Re: How to force rapid ipv6 adoption

2015-10-01 Thread Baldur Norddahl 
On 1 October 2015 at 03:26, Mark Andrews  wrote:

> Windows XP does IPv6 fine so long as there is a IPv4 recursive
> server available.  It's just a simple command to install IPv6.
>
> netsh interface ipv6 install
>

If the customer knew how to do that he wouldn't still be using Windows XP.


> Actually I don't expect Gmail and Facebook to be IPv4 only forever.
>

Gmail and Facebook are already dual stack enabled. But I do not see
Facebook turning off IPv4 for a very long time. Therefore a customer that
only uses the Internet for a few basic things will be able to get along
with being IPv4-only for a very long time.

IPv6 has no killer feature for this customer segment. They will be upgraded
the next time they move and get new equipment. Otherwise they will stay
with what they got until the retirement home.

Regards,

Baldur

Re: Question re session hijacking in dual stack environments w/MacOS

2015-10-01 Thread Dovid Bender 
Have a look at JuiceSSH.

--Original Message--
From: Mark Tinka
Sender: NANOG
To: David Hubbard
To: nanog@nanog.org
Subject: Re: Question re session hijacking in dual stack environments w/MacOS
Sent: Sep 29, 2015 03:23



On 26/Sep/15 16:34, David Hubbard wrote:

>
> Has anyone run into this?  Our users on other platforms don't seem to
> have this issue; linux and MS desktops seem to just use v6 if it's
> available and v4 if not.

I have been tracking down an issue for months where SSH'ing to some
devices (which picks IPv6 by default) from my Mac while in the office
drops the connection, forcing me to reconnect. It's random; sometimes it
happens a lot, sometimes, rarely, other times not at all.

I've sort of suspected OS X to be the issue (10.10.5) here. The
workaround has been to SSH strictly on IPv4 which is always stable. So
it seems to be an issue when the session is carried over IPv6.

This only affects OS X. SSH'ing from FreeBSD, for example, on IPv6 is
stable. To be honest, I've been a little busy to look deeper into this,
but it definitely has something to do with what you describe, I imagine.

Mark.

Regards,

Dovid

gmail admins?

2015-10-01 Thread William Herrin 
Howdy,

Any gmail admins out there? I forward email addressed to me to a gmail
account. Overnight you started returning:

   - Transcript of session follows -
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550 5.7.1 [IR] Our system has detected an excessively high number of invalid
 recipients originating from your account. Contact your service provider for sup
port
554 5.0.0 Service unavailable

There were not temporary failures, you jumped straight to permanent
failures. Emails were about 90% to my own gmail account, a total of
about 80 over 12 hours.

Fix your damn algorithm.

And of course I have to complain publicly because you don't accept
trouble reports privately, instead sending people into useless
dead-end automated help systems.

Thanks,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web:

Re: Quick Update on the North American BCOP Efforts

2015-10-01 Thread Harald Koch 
On 1 October 2015 at 00:37, Chris Grundemann  wrote:

>
> Those that have the information are mostly busy
> engineers, for whom writing documentation is not their favorite thing.
>

There's also the issue that if you ask two NANOG engineers a technical
question you'll get (at least) five answers...

Re: Quick Update on the North American BCOP Efforts

2015-10-01 Thread Yardiel Fuentes 
I wouldn't call it an issue.. it is precisely the potential multiplicity of
practices which gives strong value to a "best Common Operational Practice"
...  that was the experience working towards ratifying a DDoS/DoS BCOP ...
and the BCOP keeps improving... all for the benefit of the Net Ops
community...

Yardiel Fuentes

On Thu, Oct 1, 2015 at 9:35 AM, Harald Koch  wrote:

> On 1 October 2015 at 00:37, Chris Grundemann 
> wrote:
>
> >
> > Those that have the information are mostly busy
> > engineers, for whom writing documentation is not their favorite thing.
> >
>
> There's also the issue that if you ask two NANOG engineers a technical
> question you'll get (at least) five answers...
>



-- 
Yardiel Fuentes

Re: Quick Update on the North American BCOP Efforts

2015-10-01 Thread Roland Dobbins 

On 30 Sep 2015, at 23:37, Chris Grundemann wrote:

The problem is twofold. Those that care the most are the ones who need 
the information, not those who have it

(for obvious reasons).


My view is the opposite - that those who have enough expertise, 
experience, and vision to understand the problem space have already done 
these things (to the degree that they can do so within the constraints 
of their respective organizations), and the people who don't know don't 
even understand that the problem space exists in the first place.


So, educating folks to the point that they understand that the problem 
space exists is The Problem, writ large.


---
Roland Dobbins

Re: IPv6 and Android auto conf

2015-10-01 Thread Hugo Slabbert 


On Mon 2015-Sep-28 21:15:02 +0530, Anurag Bhatia  wrote:


Hi Hugo


(My reply in line)

On Mon, Sep 28, 2015 at 8:50 PM, Hugo Slabbert  wrote:



On Mon 2015-Sep-28 17:33:46 +0530, Anurag Bhatia 
wrote:

Hello everyone





I recently got IPv6 working at home LAN. My Android device (Google Nexus
5)
is connected via wifi to LAN and LAN's core router is Map2N
. I have a /64 on the LAN with
"advertise"
enabled to make ND to work and have autoconfig working on all devices.
There are bunch of other layer 2 devices in LAN but all just acting as
layer 2 transparently and core L3 remains on Map2N.


All works well for most part but only trouble I am getting is on Nexus 5
where after around 24hrs IPv6 stops working.



How, specifically, does it "stop working" on the Nexus 5?
- temp addresses expired and does not generate new, valid, slaac addresses?
- RA entry ages out and doesn't get refreshed?
- cannot reach v6 gateway (ND fails somehow)?


The last one - everything appears normal (with 4 IPv6 addresses on the
device) but I cannot point any neighbor in same VLAN. Nor I can ping from
them.



That sounds either like NDP is busted on the phone or the AP is eating the 
Android device's ND traffic.


When this happens, does the Android device show up in the ND cache of the 
other devices on the network that you are trying to reach/ping?


Does it show up in the ND cache of the segment's router?

If the Android device isn't showing up in other hosts ND caches when you 
try to ping them, can you do a pcap on one of those hosts when you try to 
initiate pings from the Android device to confirm if NS packets are being 
received?


Have you tried doing captures on the Android device directly [1][2][3] to 
see if it still receives RAs when this happens?


The symptoms seem to possibly line up with Android issue #32662[4].  
Possible you're being hit by that?




The visible impact I see of it is slightly slow behavior of IPv6 enabled
apps/websites which take a few seconds, timeout and fallback to IPv4.




Thanks.




Only unusual thing I notice at that time is that phone 4 IPv6 as opposed

to 2 (autoconf and temporary randomised address). Seems like some kind of
issue in way NDP works either on Microtik or phone. The fix I am doing from
few days is to restart wifi and phone interface gets fresh (two) IPv6
addresses and all works well
again.



Anyone facing similar issue? (Note: No issues on OS X or iOS which are in
same LAN)


I can try DHCPv6 but I guess most of devices do not support it yet. (I see
support for that in routerboard though).



Unless something's changed, DHCPv6 IA_NA isn't an option for getting an
IPv6 address assigned to an Android device[1][2]







Thanks.


--


Anurag Bhatia
anuragbhatia.com


PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2




--
Hugo

h...@slabnet.com: email, xmpp/jabber
PGP fingerprint (B178313E):
CF18 15FA 9FE4 0CD1 2319
1D77 9AB1 0FFD B178 313E

[1] https://code.google.com/p/android/issues/detail?id=32621
[2] http://mailman.nanog.org/pipermail/nanog/2015-June/075915.html





--


Anurag Bhatia
anuragbhatia.com


PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2


--
Hugo

h...@slabnet.com: email, xmpp/jabber
PGP fingerprint (B178313E):
CF18 15FA 9FE4 0CD1 2319
1D77 9AB1 0FFD B178 313E

(also on textsecure & redphone)

[1] https://sites.google.com/site/androidarts/packet-sniffer (needs root)
[2] https://www.kismetwireless.net/android-pcap/ (some limitations, but 
shouldn't need root)

[3] https://play.google.com/store/apps/details?id=lv.n3o.shark (needs root)
[4] https://code.google.com/p/android/issues/detail?id=32662


signature.asc
Description: Digital signature

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread David Ramsey 
You might also want to look at Ostinato (open source s/w)

--dmr

David Ramsey
Charlotte, NC

On Thu, Oct 1, 2015 at 12:42 PM, Pablo Lucena 
wrote:

> Cisco has an IOS version called Pagent which allows you to craft whatever
> traffic types you want (you can even push MPLS labels on the packets if you
> want). I've used this in the past for generating client/server traffic
> flows and measuring stats on the flows.
>
> On Thu, Oct 1, 2015 at 12:20 PM, Matthias Flittner <
> matthias.flitt...@gmail.com> wrote:
>
> > Dear colleagues,
> >
> > Currently we are looking for a magic tool with which it is possible to
> > generate specific (realistic) traffic patterns between client and server
> > to analyze (monitor) traffic characteristics (jitter, delay, inter
> > arrival times, etc.).
> >
> > It would be good if that wanted tool is not only able to generate
> > different traffic patterns but also is able to collect different traffic
> > metrics over time. So that it is possible to create catchy plots. :)
> >
> > Any hints or links would be greatly appreciated.
> >
> > Thanks in advance.
> >
> > Best regards,
> > -FliTTi
> >
> >
>

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Dave Taht 
we use flent heavily in the bufferbloat project for creating traffic
like this and analyzing the resulting jitter, latency, and buffering.

https://www.flent.org/

On Thu, Oct 1, 2015 at 6:47 PM, David Ramsey  wrote:
> You might also want to look at Ostinato (open source s/w)
>
> --dmr
>
> David Ramsey
> Charlotte, NC
>
> On Thu, Oct 1, 2015 at 12:42 PM, Pablo Lucena 
> wrote:
>
>> Cisco has an IOS version called Pagent which allows you to craft whatever
>> traffic types you want (you can even push MPLS labels on the packets if you
>> want). I've used this in the past for generating client/server traffic
>> flows and measuring stats on the flows.
>>
>> On Thu, Oct 1, 2015 at 12:20 PM, Matthias Flittner <
>> matthias.flitt...@gmail.com> wrote:
>>
>> > Dear colleagues,
>> >
>> > Currently we are looking for a magic tool with which it is possible to
>> > generate specific (realistic) traffic patterns between client and server
>> > to analyze (monitor) traffic characteristics (jitter, delay, inter
>> > arrival times, etc.).
>> >
>> > It would be good if that wanted tool is not only able to generate
>> > different traffic patterns but also is able to collect different traffic
>> > metrics over time. So that it is possible to create catchy plots. :)
>> >
>> > Any hints or links would be greatly appreciated.
>> >
>> > Thanks in advance.
>> >
>> > Best regards,
>> > -FliTTi
>> >
>> >
>>



-- 
Dave Täht
Do you want faster, better, wifi? https://www.patreon.com/dtaht

wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Matthias Flittner 
Dear colleagues,

Currently we are looking for a magic tool with which it is possible to
generate specific (realistic) traffic patterns between client and server
to analyze (monitor) traffic characteristics (jitter, delay, inter
arrival times, etc.).

It would be good if that wanted tool is not only able to generate
different traffic patterns but also is able to collect different traffic
metrics over time. So that it is possible to create catchy plots. :)

Any hints or links would be greatly appreciated.

Thanks in advance.

Best regards,
-FliTTi

RE: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Jameson, Daniel 
How much traffic, and what data-points are you looking to describe? Is the 
environment a controlled/sealed lab world (No access to the InterWebs)

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthias Flittner
Sent: Thursday, October 01, 2015 11:21 AM
To: nanog@nanog.org
Subject: wanted: tool for traffic generation / characteristics / monitoring

Dear colleagues,

Currently we are looking for a magic tool with which it is possible to generate 
specific (realistic) traffic patterns between client and server to analyze 
(monitor) traffic characteristics (jitter, delay, inter arrival times, etc.).

It would be good if that wanted tool is not only able to generate different 
traffic patterns but also is able to collect different traffic metrics over 
time. So that it is possible to create catchy plots. :)

Any hints or links would be greatly appreciated.

Thanks in advance.

Best regards,
-FliTTi

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Pablo Lucena 
Cisco has an IOS version called Pagent which allows you to craft whatever
traffic types you want (you can even push MPLS labels on the packets if you
want). I've used this in the past for generating client/server traffic
flows and measuring stats on the flows.

On Thu, Oct 1, 2015 at 12:20 PM, Matthias Flittner <
matthias.flitt...@gmail.com> wrote:

> Dear colleagues,
>
> Currently we are looking for a magic tool with which it is possible to
> generate specific (realistic) traffic patterns between client and server
> to analyze (monitor) traffic characteristics (jitter, delay, inter
> arrival times, etc.).
>
> It would be good if that wanted tool is not only able to generate
> different traffic patterns but also is able to collect different traffic
> metrics over time. So that it is possible to create catchy plots. :)
>
> Any hints or links would be greatly appreciated.
>
> Thanks in advance.
>
> Best regards,
> -FliTTi
>
>

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Ca By 
On Thu, Oct 1, 2015 at 9:20 AM, Matthias Flittner <
matthias.flitt...@gmail.com> wrote:

> Dear colleagues,
>
> Currently we are looking for a magic tool with which it is possible to
> generate specific (realistic) traffic patterns between client and server
> to analyze (monitor) traffic characteristics (jitter, delay, inter
> arrival times, etc.).
>
> It would be good if that wanted tool is not only able to generate
> different traffic patterns but also is able to collect different traffic
> metrics over time. So that it is possible to create catchy plots. :)
>
> Any hints or links would be greatly appreciated.
>
> Thanks in advance.
>
> Best regards,
> -FliTTi
>
>
By this this http://trex-tgn.cisco.com/

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Jay Turner 
Ostinato is an open source tool billed as "a reverse Wireshark" which might
fit your needs.  http://ostinato.org/

- jkt

On Thu, Oct 1, 2015 at 9:44 AM Pablo Lucena 
wrote:

> Cisco has an IOS version called Pagent which allows you to craft whatever
> traffic types you want (you can even push MPLS labels on the packets if you
> want). I've used this in the past for generating client/server traffic
> flows and measuring stats on the flows.
>
> On Thu, Oct 1, 2015 at 12:20 PM, Matthias Flittner <
> matthias.flitt...@gmail.com> wrote:
>
> > Dear colleagues,
> >
> > Currently we are looking for a magic tool with which it is possible to
> > generate specific (realistic) traffic patterns between client and server
> > to analyze (monitor) traffic characteristics (jitter, delay, inter
> > arrival times, etc.).
> >
> > It would be good if that wanted tool is not only able to generate
> > different traffic patterns but also is able to collect different traffic
> > metrics over time. So that it is possible to create catchy plots. :)
> >
> > Any hints or links would be greatly appreciated.
> >
> > Thanks in advance.
> >
> > Best regards,
> > -FliTTi
> >
> >
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Owen DeLong 

> On Oct 1, 2015, at 00:39 , Baldur Norddahl  wrote:
> 
> On 1 October 2015 at 03:26, Mark Andrews  wrote:
> 
>> Windows XP does IPv6 fine so long as there is a IPv4 recursive
>> server available.  It's just a simple command to install IPv6.
>> 
>>netsh interface ipv6 install
>> 
> 
> If the customer knew how to do that he wouldn't still be using Windows XP.
> 
> 
>> Actually I don't expect Gmail and Facebook to be IPv4 only forever.
>> 
> 
> Gmail and Facebook are already dual stack enabled. But I do not see
> Facebook turning off IPv4 for a very long time. Therefore a customer that
> only uses the Internet for a few basic things will be able to get along
> with being IPv4-only for a very long time.
> 

Yes and no…

I think you are right about facebook.

However, I think eventually the residential ISPs are going to start charging 
extra
for IPv4 service. Some residences may pay for it initially, but if they think 
there’s a
way to move away from it and the ISPs start fingerpointing to the specific 
laggards,
you’ll see a groundswell of consumers pushing to find alternatives.

Owen

wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Matthias Flittner 
Dear colleagues,

Currently we are looking for a magic tool with which it is possible to
generate specific (realistic) traffic patterns between client and server
to analyze (monitor) traffic characteristics (jitter, delay, inter
arrival times, etc.).

It would be good if that wanted tool is not only able to generate
different traffic patterns but also is able to collect different traffic
metrics over time. So that it is possible to create catchy plots. :)

Any hints or links would be greatly appreciated.

Thanks in advance.

Best regards,
-FliTTi

--
Karlsruhe Institute of Technology (KIT)
Institute of Telematics

Matthias Flittner, M.Sc.

Kaiserstr. 12
Building 20.20; Room 365
76131 Karlsruhe, Germany

Phone:  +49 721 608-46416
Fax: +49 721 608-46789
Mobile: +49 176 21940967
Email: matthias.flitt...@kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Research Center of the Helmholtz Associationwe

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Eduardo Schoedler 
Mikrotik Traffic-Gen?
You can create a lot of packet templates.
http://wiki.mikrotik.com/wiki/Manual:Performance_Testing_with_Traffic_Generator

--
Eduardo Schoedler


2015-10-01 13:20 GMT-03:00 Matthias Flittner :
> Dear colleagues,
>
> Currently we are looking for a magic tool with which it is possible to
> generate specific (realistic) traffic patterns between client and server
> to analyze (monitor) traffic characteristics (jitter, delay, inter
> arrival times, etc.).
>
> It would be good if that wanted tool is not only able to generate
> different traffic patterns but also is able to collect different traffic
> metrics over time. So that it is possible to create catchy plots. :)
>
> Any hints or links would be greatly appreciated.
>
> Thanks in advance.
>
> Best regards,
> -FliTTi
>



-- 
Eduardo Schoedler

RE: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Darden, Patrick 

You can easily make one-way traffic patterns using nmap.  You could use ping -A 
to do adaptive ping, or ping -f to flood, both of which would help you find out 
some simple metrics (dropped packets, intervals, pps, etc.).

or

You could use Expect to script some common functions, then just run them to 
generate traffic patterns (e.g. FTP/SFTP/Telnet/SplunkCLI).  You could easily 
script some WGETs or the like as well for HTTP/HTTPS/FTP.  Some of the 
resulting metrics would depend on the servers (how fast they are, how much load 
they have, etc.).

or

You could packet sniff some real traffic, then replay them with tcpreplay.  
This would work for a nework with one piece you were testing (one 
switch/router/firewall/etc.).

--p


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthias Flittner
Sent: Thursday, October 01, 2015 11:21 AM
To: nanog@nanog.org
Subject: [EXTERNAL]wanted: tool for traffic generation / characteristics / 
monitoring

Dear colleagues,

Currently we are looking for a magic tool with which it is possible to generate 
specific (realistic) traffic patterns between client and server to analyze 
(monitor) traffic characteristics (jitter, delay, inter arrival times, etc.).

It would be good if that wanted tool is not only able to generate different 
traffic patterns but also is able to collect different traffic metrics over 
time. So that it is possible to create catchy plots. :)

Any hints or links would be greatly appreciated.

Thanks in advance.

Best regards,
-FliTTi

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread Jay Turner 
Ostinato is an open source tool billed as "a reverse Wireshark" which might
fit your needs.  http://ostinato.org/

- jkt
-- 
Jay Turner, Director, CloudRouter DevOps, IIX Inc.
Lead, CloudRouter Project
✉ j...@iix.net ☎: +1-919-633-0619

The information transmitted in this email, including any file attachments,
is intended only for the person(s) or entity to which it is addressed and
may contain confidential and/or privileged material. If you have received
this email in error please notify us immediately and delete the message
from your computer system. If you are not the intended recipient, you are
notified that printing, disclosing, copying, or distributing this
information is strictly prohibited. The sender cannot guarantee that this
email or any attachment to it is free of malicious code.  The sender
accepts no liability for any damage caused by any virus transmitted by this
email.

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Curtis Maurand 



On 10/1/2015 2:29 PM, Owen DeLong wrote:

On Oct 1, 2015, at 00:39 , Baldur Norddahl  wrote:

On 1 October 2015 at 03:26, Mark Andrews  wrote:


Windows XP does IPv6 fine so long as there is a IPv4 recursive
server available.  It's just a simple command to install IPv6.

netsh interface ipv6 install


If the customer knew how to do that he wouldn't still be using Windows XP.



Actually I don't expect Gmail and Facebook to be IPv4 only forever.


Gmail and Facebook are already dual stack enabled. But I do not see
Facebook turning off IPv4 for a very long time. Therefore a customer that
only uses the Internet for a few basic things will be able to get along
with being IPv4-only for a very long time.


Yes and no…

I think you are right about facebook.

However, I think eventually the residential ISPs are going to start charging 
extra
for IPv4 service. Some residences may pay for it initially, but if they think 
there’s a
way to move away from it and the ISPs start fingerpointing to the specific 
laggards,
you’ll see a groundswell of consumers pushing to find alternatives.

Owen

ipv6 is going to force a lot of consumers to replace hardware. Worse, 
it's not easy to set up and get right as ipv4 is.


--Curtis

Re: Extra Fairmont Room

2015-10-01 Thread Brandon Ross 

The room is now spoken for.

On Thu, 1 Oct 2015, Brandon Ross wrote:

I have one extra room at the Fairmont under the NANOG room block rate of 
CA$199/night.  If you want it before I cancel it, let me know.  First come, 
first served.





--
Brandon Ross  Yahoo & AIM:  BrandonNRoss
+1-404-635-6667ICQ:  2269442
 Skype:  brandonross
Schedule a meeting:  http://www.doodle.com/bross

RE: gmail admins?

2015-10-01 Thread Gary T. Giesen 
Bill I ran into this same issue some time ago.

I had to move my mail off of Gmail for the same reason. In my case it was on a 
shared box with people who were not forwarding to Gmail and was causing issues 
for them sending to Gmail.

Gmail really needs a "this server is forwarding email to me" setting.

Cheers,

GTG

> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of William
> Herrin
> Sent: October 1, 2015 8:26 AM
> To: nanog@nanog.org
> Subject: gmail admins?
> 
> Howdy,
> 
> Any gmail admins out there? I forward email addressed to me to a gmail
> account. Overnight you started returning:
> 
>- Transcript of session follows - ... while talking to gmail-smtp-
> in.l.google.com.:
> >>> DATA
> <<< 550 5.7.1 [IR] Our system has detected an excessively high number of
> invalid  recipients originating from your account. Contact your service
> provider for sup port
> 554 5.0.0 Service unavailable
> 
> There were not temporary failures, you jumped straight to permanent
> failures. Emails were about 90% to my own gmail account, a total of about 80
> over 12 hours.
> 
> Fix your damn algorithm.
> 
> And of course I have to complain publicly because you don't accept trouble
> reports privately, instead sending people into useless dead-end automated
> help systems.
> 
> Thanks,
> Bill Herrin
> 
> 
> --
> William Herrin  her...@dirtside.com  b...@herrin.us Owner,
> Dirtside Systems . Web:

Re: gmail admins?

2015-10-01 Thread John Levine 
>Gmail really needs a "this server is forwarding email to me" setting.

That's what the "pick up mail using POP" feature is for.  It works a
lot better.

I've tried a kludge where I run all of the mail to be forwarded through
spamassassin, forward the stuff with squeakly clean low scores, and locally
deliver the iffy stuff to be picked up by Gmail's POP client.

R's,
John

Extra Fairmont Room

2015-10-01 Thread Brandon Ross 
I have one extra room at the Fairmont under the NANOG room block rate of 
CA$199/night.  If you want it before I cancel it, let me know.  First 
come, first served.


--
Brandon Ross  Yahoo & AIM:  BrandonNRoss
+1-404-635-6667ICQ:  2269442
 Skype:  brandonross
Schedule a meeting:  http://www.doodle.com/bross

Re: wanted: tool for traffic generation / characteristics / monitoring

2015-10-01 Thread alvin nanog 

hi matthias

On 10/01/15 at 03:41pm, Matthias Flittner wrote:
> Dear colleagues,
> 
> Currently we are looking for a magic tool with which it is possible to
> generate specific (realistic) traffic patterns between client and server
> to analyze (monitor) traffic characteristics (jitter, delay, inter
> arrival times, etc.).

generating traffic and monitoring traffic is usually not done
by the same apps  there's hundreds of monitoring apps
and hundreds of traffic generators

delay is done very nicely by dummynet in FreeBSD or 
(untested by me ) with NS3 in linux 

i don't understand simulating jitter, but, one can always use 
"delay + random number" 

> It would be good if that wanted tool is not only able to generate
> different traffic patterns

if you want to play with the headers ... that'd imply playing with
nmap/hping3/socat and dozens of other equivalent apps

if you're just trying to flood the wire ... nc/socat/iperf etc

> but also is able to collect different traffic
> metrics over time. So that it is possible to create catchy plots. :)

"what metrics" you want to collect and how to you want to see it
would dictate which apps you'd be using
- tcp queue/buffers
- dropped packets
- delays
- retries
- udp vs tcp vs icmp vs ...
- stuff ...

xmit/recv buffers in the hardware, default buffers in the OS and 
buffers in the software apps must all be tuned to the same gigE 
or 10gigE speeds otherwise, whacky stuff will happen

for "catchy plots", you'd want gnuplot so you can (infinitely) zoom in 
into the section you want to see dot-by-dot

for big picture ... netstat, ntop, (not much info) mrtg, etc, etc

big list of apps
Packet-Craft.net/Apps

> Any hints or links would be greatly appreciated.

if you're a proficient python'er, you'd probably like scapy
which can do everything you'd need to customize any packet

magic pixie dust
alvin
#
# Packet-Craft.net/Apps
#

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Owen DeLong 

> On Oct 1, 2015, at 12:06 , Curtis Maurand  wrote:
> 
> 
> 
> On 10/1/2015 2:29 PM, Owen DeLong wrote:
>>> On Oct 1, 2015, at 00:39 , Baldur Norddahl  
>>> wrote:
>>> 
>>> On 1 October 2015 at 03:26, Mark Andrews  wrote:
>>> 
 Windows XP does IPv6 fine so long as there is a IPv4 recursive
 server available.  It's just a simple command to install IPv6.
 
netsh interface ipv6 install
 
>>> If the customer knew how to do that he wouldn't still be using Windows XP.
>>> 
>>> 
 Actually I don't expect Gmail and Facebook to be IPv4 only forever.
 
>>> Gmail and Facebook are already dual stack enabled. But I do not see
>>> Facebook turning off IPv4 for a very long time. Therefore a customer that
>>> only uses the Internet for a few basic things will be able to get along
>>> with being IPv4-only for a very long time.
>>> 
>> Yes and no…
>> 
>> I think you are right about facebook.
>> 
>> However, I think eventually the residential ISPs are going to start charging 
>> extra
>> for IPv4 service. Some residences may pay for it initially, but if they 
>> think there’s a
>> way to move away from it and the ISPs start fingerpointing to the specific 
>> laggards,
>> you’ll see a groundswell of consumers pushing to find alternatives.
>> 
>> Owen
>> 
> ipv6 is going to force a lot of consumers to replace hardware. Worse, it's 
> not easy to set up and get right as ipv4 is.
> 
> --Curtis

You’re going to have to elaborate on that one…. I think IPv6 is actually quite 
a bit easier than IPv4, so please explicate
in what ways it is harder to set up and get right?

For the average household, it’s plug the IPv6-capable router in and let it go.

For more advanced environments, it might take nearly as much effort as IPv4 and 
the unfamiliarity might add a couple
of additional challenges the first time, but once you get past that, IPv6 has a 
lot of features that actually make it
easier than IPv4.

Not having to deal with NAT being just one of the big ones.

Owen

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Grzegorz Janoszka 

On 2015-10-01 20:29, Owen DeLong wrote:

However, I think eventually the residential ISPs are going to start charging 
extra
for IPv4 service.


ISP's will not charge too much. With too expensive IPv4 many customers 
will migrate from v4/dual stack to v6-only and ISP's will be left with 
unused IPv4 addresses and less income.


Will ISP's still find other profitable usage for v4 addresses? If not, 
they will be probably be quite slowly rising IPv4 pricing, not wanting 
to overprice it.


Even with $1/IPv4/month - what will be the ROI of a brand new home router?

--
Grzegorz Janoszka

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Peter Beckman 

That reminds me of a story.

Once a teacher gave each of his students a tube of toothpaste. He said
"Squeeze all of the toothpaste out of the tube on to your desk." The kids
laughed and did it, making a giant mess and having a ball. When things
settled down, the teacher said "Now put all of the toothpaste back into the
tube." The kids fell silent. A few of them even tried the futile task.

Then the teacher said "The toothpaste is the Internet. Once it's deployed,
it is nearly impossible to put it back the way it was."*

Beckman

* OK, the teacher said "The toothpaste are your words. Once they come out,
you can't put them back in." Or something. My storytelling skills need
work.

On Thu, 1 Oct 2015, jungle Boogie wrote:


On 29 September 2015 at 13:37, David Hubbard
 wrote:

Had an idea the other day; we just need someone with a lot of cash
(google, apple, etc) to buy Netflix and then make all new releases
v6-only for the first 48 hours.  I bet my lame Brighthouse and Fios
service would be v6-enabled before the end of the following week lol.


Let's just put less stuff on the internet and revert pre-internet days.


--
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si



---
Peter Beckman  Internet Guy
beck...@angryox.com http://www.angryox.com/
---

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Matthew Newton 
On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> it's just a new addressing protocol that happens to not work with the rest
> of the internet.  it's unfortunate that we made that mistake, but i guess
> we're stuck with that now (i wish i could say something about lessons
> learned but i don't think any one of us has learned a lesson yet).

Would be really interesting to know how you would propose
squeezing 128 bits of address data into a 32 bit field so that we
could all continue to use IPv4 with more addresses than it's has
available to save having to move to this new incompatible format.

:-)

Matthew


-- 
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253,

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Owen DeLong 

> On Oct 1, 2015, at 13:55 , Grzegorz Janoszka  wrote:
> 
> On 2015-10-01 20:29, Owen DeLong wrote:
>> However, I think eventually the residential ISPs are going to start charging 
>> extra
>> for IPv4 service.
> 
> ISP's will not charge too much. With too expensive IPv4 many customers will 
> migrate from v4/dual stack to v6-only and ISP's will be left with unused IPv4 
> addresses and less income.

Nope… They’ll be left with unused IPv4 addresses which is not a significant 
source of income and they’ll be able to significantly reduce the costs incurred
in supporting things like CGNAT.

> Will ISP's still find other profitable usage for v4 addresses? If not, they 
> will be probably be quite slowly rising IPv4 pricing, not wanting to 
> overprice it.

Probably they will sell it to business customers instead of the residential 
customers. However, we’re talking about relatively large numbers of customers
for relatively small numbers of IPv4 addresses that aren’t producing revenue 
directly at this time anyway.

> Even with $1/IPv4/month - what will be the ROI of a brand new home router?

About 2.5 years at that price since a brand new home router is about $29.

Owen

Re: How to force rapid ipv6 adoption

2015-10-01 Thread jungle Boogie 
On 29 September 2015 at 13:37, David Hubbard
 wrote:
> Had an idea the other day; we just need someone with a lot of cash
> (google, apple, etc) to buy Netflix and then make all new releases
> v6-only for the first 48 hours.  I bet my lame Brighthouse and Fios
> service would be v6-enabled before the end of the following week lol.

Let's just put less stuff on the internet and revert pre-internet days.


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Mark Andrews 

In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com>, Owen DeLong 
writes:
>
> > On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
> wrote:
> >
> > On 2015-10-01 20:29, Owen DeLong wrote:
> >> However, I think eventually the residential ISPs are going to start
> charging extra
> >> for IPv4 service.
> >
> > ISP's will not charge too much. With too expensive IPv4 many customers
> will migrate from v4/dual stack to v6-only and ISP's will be left with
> unused IPv4 addresses and less income.
>
> Nope… They’ll be left with unused IPv4 addresses which is not a
> significant source of income and they’ll be able to significantly reduce
> the costs incurred
> in supporting things like CGNAT.
>
> > Will ISP's still find other profitable usage for v4 addresses? If not,
> they will be probably be quite slowly rising IPv4 pricing, not wanting to
> overprice it.
>
> Probably they will sell it to business customers instead of the
> residential customers. However, we’re talking about relatively large
> numbers of customers
> for relatively small numbers of IPv4 addresses that aren’t producing
> revenue directly at this time anyway.
>
> > Even with $1/IPv4/month - what will be the ROI of a brand new home
> router?
>
> About 2.5 years at that price since a brand new home router is about $29.
>
> Owen

The hard part is the internet connected TV's and other stuff which
fetches content over the internet which are IPv4 only despite being
released when IPv6 existed.  These are theoretically upgradable to
support IPv6 so long as the manufactures release a IPv6 capable
image.  The real question is will governments force them to do this.

Upgrading the router is a no brainer.  Upgrading the TV, games
consoles, e-readers, etc. starts to add up.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Chuck Anderson 
On Fri, Oct 02, 2015 at 08:28:13AM +1000, Mark Andrews wrote:
> 
> In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com>, Owen DeLong 
> writes:
> >
> > > On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
> > wrote:
> > >
> > > On 2015-10-01 20:29, Owen DeLong wrote:
> > >> However, I think eventually the residential ISPs are going to start
> > charging extra
> > >> for IPv4 service.
> > >
> > > ISP's will not charge too much. With too expensive IPv4 many customers
> > will migrate from v4/dual stack to v6-only and ISP's will be left with
> > unused IPv4 addresses and less income.
> >
> > Nope… They’ll be left with unused IPv4 addresses which is not a
> > significant source of income and they’ll be able to significantly reduce
> > the costs incurred
> > in supporting things like CGNAT.
> >
> > > Will ISP's still find other profitable usage for v4 addresses? If not,
> > they will be probably be quite slowly rising IPv4 pricing, not wanting to
> > overprice it.
> >
> > Probably they will sell it to business customers instead of the
> > residential customers. However, we’re talking about relatively large
> > numbers of customers
> > for relatively small numbers of IPv4 addresses that aren’t producing
> > revenue directly at this time anyway.
> >
> > > Even with $1/IPv4/month - what will be the ROI of a brand new home
> > router?
> >
> > About 2.5 years at that price since a brand new home router is about $29.
> >
> > Owen
> 
> The hard part is the internet connected TV's and other stuff which
> fetches content over the internet which are IPv4 only despite being
> released when IPv6 existed.  These are theoretically upgradable to
> support IPv6 so long as the manufactures release a IPv6 capable
> image.  The real question is will governments force them to do this.
> 
> Upgrading the router is a no brainer.  Upgrading the TV, games
> consoles, e-readers, etc. starts to add up.

Just brand it as the new "6-D" TV with "128 bits of goodness to
outperform your obsolete 32 bit TV!".  Then people will flock to the
stores to upgrade...

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Todd Underwood 
i'm still confused, to be honest.

why are we 'encouraging' 'evangelizing' or 'forcing' ipv6 adoption.

it's just a new addressing protocol that happens to not work with the rest
of the internet.  it's unfortunate that we made that mistake, but i guess
we're stuck with that now (i wish i could say something about lessons
learned but i don't think any one of us has learned a lesson yet).

so people will renumber their network assets into this new network
namespace when either:

1) the new non-internet ipv6 network has enough good stuff only on it that
it makes sense to go over there; or

2) the old ipv4 internet addresses get so expensive that ain't no one
willing to pay.

right now, neither of those things are true.  so people who are adopting
ipv6 are doing so for two reason:

A) blind, unmotivated religious reasons.  they "believe" in this new
protocol and have somehow managed to tie their identity up in it.  (this is
clearly a mistake for an engineer:  technology comes and goes.  don't ever
tie your identity up in some technology or you'll end up advocating DECNET
for the cloud at some point.  it won't be pretty).

B) strategic reasons.  there are people who think that switching costs are
going to be high and that there's an advantage to moving earlier to be
ready for coming demand when #1 or #2 above happen.  unlike A, B is
completely rational and smart.  it might be wrong, but it's not stupid at
all.  put mike leber and HE in this B category.

the only reason people are *advocating* ipv6 right now are that they've
made a religious choice, which is weird and should be a personal, not
public choice unless they are great commission ipv6 adherants [1], *or*
they have a vested interest in getting your business.

the first reason is religion and is off-topic for nanog and the second
reason is marketing (however well intentioned) and should also be off topic
for nanog.

so can we stop talking about ipv6 advocacy and move on to the network
engineering topics, please?  if someone is running ipv6 for whatever reason
and has questions, awesome.  if someone wants to talk about addressing
schemes, awesome.  but trying to convince someone to run LAT^H^H^Hipv6 or
whatever disconnected network protocol they're advocating today?  not
useful.

cheers,

t



On Thu, Oct 1, 2015 at 6:32 PM Mark Andrews  wrote:

>
> In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com>, Owen DeLong
> writes:
> >
> > > On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
> > wrote:
> > >
> > > On 2015-10-01 20:29, Owen DeLong wrote:
> > >> However, I think eventually the residential ISPs are going to start
> > charging extra
> > >> for IPv4 service.
> > >
> > > ISP's will not charge too much. With too expensive IPv4 many customers
> > will migrate from v4/dual stack to v6-only and ISP's will be left with
> > unused IPv4 addresses and less income.
> >
> > Nope… They’ll be left with unused IPv4 addresses which is not a
> > significant source of income and they’ll be able to significantly reduce
> > the costs incurred
> > in supporting things like CGNAT.
> >
> > > Will ISP's still find other profitable usage for v4 addresses? If not,
> > they will be probably be quite slowly rising IPv4 pricing, not wanting to
> > overprice it.
> >
> > Probably they will sell it to business customers instead of the
> > residential customers. However, we’re talking about relatively large
> > numbers of customers
> > for relatively small numbers of IPv4 addresses that aren’t producing
> > revenue directly at this time anyway.
> >
> > > Even with $1/IPv4/month - what will be the ROI of a brand new home
> > router?
> >
> > About 2.5 years at that price since a brand new home router is about $29.
> >
> > Owen
>
> The hard part is the internet connected TV's and other stuff which
> fetches content over the internet which are IPv4 only despite being
> released when IPv6 existed.  These are theoretically upgradable to
> support IPv6 so long as the manufactures release a IPv6 capable
> image.  The real question is will governments force them to do this.
>
> Upgrading the router is a no brainer.  Upgrading the TV, games
> consoles, e-readers, etc. starts to add up.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Owen DeLong 

> On Oct 1, 2015, at 15:28 , Mark Andrews  wrote:
> 
> 
> In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com>, Owen DeLong 
> writes:
>> 
>>> On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
>> wrote:
>>> 
>>> On 2015-10-01 20:29, Owen DeLong wrote:
 However, I think eventually the residential ISPs are going to start
>> charging extra
 for IPv4 service.
>>> 
>>> ISP's will not charge too much. With too expensive IPv4 many customers
>> will migrate from v4/dual stack to v6-only and ISP's will be left with
>> unused IPv4 addresses and less income.
>> 
>> Nope… They’ll be left with unused IPv4 addresses which is not a
>> significant source of income and they’ll be able to significantly reduce
>> the costs incurred
>> in supporting things like CGNAT.
>> 
>>> Will ISP's still find other profitable usage for v4 addresses? If not,
>> they will be probably be quite slowly rising IPv4 pricing, not wanting to
>> overprice it.
>> 
>> Probably they will sell it to business customers instead of the
>> residential customers. However, we’re talking about relatively large
>> numbers of customers
>> for relatively small numbers of IPv4 addresses that aren’t producing
>> revenue directly at this time anyway.
>> 
>>> Even with $1/IPv4/month - what will be the ROI of a brand new home
>> router?
>> 
>> About 2.5 years at that price since a brand new home router is about $29.
>> 
>> Owen
> 
> The hard part is the internet connected TV's and other stuff which
> fetches content over the internet which are IPv4 only despite being
> released when IPv6 existed.  These are theoretically upgradable to
> support IPv6 so long as the manufactures release a IPv6 capable
> image.  The real question is will governments force them to do this.

Governments are unlikely to force this issue.

However, what I think will happen (and I wish I had the hardware skills
to build the device) is that someone will come up with a compact, cheap
(think price of Raspberry PI) device with two 100Mbps ethernet ports.
One will be an RJ45 plug and the other will be a socket.

The socket will support POE for powering the device.

The device will have a small linux kernel and provide DNS64/DHCP4/NAT64 services
to the RJ45 plug and the jack will connect to the IPv6-only port in the house.

The software is already completely available as open source. There’s a tiny
bit of integration to do.

If you do this for IPv6-capable services on the outside and don’t need to 
connect to IPv4
laggards, this is a relatively simple solution. If you need to preserve IPv4 
connectivity to
the outside world, it gets a little more complicated, but not a lot.


> Upgrading the router is a no brainer.  Upgrading the TV, games
> consoles, e-readers, etc. starts to add up.

I’m betting that if someone offered the device I suggested above for a price 
point around
$40 (add a small amount of money for a cheap POE injector if needed), it would 
do the
trick.

Owen

RE: How to force rapid ipv6 adoption

2015-10-01 Thread Tony Wicks 
> 
> That sounds like only using 6to4 addresses until the entire internet
supports IPv6.
> Unfortunately there were NEVER enough IPv4 addresses to actually do that.
We
> were effectively out of IPv4 addresses before we started.
> 

People tend to forget that TCP/IP was not the only routing protocol out
there all those years ago. What if OSI or one of the others had prospered
instead ? IPv4 kind of morphed into the Internet as we know it more it more
from good luck than good planning I would say. Things could have been a lot
worse !

To name a few - IPX, X25, Banyan Vines, DECnet and even Appletalk! Ovbiously
many of these could not grow into the "internet" but.

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Owen DeLong 
OK… Let’s look at the ASN32 process.

Use ASN 23456 (16-bit) in the AS-Path in place of each ASN32 entry in the path.
Preserve the ASN32 path in a separate area of the BGP attributes.

So, where in the IPv4 packet do you suggest we place these extra 128 bits of 
address?

Further, what mechanism do you propose for forwarding to the 128 bit 
destination by
looking at the value in the 32 bit field?

The closest I can come to a viable implementation of what you propose would be
to encapsulate IPv6 packets between IPv6 compatible hosts in an IPv4 datagram
which is pretty much what 6in4 would be.

If you want the end host on the other side to be able to send a reply packet, 
then
it pretty much has to be able to somehow handle that 128 bit reply address
to set up the destination for the reply packet, no? (No such requirements for 
ASN32).

Seriously, Todd, this is trolling pure and simple.

Unless you have an actual complete mechanism for solving the problem, you’re 
just
doing what you do best… Trolling.

Admittedly, most of your trolling has enough comedic value that we laugh and get
past it, but nonetheless, let’s see if you have a genuine solution to offer or 
if this
is just bluster.

Owen

> On Oct 1, 2015, at 16:52 , Todd Underwood  wrote:
> 
> I can't tell if this question is serious. It's either making fun of the
> embarrassingly inadequate job we have done on this transition out it's
> naive and ignorant in a genius way.
> 
> Read the asn32 migration docs for one that migrations like this can be
> properly done.
> 
> This was harder but not impossible. We just chose badly for decades and now
> we have NAT *and* a dumb migration.
> 
> Oh well.
> 
> T
> On Oct 1, 2015 19:26, "Matthew Newton"  wrote:
> 
>> On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
>>> it's just a new addressing protocol that happens to not work with the
>> rest
>>> of the internet.  it's unfortunate that we made that mistake, but i guess
>>> we're stuck with that now (i wish i could say something about lessons
>>> learned but i don't think any one of us has learned a lesson yet).
>> 
>> Would be really interesting to know how you would propose
>> squeezing 128 bits of address data into a 32 bit field so that we
>> could all continue to use IPv4 with more addresses than it's has
>> available to save having to move to this new incompatible format.
>> 
>> :-)
>> 
>> Matthew
>> 
>> 
>> --
>> Matthew Newton, Ph.D. 
>> 
>> Systems Specialist, Infrastructure Services,
>> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>> 
>> For IT help contact helpdesk extn. 2253, 
>>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Todd Underwood 
Yep. Nat is terrible. Dual stack is even worse for end user exclusive.
Clients that migrate back and forth between different protocols at will
(hello Mac OS) are going to be really challenging for everyone, too.

But we didn't get magical, free, simple migration. So we could have done
some kind of 8+8 or LISP thing but we didn't. And here we are.


T

On Thu, Oct 1, 2015, 21:15 Dovid Bender  wrote:

> Nothing to do with religion at all. I advocate IPv6 all the time as some
> one who deals a lot with SIP. The issues are endless when dealing with NAT.
> NAT is an ugly hack and should die already. It will take a few years for
> router manufactures to get it right but them they do it will be better for
> all.
>
> Regards,
>
> Dovid
>
> -Original Message-
> From: Todd Underwood 
> Sender: "NANOG" Date: Thu, 01 Oct 2015 22:42:57
> To: Mark Andrews; Owen DeLong
> Cc: 
> Subject: Re: How to force rapid ipv6 adoption
>
> i'm still confused, to be honest.
>
> why are we 'encouraging' 'evangelizing' or 'forcing' ipv6 adoption.
>
> it's just a new addressing protocol that happens to not work with the rest
> of the internet.  it's unfortunate that we made that mistake, but i guess
> we're stuck with that now (i wish i could say something about lessons
> learned but i don't think any one of us has learned a lesson yet).
>
> so people will renumber their network assets into this new network
> namespace when either:
>
> 1) the new non-internet ipv6 network has enough good stuff only on it that
> it makes sense to go over there; or
>
> 2) the old ipv4 internet addresses get so expensive that ain't no one
> willing to pay.
>
> right now, neither of those things are true.  so people who are adopting
> ipv6 are doing so for two reason:
>
> A) blind, unmotivated religious reasons.  they "believe" in this new
> protocol and have somehow managed to tie their identity up in it.  (this is
> clearly a mistake for an engineer:  technology comes and goes.  don't ever
> tie your identity up in some technology or you'll end up advocating DECNET
> for the cloud at some point.  it won't be pretty).
>
> B) strategic reasons.  there are people who think that switching costs are
> going to be high and that there's an advantage to moving earlier to be
> ready for coming demand when #1 or #2 above happen.  unlike A, B is
> completely rational and smart.  it might be wrong, but it's not stupid at
> all.  put mike leber and HE in this B category.
>
> the only reason people are *advocating* ipv6 right now are that they've
> made a religious choice, which is weird and should be a personal, not
> public choice unless they are great commission ipv6 adherants [1], *or*
> they have a vested interest in getting your business.
>
> the first reason is religion and is off-topic for nanog and the second
> reason is marketing (however well intentioned) and should also be off topic
> for nanog.
>
> so can we stop talking about ipv6 advocacy and move on to the network
> engineering topics, please?  if someone is running ipv6 for whatever reason
> and has questions, awesome.  if someone wants to talk about addressing
> schemes, awesome.  but trying to convince someone to run LAT^H^H^Hipv6 or
> whatever disconnected network protocol they're advocating today?  not
> useful.
>
> cheers,
>
> t
>
>
>
> On Thu, Oct 1, 2015 at 6:32 PM Mark Andrews  wrote:
>
> >
> > In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com>, Owen
> DeLong
> > writes:
> > >
> > > > On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
> > > wrote:
> > > >
> > > > On 2015-10-01 20:29, Owen DeLong wrote:
> > > >> However, I think eventually the residential ISPs are going to start
> > > charging extra
> > > >> for IPv4 service.
> > > >
> > > > ISP's will not charge too much. With too expensive IPv4 many
> customers
> > > will migrate from v4/dual stack to v6-only and ISP's will be left with
> > > unused IPv4 addresses and less income.
> > >
> > > Nope… They’ll be left with unused IPv4 addresses which is not a
> > > significant source of income and they’ll be able to significantly
> reduce
> > > the costs incurred
> > > in supporting things like CGNAT.
> > >
> > > > Will ISP's still find other profitable usage for v4 addresses? If
> not,
> > > they will be probably be quite slowly rising IPv4 pricing, not wanting
> to
> > > overprice it.
> > >
> > > Probably they will sell it to business customers instead of the
> > > residential customers. However, we’re talking about relatively large
> > > numbers of customers
> > > for relatively small numbers of IPv4 addresses that aren’t producing
> > > revenue directly at this time anyway.
> > >
> > > > Even with $1/IPv4/month - what will be the ROI of a brand new home
> > > router?
> > >
> > > About 2.5 years at that price since a brand new home router is about
> $29.
> > >
> > > Owen
> >
> >

How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Rob McEwen 

RE: How to wish you hadn't rushed ipv6 adoption

Force the whole world to switch to IPv6 within the foreseeable future, 
abolish IPv4... all within several years or even within 50 years... and 
then watch spam filtering worldwide get knocked back to the stone ages 
while spammers and blackhat and grayhat ESPs laugh their way to the 
bank... that is, until e-mail becomes unworkable and is virtually abandoned.


I welcome IPv6 adoption in the near future in all but one area: the 
sending IPs of valid mail servers. Those need to stay IPv4 for as long 
as reasonably possible.


It turns out... the scarcity of IPv4 IPs in THIS area... is a feature, 
not a bug.


That scarcity makes it harder for spammers to acquire new IPs, and they 
therefore pay a price for the ones they burn through via their 
spam-sending. Likewise, scarcity of IPv4 IPs *forces* ESPs, hosters, and 
ISPs to try HARD to keep their IPs clean. THEY pay a price when a 
bad-apple customer soils up their IP space.


In contrast, with IPv6, order of magnitude MORE IPs are easily acquired, 
and order of magnitude more are in each allocation. It is truly a 
spammer's dream come true. This reminds me about a recent article Brian 
Krebs wrote about a famous hoster who slowly drove their business into 
the ground by allowing in the kind of spammers that look a little legit 
at first glance. (like the "CAN-SPAM" spammers who are doing nothing 
illegal, follow the law, but still send to purchase lists). But even 
this hoster's bank account was bursting at the seams with cash due to a 
booming business, their IP space's reputation was slowly turning in 
crap. Eventually, they started losing even their spammer customers. 
Then, their CEO made a decision to get serious about abuse and keeping 
spammers off of their network---and this turned into a success story 
where they now run a successful hosting business without the spammers. 
In an IPv6 world, I wonder if they would have ever even cared? There 
would always be new fresh IPv6 IPs to acquire! There would never have 
been the "motivation" to turn things around. There would always be new 
IPv6 IPs to move on to. (or at least enough available to "kick the can 
down the road" and not worry about any long term repercussions). It was 
ONLY when this CEO started seeing even the spammers start to leave him 
(along with some SpamHaus blacklistings)! that he realized that his IP 
reputation would eventually get so bad that he be virtually out of 
business. It was ONLY then that he decided to make changes. Would this 
have happened in an all-IPv6 world? I highly doubt it! He'd just keep 
moving on to fresh IPs!


The cumulative sum total of all those hosters and ESPs downward 
spiraling in an IPv6 world... could cause the spam problem to GREATLY 
accelerate.


Meanwhile, sender IP blacklists would become useless in an IPv6 world 
because the spammer now has enough IPs (in many scenarios) to EVEN SEND 
ONE SPAM PER IP, never to have to use that one IP again FOR YEARS, if 
ever. So a blacklisting is ineffective... and actually helps the spammer 
to listwash spamtrap addresses... since the ONE listing maps to a single 
recipient address. Now the sender's IP blacklist is even less effective 
and is helping the spammers more than it is blocking spam! And did I 
mention that the sender's IP list has bloated so large that it is hard 
to host in DNS and hard to distribute--and most of the listings are now 
useless anyways!


Yes, there are other types of spam filtering... including content 
filtering techniques. But in the real world, these only work because the 
heavy lifting is ALREADY done by the sender's IP blacklist. The vast 
majority of this worldwide "heavy lifting" is done by 
"zen.spamhaus.org". If many of the largest ISPs suddenly lost access to 
Zen, some such filters would be in huge trouble brought down to 
their knees. Now imagine that all the other sending-IP blacklists are 
gone too? In that spammer's dream scenario, the spammer has upgraded to 
a Lamborghini, while the spam filters have reverted back to the horse 
and buggy. Serious, that analogy isn't the slightest bit of an exaggeration.


Yes, you can STILL have your toaster and refrigerator and car send mail 
from an IPv6 address... they would just need to SMTP-Authenticate to a 
valid mail server... via an IPv6 connection... yet where that valid MTA 
would then send their mail to another MTA via IPv4. Since the number of 
IPv4 IPs needed for such valid mail servers is actually very, very small 
(relatively speaking), then it isn't a big problem for THOSE to get IPv4 
addresses, at a trivial cost. We might even see IPv4 open up a bit as 
OTHER services move to IPv6. IPv6 addresses NOT being able to send 
directly to the e-mail recipient's IPv4 mail servers might actually help 
cut down on botnet spam, which is an added plus! (whereas those IPv6's 
IPv4 predecessors sometimes could send that botnet spam directly to the 
recipient's mail server).

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Mark Andrews 

In message <20151001232613.gd123...@rootmail.cc.le.ac.uk>, Matthew Newton 
writes:
> On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> > it's just a new addressing protocol that happens to not work with the rest
> > of the internet.  it's unfortunate that we made that mistake, but i guess
> > we're stuck with that now (i wish i could say something about lessons
> > learned but i don't think any one of us has learned a lesson yet).
> 
> Would be really interesting to know how you would propose
> squeezing 128 bits of address data into a 32 bit field so that we
> could all continue to use IPv4 with more addresses than it's has
> available to save having to move to this new incompatible format.
> 
> :-)
> 
> Matthew

Additionally it is now a OLD addressing protocol.  We are about to
see young adults that have never lived in a world without IPv6.  It
may not have been universally available when they were born but it
was available.  There are definitely school leavers that have never
lived in a world where IPv6 did not exist.  My daughter will be one
of them next year when she finishes year 12.  IPv6 is 7 months older
than she is.

Some of us have been running IPv6 in production for over a decade
now and developing products that support IPv6 even longer.

We have had 17 years to build up a universal IPv6 network.  It
should have been done by now.

Mark

> -- 
> Matthew Newton, Ph.D. 
> 
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> 
> For IT help contact helpdesk extn. 2253, 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Ca By 
On Thursday, October 1, 2015, Todd Underwood  wrote:

> i'm still confused, to be honest.
>
> why are we 'encouraging' 'evangelizing' or 'forcing' ipv6 adoption.
>
> it's just a new addressing protocol that happens to not work with the rest
> of the internet.  it's unfortunate that we made that mistake, but i guess
> we're stuck with that now (i wish i could say something about lessons
> learned but i don't think any one of us has learned a lesson yet).
>
> so people will renumber their network assets into this new network
> namespace when either:
>
> 1) the new non-internet ipv6 network has enough good stuff only on it that
> it makes sense to go over there; or
>
> 2) the old ipv4 internet addresses get so expensive that ain't no one
> willing to pay.
>
> right now, neither of those things are true.  so people who are adopting
> ipv6 are doing so for two reason:
>
> A) blind, unmotivated religious reasons.  they "believe" in this new
> protocol and have somehow managed to tie their identity up in it.  (this is
> clearly a mistake for an engineer:  technology comes and goes.  don't ever
> tie your identity up in some technology or you'll end up advocating DECNET
> for the cloud at some point.  it won't be pretty).
>
> B) strategic reasons.  there are people who think that switching costs are
> going to be high and that there's an advantage to moving earlier to be
> ready for coming demand when #1 or #2 above happen.  unlike A, B is
> completely rational and smart.  it might be wrong, but it's not stupid at
> all.  put mike leber and HE in this B category.
>
> the only reason people are *advocating* ipv6 right now are that they've
> made a religious choice, which is weird and should be a personal, not
> public choice unless they are great commission ipv6 adherants [1], *or*
> they have a vested interest in getting your business.
>
>
I run a large 464xlat dominated mobile network.

IPv4 bits are materially more expensive to deliver.

And, as FB has shared, IPv6 is more performant for end users, and more
performant is more profitable



> the first reason is religion and is off-topic for nanog and the second
> reason is marketing (however well intentioned) and should also be off topic
> for nanog.
>
> so can we stop talking about ipv6 advocacy and move on to the network
> engineering topics, please?  if someone is running ipv6 for whatever reason
> and has questions, awesome.  if someone wants to talk about addressing
> schemes, awesome.  but trying to convince someone to run LAT^H^H^Hipv6 or
> whatever disconnected network protocol they're advocating today?  not
> useful.
>
> cheers,
>
> t
>
>
>
> On Thu, Oct 1, 2015 at 6:32 PM Mark Andrews >
> wrote:
>
> >
> > In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com
> >, Owen DeLong
> > writes:
> > >
> > > > On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
> > > wrote:
> > > >
> > > > On 2015-10-01 20:29, Owen DeLong wrote:
> > > >> However, I think eventually the residential ISPs are going to start
> > > charging extra
> > > >> for IPv4 service.
> > > >
> > > > ISP's will not charge too much. With too expensive IPv4 many
> customers
> > > will migrate from v4/dual stack to v6-only and ISP's will be left with
> > > unused IPv4 addresses and less income.
> > >
> > > Nope… They’ll be left with unused IPv4 addresses which is not a
> > > significant source of income and they’ll be able to significantly
> reduce
> > > the costs incurred
> > > in supporting things like CGNAT.
> > >
> > > > Will ISP's still find other profitable usage for v4 addresses? If
> not,
> > > they will be probably be quite slowly rising IPv4 pricing, not wanting
> to
> > > overprice it.
> > >
> > > Probably they will sell it to business customers instead of the
> > > residential customers. However, we’re talking about relatively large
> > > numbers of customers
> > > for relatively small numbers of IPv4 addresses that aren’t producing
> > > revenue directly at this time anyway.
> > >
> > > > Even with $1/IPv4/month - what will be the ROI of a brand new home
> > > router?
> > >
> > > About 2.5 years at that price since a brand new home router is about
> $29.
> > >
> > > Owen
> >
> > The hard part is the internet connected TV's and other stuff which
> > fetches content over the internet which are IPv4 only despite being
> > released when IPv6 existed.  These are theoretically upgradable to
> > support IPv6 so long as the manufactures release a IPv6 capable
> > image.  The real question is will governments force them to do this.
> >
> > Upgrading the router is a no brainer.  Upgrading the TV, games
> > consoles, e-readers, etc. starts to add up.
> >
> > Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> 
> >
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Matthew Kaufman 

On 10/1/2015 5:16 PM, Ca By wrote:


I run a large 464xlat dominated mobile network.

IPv4 bits are materially more expensive to deliver.


Isn't that simply a consequence of your engineering decision to use 
464xlat instead of native dual-stack, as was originally envisioned for 
the transition?




And, as FB has shared, IPv6 is more performant for end users, and more
performant is more profitable



Isn't that also at least partially a consequence of your engineering 
decision to use 464xlat?


Matthew Kaufman

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Owen DeLong 
I’m not at all tied up in a particular protocol.

Still, Todd, ignoring the other parts, the least you can do is answer this 
simple question:

How would you implement a 128-bit address that is backwards compatible with 
existing
IPv4 hosts requiring no software modification on those hosts? Details matter 
here.
Handwaving about ASN32 doesn’t cut it.


If you can’t answer that, there’s really nothing to your argument.

Owen

> On Oct 1, 2015, at 17:56 , Todd Underwood  wrote:
> 
> this is an interesting example of someone who has ill advisedly tied up his 
> identity in a network protocol.  this is a mistake i encourage you all not to 
> make.  network protocols come and go but you only get one shot at life, so be 
> your own person.
> 
> this is ad-hominem, owen and i won't engage.  feel free to be principled and 
> have technical discussion but insults and attacks really have no place.  so 
> please just stop and relax.
> 
> thanks,
> 
> t
> 
> 
> 
> On Thu, Oct 1, 2015 at 8:53 PM, Owen DeLong  > wrote:
> OK… Let’s look at the ASN32 process.
> 
> Use ASN 23456 (16-bit) in the AS-Path in place of each ASN32 entry in the 
> path.
> Preserve the ASN32 path in a separate area of the BGP attributes.
> 
> So, where in the IPv4 packet do you suggest we place these extra 128 bits of 
> address?
> 
> Further, what mechanism do you propose for forwarding to the 128 bit 
> destination by
> looking at the value in the 32 bit field?
> 
> The closest I can come to a viable implementation of what you propose would be
> to encapsulate IPv6 packets between IPv6 compatible hosts in an IPv4 datagram
> which is pretty much what 6in4 would be.
> 
> If you want the end host on the other side to be able to send a reply packet, 
> then
> it pretty much has to be able to somehow handle that 128 bit reply address
> to set up the destination for the reply packet, no? (No such requirements for 
> ASN32).
> 
> Seriously, Todd, this is trolling pure and simple.
> 
> Unless you have an actual complete mechanism for solving the problem, you’re 
> just
> doing what you do best… Trolling.
> 
> Admittedly, most of your trolling has enough comedic value that we laugh and 
> get
> past it, but nonetheless, let’s see if you have a genuine solution to offer 
> or if this
> is just bluster.
> 
> Owen
> 
> > On Oct 1, 2015, at 16:52 , Todd Underwood  > > wrote:
> >
> > I can't tell if this question is serious. It's either making fun of the
> > embarrassingly inadequate job we have done on this transition out it's
> > naive and ignorant in a genius way.
> >
> > Read the asn32 migration docs for one that migrations like this can be
> > properly done.
> >
> > This was harder but not impossible. We just chose badly for decades and now
> > we have NAT *and* a dumb migration.
> >
> > Oh well.
> >
> > T
> > On Oct 1, 2015 19:26, "Matthew Newton"  > > wrote:
> >
> >> On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> >>> it's just a new addressing protocol that happens to not work with the
> >> rest
> >>> of the internet.  it's unfortunate that we made that mistake, but i guess
> >>> we're stuck with that now (i wish i could say something about lessons
> >>> learned but i don't think any one of us has learned a lesson yet).
> >>
> >> Would be really interesting to know how you would propose
> >> squeezing 128 bits of address data into a 32 bit field so that we
> >> could all continue to use IPv4 with more addresses than it's has
> >> available to save having to move to this new incompatible format.
> >>
> >> :-)
> >>
> >> Matthew
> >>
> >>
> >> --
> >> Matthew Newton, Ph.D. >
> >>
> >> Systems Specialist, Infrastructure Services,
> >> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> >>
> >> For IT help contact helpdesk extn. 2253,  >> >
> >>
> 
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Dovid Bender 
Nothing to do with religion at all. I advocate IPv6 all the time as some one 
who deals a lot with SIP. The issues are endless when dealing with NAT. NAT is 
an ugly hack and should die already. It will take a few years for router 
manufactures to get it right but them they do it will be better for all.

Regards,

Dovid

-Original Message-
From: Todd Underwood 
Sender: "NANOG" Date: Thu, 01 Oct 2015 22:42:57 
To: Mark Andrews; Owen DeLong
Cc: 
Subject: Re: How to force rapid ipv6 adoption

i'm still confused, to be honest.

why are we 'encouraging' 'evangelizing' or 'forcing' ipv6 adoption.

it's just a new addressing protocol that happens to not work with the rest
of the internet.  it's unfortunate that we made that mistake, but i guess
we're stuck with that now (i wish i could say something about lessons
learned but i don't think any one of us has learned a lesson yet).

so people will renumber their network assets into this new network
namespace when either:

1) the new non-internet ipv6 network has enough good stuff only on it that
it makes sense to go over there; or

2) the old ipv4 internet addresses get so expensive that ain't no one
willing to pay.

right now, neither of those things are true.  so people who are adopting
ipv6 are doing so for two reason:

A) blind, unmotivated religious reasons.  they "believe" in this new
protocol and have somehow managed to tie their identity up in it.  (this is
clearly a mistake for an engineer:  technology comes and goes.  don't ever
tie your identity up in some technology or you'll end up advocating DECNET
for the cloud at some point.  it won't be pretty).

B) strategic reasons.  there are people who think that switching costs are
going to be high and that there's an advantage to moving earlier to be
ready for coming demand when #1 or #2 above happen.  unlike A, B is
completely rational and smart.  it might be wrong, but it's not stupid at
all.  put mike leber and HE in this B category.

the only reason people are *advocating* ipv6 right now are that they've
made a religious choice, which is weird and should be a personal, not
public choice unless they are great commission ipv6 adherants [1], *or*
they have a vested interest in getting your business.

the first reason is religion and is off-topic for nanog and the second
reason is marketing (however well intentioned) and should also be off topic
for nanog.

so can we stop talking about ipv6 advocacy and move on to the network
engineering topics, please?  if someone is running ipv6 for whatever reason
and has questions, awesome.  if someone wants to talk about addressing
schemes, awesome.  but trying to convince someone to run LAT^H^H^Hipv6 or
whatever disconnected network protocol they're advocating today?  not
useful.

cheers,

t



On Thu, Oct 1, 2015 at 6:32 PM Mark Andrews  wrote:

>
> In message <4f2e19ba-d92a-4bec-86e2-33b405c30...@delong.com>, Owen DeLong
> writes:
> >
> > > On Oct 1, 2015, at 13:55 , Grzegorz Janoszka 
> > wrote:
> > >
> > > On 2015-10-01 20:29, Owen DeLong wrote:
> > >> However, I think eventually the residential ISPs are going to start
> > charging extra
> > >> for IPv4 service.
> > >
> > > ISP's will not charge too much. With too expensive IPv4 many customers
> > will migrate from v4/dual stack to v6-only and ISP's will be left with
> > unused IPv4 addresses and less income.
> >
> > Nope… They’ll be left with unused IPv4 addresses which is not a
> > significant source of income and they’ll be able to significantly reduce
> > the costs incurred
> > in supporting things like CGNAT.
> >
> > > Will ISP's still find other profitable usage for v4 addresses? If not,
> > they will be probably be quite slowly rising IPv4 pricing, not wanting to
> > overprice it.
> >
> > Probably they will sell it to business customers instead of the
> > residential customers. However, we’re talking about relatively large
> > numbers of customers
> > for relatively small numbers of IPv4 addresses that aren’t producing
> > revenue directly at this time anyway.
> >
> > > Even with $1/IPv4/month - what will be the ROI of a brand new home
> > router?
> >
> > About 2.5 years at that price since a brand new home router is about $29.
> >
> > Owen
>
> The hard part is the internet connected TV's and other stuff which
> fetches content over the internet which are IPv4 only despite being
> released when IPv6 existed.  These are theoretically upgradable to
> support IPv6 so long as the manufactures release a IPv6 capable
> image.  The real question is will governments force them to do this.
>
> Upgrading the router is a no brainer.  Upgrading the TV, games
> consoles, e-readers, etc. starts to add up.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Damian Menscher via NANOG 
On Thu, Oct 1, 2015 at 4:26 PM, Matthew Newton  wrote:

> On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> > it's just a new addressing protocol that happens to not work with the
> rest
> > of the internet.  it's unfortunate that we made that mistake, but i guess
> > we're stuck with that now (i wish i could say something about lessons
> > learned but i don't think any one of us has learned a lesson yet).
>
> Would be really interesting to know how you would propose
> squeezing 128 bits of address data into a 32 bit field so that we
> could all continue to use IPv4 with more addresses than it's has
> available to save having to move to this new incompatible format.


I solved that problem a few years ago (well, kinda -- only for backend
logging, not for routing):
http://docs.guava-libraries.googlecode.com/git/javadoc/com/google/common/net/InetAddresses.html#getCoercedIPv4Address(java.net.InetAddress)

Damian

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Ca By 
On Thursday, October 1, 2015, Matthew Kaufman  wrote:

> On 10/1/2015 5:16 PM, Ca By wrote:
>
>>
>> I run a large 464xlat dominated mobile network.
>>
>> IPv4 bits are materially more expensive to deliver.
>>
>
> Isn't that simply a consequence of your engineering decision to use
> 464xlat instead of native dual-stack, as was originally envisioned for the
> transition?
>
>
Steady state would be nat44, which also is materially more expensive to
deliver than IPv6

>
>> And, as FB has shared, IPv6 is more performant for end users, and more
>> performant is more profitable
>>
>>
> Isn't that also at least partially a consequence of your engineering
> decision to use 464xlat?
>
>
Perhaps. But it is Verizon's dual-stack in the quote, not me

http://www.lightreading.com/ethernet-ip/ip-protocols-software/facebook-ipv6-is-a-real-world-big-deal/a/d-id/718395




> Matthew Kaufman
>
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Curtis Maurand 
If Time Warner (my ISP) put up IPv6  tomorrow, my firewall would no longer 
work.  I could put up a pfsnse or vyatta  box pretty quickly, but my off the 
shelf Cisco/Linksys  home router has no ipv6 support hence the need to replace 
the hardware.  There's no firmware update for it supporting ipv6 either.  There 
would be millions of people in the same boat.

Cheers, 
Curtis

On October 1, 2015 5:44:46 PM ADT, Owen DeLong  wrote:
>
>> On Oct 1, 2015, at 12:06 , Curtis Maurand 
>wrote:
>> 
>> 
>> 
>> On 10/1/2015 2:29 PM, Owen DeLong wrote:
 On Oct 1, 2015, at 00:39 , Baldur Norddahl
> wrote:
 
 On 1 October 2015 at 03:26, Mark Andrews  wrote:
 
> Windows XP does IPv6 fine so long as there is a IPv4 recursive
> server available.  It's just a simple command to install IPv6.
> 
>netsh interface ipv6 install
> 
 If the customer knew how to do that he wouldn't still be using
>Windows XP.
 
 
> Actually I don't expect Gmail and Facebook to be IPv4 only
>forever.
> 
 Gmail and Facebook are already dual stack enabled. But I do not see
 Facebook turning off IPv4 for a very long time. Therefore a
>customer that
 only uses the Internet for a few basic things will be able to get
>along
 with being IPv4-only for a very long time.
 
>>> Yes and no…
>>> 
>>> I think you are right about facebook.
>>> 
>>> However, I think eventually the residential ISPs are going to start
>charging extra
>>> for IPv4 service. Some residences may pay for it initially, but if
>they think there’s a
>>> way to move away from it and the ISPs start fingerpointing to the
>specific laggards,
>>> you’ll see a groundswell of consumers pushing to find alternatives.
>>> 
>>> Owen
>>> 
>> ipv6 is going to force a lot of consumers to replace hardware. Worse,
>it's not easy to set up and get right as ipv4 is.
>> 
>> --Curtis
>
>You’re going to have to elaborate on that one…. I think IPv6 is
>actually quite a bit easier than IPv4, so please explicate
>in what ways it is harder to set up and get right?
>
>For the average household, it’s plug the IPv6-capable router in and let
>it go.
>
>For more advanced environments, it might take nearly as much effort as
>IPv4 and the unfamiliarity might add a couple
>of additional challenges the first time, but once you get past that,
>IPv6 has a lot of features that actually make it
>easier than IPv4.
>
>Not having to deal with NAT being just one of the big ones.
>
>Owen

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Todd Underwood 
one interesting thing to note...

On Thu, Oct 1, 2015 at 8:01 PM Mark Andrews  wrote:

>
> Some of us have been running IPv6 in production for over a decade
> now and developing products that support IPv6 even longer.
>
> We have had 17 years to build up a universal IPv6 network.  It
> should have been done by now.
>

yes.  huh.  funny about that, right?  what do you think accounts for that?
 *why* do you think that *17* *years* later people are still just barely
using this thing.

i have a theory.  i may have already mentioned that "dual stack and ipv4
will wither away by itself" turns out to have been a dumb idea that didn't
happen. and there was no migration path other than that, really.

so v6 and v4 don't interoperate as designed and that was an afterthought
that didn't really happen until recently (and in a way that's still
arguably more complex than NAT).  and here we are.

so here's my view:  if you have some technical solution for a networking
problem that no one wants for 17 years, you should really probably think
about that.  you might not even have to wait 17 years to figure out that
something might be wrong.

most good stuff is adopted without "evangelism".

t



> Mark
>
> > --
> > Matthew Newton, Ph.D. 
> >
> > Systems Specialist, Infrastructure Services,
> > I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> >
> > For IT help contact helpdesk extn. 2253, 
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Mark Andrews 

In message 
, Todd 
Underwood writes:
> I can't tell if this question is serious. It's either making fun of the
> embarrassingly inadequate job we have done on this transition out it's
> naive and ignorant in a genius way.
> 
> Read the asn32 migration docs for one that migrations like this can be
> properly done.
> 
> This was harder but not impossible. We just chose badly for decades and now
> we have NAT *and* a dumb migration.
> 
> Oh well.
> 
> T

That sounds like only using 6to4 addresses until the entire internet
supports IPv6.  Unfortunately there were NEVER enough IPv4 addresses
to actually do that.  We were effectively out of IPv4 addresses
before we started.

Add to that no one wanted to run 6to4 relays.  For the asn32 strategy
to work every IPv6 capable router needed to be a 6to4 relay and to
perform encapsulation / decapsulation depending upon whether the
next hop supported IPv6 or not.

Mark

> On Oct 1, 2015 19:26, "Matthew Newton"  wrote:
> 
> > On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> > > it's just a new addressing protocol that happens to not work with the
> > rest
> > > of the internet.  it's unfortunate that we made that mistake, but i guess
> > > we're stuck with that now (i wish i could say something about lessons
> > > learned but i don't think any one of us has learned a lesson yet).
> >
> > Would be really interesting to know how you would propose
> > squeezing 128 bits of address data into a 32 bit field so that we
> > could all continue to use IPv4 with more addresses than it's has
> > available to save having to move to this new incompatible format.
> >
> > :-)
> >
> > Matthew
> >
> >
> > --
> > Matthew Newton, Ph.D. 
> >
> > Systems Specialist, Infrastructure Services,
> > I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> >
> > For IT help contact helpdesk extn. 2253, 
> >
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Mark Andrews 

In message 
, Todd Underwood writes:
> 
> one interesting thing to note...
> 
> On Thu, Oct 1, 2015 at 8:01 PM Mark Andrews  wrote:
> 
> >
> > Some of us have been running IPv6 in production for over a decade
> > now and developing products that support IPv6 even longer.
> >
> > We have had 17 years to build up a universal IPv6 network.  It
> > should have been done by now.
> >
> 
> yes.  huh.  funny about that, right?  what do you think accounts for that?
>  *why* do you think that *17* *years* later people are still just barely
> using this thing.
> 
> i have a theory.  i may have already mentioned that "dual stack and ipv4
> will wither away by itself" turns out to have been a dumb idea that didn't
> happen. and there was no migration path other than that, really.
> 
> so v6 and v4 don't interoperate as designed and that was an afterthought
> that didn't really happen until recently (and in a way that's still
> arguably more complex than NAT).  and here we are.
> 
> so here's my view:  if you have some technical solution for a networking
> problem that no one wants for 17 years, you should really probably think
> about that.  you might not even have to wait 17 years to figure out that
> something might be wrong.
> 
> most good stuff is adopted without "evangelism".

Actually most good stuff requires evangelism.  Lots of good stuff
has disappeared into history because there wasn't the right amount
of evangelism.  Not all good stuff is showy.  Some of it every
requires governments to enact laws to make companies do the right
thing. Very little stuff gets anywhere without evangelism.

> t
> 
> 
> 
> > Mark
> >
> > > --
> > > Matthew Newton, Ph.D. 
> > >
> > > Systems Specialist, Infrastructure Services,
> > > I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> > >
> > > For IT help contact helpdesk extn. 2253, 
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> >
> 
> --001a113f3ca014ae99052114159c
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
> one interesting thing to note... "gmail_quote">On Thu, Oct 1, 2015 at 8:01 PM Mark Andrews =
> mailto:ma...@isc.org;>ma...@isc.org wrote:=
>  x #ccc solid;padding-left:1ex">Some of us have been running IPv6 in pro=
> duction for over a decade
> now and developing products that support IPv6 even longer.
> 
> We have had 17 years to build up a universal IPv6 network.=C2=A0 It
> should have been done by now.yes. =C2=
> =A0huh. =C2=A0funny about that, right? =C2=A0what do you think accounts for=
>  that? =C2=A0*why* do you think that *17* *years* later people are still ju=
> st barely using this thing.i have a theory. =C2=
> =A0i may have already mentioned that dual stack and ipv4 will wither =
> away by itself turns out to have been a dumb idea that didnt hap=
> pen. and there was no migration path other than that,

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Todd Underwood 
this is an interesting example of someone who has ill advisedly tied up his
identity in a network protocol.  this is a mistake i encourage you all not
to make.  network protocols come and go but you only get one shot at life,
so be your own person.

this is ad-hominem, owen and i won't engage.  feel free to be principled
and have technical discussion but insults and attacks really have no place.
 so please just stop and relax.

thanks,

t



On Thu, Oct 1, 2015 at 8:53 PM, Owen DeLong  wrote:

> OK… Let’s look at the ASN32 process.
>
> Use ASN 23456 (16-bit) in the AS-Path in place of each ASN32 entry in the
> path.
> Preserve the ASN32 path in a separate area of the BGP attributes.
>
> So, where in the IPv4 packet do you suggest we place these extra 128 bits
> of address?
>
> Further, what mechanism do you propose for forwarding to the 128 bit
> destination by
> looking at the value in the 32 bit field?
>
> The closest I can come to a viable implementation of what you propose
> would be
> to encapsulate IPv6 packets between IPv6 compatible hosts in an IPv4
> datagram
> which is pretty much what 6in4 would be.
>
> If you want the end host on the other side to be able to send a reply
> packet, then
> it pretty much has to be able to somehow handle that 128 bit reply address
> to set up the destination for the reply packet, no? (No such requirements
> for ASN32).
>
> Seriously, Todd, this is trolling pure and simple.
>
> Unless you have an actual complete mechanism for solving the problem,
> you’re just
> doing what you do best… Trolling.
>
> Admittedly, most of your trolling has enough comedic value that we laugh
> and get
> past it, but nonetheless, let’s see if you have a genuine solution to
> offer or if this
> is just bluster.
>
> Owen
>
> > On Oct 1, 2015, at 16:52 , Todd Underwood  wrote:
> >
> > I can't tell if this question is serious. It's either making fun of the
> > embarrassingly inadequate job we have done on this transition out it's
> > naive and ignorant in a genius way.
> >
> > Read the asn32 migration docs for one that migrations like this can be
> > properly done.
> >
> > This was harder but not impossible. We just chose badly for decades and
> now
> > we have NAT *and* a dumb migration.
> >
> > Oh well.
> >
> > T
> > On Oct 1, 2015 19:26, "Matthew Newton"  wrote:
> >
> >> On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> >>> it's just a new addressing protocol that happens to not work with the
> >> rest
> >>> of the internet.  it's unfortunate that we made that mistake, but i
> guess
> >>> we're stuck with that now (i wish i could say something about lessons
> >>> learned but i don't think any one of us has learned a lesson yet).
> >>
> >> Would be really interesting to know how you would propose
> >> squeezing 128 bits of address data into a 32 bit field so that we
> >> could all continue to use IPv4 with more addresses than it's has
> >> available to save having to move to this new incompatible format.
> >>
> >> :-)
> >>
> >> Matthew
> >>
> >>
> >> --
> >> Matthew Newton, Ph.D. 
> >>
> >> Systems Specialist, Infrastructure Services,
> >> I.T. Services, University of Leicester, Leicester LE1 7RH, United
> Kingdom
> >>
> >> For IT help contact helpdesk extn. 2253, 
> >>
>
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Todd Underwood 
Either there are multiple translation systems that exist that were invented
late or there are not. Either Owen has never heard of any of them or he is
trolling.

In any case I'm giving up on that conversation. And this whole one. It goes
nowhere.

And this is why v6 is where it is: true believers. Instead of a simple,
practical matter of engineering a transition we got 15 years of advocacy.

It makes the sleazy v4 transfer market look appealing. :)

T
On Oct 1, 2015 8:59 PM, "Owen DeLong"  wrote:

> I’m not at all tied up in a particular protocol.
>
> Still, Todd, ignoring the other parts, the least you can do is answer this
> simple question:
>
> How would you implement a 128-bit address that is backwards compatible
> with existing
> IPv4 hosts requiring no software modification on those hosts? Details
> matter here.
> Handwaving about ASN32 doesn’t cut it.
>
>
> If you can’t answer that, there’s really nothing to your argument.
>
> Owen
>
> On Oct 1, 2015, at 17:56 , Todd Underwood  wrote:
>
> this is an interesting example of someone who has ill advisedly tied up
> his identity in a network protocol.  this is a mistake i encourage you all
> not to make.  network protocols come and go but you only get one shot at
> life, so be your own person.
>
> this is ad-hominem, owen and i won't engage.  feel free to be principled
> and have technical discussion but insults and attacks really have no place.
>  so please just stop and relax.
>
> thanks,
>
> t
>
>
>
> On Thu, Oct 1, 2015 at 8:53 PM, Owen DeLong  wrote:
>
>> OK… Let’s look at the ASN32 process.
>>
>> Use ASN 23456 (16-bit) in the AS-Path in place of each ASN32 entry in the
>> path.
>> Preserve the ASN32 path in a separate area of the BGP attributes.
>>
>> So, where in the IPv4 packet do you suggest we place these extra 128 bits
>> of address?
>>
>> Further, what mechanism do you propose for forwarding to the 128 bit
>> destination by
>> looking at the value in the 32 bit field?
>>
>> The closest I can come to a viable implementation of what you propose
>> would be
>> to encapsulate IPv6 packets between IPv6 compatible hosts in an IPv4
>> datagram
>> which is pretty much what 6in4 would be.
>>
>> If you want the end host on the other side to be able to send a reply
>> packet, then
>> it pretty much has to be able to somehow handle that 128 bit reply address
>> to set up the destination for the reply packet, no? (No such requirements
>> for ASN32).
>>
>> Seriously, Todd, this is trolling pure and simple.
>>
>> Unless you have an actual complete mechanism for solving the problem,
>> you’re just
>> doing what you do best… Trolling.
>>
>> Admittedly, most of your trolling has enough comedic value that we laugh
>> and get
>> past it, but nonetheless, let’s see if you have a genuine solution to
>> offer or if this
>> is just bluster.
>>
>> Owen
>>
>> > On Oct 1, 2015, at 16:52 , Todd Underwood  wrote:
>> >
>> > I can't tell if this question is serious. It's either making fun of the
>> > embarrassingly inadequate job we have done on this transition out it's
>> > naive and ignorant in a genius way.
>> >
>> > Read the asn32 migration docs for one that migrations like this can be
>> > properly done.
>> >
>> > This was harder but not impossible. We just chose badly for decades and
>> now
>> > we have NAT *and* a dumb migration.
>> >
>> > Oh well.
>> >
>> > T
>> > On Oct 1, 2015 19:26, "Matthew Newton"  wrote:
>> >
>> >> On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
>> >>> it's just a new addressing protocol that happens to not work with the
>> >> rest
>> >>> of the internet.  it's unfortunate that we made that mistake, but i
>> guess
>> >>> we're stuck with that now (i wish i could say something about lessons
>> >>> learned but i don't think any one of us has learned a lesson yet).
>> >>
>> >> Would be really interesting to know how you would propose
>> >> squeezing 128 bits of address data into a 32 bit field so that we
>> >> could all continue to use IPv4 with more addresses than it's has
>> >> available to save having to move to this new incompatible format.
>> >>
>> >> :-)
>> >>
>> >> Matthew
>> >>
>> >>
>> >> --
>> >> Matthew Newton, Ph.D. 
>> >>
>> >> Systems Specialist, Infrastructure Services,
>> >> I.T. Services, University of Leicester, Leicester LE1 7RH, United
>> Kingdom
>> >>
>> >> For IT help contact helpdesk extn. 2253, 
>> >>
>>
>>
>
>

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Mark Andrews 

In message <2bb18527-2f9c-4fee-95dd-3f89919a8...@xyonet.com>, Curtis Maurand wr
ites:
> If Time Warner (my ISP) put up IPv6  tomorrow, my firewall would no longer wo
> rk.  I could put up a pfsnse or vyatta  box pretty quickly, but my off the sh
> elf Cisco/Linksys  home router has no ipv6 support hence the need to replace 
> the hardware.  There's no firmware update for it supporting ipv6 either.  The
> re would be millions of people in the same boat.

Total garbage that *everyone* here should recognise as total garbage.
If Time Warner turned on IPv6 your firewall would just continue to
work as it always has.  TURNING ON IPv6 DOES NOT TURN OFF IPV4.

As for millions of people needing to upgrade their CPE equipement
you really should be asking yourself if you should be rewarding
those vendors for selling you IPv4 only equipement in the first
place.  If Microsoft, along with lots of other vendors could deliver
IPv6 capable equipment in 2001, your and every other CPE vendor
could have done so.  Instead they sold you out of date garbage that
you happily accepted.

Mark

> Cheers, 
> Curtis
> 
> On October 1, 2015 5:44:46 PM ADT, Owen DeLong  wrote:
> >
> >> On Oct 1, 2015, at 12:06 , Curtis Maurand 
> >wrote:
> >> 
> >> 
> >> 
> >> On 10/1/2015 2:29 PM, Owen DeLong wrote:
>  On Oct 1, 2015, at 00:39 , Baldur Norddahl
> > wrote:
>  
>  On 1 October 2015 at 03:26, Mark Andrews  wrote:
>  
> > Windows XP does IPv6 fine so long as there is a IPv4 recursive
> > server available.  It's just a simple command to install IPv6.
> > 
> >netsh interface ipv6 install
> > 
>  If the customer knew how to do that he wouldn't still be using
> >Windows XP.
>  
>  
> > Actually I don't expect Gmail and Facebook to be IPv4 only
> >forever.
> > 
>  Gmail and Facebook are already dual stack enabled. But I do not see
>  Facebook turning off IPv4 for a very long time. Therefore a
> >customer that
>  only uses the Internet for a few basic things will be able to get
> >along
>  with being IPv4-only for a very long time.
>  
> >>> Yes and no…
> >>> 
> >>> I think you are right about facebook.
> >>> 
> >>> However, I think eventually the residential ISPs are going to start
> >charging extra
> >>> for IPv4 service. Some residences may pay for it initially, but if
> >they think there’s a
> >>> way to move away from it and the ISPs start fingerpointing to the
> >specific laggards,
> >>> you’ll see a groundswell of consumers pushing to find alternatives.
> >>> 
> >>> Owen
> >>> 
> >> ipv6 is going to force a lot of consumers to replace hardware. Worse,
> >it's not easy to set up and get right as ipv4 is.
> >> 
> >> --Curtis
> >
> >You’re going to have to elaborate on that one…. I think IPv6 is
> >actually quite a bit easier than IPv4, so please explicate
> >in what ways it is harder to set up and get right?
> >
> >For the average household, it’s plug the IPv6-capable router in and let
> >it go.
> >
> >For more advanced environments, it might take nearly as much effort as
> >IPv4 and the unfamiliarity might add a couple
> >of additional challenges the first time, but once you get past that,
> >IPv6 has a lot of features that actually make it
> >easier than IPv4.
> >
> >Not having to deal with NAT being just one of the big ones.
> >
> >Owen
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Rob McEwen 

On 10/1/2015 11:18 PM, corta...@gmail.com wrote:
Excuse my probable ignorance of such matters, but would it not then be 
preferred to create a whitelist of proven Email servers/ip's , and 
just drop the rest?  Granted, one would have to create a process to 
vet anyone creating a new email server, but would that not be easier 
then trying to create and maintain new blacklists?




I have heard that mentioned before. Unfortunately, this wouldn't work:

(1) we already have extensive IPv4 whitelists, many of which are used by 
prominent anti-spam blacklists (and ISPs) to prevent false positives. 
However, if tomorrow, ALL IPv4 blacklists disappears, and all mail 
servers only allowed in the traffic coming from the IPs listed on the 
better IPv4 whitelists, then a massive percentage of VERY legit mail 
would STILL be blocked. Therefore, if IPv4 whitelists can't keep up in 
the IPv4 work, how are they going to do so in the IPv6 world?


(2) Then there is the chicken-N-egg problem. How do you get your mail 
delivered if you are a new sender, but aren't on that list yet. How do 
you prove your sending practices are valid if you can't get your first 
e-mail delivered?


(3) Any solution to that "chicken-N-egg problem"... which tries to 
provide some kind of verification of legit senders... is a hoop that the 
spammers could jump through just as easily... and they will! (some of 
them doing so convince that they are doing nothing wrong because they 
were told that the list they bought isn't spam because the recipient 
forgot to uncheck a button that said, "receive offers from third parties"!)


(4) and this idea oversimplifies the complexity of the spam problem. For 
example, many of the better blacklists know just when it is appropriate 
to blacklist that legit sender who sends 100 legit messages a day, but 
had a compromised system that triggered 50 thousand spam to be sent out 
that day... and the better blacklists are good about delisting that 
sender soon after the problem is fixed. But in a whitelist-only world, 
you're stuck receiving all that spam!


--
Rob McEwen
+1 478-475-9032

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Mark Andrews 

In message <560df4ba.5000...@invaluement.com>, Rob McEwen writes:
> RE: How to wish you hadn't rushed ipv6 adoption
> 
> Force the whole world to switch to IPv6 within the foreseeable future, 
> abolish IPv4... all within several years or even within 50 years... and 
> then watch spam filtering worldwide get knocked back to the stone ages 
> while spammers and blackhat and grayhat ESPs laugh their way to the 
> bank... that is, until e-mail becomes unworkable and is virtually abandoned.
> 
> I welcome IPv6 adoption in the near future in all but one area: the 
> sending IPs of valid mail servers. Those need to stay IPv4 for as long 
> as reasonably possible.
> 
> It turns out... the scarcity of IPv4 IPs in THIS area... is a feature, 
> not a bug.
> 
> That scarcity makes it harder for spammers to acquire new IPs, and they 
> therefore pay a price for the ones they burn through via their 
> spam-sending. Likewise, scarcity of IPv4 IPs *forces* ESPs, hosters, and 
> ISPs to try HARD to keep their IPs clean. THEY pay a price when a 
> bad-apple customer soils up their IP space.
> 
> In contrast, with IPv6, order of magnitude MORE IPs are easily acquired, 
> and order of magnitude more are in each allocation. It is truly a 
> spammer's dream come true. This reminds me about a recent article Brian 
> Krebs wrote about a famous hoster who slowly drove their business into 
> the ground by allowing in the kind of spammers that look a little legit 
> at first glance. (like the "CAN-SPAM" spammers who are doing nothing 
> illegal, follow the law, but still send to purchase lists). But even 
> this hoster's bank account was bursting at the seams with cash due to a 
> booming business, their IP space's reputation was slowly turning in 
> crap. Eventually, they started losing even their spammer customers. 
> Then, their CEO made a decision to get serious about abuse and keeping 
> spammers off of their network---and this turned into a success story 
> where they now run a successful hosting business without the spammers. 
> In an IPv6 world, I wonder if they would have ever even cared? There 
> would always be new fresh IPv6 IPs to acquire! There would never have 
> been the "motivation" to turn things around. There would always be new 
> IPv6 IPs to move on to. (or at least enough available to "kick the can 
> down the road" and not worry about any long term repercussions). It was 
> ONLY when this CEO started seeing even the spammers start to leave him 
> (along with some SpamHaus blacklistings)! that he realized that his IP 
> reputation would eventually get so bad that he be virtually out of 
> business. It was ONLY then that he decided to make changes. Would this 
> have happened in an all-IPv6 world? I highly doubt it! He'd just keep 
> moving on to fresh IPs!
> 
> The cumulative sum total of all those hosters and ESPs downward 
> spiraling in an IPv6 world... could cause the spam problem to GREATLY 
> accelerate.
> 
> Meanwhile, sender IP blacklists would become useless in an IPv6 world 
> because the spammer now has enough IPs (in many scenarios) to EVEN SEND 
> ONE SPAM PER IP, never to have to use that one IP again FOR YEARS, if 
> ever. So a blacklisting is ineffective... and actually helps the spammer 
> to listwash spamtrap addresses... since the ONE listing maps to a single 
> recipient address. Now the sender's IP blacklist is even less effective 
> and is helping the spammers more than it is blocking spam! And did I 
> mention that the sender's IP list has bloated so large that it is hard 
> to host in DNS and hard to distribute--and most of the listings are now 
> useless anyways!
> 
> Yes, there are other types of spam filtering... including content 
> filtering techniques. But in the real world, these only work because the 
> heavy lifting is ALREADY done by the sender's IP blacklist. The vast 
> majority of this worldwide "heavy lifting" is done by 
> "zen.spamhaus.org". If many of the largest ISPs suddenly lost access to 
> Zen, some such filters would be in huge trouble brought down to 
> their knees. Now imagine that all the other sending-IP blacklists are 
> gone too? In that spammer's dream scenario, the spammer has upgraded to 
> a Lamborghini, while the spam filters have reverted back to the horse 
> and buggy. Serious, that analogy isn't the slightest bit of an exaggeration.
> 
> Yes, you can STILL have your toaster and refrigerator and car send mail 
> from an IPv6 address... they would just need to SMTP-Authenticate to a 
> valid mail server... via an IPv6 connection... yet where that valid MTA 
> would then send their mail to another MTA via IPv4. Since the number of 
> IPv4 IPs needed for such valid mail servers is actually very, very small 
> (relatively speaking), then it isn't a big problem for THOSE to get IPv4 
> addresses, at a trivial cost. We might even see IPv4 open up a bit as 
> OTHER services move to IPv6. IPv6 addresses NOT being able to send 
> directly to the e-mail

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Rob McEwen 

On 10/1/2015 11:44 PM, Mark Andrews wrote:

IPv6 really isn't much different to IPv4.  You use sites /48's
rather than addresses /32's (which are effectively sites).  ISP's
still need to justify their address space allocations to RIR's so
their isn't infinite numbers of sites that a spammer can get.


A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not 
the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit 
hoster assigns various /64s to DIFFERENT customers of theirs... that is 
a lot of collateral damage that would be caused by listing at the /48 
level, should just one customer be a bad-apple spammer, or just one 
legit customer have a compromised system one day.


Conversely, if a more blackhat ESP did this, but it was unclear that 
this was a blackhat sender until much later.. then LOTS of spam would 
get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT, 
with the spammy ESP still having LOTS of /64s to spare.. remember, they 
started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure, 
it would eventually become clear that the whole /48 should be blacklisted).


other gray-hat situations between these two extremes can be even more 
frustrating because you then have the same "free passes" that the 
blackhat ESP gets... but you can't list the whole /48 without too much 
collateral damage.


SUMMARY: So even if you moved into blocking at the /64 level, the 
spammers have STILL gained an order of magnitudes advantage over the 
IPv4 world any way you slice it. And blocking at the /48 level WOULD 
cause too much collateral damage if don't indiscriminately.


And this is assuming that individual IPs are NEVER assigned individually 
(or in smaller-than-/64-allocations) . (maybe that is a safe assumption? 
I don't know? regardless, even if that were a safe assumption, the 
spammers STILL have gained a massive advantage)


--
Rob McEwen
+1 478-475-9032

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Rob McEwen 

On 10/1/2015 11:58 PM, Rob McEwen wrote:
And blocking at the /48 level WOULD cause too much collateral damage 
if don't indiscriminately. 


I meant, "if done indiscriminately"

excuse my other more minor typos too. I get in a hurry and my fingers 
don't always type what my brain is thinking :)


--
Rob McEwen
+1 478-475-9032

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Mark Andrews 

In message <560e00d4.7090...@invaluement.com>, Rob McEwen writes:
> On 10/1/2015 11:44 PM, Mark Andrews wrote:
> > IPv6 really isn't much different to IPv4.  You use sites /48's
> > rather than addresses /32's (which are effectively sites).  ISP's
> > still need to justify their address space allocations to RIR's so
> > their isn't infinite numbers of sites that a spammer can get.
> 
> A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not 
> the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit 
> hoster assigns various /64s to DIFFERENT customers of theirs... that is 
> a lot of collateral damage that would be caused by listing at the /48 
> level, should just one customer be a bad-apple spammer, or just one 
> legit customer have a compromised system one day.

A hoster can get /48's for each customer.  Each customer is technically
a seperate site.  It's this stupid desire to over conserve IPv6
addresses that causes this not IPv6.

> Conversely, if a more blackhat ESP did this, but it was unclear that 
> this was a blackhat sender until much later.. then LOTS of spam would 
> get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT, 
> with the spammy ESP still having LOTS of /64s to spare.. remember, they 
> started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure, 
> it would eventually become clear that the whole /48 should be blacklisted).
> 
> other gray-hat situations between these two extremes can be even more 
> frustrating because you then have the same "free passes" that the 
> blackhat ESP gets... but you can't list the whole /48 without too much 
> collateral damage.
> 
> SUMMARY: So even if you moved into blocking at the /64 level, the 
> spammers have STILL gained an order of magnitudes advantage over the 
> IPv4 world any way you slice it. And blocking at the /48 level WOULD 
> cause too much collateral damage if don't indiscriminately.
> 
> And this is assuming that individual IPs are NEVER assigned individually 
> (or in smaller-than-/64-allocations) . (maybe that is a safe assumption? 
> I don't know? regardless, even if that were a safe assumption, the 
> spammers STILL have gained a massive advantage)
> 
> -- 
> Rob McEwen
> +1 478-475-9032
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Rob McEwen 

On 10/2/2015 12:18 AM, Mark Andrews wrote:

A hoster can get /48's for each customer.  Each customer is technically
a seperate site.  It's this stupid desire to over conserve IPv6
addresses that causes this not IPv6.


In theory, yes. In practice, I'm skeptical. I think many will 
sub-delegate /64s


Plus, nobody has yet addressed the fact that new /48s will be just so 
EASY to obtain since they are going to be plentiful... therefore... the 
LACK of scarcity will make hosters and ESP... NOT be very motivated to 
keep their IP space clean... as is the case now with IPv4.


Also, it seems so bizarre that in order to TRY to solve this, we have to 
make sure that MASSIVE numbers of individual IPv6 IP addresses.. that 
equal numbers that my calculate can't reach (too many digits)... would 
all be allocated to one single combined usage scenario. Then allocating 
only /48s multiples that number by 65K. Mind boggling


--
Rob McEwen
+1 478-475-9032

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Mark Andrews 

In message <560e0c44.5060...@invaluement.com>, Rob McEwen writes:
> On 10/2/2015 12:18 AM, Mark Andrews wrote:
> > A hoster can get /48's for each customer.  Each customer is technically
> > a seperate site.  It's this stupid desire to over conserve IPv6
> > addresses that causes this not IPv6.
> 
> In theory, yes. In practice, I'm skeptical. I think many will 
> sub-delegate /64s
> 
> Plus, nobody has yet addressed the fact that new /48s will be just so 
> EASY to obtain since they are going to be plentiful... therefore... the 
> LACK of scarcity will make hosters and ESP... NOT be very motivated to 
> keep their IP space clean... as is the case now with IPv4.

The brakes are already in place at the RIR level.  At this level
you can't just get more /48's with no accountability.

> Also, it seems so bizarre that in order to TRY to solve this, we have to 
> make sure that MASSIVE numbers of individual IPv6 IP addresses.. that 
> equal numbers that my calculate can't reach (too many digits)... would 
> all be allocated to one single combined usage scenario. Then allocating 
> only /48s multiples that number by 65K. Mind boggling

There are 281474976710656 /48's.  That is what you manage, not IPv6
addresses.  It's also most probably got more digits than you
calculator supports. :-)

Stop thinking addresses and start thinking sites.  We went to 128
bit of addresses so that we could stop worrying about individual
address, the sizes of subnets or working out how many addresses a
site needs when handing out address blocks except in the most extreme
cases.

Mark

> -- 
> Rob McEwen
> +1 478-475-9032
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Question re session hijacking in dual stack environments w/MacOS

2015-10-01 Thread Doug McIntyre 
On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote:
> On 26/Sep/15 16:34, David Hubbard wrote:
> > Has anyone run into this?  Our users on other platforms don't seem to
> > have this issue; linux and MS desktops seem to just use v6 if it's
> > available and v4 if not.
> 
> I have been tracking down an issue for months where SSH'ing to some
> devices (which picks IPv6 by default) from my Mac while in the office
> drops the connection, forcing me to reconnect. It's random; sometimes it
> happens a lot, sometimes, rarely, other times not at all.

I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
generates a new random IPv6 address, applies it to the interface, and then
drops the old IPv6 addresses as they stale out. Sessions in use or not.

sudo sysctl -w net.inet6.ip6.use_tempaddr=0

sudo sh -c 'echo net.inet6.ip6.use_tempaddr=0 >> /etc/sysctl.conf'

Re: How to force rapid ipv6 adoption

2015-10-01 Thread Hugo Slabbert 
On Thu 2015-Oct-01 18:28:52 -0700, Damian Menscher via NANOG 
 wrote:



On Thu, Oct 1, 2015 at 4:26 PM, Matthew Newton  wrote:


On Thu, Oct 01, 2015 at 10:42:57PM +, Todd Underwood wrote:
> it's just a new addressing protocol that happens to not work with the
rest
> of the internet.  it's unfortunate that we made that mistake, but i guess
> we're stuck with that now (i wish i could say something about lessons
> learned but i don't think any one of us has learned a lesson yet).

Would be really interesting to know how you would propose
squeezing 128 bits of address data into a 32 bit field so that we
could all continue to use IPv4 with more addresses than it's has
available to save having to move to this new incompatible format.



I solved that problem a few years ago (well, kinda -- only for backend
logging, not for routing):
http://docs.guava-libraries.googlecode.com/git/javadoc/com/google/common/net/InetAddresses.html#getCoercedIPv4Address(java.net.InetAddress)


Squeezing 32 bits into 128 bits is easy.  Let me know how you do with 
squeezing 128 bits into 32 bits...




Damian


--
Hugo


signature.asc
Description: Digital signature

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-01 Thread Philip Dorr 
On Thu, Oct 1, 2015 at 10:58 PM, Rob McEwen  wrote:
> On 10/1/2015 11:44 PM, Mark Andrews wrote:
>>
>> IPv6 really isn't much different to IPv4.  You use sites /48's
>> rather than addresses /32's (which are effectively sites).  ISP's
>> still need to justify their address space allocations to RIR's so
>> their isn't infinite numbers of sites that a spammer can get.
>
>
> A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not the
> 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit hoster
> assigns various /64s to DIFFERENT customers of theirs... that is a lot of
> collateral damage that would be caused by listing at the /48 level, should
> just one customer be a bad-apple spammer, or just one legit customer have a
> compromised system one day.

As a provider (ISP or Hosting), you should hand the customers at a
minimum a /56, if not a /48.  The provider should have at a minimum a
/32.  If the provider is only giving their customers a /64, then they
deserve all the pain they receive.