RE: IPv6 is on the marketers radar
From: Geert Bosch [mailto:bo...@adacore.com] Basically, it should not have to cost anything extra to set up new users for IPv6. The same hardware that handles IPv4 today can be programmed to do IPv6. That is not the case for a significant number of home gateways and other consumer electronics. This is a market where a few dollars saved in flash or RAM means market share or profitability. Only in high-end gateways is there capacity for IPv6 (see the plans from Linksys, Netgear). You can argue about whether this should be true, but the manufacturers say they can't add IPv6 to the current low-end gateways. the foreseeable future, people will have (NATed or not) IPv4 connectivity, so content providers are fine without IPv6. [why content providers hate NAT and will dual-stack] Users don't care about IP geo-location or anti-DDOS measures, or any of the other reasons you list. These are things content providers care about, but they don't get to choose wether their viewers use IPv4 or IPv6. You were arguing, I thought, that content providers would stay on IPv4-only for a long time, and that web users would never move until content was IPv6-only. I disagree with the first part: most web content will be dual-stack, so that as much traffic as possible will be over IPv6. Except for the most basic, static of websites, content providers are going to prefer IPv6 over IPv4. I don't know whether web hosting companies will ever automatically dual-stack the PTA's website, but at some point it will be easier for them to warn all their customers and just do it, than to track which customers asked for IPv6 explicitly. As long as a majority of users come over IPv4, better anti-DDOS measures or anti-abuse procedures for IPv6 are not going to make any difference. When you DOS my site, please use IPv6, so we can better find out your location and more effectively block your IP address. That's not what I was saying. Since anti-DDOS in IPv4 will inflict collateral damage, interfering with innocent users' experience of the site, web content providers should have a strong preference for IPv6. Meaning they will make it available, and possibly promote it as much as possible. Users are going to drive adoption of IPv6, if and when they find a killer-app where IPv6 can provide usability that (heavily NATed) IPv4 can't. This could be better file-sharing tools, lower latency online gaming, better long-distance video-calling or whatever, as long as the benefits will be worth the relatively small ($50) investment of money and time. The killer app is the avoidance of CGN: head-to-head gaming, p2p, SIP, remote access, etc. ISPs are deploying IPv6 (http://www.cablelabs.com/news/pr/2011/11_pr_ipv6_transition_020111.html) Web content providers are deploying IPv6 (http://isoc.org/wp/worldipv6day/) It's bad that home gateways need replacing (http://www.computerworld.com/s/article/9208718/Cisco_Linksys_routers_still_ don_t_support_IPv6?taxonomyId=16) And consumer electronics are dangerously far behind. For content providers, as long as 90+% of the net is IPv4 only and Less than a year before 10% of the net has IPv6. You read it here first. essentially nobody is IPv6 only, providing dual-stack support is just adding cost for little or no gain in viewership. Content providers often depend on dozens if not hundreds of pieces of hardware and software to provider their services, so supporting IPv6 is vastly most expensive than it is for users to take advantage of it. Cisco and Netgear (see article above) say that essentially every user needs a new gateway in the $150 range. You already have one-- excellent, but the high end does not dominate the market. You're arguing that web content provider costs are greater than $100 per user? I don't mean to trivialize the effort content providers must make. But to suggest that it's enormously higher than any other segment's investment, and has no benefit, is misguided. Lee
Re: Old Annex question
Michael Loftis mlof...@wgops.com wrote: I could just set the attn_string to say ^A and then I could just hit that and it would work, but it doesn't seem to. Remember if you're using minicom it will escape ^A for it's own menu use. Wolfe.net had a score of those with Multi-tech modems way back in the day. I remember days spent hunting down ring-no-answers in a 400 POTS line hunt group. -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474
Re: Old Annex question
On 13/02/2011 15:30, Joe Hamelin wrote: day. I remember days spent hunting down ring-no-answers in a 400 POTS line hunt group. It was much easier to detect those by looking for strange port connectivity patterns in the logs. re: annexes, it was a happy day when we upgraded from annex 3 to portmaster. No idea what the escape key was. Nick
Re: Old Annex question
On Sun, Feb 13, 2011 at 11:36 AM, Nick Hilliard n...@foobar.org wrote: On 13/02/2011 15:30, Joe Hamelin wrote: day. I remember days spent hunting down ring-no-answers in a 400 POTS line hunt group. It was much easier to detect those by looking for strange port connectivity patterns in the logs. re: annexes, it was a happy day when we upgraded from annex 3 to portmaster. No idea what the escape key was. Nick I have a couple of Micro Annex's in the recycle pile in my basement and, after a bit of rummaging, found that I have the paper documentation as well. In the User's Guide it says: While in a session with a host, pressing an attention key returns you to the CLI prompt. Somewhere else it indicates that BREAK is the attention key however that may be configurable. If anything further is needed contact me, probably off-list, and I can look in the docs including the full CLI manual. Jon
Re: quietly....
On 2/3/11 12:59 PM, David Conrad wrote: On Feb 3, 2011, at 5:35 AM, Jack Bates wrote: You missed my pointed. Root servers are hard coded, but they aren't using a well known anycast address. Actually, most of the IP addresses used for root servers are anycast addresses and given they're in every resolver on the Internet, they're pretty well known... Of course, one might ask why those well known anycast addresses are owned by 12 different organizations instead of being golden addresses specified in an RFC or somesuch, but that gets into root server operator politics... there are perfectly valid reasons why you might want to renumber one, the current institutional heterogeneity has pretty good prospects for survivability. Regards, -drc
Re: quietly....
On Feb 13, 2011, at 7:56 AM, Joel Jaeggli wrote: Of course, one might ask why those well known anycast addresses are owned by 12 different organizations instead of being golden addresses specified in an RFC or somesuch, but that gets into root server operator politics... there are perfectly valid reasons why you might want to renumber one, Ignoring historical mistakes, what would they be? the current institutional heterogeneity has pretty good prospects for survivability. Golden addresses dedicated to root service (as opposed to 'owned' by the root serving organization) means nothing regarding who is operating servers behind those addresses. It does make it easier to change who performs root service operation (hence the politics). Regards, -drc
Re: quietly....
- Original Message - From: David Conrad d...@virtualized.org On Feb 13, 2011, at 7:56 AM, Joel Jaeggli wrote: Of course, one might ask why those well known anycast addresses are owned by 12 different organizations instead of being golden addresses specified in an RFC or somesuch, but that gets into root server operator politics... there are perfectly valid reasons why you might want to renumber one, Ignoring historical mistakes, what would they be? the current institutional heterogeneity has pretty good prospects for survivability. Golden addresses dedicated to root service (as opposed to 'owned' by the root serving organization) means nothing regarding who is operating servers behind those addresses. It does make it easier to change who performs root service operation (hence the politics). Exactly: it *centralizes control* over what the roots are. The second- and third-order resultants of that observation will be left as an exercise for the student; politics are off-topic for NANOG :-) Cheers, -- jra
Combining 10g tap ports
Hello, I'm wondering what are people's experience is with boxes, like those from Gigamon, to aggregate 10g span ports? Any recommendations? As background, we currently have a sensor network where we provide our InfoSec team with taps from various points in our network. In cases where we have redundant routers, we've taken a tap from each one, fed it into a switch, then span'ed the two ports into a third so that we can present them with a single feed for each location because, according to them, they can not re-assemble data from different interfaces on their sensors. We have an opportunity to revisit this design now that we're moving to 10g router interlinks. Eric :)
Re: SmartNet Alternatives
* Ryan Finnesey: This is one of the reasons we are starting to look at Juniper for a new network build. It is my understanding we set software updates for life for free. My understanding is that it's free for customers who have a service contract in place. Most downloads are not self-service, and I haven't tested if you can get JTAC to provide images for devices you don't own.
Little to No Connectivity on LLNW Delivered Content // AS22822 ... AS7132
Will an ATT op comment on what looks like an outage (or the beginning of a connectivity tiff) regarding LLNW content (Netflix among others) delivered via GBLX and TiNet to AS7132 customers in Southern California? Here's the full path: AS22822 AS3257 AS7018 AS7132 Thanks. -RR
Re: SmartNet Alternatives
How does Juniper feel about used hardware? ~Seth I love Juniper's hardware and software, and support. However, the way they deal with used or second hand hardware is terrible. It is not possible to transfer ownership at all. You can not resell anything, and hope to get any software updates or support. The challenge is that Cisco refurb with SmartNet is generally considerably cheaper than new Juniper. It makes it tough to sell Juniper in many situations. We have the same problem with NetApp. It seems that these companies would rather see their equipment end up in a landfill, and have the secondary market turn to a different vendor, rather than being responsible, and making it possible for equipment to be reused instead of trashed. It really annoys me. Disclaimer: I am a Juniper and NetApp partner/reseller, and love their stuff. I just hate their policies. -Randy
RE: SmartNet Alternatives
* Ryan Finnesey: This is one of the reasons we are starting to look at Juniper for a new network build. It is my understanding we set software updates for life for free. My understanding is that it's free for customers who have a service contract in place. Most downloads are not self-service, and I haven't tested if you can get JTAC to provide images for devices you don't own. Brocade is now offering 5 years (what they consider lifetime) support to the original purchaser of the equipment on some product lines: FastIron SX800, SX1600, CX, WS, and TurboIron that includes software updates. We use a lot of the FCX units.
Re: IPv6 is on the marketers radar
In message 000901cbcb22$3cf978a0$b6ec69e0$@org, Lee Howard writes: -Original Message- From: Geert Bosch [mailto:bo...@adacore.com] Honestly, I can't quite see the big deal for home users. I'm using an Apple Airport Extreme, and setting it up with a IPv6 tunnel from $150? That's a high-powered device compared to most home gateways. HE was quite straightforward. Sure, I don't expect the average user to go through these steps, but they could easily be automated and rolled out as part of a firmware update (which is a routine matter Yes, if the ISP provided the gateway. In many markets, they don't. Even if they start now, they would have to convince every customer to swap routers. And find the capital to pay for them. And have a system for updating the firmware and configurations of those devices. Or maybe the customer's going to have to buy a new gateway, when the one they have is still functioning, and might even be brand new. the foreseeable future, people will have (NATed or not) IPv4 connectivity, so content providers are fine without IPv6. Depends on the content. Large-scale NAT is bad for you if you depend on IP geo-location, or use anti-DDOS measures to limit number of connections or bits from a single IP address, or use IP address to report abuse, or blacklist IP addresses, or log the user's IP address, or try to enforce copyright by reporting IP addresses of violators, or rate-limit outbound data per address, or record unique visitors by IP address. It might also increase latency, but probably not so much that you'd panic. And a lot of that depends upon how you implement LSN. * LSN per pop or a uber mega LSN? * How many customers per address? 2 or 200? -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: IPv6 is on the marketers radar
It's bad that home gateways need replacing It's not neccessarily bad. There are a lot of older devices out there and technology has progressed a couple of generations since then. That spells market opportunity for manufacturers of IPv6 gateways, particularly at the higher end of the market where the impact of the recession has not hit as hard. And given that a gateway is a box running Linux with some network interfaces, there is an opportunity for added features, maybe even so far as an Android style apps market. The general public is now learning that the Internet is going through a transition and that IPv6 is future proof. The smart money would now be putting gateways on the market to sell to early adopters. And the creative money would be looking for a way to link the IPv6 gateways with an IPv6 home server that runs apps from an apps market. Those apps could be anything from a backup of your blog to a SIP PABX. --Michael Dillon P.S. if anyone has money to invest, contact me and let's talk.
Re: IPv6 is on the marketers radar
In message 8b082d10-a0ea-4012-8656-e60dd7ec7...@adacore.com, Geert Bosch write s: On Feb 12, 2011, at 21:03, Lee Howard wrote: Honestly, I can't quite see the big deal for home users. I'm using an Apple Airport Extreme, and setting it up with a IPv6 tunnel from =20 $150? That's a high-powered device compared to most home gateways. Sure, but the same thing is possible with a cheap 6-year-old sub-$50=20 popular Linksys wifi router, see = http://opensystems.wordpress.com/2006/06/01/linksys-wrt54g-ipv6-howto/ for example. The point is that it can be cheap, relatively easy=20 and painless for users to upgrade. Basically, it should not have to cost anything extra to set up=20 new users for IPv6. The same hardware that handles IPv4 today can be programmed to do IPv6. the foreseeable future, people will have (NATed or not) IPv4 connectivity, so content providers are fine without IPv6.=20 =20 Depends on the content. Large-scale NAT is bad for you if you depend on IP geo-location, or use anti-DDOS measures to limit number of connections or bits from a single IP address, or use IP address to report abuse, or blacklist IP addresses, or log the user's IP address, or try to enforce copyright by reporting IP addresses of violators, or rate-limit outbound data per address, or record unique visitors by IP address. It might als o increase latency, but probably not so much that you'd panic. Users don't care about IP geo-location or anti-DDOS measures, or any of the other reasons you list. These are things content providers care about, but they don't get to choose wether their viewers use IPv4 or IPv6. Except for the most basic, static of websites, content providers are going to prefer IPv6 over IPv4. I don't know whether web hosting companies will ever automatically dual-stack the PTA's website, but at some point it will be easier for them to warn all their customers and just do it, than to track which customers asked for IPv6 explicitly. As long as a majority of users come over IPv4, better anti-DDOS measures or anti-abuse procedures for IPv6 are not going to make any difference. When you DOS my site, please use IPv6, so we can better find out your location and more effectively block=20 your IP address. Users are going to drive adoption of IPv6, if and when they find a killer-app where IPv6 can provide usability that (heavily NATed) IPv4 can't. This could be better file-sharing tools, lower latency online gaming, better long-distance video-calling or whatever,=20= as long as the benefits will be worth the relatively small=20 ($50) investment of money and time. Or ISP's will drive it because they don't want the long term costs of LSN and pay the handful of CPE vendors to develop and ship products with IPv6 enabled and not ship IPv4 only products. $1 per IPv6 enabled product sold for N years. Just have a check box for the ISPs participating in the scheme + other when doing the warranty registation. For content providers, as long as 90+% of the net is IPv4 only and essentially nobody is IPv6 only, providing dual-stack support is just adding cost for little or no gain in viewership. Content providers often depend on dozens if not hundreds of pieces of hardware and software to provider their services, so supporting IPv6 is vastly most expensive than it is for users to take advantage of it. And how much of that is already IPv6 capable? In my case, the upgrade to IPv6 was free. There must be many more using an Apple router (any model, Express, Extreme or otherwise) that can upgrade to IPv6 for free. However, I can't list any benefit from doing so, except from going to test-ipv6.com and seeing a 10/10 score. Basically, you have to be a geek to be interested in IPv6. That's got to change, before there will be any meaningful shifts. -Geert= -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
RE: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer...
Fine approach as long as the DSLAMs and CPE allow ether type 0x86DD to pass. Frank -Original Message- From: Jack Bates [mailto:jba...@brightok.net] Sent: Friday, February 11, 2011 4:01 PM To: Ricky Beam Cc: nanog@nanog.org Subject: Re: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer... On 2/11/2011 3:41 PM, Ricky Beam wrote: In bridge mode, any modem will do. It's when the modem is also the router (which is most cases today) that it will need attention to support IPv6. (in bridge mode, you'll have to fix whatever it's plugged into, but that's the customer's problem... off to Best Buy for an IPv6 capable D-Link.) I just finished discussing with the one telco in my network that deployed PPPoE. All customers will bring their modem into the office, where the front desk ladies will flash the config to bridge mode. It was that or replace thousands of CPE that never will support IPv6 in routed mode. Have a nice day. Jack
mailing list bounces
It looks like one of nanog's outbound servers doesn't have a PTR record. Mark Received:from s0.nanog.org (207.75.116.162) by edge.atlasbiz.com (192.168.198.21 ) with Microsoft SMTP Server id 8.2.255.0; Sun, 13 Feb 2011 21:34:17 + ; DiG 9.6.0-APPLE-P2 -x 207.75.116.162 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 29686 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;162.116.75.207.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 116.75.207.in-addr.arpa. 10764 IN SOA dns.merit.net. ejd.merit.edu. 2011021202 28800 14400 2419200 14400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Feb 14 09:54:42 2011 ;; MSG SIZE rcvd: 107 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Packet over SONET failback
PoS failure detection happens in under 50ms, but what about the failback? Same deal? I ask because I've got two routers connected to opposite ends of a spare PoS link that I've been playing with and I'm noticing that the failback on the far side seems to be about 15 seconds (assuming the near side failover was initiated with an interface shutdown command and thusly no shut'd to re-enable the link). Just wanted to know if a higher failback time is a relatively normal occurrence and maybe I'm seeing some sort of built-in hold down feature working away?
Re: mailing list bounces
- Original Message - It looks like one of nanog's outbound servers doesn't have a PTR record. Mark Received:from s0.nanog.org (207.75.116.162) by edge.atlasbiz.com (192.168.198.21 ) with Microsoft SMTP Server id 8.2.255.0; Sun, 13 Feb 2011 21:34:17 + ; DiG 9.6.0-APPLE-P2 -x 207.75.116.162 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 29686 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;162.116.75.207.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 116.75.207.in-addr.arpa. 10764 IN SOA dns.merit.net. ejd.merit.edu. 2011021202 28800 14400 2419200 14400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Feb 14 09:54:42 2011 ;; MSG SIZE rcvd: 107 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org Oops, fixed. The machines were moved to a new a subnet this morning and I was so preoccupied with remembering to create the ip6.arpa PTR records that I completely forgot the in-addr.arpa's. Bet that's a first. I suppose it's progress to be thinking about v6 first and v4 second. -Larry Blunk Merit
Re: quietly....
On 2/13/11 10:31 AM, David Conrad wrote: On Feb 13, 2011, at 7:56 AM, Joel Jaeggli wrote: Of course, one might ask why those well known anycast addresses are owned by 12 different organizations instead of being golden addresses specified in an RFC or somesuch, but that gets into root server operator politics... there are perfectly valid reasons why you might want to renumber one, Ignoring historical mistakes, what would they be? gosh, I can't imagine why anyone would want to renumber of out 198.32.64.0/24... making them immutable pretty much insures that you'll then find a reason to do so. the current institutional heterogeneity has pretty good prospects for survivability. Golden addresses dedicated to root service (as opposed to 'owned' by the root serving organization) means nothing regarding who is operating servers behind those addresses. It does make it easier to change who performs root service operation (hence the politics). There are plenty of cautionary tales to be told about well-known addresses. assuming that for the sake of the present that we forsake future flexibility then sure golden addresses are great. Regards, -drc
Re: mailing list bounces
In message 121334192.111427.1297644483313.JavaMail.root@int-mailstore01, Larr y J. Blunk writes: - Original Message - It looks like one of nanog's outbound servers doesn't have a PTR record. Mark Received:from s0.nanog.org (207.75.116.162) by edge.atlasbiz.com (192.168.198.21 ) with Microsoft SMTP Server id 8.2.255.0; Sun, 13 Feb 2011 21:34:17 + ; DiG 9.6.0-APPLE-P2 -x 207.75.116.162 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 29686 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;162.116.75.207.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 116.75.207.in-addr.arpa. 10764 IN SOA dns.merit.net. ejd.merit.edu. 2011021202 28800 14400 2419200 14400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Feb 14 09:54:42 2011 ;; MSG SIZE rcvd: 107 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org Oops, fixed. The machines were moved to a new a subnet this morning and I was so preoccupied with remembering to create the ip6.arpa PTR records that I completely forgot the in-addr.arpa's. Bet that's a first. I suppose it's progress to be thinking about v6 first and v4 second. -Larry Blunk Merit It will be much better when the OS's just register themselves in the DNS. Humans shouldn't have to do this when a machine renumbers. Named can already authenticate PTR updates based on using TCP and the source address of the update. For A/ records you setup a cryptographically strong authentication first. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: My upstream ISP does not support IPv6
fwiw we have v6 transit from internap in metro atlanta. setup was drama-free. up until about 6 months ago it was offered on a non-production basis and only as a tunnel, now it's dual stacked to our customer edge. joel On 2/4/11 7:05 AM, Scott Helms wrote: We have been working diligently for more than 6 months to try and get a /56 routed to one of our offices in metro Atlanta. The carrier in question is a Tier 1 as well as being one of the old telecom names. I have the entire chain of emails documenting the carrier's struggles with internal process and technical issues. We are currently waiting for a new edge router to be ready to transfer our existing circuits to. Not that it matters but we were also told that we would be moved from a Cisco to a Juniper. Once I realized how much of a struggle that was turning into I contacted some of our other providers (a mix of Tier 1 2 ISPs and collocation providers) as of this moment none of them (though some seem close) are actually prepared to deliver IPv6 connectivity where we need it despite some of them already touting preparedness. What I think is worth remembering is that there are a _lot_ of moving parts to get right to actually route an IPv6 block down a connection. Some of those parts are technical like making sure an edge router that may have been in place for years can handle IPv6 traffic _and_ that addition won't cause a CPU or other issue on the specific platform you're looking at. Some of the others are simply business process pieces like making sure contracts, internal and external documentation, and work flow that need to be updated. TLDR version, marketing often fails to reflect reality :) On 2/3/2011 10:04 PM, Franck Martin wrote: The biggest complaint that I hear from ISPs, is that their upstream ISP does not support IPv6 or will not provide them with a native IPv6 circuit. Is that bull? I thought the whole backbone is IPv6 now, and it is only the residential ISPs that are still figuring it out because CPE are still not there yet. Where can I get more information? Any list of peering ISPs that have IPv6 as part of their products? It seems to me the typical answer sales people say when asked about IPv6: Gosh, this is the first time I'm asked this one.
Re: IPv6 is on the marketers radar
On Feb 13, 2011, at 1:33 PM, Mark Andrews wrote: In message 000901cbcb22$3cf978a0$b6ec69e0$@org, Lee Howard writes: -Original Message- From: Geert Bosch [mailto:bo...@adacore.com] Honestly, I can't quite see the big deal for home users. I'm using an Apple Airport Extreme, and setting it up with a IPv6 tunnel from $150? That's a high-powered device compared to most home gateways. HE was quite straightforward. Sure, I don't expect the average user to go through these steps, but they could easily be automated and rolled out as part of a firmware update (which is a routine matter Yes, if the ISP provided the gateway. In many markets, they don't. Even if they start now, they would have to convince every customer to swap routers. And find the capital to pay for them. And have a system for updating the firmware and configurations of those devices. Or maybe the customer's going to have to buy a new gateway, when the one they have is still functioning, and might even be brand new. the foreseeable future, people will have (NATed or not) IPv4 connectivity, so content providers are fine without IPv6. Depends on the content. Large-scale NAT is bad for you if you depend on IP geo-location, or use anti-DDOS measures to limit number of connections or bits from a single IP address, or use IP address to report abuse, or blacklist IP addresses, or log the user's IP address, or try to enforce copyright by reporting IP addresses of violators, or rate-limit outbound data per address, or record unique visitors by IP address. It might also increase latency, but probably not so much that you'd panic. And a lot of that depends upon how you implement LSN. * LSN per pop or a uber mega LSN? * How many customers per address? 2 or 200? Most LSNs will probably be regional collections of LSN boxes that are (somewhat randomly) load balanced. Owen
Re: quietly....
On Sun, Feb 13, 2011 at 04:49:57PM -0800, Joel Jaeggli wrote: On 2/13/11 10:31 AM, David Conrad wrote: On Feb 13, 2011, at 7:56 AM, Joel Jaeggli wrote: Of course, one might ask why those well known anycast addresses are owned by 12 different organizations instead of being golden addresses specified in an RFC or somesuch, but that gets into root server operator politics... there are perfectly valid reasons why you might want to renumber one, Ignoring historical mistakes, what would they be? gosh, I can't imagine why anyone would want to renumber of out 198.32.64.0/24... or 198.32.65.0/24 or 10.0.0.0/8 or 128.0.0.0/16 (speaking of the other blocks I've had the fortune to have to renumber out of) making them immutable pretty much insures that you'll then find a reason to do so. the current institutional heterogeneity has pretty good prospects for survivability. Golden addresses dedicated to root service (as opposed to 'owned' by the root serving organization) means nothing regarding who is operating servers behind those addresses. It does make it easier to change who performs root service operation (hence the politics). There are plenty of cautionary tales to be told about well-known addresses. assuming that for the sake of the present that we forsake future flexibility then sure golden addresses are great. Regards, -drc well - there is an interesting take on hosting root name service on 127.0.0.1 and ::1 then you have to do other tricks, like multicast and new op-codes and rip out the link-local restrictions that Apple's multicastDNS or the ilnp proposals do... end of the day, you end up with a -much- more robust DNS w/o the whole P2P/DNS (chord) like framework. but ... this thread has migrated far from its origins... and the mutations are less than operational. YMMV of course. --bill
Re: quietly....
On Feb 13, 2011, at 2:49 PM, Joel Jaeggli wrote: Ignoring historical mistakes, what would they be? gosh, I can't imagine why anyone would want to renumber of out 198.32.64.0/24... I guess you missed the part where I said Ignoring historical mistakes. making them immutable pretty much insures that you'll then find a reason to do so. The fact that ICANN felt it necessary to renumber into a new prefix is a perfect example of why having golden addresses for the DNS makes sense. If the root server addresses had been specified in an RFC or somesuch, there would be no question about address ownership. There are plenty of cautionary tales to be told about well-known addresses. As I'm sure you're aware, the DNS is a bit unique in that can't use the DNS to bootstrap. It requires a set of pre-configured addresses to function. Changing one of those pre-configured addresses requires changing the hints file in every resolver on the Internet which takes a very long time (I'm told that a root server address changed over a decade ago still receives more than 10 priming queries per second). It also means the former root server address is forever poisoned -- you don't want to give that address to someone who might use it to set up a bogus root server. It was hard enough when there were just a couple of DNS resolver vendors, now there are more than a few. assuming that for the sake of the present that we forsake future flexibility then sure golden addresses are great. It isn't clear to me what flexibility would be sacrificed, but it is academic. Unfortunately, it'll likely take some traumatic event for the status quo to change. Regards, -drc
RE: quietly....
Ditto. -Original Message- From: Jack Bates [mailto:jba...@brightok.net] Sent: Tuesday, February 01, 2011 11:02 PM To: NANOG list Subject: Re: quietly snip I have also now seen 2 different vendor DSL modems which when not using PPPoE require a manually entered default router (ie, no RA support). Jack
RE: quietly....
Sounds like PI space is a solution for those 5000 desktops. Frank -Original Message- From: david raistrick [mailto:dr...@icantclick.org] Sent: Wednesday, February 02, 2011 11:05 AM To: Cameron Byrne; Owen DeLong Cc: nanog@nanog.org Subject: Re: quietly On Tue, 1 Feb 2011, Cameron Byrne wrote: Telling people I'm right, you're wrong over and over again leads to them going away and ignoring IPv6. +1 Somebody should probably get a blog instead of sending, *39 and counting*, emails to this list in one day. It's a discussion list. We're having a discussion. Admittedly, Owen hasn't presented any solutions to my actual problems, but.. ;) Owen said: The solution to number 2 depends again on the circumstance. IPv6 offers a variety of tools for this problem, but, I have yet to see an environment where the other tools can't offer a better solution than NAT. Which is a complete non-answer. NAT provides a nice solution - even with it's problems - for small consumers and large enterprises, who have much higher percentages of devices that need (or even -require-) no inbound connectivity. Why should I (or my IT department) have to renumber the 5,000 desktop PCs in this office (a large percentage of which have static IP addresses due to the failings of dynamic DNS and software that won't support DNS (I'm looking at you, Unity.) just because we've changed providers? Why should we have to renumber devices at my mom's house just because she switched from cable to dsl? -- david raistrickhttp://www.netmeister.org/news/learn2quote.html dr...@icantclick.org http://www.expita.com/nomime.html
RE: quietly....
Requiring them to be on certain well known addresses is restrictive and creates an unnecessary digression from IPv4 practice. It's comments like this that raise the hair on admins' necks. At least mine. Frank -Original Message- From: Iljitsch van Beijnum [mailto:iljit...@muada.com] Sent: Wednesday, February 02, 2011 9:23 AM To: Owen DeLong Cc: NANOG list Subject: Re: quietly On 2 feb 2011, at 16:00, Owen DeLong wrote: SLAAC fails because you can't get information about DNS, NTP, or anything other than a list of prefixes and a router that MIGHT actually be able to default-route your packets. Who ever puts NTP addresses in DHCP? That doesn't make any sense. I'd rather use a known NTP server that keeps correct time. For DNS in RA, see RFC 6106. But all of this could easily have been avoided: why are we _discovering_ DNS addresses in the first place? Simply host them on well known addresses and you can hardcode those addresses, similar to the 6to4 gateway address. But no, no rough consensus on something so simple. DHCP fails because you can't get a default router out of it. If you consider that wrong, I don't want to be right.
