11:16 AM William Herrin wrote:
> > There isn't really an advantage to using v4 NAT.
> I disagree with that one. Limiting discussion to the original security
> context (rather than the wider world of how useful IPv6 is without
> IPv4), IPv6 is typically delivered to "most
On Mon, Feb 19, 2024 at 9:00 AM Hunter Fuller wrote:
> I guess the point I'm making is, the methods we are using today for v6
> dual WAN, work fine for most people.
Hi Hunter,
I accept that point. It's wobbly on some of the details, but you're
talking "most" people, not everyone.
> There
On Mon, Feb 19, 2024 at 10:22 AM William Herrin wrote:
> Yes and no. The client application has to be programmed to understand
> link-local addresses or it can't use them at all. You can't just say
> "connect to fe80::1." Even if there's an fe80::1 on your network, it
> doesn't work. The client
On Mon, Feb 19, 2024 at 8:08 AM Hunter Fuller wrote:
> On Mon, Feb 19, 2024 at 9:17 AM William Herrin wrote:
> > There's also the double-ISP loss scenario that causes Joe to lose all
> > global-scope IP addresses. He can overcome that by deploying ULA
> > addresses (a third set of IPv6
On Mon, Feb 19, 2024 at 11:13 AM Hunter Fuller via NANOG
wrote:
>
> On Mon, Feb 19, 2024 at 9:29 AM Mike Hammett wrote:
> > "In IPv6's default operation, if Joe has two connections then each of
> > his computers has two IPv6 addresses and two default routes. If one
> > connection goes down, one
mdns can still be "fun" in a wide variety of situations.
https://www.reddit.com/r/k12sysadmin/comments/9yghdx/chromebooks_and_peer_to_peer_updates_can_be/
I do not know to what extent the upgrade to unicast feature long
gestating in the IETF has been adopted.
On Mon, Feb 19, 2024 at 11:10 AM
On Mon, Feb 19, 2024 at 9:29 AM Mike Hammett wrote:
> "In IPv6's default operation, if Joe has two connections then each of
> his computers has two IPv6 addresses and two default routes. If one
> connection goes down, one of the routes and sets of IP addresses goes
> away."
>
> This sounds like a
On Mon, Feb 19, 2024 at 9:17 AM William Herrin wrote:
> There's also the double-ISP loss scenario that causes Joe to lose all
> global-scope IP addresses. He can overcome that by deploying ULA
> addresses (a third set of IPv6 addresses) on the internal hosts, but
> convincing the internal network
--
> *From: *"Michael Thomas"
> *To: *nanog@nanog.org
> *Sent: *Saturday, February 17, 2024 12:50:46 PM
> *Subject: *Re: IPv6 uptake
>
>
> On 2/17/24 10:26 AM, Owen DeLong via NANOG wrote:
> >
> >> On Feb 16, 2024, at 14:20, Jay R. Ashwo
On Mon, Feb 19, 2024 at 6:02 AM Howard, Lee
wrote:
> Most NATs I've seen in the last 10-15 years are "full cone" NATs: they are
> configured so that once there is an
> outbound flow, and inbound datagram to that address+port will be forwarded to
> the inside address, regardless
> of source.
Hi
Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "William Herrin"
To: "Mike Hammett"
Cc: nanog@nanog.org
Sent: Monday, February 19, 2024 9:16:52 AM
Subject: Re: IPv6 uptake
On Mon, Feb 19, 2024
On Mon, Feb 19, 2024 at 6:52 AM Mike Hammett wrote:
> "We can seriously lose NAT for v6 and not lose
> anything of worth."
>
> I'm not going to participate in the security conversation, but we
> do absolutely need something to fill the role of NAT in v6. If it's
> already there or not, I don't
simple NAT.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Michael Thomas"
To: nanog@nanog.org
Sent: Saturday, February 17, 2024 12:50:46 PM
Subject: Re: IPv6 uptake
On 2/
On Mon, Feb 19, 2024 at 5:29 AM Howard, Lee via NANOG wrote:
> In the U.S., the largest operators without IPv6 are (in order by size):
> Lumen (CenturyLink)
CenturyLink has IPv6 using 6rd. It works fine.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
Bottom-posted with old school formatting by hand.
-Original Message-
From: NANOG On Behalf
Of William Herrin
Sent: Friday, February 16, 2024 8:05 PM
To: Michael Thomas
Cc: nanog@nanog.org
Subject: Re: IPv6 uptake (was: The Reg does 240/4)
> On the firewall, I program it to do
To: nanog@nanog.org
Subject: Re: IPv6 uptake (was: The Reg does 240/4)
[You don't often get email from m...@mtcc.com. Learn why this is important at
https://aka.ms/LearnAboutSenderIdentification ]
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links
and attachments
On Sun, 18 Feb 2024, 05:29 Owen DeLong via NANOG, wrote:
> Most firewalls are default deny. Routers are default allow unless you put
> a filter on the interface.
>
This is not relevant though. NAT when doing port overloading, as is the
case for most CPE, is not default-deny or default-allow.
It appears that Nick Hilliard said:
>full control of all modems and they're all relatively recent, properly
>supported units, fully managed by the cable operator. If you start
>adding poor quality cheap units into the mix, it can cause service problems.
The cablecos I've dealt with have a list
Michael Thomas wrote on 18/02/2024 21:18:
So it has its own wireless? I seem to recall that there were some
economic reasons to use their CPE as little as possible to avoid rent.
Has that changed? Or can I run down and just buy a Cablelabs certified
router/modem these days?
There's no short
On 2/18/24 1:10 PM, Nick Hilliard wrote:
Michael Thomas wrote on 18/02/2024 20:56:
That's really great to hear. Of course there is still the problem
with CPE that doesn't speak v6, but that's not their fault and gives
some reason to use their CPE.
Already solved: cable modem ipv6 support
Michael Thomas wrote on 18/02/2024 20:56:
That's really great to hear. Of course there is still the problem with
CPE that doesn't speak v6, but that's not their fault and gives some
reason to use their CPE.
Already solved: cable modem ipv6 support is usually also excellent, both
in terms of
On 2/18/24 12:50 PM, Nick Hilliard wrote:
Michael Thomas wrote on 18/02/2024 20:28:
I do know that Cablelabs pretty early on -- around the time I
mentioned above -- has been pushing for v6. Maybe Jason Livingood can
clue us in. Getting cable operators onboard too would certainly be a
good
Michael Thomas wrote on 18/02/2024 20:28:
I do know that Cablelabs pretty early on -- around the time I
mentioned above -- has been pushing for v6. Maybe Jason Livingood can
clue us in. Getting cable operators onboard too would certainly be a
good thing,
availability of provider-side ipv6
On 2/18/24 8:47 AM, Greg Skinner via NANOG wrote:
On Feb 17, 2024, at 11:27 AM, William Herrin wrote:
On Sat, Feb 17, 2024 at 10:34?AM Michael Thomas wrote:
Funny, I don't recall Bellovin and Cheswick's Firewall book discussing
NAT.
And mine too, since I hadn't heard of "Firewalls and
On 2/17/24 11:27 AM, William Herrin wrote:
On Sat, Feb 17, 2024 at 10:34 AM Michael Thomas wrote:
I didn't hear about NAT until the
late 90's, iirc. I've definitely not heard of Gauntlet.
Then there are gaps in your knowledge.
Funny, I don't recall Bellovin and Cheswick's Firewall book
On Feb 17, 2024, at 11:27 AM, William Herrin wrote:
>
> On Sat, Feb 17, 2024 at 10:34?AM Michael Thomas wrote:
>
>> Funny, I don't recall Bellovin and Cheswick's Firewall book discussing
>> NAT.
>
> And mine too, since I hadn't heard of "Firewalls and Internet
> Security: Repelling the Wily
Concerning the firewall book.
Firewalls and Internet Security, Second Edition
PDF online at
https://www.wilyhacker.com/fw2e.pdf
"Some people think that NAT boxes are a form of
firewall. In some sense, they are, but they're low-end ones."
On 2/17/24 10:22 AM, Justin Streiner wrote:
Getting back to the recently revised topic of this thread - IPv6 uptake -
what have peoples' experiences been related to crafting sane v6 firewall
rulesets in recent products from the major firewall players (Palo Alto,
Cisco, Fortinet, etc)? On the
On 2/17/24 2:21 PM, John Levine wrote:
But what happens under the hood at
major mailbox providers is maddeningly opaque so who really knows? It
would be nice if MAAWG published a best practices or something like that
to outline what is actually happening in live deployments.
Unfortunately,
It appears that Michael Thomas said:
>I kind of get the impression that once you get to aggregates at the
>domain level like DKIM or SPF, addresses as a reputation vehicle don't
>much figure into decision making.
It definitely does, since there are plenty of IPs that send only
malicious mail,
On 17/02/2024, 19:27:20, "William Herrin" wrote:
So it does not surprise me that a 1994 book on network security would
not have discussed NAT. They'd have referred to the comparable
contemporary technology, which was "transparent application layer
gateways." Those behaved like what we now call
On Sat, Feb 17, 2024 at 10:34 AM Michael Thomas wrote:
> I didn't hear about NAT until the
> late 90's, iirc. I've definitely not heard of Gauntlet.
Then there are gaps in your knowledge.
> Funny, I don't recall Bellovin and Cheswick's Firewall book discussing
> NAT.
And mine too, since I
On Sat, Feb 17, 2024 at 10:22 AM Justin Streiner wrote:
> Getting back to the recently revised topic of this thread - IPv6
> uptake - what have peoples' experiences been related to
> crafting sane v6 firewall rulesets in recent products from the
> major firewall players (Palo Alto, Cisco,
On 2/17/24 10:26 AM, Owen DeLong via NANOG wrote:
On Feb 16, 2024, at 14:20, Jay R. Ashworth wrote:
- Original Message -
From: "Justin Streiner"
4. Getting people to unlearn the "NAT=Security" mindset that we were forced
to accept in the v4 world.
NAT doesn't "equal" security.
I can’t speak to Cisco as I don’t have recent experience there. Juniper, Linux, Palo Alto, and most others I’ve dealt with in the last 5 years pose no significant difference in writing policy for IPv6 vs. the process for IPv4. OwenOn Feb 17, 2024, at 10:23, Justin Streiner wrote:We went pretty
> Think of it like this: you have a guard, you have a fence and you have
> barbed wire on top of the fence. Can you secure the place without the
> barbed wire? Of course. Can an intruder defeat the barbed wire? Of
> course. Is it more secure -with- the barbed wire? Obviously.
>
NAT is like the
Bill, same scenario, but instead of fat fingering an outbound rule, you fat
finger a port map for inbound connections to a different host and get the
destination address wrong.
Still hacked.
NAT doesn’t prevent fat fingers from getting you hacked, it just changes the
nature of the required
On 2/16/24 6:33 PM, William Herrin wrote:
On Fri, Feb 16, 2024 at 6:10 PM Ryan Hamel wrote:
Depending on where that rule is placed within your ACL, yes that can happen
with *ANY* address family.
Hi Ryan,
Correct. The examples illustrated a difference between a firewall
implementing
Most firewalls are default deny. Routers are default allow unless you put a
filter on the interface.
NAT adds nothing to security (Bill and I agree to disagree on this), but at
best, it complicates the audit trail.
Owen
> On Feb 16, 2024, at 15:19, Jay R. Ashworth wrote:
>
> -
> On Feb 16, 2024, at 14:20, Jay R. Ashworth wrote:
>
> - Original Message -
>> From: "Justin Streiner"
>
>> 4. Getting people to unlearn the "NAT=Security" mindset that we were forced
>> to accept in the v4 world.
>
> NAT doesn't "equal" security.
>
> But it is certainly a
On Sat, Feb 17, 2024 at 10:03 AM Michael Thomas wrote:
> On 2/16/24 5:37 PM, William Herrin wrote:
> > What is there to address? I already said that NAT's security
> > enhancement comes into play when a -mistake- is made with the network
> > configuration. You want me to say it again? Okay, I've
We went pretty deep into the weeds on NAT in this thread - far deeper than
I expected ;)
Getting back to the recently revised topic of this thread - IPv6 uptake -
what have peoples' experiences been related to crafting sane v6 firewall
rulesets in recent products from the major firewall players
On 2/16/24 5:37 PM, William Herrin wrote:
On Fri, Feb 16, 2024 at 5:33 PM Michael Thomas wrote:
So you're not going to address that this is a management plain problem.
Hi Mike,
What is there to address? I already said that NAT's security
enhancement comes into play when a -mistake- is made
>
> Any given layer of security can be breached with expense and effort.
> Breaching every layer of security at the same time is more challenging
> than breaching any particular one of them. The use of NAT adds a layer
> of security to the system that is not otherwise there.
>
>
> Think of it like
4 8:03 PM
To: John R. Levine
Cc: nanog@nanog.org
Subject: Re: IPv6 uptake (was: The Reg does 240/4)
Caution: This is an external email and may be malicious. Please take care when
clicking links or opening attachments.
On Fri, Feb 16, 2024 at 7:41 PM John R. Levine wrote:
> > That it's
On Fri, Feb 16, 2024 at 7:41 PM John R. Levine wrote:
> > That it's possible to implement network security well without using
> > NAT does not contradict the claim that NAT enhances network security.
>
> I think we're each overgeneralizing from our individual expeience.
>
> You can configure a V6
That it's possible to implement network security well without using
NAT does not contradict the claim that NAT enhances network security.
I think we're each overgeneralizing from our individual expeience.
You can configure a V6 firewall to be default closed as easily as you can
configure a
On Fri, Feb 16, 2024 at 7:10 PM John Levine wrote:
> If you configure your firewall wrong, bad things will happen. I have both
> IPv6 and NAT IPv4 on my network here and I haven't found it particularly
> hard to get the config correct for IPv6.
Hi John,
That it's possible to implement network
It appears that William Herrin said:
>Now suppose I have a firewall at 199.33.225.1 with an internal network
>of 192.168.55.0/24. Inside the network on 192.168.55.4 I have a switch
>that accepts telnet connections with a user/password of admin/admin.
>On the firewall, I program it to do NAT
On Fri, Feb 16, 2024 at 6:10 PM Ryan Hamel wrote:
> Depending on where that rule is placed within your ACL, yes that can happen
> with *ANY* address family.
Hi Ryan,
Correct. The examples illustrated a difference between a firewall
implementing address-overloaded NAT and a firewall
24 5:44 PM
To: William Herrin
Cc: nanog@nanog.org
Subject: Re: IPv6 uptake (was: The Reg does 240/4)
Caution: This is an external email and may be malicious. Please take care when
clicking links or opening attachments.
Why is your Internal v6 subnet advertised to the Internet?
> On Feb 16, 202
On Fri, Feb 16, 2024 at 5:45 PM wrote:
> Why is your Internal v6 subnet advertised to the Internet?
Because that was the example network -without- NAT. If I made two
networks -with- NAT, there would be no difference to show.
I make 2602:815:6000::/44 be 199.33.224.0/23, make 2602:815:6001::/64
Why is your Internal v6 subnet advertised to the Internet?
> On Feb 16, 2024, at 8:08 PM, William Herrin wrote:
>
> On Fri, Feb 16, 2024 at 3:13 PM Michael Thomas wrote:
>> If you know which subnets need to be NAT'd don't you also know which
>> ones shouldn't exposed to incoming connections
On Fri, Feb 16, 2024 at 5:33 PM Michael Thomas wrote:
> So you're not going to address that this is a management plain problem.
Hi Mike,
What is there to address? I already said that NAT's security
enhancement comes into play when a -mistake- is made with the network
configuration. You want me
On 2/16/24 5:30 PM, William Herrin wrote:
On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas wrote:
On 2/16/24 5:05 PM, William Herrin wrote:
Now, I make a mistake on my firewall. I insert a rule intended to
allow packets outbound from 2602:815:6001::4 but I fat-finger it and
so it allows them
On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas wrote:
> On 2/16/24 5:05 PM, William Herrin wrote:
> > Now, I make a mistake on my firewall. I insert a rule intended to
> > allow packets outbound from 2602:815:6001::4 but I fat-finger it and
> > so it allows them inbound to that address instead.
On 2/16/24 5:05 PM, William Herrin wrote:
On Fri, Feb 16, 2024 at 3:13 PM Michael Thomas wrote:
If you know which subnets need to be NAT'd don't you also know which
ones shouldn't exposed to incoming connections (or conversely, which
should be permitted)? It seems to me that all you're doing
On Fri, Feb 16, 2024 at 3:13 PM Michael Thomas wrote:
> If you know which subnets need to be NAT'd don't you also know which
> ones shouldn't exposed to incoming connections (or conversely, which
> should be permitted)? It seems to me that all you're doing is moving
> around where that knowledge
> a lot of folks
> making statements about network security on this list don't appear to
> grasp it.
If your network is secure, it isn’t even possible to “accidentally” open
inbound ports in the first place. You either allow it to happen or you don’t
via security policy, anything else means
- Original Message -
> From: "William Herrin"
> On Fri, Feb 16, 2024 at 2:19 PM Jay R. Ashworth wrote:
>> > From: "Justin Streiner"
>> > 4. Getting people to unlearn the "NAT=Security" mindset that we were forced
>> > to accept in the v4 world.
>>
>> NAT doesn't "equal" security.
>>
>>
On 2/16/24 3:01 PM, William Herrin wrote:
On Fri, Feb 16, 2024 at 2:19 PM Jay R. Ashworth wrote:
From: "Justin Streiner"
4. Getting people to unlearn the "NAT=Security" mindset that we were forced
to accept in the v4 world.
NAT doesn't "equal" security.
But it is certainly a *component*
On Fri, Feb 16, 2024 at 2:19 PM Jay R. Ashworth wrote:
> > From: "Justin Streiner"
> > 4. Getting people to unlearn the "NAT=Security" mindset that we were forced
> > to accept in the v4 world.
>
> NAT doesn't "equal" security.
>
> But it is certainly a *component* of security, placing control
- Original Message -
> From: "Justin Streiner"
> 4. Getting people to unlearn the "NAT=Security" mindset that we were forced
> to accept in the v4 world.
NAT doesn't "equal" security.
But it is certainly a *component* of security, placing control of what internal
nodes are accessible
On 2/15/24 9:40 PM, Justin Streiner wrote:
The Internet edge and core portion of deploying IPv6 - dual-stack or
otherwise - is fairly easy. I led efforts to do this at a large .edu
starting in 2010/11. The biggest hurdles are/were/might still be:
1. Coming up with a good address plan that will
The Internet edge and core portion of deploying IPv6 - dual-stack or
otherwise - is fairly easy. I led efforts to do this at a large .edu
starting in 2010/11. The biggest hurdles are/were/might still be:
1. Coming up with a good address plan that will do what you want and scale
as needed. It
It appears that Stephen Satchell said:
>Several people in NANOG have opined that there are a number of mail
>servers on the Internet operating with IPv6 addresses. OK. I have a
>mail server, which has been on the Internet for decades. On IPv4.
>
>For the last four years, every attempt to get
Well all that shows is that your ISP is obstructionist. If they can can enter
a PTR record or delegate the reverse range to you for your IPv4 server they can
do it for your IPv6 addresses. In most cases it is actually easier as address
space is assigned on nibble boundaries (/48, /52, /56,
Well that data is disappointing.
From: NANOG on behalf of Owen
DeLong via NANOG
Date: Monday, February 12, 2024 at 5:03 PM
To: NANOG list
Subject: IPv6 Test Pages for Fortune 500 and Top 100 web sites are back
Don’t know how much anyone will still care about these pages as there are lots
of
> On Jan 14, 2024, at 19:50, Abraham Y. Chen wrote:
>
> Hi, Ryan:
>
> 1) " ... it accounts for 40% of the traffic at Google. ":
>
> Perhaps you were referring to the following?
>
> https://www.google.com/intl/en/ipv6/statistics.html
>
> 2)If so, your quotation is
On 1/15/24 11:02 PM, Saku Ytti wrote:
On Mon, 15 Jan 2024 at 21:08, Michael Thomas wrote:
An ipv4 free network would be nice, but is hardly needed. There will
always be a long tail of ipv4 and so what? You deal with it at your
I mean Internet free DFZ, so that everyone is not forced to
On Mon, 15 Jan 2024 at 21:08, Michael Thomas wrote:
> An ipv4 free network would be nice, but is hardly needed. There will
> always be a long tail of ipv4 and so what? You deal with it at your
I mean Internet free DFZ, so that everyone is not forced to maintain
two stacks at extra cost,
On 1/15/24 12:26 AM, Saku Ytti wrote:
On Mon, 15 Jan 2024 at 10:05, jordi.palet--- via NANOG wrote:
In actual customer deployments I see the same levels, even up to 85% of IPv6
traffic. It basically depends on the usage of the caches and the % of
residential vs corporate customers.
You
On 1/15/24 12:56 AM, jordi.palet--- via NANOG wrote:
No, I’m not saying that. I’m saying "in actual deployments", which
doesn’t mean that everyone is deploying, we are missing many ISPs, we
are missing many enterprises.
I don't think what's going on internally with enterprise needs to
I strongly disagree that IPv6 is very much an afterthought.
A perfect example is that in Australia, our largest mobile network provider
Telstra, has completely moved to IPv6 single-stack on their mobile network
for pre-paid and post-paid customers. Russell Langton made the announcement
in
On Mon, 15 Jan 2024 at 10:59, jordi.palet--- via NANOG wrote:
> No, I’m not saying that. I’m saying "in actual deployments", which doesn’t
> mean that everyone is deploying, we are missing many ISPs, we are missing
> many enterprises.
Because of low entropy of A-B pairs in bps volume, seeing
No, I’m not saying that. I’m saying "in actual deployments", which doesn’t mean
that everyone is deploying, we are missing many ISPs, we are missing many
enterprises.
Saludos,
Jordi
@jordipalet
> El 15 ene 2024, a las 9:26, Saku Ytti escribió:
>
> On Mon, 15 Jan 2024 at 10:05,
On Mon, 15 Jan 2024 at 10:05, jordi.palet--- via NANOG wrote:
> In actual customer deployments I see the same levels, even up to 85% of IPv6
> traffic. It basically depends on the usage of the caches and the % of
> residential vs corporate customers.
You think you are contributing to the IPv6
All those measurements are missing the amount of traffic in the caches located
at the ISPs.
For each download passing thru AMSIX, there are thousands of multiples of that
download (videos, music, documents, static contents, OS updates, etc.) flowing
to thousands of customers. In some cases is
On Mon, 15 Jan 2024 at 06:18, Forrest Christian (List Account) <
li...@packetflux.com> wrote:
If 50٪ of the servers and 50% of the clients can do IPv6, the amount of
> IPv6 traffic will be around 25% since both ends have to do IPv6.
>
This assumes cosmological principle applies to the Internet,
If 50٪ of the servers and 50% of the clients can do IPv6, the amount of
IPv6 traffic will be around 25% since both ends have to do IPv6.
If you're running an IPv6 enabled server you'll see 50% of your traffic as
IPv6 in the above scenario. Likewise, if you are on an IPv6 connected
client, then
Hi, Ryan:
1) " ... it accounts for 40% of the traffic at Google. ":
Perhaps you were referring to the following?
https://www.google.com/intl/en/ipv6/statistics.html
2) If so, your quotation is correct, except there are some hidden
stories below the surface:
A. When you
Thank you, everyone, for your responses.
Abe, I appreciate your enthisam but it is obvious you are not interested in
collaboration. You are singularly-minded and trollish.
I am assigning your email address to my spam filters. I will not see any
future communication from you.
O.
On Sat, Jan
Hi, Seth:
0) Thanks for bringing up this pair of Drafts.
1) While I believe your "IPv4 Unicast Extension" team carried on with
the first, Avinta got accidentally exposed to the second. After analyzed
the hurdle it faced in adding on to RFC1918, the EzIP Project is now
focusing on
On 1/12/24 11:54 AM, Darrel Lewis wrote:
On Jan 12, 2024, at 11:47 AM, Seth David Schoen wrote:
Michael Thomas writes:
I wonder if the right thing to do is to create a standards track RFC that
makes the experimental space officially an add on to rfc 1918. If it works
for you, great, if
> On Jan 12, 2024, at 11:47 AM, Seth David Schoen wrote:
>
> Michael Thomas writes:
>
>> I wonder if the right thing to do is to create a standards track RFC that
>> makes the experimental space officially an add on to rfc 1918. If it works
>> for you, great, if not your problem. It would at
Michael Thomas writes:
> I wonder if the right thing to do is to create a standards track RFC that
> makes the experimental space officially an add on to rfc 1918. If it works
> for you, great, if not your problem. It would at least stop all of these
> recurring arguments that we could salvage it
On 1/12/24 8:45 AM, Owen DeLong via NANOG wrote:
Frankly, I care less. No matter how you use whatever IPv4 space you
attempt to cajole into whatever new form of degraded service, the
simple fact remains. IPv4 is a degraded technology that only continues
to get worse over time. NAT was bad.
like me and our projects.
-- Original message --
From: Owen DeLong via NANOG
To: Abraham Y. Chen
Cc: "Chen, Abraham Y." , nanog@nanog.org
Subject: Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address
block
Date: Fri, 12 Jan 2024 08:45:22 -0800
Frank
Frankly, I care less. No matter how you use whatever IPv4 space you attempt to cajole into whatever new form of degraded service, the simple fact remains. IPv4 is a degraded technology that only continues to get worse over time. NAT was bad. CGNAT is even worse (and tragically does nothing to
Abraham,
It has existed for many years, already supported on many devices, does not
require NAT, address space is plentiful, does not require additional proposals,
and it accounts for 40% of the traffic at Google.
Ryan
From: Abraham Y. Chen
Sent: Friday,
and Nautobot are my choices, and is worth deploying on a server or
> VPS, even for home labs.
On this, we agree.
It’s just not what spreadsheets do.
Owen
>
> Ryan
>
> From: NANOG on behalf of
> Christopher Hawker
> Sent: Thursday, November 16, 2023 3:52:59 PM
> To: Aar
1 - 100 of 3982 matches
Mail list logo
