> (IPv6 ONLY insisting on manufacturers implementing 464XLAT is inferior
> in every way to dual stack,
There is one way it is superior; it rewards web and other content sites
that implement IPv6. Unlike dual stack, it applies pressure where it is
needed, on the IPv4-only sites. Grottiness can
On Sat, Oct 03, 2015 at 08:10:36AM -0500, Mike Hammett wrote:
>
> People keep thinking I want Level 3 to replace a loaded 6500 with a CCR and
> that's simply not what I'm saying at all. The point of rattling off the
> newer\smaller hardware was to say that if the site doesn't require 40G\100G,
One of the small microPC solutions. Depending on what you want to test (eg
bandwidth) you may find platforms like raspberrypi too limited. Intel NUC or
LIVA platforms?
https://www.perfsonar.net/deploy/hardware-selection/low-cost-hardware/
alan
Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need
to be in the router.
Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, with
IPv6 it's built into every device, because IPsec is a mandatory component for
IPv6, and therefore, the IPsec
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to
support any other mandatory IPv6 specification, such as RA.
There's really no excuse for not supporting IPSec, as it's a widely available
open source component that costs nothing to incorporate into an IPv6 stack.
Randy,
Your claim is a red herring. IPSec has nothing to do with IPv6 deployment.
Deployment doesn't require global IPSec, which need only reside in endpoint
nodes. It's not needed at all in the routjg and distribution infrastructure,
which is where deployment happens
The vast majority of
Hi,
> Op 4 okt. 2015, om 16:52 heeft Mel Beckman het volgende
> geschreven:
>
> If it doesn't support IPSec, it's not really IPv6. Just as if it failed to
> support any other mandatory IPv6 specification, such as RA.
I think you're still looking at an old version of the
The times for tonight's event differ from the guidebook to the online
version @ nanog
nanog 6-8PM
guidebook 7-11PM
Which is correct?
> Building a secure firewall takes more than just knowing how to issue
> ip6table commands; one also needs to know exactly what goes into those
> commands. NANOG concentrates on network operators who need to provide a
> good Internet experience to all their downstream customers, which is why I
>
I recommend any of a number of online courses for a quick understanding of
IPv6. But nothing beats making your own IPv6 lab and getting hands-on
experience. Here's a course I built walking you through that process:
http://windowsitpro.com/build-your-own-ipv6-lab-and-become-ipv6-guru-demand
> Keep in mind that IPv6 has IPSec VPN built into the protocol.
yet another ipv6 fantasy. it may be in the powerpoint but it is not in
the implementations.
> Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need
> to be in the router.
>
> Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service,
> with IPv6 it's built into every device, because IPsec is a mandatory
> component for IPv6, and therefore, the
On 10/04/2015 06:40 AM, Matthias Leisi wrote:
Fully agree. But the current state of IPv6 outside "professional“
networks/devices is sincerely limited by a lot of poor CPE and
consumer device implementations.
I have to ask: where is the book _IPv6 for Dummies_ or equivalent?
Specifically, is
i give
< plonk >
Thanks John for letting us know we will get fixed asap ... the time is
Sunday, October 4 Sponsored by: Resolve Systems Time: 6:00pm - 8:00pm
Where: Moxie's, 1207 Robert-Bourassa Boulevard, Montreal - See more at:
https://www.nanog.org/node/1624#sthash.YBeEXhC3.dpuf
Betty J. Burke
NANOG
> One or more of these things will be the death of IPv4:
IPv4 will not die, it will be superseded by something better :)
What I have found to be the greatest obstacle to IPv6 adoption is the state of
IPv6 support in various types of CPEs / network equipment. The support is
mostly OK in
> If it doesn't support IPSec, it's not really IPv6.
by that criterion, ipv6 deployment is effectively zero
Hi,
On Sun, Oct 4, 2015 at 1:56 AM, John Levine wrote:
> In article <37dba43e-ee76-4323-962c-30bb988d0...@hathcock.org> you write:
>>Greetings, NANOG. Happy Saturday to all.
>>
>>I am running a DOCSIS network that has a noisy cable plant. I want to be
>>able to substantiate
On Sun, 4 Oct 2015, Mel Beckman wrote:
If it doesn't support IPSec, it's not really IPv6. Just as if it failed
to support any other mandatory IPv6 specification, such as RA.
Go tell cisco that. IIRC, the first network I dual-stacked, I was kind of
surprised when I found I could not use
What Cisco routers, and what vintage IOS, are you finding have no IPSec
support? I've not run into that problem.
-mel beckman
> On Oct 4, 2015, at 8:33 AM, Jon Lewis wrote:
>
>> On Sun, 4 Oct 2015, Mel Beckman wrote:
>>
>> If it doesn't support IPSec, it's not really
On 04/10/2015 16:03, Randy Bush wrote:
> yet another ipv6 fantasy. it may be in the powerpoint but it is not in
> the implementations.
the ipsec tickbox was removed from ipv6 in rfc6434 (2011).
Nick
>From the time we began to take the idea of an address runout seriously
in the early 90s to the actual address runout which would be just
about now new priorities arose such as spam which I'll say really got
going in the late 90s.
There were others such as the potential routing table explosion
On 2015-10-04 14:42, Jay Ashworth wrote:
as to why your users just started it, nfi. my best guess is that they
weren't using https previously.
Well, "more people may be using HTTPS-Anywhere" may have something to
do with it.
fwiw, https-anywhere doesn't just try to connect via https to every
We all knew about this, right?
http://arstechnica.com/information-technology/2015/02/http2-finished-coming-to-browsers-within-weeks/
One - few - many - all? What's that?
Cheers,
-- jra
--
Jay R. Ashworth Baylink j...@baylink.com
Designer
Damnit.
Apologies everyone; no clue why Ars was pushing that *now*, 6 months after
its dateline.
- Original Message -
> From: "Jay Ashworth"
> To: "NANOG"
> Sent: Sunday, October 4, 2015 2:30:00 PM
> Subject: HTTP/2.0 to ship in weeks
> We all knew
On Sat, 3 Oct 2015, Lorell Hathcock wrote:
I am running a DOCSIS network that has a noisy cable plant. I want to
be able to substantiate and quantify users' bandwidth issues. I would
like a set of inexpensive probes that I could place at selected
customer's homes/businesses that would on a
Stefann,
You're right. I remember hearing rumblings of vendors requesting this change,
mostly because embedded processors of the time had difficulty performing well
with IPv6. I see that in 2011 rfc6434 lowered IPSec from "must" to "should".
Nevertheless, plenty of products produced before
- Original Message -
> From: "coolhandluke via Outages"
> > -We're wondering what happened yesterday to break all these
> > disparate
> > websites
> note that this is *by design*, as sean pointed out.
>
> the "fix" is simple: don't use https on www.irs.gov. any ssl
sup720-3bxl, but this was a number of years ago. I don't recall the
exact version. It was probably 12.2SXI-something.
On Sun, 4 Oct 2015, Mel Beckman wrote:
What Cisco routers, and what vintage IOS, are you finding have no IPSec
support? I've not run into that problem.
-mel beckman
A lot has changed since 12.2 :)
I believe all shipping gear supports IPSec in IPv6.
-mel beckman
> On Oct 4, 2015, at 11:48 AM, Jon Lewis wrote:
>
> sup720-3bxl, but this was a number of years ago. I don't recall the exact
> version. It was probably 12.2SXI-something.
Hello, dear Nanog Community!
I'm looking for upstreams with BGP Flow Spec / RFC 5575 support in US
(West and East coast are welcome).
We have implemented support for BGP Flow Spec traffic filtering in our
own open source DDoS detection toolkit and using it on our own MX
routers. Works really
31 matches
Mail list logo