Re: How to force rapid ipv6 adoption

2015-10-04 Thread Wolfgang S. Rupprecht
> (IPv6 ONLY insisting on manufacturers implementing 464XLAT is inferior > in every way to dual stack, There is one way it is superior; it rewards web and other content sites that implement IPv6. Unlike dual stack, it applies pressure where it is needed, on the IPv4-only sites. Grottiness can

Re: AW: AW: AW: /27 the new /24

2015-10-04 Thread James Jun
On Sat, Oct 03, 2015 at 08:10:36AM -0500, Mike Hammett wrote: > > People keep thinking I want Level 3 to replace a loaded 6500 with a CCR and > that's simply not what I'm saying at all. The point of rattling off the > newer\smaller hardware was to say that if the site doesn't require 40G\100G,

Re: Inexpensive probes for automated bandwidth testing purposes

2015-10-04 Thread Alan Buxey
One of the small microPC solutions. Depending on what you want to test (eg bandwidth) you may find platforms like raspberrypi too limited. Intel NUC or LIVA platforms? https://www.perfsonar.net/deploy/hardware-selection/low-cost-hardware/ alan

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need to be in the router. Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, with IPv6 it's built into every device, because IPsec is a mandatory component for IPv6, and therefore, the IPsec

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA. There's really no excuse for not supporting IPSec, as it's a widely available open source component that costs nothing to incorporate into an IPv6 stack.

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
Randy, Your claim is a red herring. IPSec has nothing to do with IPv6 deployment. Deployment doesn't require global IPSec, which need only reside in endpoint nodes. It's not needed at all in the routjg and distribution infrastructure, which is where deployment happens The vast majority of

Re: /27 the new /24

2015-10-04 Thread Sander Steffann
Hi, > Op 4 okt. 2015, om 16:52 heeft Mel Beckman het volgende > geschreven: > > If it doesn't support IPSec, it's not really IPv6. Just as if it failed to > support any other mandatory IPv6 specification, such as RA. I think you're still looking at an old version of the

Agenda

2015-10-04 Thread John Springer
The times for tonight's event differ from the guidebook to the online version @ nanog nanog 6-8PM guidebook 7-11PM Which is correct?

Re: /27 the new /24

2015-10-04 Thread Denis Fondras
> Building a secure firewall takes more than just knowing how to issue > ip6table commands; one also needs to know exactly what goes into those > commands. NANOG concentrates on network operators who need to provide a > good Internet experience to all their downstream customers, which is why I >

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
I recommend any of a number of online courses for a quick understanding of IPv6. But nothing beats making your own IPv6 lab and getting hands-on experience. Here's a course I built walking you through that process: http://windowsitpro.com/build-your-own-ipv6-lab-and-become-ipv6-guru-demand

Re: /27 the new /24

2015-10-04 Thread Randy Bush
> Keep in mind that IPv6 has IPSec VPN built into the protocol. yet another ipv6 fantasy. it may be in the powerpoint but it is not in the implementations.

Re: /27 the new /24

2015-10-04 Thread sthaug
> Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need > to be in the router. > > Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, > with IPv6 it's built into every device, because IPsec is a mandatory > component for IPv6, and therefore, the

Re: /27 the new /24

2015-10-04 Thread Stephen Satchell
On 10/04/2015 06:40 AM, Matthias Leisi wrote: Fully agree. But the current state of IPv6 outside "professional“ networks/devices is sincerely limited by a lot of poor CPE and consumer device implementations. I have to ask: where is the book _IPv6 for Dummies_ or equivalent? Specifically, is

Re: /27 the new /24

2015-10-04 Thread Randy Bush
i give < plonk >

Re: Agenda

2015-10-04 Thread Betty Burke <be...@nanog.org>
Thanks John for letting us know we will get fixed asap ... the time is Sunday, October 4 Sponsored by: Resolve Systems Time: 6:00pm - 8:00pm Where: Moxie's, 1207 Robert-Bourassa Boulevard, Montreal - See more at: https://www.nanog.org/node/1624#sthash.YBeEXhC3.dpuf Betty J. Burke NANOG

Re: /27 the new /24

2015-10-04 Thread Matthias Leisi
> One or more of these things will be the death of IPv4: IPv4 will not die, it will be superseded by something better :) What I have found to be the greatest obstacle to IPv6 adoption is the state of IPv6 support in various types of CPEs / network equipment. The support is mostly OK in

Re: /27 the new /24

2015-10-04 Thread Randy Bush
> If it doesn't support IPSec, it's not really IPv6. by that criterion, ipv6 deployment is effectively zero

Re: Inexpensive probes for automated bandwidth testing purposes

2015-10-04 Thread Alex Brooks
Hi, On Sun, Oct 4, 2015 at 1:56 AM, John Levine wrote: > In article <37dba43e-ee76-4323-962c-30bb988d0...@hathcock.org> you write: >>Greetings, NANOG. Happy Saturday to all. >> >>I am running a DOCSIS network that has a noisy cable plant. I want to be >>able to substantiate

Re: /27 the new /24

2015-10-04 Thread Jon Lewis
On Sun, 4 Oct 2015, Mel Beckman wrote: If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA. Go tell cisco that. IIRC, the first network I dual-stacked, I was kind of surprised when I found I could not use

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
What Cisco routers, and what vintage IOS, are you finding have no IPSec support? I've not run into that problem. -mel beckman > On Oct 4, 2015, at 8:33 AM, Jon Lewis wrote: > >> On Sun, 4 Oct 2015, Mel Beckman wrote: >> >> If it doesn't support IPSec, it's not really

Re: /27 the new /24

2015-10-04 Thread Nick Hilliard
On 04/10/2015 16:03, Randy Bush wrote: > yet another ipv6 fantasy. it may be in the powerpoint but it is not in > the implementations. the ipsec tickbox was removed from ipv6 in rfc6434 (2011). Nick

Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

2015-10-04 Thread Barry Shein
>From the time we began to take the idea of an address runout seriously in the early 90s to the actual address runout which would be just about now new priorities arose such as spam which I'll say really got going in the late 90s. There were others such as the potential routing table explosion

Re: [outages] Akamai Cert Issues today

2015-10-04 Thread coolhandluke
On 2015-10-04 14:42, Jay Ashworth wrote: as to why your users just started it, nfi. my best guess is that they weren't using https previously. Well, "more people may be using HTTPS-Anywhere" may have something to do with it. fwiw, https-anywhere doesn't just try to connect via https to every

HTTP/2.0 to ship in weeks

2015-10-04 Thread Jay Ashworth
We all knew about this, right? http://arstechnica.com/information-technology/2015/02/http2-finished-coming-to-browsers-within-weeks/ One - few - many - all? What's that? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer

Disregard: HTTP/2.0 to ship in weeks

2015-10-04 Thread Jay Ashworth
Damnit. Apologies everyone; no clue why Ars was pushing that *now*, 6 months after its dateline. - Original Message - > From: "Jay Ashworth" > To: "NANOG" > Sent: Sunday, October 4, 2015 2:30:00 PM > Subject: HTTP/2.0 to ship in weeks > We all knew

Re: Inexpensive probes for automated bandwidth testing purposes

2015-10-04 Thread Brandon Ross
On Sat, 3 Oct 2015, Lorell Hathcock wrote: I am running a DOCSIS network that has a noisy cable plant. I want to be able to substantiate and quantify users' bandwidth issues. I would like a set of inexpensive probes that I could place at selected customer's homes/businesses that would on a

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
Stefann, You're right. I remember hearing rumblings of vendors requesting this change, mostly because embedded processors of the time had difficulty performing well with IPv6. I see that in 2011 rfc6434 lowered IPSec from "must" to "should". Nevertheless, plenty of products produced before

Re: [outages] Akamai Cert Issues today

2015-10-04 Thread Jay Ashworth
- Original Message - > From: "coolhandluke via Outages" > > -We're wondering what happened yesterday to break all these > > disparate > > websites > note that this is *by design*, as sean pointed out. > > the "fix" is simple: don't use https on www.irs.gov. any ssl

Re: /27 the new /24

2015-10-04 Thread Jon Lewis
sup720-3bxl, but this was a number of years ago. I don't recall the exact version. It was probably 12.2SXI-something. On Sun, 4 Oct 2015, Mel Beckman wrote: What Cisco routers, and what vintage IOS, are you finding have no IPSec support? I've not run into that problem. -mel beckman

Re: /27 the new /24

2015-10-04 Thread Mel Beckman
A lot has changed since 12.2 :) I believe all shipping gear supports IPSec in IPv6. -mel beckman > On Oct 4, 2015, at 11:48 AM, Jon Lewis wrote: > > sup720-3bxl, but this was a number of years ago. I don't recall the exact > version. It was probably 12.2SXI-something.

Looking for upstream provider with BGP Flow Spec support / RFC 5575

2015-10-04 Thread Pavel Odintsov
Hello, dear Nanog Community! I'm looking for upstreams with BGP Flow Spec / RFC 5575 support in US (West and East coast are welcome). We have implemented support for BGP Flow Spec traffic filtering in our own open source DDoS detection toolkit and using it on our own MX routers. Works really