Re: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address block

[Oliver O'Boyle]

Thank you, everyone, for your responses.

Abe, I appreciate your enthisam but it is obvious you are not interested in
collaboration. You are singularly-minded and trollish.

I am assigning your email address to my spam filters. I will not see any
future communication from you.

O.


On Sat, Jan 13, 2024, 4:13 p.m. Abraham Y. Chen  wrote:

> Hi, Seth:
>
> 0)Thanks for bringing up this pair of Drafts.
>
> 1)While I believe your "IPv4 Unicast Extension" team carried on with
> the first, Avinta got accidentally exposed to the second. After analyzed
> the hurdle it faced in adding on to RFC1918, the EzIP Project is now
> focusing on enhancing CG-NAT by expanding  RFC6598.
>
> Regards,
>
>
> Abe (2024-01-13 16:08)
>
> On 2024-01-12 14:45, Seth David Schoen wrote:
>
> Michael Thomas writes:
>
>
> I wonder if the right thing to do is to create a standards track RFC that
> makes the experimental space officially an add on to rfc 1918. If it works
> for you, great, if not your problem. It would at least stop all of these
> recurring arguments that we could salvage it for public use when the
> knowability of whether it could work is zero.
>
> In 2008 there were two proposals
> https://datatracker.ietf.org/doc/draft-fuller-240space/https://datatracker.ietf.org/doc/draft-wilson-class-e/
>
> where the former was agnostic about how we would eventually be able to
> use 240/4, and the latter designated it as RFC 1918-style private space.
> Unfortunately, neither proposal was adopted as an RFC then, so we lost a
> lot of time in which more vendors and operators could have made more
> significant progress on its usability.
>
>
>
>
> 
> Virus-free.www.avast.com
> 
> <#m_2842409467345373561_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>

Re: ipv6 address management - documentation

[Oliver O'Boyle]

I used NIPAP about seven or eight years ago. It's quite customizable and
easy enough to code against but not the easiest to work with, overall. It
has some quirks. I think I would have chosen Netbox had it been as mature
as it is now.

Oliver


On Sat, Nov 18, 2023, 3:41 p.m. JASON BOTHE via NANOG 
wrote:

> Netbox for the win! You can not only use it for IPAM but for circuit
> inventory, designs, cross connects, rack layouts and automate from there.
> It serves as a true source of truth. I think you will be pleased.
>
> > On Nov 16, 2023, at 15:03, Aaron Gould  wrote:
> >
> > For years I've used an MS Excel spreadsheet to manage my IPv4
> addresses.  IPv6 is going to be maddening to manage in a spreadsheet.  What
> does everyone use for their IPv6 address prefix management and
> documentation?  Are there open source tools/apps for this?
> >
> > --
> > -Aaron
> >
>

Re: IP tracking system

[Oliver O'Boyle]

I've found success with NIPAP:

https://spritelink.github.io/NIPAP/

I've built some yaml-based templates and python-based loading tools that
populate everything from the VRF to the prefix pools and descriptions
etc... in a pretty complex setup. It's quite flexible, though you will
spend some time inthe docs to get it all working the way you want. NIPAP is
all developed in python so it's easy to sift through the code if you need.

Oliver

On Tue, 14 Dec 2021 at 08:58,  wrote:

> This may have been asked and answered, but I couldn’t find the answer.
>
> What are people recommending these days for IP tracking systems? I’m
> looking for something to track the used/available IP addresses in my new
> lab.
>
> Thanks in advance.
>
> Shane



-- 
:o@>

Re: AWS and IPv6

[Oliver O'Boyle]

On Sun., Nov. 28, 2021, 17:13 William Herrin,  wrote:

> On Sun, Nov 28, 2021 at 1:18 PM Karl Auer  wrote:
> > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote:
> > > I was reading their howto yesterday and it seems they are only
> > > allocating a /64? Why?
> >
> > That's a /64 *per subnet*...
> >
> > But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56.
> > Would have been nice to see /48 instead.
>
> Hi Karl,
>
> To what purpose? You can't alter the VPC routing of any of the IP
> addresses (v4 or v6) assigned to an AWS VPC. If you try, for example,
> to assign a /64 to an instance you get a funky error: "Route
> destination doesn't match any subnet CIDR blocks." You can only assign
> the block's IP addresses to subnets or not and then assign addresses
> from the subnet to the instances. You can't have more than 256 subnets
> in a VPC so why would you need more than a /56 of IPv6 addresses?
>

Agreed, those limits align and are reasonable. If you BYO, then you can
bring up to 5 /48's per account, but only use one per region. The limit of
a /56 per VPC remains, but you can create multiple VPCs per region and most
companies use multiple accounts. There are some other limitations but some
of these may change over time:


   -

   The most specific IPv6 address range that you can bring is /48 for CIDRs
   that are publicly advertised, and /56 for CIDRs that are not publicly
   advertised
   

   .
   -

   You can bring each address range to one Region at a time.
   -

   You can bring a total of five IPv4 and IPv6 address ranges per Region to
   your AWS account.
   -

   You cannot share your IP address range with other accounts using AWS
   Resource Access Manager (AWS RAM).


Regards,
> Bill Herrin
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/



>

Re: IPv6 and CDN's

[Oliver O'Boyle]

On Sat., Nov. 27, 2021, 12:59 Gary Buhrmaster, 
wrote:

> On Sat, Nov 27, 2021 at 5:05 PM Oliver O'Boyle 
> wrote:
>
> > On Sat., Nov. 27, 2021, 10:46 Scott Morizot,  wrote:
> >> Since we are deploying BYO IPv6 in AWS, I can assure you they do offer
> it now. That was a blocker for us.
>
> > Wonderful! When did they start offering that?
>
> I believe it was announced back in the first half
> of 2020.
>
> As I recall it was limited to certain regions at the
> time of the original announcement (and being
> AWS it probably still has some region and/or
> resource specific availability limitations).
>

Likely. But if it was announced in 2020 then the rollout is either
complete, or mostly complete, by now.

>

Re: IPv6 and CDN's

[Oliver O'Boyle]

On Sat., Nov. 27, 2021, 13:34 Michael Thomas,  wrote:

>
> On 11/27/21 7:46 AM, Scott Morizot wrote:
>
> On Fri, Nov 26, 2021 at 6:51 PM Oliver O'Boyle 
> wrote:
>
>> They're getting better at it, at least. They also recently added v6
>> support in their NLBs and you can get a /56 for every VPC for direct
>> access. I don't think they offer BYO v6 yet, as they do for v4, but it will
>> come.
>>
>
> Since we are deploying BYO IPv6 in AWS, I can assure you they do offer it
> now. That was a blocker for us.
>
> I thought it had to be some virtual private cloud setup? To get the long
> tail it needs to be a lot more simple. Like "here is the  record" after
> autoconf.
>
Well, VPC is the only deployment model now. EC2 Classic is long gone
(though some long-time legacy customers may still have it as an option). If
you create an account, you get a default VPC. You can use it or create
another with a few clicks. Prefixes get assigned upon creation but you can
add more afterwards. It's actually pretty straightfoward. Setting up basic
DNS in Route53 is also pretty straightforward. There are no real barriers
up to this point.

> Mike
>

Re: IPv6 and CDN's

[Oliver O'Boyle]

On Sat., Nov. 27, 2021, 10:46 Scott Morizot,  wrote:

> On Fri, Nov 26, 2021 at 6:51 PM Oliver O'Boyle 
> wrote:
>
>> They're getting better at it, at least. They also recently added v6
>> support in their NLBs and you can get a /56 for every VPC for direct
>> access. I don't think they offer BYO v6 yet, as they do for v4, but it will
>> come.
>>
>
> Since we are deploying BYO IPv6 in AWS, I can assure you they do offer it
> now. That was a blocker for us.
>

Wonderful! When did they start offering that?



> Scott
>

Re: IPv6 and CDN's

[Oliver O'Boyle]

On Fri., Nov. 26, 2021, 19:41 Michael Thomas,  wrote:

>
> On 11/26/21 4:39 PM, Jean St-Laurent wrote:
>
> But CFOs like monetization. Was that thread about IPv6 or CFO?
>
>
> Amazon's in this case. They are monetizing their lack of v6 support
> requiring you go through all kinds of expensive hoops instead of doing the
> obvious and routing v6 packets.
>

They're getting better at it, at least. They also recently added v6 support
in their NLBs and you can get a /56 for every VPC for direct access. I
don't think they offer BYO v6 yet, as they do for v4, but it will come.


Mike
>
>
>
> *From:* Michael Thomas  
> *Sent:* November 26, 2021 7:37 PM
> *To:* Oliver O'Boyle  
> *Cc:* Jean St-Laurent  ; Ca By
>  ; North American Network
> Operators' Group  
> *Subject:* Re: IPv6 and CDN's
>
>
>
> That's a start, I guess. Before all they had was some weird VPN something
> or other. Let me guess though: they are monetizing their market failure.
>
>

Re: IPv6 and CDN's

[Oliver O'Boyle]

AWS has been gradually improving support and adding features. They just
announced this service, which might help with adoption:

https://aws.amazon.com/about-aws/whats-new/2021/11/aws-nat64-dns64-communication-ipv6-ipv4-services/


On Fri., Nov. 26, 2021, 19:28 Michael Thomas,  wrote:

>
> On 11/26/21 4:15 PM, Jean St-Laurent wrote:
>
> We now have apple and fb saying ipv6 is faster than ipv4.
>
>
>
> If we can onboard Amazon, Netflix, Google and some others, then it is a
> done deal that ipv6 is indeed faster than ipv4.
>
>
>
> Hence, an easy argument to tell your CFO that you need IPv6 for your CDN.
>
> Netflix is already v6 ready. The biggest obstacle is probably aws because
> that's where a lot of the long tail of the internet resides. Lobbying them
> would get the most bang for the buck.
>
> Mike
>
>

Re: AS6461 issues in Montreal

[Oliver O'Boyle]

We have an office in Montreal that is showing signs of intermittent
routing issues. So can confirm there's an issue somewhere.

On Fri, 24 Sept 2021 at 11:25, Jason Canady  wrote:
>
> We're in Indianapolis / Chicago and seeing 854,787 routes.
>
> On 9/24/21 11:17 AM, Eric Dugas via NANOG wrote:
> > Hello,
> >
> > Anyone else seeing a large withdrawal of routes on their Zayo AS6461
> > sessions? We've lost about 400k routes at around 10:40 EDT.
> >
> > Nothing in their Network Status so far
> >
> > Eric



-- 
:o@>

Re: AWS re:Invent

[Oliver O'Boyle]

My apologies.

Oliver

On Thu, Nov 28, 2019, 19:42 Mehmet Akcin,  wrote:

> +1
>
> On Thu, Nov 28, 2019 at 4:25 PM Tom Beecher  wrote:
>
>> Oliver-
>>
>> Although I'm sure many appreciate the offer, this is not
>> appropriate content for the NANOG mailing list.
>>
>>
>> On Thu, Nov 28, 2019 at 5:46 PM Oliver O'Boyle 
>> wrote:
>>
>>> Just a reminder. The ticket remains unclaimed. If it makes you feel
>>> better, I'll raise the price from free to $10 :)
>>>
>>> $1800 USD value and the conference is excellent.
>>>
>>> Reply off-list if you're interested.
>>>
>>> Oliver
>>>
>>> On Wed, Nov 27, 2019, 22:39 Oliver O'Boyle, 
>>> wrote:
>>>
>>>> Nanog:
>>>>
>>>> I have a free AWS re:Invent full access pass for any community member
>>>> who can reasonably demonstrate regular knowledge transfer or contributions
>>>> of useful help to other community members in the past year+. Reply off list
>>>> with your evidence if that's you. Conference starts Monday in Las Vegas.
>>>> $1800 USD value.
>>>>
>>>> Caveat: let's make sure the pass transfers successfully to you before
>>>> you buy air or hotel tickets. Only the pass is free and you must cover all
>>>> other expenses.
>>>>
>>>> Thanks for being you, Nanog.
>>>>
>>>> Oliver
>>>>
>>>

Re: AWS re:Invent

[Oliver O'Boyle]

Just a reminder. The ticket remains unclaimed. If it makes you feel better,
I'll raise the price from free to $10 :)

$1800 USD value and the conference is excellent.

Reply off-list if you're interested.

Oliver

On Wed, Nov 27, 2019, 22:39 Oliver O'Boyle,  wrote:

> Nanog:
>
> I have a free AWS re:Invent full access pass for any community member who
> can reasonably demonstrate regular knowledge transfer or contributions of
> useful help to other community members in the past year+. Reply off list
> with your evidence if that's you. Conference starts Monday in Las Vegas.
> $1800 USD value.
>
> Caveat: let's make sure the pass transfers successfully to you before you
> buy air or hotel tickets. Only the pass is free and you must cover all
> other expenses.
>
> Thanks for being you, Nanog.
>
> Oliver
>

AWS re:Invent

[Oliver O'Boyle]

Nanog:

I have a free AWS re:Invent full access pass for any community member who
can reasonably demonstrate regular knowledge transfer or contributions of
useful help to other community members in the past year+. Reply off list
with your evidence if that's you. Conference starts Monday in Las Vegas.
$1800 USD value.

Caveat: let's make sure the pass transfers successfully to you before you
buy air or hotel tickets. Only the pass is free and you must cover all
other expenses.

Thanks for being you, Nanog.

Oliver

Re: all major US carriers received text messages overnight that appear to have been sent around Valentine's Day 2019

[Oliver O'Boyle]

We apologize for finally getting around to our job and doing what we were
paid to do...

On Fri, Nov 8, 2019 at 1:27 PM Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:

> “During an internal maintenance cycle last night, 168,149 previously
> undelivered text messages were inadvertently sent to multiple mobile
> operators’ subscribers," Syniverse said in a statement.
>
>
> how do you inadvertently send messages that were supposed to be sent but
> worked and sent? Isn’t that the desired outcome?
>
> On Nov 8, 2019, at 12:54 PM, Brandon Svec 
> wrote:
>
> From:
> https://www.usatoday.com/story/tech/2019/11/08/thousands-people-just-got-text-messages-sent-valentines-day/2527660001/
>
> It seems there is a company that has everyone's text messages..
>
> "Some mobile carriers rely on a third-party text platform called
> Syniverse to relay messages. The vendor said in a statement that its IT
> staff unknowingly caused the texts to be delivered this week."
> -Brandon
>
>
>
>
>
> On Fri, Nov 8, 2019 at 9:47 AM Brian J. Murrell 
> wrote:
>
>> On Thu, 2019-11-07 at 22:42 +, Chris Kimball via NANOG wrote:
>> > Does anyone have any more information on this?
>>
>> Yeah, like who (in the private sector -- we all knew the NSA already
>> are doing this) has access to and is archiving *everyone*s text
>> messages?  And why?
>>
>> Cheers,
>> b.
>>
>>

-- 
:o@>

Re: GTT Regulatory Recovery Surcharge

[Oliver O'Boyle]

Well... they can until they can't because I'm no longer a customer...

On December 2, 2018, at 6:23 PM, James R Cutler  
wrote:

On Dec 2, 2018, at 6:04 PM, Clayton Zekelman  wrote:


I can't imagine how the corporate sociopaths could justify charging an American 
recovery fee on a service delivered in Canada.


I would speculate that the reason is ever popular ‘because they can”.


James R. Cutler

james.cut...@consultant.com

PGP keys at http://pgp.mit.edu

Re: GTT Regulatory Recovery Surcharge

[Oliver O'Boyle]

Same situation with us. We have dozens of circuits with them as a result of 
that acquisition and the previous ACI acquisition of Canopco and OneConnect.

Not impressed. Not a happy customer. Already flipping to alternatives.

On December 2, 2018, at 5:31 PM, Clayton Zekelman  wrote:



GTT is rapidly losing any good will they've had with us over the past number of 
years.


We just got hit with that regulatory recovery fee too, and they totally screwed 
up the transfer of billing operations when they bought our colo provider, 
Accelerated Connections (which used to be an awesome company) in Toronto.



Sent from my iPhone


On Dec 2, 2018, at 5:11 PM, Matt Harris  wrote:

On Sun, Dec 2, 2018 at 4:06 PM Brandon Wade via NANOG  wrote:

We've been a GTT customer for several years and on our latest bill we now have 
a "Regulatory Recovery Surcharge" of almost 10% tacked on. We only purchase IP 
Transit services from them, nothing else, and have never had any fees tacked on 
top of our contracted agreed upon amount. Has anyone else ran into this? If 
this is a legit "surcharge" any idea of why we were never charged for that 
before? I figured I'd reach out to the community on this prior to jumping to 
further conclusions. 


-Brandon


Yupp, on my GTT IP transit bill as well.  


This is how telecomm companies pad out their margins these days.  You don't 
even want to know the % of my bill that is just "fees" I'm paying Level3 on a 
wave circuit.  At this point I won't sign for service without knowing exactly 
what I'll be paying in terms of fees and surcharges and such - there's some 
stuff you can't avoid on some types of circuits, but for the most part, it's 
all just padding out their margins.  


Take care,

Matt

Re: Internet diameter?

[Oliver O'Boyle]

^
This

On Thu, Nov 22, 2018, 00:32 William Herrin  On Wed, Nov 21, 2018 at 7:58 PM Christopher Morrow
>  wrote:
> > now, why does it matter?
>
> Good question! It matters because a little over two decades ago we had
> some angst as equipment configured to emit a TTL of 32 stopped being
> able to reach everybody. Today we have a lot of equipment configured
> to emit a TTL of 64. It's the default in Linux, for example. Are we
> getting close to the limit where that will cause problems? How close?
>
> Regards,
> Bill Herrin
>
>
>
> --
> William Herrin  her...@dirtside.com  b...@herrin.us
> Dirtside Systems . Web: 
>

Re: Youtube Outage

[Oliver O'Boyle]

Same in Montreal.

On Tue, Oct 16, 2018 at 9:52 PM Marshall Eubanks 
wrote:

> Reports (and humor) are flooding twitter.
> On Tue, Oct 16, 2018 at 9:44 PM Ross Tajvar  wrote:
> >
> > You beat my email by seconds. Yes, it is widespread.
> >
> > On Tue, Oct 16, 2018 at 9:39 PM, Kenneth McRae via NANOG <
> nanog@nanog.org> wrote:
> >>
> >> Is this widespread?
> >
> >
>


-- 
:o@>

Re: BGP in a containers

[Oliver O'Boyle]

There's no reason why it shouldn't work well. It's just a minor paradigm
shift that requires some solid testing and knowhow on the ops team.



On Thu, Jun 14, 2018, 22:26 Eric Tykwinski,  wrote:

> The funny part is I don’t like containers but love VMs, so kvm, vmware,
> citrix, hvm, et al.
> Not much difference but I tend to like the separation of OS knowledge,
> with all the bugs lately though I wonder if it’s worth it.
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
>
> > On Jun 14, 2018, at 10:14 PM, Hunter Fuller 
> wrote:
> >
> > On Thu, Jun 14, 2018 at 8:46 PM Mike Hammett  wrote:
> >
> >> I wonder which part of the proposal people find offensive.
> >
> >
> > I have no idea. All - You know no one is trying to make *you* run BGP
> > inside of a container, right?
>
>

Re: ICANN GDPR lawsuit

[Oliver O'Boyle]

whoisnt

On Thu, May 31, 2018 at 2:37 PM, Dan Hollis  wrote:
> On Thu, 31 May 2018, b...@theworld.com wrote:
>>
>> FWIW a German court has just ruled against ICANN's injunction and in
>> favor of Tucows/EPAG.
>>   https://www.icann.org/news/announcement-4-2018-05-30-en
>
>
> Welcome to contact-free whois?
>
> -Dan



-- 
:o@>

Re: list blockchain

[Oliver O'Boyle]

Because we'd all have to show work to prove our comments are legit...

On Sat, Jan 27, 2018 at 11:52 PM, Randy Bush  wrote:
> why is no one exploring converting this mailing list to a blockchain?
> major missed opportunity.  
>
> randy



-- 
:o@>

Re: Comparison of freeware open source switch software?

[Oliver O'Boyle]

https://www.opennetworking.org/

Hardware works quite well. I have a number of whitebox units deployed based
off their designs and will be ordering more.

On Tue, Jan 9, 2018 at 6:09 PM, Ricky Beam  wrote:

> On Tue, 09 Jan 2018 02:17:59 -0500, Hank Nussbacher 
> wrote:
>
>> so to clarify I am interested only in bare-metal or whitebox swicthes
>> and freeware, open source software.
>>
>
> It's my understanding that there simply is no such thing. Because none of
> the HARDWARE has open source code. Sure, anyone can write software to
> spirit packets between NICs (linux and *BSD has had that capability for
> decades.) But doing that "at scale" with the various manufacturers SoCs
> requires vendor specific code to setup and control the chip. The broadcom
> "NDK" is just a shim on top of a pre-compiled proprietary SDK blob.
>
> --Ricky
>



-- 
:o@>

Re: Companies using public IP space owned by others for internal routing

[Oliver O'Boyle]

Excellent, thanks! Will dig into it.

Oliver

On Wed, Dec 20, 2017 at 4:17 PM, Ca By <cb.li...@gmail.com> wrote:

>
> On Wed, Dec 20, 2017 at 1:01 PM Oliver O'Boyle <oliver.obo...@gmail.com>
> wrote:
>
>> Agreed. There now. We need cheap, open source, options for widespread
>> adoption.
>>
>
> http://jool.mx/en/index.html
>
> Free open source nat64
>
>
>> Oliver
>>
>> On Dec 20, 2017 12:51, "Michael Crapse" <mich...@wi-fiber.io> wrote:
>>
>> > +1 for Nat64. dual stack is just keeping ipv4 around longer than it
>> needs
>> > to be
>> >
>> > On 19 December 2017 at 18:50, Owen DeLong <o...@delong.com> wrote:
>> >
>> > >
>> > > > On Dec 19, 2017, at 07:39 , Livingood, Jason <
>> > > jason_living...@comcast.com> wrote:
>> > > >
>> > > > On 12/18/17, 2:36 PM, "NANOG on behalf of Harald Koch" <
>> > > nanog-boun...@nanog.org on behalf of c...@pobox.com> wrote:
>> > > >> They could use IPv6. I mean, if the mobile phone companies can
>> figure
>> > > it out, surely an ISP can...
>> > > >
>> > > > Except for cases when it is impossible or impractical to update
>> > software
>> > > on a great number of legacy devices…
>> > > >
>> > > > JL
>> > > >
>> > > >
>> > > Yeah, in those cases, they should use IPv6 + NAT64 or similar
>> mechanism.
>> > >
>> > > Owen
>> > >
>> > >
>> >
>>
>


-- 
:o@>

Re: Companies using public IP space owned by others for internal routing

[Oliver O'Boyle]

Agreed. There now. We need cheap, open source, options for widespread
adoption.

Oliver

On Dec 20, 2017 12:51, "Michael Crapse"  wrote:

> +1 for Nat64. dual stack is just keeping ipv4 around longer than it needs
> to be
>
> On 19 December 2017 at 18:50, Owen DeLong  wrote:
>
> >
> > > On Dec 19, 2017, at 07:39 , Livingood, Jason <
> > jason_living...@comcast.com> wrote:
> > >
> > > On 12/18/17, 2:36 PM, "NANOG on behalf of Harald Koch" <
> > nanog-boun...@nanog.org on behalf of c...@pobox.com> wrote:
> > >> They could use IPv6. I mean, if the mobile phone companies can figure
> > it out, surely an ISP can...
> > >
> > > Except for cases when it is impossible or impractical to update
> software
> > on a great number of legacy devices…
> > >
> > > JL
> > >
> > >
> > Yeah, in those cases, they should use IPv6 + NAT64 or similar mechanism.
> >
> > Owen
> >
> >
>

Re: Some advice on IPv6 planning and ARIN request, please

[Oliver O'Boyle]

Bill,

Thanks for the input. I don't consider us an isp, though i suppose i can
see how that argument could me made. Hotels are both simple and
complicated. There is a mix of our staff and equipment, guests and their
equipment, and brands with their equipment. But really it's just one
operating entity that ultimayely isn't that much different than any other
enterprise out there. Now multiply that by 60-65 sites spread across the
country and we need to manage our 6000 staff and networks accordingly. We
operate 100% of the hotel, top to bottom, not just the technology.

I wouldn't want ARIN or anyone else thinking we were an ISP if we aren't.
Particulary if that creates problems in the future as rules (and possibly
costs) change.

However, if what you are saying is that registerong as an ISP is actually
the correct way to go about this in ARIN's eyes as well, then that's a
different story.

Thanks for the tip on IoT sizing. That's precisely the kind of thing i am
concerned about being constrained with in the future if we size sites too
small.

Oliver

On Jul 7, 2017 6:18 PM, "William Herrin" <b...@herrin.us> wrote:

On Fri, Jul 7, 2017 at 1:07 PM, Oliver O'Boyle <oliver.obo...@gmail.com>
wrote:

> We're an end-user org and qualify for a /40 assignment because we operate
> over 60 sites and some of those are/will be multihomed.


Hi Oliver,

I second Ken's notion. You're trying to be an ISP under the end-user rules.
However transient, your users are mostly customers rather than staff. Just
register as an ISP and get the default /32.

IIRC, ARIN sparsely allocates IPv6 so if you go back for more addresses
there is a high probability they'll just increase your netmask.

Finally, /56 or /60 per guest, not /64. IPv6 can do nifty IoT things like
collecting all of a guest's devices behind his personal firewall but it
doesn't work if you've only assigned a /64.

Regards,
Bill Herrin



-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: <http://www.dirtside.com/>

Re: Some advice on IPv6 planning and ARIN request, please

[Oliver O'Boyle]

Thanks, Jima. I'll review the slides.

Without complicating the issue, we're trying to address a number of
challenges at the same time. There's no regional backhauling at this time.
Each site will be reachable via the internal network but will also
independently announce it's assignment to its ISP(s). There are many
reasons for this model, some of which I like and others I don't! We do plan
to coordinate address assignments/aggregations with the ISPs to reduce
global routes and unwanted conflicts/overlap.Unfortunately, there's no real
hub in each region and the ISPs are not region-specific. We inherit a bunch
of stuff and then need to find a way to jam it into something that isn't
completely broken... we've done a lot of cleanup and re-org of services but
there's still a long way to go. IPv6 should help us get there, however.

Agreed with the /48 but ARIN doesn't appear to agree with our justification
for a /36 thus far.


On Fri, Jul 7, 2017 at 1:33 PM, Jima <na...@jima.us> wrote:

> On 2017-07-07 11:07, Oliver O'Boyle wrote:
>
>> We would prefer to summarize at the /42 level, announced from our
>> last-mile
>> providers. There are 3 primary last-mile providers so this strategy would
>> help significantly reduce the number of global routes being injected. If
>> we
>> split regions evenly at /42 and if we follow the /48-per-site best
>> practice
>> (which I believe is justifiable in our situation - see below), Region A
>> will be at 50% usage immediately. Adding 16 more sites brings it to 75%
>> usage in only a few years. The other regions would be at ~33% usage
>> (Region
>> B) and 15% usage (Region C) and will see moderate growth in 3-5 years.
>> Cloud will initially be at 2-4% usage (Region D) but will also grow
>> quickly
>> within 3-5 years.
>>
>
> If you're backhauling each region (even effectively via your upstream),
> I'd take a look/listen to these two slides: https://www.youtube.com/watch?
> v=rWJZfShWE6g=12m46s (Honestly, that entire video is worth watching if
> you're preparing to make your initial IPv6 PI space request -- it's a very
> informative presentation, and is fairly authoritative.)
>
> Net-net, if "hub 1" is supporting 30-ish sites, with projected growth to
> 46-ish, you could possibly make the case for allocating a /40 per hub, and
> a /38 (or maybe even /36) overall. (There's only one /38 assignment in ARIN
> region, FWIW.)
>
> I feel the /48 site default is justifiable because of the various
>> applications and services that are currently, or could likely be offered
>> at
>> hotels.
>>
>
> If it's a site, /48 is justified as per ARIN requirements, period.
>
> I think the ideal situation is out as ARIN policy wouldn't allow them to
>> assign us a /36 at this time. Unless someone knows something that can help
>> us here.
>>
>
> Might. I'd file the request, as long as you have a logical addressing plan
> to justify it.
>
>  Jima
>



-- 
:o@>

Some advice on IPv6 planning and ARIN request, please

[Oliver O'Boyle]

Hello,

If anyone out there could provide some input or advice on how to best
handle our upcoming leap into IPv6, it would be much appreciated. I want to
make sure we're playing nicely and not causing anyone any unnecessary grief
before we deploy. We're currently in the planning stage and can make
whatever changes we need to.

Situation:

We're an end-user org and qualify for a /40 assignment because we operate
over 60 sites and some of those are/will be multihomed. We manage hotels in
Canada only, but from coast to coast to coast and everywhere in between.
Our corporate network and org structure is optimized for three regions. We
also have, and continue to grow into, cloud infrastructure and foresee
wanting to bring our own addresses (.e.g., to AWS VPC when that option
becomes available). As such, an obvious design strategy would be to break
the /40 into 4 x /42's. However, due to an imbalance in national site
distribution, 50% of our sites are located in one region (Region A).
Additionally, historical and forecasted growth indicates that it's
perfectly reasonable for us to expect growth of an additional 16 sites in
that same region over the next 3-5 years.

We would prefer to summarize at the /42 level, announced from our last-mile
providers. There are 3 primary last-mile providers so this strategy would
help significantly reduce the number of global routes being injected. If we
split regions evenly at /42 and if we follow the /48-per-site best practice
(which I believe is justifiable in our situation - see below), Region A
will be at 50% usage immediately. Adding 16 more sites brings it to 75%
usage in only a few years. The other regions would be at ~33% usage (Region
B) and 15% usage (Region C) and will see moderate growth in 3-5 years.
Cloud will initially be at 2-4% usage (Region D) but will also grow quickly
within 3-5 years.

Ideal situation: ARIN assigns us a /36 and we don't need to worry about
re-addressing. Even if they can offer us contiguous space with a second
request to increase our assignment, we would likely need to re-address a
significant portion of our sites which would be painful and time-consuming.
Less ideal situation #1: Split the first level of subnets unevenly at 1 x
/41 and 2 x /42 and hope we can carve out some of that space for use in our
cloud infrastructure. This strategy would solve our Region A problem and
would keep Regions B and C from going to 68% and 34% utilization
immediately but it would mess up Region D and impact Regions B and C.
Less ideal situation #2: Split the first level of subnets unevenly at 1 x
/41, 1 x /42, and 2 x /43. This strategy would solve our Region A and
Region B problems but would constrain Region C and Region D future growth
options somewhat.
Less ideal situation #3: Drop the /48 per site default to somewhere between
a /49 and /53 and hope we don't bust out of those. This strategy would
allow us to keep top-level aggregation at /42's but would move the site
assignments off the nibble boundaries.
Less ideal situation #4: Keep 4 x /42's and hope we don't expand out of
them in Region A. This strategy would imply we don't wish for our business
to grow and is pretty risky.

I feel the /48 site default is justifiable because of the various
applications and services that are currently, or could likely be offered at
hotels. E.g., each room gets a /64 for all guest-internet devices
registered to that room. + IoT could result in the same rule (each room
gets a /64) or, perhaps a bit simpler, each class of IoT device is on a /64
or each IoT vendor is on a /64. There will also be new applications that
come out with similar possible needs. With some of our hotels in the
500-1000 room range, we're looking at as many as 2000 /64's per site in the
next 5 or so years. Plus backoffice/admin subnets.

I think the ideal situation is out as ARIN policy wouldn't allow them to
assign us a /36 at this time. Unless someone knows something that can help
us here.

Assuming we can't get a /36, my feeling is that less ideal situation #2 is
better than #3 is better than #1 is better than #4, assuming we're
following the following design best-practices:

a) assign top-level aggregations evenly (which we'd be breaking a bit with
option #2)
b) reduce global routes as much as possible
c) stay on the nibble boundary as much as possible
d) default to /48 per site

Any thoughts or advice would be much appreciated.

Thanks in advance,
Oliver

Re: Consumer networking head scratcher

[Oliver O'Boyle]

Next -->

On March 1, 2017, at 9:31 PM, Ryan Pugatch <r...@lp0.org> wrote:




On Wed, Mar 1, 2017, at 09:29 PM, Oliver O'Boyle wrote:

Each device associated with the AP consumes memory. Small low-end routers don't 
typically come with much memory. If you've got a lot of devices associated with 
the AP you will run out of memory. I'm not sure how many devices you're 
connecting, though. Three will not cause this problem. 30 might.


O.



Currently, I have 3 devices connected. :)

Re: Consumer networking head scratcher

[Oliver O'Boyle]

Each device associated with the AP consumes memory. Small low-end routers
don't typically come with much memory. If you've got a lot of devices
associated with the AP you will run out of memory. I'm not sure how many
devices you're connecting, though. Three will not cause this problem. 30
might.

O.

On Wed, Mar 1, 2017 at 9:22 PM, Ryan Pugatch  wrote:

>
>
> On Wed, Mar 1, 2017, at 06:35 PM, Jean-Francois Mezei wrote:
> > On 2017-03-01 11:28, Ryan Pugatch wrote:
> >
> > > At random times, my Windows machines (Win 7 and Win 10, attached to the
> > > network via WiFi, 5GHz) lose connectivity to the Internet.
> >
> > > For what it's worth, the router is a Linksys EA7300 that I just picked
> > > up.
> >
> >
> > Way back when, I have a netgear router. It ended having a limit on its
> > NAT translation table, and when I had too many connections going at same
> > time (or not yet timed out), I would lose connection. There was an
> > unofficial patch to the firmware (litterally a patch in code that
> > defined table size) to increase that table to 1000- as I recall.
> >
> > Does the Linksys have a means to display the NAT translation table and
> > see if maybe connections are lost when that table is full and lots of
> > connections have not yet timed out ?
> >
>
>
> It doesn't seem to provide visibility into the NAT tables.  However, I'm
> starting to think you might be on to something.
>
> The issue actually happened to my Mac tonight, and sure enough the
> traceroute dies at the same time.  So, it isn't just the Windows
> machines impacted.
>
> I did a packet capture on my end, and on a server somewhere that I
> control and sent pings from my laptop to the server.
>
> The server received my ICMP packets and responded, but those responses
> never made it back to my laptop.
>
> Meanwhile, my Roku is actively streaming from the Internet, so it's not
> like the Internet was down.
>



-- 
:o@>

Re: Canada joins the 21st century !

[Oliver O'Boyle]

Awesome, some maybe in 5 years we'll see the speeds we should have seen 20
years earlier! Can't wait!

On Fri, Dec 23, 2016 at 8:18 AM, Mike Hammett  wrote:

> The government getting involved with the Internet rarely goes well. The
> FCC is a shining example of how to usually do it wrong.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
> - Original Message -
>
> From: "Jean-Francois Mezei" 
> To: Nanog@nanog.org
> Sent: Thursday, December 22, 2016 8:59:22 AM
> Subject: Canada joins the 21st century !
>
> This is more of an FYI.
>
> Yesterday, the CRTC released a big decision on broadband. In 2011, the
> same process resulted in CRTC to not declare the Internet as "basic
> service" and to set speed goals to 1990s 5/1.
>
> Yesterday, the CRTC declared the Internet to be a basic service (which
> enables additional regulatory powers) and set speed goals to 50/10.
>
> Note that this is not a definition of broadband as the FCC had done, it
> one of many criteria that will be weighted when proposal to get funding
> is received. But hopefully, it means the end of deployment of DSL.
>
>
> Also, as a result of declaring it a basic service, the CRTC enables
> powers to force ISPs to contrtibute to a fund that will be used to
> subsidize deplooyment in rural areas.
>
> It plans to collect $100 million/year, increasing by $25m each year to
> top at $200m which will then be distributed to companies who deploy
> internet to unserved areas.
>
> By setting the speed standard to 50/10, it basically marks any territory
> not served by cableco as underserved since telco's copper can't reliably
> deliver those speeds.
>
>
> Nothing happens for now because a "follow up" process is needed to
> decide how the funding mechanism will work (what portions of a companies
> revenues are counted to calculated its mandated contribution to fund)
> and how the process of bidding for subsidies will work. That could take
> 1 to 2 years.
>
> Also in the decision is the phasing out of the equivalent programme for
> POTS which saw telephone deployed everywhere. The difference is that the
> POTS program had an "obligation to serve" whereas the internet doesn't.
>
>


-- 
:o@>

Re: DataCenter color-coding cabling schema

[Oliver O'Boyle]

Lol! I am very dextrous... But I prep by pulling off many pieces of tape at
once and lining them up in advance. They don't need to go on perfectly. In
fact, a few wrinkles help to keep the padding in place better than no
wrinkles.

Put a wire around the roll of tape and connect it to a small carabiner that
you can clip to the rack or to other stable items wherever you're working
(not individual cables in case you dislodge them).

On Sun, Mar 13, 2016 at 11:58 PM, <valdis.kletni...@vt.edu> wrote:

> On Sun, 13 Mar 2016 22:21:48 -0400, "Oliver O'Boyle" said:
> > Just place a piece of tape under the padding and it won't slide anymore.
> 5
> > seconds of extra work per end, though.
>
> I dunno. Your dexterity must be better than mine.  I'd have trouble
> digging up
> the roll of tape, removing a section, putting the tape roll down, and
> applying
> the tape to the cable, all in 5 seconds.
>
> Especially if you drop it and it manages to bounce through a cutout in the
> raised floor.  That's got to be the single best reason for overhead
> cabling. :)
>



-- 
:o@>

Re: DataCenter color-coding cabling schema

[Oliver O'Boyle]

Just place a piece of tape under the padding and it won't slide anymore. 5
seconds of extra work per end, though.

On Sun, Mar 13, 2016 at 9:57 PM, Owen DeLong  wrote:

> The only problem I’ve had with those is that they tend to slide down the
> fiber and you can
> end up having to trace the fiber to find the label which sort of defeats
> the purpose.
>
> Owen
>
> > On Mar 13, 2016, at 18:33 , Nick Pratley <
> nick.prat...@serversaustralia.com.au> wrote:
> >
> > Hi Baldur,
> >
> > Equinix in Sydney use the below, for Cross Connects.
> >
> > Goes around the fiber to pad it out, and the label keeps it on the fiber.
> >
> > http://www.cableorganizer.com/panduit/labelcore-cable-id-sleeve/
> >
> > Been meaning to order some for internal use, too.
> >
> > Nick
>
>


-- 
:o@>

Re: Automated alarm notification

[Oliver O'Boyle]

Check_MK over OMD. Good event parsing capabilities. Easy to set up, nagios
core but rewritten app for much better performance. Multisite master/slave
capabilities +++.

Free or supported. Your pick.
On Feb 11, 2016 9:26 PM, "John Adams"  wrote:

> datadog will do this without issue, and if you have a small number of hosts
> it's nearly free.
>
> -j
>
>
> On Thu, Feb 11, 2016 at 1:51 PM, Frank Bulk  wrote:
>
> > Is anyone aware of software, or perhaps a service, that will take SNMP
> > traps, properly parse them, and perform the appropriate call outs based
> on
> > certain content, after waiting 5 or 10 minutes for any alarms that don't
> > clear?
> >
> > I looked at PagerDuty, but they don't do any SNMP trap parsing, and
> nothing
> > with set/clear.
> >
> > Frank
> >
> >
>

Re: Opinions on Cologix data centers?

[Oliver O'Boyle]

I used/inherited them in Montreal after they bought out a series of colos.
The corporate management team is good and I would work with them again.
They saw themselves as partners and not just a vendor. The local DC
manager/team was honest and easy to work with and they were very
knowledgeable.

The quality of the facility and success of your projects depends in great
deal on what they bought and what stage they are at in upgrading it. In my
case, the original DC had some design issues they were battling with
related to the previous owner + unplanned growth that forced some poor
decisions. Cologix did, however, redesign everything and make some major
investments in the facility. We saw improvements come out every few months.

Oliver

On Mon, Dec 14, 2015 at 4:00 PM, David H  wrote:

> Hello; was curious if anyone has opinions on Cologix?  Any aspect would be
> of interest; management, financials, colo quality (power, a/c, etc).  The
> specific facility I'm looking at is their Lakeland FL building which began
> life under a company called Colo 5 that they purchased; it's only two years
> old.  They seem to have been on a buying spree recently with other colo
> buildings.
>
> Thanks,
>
> David
>



-- 
:o@>

Re: internet visualization

[Oliver O'Boyle]

A bit of salt on that will help...

On Wed, Sep 9, 2015 at 11:13 AM, Joly MacFie  wrote:

> Crow for lunch today.
>
> On Wednesday, September 9, 2015, Larry Sheldon 
> wrote:
>
> > On 9/8/2015 21:05, Joly MacFie wrote:
> >
> >> ​3/10 for spelling
> >>
> >> adjancencies​
> >>>
> >>
> >> or is that a thing?
> >>
> >
> > http://www.thefreedictionary.com/adjacencies
> >
> >
> > --
> > sed quis custodiet ipsos custodes? (Juvenal)
> >
>
>
> --
> ---
> Joly MacFie  218 565 9365 Skype:punkcast
> WWWhatsup NYC - http://wwwhatsup.com
>  http://pinstand.com - http://punkcast.com
>  VP (Admin) - ISOC-NY - http://isoc-ny.org
> --
> -
>



-- 
:o@>

Re: Extraneous "legal" babble--and my reaction to it.

[Oliver O'Boyle]

I love cat videos.

On Wed, Sep 9, 2015 at 12:13 PM, Tony Hain  wrote:

> Dovid Bender wrote:
> > I would. Once I see legal stuff I know to stop reading. It does not hurt
> > anyone. Not sure why this hurts so much. Some things will remain a
> > mystery.
> >
>
> No mystery ... It wastes bits that could otherwise be used to watch cat
> videos.  ;)
>
> Tony
>
>
>


-- 
:o@>

Re: udp 500 packets when users are web browsing

[Oliver O'Boyle]

Precisely.

On Thu, Sep 3, 2015 at 10:14 AM, Chuck Anderson  wrote:

> Sounds like Opportunistic Encryption.
>
> https://en.wikipedia.org/wiki/Opportunistic_encryption#Windows_OS
>
> On Thu, Sep 03, 2015 at 09:53:46AM -0400, Robert Webb wrote:
> > There is no VPN in the picture here. These are straight workstations
> > on the network that the packets are coming from.
> >
> > According to a pcaket capture in wireshark, these are isakmp packets
> > reaching out to host names of web sites that are being browsed. So
> > destinations are sites like twitter, facebook, amazon, cnn, etc..
> >
> > We have further discovered that they seem to be initiated from the
> > Windows 7 svchost, but we have not been able to find documentation
> > as to how or why this is ocurring.
> >
> > Robert
> >
> >
> > On Thu, 3 Sep 2015 13:42:21 +
> >  "Bjoern A. Zeeb"  wrote:
> > >
> > >>On 03 Sep 2015, at 13:35 , Robert Webb  wrote:
> > >>
> > >>We are seeing udp 500 packets being dropped at our firewall from
> > >>user's browsing sessions. These are users on a 2008 R2 AD setup
> > >>with Windows 7.
> > >>
> > >>Source and destination ports are udp 500 and the the pattern of
> > >>drops directly correlate to the web browsing activity. We have
> > >>confirmed this with tcpdump of port 500 and a single host and
> > >>watching the pattern of traffic as they browse. This also occurs
> > >>no matter what browser is used.
> > >>
> > >>Can anyone shine some light on what may be using udp 500 when
> > >>web browsing?
> > >
> > >The VPN using IPsec UDP-Encap connection that supposedly gets
> > >through NAT?   Have you checked the content with tcpdump?   Do you
> > >have fragments by any chance?
>



-- 
:o@>

Re: udp 500 packets when users are web browsing

[Oliver O'Boyle]

That would do it. Almost certainly enforced by GPO in that case so at least
it's easy to change if you need to.

On Thu, Sep 3, 2015 at 10:25 AM, Robert Webb <rw...@ropeguru.com> wrote:

> Yes, we are looking at this now.
>
> Thanks for everyone's help. I think we are heading in the right direction
> tracking this down. This just showed up in our monitoring and makes sense
> as we just brought up a new locked down domain.
>
> Robert
>
>
>
> On Thu, 3 Sep 2015 10:19:53 -0400
>  "Oliver O'Boyle" <oliver.obo...@gmail.com> wrote:
>
>> You can configure Windows to encrypt traffic based on protocol
>> definitions.
>> E.g., Use IPSEC to encrypt all traffic on port 80 between hosts X and
>> hosts
>> Y.
>>
>> It's possible that such a policy is in place locally on the workstations
>> and/or servers and it's also possible that it's being enforced using GPOs.
>>
>> On Thu, Sep 3, 2015 at 9:53 AM, Robert Webb <rw...@ropeguru.com> wrote:
>>
>> There is no VPN in the picture here. These are straight workstations on
>>> the network that the packets are coming from.
>>>
>>> According to a pcaket capture in wireshark, these are isakmp packets
>>> reaching out to host names of web sites that are being browsed. So
>>> destinations are sites like twitter, facebook, amazon, cnn, etc..
>>>
>>> We have further discovered that they seem to be initiated from the
>>> Windows
>>> 7 svchost, but we have not been able to find documentation as to how or
>>> why
>>> this is ocurring.
>>>
>>> Robert
>>>
>>>
>>> On Thu, 3 Sep 2015 13:42:21 +
>>>  "Bjoern A. Zeeb" <bzeeb-li...@lists.zabbadoz.net> wrote:
>>>
>>>
>>>> On 03 Sep 2015, at 13:35 , Robert Webb <rw...@ropeguru.com> wrote:
>>>>
>>>>>
>>>>> We are seeing udp 500 packets being dropped at our firewall from user's
>>>>> browsing sessions. These are users on a 2008 R2 AD setup with Windows
>>>>> 7.
>>>>>
>>>>> Source and destination ports are udp 500 and the the pattern of drops
>>>>> directly correlate to the web browsing activity. We have confirmed this
>>>>> with tcpdump of port 500 and a single host and watching the pattern of
>>>>> traffic as they browse. This also occurs no matter what browser is
>>>>> used.
>>>>>
>>>>> Can anyone shine some light on what may be using udp 500 when web
>>>>> browsing?
>>>>>
>>>>>
>>>> The VPN using IPsec UDP-Encap connection that supposedly gets through
>>>> NAT?   Have you checked the content with tcpdump?   Do you have
>>>> fragments
>>>> by any chance?
>>>>
>>>>
>>>> --
>> :o@>
>>
>
>
>


-- 
:o@>

Re: udp 500 packets when users are web browsing

[Oliver O'Boyle]

You can configure Windows to encrypt traffic based on protocol definitions.
E.g., Use IPSEC to encrypt all traffic on port 80 between hosts X and hosts
Y.

It's possible that such a policy is in place locally on the workstations
and/or servers and it's also possible that it's being enforced using GPOs.

On Thu, Sep 3, 2015 at 9:53 AM, Robert Webb  wrote:

> There is no VPN in the picture here. These are straight workstations on
> the network that the packets are coming from.
>
> According to a pcaket capture in wireshark, these are isakmp packets
> reaching out to host names of web sites that are being browsed. So
> destinations are sites like twitter, facebook, amazon, cnn, etc..
>
> We have further discovered that they seem to be initiated from the Windows
> 7 svchost, but we have not been able to find documentation as to how or why
> this is ocurring.
>
> Robert
>
>
>
> On Thu, 3 Sep 2015 13:42:21 +
>  "Bjoern A. Zeeb"  wrote:
>
>>
>> On 03 Sep 2015, at 13:35 , Robert Webb  wrote:
>>>
>>> We are seeing udp 500 packets being dropped at our firewall from user's
>>> browsing sessions. These are users on a 2008 R2 AD setup with Windows 7.
>>>
>>> Source and destination ports are udp 500 and the the pattern of drops
>>> directly correlate to the web browsing activity. We have confirmed this
>>> with tcpdump of port 500 and a single host and watching the pattern of
>>> traffic as they browse. This also occurs no matter what browser is used.
>>>
>>> Can anyone shine some light on what may be using udp 500 when web
>>> browsing?
>>>
>>
>> The VPN using IPsec UDP-Encap connection that supposedly gets through
>> NAT?   Have you checked the content with tcpdump?   Do you have fragments
>> by any chance?
>>
>>
>>
>
>


-- 
:o@>

Re: load balancer product for dns content switching

[Oliver O'Boyle]

Citrix Netscaler as well.

On Thu, Aug 27, 2015 at 4:11 PM, Robert Webb rw...@ropeguru.com wrote:

 F5 Big-IP? Pricey but it should do what you are looking for.

 Robert


 On Thu, 27 Aug 2015 12:13:37 -0700
  Brooks Bridges bro...@firestormnetworks.net wrote:

 Spent quite a bit of time researching products out there looking for one
 that will do content switching based on the domain being queried, and I'm
 coming up empty.  Can anyone point me in a decent direction?

 For example:

 all requests are sent to one (HA) VIP, and then:

 host.bob.domain.com gets routed to dns server group 1
 host.bill.domain.com gets routed to dns server group 2
 and so on...

 Thanks for any advice

 --
 Brooks Bridges
 Firestorm Networks
 Email: bro...@firestormnetworks.net
 Voice: +1.8006975891
 Fax: +1.8889721835






-- 
:o@

Re: Data Center operations mail list?

[Oliver O'Boyle]

Done, thanks!

On Wed, Aug 12, 2015 at 10:36 AM, Chris Boyd cb...@gizmopartners.com
wrote:


  On Aug 12, 2015, at 7:53 AM, Oliver O'Boyle oliver.obo...@gmail.com
 wrote:
 
  I missed the subscription info. Can you repost please? I can be #100 :)

 http://lists.nadcog.org

 Welcome aboard.

 —Chris




-- 
:o@

Re: Data Center operations mail list?

[Oliver O'Boyle]

I missed the subscription info. Can you repost please? I can be #100 :)

On Wed, Aug 12, 2015 at 8:33 AM, Rafael Possamai raf...@gav.ufsc.br wrote:

 I was actually surprised with how many people subscribed already. I think
 we are close to 100 already in less than 24 hours.

 I could use some help drafting some basic mailing list rules (no spam, no
 soliciting, etc) and if anyone has any suggestions, please let me know.


 On Wed, Aug 12, 2015 at 1:34 AM, Mark Tinka mark.ti...@seacom.mu wrote:

 
 
  On 11/Aug/15 17:46, Alex Brooks wrote:
   With the lack of interest compared to NANOG (especially seeing how the
   old list simply dried up) it might be best making the list global
   rather than North America only to get the traffic levels up a bit.
 
  Tend to agree that a list with global scope might be more useful.
 
  Mark.
 




-- 
:o@

Re: ISP DHCPv6 and /48

[Oliver O'Boyle]

 That said this really isn't your problem.  It is their problem.


Marc,

Your response surprises me a bit. I wish more ISP would consider their
customer's use cases more thoroughly and aim to address them as best as
possible. Regional differences in expectations are reasonable and provide a
good pool of use cases to examine.

Agreed there are a number of ways to resolve this issue and address the use
case, however.

Oliver




Mark Andrews, ISC
 1 Seymour St., Dundas Valley, NSW 2117, Australia
 PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org




-- 
:o@

Re: Hotels/Airports with IPv6

[Oliver O'Boyle]

32 bit connection with a 32 bit address will open up an three-dimensional 
portal under the hotel. They all know this and work around it by selecting a 
lower connection speed.

On July 10, 2015, at 3:59 AM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:

2 mbit is still more than 32 bit ;)

alan

Re: Hotels/Airports with IPv6

[Oliver O'Boyle]

We manage 65+ hotels in Canada and the topic of IPv6 for guest internet
connectivity has never been brought up, except by me. It's not a discussion
our vendors or the hotel brands have opened either.

On Thu, Jul 9, 2015 at 11:04 AM, Mel Beckman m...@beckman.org wrote:

 I working on a large airport WiFi deployment right now. IPv6 is allowed
 for in the future but not configured in the short term. With less than
 10,000 ephemeral users, we don't expect users to demand IPv6 until most
 mobile devices and apps come ready to use IPv6 by default.

  -mel beckman

  On Jul 9, 2015, at 7:53 AM, Jared Mauch ja...@puck.nether.net wrote:
 
  It’s my understanding that many captive portals have trouble with IPv6
 traffic and this is a blocker for places.
 
  I’m wondering what people who deploy captive portals are doing with
 these things?
 
  https://tools.ietf.org/html/draft-wkumari-dhc-capport
 
  seems to be trying to document the method to signal to clients how to
 authenticate.  I was having horrible luck with Boingo yesterday at RDU
 airport with their captive portal and deauthenticating me so just went to
 cellular data, so wondering if IPv4 doesn’t work well what works for IPv6.
 
  Thanks,
 
  - Jared




-- 
:o@

Re: Hotels/Airports with IPv6

[Oliver O'Boyle]

Yep, because most don't even know what NAT is!

On Thu, Jul 9, 2015 at 11:33 AM, Dennis Burgess dmburg...@linktechs.net
wrote:

 Most hotels etc, are perfectly happy doing NAT.

 Dennis Burgess, CTO, Link Technologies, Inc.
 den...@linktechs.net – 314-735-0270 – www.linktechs.net

 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Oliver O'Boyle
 Sent: Thursday, July 09, 2015 10:20 AM
 To: Mel Beckman
 Cc: North American Network Operators' Group
 Subject: Re: Hotels/Airports with IPv6

 We manage 65+ hotels in Canada and the topic of IPv6 for guest internet
 connectivity has never been brought up, except by me. It's not a discussion
 our vendors or the hotel brands have opened either.

 On Thu, Jul 9, 2015 at 11:04 AM, Mel Beckman m...@beckman.org wrote:

  I working on a large airport WiFi deployment right now. IPv6 is
  allowed for in the future but not configured in the short term. With
  less than
  10,000 ephemeral users, we don't expect users to demand IPv6 until
  most mobile devices and apps come ready to use IPv6 by default.
 
   -mel beckman
 
   On Jul 9, 2015, at 7:53 AM, Jared Mauch ja...@puck.nether.net wrote:
  
   It’s my understanding that many captive portals have trouble with
   IPv6
  traffic and this is a blocker for places.
  
   I’m wondering what people who deploy captive portals are doing with
  these things?
  
   https://tools.ietf.org/html/draft-wkumari-dhc-capport
  
   seems to be trying to document the method to signal to clients how
   to
  authenticate.  I was having horrible luck with Boingo yesterday at RDU
  airport with their captive portal and deauthenticating me so just went
  to cellular data, so wondering if IPv4 doesn’t work well what works for
 IPv6.
  
   Thanks,
  
   - Jared
 



 --
 :o@




-- 
:o@

Re: Hotels/Airports with IPv6

[Oliver O'Boyle]

Absolutely agree. It's not their job to even know to ask for a specific
protocol version in the first place. Their experience should be as seamless
and consistent as possible at all times.

What we should be be concerned about is that the hospitality industry is so
far behind the game on technology. Hotels and restaurants will be some of
the last to drop IPv4 unless they don't realize they're doing it in the
first place.

On Thu, Jul 9, 2015 at 1:45 PM, Jacques Latour jacques.lat...@cira.ca
wrote:

 Just turn IPv6 on when you can.

  We manage 65+ hotels in Canada and the topic of IPv6 for guest internet
  connectivity has never been brought up, except by me. It's not a
 discussion our
  vendors or the hotel brands have opened either.

 I would argue customers never asked an IPv4 connection either, they asked
 for an Internet connection.  The Internet is IPv4 and IPv6.

   I working on a large airport WiFi deployment right now. IPv6 is
   allowed for in the future but not configured in the short term. With
   less than
   10,000 ephemeral users, we don't expect users to demand IPv6 until
   most mobile devices and apps come ready to use IPv6 by default.

 End users will never demand IPv6, turn it on :-)





-- 
:o@

Re: Hotels/Airports with IPv6

[Oliver O'Boyle]

Unfortunately, the hotel staff wouldn't be able to answer that question.
But they might give them free internet in exchange and hope the guest
doesn't ask any more questions!

On Thu, Jul 9, 2015 at 5:01 PM, Carsten Bormann c...@tzi.org wrote:

 Oliver O'Boyle wrote:
  It's not their job to even know to ask for a specific
  protocol version in the first place

 No. They should just ask, with the best geek intonation, whether this
 place still is stuck with 32-bit Internet.

 Grüße, Carsten




-- 
:o@

Re: Hotels/Airports with IPv6

[Oliver O'Boyle]

Unfortunately, there are still some that would report 2mbit via dsl and
think that was ahead of their competition (and it might be in some
cases...)...
On Jul 9, 2015 5:51 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:


 No. They should just ask, with the best geek intonation, whether this
 place still is stuck with 32-bit Internet

 I'm sure they'd gladly report that their Internet is 24 mbit and not just
 32 bit
 ;)

 alan