Re: Some advice on IPv6 planning and ARIN request, please

[William Herrin]

On Fri, Jul 7, 2017 at 8:39 PM, Oliver O'Boyle 
wrote:

> Thanks for the input. I don't consider us an isp, though i suppose i can
> see how that argument could me made. Hotels are both simple and
> complicated. There is a mix of our staff and equipment, guests and their
> equipment, and brands with their equipment. But really it's just one
> operating entity that ultimayely isn't that much different than any other
> enterprise out there. Now multiply that by 60-65 sites spread across the
> country and we need to manage our 6000 staff and networks accordingly. We
> operate 100% of the hotel, top to bottom, not just the technology.
>
> I wouldn't want ARIN or anyone else thinking we were an ISP if we aren't.
> Particulary if that creates problems in the future as rules (and possibly
> costs) change.
>
> However, if what you are saying is that registerong as an ISP is actually
> the correct way to go about this in ARIN's eyes as well, then that's a
> different story.
>

Hi Oliver,

You read to me like a borderline case. It comes up a lot with universities:
are they end users or ISPs to their students? ARIN will generally accept
either explanation. You'll get the larger number of IPv6 addresses you want
if you tell them you're an ISP.

The cost difference is likely to remain minimal. The major issue is that as
an ISP you'll be expected to enter SWIP records so read up on that.

Regards,
Bill

-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: loc.gov

[Nicholas Oas]

I'd be interested to know the answer to this one as well, as I've gone
looking for the outages list in the past and found the same result.

Have isitdownorjustme sites simply superceded the need for such lists?

On Jul 8, 2017 6:59 PM, "Joly MacFie"  wrote:

> Actually, now I go to https://www.nanog.org/list/faq/other
>
> I don't see any such thing, just http://www.outages.org/ where the latest
> report is 2013.
>
> Also "See *http://www.isp-lists.com/*  for many
> other topic-specific lists." takes one somewhere else entirely!
>
> j
>
>
>
> On Sat, Jul 8, 2017 at 6:47 PM, Doug Barton  wrote:
>
> > Isn't that a problem that suggests its own solution?
> >
> >
> >
> > On 7/8/2017 1:43 PM, Joly MacFie wrote:
> >
> >> (sorry I'm not on the outage list)
> >>
> >> --
> >> ---
> >> Joly MacFie  218 565 9365 Skype:punkcast
> >> --
> >> -
> >>
> >
>

Re: Some advice on IPv6 planning and ARIN request, please

[valdis . kletnieks]

On Sat, 08 Jul 2017 18:59:36 +0200, "Radu-Adrian Feurdean" said:

> Now please show be a hotel room that has close to 65536 items in it
> (also tell me how much does a night in such a room cost).
> Then how many rooms may host close to 256 devices that can transmit and
> receive data ?

Well, as I sit here, my apartment edge router gets a /60 from Comcast, and
burns through them pretty quick.  A subnet for the 4 wired devices,
another for the 2.4Ghz wireless, another for 5ghz wireless, and if I
enabled them another 2 guest wireless subnets.. and then more for any
VLAN I might set up. If I lived in a large enough house, I'm *already*
out of enough address space to easily prefix-delegate to a second router
at the far end of the house.

And yes, this *is* a setup where there's only 1 or 2 devices per most subnets.

So no, the idea is *not at all* to see how we can cram as many devices as
possible onto a subnet.  The idea is to set up a networking environment where
it's as easy as possible for even fairly stupid devices to be able to
auto-configure and join in.  And there's *really* good security reasons
for your FizzBin 5000 that wants to be a IoT device but you don't really
trust, to end up on a different subnet from your laptop


pgpx53ibJPLnx.pgp
Description: PGP signature

Re: loc.gov

[Joly MacFie]

Actually, now I go to https://www.nanog.org/list/faq/other

I don't see any such thing, just http://www.outages.org/ where the latest
report is 2013.

Also "See *http://www.isp-lists.com/*  for many
other topic-specific lists." takes one somewhere else entirely!

j



On Sat, Jul 8, 2017 at 6:47 PM, Doug Barton  wrote:

> Isn't that a problem that suggests its own solution?
>
>
>
> On 7/8/2017 1:43 PM, Joly MacFie wrote:
>
>> (sorry I'm not on the outage list)
>>
>> --
>> ---
>> Joly MacFie  218 565 9365 Skype:punkcast
>> --
>> -
>>
>

Re: loc.gov

[Doug Barton]

Isn't that a problem that suggests its own solution?


On 7/8/2017 1:43 PM, Joly MacFie wrote:

(sorry I'm not on the outage list)

Re: loc.gov

[Miles Fidelman]

Both work for me in Boston.


On 7/8/17 5:55 PM, John Levine wrote:

In article  
you write:

http://www.loc.gov/

Works fine for me on Roadrunner in central NY.


--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: loc.gov

[John Levine]

In article  
you write:
>http://www.loc.gov/

Works fine for me on Roadrunner in central NY.

Re: Some advice on IPv6 planning and ARIN request, please

[Radu-Adrian Feurdean]

On Sat, Jul 8, 2017, at 19:13, Mel Beckman wrote:
> Radu,
> 
> Are you assuming that a goal of IPv6 is to efficiently fill subsets? I

No, but I assume IPv6 is still subject to common-sense.

> among them easy mapping of MAC addresses for transition purposes and the
> security that discourages malefactors from quickly enumerating active
> devices in a subnet.

I do get all those points. And by the way, try to explain the same to
security people.

> But that's not the main reason for /64 basic subsets. One of the guiding
> principles of IPv6 was to not make the mistake of underestimating the
> future applications of IP addresses. Thus your question "what hotel room

... so it went directly to over-estimating 

> has 65536 items in it?" has no meaning in terms of future applications.
> As you point out, we're not talking about hotel rooms. We don't, by
> definition, know what we're talking about for future applications.

All this by forgetting today's applications.
And no, you can't possibly treat the same way a hotel room and a 4 floor
site with a server room.

> I tell people in my IPv6 classes that we have to stop thinking of
> ourselves in a spacesuit with a limited air supply that must be rationed,
> and instead recognize that we're now in a wide-open planet-sized
> atmosphere where we can breathe freely, and without apportionment. 

Well, by having 64 bits for each subnet, I start lacking bits for other
things (like inter-devices connections, ). I'm not in a space-suit,
but I'm on top of Kilimanjaro, where air pressure is only half of what
we're used to.

> That open atmosphere was by design. It's why IPv6 uses 128-bit addresses,

That's for hosts. When you care more about subnets, it's shortened to 64
bits.

> They're just integers. Not lumps of gold. 

Be careful, IPv4 got upgraded from numbers to gold a number of years
ago.

> And there's more where those came from :)

Hopefully. I'm just curious if 8000::/4 will obey today's rules or not.

Back to the original question, I find it delirious to treat a small
entity the same as a big one, especially when the size difference
between the two is several orders of magnitude. Even if we consider
"future applications", there's still a very high chance that the size
will still matter. Get "the IT guy" of a small company to get used with
a /48 for his 20 people, 5 printers and 2-3 servers set-up,  then
imagine what happens with a design of a "site" 10 or 100 times bigger.
This is something that you already see with VLAN ids and RFC1918 space.
Even if you think you gave people "as much as they will ever need", they
will still end up needing more.

Re: loc.gov

[Anne P. Mitchell Esq.]

> I see http://congress.gov/ is out too.
> 
> 
> 
> On Sat, Jul 8, 2017 at 4:43 PM, Joly MacFie  wrote:
> 
>> (sorry I'm not on the outage list)
>> 
>> Any clues as to what the problem is at the Library of Congress? Appears to
>> be DNS. Is it a DDOS?
>> 
>> http://www.loc.gov/

These both load for me.

Anne

Anne P. Mitchell, Esq.
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell

Re: loc.gov

[Justin Paine via NANOG]

Both loading in SF over Comcast without  issue  


_
Justin Paine
Head of Trust & Safety
Cloudflare Inc.
PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D






On Sat, Jul 8, 2017 at 1:49 PM -0700, "Joly MacFie"  wrote:










I see http://congress.gov/ is out too.



On Sat, Jul 8, 2017 at 4:43 PM, Joly MacFie  wrote:

> (sorry I'm not on the outage list)
>
> Any clues as to what the problem is at the Library of Congress? Appears to
> be DNS. Is it a DDOS?
>
> http://www.loc.gov/
>
>
>
> --
> ---
> Joly MacFie  218 565 9365 <(218)%20565-9365> Skype:punkcast
> --
> -
>



-- 
---
Joly MacFie  218 565 9365 Skype:punkcast
--
-

Re: loc.gov

[Joly MacFie]

I see http://congress.gov/ is out too.



On Sat, Jul 8, 2017 at 4:43 PM, Joly MacFie  wrote:

> (sorry I'm not on the outage list)
>
> Any clues as to what the problem is at the Library of Congress? Appears to
> be DNS. Is it a DDOS?
>
> http://www.loc.gov/
>
>
>
> --
> ---
> Joly MacFie  218 565 9365 <(218)%20565-9365> Skype:punkcast
> --
> -
>



-- 
---
Joly MacFie  218 565 9365 Skype:punkcast
--
-

loc.gov

[Joly MacFie]

(sorry I'm not on the outage list)

Any clues as to what the problem is at the Library of Congress? Appears to
be DNS. Is it a DDOS?

http://www.loc.gov/



-- 
---
Joly MacFie  218 565 9365 Skype:punkcast
--
-

RE: Some advice on IPv6 planning and ARIN request, please

[Aaron Gould]

Hi Oliver, et al, I recall from when I attended an ARIN on the Road meeting in 
Austin last year ( https://www.arin.net/ontheroad/ ), that the folks at ARIN 
seemed to be open to discussing with you about getting the right size address 
space into your hands for what you needed to accomplishwithin reason...and 
within justification.  I won't speak for ARIN, but I just seem to remember that 
they were open to talking about it.  I don't recall if you said you have 
actually had dialogue with ARIN about getting the "right" amount of address 
space to accomplish what you are looking to do.  If not, please reach out to 
them.  They've always been helpful and responsive when I've discussed IPv4 and 
also now, v6 with them.

Also, I recall in a v6 online class I did that one point that was made was to 
not take too much time analyzing, but to get moving with v6.  I think Lee just 
said you should plan on readdressing a few times.  Ok, fine.  I see that as 
being possible.  You live and you learn.  I did find myself last year and 
earlier this year spending A LOT of time going over and over and over again, 
the "best" way to carve up my /32 of v6 addresses with fellow engineers.  We 
stopped talking about it for a while... then I came back recently and said guys 
we gotta settle on something and go for it !  Well, we did and I'm glad.  I'm 
not saying be willy nilly about your v6 space, but settle on something sensible 
and go for it... then be open to course correcting along the way, and readdress 
where you must.  I've dual staked a few of my cdn public caches, and am talking 
about dual-stacking 7,000 DSL customers that are currently doing NAT444.

v6 is fairly early in my deployment and going fine so far.  Btw, I will add 
that I love my 6VPE.  Dang MPLS xVPN's make my life so nice and manageable.  
You geniuses out there that invent technology are incredible.  Keep it up.

-Aaron Gould  

Re: Some advice on IPv6 planning and ARIN request, please

[Mel Beckman]

Radu,

Are you assuming that a goal of IPv6 is to efficiently fill subsets? I submit 
that it is not. There are advantages to sparse address spaces, among them easy 
mapping of MAC addresses for transition purposes and the security that 
discourages malefactors from quickly enumerating active devices in a subnet.

But that's not the main reason for /64 basic subsets. One of the guiding 
principles of IPv6 was to not make the mistake of underestimating the future 
applications of IP addresses. Thus your question "what hotel room has 65536 
items in it?" has no meaning in terms of future applications. As you point out, 
we're not talking about hotel rooms. We don't, by definition, know what we're 
talking about for future applications.

I tell people in my IPv6 classes that we have to stop thinking of ourselves in 
a spacesuit with a limited air supply that must be rationed, and instead 
recognize that we're now in a wide-open planet-sized atmosphere where we can 
breathe freely, and without apportionment. 

That open atmosphere was by design. It's why IPv6 uses 128-bit addresses, and 
not 48- or 64-bit. In the exponential space of integers, IPv6 selected a 
maximum integer that was many orders of magnitude greater than we could ever 
imagine needing at the time.

They're just integers. Not lumps of gold. And there's more where those came 
from :)

 -mel beckman

> On Jul 8, 2017, at 10:00 AM, Radu-Adrian Feurdean 
>  wrote:
> 
>> On Sat, Jul 8, 2017, at 03:06, Owen DeLong wrote:
>> consider a /48 per guest room as well as a /48 per hotel for the hotel
>> itself.
> 
> I think the classfull madness of "/48 everywhere" should stop at some
> point; the "every subnet is a /64" is enough already.
> 
> A /48 is 65536 *subnets*, with each subnet having space for what can be
> considered "unlimited" number of devices.
> A /56 already is 256 *subnets*. 
> Now please show be a hotel room that has close to 65536 items in it
> (also tell me how much does a night in such a room cost).
> Then how many rooms may host close to 256 devices that can transmit and
> receive data ?
> And then again, at the end of the day a hotel is *NOT* and ISP, a hotel
> is a hotel. Internet access is just an extra service that became
> mandatory lately in order to remain "competitive".

Re: Some advice on IPv6 planning and ARIN request, please

[Radu-Adrian Feurdean]

On Sat, Jul 8, 2017, at 03:06, Owen DeLong wrote:
> consider a /48 per guest room as well as a /48 per hotel for the hotel
> itself.

I think the classfull madness of "/48 everywhere" should stop at some
point; the "every subnet is a /64" is enough already.

A /48 is 65536 *subnets*, with each subnet having space for what can be
considered "unlimited" number of devices.
A /56 already is 256 *subnets*. 
Now please show be a hotel room that has close to 65536 items in it
(also tell me how much does a night in such a room cost).
Then how many rooms may host close to 256 devices that can transmit and
receive data ?
And then again, at the end of the day a hotel is *NOT* and ISP, a hotel
is a hotel. Internet access is just an extra service that became
mandatory lately in order to remain "competitive".

Re: Some advice on IPv6 planning and ARIN request, please

[Lee Howard]

On 7/7/17, 1:07 PM, "NANOG on behalf of Oliver O'Boyle"
 wrote:

> We're currently in the planning stage and can make
>whatever changes we need to.

I always say to just expect you’ll change your address plan three times.
Some people say, “I’ve only changed the address plan twice. . . so far.”

>
>Situation:
>
>We're an end-user org and qualify for a /40 assignment because we operate
>over 60 sites and some of those are/will be multihomed. We manage hotels
>in
>Canada only, but from coast to coast to coast and everywhere in between.
>Our corporate network and org structure is optimized for three regions. We
>also have, and continue to grow into, cloud infrastructure and foresee
>wanting to bring our own addresses (.e.g., to AWS VPC when that option
>becomes available). As such, an obvious design strategy would be to break
>the /40 into 4 x /42's. However, due to an imbalance in national site
>distribution, 50% of our sites are located in one region (Region A).
>Additionally, historical and forecasted growth indicates that it's
>perfectly reasonable for us to expect growth of an additional 16 sites in
>that same region over the next 3-5 years.

Even assuming, as you said: a /48 per hotel, it sounds like you’re
planning for:
Region A, 45 sites, minimum /42
Region B, <20 sites, minimum /44
Region C, <20 sites, minimum /44
Cloud stuff, minimum /48, but that might need more

However, as others have suggested, you might want to start from the
bottom, deciding the allocations within each hotel. It may be that you
need multiple /48s for HotelGuest, HotelLobby, HotelConference, and
HotelStaff SSIDs. 
A /64 per WiFi AP is an aboslute minimum, but a prefix per room (or guest)
would be better, and there are reasons to consider /56 and /48 per “end
user” in the hotel. Even if you can’t assign it with current WiFi
technology, your address plan should allow for an evolution to a better
way of doing things.
If my math works right, and you have between 127 and 255 rooms in a hotel:
255 * /56 = /48 just for HotelGuest. You may need a /44 per hotel, if
there are four separate networks.
Or:
255 * /48 = /40 just for HotelGuest. You may need a /36 per hotel.

As others have said, I’m assuming you treat guests to whom you provide
Internet service as customers.


>
>I think the ideal situation is out as ARIN policy wouldn't allow them to
>assign us a /36 at this time. Unless someone knows something that can help
>us here.

Try calling ARIN. Ask a hostmaster whether the End User or ISP category
makes more sense in your case. It’s also possible they’ll say “slow start”
and give you a /40 for your first hotel, and tell you to return in a week
when you need more.

But also, take into account [NRPM 6.5.8.2] "Requests forlarger
initial assignments, reasonably justified with supporting
documentation, will be evaluated based on the number of sites in an
organization’s network and the number of subnets needed to support any
   extra-large sites defined below.” There’s a lot of room within
policy to do sensible things with IPv6.

>
>Assuming we can't get a /36, my feeling is that less ideal situation #2 is
>better than #3 is better than #1 is better than #4, assuming we're
>following the following design best-practices:
>
>a) assign top-level aggregations evenly (which we'd be breaking a bit with
>option #2)
>b) reduce global routes as much as possible
>c) stay on the nibble boundary as much as possible
>d) default to /48 per site

Yes, all good goals. But none is critical to the success of your network
(except c, only if you plan to delegate reverse DNS). “As much as
possible” also implies “and no more than is possible.”

>
>Thanks in advance,
>Oliver


btw, I can’t wait to stay in your hotels once they have IPv6! I hope
you’ll be able to tweet or post here when it’s deployed, so we can
congratulate you, and maybe get some conferences to consider you as a
venue.

Lee