For a small site using a Fortigate such as a 60d, you can use equal cost load
balancing very well. We use this all the time to keep a customer's backup ISP
active with VPN connection back to the data center. I wouldn't want to support
VOIP in the config, but works really great for VPNs and gener
Matthew,
You can be part of the solution or part of the sarcasm.
-mel via cell
> On Jul 5, 2015, at 4:25 PM, Matthew Kaufman wrote:
>
>> On 7/4/2015 5:09 AM, Josh Moore wrote:
>> Traditional dual stack deployments implement both IPv4 and IPv6 to the CPE.
>> Consider the following:
>>
>> An I
On 7/4/2015 5:09 AM, Josh Moore wrote:
Traditional dual stack deployments implement both IPv4 and IPv6 to the CPE.
Consider the following:
An ISP is at 90% IPv4 utilization and would like to deploy dual stack with the
purpose of allowing their subscriber base to continue to grow regardless of t
> On Jul 5, 2015, at 1:59 PM, Jared Mauch wrote:
> ...
> There seems to be no reason why I couldn’t pay now for the meeting, unless
> the transition from AMSL is still ongoing.
And that is indeed the case. They are using a new registration system vendor
this time, and the integration is takin
> On Jul 5, 2015, at 4:22 PM, Randy Bush wrote:
>
> folk needing complex or difficult visas need long lead time. and they
> tend to need the registration and letter of invitation. in this case,
> canada is not all that much easier to get in to than the states. ietf
> is also working on improv
folk needing complex or difficult visas need long lead time. and they
tend to need the registration and letter of invitation. in this case,
canada is not all that much easier to get in to than the states. ietf
is also working on improving this issue.
randy
Theoretically it should be possible with this on MPLS enabled devices. The "HA
link" could then ride on top of the MPLS core redundancy alongside public
outside NAT traffic and inside private traffic.
The good thing is that most of my customer access (DSL, cable, T1) is designed
with establishe
I can confirm that. I had a few questions about attending NANOG65 as a
student (also my first!) and they are still working on the registration
process for this year
On 7/5/2015 12:58 PM, Mehmet Akcin wrote:
Looks like registration for this event is not open yet. There is still a lot of
time.
Many firewalls will do state sync across an HA link. This works fine as long as
you use BGP to ensure internet routing of your IPv4 to all gateways. But then
the HA link is the single point of failure. I think the best you can hope for
is that the importance of IPv4 NAT will diminish over time.
On Sunday, July 5, 2015, Baldur Norddahl wrote:
> MAP solves that by splitting NAT into a part that can be done without state
> (route a port range to a customer) and the actual NAT which is then done on
> the CPE.
>
>
But you need special cpe, not sure that is in the op biz case
> It is also t
I always say that eliminating a single point of failure depends on how big the
point is :)
-mel beckman
> On Jul 5, 2015, at 12:10 PM, Owen DeLong wrote:
>
> A NAT box is a central point of failure for which the only cure is to not do
> NAT.
>
> You can get clustered NAT boxes (Juniper, for
I was hoping to find a solution that maybe utilized some kind of session sync
or something of that matter allowing for multiple entry and exit points
(asymmetric routing).
Thanks,
Joshua Moore
Network Engineer
ATC Broadband
912.632.3161
> On Jul 5, 2015, at 3:10 PM, Owen DeLong wrote:
>
>
MAP solves that by splitting NAT into a part that can be done without state
(route a port range to a customer) and the actual NAT which is then done on
the CPE.
It is also the only NAT solution that scales.
Regards,
Baldur
On 5 July 2015 at 21:09, Owen DeLong wrote:
> A NAT box is a central
A NAT box is a central point of failure for which the only cure is to not do
NAT.
You can get clustered NAT boxes (Juniper, for example), but that just makes a
bigger central point of failure.
Owen
> On Jul 5, 2015, at 11:49 , Josh Moore wrote:
>
> The point I am concerned about is a central
The point I am concerned about is a central point of failure.
Thanks,
Joshua Moore
Network Engineer
ATC Broadband
912.632.3161
> On Jul 5, 2015, at 2:46 PM, Owen DeLong wrote:
>
> Not necessarily. But what I am telling you is that whatever goes out NAT
> gateway A has to come back in throu
Not necessarily. But what I am telling you is that whatever goes out NAT
gateway A has to come back in through NAT gateway A.
You can build whatever topology you want on either side of that and nothing
says B has to be any where near A.
Owen
> On Jul 5, 2015, at 11:25 , Josh Moore wrote:
>
>
On Sun, 5 Jul 2015 18:25:26 +, Josh Moore said:
> So basically what you are telling me is that the NAT gateway
> needs to be centrally aggregated.
If you must do NAT it should be as close to the edge as
possible. Today that's usually at the CPE. Maybe tomorrow that's one
hop upstream
So basically what you are telling me is that the NAT gateway needs to be
centrally aggregated.
Thanks,
Joshua Moore
Network Engineer
ATC Broadband
912.632.3161
> On Jul 5, 2015, at 1:29 PM, Owen DeLong wrote:
>
> If you want to keep that, then you’ll need a public backbone network that
>
NAT at the POP seems much more feasible, then. Wherever your chokepoint is in
network redundancy, do the NAT there.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
- Original Message -
From: "Owen
If you want to keep that, then you’ll need a public backbone network that joins
all of your NATs and you’ll need to have your NATs use unique exterior address
pools.
Load balancing a single session across multiple NATs isn’t really possible.
Owne
> On Jul 5, 2015, at 08:11 , Josh Moore wrote:
On Sun, 05 Jul 2015 09:59:51 -0700, Mike Lyon said:
> I dont think my customers would see it that way. They would say, "we'll
> just go with ATT or Comcast instead." Poof, there goes that MRR!
Well, that *is* one way to reduce your dependence on IPv4. :)
pgp3TaLkQyMHp.pgp
Description: PGP signat
> On Jul 4, 2015, at 23:51 , valdis.kletni...@vt.edu wrote:
>
> On 05 Jul 2015 03:41:26 -, "John Levine" said:
>
>> Depends on the application(s). One that seems to work OK is to dual
>> stack everyone and put them behind a NAT unless they ask to have a
>> private IP.
>
> Put their IPv4 be
I dont think my customers would see it that way. They would say, "we'll
just go with ATT or Comcast instead." Poof, there goes that MRR!
-The other WISP Mike
On Jul 5, 2015 9:54 AM, "Mel Beckman" wrote:
> Mike,
>
> They certainly won't like it. But the situation is the same everywhere.
> It's no
Looks like registration for this event is not open yet. There is still a lot of
time. See you in Montreal
Mehmet
> On Jul 5, 2015, at 09:45, Andrey Khomyakov wrote:
>
> Folks,
> I'd like to attend NANOG65 (my first NANOG ever), but i can't, for the life
> of me, figure out how you register fo
On Sunday, July 5, 2015, Jared Mauch wrote:
>
> > On Jul 5, 2015, at 11:35 AM, Mel Beckman >
> wrote:
> >
> > I guess the WISPs I advise get better advice :)
>
> I think this is a key item for people to have in mind. We can all follow
> poor advice and add in new layers of NATs, possibly includi
Mike,
They certainly won't like it. But the situation is the same everywhere. It's
not like they're being gouged.
-mel via cell
> On Jul 5, 2015, at 9:30 AM, Mike Hammett wrote:
>
> You don't work with end-users much, do you? The same types that follow Free
> Press and what not about how th
Folks,
I'd like to attend NANOG65 (my first NANOG ever), but i can't, for the life
of me, figure out how you register for the event. I can't quite locate the
registration link on nanog.org.
Can someone, please, point me in the right direction?
Thanks in advance,
--Andrey
You don't work with end-users much, do you? The same types that follow Free
Press and what not about how their ISP breaks it off in their backside (despite
no concrete evidence - see the recent M-Labs, Free Press incident)... they
won't take too kindly to being told to pay more for IPv4 to make
> On Jul 5, 2015, at 11:35 AM, Mel Beckman wrote:
>
> I guess the WISPs I advise get better advice :)
I think this is a key item for people to have in mind. We can all follow poor
advice and add in new layers of NATs, possibly including certain applications
within the NAT cone, or we can del
Dual-stack doesn't require public IPv4 addresses. Since IPv4 is in short
supply, providers must still do what they can to conserve them. This means NAT,
with appropriate management to not overload any one IP, or CGN if you want to
keep public IPv4 (but no longer unique ones) on CPE. Not every cu
I guess the WISPs I advise get better advice :)
-mel via cell
> On Jul 5, 2015, at 7:51 AM, Mike Hammett wrote:
>
> You must know different WISPs than I know (and I know hundreds). Most WISPs
> use IPv4 publicly, no IPv6 and don't have any boxes capable of synced NAT
> tables.
>
>
>
>
>
That's only an issue with airport devices and PPPoE. I can confirm it
does native DHCPv6-PD otherwise.
On Sun, Jul 5, 2015 at 5:32 AM, William Waites wrote:
> On Sun, 5 Jul 2015 06:13:52 +, Mel Beckman said:
>
> > In fact, I show just how to do this using a $99 Apple Airport
> > Expr
Performing the NAT on the border routers is not a problem. The problem comes
into play where the connectivity is not symmetric. Multiple entry/exit points
to the Internet and some are load balanced. We'd like to keep that architecture
too as it allows for very good protection in an internet link
Public or private you have the same issues of not putting too many Google
requests through the same public v4 address, keeping things at multiple egress
points in sync, etc.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.
You must know different WISPs than I know (and I know hundreds). Most WISPs use
IPv4 publicly, no IPv6 and don't have any boxes capable of synced NAT tables.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
That's only an issue if you distribute a public IPv4 address to each customer.
If you use private addressing in the core, ordinary NAT works if you're not a
carrier-grade provider, and even then it can be practical in many cases. CGN is
a solution for providers not willing to migrate to a privat
WISPs have been good at solving this, as they are often deploying greenfield
networks. They use private IPv4 internally and NAT IPv4 at multiple exit
points. IPv6 is seamlessly redundant, since customers all receive global /64s;
BGP handles failover. If you home multiple upstream providers on a
I believe he (at least someone) was looking for recommendations to CGN type
devices. Many can do NAT, but looking for something a bit more intelligent.
Your standard residential user may not understand, but would also be unwilling
to pay any difference.
-
Mike Hammett
Intelligent Comp
So the question is: where do you perform the NAT and how can it be redundant?
Thanks,
Joshua Moore
Network Engineer
ATC Broadband
912.632.3161
> On Jul 5, 2015, at 10:12 AM, Mel Beckman wrote:
>
> Josh,
>
> Your job is simple, then. Deliver dual-stack to your customers and if they
> want
Josh,
Your job is simple, then. Deliver dual-stack to your customers and if they want
IPv6 they need only get an IPv6-enabled firewall. Unless you're also an IT
consultant to your customers, your job is done. If you already supply the CPE
firewall, then you need only turn on IPv6 for customers
Jared,
Tunneling gets customers onto IPv6 with little trouble. I've deployed hundred
of Apple Airports in this capacity and they have no problem with speeds of
200Mbps and more, and they rarely have downtime. The firmware is auto-updating
and is kept very current by Apple. The one feature they
We are the ISP and I have a /32 :)
I'm simply looking at the best strategy for migrating my subscribers off v4
from the perspective of solving the address utilization crisis while still
providing compatibility for those one-off sites and services that are still on
v4.
Thanks,
Joshua Moore
>
> Josh Moore wrote:
>
> Tunnels behind a CPE and 4to6 NAT seem like bandaid fixes as they do not give
> the benefit of true end to end IPv6 connectivity in the sense of every device
> has a one to one global address mapping.
No, tunnels do give you one to one global IPv6 address mapping for
> On Jul 5, 2015, at 5:32 AM, William Waites wrote:
>
> On Sun, 5 Jul 2015 06:13:52 +, Mel Beckman said:
>
>> In fact, I show just how to do this using a $99 Apple Airport
>> Express in my three-hour online course “Build your own IPv6 Lab”
>
> An anectode about this, maybe out of date, ma
Creating this in a test lab is mandatory for a successful migration. Tunnels
behind a CPE and 4to6 NAT seem like bandaid fixes as they do not give the
benefit of true end to end IPv6 connectivity in the sense of every device has a
one to one global address mapping.
Seems that my initial thought
On Sun, 5 Jul 2015 06:13:52 +, Mel Beckman said:
> In fact, I show just how to do this using a $99 Apple Airport
> Express in my three-hour online course “Build your own IPv6 Lab”
An anectode about this, maybe out of date, maybe not. I was helping my
friend who likes Apple things con
Hi,
Currently IPv4 is rather cheap. The first step is to conserve your
resources by deploying schemes to effectively use your IPv4 allocation. You
have to drop using a /30 for each customer and instead have your customer
on a shared subnet. We group our customers up to 60 customers in a /26.
I do
I don't have any skin in the game, but the following devices popped
into my head while reading that paragraph:
http://www.gogo6.com/gogoware/gogoserver
http://www.gogo6.com/gogoware/gogocpe
Jima
On 2015-07-05 00:13, Mel Beckman wrote:
I predict some enterprising inventor will create (i
48 matches
Mail list logo