Re: Cogent IPV6 connectivity to fireball.acr.fi
I should have stated that I tried icmpv6, UDP, and TCP traceroute with the same results. Looks like Cogent is not returning TTL expired IPV6 packets within their core. I can only guess that this is a result of using 6PE and propagating the IPV6 TTL into MPLS. Clinton On Sun, Nov 3, 2013, at 09:47 PM, Joe Abley wrote: Traceroute packets is extremely vague. As a general rule, if you want to discover a complete path between endpoints that are expected to communicate using 80/tcp, trace the route using 80/tcp. (Not that it's ever expected to see protocol-specific drops in a core or across a transit or peering edge.)
Re: Cogent IPV6 connectivity to fireball.acr.fi
IPV6 connectivity to fireball.acr.fi is failing inside Cogent AS174. I have already contacted the Cogent NOC, but I haven't heard anything back yet. I'm wondering if somebody else with Cogent IPV6 connectivity can run some tests. IPV4 connectivity is working fine. It works from AS2547 through Cogent: PING6(56=40+8+8 bytes) 2001:738:2001:2001::c -- 2001:1bc8:100d::2 16 bytes from 2001:1bc8:100d::2, icmp_seq=0 hlim=52 time=57.356 ms 16 bytes from 2001:1bc8:100d::2, icmp_seq=1 hlim=52 time=57.499 ms 16 bytes from 2001:1bc8:100d::2, icmp_seq=2 hlim=52 time=57.889 ms ^C --- fireball.acr.fi ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 57.356/57.581/57.889/0.225 ms traceroute6 to fireball.acr.fi (2001:1bc8:100d::2) from 2001:738:2001:2001::c, 64 hops max, 12 byte packets 1 vl100.taz.net.bme.hu 0.730 ms 0.389 ms 0.369 ms 2 tg0-1-0-1.rtr.bme.hbone.hu 1.116 ms 0.839 ms 0.590 ms 3 * * * 4 2001:978:2:27::7:1 1.227 ms 0.979 ms 0.942 ms 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * 2001:978:2:3f::6 46.962 ms 12 2001:1bc8:1:7:0:d:0:1 47.060 ms * 47.309 ms 13 2001:1bc8:100:100:5::2 55.083 ms !N 54.830 ms !N 62.167 ms !N $ telnet -6 fireball.acr.fi 80 Trying 2001:1bc8:100d::2... Won't send login name and/or authentication information. Connected to fireball.acr.fi. Escape character is '^]'. GET !DOCTYPE HTML public -//W30//DTD W3 HTML 3.0//EN HTML HEAD TITLEThe Home Page of Tero Kivinen/TITLE LINK REL=Up HREF=http://www.iki.fi/; LINK REL=Home HREF=index.html LINK REV=made HREF=mailto:kivi...@iki.fi; /HEAD András
Re: Cogent IPV6 connectivity to fireball.acr.fi
From AS54054 in Ashburn, VA I can ping your address but traceroute's aren't making it through. Andrew Andrew Fried andrew.fr...@gmail.com On 11/3/13, 1:30 PM, Clinton Work wrote: IPV6 connectivity to fireball.acr.fi is failing inside Cogent AS174. I have already contacted the Cogent NOC, but I haven't heard anything back yet. I'm wondering if somebody else with Cogent IPV6 connectivity can run some tests. IPV4 connectivity is working fine.
Re: Cogent IPV6 connectivity to fireball.acr.fi
All good from AS4307 via Cogent: Sending 20, 100-byte ICMP Echos to 2001:1BC8:100D::2, timeout is 2 seconds: Success rate is 100 percent (20/20), round-trip min/avg/max = 200/203/204 ms Traceroutes fail altogether. On 11/3/2013 10:30 AM, Clinton Work wrote: IPV6 connectivity to fireball.acr.fi is failing inside Cogent AS174. I have already contacted the Cogent NOC, but I haven't heard anything back yet. I'm wondering if somebody else with Cogent IPV6 connectivity can run some tests. IPV4 connectivity is working fine.
Re: Cogent IPV6 connectivity to fireball.acr.fi
I can reach fireball.acr.fi on TCP port 80 so it looks like Cogent is just filtering or dropping IPV6 traceroute packets. Thanks for checking connectivity from other locations. -- Clinton Work Calgary, AB On Sun, Nov 3, 2013, at 01:38 PM, Andrew Fried wrote: From AS54054 in Ashburn, VA I can ping your address but traceroute's aren't making it through. Andrew Andrew Fried andrew.fr...@gmail.com
Re: Cogent IPV6 connectivity to fireball.acr.fi
On Nov 3, 2013, at 15:38, Clinton Work clin...@scripty.com wrote: I can reach fireball.acr.fi on TCP port 80 so it looks like Cogent is just filtering or dropping IPV6 traceroute packets. Traceroute packets is extremely vague. As a general rule, if you want to discover a complete path between endpoints that are expected to communicate using 80/tcp, trace the route using 80/tcp. (Not that it's ever expected to see protocol-specific drops in a core or across a transit or peering edge.) Joe
Re: Cogent IPv6
Here in the Netherlands we got it 'free' (i.e. dual-stack on top of the IPv4 transit without extra cost) But we're currently looking into an alternative for a provider with non-broken IPv6 transit and cancel our contract with Cogent. They called us once asking how satisfied we were with their IPv6 transit. After bringing up the HE issue the conversation ended surprisingly fast. The Google depeering thing was the final straw, all our transits can provide a reasonably complete IPv6 prefix table, except for Cogent. On 6/9/11 7:14 PM, Jeff Wheeler wrote: but just two weeks ago I heard about this IPv6 surcharge stupidity still being applied to Cogent's customers in Europe. -- Met vriendelijke groet, Jeroen Wunnink, EasyHosting B.V. Systeembeheerder systeembeh...@easyhosting.nl telefoon:+31 (035) 6285455 Postbus 48 fax: +31 (035) 6838242 3755 ZG Eemnes http://www.easyhosting.nl http://www.easycolocate.nl
Re: Cogent IPv6
I had to ask this here a while back, so I can now share. :-) IPv6 addresses are written as 8 16-bit chunk separated by colons (optionally with the longest consecutive set of :0 sections replaced with ::). A /112 means the prefix is 7 of the 8 chunks, which means you can use ::1 and ::2 for every connection. Of course, just because you allocate a /112 (or shorter) in your database doesn't mean you have to use it. You could also allocate a /112 for a point-to-point link and use a /127 (e.g. addresses ::a and ::b). Still that doesn't give any reason to provide /112 for point to point connectivitiy. Seriously, I'm peering with a transit provider with /126 and when I asked for a reason they said, ease of management. How come Subnetting /32 to /126 is ease of management?? thats quite difficult to understand. This debate is there fore quite a long time but everytime it pops up I feel so uncomfortable with this granular subnetting. Regards, Aftab A. Siddiqui
Re: Cogent IPv6
On Jun 8, 2011, at 7:24 PM, William Herrin wrote: On Wed, Jun 8, 2011 at 9:58 PM, Kelly Setzer kelly.set...@wnco.com wrote: IPv6 newbie alert! I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop. Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used? Hi Kelly, IPv6 netmasks work exactly like IPv4 netmasks. You can even route /128's if you want. Two major caveats: 1. SLAAC (stateless autoconfiguration, the more or less replacement for DHCP) only works if the subnet on your LAN is exactly /64. So unless you're manually configuring the IPv6 address on every machine on your subnet, you're using a /64. You can actually use DHCPv6 to assign addresses to hosts dynamically on longer than /64 networks. However, you may have to go to some effort to add DHCPv6 support to those hosts first. Owen
Re: Cogent IPv6
On Wed, 2011-06-08 at 23:39 -0400, ML wrote: Did Cogent have the gumption to charge you more for IPv6 too? We have a bit of transit from them (~20Mbit or so) to stay connected to their customers. Getting IPv6 setup was really simple. No extra charges. It's been easier than via our existing L3 reseller (Adapt). Tom
Re: Cogent IPv6
On Wed, Jun 08, 2011 at 10:33:29PM -0500, Chris Adams wrote: Once upon a time, William Herrin b...@herrin.us said: Now, as to why they'd choose a /112 (65k addresses) for the interface between customer and ISP, that's a complete mystery to me. I had to ask this here a while back, so I can now share. :-) IPv6 addresses are written as 8 16-bit chunk separated by colons (optionally with the longest consecutive set of :0 sections replaced with ::). A /112 means the prefix is 7 of the 8 chunks, which means you can use ::1 and ::2 for every connection. Of course, just because you allocate a /112 (or shorter) in your database doesn't mean you have to use it. You could also allocate a /112 for a point-to-point link and use a /127 (e.g. addresses ::a and ::b). Please don't use /127: Use of /127 Prefix Length Between Routers Considered Harmful http://tools.ietf.org/html/rfc3627 More below on use of various prefix lengths. You need to watch out for the EUI-64 'u' and 'g' bits, as well as subnet anycast addresses (top 127 addresses of every subnet): IPv6 Addressing Considerations: http://tools.ietf.org/html/rfc5375 IPv6 Address Assignment to End Sites: http://tools.ietf.org/html/rfc6177 Emerging Service Provider Scenarios for IPv6 Deployment: http://tools.ietf.org/html/rfc6036 IPv6 Optimal Address Plan and Allocation Tool: http://www.ipv6book.ca/allocation.html ARIN Wiki: http://www.getipv6.info/index.php/IPv6_Addressing_Plans (but some of the ARIN-related concepts here are obsolete, such as references to the HD Ratio and non-nibble-boundary allocations)
Re: Cogent IPv6
Please don't use /127: Use of /127 Prefix Length Between Routers Considered Harmful http://tools.ietf.org/html/rfc3627 Do keep up. :-) http://tools.ietf.org/html/rfc6164 Rob
Re: Cogent IPv6
On 09-06-11 14:01, Chuck Anderson wrote: Please don't use /127: Use of /127 Prefix Length Between Routers Considered Harmful http://tools.ietf.org/html/rfc3627 Well, this RFC says not to use PREFIX::/127. You are safe to use other /127's within your prefix. -- Grzegorz Janoszka
Re: Cogent IPv6
You can actually use DHCPv6 to assign addresses to hosts dynamically on longer than /64 networks. However, you may have to go to some effort to add DHCPv6 support to those hosts first. Also, there is no prefix-length (or default router) option in DHCPv6, so you have to configure the Router Advertisements with the longer prefix length in this case. It is perfectly possible to use RA *only* for the default router, and not announce any prefix at all. This implies a link-local next hop. Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: Cogent IPv6
On 6/9/2011 4:39 AM, Tom Hill wrote: On Wed, 2011-06-08 at 23:39 -0400, ML wrote: Did Cogent have the gumption to charge you more for IPv6 too? We have a bit of transit from them (~20Mbit or so) to stay connected to their customers. Getting IPv6 setup was really simple. No extra charges. It's been easier than via our existing L3 reseller (Adapt). Tom I guess someone with a 1 Gb commit in a not so small city deserves to be charged extra for a few Mbps of IPv6... For a not so full table at that.
Re: Cogent IPv6
On 6/9/2011 1:58 AM, Aftab Siddiqui wrote: Still that doesn't give any reason to provide /112 for point to point connectivitiy. Seriously, I'm peering with a transit provider with /126 and when I asked for a reason they said, ease of management. How come Subnetting /32 to /126 is ease of management?? thats quite difficult to understand. This debate is there fore quite a long time but everytime it pops up I feel so uncomfortable with this granular subnetting. Some networks prefer a uniform numbering scheme. /112 allows for reasonable addressing needs on a circuit. In addition, while Ethernet is often used in a point-to-point access circuit, such layouts may change and renumbering would be annoying. Finally, having chunks 4-7 define the circuit and chunk 8 provide the circuit addressing makes it more human readable and is prone to less mistakes by those who suck at math. Jack
Re: Cogent IPv6
On Thu, Jun 9, 2011 at 10:02 AM, Jack Bates jba...@brightok.net wrote: Some networks prefer a uniform numbering scheme. /112 allows for reasonable addressing needs on a circuit. In addition, while Ethernet is often used in a point-to-point access circuit, such layouts may change and renumbering would be annoying. Finally, having chunks 4-7 define the circuit and chunk 8 provide the circuit addressing makes it more human readable and is prone to less mistakes by those who suck at math. Hi Jack, I follow the reasoning, but unless you attach undue importance to the colons you get basically the same result with a /124. I guess choosing /112 for a point to point link is one of the weird side-effects of placing :'s in the address at fixed locations instead of arbitrary locations that serve the writer's mnemonic convenience. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Cogent IPv6
On Jun 9, 2011, at 7:02 AM, Jack Bates wrote: On 6/9/2011 1:58 AM, Aftab Siddiqui wrote: Still that doesn't give any reason to provide /112 for point to point connectivitiy. Seriously, I'm peering with a transit provider with /126 and when I asked for a reason they said, ease of management. How come Subnetting /32 to /126 is ease of management?? thats quite difficult to understand. This debate is there fore quite a long time but everytime it pops up I feel so uncomfortable with this granular subnetting. Some networks prefer a uniform numbering scheme. /112 allows for reasonable addressing needs on a circuit. In addition, while Ethernet is often used in a point-to-point access circuit, such layouts may change and renumbering would be annoying. Finally, having chunks 4-7 define the circuit and chunk 8 provide the circuit addressing makes it more human readable and is prone to less mistakes by those who suck at math. not to disagree how from my vantage point, it's fairly straight forward to assign a /64 and then deploy as a /127. that might be considered wasteful on the other hand a subnet is a subnet. Jack
Re: Cogent IPv6
On 6/9/2011 10:02 AM, William Herrin wrote: I follow the reasoning, but unless you attach undue importance to the colons you get basically the same result with a /124. I guess choosing /112 for a point to point link is one of the weird side-effects of placing :'s in the address at fixed locations instead of arbitrary locations that serve the writer's mnemonic convenience. For the most part, you are correct. I generally run a :town:router:linkid:linkaddresses format out of a single /64 per regional area. While I could shorten the number of linkaddresses more, I'm not sure of the need. Even if I assigned it as a /124, I'd still allocate it as a /112 and just set the first 2 nibblets as 0. My reluctance to do so has more to do with uniformity, especially when providing support. It's much easier to rattle off the standard length than to have to look it up. There are cases where a /124 wouldn't be enough. Honestly, it's all a matter of preference. There are technical issues against using /127 and there's pros and cons to using longer than /64. There are interoperability issues as well as ping pong handling issues. It was just my opinion that 16 bits was more than enough for each branch of allocation that I wanted. Jack
Re: Cogent IPv6
IPv6 newbie alert! I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop. Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used? thanks, Kelly The use of a 64-bit prefix is a requirement if using Stateless addressing, nothing more. Allocation of a 64-bit prefix for every host network means you won't need to play games with subnetting based on the number of current or potential hosts, and keeps things clean; you SHOULD allocate a 64-bit prefix for every host network, though extending this logic to everything is a bit ignorant. There is a denial of service attack vector that exists on most current production IPv6 routers: IPv6 Neighbor Table Exhaustion. Writing a quick program to sweep through every IPv6 address within a 64-bit prefix is enough to cause most routers to drop neighbor entries for known hosts once the table is full. This attack is specifically targeted against routers, which makes it more troubling. Note that I was a naysayer of this vector being a problem until I actually wrote an implementation of it in a lab. I was able to kill all IPv6 traffic within seconds from a single server. Because of this, I strongly encourage you to make use of smaller prefixes for link networks. We use 126-bit prefixes (see http://tools.ietf.org/rfc/rfc3627.txt for why we avoid 127). We also don't consider Stateless desirable for the majority of our host networks. If you enable stateless on a network, every host with an IPv6 stack will start making use of it. If you use DHCPv6 you can enable global IPv6 on a per-host basis. This makes it much, much, easier to get buy-in on rolling out IPv6 everywhere, and while IPv6 is nice, it's not required yet, so you have time for the non-DHCPv6 hosts to be upgraded over the next few years (Mac OS X Lion will actually introduce a full DHCPv6 client implementation, for example). If you don't require stateless, then using prefixes longer than 64 is an option. Our current practice is to allocate a full 64-bit prefix in the schema, but only use what is currently required for actual implementation. Most of our IPv6 prefixes are actually 119 or 120-bit prefixes. Once better protection against neighbor table exhaustion is available we plan to migrate to 64. Also very strongly recommend enabling IPv6 on all your networks even if you disable RA or don't hand out addresses. This provides you with viability of IPv6 traffic on your IPv4 networks (e.g. the ability to check for rogue IPv6 routers). Finally, until RA Guard is available, use of L3 switches that support IPv6 PACL's is highly desirable as they allow you to apply a port-level traffic filter to drop RA from unauthorized ports (we do this system-wide at this point, and network stability has improved dramatically as a result). MLD snooping still needs work; the current Cisco implementation is bugged to the point where it drops ND traffic. I'm strongly looking forward to support for things like DHCPv6 snooping, I was hoping that we'd see it by now but vendors are slow to come around. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
RE: Cogent IPv6 [IPv6 newbie alert!]
As a matter of fact, an IPv6 address has a maximum (but not restricted) fixed lenght of 64 bits for the network and subnetwork definition, and 64bit for the interface identifier. The most left 64 bit in that address contains information about type of address, scope, network and subnetwork and another useful information. But the fixed restricted lenght is not mandatory, and if locally managed IPv6 addresses anre created, you can design routes via routing protocols to follow the same rules as in CIDR. Best regards xD. -- Message: 2 Date: Wed, 8 Jun 2011 20:58:18 -0500 From: Kelly Setzer kelly.set...@wnco.com Subject: RE: Cogent IPv6 To: nanog@nanog.org nanog@nanog.org Message-ID: fc8abe0e5d384a489cdb16c4a8eb77839b3e9c6...@msmail01.luv.ad.swacorp.com Content-Type: text/plain; charset=utf-8 -Original Message- From: r...@u13.net [mailto:r...@u13.net] Sent: Wednesday, June 08, 2011 9:19 AM To: nanog@nanog.org Subject: Re: Cogent IPv6 On Wed, 8 Jun 2011 09:51:21 -0400, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig [SNIP] We have separate v4 and v6 sessions with them on the same dual-stack interface (a v4 /29 and v6 /112 on the interface). One session is between our v4 address and theirs, and carries v4 prefixes only. Then another session between v6 addresses that carries v6 prefixes only. IPv6 newbie alert! I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop. Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used? thanks, Kelly -- *Daniel Espejel Perez *
Re: Cogent IPv6
On 9 jun 2011, at 10:32, Owen DeLong wrote: You can actually use DHCPv6 to assign addresses to hosts dynamically on longer than /64 networks. The trouble is that DHCPv6 can't tell you the prefix length for your address, so either set up the routers to advertise this prefix (but without the autonomous autoconfiguration flag set) or prepare for surprising results. I say: life is too short to fiddle with this kind of stuff, just use /64, at least for everything that isn't a point-to-point link or loopback address.
Re: Cogent IPv6
On 9 jun 2011, at 14:19, sth...@nethelp.no wrote: It is perfectly possible to use RA *only* for the default router, and not announce any prefix at all. This implies a link-local next hop. Router advertisements always use the router's link local address, you can't get a router's global address from this. IPv6 routing protocols also pretty much only use link locals, so link local next hop and default routes are completely routine.
Re: Cogent IPv6
On Thu, Jun 9, 2011 at 8:50 AM, ML m...@kenweb.org wrote: I guess someone with a 1 Gb commit in a not so small city deserves to be charged extra for a few Mbps of IPv6... For a not so full table at that. We canceled some 10GbE Cogent circuits because of Cogent's refusal to provision IPv6 without adding extra fees, and I expressed my reasoning well in advance of canceling the first one. I have been told that they have now eliminated the special fee for North American customers, but just two weeks ago I heard about this IPv6 surcharge stupidity still being applied to Cogent's customers in Europe. If you want to change your vendor, sometimes you have to change your vendor. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
Re: Cogent IPv6
Don't assume that DHCPv6 is the same as DHCP. DHCPv6 does not provide route information because this task is handled by RA in IPv6. An IPv6 RA has flags for Managed (M), Other (O), and Autonomous (A) address configuration. None of these flags are exclusive. While most routers have the A flag set by default (which enables stateless addressing) it can be disabled, and hosts will not pick up a stateless address as a result. The M flag tells hosts to make use of DHCPv6 for an address, and the O flag tells hosts to make use of DHCPv6 for additional configuration, such as DNS. Most popular configurations: You can use the A and O flag for stateless addressing with DHCPv6 for DNS. You can use A, M, and O flags if you want every host to have a stateless address, but want to use DHCPv6 to also give some hosts a predictable address (e.g. for servers), and have them use DHCPv6 for DNS information. You can have only the M and O flags set and hosts will only use DHCPv6 for configuration. Most routers also support relaying of DHCPv6 information to a central server. For those who speak Cisco here is an example interface configuration for DHCPv6 only. ipv6 address 2001:DB8:100::1/64 no ipv6 unreachables ipv6 nd reachable-time 90 ipv6 nd prefix default 900 300 no-autoconfig ipv6 nd managed-config-flag ipv6 nd other-config-flag ipv6 nd router-preference High ipv6 nd ra interval 300 ipv6 nd ra lifetime 300 no ipv6 redirects ipv6 verify unicast source reachable-via rx ipv6 dhcp relay destination 2001:DB8:200::2 ipv6 dhcp relay destination 2001:DB8:200::3 Leaving out the no-autoconfig will also allow stateless if your prefix-length is 64. If you don't have a 64-bit prefix stateless won't work regardless of whether the A flag is set or not. Also note, if using DHCPv6, a DUID is used instead of the MAC address, though 2 out of 3 valid DUID formats include a MAC address of the host and I haven't actually seen the 3rd implemented. DUIDs are stored after the first time they get generated, so if you're imaging hosts you'll need to included deleting the DUID as part of your imaging process, or you'll have conflicts. Ray On Thu, Jun 9, 2011 at 12:59 PM, Iljitsch van Beijnum iljit...@muada.com wrote: On 9 jun 2011, at 14:19, sth...@nethelp.no wrote: It is perfectly possible to use RA *only* for the default router, and not announce any prefix at all. This implies a link-local next hop. Router advertisements always use the router's link local address, you can't get a router's global address from this. IPv6 routing protocols also pretty much only use link locals, so link local next hop and default routes are completely routine. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: Cogent IPv6
On 09/06/2011 17:59, Iljitsch van Beijnum wrote: can't get a router's global address from this. IPv6 routing protocols also pretty much only use link locals Really? I guess my eyes must be playing tricks on me then. Nick
Re: Cogent IPv6
On Thu, Jun 9, 2011 at 1:21 PM, Nick Hilliard n...@foobar.org wrote: On 09/06/2011 17:59, Iljitsch van Beijnum wrote: can't get a router's global address from this. IPv6 routing protocols also pretty much only use link locals Really? I guess my eyes must be playing tricks on me then. Nick What OS? The system could determine the global address for the prefix provided with a little work, but the implementation for RA is to set the default route to the link-local address. This is the behavior on Windows and Linux. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: Cogent IPv6
On 09/06/2011 18:19, Ray Soucy wrote: DHCPv6 does not provide route information because this task is handled by RA in IPv6. Thankfully this silliness is in the process of being fixed, along with prefix delegation - so in future, there will be no requirement for either RA or cartloads of per-interface configuration on routers. Nick
Re: Cogent IPv6
On 09/06/2011 18:26, Ray Soucy wrote: What OS? IOS, for example (as opposed to iOS which is just freebsd from that point of view). JunOS uses link-locals. Iljitsch noted: IPv6 routing protocols also pretty much only use link locals. This is not true in the general case. Nick
Re: Cogent IPv6
Discussion has been had on-list before, suffice to say I respectfully disagree that there is a problem with the current design. On Thu, Jun 9, 2011 at 1:37 PM, Nick Hilliard n...@foobar.org wrote: On 09/06/2011 18:19, Ray Soucy wrote: DHCPv6 does not provide route information because this task is handled by RA in IPv6. Thankfully this silliness is in the process of being fixed, along with prefix delegation - so in future, there will be no requirement for either RA or cartloads of per-interface configuration on routers. Nick -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
RE: Cogent IPv6
Some networks prefer a uniform numbering scheme. /112 allows for reasonable addressing needs on a circuit. In addition, while Ethernet is often used in a point-to-point access circuit, such layouts may change and renumbering would be annoying. Finally, having chunks 4-7 define the circuit and chunk 8 provide the circuit addressing makes it more human readable and is prone to less mistakes by those who suck at math. Jack I actually see that as a pretty good compromise. You could have all of your point-to-points at a pop in the same /64, you can give them all ::1 and ::2 addressing, and the addressing scheme supports both point-to-point and point-to-multipoint topologies. A customer with multiple locations in a region could run a circuit from each location and they could possibly all be in the same /112. If they want to multihome to you, they run similar links to a different pop in a different /112 in a different /64 that is part of that pop's /48. And the numbering is consistent at the user end. The ::2 site or ::3 site would be the ::2 site or ::3 from both pops with a different prefix. Seems reasonable to me.
Re: Cogent IPv6
On Jun 9, 2011, at 9:56 AM, Iljitsch van Beijnum wrote: On 9 jun 2011, at 10:32, Owen DeLong wrote: You can actually use DHCPv6 to assign addresses to hosts dynamically on longer than /64 networks. The trouble is that DHCPv6 can't tell you the prefix length for your address, so either set up the routers to advertise this prefix (but without the autonomous autoconfiguration flag set) or prepare for surprising results. I say: life is too short to fiddle with this kind of stuff, just use /64, at least for everything that isn't a point-to-point link or loopback address. I don't disagree with you, but, the claim that you can only choose between SLAAC and Static and therefore only use /64 for dynamic addressing wasn't true. Owen
Re: Cogent IPv6
On 6/8/11 9:51 AM, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig with them, So they don't do that dual peering thing with us. (They do it on another 100Mb/s circuit we have... I despise it.) Just kind of curious how they go about it. Do they issue you a small IPv6 block for your interface, just like they do for IPv4? Is it a separate session? Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...) Nick Olsen Network Operations (855) FLSPEED x106 For our peering with Cogent they assigned us a /112 from 2001:550. When we turned this up they dropped the old 'dual peering' thing for IPv4. Said they did not need that arrangement any longer. IPv6 seems to work fine with Cogent. Mark -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015
Re: Cogent IPv6
Nick, On Wed, Jun 8, 2011 at 9:51 AM, Nick Olsen n...@flhsi.com wrote: I'm sure someone here is doing IPv6 peering with cogent. (snip) Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...) Not just HE's prefixes you miss with Cogent. Lack of full table means they can't be considered a full transit, ie, you need something like minimum 2 full transits + cogent to do v6 properly. They're more like a private peering. Cheers, Martin
Re: Cogent IPv6
On Wed, 8 Jun 2011 09:51:21 -0400, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig with them, So they don't do that dual peering thing with us. (They do it on another 100Mb/s circuit we have... I despise it.) Just kind of curious how they go about it. Do they issue you a small IPv6 block for your interface, just like they do for IPv4? Is it a separate session? Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...) Nick Olsen Network Operations (855) FLSPEED x106 We have separate v4 and v6 sessions with them on the same dual-stack interface (a v4 /29 and v6 /112 on the interface). One session is between our v4 address and theirs, and carries v4 prefixes only. Then another session between v6 addresses that carries v6 prefixes only.
Re: Cogent IPv6
Do they issue you a small IPv6 block for your interface, just like they do for IPv4? Is it a separate session? Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to Hi Nick, They issued a /112 for our interface with a separate BGP session. (In the UK) No real issues with kicking things off (** from the technical side anyway) Thanks Chris
Re: Cogent IPv6
On Jun 8, 2011, at 6:51, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig with them, So they don't do that dual peering thing with us. (They do it on another 100Mb/s circuit we have... I despise it.) Just kind of curious how they go about it. Do they issue you a small IPv6 block for your interface, just like they do for IPv4? Is it a separate session? Like Mark described, for us too they dropped the goofy dual-session thing for IPv4 so we just have an IPv4 and an IPv6 session now. Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...) Yeah, there's that ... (We have a couple other providers, too, so we don't really care but it's goofy). Worse, for us, is that their router doesn't respond to neighbor discovery requests, so I had to make a static neighbor entry on our router for the session to come up. Not very pretty. I spent more than an hour on the phone with them and they didn't have any ideas (we have plenty other IPv6 sessions for transit and peering on the same router that are working fine). Somewhere on the internets someone anecdotally told they had a Cisco router that did the same thing until it was rebooted. Didn't bother calling them to tell them to reboot the router we are on. :-) Anyway, I guess the lesson is that they (like most providers, I am sure) don't have that much IPv6 experience and they didn't care that much that it didn't work right. Hopefully that attitude will change over the next months. - ask
Re: Cogent IPv6
On Jun 8, 2011, at 7:18 AM, r...@u13.net wrote: On Wed, 8 Jun 2011 09:51:21 -0400, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig with them, So they don't do that dual peering thing with us. (They do it on another 100Mb/s circuit we have... I despise it.) Just kind of curious how they go about it. Do they issue you a small IPv6 block for your interface, just like they do for IPv4? Is it a separate session? Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...) Nick Olsen Network Operations (855) FLSPEED x106 We have separate v4 and v6 sessions with them on the same dual-stack interface (a v4 /29 and v6 /112 on the interface). One session is between our v4 address and theirs, and carries v4 prefixes only. Then another session between v6 addresses that carries v6 prefixes only. That's really the best way to do dual stack peering anyway. Keeps things much cleaner. Owen
RE: Cogent IPv6
-Original Message- From: r...@u13.net [mailto:r...@u13.net] Sent: Wednesday, June 08, 2011 9:19 AM To: nanog@nanog.org Subject: Re: Cogent IPv6 On Wed, 8 Jun 2011 09:51:21 -0400, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig [SNIP] We have separate v4 and v6 sessions with them on the same dual-stack interface (a v4 /29 and v6 /112 on the interface). One session is between our v4 address and theirs, and carries v4 prefixes only. Then another session between v6 addresses that carries v6 prefixes only. IPv6 newbie alert! I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop. Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used? thanks, Kelly *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you.
Re: Cogent IPv6
On Wed, Jun 8, 2011 at 9:58 PM, Kelly Setzer kelly.set...@wnco.com wrote: IPv6 newbie alert! I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop. Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used? Hi Kelly, IPv6 netmasks work exactly like IPv4 netmasks. You can even route /128's if you want. Two major caveats: 1. SLAAC (stateless autoconfiguration, the more or less replacement for DHCP) only works if the subnet on your LAN is exactly /64. So unless you're manually configuring the IPv6 address on every machine on your subnet, you're using a /64. 2. Reverse DNS delegates every 4 bits (in IPv4 its every 8 bits). And when you write the address, every 4 bits is one digit. So unless you want to make things needlessly hard, you're also going to choose 4-bit boundaries for everything. I.e. a /56 or a /60 but never a /57. Now, as to why they'd choose a /112 (65k addresses) for the interface between customer and ISP, that's a complete mystery to me. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Cogent IPv6
Once upon a time, William Herrin b...@herrin.us said: Now, as to why they'd choose a /112 (65k addresses) for the interface between customer and ISP, that's a complete mystery to me. I had to ask this here a while back, so I can now share. :-) IPv6 addresses are written as 8 16-bit chunk separated by colons (optionally with the longest consecutive set of :0 sections replaced with ::). A /112 means the prefix is 7 of the 8 chunks, which means you can use ::1 and ::2 for every connection. Of course, just because you allocate a /112 (or shorter) in your database doesn't mean you have to use it. You could also allocate a /112 for a point-to-point link and use a /127 (e.g. addresses ::a and ::b). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Cogent IPv6
On 6/8/2011 9:51 AM, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig with them, So they don't do that dual peering thing with us. (They do it on another 100Mb/s circuit we have... I despise it.) Just kind of curious how they go about it. Do they issue you a small IPv6 block for your interface, just like they do for IPv4? Is it a separate session? Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...) Nick Olsen Network Operations (855) FLSPEED x106 Did Cogent have the gumption to charge you more for IPv6 too?