Hi, Jean,
On Thu, 2021-06-10 at 08:23 -0400, Jean St-Laurent wrote:
> Let's start with this example. When I click sync my clock in windows,
> this happened.
>
> On the inside or Private side
> 08:15:07.434344 IP 192.168.254.205.123 > 13.86.101.172.123: NTPv3,
> Client, length 48
>
On 6/10/2021 4:04 AM, Fernando Gont wrote:
Hi, Blake,
Thanks a lot for your comments! In-line
On Fri, 2021-06-04 at 11:13 -0500, Blake Hudson wrote:
Current gen Cisco ASA firewalls have logic so that if the connection
from a private host originated from a privileged source port, the
NAT
s that don't follow this behaviour, right?
Jean
-Original Message-
From: Fernando Gont
Sent: June 10, 2021 7:09 AM
To: j...@ddostest.me; nanog@nanog.org
Subject: Re: NAT devices not translating privileged ports
Hi, Jean,
On Thu, 2021-06-10 at 06:54 -0400, Jean St-Laurent via NANOG
Hi, Jean,
On Thu, 2021-06-10 at 06:54 -0400, Jean St-Laurent via NANOG wrote:
> Hi Fernando,
>
> NTP sounds simple but it could be very complex when you dig deep down
> and/or get lost in details.
> Here are 2 things to consider:
>
> 1. NTP clients can query NTP servers by using SRC UDP ports
Hi Fernando,
NTP sounds simple but it could be very complex when you dig deep down and/or
get lost in details.
Here are 2 things to consider:
1. NTP clients can query NTP servers by using SRC UDP ports > 1024.
2. NTP servers cannot query/sync/communicate to another NTP server when using
SRC
Hi, Bjørn,
On Thu, 2021-06-10 at 12:10 +0200, Bjørn Mork wrote:
> Fernando Gont via NANOG writes:
>
> > What has been reported to us is that some boxes do not translate
> > the
> > src port if it's a privileged port.
> >
> > IN such scenarios, NTP implementations that always use src
> >
Fernando Gont via NANOG writes:
> What has been reported to us is that some boxes do not translate the
> src port if it's a privileged port.
>
> IN such scenarios, NTP implementations that always use src port=123,
> dst port=123 might be in trouble if there are multiple NTP clients
> behind the
Hi, Jean,
On Fri, 2021-06-04 at 08:36 -0400, Jean St-Laurent wrote:
> I believe all devices will translate a privileged ports, but it won't
> translate to the same number on the other side. It will translate to
> an unprivileged port. Is it what you meant or really there are some
> devices that
Hi, Blake,
Thanks a lot for your comments! In-line
On Fri, 2021-06-04 at 11:13 -0500, Blake Hudson wrote:
> Current gen Cisco ASA firewalls have logic so that if the connection
> from a private host originated from a privileged source port, the
> NAT
> translation to public IP also uses
For Linux iptables SNAT (used with --to-source), the default is to change
the packet as little as possible.
https://linux.die.net/man/8/iptables
"If no port range is specified, then source ports below 512 will be mapped
to other ports below 512: those between 512 and 1023 inclusive will be
mapped
Current gen Cisco ASA firewalls have logic so that if the connection
from a private host originated from a privileged source port, the NAT
translation to public IP also uses an unprivileged source port (not
necessarily the same source port though).
I found out that this behavior can cause
I believe all devices will translate a privileged ports, but it won't translate
to the same number on the other side. It will translate to an unprivileged
port. Is it what you meant or really there are some devices that will not
translate at all a privileged port?
What are you trying to
I currently have about ~2750 public IP's (11 /24's) for ~53,000 broadband
customers. (ftth, cable modem and dsl)
I cap them at 3,000 ports using PBA, port block allocation.. Blocks of 100
at a time, and 30 blocks per subscriber. (100*30=3000)
I usually see, when a private internal IP is
The problem asking whether this can be done "at line rate" in a specific
switch platform ignores these critical measurements:
- what's the packet rate expected for the nat flows?
- will the control plane add a forwarding plane rule for every new session?
if so, how quickly can that rule be pushed
On 10/16/18 08:55, Brandon Martin wrote:
> On 10/16/18 10:05 AM, James Bensley wrote:
>> NAT/PAT is an N:1 swapping (map) though so a state/translation table
>> is required to correctly "swap" back the return traffic. MPLS for
>> example is 1:1 mapping/action. NAT/PAT state tables tend to fill
>>
On 10/16/18 10:05 AM, James Bensley wrote:
NAT/PAT is an N:1 swapping (map) though so a state/translation table
is required to correctly "swap" back the return traffic. MPLS for
example is 1:1 mapping/action. NAT/PAT state tables tend to fill
quickly so to aid with this we also have timers to
On Mon, 15 Oct 2018 at 10:07, wrote:
>
> Interesting, but isn’t stateful tracking once again just swapping, but in
> this case port 123 in port 32123 out?
>
> So none of the chips you named below support swapping parts of L4 header and
> that part is actually done with SW assistance please?
>
>
Of Paul Zugnoni
Sent: Thursday, October 11, 2018 6:04 AM
To: w...@felter.org
Cc: nanog@nanog.org
Subject: Re: NAT on a Trident/Qumran(/or other?) equipped whitebox?
The key to answering the question of NAT support on a Broadcom switch
forwarding chip, is... another question: What /flavour of NAT
The key to answering the question of NAT support on a Broadcom switch
forwarding chip, is... another question: What /flavour of NAT/ you're
looking for. Generally Trident (1,2,3), Tomahawk(1,2) and I believe Jericho
all support varying degrees of swapping parts of an IP or Eth header for
other
On 10/9/18 10:35 AM, Jason Lixfeld wrote:
Has anyone played around with this? Curious if the BCM (or whatever other
chip) can do this, and if not, if any of the box vendors have tried to find a
way to get these things to do a bunch of NAT - say some flavour of NAT,
line-rate @ 10G. If so,
Indeed, however there are some other features currently missing from the Arista
stack that sort of take it off the table (granted, those features have been
promised early-ish next year).
> On Oct 9, 2018, at 11:52 AM, Edward Dore
> wrote:
>
> Not sure if you count Arista as whitebox given
The older Fulcrum/Intel FM6000 in the Arista 7150 can do NAT.
--
Tim
On Tue, Oct 9, 2018 at 10:54 AM Edward Dore <
edward.d...@freethought-internet.co.uk> wrote:
> Not sure if you count Arista as whitebox given their use of merchant
> silicon but running their own NOS, however they were touting
Not sure if you count Arista as whitebox given their use of merchant silicon
but running their own NOS, however they were touting the 7170 series as being
able to do NAT recently. That's a Barefoot Tofino chip under the hood.
I've no idea how well it can do NAT or what the limitations are mind
Wonderfully crafted, too. Great work.
S.
On 5 July 2016 at 15:39, Seth Mattinen wrote:
> On 7/1/16 19:28, Edgar Carver wrote:
>
>> Hello NANOG community. I was directed here by our network administrator
>> since she is on vacation. Luckily, I minored in Computer Science so
FYI
There is no way to reset the password on a PAN without doing a factory
reset if you do not know the password of any previous config release
version.
If you do a reset then you will have to reconfigure the fw rules, ip
addresses, routes, nat, inspection policy's, and other basic functions
On 7/5/2016 18:46, Matt Palmer wrote:
On Fri, Jul 01, 2016 at 09:28:54PM -0500, Edgar Carver wrote:
Hello NANOG community. I was directed here by our network administrator
since she is on vacation. Luckily, I minored in Computer Science so I have
some familiarity.
Well played, Tay. Well
On Fri, Jul 01, 2016 at 09:28:54PM -0500, Edgar Carver wrote:
> Hello NANOG community. I was directed here by our network administrator
> since she is on vacation. Luckily, I minored in Computer Science so I have
> some familiarity.
Well played, Tay. Well played.
For everyone else:
You know the cosmological model that the earth is balanced on the back of a
giant turtle, which is supported by successive lower tiers of other turtles?
https://en.wikipedia.org/wiki/Turtles_all_the_way_down
It's like that, except it's trolls all the way down.
On Tue, Jul 5, 2016 at 3:24 PM,
My how the world has changed!
On 7/1/2016 21:28, Edgar Carver wrote:
Hello NANOG community. I was directed here by our network administrator
since she is on vacation.
I am Old School, I guess. In my day Step One would be "Fire the
administrator." The job is by nature a 24 X 7 X 52 job and
My how the world has changed!
On 7/1/2016 21:28, Edgar Carver wrote:
Hello NANOG community. I was directed here by our network administrator
since she is on vacation.
I am Old School, I guess. In my day Step One would be "Fire the
administrator." The job is by nature a 24 X 7 X 52 job and
--- se...@rollernet.us wrote:
From: Seth Mattinen
On 7/1/16 19:28, Edgar Carver wrote:
> Hello NANOG community. I was directed here
> by our network administrator since she is
> on vacation. Luckily, I minored in Computer
> Science so I have some familiarity.
:: This
On 7/1/16 19:28, Edgar Carver wrote:
Hello NANOG community. I was directed here by our network administrator
since she is on vacation. Luckily, I minored in Computer Science so I have
some familiarity.
This is not legit, ya'll are being trolled.
~Seth
The original email was not a serious question, but a joke:
https://twitter.com/SwiftOnSecurity/status/749059605360062464
https://twitter.com/SwiftOnSecurity/status/749062835687174144
https://twitter.com/SwiftOnSecurity/status/749068172460847105
On Tue, Jul 5, 2016 at 1:41 PM, Naslund, Steve
It is all about defense in depth. The engineers here are speaking to the
network pieces (the second N in NANOG is network, right :) and we have told
this person that it is unlikely that v6 in the only vector and I myself talked
about malware handling on the clients themselves. From a network
You may want to look into a new product by Ixia
https://www.ixiacom.com/products/threatarmor (seems their site is under
maint atm).
On Tue, Jul 5, 2016 at 10:31 AM, Naslund, Steve
wrote:
> On another note, using a firewall to stop viruses is probably not going to
> work
On 5 July 2016 at 21:47, Octavio Alvarez wrote:
> Everything else has been already said by others: fixing the Palo Alto is
> still your best bet.
>
No while that is also needed, it is very unlikely to fix his issue. The
issue at hand is that some of their computers
On 07/01/2016 07:28 PM, Edgar Carver wrote:
> Is there some kind of NAT-based IPv6 firewall I can setup on the router
> that can help block viruses?
You need layer-7 firewalls for this. NAT-based "firewalls"
(pseudo-firewalls, really) are layer-4 only. Those will not help you
block typical
Hi,
> Right. But how long is it going to take to secure the Palo Alto firewall?
around 5 minutes?
recover password, restart, log in, fix rules.
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Reset-the-Administrator-Password/ta-p/57581
obviously the firewall is also blocking
Hi,
> > The Palo-Alto's also don't support anything but NAT64,
>
> They don't support proper dual-stack?? Or NAT64 is the only NAT flavor
of course they support native IPv6 ...or IPv4 with IPv6 in dual-stack.
i believe the comment was related to the 6/4 xlat stuff - ie just NAT64 and not
On 5 July 2016 at 17:40, Lee wrote:
>
> Right. But how long is it going to take to secure the Palo Alto firewall?
> If the central Cisco Catalyst really is an IPv6 router, doing a
> conf t
> ipv6 access-list denyIPv6
> deny ipv6 any any
>
> interface [whatever connects to
On 7/5/16, Naslund, Steve wrote:
> Did you get the impression that this person asking for help was going to be
> able to set that up?
Yes, I think the OP could create & apply the acl. Which is why I said
it could break their network & suggested they get Cisco tech support
Not to belabor the point, because it will likely be made frequently in
responses, but every legitimate service _should_ have both IPv4 and IPv6
addresses.
Get Palo Alto on the horn, and get access to that box. Get it configured
properly.
I won't hammer you since you're just trying to solve a
On Fri, 1 Jul 2016 21:28:54 -0500
Edgar Carver wrote:
> Hello NANOG community. I was directed here by our network administrator
> since she is on vacation. Luckily, I minored in Computer Science so I have
> some familiarity.
Luckily!
> router. Or, ideally, is there an
NAT64 is the only type of IPv6 NAT they support.
*Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com
On Tue, Jul 5, 2016 at 12:18 PM, wrote:
> On Tue, 05 Jul 2016 11:54:14
On Tue, 05 Jul 2016 11:54:14 -0400, Spencer Ryan said:
> The Palo-Alto's also don't support anything but NAT64,
They don't support proper dual-stack?? Or NAT64 is the only NAT flavor
they support on the v6 side?
pgpMGuNc6KiEk.pgp
Description: PGP signature
Did you get the impression that this person asking for help was going to be
able to set that up? I didn't (if he was he would probably already know what
an ACL is). I do not know if the Catalyst he is looking at is his or his
service providers edge devices (or maybe the consultants didn't
The Palo-Alto's also don't support anything but NAT64, so depending on what
you meant by the IPv6 side is sharing "one address" might not be correct.
*Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com
Hi,
I would go through the password recovery options on the PaloAlto.
as a next gen firewall you need to ensure you are getting all the latets
rulesets
and detection code through - check your subscription with them
once you've sorted out access you can look at the policies and ensure that
On 7/5/16, Naslund, Steve wrote:
> Hard to know where to begin with this one, but let me take a shot at it.
>
> 1. My top priority would be to get into that Palo Alto firewall. Get Palo
> Alto on the phone and figure out password recovery with them. Since you
> don’t have
To: Edgar Carver
Cc: nanog@nanog.org
Subject: Re: NAT firewall for IPv6?
On Fri, 01 Jul 2016 21:28:54 -0500, Edgar Carver said:
> We're having problems where viruses are getting through Firefox, and
> we think it's because our Palo Alto firewall is set to bypass
> filtering for IPv6.
Do you
> On Jul 5, 2016, at 9:33 AM, valdis.kletni...@vt.edu wrote:
>
> On Fri, 01 Jul 2016 21:28:54 -0500, Edgar Carver said:
>
>> We're having problems where viruses are getting through Firefox, and we
>> think it's because our Palo Alto firewall is set to bypass filtering for
>> IPv6.
>
> Do you
On 7/1/16 8:28 PM, Edgar Carver wrote:
Unfortunately, the network admin couldn't give me the password since
a local consultant set it up, and it seems they went out of business. I
need to think outside the box.
So your network admin didn't bother to get the login/enable password for
a device
On Fri, 01 Jul 2016 21:28:54 -0500, Edgar Carver said:
> We're having problems where viruses are getting through Firefox, and we
> think it's because our Palo Alto firewall is set to bypass filtering for
> IPv6.
Do you have any actual evidence (device logs, tcpdump, netflow, etc) that
support
On another note, using a firewall to stop viruses is probably not going to work
in general (unless the firewall has some additional malware detection engine).
Here is the issue in a nutshell. A firewall primarily controls where people
can connect to and from on a network. The problem with
Hard to know where to begin with this one, but let me take a shot at it.
1. My top priority would be to get into that Palo Alto firewall. Get Palo
Alto on the phone and figure out password recovery with them. Since you don’t
have the password it is possible that firewall is compromised. Do
You emailed the wrong list to say this "Or, ideally, is there an easy way
to turn off IPv6 completely? I
really don't see a need for it, any legitimate service should have an IPv4
address."
Turning off IPv6 is not the right solution, nor will it magically fix your
issues.
Fix the Palo Alto,
On 1/7/16, 7:39 PM, "NANOG on behalf of Doug Barton"
wrote:
>On 12/18/2015 01:20 PM, Lee Howard wrote:
>>
>>
>> On 12/17/15, 1:59 PM, "NANOG on behalf of Matthew Petach"
>
>>> I'm still waiting for the IETF to come around
>>> to
On 12/19/2015 07:17 AM, Sander Steffann wrote:
Hi Jeff,
It's far past time to worry about architectural purity. We need people
deploying IPv6 *NOW*, and it needs to be the job of the IETF, at this
point, to fix the problems that are causing people not to deploy.
I partially agree with you.
On 12/18/2015 01:20 PM, Lee Howard wrote:
On 12/17/15, 1:59 PM, "NANOG on behalf of Matthew Petach"
I'm still waiting for the IETF to come around
to allowing feature parity between IPv4 and IPv6
when it comes to DHCP. The stance of not
allowing the DHCP server to assign a default
gateway
Hello,
Does anyone use Citrix Netscaler MPX 14000 as a CGNAT for more than 25K
users?
Regards,
Comments inline
> On Dec 22, 2015, at 12:47 PM, Owen DeLong wrote:
>
>
>> On Dec 22, 2015, at 01:21 , Bjørn Mork wrote:
>>
>> Owen DeLong writes:
On Dec 20, 2015, at 08:57 , Mike Hammett wrote:
>>>
The idea that
Owen DeLong writes:
>> On Dec 20, 2015, at 08:57 , Mike Hammett wrote:
>
>> The idea that there's a possible need for more than 4 bits worth of
>> subnets in a home is simply ludicrous and we have people advocating
>> 16 bits worth of subnets. How does that
> On Dec 22, 2015, at 01:21 , Bjørn Mork wrote:
>
> Owen DeLong writes:
>>> On Dec 20, 2015, at 08:57 , Mike Hammett wrote:
>>
>>> The idea that there's a possible need for more than 4 bits worth of
>>> subnets in a home is simply ludicrous
We already have CPE vendors shipping with "guest" ssids. These
require a seperate /64 and are usually treated as external to the
home network. With IPv4 you grab a seperate chunck of rfc1918 space
and nat that as well as the main chuck of space. For IPv6 you need
multiple /64s from the ISP. A
c: "Mark Andrews" <ma...@isc.org>, "North American Network Operators' Group"
> <nanog@nanog.org>
> Sent: Saturday, December 19, 2015 10:55:03 AM
> Subject: Re: Nat
>
> Hi.
>
>> On Dec 19, 2015, at 11:41 AM,
In message , Tony Fin
ch writes:
> Alan Buxey wrote:
>
> > Most people don't need the devices to talk to each other
>
> A lot of home networking uses mDNS - partitioning off devices will break
> things like
Not quite true…
"What happens when we have to make an incompatible change to the fundamental
packet header?” is the real challenge.
It happens that in the case of IPv4, we didn’t hit that particular wall until
we needed a larger address.
In IPv6, it will probably be something related to the
--- ja...@puck.nether.net wrote:
From: Jared Mauch
I'd love to hear from people on what they perceive and
the real barriers they have seen with regards to IPv6
in your environment.
---
In the enterprise; managers
On 21/Dec/15 07:22, Jason Baugher wrote:
>
> >From a service provider perspective, I feel we have 2 choices. The first is
> to spend a lot of time trying to educate our customers on how networks work
> and how to manage theirs. Personally, I'd rather have my fingernails pulled
> out. The
Hi,
On Sat, Dec 19, 2015 at 03:03:18PM +0100, Sander Steffann wrote:
> > The mix of having to do this crazy thing of gateway announcements
> > from one place, DNS from somewhere else, possibly auto-assigning
> > addresses from a router, but maybe getting them over DHCPv6. It's
> > just confusing
Hi,
> > > persuading people to move to IPv6. Especially when everyone
> > > already understands DHCP in the v4 world.
> > enterprise) and once they stop thinking "I want to do everything
> > in IPv6 in exactly the same way as I have always done in IPv4"
exactly.
as my thoughts often gather
ot; <kmedc...@dessus.com>
To: nanog@nanog.org
Sent: Sunday, December 20, 2015 10:06:26 PM
Subject: RE: Nat
You can lead a horse to water, but you cannot make it drink. If people choose
to be the authors of their own misfortunes, that is their choice. I know a good
many folks who are not memb
On Sun, 20 Dec 2015, Chuck Church wrote:
insist on "NAT/PAT != firewall". Well, a router routing everything it sees
is even less of a firewall. I'm really not trying to be argumentative here,
but I'm just having a hard time believing Joe Sixpack will be applying
business networking
I'm surprised that noone of the home wifi router folk haven't cornered the
market on that one in terms of client separation. Most people don't need the
devices to talk to each other so by default all ports on different VLANs ..
192.168.0-8.x etc
Internet of things security out of the box. Web
--- chuckchu...@gmail.com wrote:
From: "Chuck Church"
but I'm just having a hard time believing Joe Sixpack will be applying
business networking principals such as micro-segmenting to a home network
with 3 to 7 devices on it. If anything, these complexities we keep
In article <4102d692-a315-4c38-a2cb-54f96999e...@lboro.ac.uk> you write:
>I'm surprised that noone of the home wifi router folk haven't cornered the
>market on that
>one in terms of client separation. Most people don't need the devices to talk
>to each
>other so by default all ports on
Alan Buxey wrote:
> Most people don't need the devices to talk to each other
A lot of home networking uses mDNS - partitioning off devices will break
things like printing and chromecast and using your phone as a remote
control for your media players, etc. ad nauseam.
On Sun, Dec 20, 2015 at 08:11:53PM -0700, Keith Medcalf wrote:
> > I agree that a /48 or /56 being reserved for business
> > customers/sites is reasonable. But for residential use, I'm having a hard
> > time believing multi-subnet home networks are even remotely common outside
> > of
scher" <randy.fisc...@gmail.com>
To: "Mike Hammett" <na...@ics-il.net>
Cc: "North American Network Operators Group" <nanog@nanog.org>
Sent: Sunday, December 20, 2015 9:34:16 PM
Subject: Re: Nat
On Sun, Dec 20, 2015 at 10:15 PM, Mike Hammett < na.
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Thursday, December 17, 2015 7:46 PM
To: Chuck Church <chuckchu...@gmail.com>
Cc: 'Matthew Petach' <mpet...@netflight.com>; 'North American Network
Operators' Group' <nanog@nanog.org>
Subject: Re: Nat
&g
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matt Palmer
Sent: Sunday, December 20, 2015 10:29 PM
To: nanog@nanog.org
Subject: Re: Nat
>Depends on how many devices you have on it. Once you start filling your
home with Internet of Unpatchable Security Ho
On Sun, Dec 20, 2015 at 10:54:49PM -0500, Chuck Church wrote:
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matt Palmer
> >Depends on how many devices you have on it. Once you start filling your
> >home with Internet of Unpatchable Security Holes devices, having everything
> >on a
On Sun, Dec 20, 2015 at 10:15 PM, Mike Hammett wrote:
> Most people couldn't care less and just want the Internet on their device
> to work.
Well, if the best practice for CPE routers included as a matter of course
the subnets "connected to internet", "local only (e.g. IoT)"
-Original Message-
> From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On Behalf
> Of Mike Hammett
> Sent: Sunday, 20 December, 2015 20:37
> Cc: North American Network Operators Group
> Subject: Re: Nat
>
> We can't get people to use passwords judiciou
> I agree that a /48 or /56 being reserved for business
> customers/sites is reasonable. But for residential use, I'm having a hard
> time believing multi-subnet home networks are even remotely common outside
> of networking folk such as the NANOG members. A lot of recent IPv4
> devices
>
ember 20, 2015 9:11:53 PM
Subject: RE: Nat
> I agree that a /48 or /56 being reserved for business
> customers/sites is reasonable. But for residential use, I'm having a hard
> time believing multi-subnet home networks are even remotely common outside
> of networking folk such
On Sun, Dec 20, 2015 at 09:23:04PM -0500, Chuck Church wrote:
> I agree that a /48 or /56 being reserved for business
> customers/sites is reasonable. But for residential use, I'm having a hard
> time believing multi-subnet home networks are even remotely common outside
> of networking folk
tach' <mpet...@netflight.com>; 'North American Network
> Operators' Group' <nanog@nanog.org>
> Subject: Re: Nat
>
>
> >I have a single CPE router and 3 /64's in use. One for each of the
> wireless SSID's and one for the wired network. This is the default for
>
eparate L2 and L3 networks to keep the "crap" isolated.
>
> > -Original Message-
> > From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On
> Behalf
> > Of Mike Hammett
> > Sent: Sunday, 20 December, 2015 20:37
> > Cc: North American
On Sun, Dec 20, 2015 at 9:55 AM, Daniel Corbe wrote:
>> On Dec 20, 2015, at 11:57 AM, Mike Hammett wrote:
>>
>> There is little that can be done about much of this now, but at least we can
>> label some of these past decisions as ridiculous and
> On Dec 20, 2015, at 1:22 PM, Matthew Petach wrote:
>
> On Sun, Dec 20, 2015 at 9:55 AM, Daniel Corbe wrote:
>>> On Dec 20, 2015, at 11:57 AM, Mike Hammett wrote:
>>>
>>> There is little that can be done about much of this
uot;Mike Hammett" <na...@ics-il.net>
Cc: "Mark Andrews" <ma...@isc.org>, "North American Network Operators' Group"
<nanog@nanog.org>
Sent: Saturday, December 19, 2015 10:55:03 AM
Subject: Re: Nat
Hi.
> On Dec 19, 2015, at 11:41 AM, Mike Hammett
--- Original Message -
>
> From: "Daniel Corbe" <co...@corbe.net>
> To: "Mike Hammett" <na...@ics-il.net>
> Cc: "Mark Andrews" <ma...@isc.org>, "North American Network Operators' Group"
> <nanog@nanog.org>
> Sent:
On 20 December 2015 at 17:57, Mike Hammett wrote:
> The idea that there's a possible need for more than 4 bits worth of
> subnets in a home is simply ludicrous and we have people advocating 16 bits
> worth of subnets. How does that compare to the entire IPv4 Internet?
>
Does
Hi Nick,
> Unfortunately, this turned into a religious war a long time ago and the
> primary consideration with regard to dhcpv6 has not been what's best for
> ipv6 or ipv6 users or ipv6 operators, but ensuring that dhcpv6 is
> sufficiently crippled as a protocol that it cannot be deployed
On 19 December 2015 at 15:49, Jeff McAdams wrote:
> It's far past time to worry about architectural purity. We need people
> deploying IPv6 *NOW*, and it needs to be the job of the IETF, at this
> point, to fix the problems that are causing people not to deploy.
>
If you want
Hi Matthew,
> I have multiple sets of clients on a particular subnet; the subnet
> is somewhat geographically distributed; I have multiple routers
> on the subnet. I currently am able to explicitly associate clients
> with the most appropriate router for them in v4.
> How can I do this using
I'm preparing some slides on this topic for an upcoming webinar our marketing
team has roped me into :-)
I'd love to hear from people on what they perceive and the real barriers they
have seen with regards to IPv6 in your environment.
I certainly have the list from our IT department. After
James R Cutler wrote:
> All that is necessary is for us to end the years of religious debate
> of DHCP vs RA and to start providing solutions that meet business
> management needs.
Heresy! Burn him!
Nick
ch" <chuckchu...@gmail.com>
Cc: "North American Network Operators' Group" <nanog@nanog.org>
Sent: Thursday, December 17, 2015 6:46:13 PM
Subject: Re: Nat
In message <01de01d13900$fe364dd0$faa2e970$@gmail.com>, "Chuck Church" writes:
> -Or
1 - 100 of 200 matches
Mail list logo