RE: IPv6 and CDN's

Ipv6 can be shorter than ipv4. Here is the proof: ping6 ::1 is shorter than ping 127.1 ipv6 addresses can be very small when done properly. Jean -Original Message- From: NANOG On Behalf Of Mark Tinka Sent: November 28, 2021 5:39 AM To: nanog@nanog.org Subject: Re: IPv6 and CDN's

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

This should help https://github.com/SentryPeer/SentryPeer/blob/aea3b3762c7df9e4d19901fa2dd82fe93a38f4cf/CHANGELOG.md#unreleased

Re: IPv6 and CDN's

On 11/28/21 06:43, Masataka Ohta wrote: Here in nanog, we are talking about network operations, considerable part of which can not rely on DNS. And yet Facebook were unable to access their kit to fix their recent outage because of it (or, lack of it). There was a time when knowing the

Re: IPv6 and CDN's

On 11/28/21 14:58, Masataka Ohta wrote: Exactly. That facebook poorly managed their DNS to cause the recent disaster is an important evidence to support my point that DNS, so often, may not be helpful for network operations against disastrous failures, including, but not limited to, DNS

Re: IPv6 and CDN's

Mark Tinka wrote: That facebook poorly managed their DNS to cause the recent disaster is an important evidence to support my point that DNS, so often, may not be helpful for network operations against disastrous failures, including, but not limited to, DNS failures. Yes, but that does not

Re: IPv6 and CDN's

On 11/28/21 05:37, Masataka Ohta wrote: Try to type in raw IPv6 addresses. There is DNS for that. Mark.

Re: IPv6 and CDN's

On 11/28/21 15:33, Masataka Ohta wrote: As a person who proposed anycast DNS servers, against which facebook operated their DNS, I'm so sure you are right. Facebook's mistake on this is an easily fixable one. We've all been there. Nothing groundbreaking. All I can see is that there

RE: IPv6 and CDN's

I like to put some servers behind that scheme. 2601::443: for https servers 2601::25: for MTA servers. 2601::993: for IMAP It gives a quick note of what is that ip even though it’s ipv6 and usually non-human readable. Not sure what kind of scheme is use by medium/big

Re: IPv6 and CDN's

On 11/28/21 16:13, Masataka Ohta wrote: Certainly, but, merely because it is an easily avoided one. None of the us came out the womb knowing anything. We learned as we went along. And we keep learning, right until our death. To expect experience before it is experienced has always been

Re: IPv6 and CDN's

søn. 28. nov. 2021 13.59 skrev Masataka Ohta < mo...@necom830.hpcl.titech.ac.jp>: > > But, with manually configured IP addresses, it is trivially easy > to have a rule to assign lower part of IP addresses within a subnet > for hosts and upper part for routers, which is enough to troubleshoot >

Re: IPv6 and CDN's

Mark Tinka wrote: As a person who proposed anycast DNS servers, against which facebook operated their DNS, I'm so sure you are right. Facebook's mistake on this is an easily fixable one. Certainly, but, merely because it is an easily avoided one. We've all been there. People who really

Re: IPv6 and CDN's

It certainly sounds like you’ve never operated a network at scale if you think knowing the IP address of something reduces Operational expense. The only way to truly reduce Opex at scale is automation. Shane > On Nov 28, 2021, at 9:13 AM, Masataka Ohta > wrote: > > Mark Tinka wrote: > >>>

Re: IPv6 and CDN's

On 11/28/21 14:09, Jean St-Laurent wrote: Ipv6 can be shorter than ipv4. Here is the proof: ping6 ::1 is shorter than ping 127.1 ipv6 addresses can be very small when done properly. The good news is the point of an IP address is not for its own sake. Mark.

Re: IPv6 and CDN's

Baldur Norddahl wrote: But, with manually configured IP addresses, it is trivially easy to have a rule to assign lower part of IP addresses within a subnet for hosts and upper part for routers, which is enough to troubleshoot most network failures. 99% if not 100% of our subnets have either

Re: IPv6 and CDN's

Mark Tinka wrote: Here in nanog, we are talking about network operations, considerable part of which can not rely on DNS. And yet Facebook were unable to access their kit to fix their recent outage because of it (or, lack of it). Exactly. That facebook poorly managed their DNS to cause

Re: IPv6 and CDN's

On 11/28/21 15:59, Masataka Ohta wrote: It merely means you should not use MAC address based IP addresses for, at least, routers, which is partly why opex of IPv4 is low. I often wonder what Internet you use :-)... More space, only to encourage stupid idea of MAC address based addresses

Re: IPv6 and CDN's

On 11/28/21 16:20, Jean St-Laurent via NANOG wrote: I like to put some servers behind that scheme. 2601::443: for https servers 2601::25: for MTA servers. 2601::993: for IMAP It gives a quick note of what is that ip even though it’s ipv6 and usually non-human readable. Not

Re: Latency/Packet Loss on ASR1006

Thanks, will look into this. --- Colin Legendre President and CTO Coextro - Unlimited. Fast. Reliable. w: www.coextro.com e: clegen...@coextro.com p: 647-693-7686 ext.101 m: 416-560-8502 f: 647-812-4132 On Sat, Nov 27, 2021 at 7:42 AM Tassos wrote: > In the past we had packet loss issues

Re: IPv6 and CDN's

> On Nov 27, 2021, at 19:37 , Masataka Ohta > wrote: > > Mark Tinka wrote: > >> On 11/27/21 17:07, Masataka Ohta wrote: >>> Because lengthy IPv6 addresses mean a lot more opex than IPv4. >> I disagree > > Try to type in raw IPv6 addresses. Rarely necessary in the modern age, but really

Re: AWS and IPv6

On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > I was reading their howto yesterday and it seems they are only > allocating a /64? Why? That's a /64 *per subnet*... But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56. Would have been nice to see /48 instead.

Re: AWS and IPv6

On 11/28/21 1:17 PM, Karl Auer wrote: On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: I was reading their howto yesterday and it seems they are only allocating a /64? Why? That's a /64 *per subnet*... But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56. Would have

Re: IPv6 and CDN's

> On 29 Nov 2021, at 09:41, scott wrote: > > > On 11/28/2021 9:47 AM, Owen DeLong via NANOG wrote: >> Why not properly assign /48s to customers and /40s to cities? >> -- > > Side note: I recently tried to get

Re: AWS and IPv6

On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > I was reading their howto yesterday and it seems they are only > > allocating a /64? Why? > > That's a /64 *per subnet*... > > But the size of a VPC's IPv6 CIDR block does seem to be

Re: IPv6 and CDN's

> On Nov 28, 2021, at 04:58 , Masataka Ohta > wrote: > > Mark Tinka wrote: > >>> Here in nanog, we are talking about network operations, considerable >>> part of which can not rely on DNS. >> And yet Facebook were unable to access their kit to fix their recent outage >> because of it (or,

Re: AWS and IPv6

On 11/27/21 2:44 PM, Fletcher Kittredge wrote: The Register says: AWS claims 'monumental step forward' with optional IPv6-only networks I was reading their howto yesterday and it

Re: AWS and IPv6

On Sun, Nov 28, 2021 at 02:10:40PM -0800, William Herrin wrote: > On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: > > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > > I was reading their howto yesterday and it seems they are only > > > allocating a /64? Why? > > > > That's a /64

Re: IPv6 and CDN's

> On Nov 28, 2021, at 08:55 , Mark Tinka wrote: > > > > On 11/28/21 16:20, Jean St-Laurent via NANOG wrote: > >> I like to put some servers behind that scheme. >> >> 2601::443: for https servers >> 2601::25: for MTA servers. >> 2601::993: for IMAP >> >> It gives a quick note

Re: AWS and IPv6

It's a /56 per VPC, and a /64 per subnet. Seems reasonable to me. https://docs.aws.amazon.com/vpc/latest/userguide/get-started-ipv6.html Dave On Sun, 28 Nov 2021 at 20:54, Michael Thomas wrote: > > On 11/27/21 2:44 PM, Fletcher Kittredge wrote: > > > The Register

Re: IPv6 and CDN's

On Sun, 28 Nov 2021 at 13:00, Masataka Ohta < mo...@necom830.hpcl.titech.ac.jp> wrote: > That facebook poorly managed their DNS to cause the recent disaster > is an important evidence to support my point that DNS, so often, may > not be helpful for network operations against disastrous failures,

Re: AWS and IPv6

On Sun., Nov. 28, 2021, 17:13 William Herrin, wrote: > On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: > > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > > I was reading their howto yesterday and it seems they are only > > > allocating a /64? Why? > > > > That's a /64 *per

Re: IPv6 and CDN's

On Sat, Nov 27, 2021 at 12:18 PM William Herrin wrote: > > On Fri, Nov 26, 2021 at 3:07 PM Michael Thomas wrote: > >> On 11/26/21 1:44 PM, Jean St-Laurent via NANOG wrote: > >> Here are some maths and 1 argument kicking ass pitch for CFO’s that use > >> iphones. > >> Apple tells app devs to use

Re: AWS and IPv6

On Sun, Nov 28, 2021 at 3:52 PM Matt Palmer wrote: > Which is, fundamentally, half the problem with IPv6 in AWS. I'd have much > preferred that they'd added the ability to do actually-useful IPv6 routing > rather than IPv6-only subnets, which strikes me as more of a toy than > something

Re: IPv6 and CDN's

> On Nov 28, 2021, at 02:42 , Mark Tinka wrote: > > > > On 11/28/21 06:43, Masataka Ohta wrote: > >> >> Here in nanog, we are talking about network operations, considerable >> part of which can not rely on DNS. > > And yet Facebook were unable to access their kit to fix their recent

Re: IPv6 and CDN's

On 11/28/2021 9:47 AM, Owen DeLong via NANOG wrote: Why not properly assign /48s to customers and /40s to cities? -- Side note: I recently tried to get /48 per customer with ARIN on repeated emails and they

Re: IPv6 and CDN's

sro...@ronan-online.com wrote: It certainly sounds like you’ve never operated a network at scale if you think knowing the IP address of something reduces Operational expense. It's Mark, not me, who said: : There was a time when knowing the IP(v4) address of every interface : of every router

Re: IPv6 and CDN's

On Sun, Nov 28, 2021 at 1:28 PM Dave Bell wrote: > On Sun, 28 Nov 2021 at 13:00, Masataka Ohta > wrote: >> That facebook poorly managed their DNS to cause the recent disaster > I don't want to wade into the middle of this argument, but has > there been more information about the recent

Re: AWS and IPv6

On 11/28/21 3:50 PM, Matt Palmer wrote: On Sun, Nov 28, 2021 at 02:10:40PM -0800, William Herrin wrote: On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: I was reading their howto yesterday and it seems they are only allocating a /64?

Re: IPv6 and CDN's

Dave Bell wrote: That facebook poorly managed their DNS to cause the recent disaster is an important evidence to support my point that DNS, so often, may not be helpful for network operations against disastrous failures, including, but not limited to, DNS failures. I don't want to wade into

Re: AWS and IPv6

On Sun, Nov 28, 2021 at 4:13 PM William Herrin wrote: > Yeah, they don't even have a practical way to implement a firewall > instance for IPv6. Unless you want to mirror 1:many NAT for IPv6 like > you do IPv4. You just can't route an IPv6 block to an instance. And > with 1:many NAT you wouldn't

Re: IPv6 and CDN's

William Herrin wrote: But, to hear Masataka tell it, copy and paste hasn't been invented yet so we all type IP addresses by hand on our vt100 CRT terminals. You should be using so advanced technologies to input ASCII text with touch and swipe, which is very slow, even slower than cut and

Re: IPv6 and CDN's

On 11/29/21 00:41, scott wrote: Side note: I recently tried to get /48 per customer with ARIN on repeated emails and they refused.  We were already given an IPv6 block a while back.  I told them I wanted to expand it so I could give out a /48 per customer and that we had more than 65535

Re: IPv6 and CDN's

On 11/29/21 03:33, Masataka Ohta wrote: The end result was that our DNS servers became unreachable even though they were still operational. This made it impossible for the rest of the internet to find our servers. So your suggestion to map machine addresses to human-readable names is...

Re: IPv6 and CDN's

Mark Tinka wrote: It's Mark, not me, who said: : There was a time when knowing the IP(v4) address of every interface : of every router in your network was cool. In case you missed the nuance, I haven't had to do this in over 20 years. Say it to Shane, not me. That you two can not

Re: IPv6 and CDN's

On 11/29/21 03:11, Masataka Ohta wrote: It's Mark, not me, who said: : There was a time when knowing the IP(v4) address of every interface : of every router in your network was cool. In case you missed the nuance, I haven't had to do this in over 20 years. Mark.