From shane at time-travellers.org Tue Jun 1 04:34:20 2010 From: shane at time-travellers.org (Shane Kerr) Date: Tue, 01 Jun 2010 10:34:20 +0800 Subject: DHCPv6 for OS/X, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C03D7DA.5020006@foobar.org> References: <4C0189A0.4030509@netability.ie> , <4C03BADF.3080902@foobar.org> <4C03D7DA.5020006@foobar.org> Message-ID: <1275359660.2541.434.camel@shane-asus-laptop> Nick, On Mon, 2010-05-31 at 16:38 +0100, Nick Hilliard wrote: > At least Windows vista/7, Linux and FreeBSD all support dhcpv6. I look > forward to seeing os/x support some time soon. Are there plans for this that you know of? My understanding was that the Networking Powers that Be in Apple did not approve of DHCPv6 for philosophical differences. Since autoconf is Good Enough for random laptops (or other iThingies) running in dual-stack mode, I don't see much motivation for Apple to change and support DHCPv6. Maybe some enterprising Apple fan will wrap a DHCPv6 client with the Mac magical way to install things cleanly and provide a nice work-around for Apple users. It's not as good as official Apple support, but that would be useful for some administrators... -- Shane From bjorn at mork.no Tue Jun 1 09:22:02 2010 From: bjorn at mork.no (=?utf-8?Q?Bj=C3=B8rn_Mork?=) Date: Tue, 01 Jun 2010 09:22:02 +0200 Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C03BADF.3080902@foobar.org> (Nick Hilliard's message of "Mon, 31 May 2010 14:34:23 +0100") References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> Message-ID: <87k4qjkyjp.fsf@nemi.mork.no> Nick Hilliard writes: > On 30/05/2010 11:05, Benedikt Stockebrand wrote: >> Using Autoconf and Network Unreachability Detection for router >> failover doesn't give you the fastest failover time, but at least it >> gives these people a chance. > > Depending on RA means: > > - loss of service measured in (by default) minutes in the case of router > failure Why? You are free to install more than one default route. > - serious security problems due to rogue RA announcements by unauthorised > network clients I don't see why RA is special here. The same goes for rogue DHCP and DHCPv6 servers. You need to filter. You do not want to allow incoming RAs on any client port in your network. Bj?rn From nick at foobar.org Tue Jun 1 11:42:49 2010 From: nick at foobar.org (Nick Hilliard) Date: Tue, 01 Jun 2010 10:42:49 +0100 Subject: DHCPv6 for OS/X, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <1275359660.2541.434.camel@shane-asus-laptop> References: <4C0189A0.4030509@netability.ie> , <4C03BADF.3080902@foobar.org> <4C03D7DA.5020006@foobar.org> <1275359660.2541.434.camel@shane-asus-laptop> Message-ID: <4C04D619.3080409@foobar.org> On 01/06/2010 03:34, Shane Kerr wrote: > Are there plans for this that you know of? No, not aware of anything in particular; but it just looks to me that the world is going to move to dhcpv6 and will largely ignore RA, where possible. The reason for this is that Windows has pretty decent support for dhcpv6 these days, and having worked in corporate environments, I just cannot see any motivation to want to support multiple host configuration protocols, particularly when one of them (RA) doesn't give the level of control over addressing that you're used to. > My understanding was that the Networking Powers that Be in Apple did not > approve of DHCPv6 for philosophical differences. There's been very little dhcpv6 client software available until recently, but Apple will probably just ship dhcpd-4.2(+) with some shim layer. It's not like os/x isn't a melange of third party code already. > Since autoconf is Good Enough for random laptops (or other iThingies) > running in dual-stack mode, I don't see much motivation for Apple to > change and support DHCPv6. It's only a matter of time before they are forced to, and their barrier to doing so is very low indeed. Nick From tony at lava.net Tue Jun 1 11:52:26 2010 From: tony at lava.net (Antonio Querubin) Date: Mon, 31 May 2010 23:52:26 -1000 (HST) Subject: DHCPv6 for OS/X, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C04D619.3080409@foobar.org> References: <4C0189A0.4030509@netability.ie> , <4C03BADF.3080902@foobar.org> <4C03D7DA.5020006@foobar.org> <1275359660.2541.434.camel@shane-asus-laptop> <4C04D619.3080409@foobar.org> Message-ID: On Tue, 1 Jun 2010, Nick Hilliard wrote: > No, not aware of anything in particular; but it just looks to me that the > world is going to move to dhcpv6 and will largely ignore RA, where You must be living in a different world ;) Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: tony at lava.net From nick at foobar.org Tue Jun 1 14:20:48 2010 From: nick at foobar.org (Nick Hilliard) Date: Tue, 01 Jun 2010 13:20:48 +0100 Subject: DHCPv6 for OS/X, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: References: <4C0189A0.4030509@netability.ie> , <4C03BADF.3080902@foobar.org> <4C03D7DA.5020006@foobar.org> <1275359660.2541.434.camel@shane-asus-laptop> <4C04D619.3080409@foobar.org> Message-ID: <4C04FB20.1050701@foobar.org> On 01/06/2010 10:52, Antonio Querubin wrote: > You must be living in a different world ;) Perhaps. Anyway, this topic has strayed far off anything approaching relevance to ipv6-ops and has descended into a shouting match. If RA makes you happy, then feel free to use it and I wish you well. Nick From tjc at ecs.soton.ac.uk Tue Jun 1 15:05:11 2010 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Tue, 1 Jun 2010 14:05:11 +0100 Subject: DHCPv6 for OS/X, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C04D619.3080409@foobar.org> References: <4C0189A0.4030509@netability.ie> , <4C03BADF.3080902@foobar.org> <4C03D7DA.5020006@foobar.org> <1275359660.2541.434.camel@shane-asus-laptop> <4C04D619.3080409@foobar.org> <108420EC-534F-4258-B00F-EA484E209CBE@ecs.soton.ac.uk> Message-ID: On 1 Jun 2010, at 10:42, Nick Hilliard wrote: > >> Since autoconf is Good Enough for random laptops (or other iThingies) >> running in dual-stack mode, I don't see much motivation for Apple to >> change and support DHCPv6. > > It's only a matter of time before they are forced to, and their barrier to > doing so is very low indeed. > > Nick I think Apple seem to work on and push through v6 stuff that's fine for SOHO users, including Airport, but are lacking many things that are desirable in an enterprise/campus deployment. DHCPv6 is one of those, RFC3484 support and MLDv2 are other examples. We can hope :) Tim From ted.m at ipinc.net Tue Jun 1 07:13:11 2010 From: ted.m at ipinc.net (Ted Mittelstaedt) Date: Mon, 31 May 2010 22:13:11 -0700 Subject: DHCPv6 for OS/X, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <1275359660.2541.434.camel@shane-asus-laptop> References: <4C0189A0.4030509@netability.ie> , <4C03BADF.3080902@foobar.org> <4C03D7DA.5020006@foobar.org> <1275359660.2541.434.camel@shane-asus-laptop> Message-ID: <4C0496E7.90902@ipinc.net> On 5/31/2010 7:34 PM, Shane Kerr wrote: > Nick, > > On Mon, 2010-05-31 at 16:38 +0100, Nick Hilliard wrote: >> At least Windows vista/7, Linux and FreeBSD all support dhcpv6. I look >> forward to seeing os/x support some time soon. > > Are there plans for this that you know of? > > My understanding was that the Networking Powers that Be in Apple did not > approve of DHCPv6 for philosophical differences. > > Since autoconf is Good Enough for random laptops (or other iThingies) > running in dual-stack mode, I don't see much motivation for Apple to > change and support DHCPv6. > > Maybe some enterprising Apple fan will wrap a DHCPv6 client with the Mac > magical way to install things cleanly and provide a nice work-around for > Apple users. It's not as good as official Apple support, but that would > be useful for some administrators... > The WIDE/KAME dhcp sources are known to compile on 10.5 (just type configure and make) Assuming the DHCPv6 client in this works that would let you get the IP info under OSX, the problem is sticking it into the Mac. There is someone who has done some work on this: http://tsennyipa.livejournal.com/3347.html My guess is a few hours of time from an experienced MacOSX programmer would get tsennyipa's code working. It sounds like he's almost there. I personally wouldn't want to use his protocol engine, since it's not open source, I'd try using the WIDE client. A report from IETF-71: "during the Q&A session at the plenary (after the IPv6 only event), Stuart Cheshire of Apple was venting at the mike about why they should have to support yet another protocol for address assignment and other configuration info. Someone mentioned RFC 5006 to him, and he said yes, that's most likely what they would support .. Ted From me at benedikt-stockebrand.de Tue Jun 1 15:39:51 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 13:39:51 +0000 Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C03BADF.3080902@foobar.org> (Nick Hilliard's message of "Mon, 31 May 2010 14:34:23 +0100") References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> Message-ID: Hi Nick and list, Nick Hilliard writes: > Depending on RA means: > > - loss of service measured in (by default) minutes in the case of router > failure if you had actually either tried this or at least taken a proper look at the specs, then you'd know that the upper bound here is 45s (REACHABLE_TIME \times MAX_RANDOM_FACTOR, as defined in RFC 4861) plus whatever another round of neighbor discovery takes (usually <1s). That's well within standard TCP timeouts, and yes, I've actually taken the time to double (in the RFC) and triple (in a quick test setup) check this. > - serious security problems due to rogue RA announcements by unauthorised > network clients That's a problem inherent in all multiple access networks and not specific to Autoconf. I can do the same in an IPv4 network with VRRP or HSRP clustered routers or whatever by well known ARP manipulation attacks, among other things. It's admittedly bad that router, and especially WLAN access point, vendors haven't yet widely implemented ways to filter rogue RAs like they filter rogue DHCP servers, but that's an implementation problem, not a specification one. Beyond that, if you can't get your network topology sorted out in a way that prevents these issues simply by not allowing any unauthorized clients into your sensitive subnets, that's hardly something you can blame Autoconf for. You can't expect the network layer to fix all security issues stemming from your link layer. > Either of these problems on their own makes RA unsuitable for most > applications other than enthusiast / home / playpen. Since you keep trying to insinuate that I don't know about data center operations: Take a look at http://www.top500.org/system/5090. Among the lessons I've learned from building that system is that the only way to get reliability is to avoid complexity where it doesn't contribute to the system---especially if you run 24/7 and have to ensure that you always have a team on call duty who can handle the system in all of its aspects. I'm not saying that this is a setup where I'd use router failover based on Autoconf, but if I ever had to build anything like that again I'd test all the options available (VRRP, HSRP, passive OSPF, passive RIP, Autoconf, whatever redundancy features the application software offers, custom failover scripts) before I'd jump to conclusions. > But, if you want to operate your network with lousy availability > characteristics and where any arbitrary client can hijack the > network, then by all means, please go ahead and do so. Just don't > pretend that it's going to be reliable. Again, maybe you should just fix your networks. From your comments I suggest you start with separating nodes with different privileges into separate subnets. Then maybe split subnets with a significant number of machines in there (use a bit of quantitative risk analysis to find an adequate number for your setup) into smaller ones to contain the impact of any (intentional or accidential) incident. If you can't get physical security straight, consider to use 802.1x. Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From me at benedikt-stockebrand.de Tue Jun 1 15:56:33 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 13:56:33 +0000 Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <20100531134055.GV88261@ronin.4ever.de> (Elmar K. Bins's message of "Mon, 31 May 2010 15:40:55 +0200") References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> Message-ID: Hi Elmar and list, "Elmar K. Bins" writes: > It gets more interesting if you try to really help your users with > an anycast gateway address. How do you propagate this one, and not > the routers', with RAs? don't. What you do is that you enable router advertisements on both routers (and make sure they advertise the same prefixes). If you want, you can fiddle with their priority along the way. Then you simply leave the rest to Neighbor Unreachability Detection (NUD). The hosts will maintain a list of default routers and switch between them as soon as NUD indicates that the one used has become unavailable. Simple implementations maintain a single "active" default router for all traffic, but the specs also allow implementations to maintain individual first-hop routers per destination. NUD ensures that a dead router is detected at an average 30s, plusminus 15s to avoid synchronization effects. RFC 4861 has all the details. In the end this gives you a failover in at worst 45s plus whatever a new round of ND takes. Not good enough for VoIP, but fast enough for TCP and still much faster than switching over manually. And all that at minimal complexity. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From mohacsi at niif.hu Tue Jun 1 16:03:02 2010 From: mohacsi at niif.hu (Mohacsi Janos) Date: Tue, 1 Jun 2010 16:03:02 +0200 (CEST) Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <81D49719B798A4429C3958475FCDF2F362117C7BC6@AMS2PMS4001.upcit.ds.upc.biz> References: , <81D49719B798A4429C3958475FCDF2F362117C7BC6@AMS2PMS4001.upcit.ds.upc.biz> Message-ID: On Mon, 31 May 2010, Tosolini, Luca wrote: > an interesting proposal is to convey the default-router in DHCP only; > thus making RA less of a requirement: > > http://tools.ietf.org/html/draft-dec-dhcpv6-route-option-03 Maybe, except informing clients to use DHCPv6 ;-) > > Luca. > ________________________________________ > From: ipv6-ops-bounces+ipv6=aorta.net at lists.cluenet.de [ipv6-ops-bounces+ipv6=aorta.net at lists.cluenet.de] On Behalf Of David Freedman [david.freedman at uk.clara.net] > Sent: Monday, May 31, 2010 3:58 PM > To: Rickman, Phil; Nick Hilliard; Benedikt Stockebrand > Cc: ipv6-ops at lists.cluenet.de > Subject: Re: So why is "IPv4 with longer addresses" a problem anyway? > >> one final point. >> I am curious how you wish to dynamic assign 2,000 clients, for an examples, >> gateways if DHCPv6 does not support it? > > Yes, I think the point here is "Make DHCPv6 support it" , folk should have > the choice to use the lightweight, insecure RA or not. > > You keep mentioning "suppression" with regards to RA and confusing it with > some form of security, I think Nick is alluding to the ability of parties to > inject rogue RA into a network and for it to be accepted, one possible > solution to this is > which has yet to > be implemented in mainstream equipment. > > Dave. > > > > From michael.dillon at bt.com Tue Jun 1 16:13:05 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 1 Jun 2010 15:13:05 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> Message-ID: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> > don't. What you do is that you enable router advertisements on both > routers (and make sure they advertise the same prefixes). If you > want, you can fiddle with their priority along the way. > > Then you simply leave the rest to Neighbor Unreachability Detection It seems to me that all of the good bits from this discussion are the kind of thing that belongs on an IPv6 cookbook site. I don't know if there is already such a site, but if not, I suppose that ARIN's http://www.getipv6.info wiki would be a good place to put it. Then, instead of wading through arguments filled with red herrings and appeals to authority, people could just read a simple cookbook article on "Anycast gateway addresses" or "Configuring RA for use with DHCPV6". If such a site existed, then it might also be useful to end threads that drag on by asking people to go there and edit the recipes to make them clearer or whatever. --Michael Dillon From ipv6-ops at c0mplx.org Tue Jun 1 16:28:32 2010 From: ipv6-ops at c0mplx.org (Kurt Jaeger) Date: Tue, 1 Jun 2010 16:28:32 +0200 Subject: IPv6 fast reroute ? In-Reply-To: References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> Message-ID: <20100601142832.GG20255@home.opsec.eu> Hi! Benedikt wrote: > In the end this gives you a failover in at worst 45s plus whatever a > new round of ND takes. Not good enough for VoIP, but fast enough for > TCP and still much faster than switching over manually. And all that > at minimal complexity. This leads me to the next question: There's the IP fast reroute crowd, with their goal of 50ms switchover, like they had it in SDH. Look eg at: http://www.faqs.org/rfcs/rfc5286.html How will this be done in IPv6 ? -- pi at opsec.eu +49 171 3101372 10 years to go ! From mtinka at globaltransit.net Tue Jun 1 16:29:01 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Tue, 1 Jun 2010 22:29:01 +0800 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <201006012229.01958.mtinka@globaltransit.net> On Tuesday 01 June 2010 10:13:05 pm michael.dillon at bt.com wrote: > If such a site existed, then it might also be useful to > end threads that drag on by asking people to go there > and edit the recipes to make them clearer or whatever. I support this effort because this is a real problem, today (and a real shame that we haven't reached any decent "operational" consensus). Existing LAN administrators will need all the information they can get if they start deploying IPv6 in a LAN environment before we work out the SLAAC vs. DHCPv6 issues. And the more "updated" information they can source in a single (or multiple) location(s), the better off they will be. Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100601/27804231/attachment.bin From me at benedikt-stockebrand.de Tue Jun 1 16:36:44 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 14:36:44 +0000 Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C03D36A.2050903@foobar.org> (Nick Hilliard's message of "Mon, 31 May 2010 16:19:06 +0100") References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <4C03D36A.2050903@foobar.org> Message-ID: Hi once more, Nick Hilliard writes: > RFC 2461, section 6.3.4: just for completeness sake: That one's been obsoleted by RFC 4861 since September 2007. > "the receipt of a Router Advertisement MUST NOT invalidate all information > received in a previous advertisement or from another source. However, when > received information for a specific parameter (e.g., Link MTU) or option > (e.g., Lifetime on a specific Prefix) differs from information received > earlier, and the parameter/option can only have one value, the most > recently-received information is considered authoritative." > > ... and the rest of section 6.3.4, which provides the mechanism for RA > Default Router List timeout. > > Please read this section carefully. You are simply not guaranteed quick > failover when using RA. Yes, you can tune things down, but it's never > going to be anything like a router failover protocol. The timeout you are referring to determines how long a router is kept in the list of default routers on a host, not for how long it is actually used. The timeout determining which router is actually used is the NUD timeout at 30s plusminus 15s. > I'd be happy to retract a statement like that if you can provide a > reference. In <4C03BADF.3080902 at foobar.org> you write: ] - loss of service measured in (by default) minutes in the case of router ] failure Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From me at benedikt-stockebrand.de Tue Jun 1 16:39:42 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 14:39:42 +0000 Subject: Mysterious missing DHCPv6 feature, was Re: How does one obtain an IPv6 DNS server when VPNing to an ASA? In-Reply-To: <874ohpns2h.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Sun, 30 May 2010 20:49:10 +0200") References: <20100517.084430.78711679.sthaug@nethelp.no> <20100518075150.404fd6a6@opy.nosense.org> <20100518.073644.23028119.he@uninett.no> <874ohpns2h.fsf@mid.deneb.enyo.de> Message-ID: Hi Florian and list, Florian Weimer writes: > * Benedikt Stockebrand: > >> I disagree here. From what I've seen so far the key problem with >> regard to IPv6 is that a lot of people try to make IPv6 an "IPv4 with >> larger addresses", preserving all the workarounds they have come to >> get used to. "We've always used DHCP", "I want my NAT back", "I've >> always written IP addresses in decimal", "There can't be multiple >> default routes in a routing table" and so on. > > On the other hand, increased familiarity helps to cut down training > and documentation costs, and generally makes things easier to run. true, but you have to find an individual balance between those costs and actually improving things. We have kept a number of things untouched when moving from IPv4 to IPv6, but they largely go unnoticed exactly because they haven't changed. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From michael.dillon at bt.com Tue Jun 1 16:42:24 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 1 Jun 2010 15:42:24 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <201006012229.01958.mtinka@globaltransit.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <201006012229.01958.mtinka@globaltransit.net> Message-ID: <28E139F46D45AF49A31950F88C4974580637EE58@E03MVZ2-UKDY.domain1.systemhost.net> > > If such a site existed, then it might also be useful to end threads > > that drag on by asking people to go there and edit the recipes to > > make them clearer or whatever. > > I support this effort because this is a real problem, today (and a real > shame that we haven't reached any decent "operational" consensus). Actually, I think we have reached an operational consensus. There is no right answer that suits all situations, just a number of best practices that you have to choose from depending on your network situation. And before designing a new network, you should review the possibilities and make sure that you don't force yourself down a complex route, if you don't otherwise need to. Even in an ISP network, there is no magic bullet. The office LAN might need something different from the DSL customer network and different again for the management LANs. It might be as simple as choosing a different timer value, but it is always good to have a solution spelled out in detail along with the reasons for doing it that way. > And the more "updated" information they can source in a single (or > multiple) location(s), the better off they will be. Yes. And since ARIN is not going away anytime soon, their wiki seems like a good place to put it. In fact, maybe we should urge RIPE and the other RIRs to also adopt the ARIN wiki as their preferred site for IPv6 educational materials. All of the RIRs do a certain amount of education and outreach. --Michael Dillon From me at benedikt-stockebrand.de Tue Jun 1 17:01:16 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 15:01:16 +0000 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses" a problem anyway?) In-Reply-To: <201006010047.26322.mtinka@globaltransit.net> (Mark Tinka's message of "Tue, 1 Jun 2010 00:47:19 +0800") References: <4C0189A0.4030509@netability.ie> <201006010047.26322.mtinka@globaltransit.net> Message-ID: Hi Mark and list, Mark Tinka writes: > I probably wouldn't go around saying RIP is better to deploy > than a link-state routing protocol (despite the "balance > between easy-to-handle simplicity and ultimate performance > complexity" quote), Depends. As far as deployment goes: If you use e.g. a BSD or Solaris you get a lightweight RIP daemon as part of the base system, so with these systems deployment is actually a bit easier---you just turn it on. On other systems the only difference may be that people tend to copy configurations without changing the router ID. >From a security/reliability point of view, both shouldn't be used in networks where untrustworthy nodes are connected, so they don't differ much in that respect---whenever you want to use dynamic routing, you better get your network topology sorted out beforehand. Beyond that it's where the difference comes into play: It's not so much the deployment but troubleshooting. From experience I know that I can train anybody with basic knowledge of IP within about two hours (including hands-on training) how RIP{v2,ng} works, what the packets they see in a packet sniffer mean and how to analyze and fix problems. With OSPFv{2,3} you can barely explain how it works during that time. To make people really comfortable with OSPF it takes a few days training, on-the-job time to gather experience, and periodic training. If people only touch dynamic routing protocols maybe once or twice a year, RIP gives them much more of a chance than OSPF when things go wrong. So beyond "normal" data center or medium-to-large enterprise networks, but in environments without specialized network admins, small enough network diameter and modest failover time requirements, RIP does have its niche. (And yes, I've seen people overextending themselves with OSPF...) > but I gather that isn't the gist of this thread. See Subject header:-) Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From mtinka at globaltransit.net Tue Jun 1 17:09:44 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Tue, 1 Jun 2010 23:09:44 +0800 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637EE58@E03MVZ2-UKDY.domain1.systemhost.net> References: <201006012229.01958.mtinka@globaltransit.net> <28E139F46D45AF49A31950F88C4974580637EE58@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <201006012309.49267.mtinka@globaltransit.net> On Tuesday 01 June 2010 10:42:24 pm michael.dillon at bt.com wrote: > Actually, I think we have reached an operational > consensus. There is no right answer that suits all > situations, just a number of best practices that you > have to choose from depending on your network situation. Where I was coming from is; I'd like to review this when: - RFC 5006 gets widely accepted (or not). - DHCPv6 supports default route + prefix lengths (or not). - SLAAC gets widely accepted (or not). - Mac OS X supports DHCPv6 (or not). - RA Guard is widely implemented. - DHCPv6 Snooping is widely implemented. - SeND gets widely accepted (or not). A lot of things on the Internet (and its operations) have no right or wrong answer, but if anything has come out from this thread, it's that we are very far from an optimal auto- configuration mechanism for the LAN, particularly for operators who need things to just work and could care less about what 'ipv6-ops' is ranting about on Tuesday. In the mean time, keeping these developments updated on the ARIN IPv6 wiki (and the respective wiki's of the other RIR's, as you rightly suggest) so we can all track overall progress, from development and deployment, is most welcome. Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100601/bce229d0/attachment.bin From mtinka at globaltransit.net Tue Jun 1 17:34:46 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Tue, 1 Jun 2010 23:34:46 +0800 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses" a problem anyway?) In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> Message-ID: <201006012334.51111.mtinka@globaltransit.net> On Tuesday 01 June 2010 11:01:16 pm Benedikt Stockebrand wrote: > As far as deployment goes: If you use e.g. a BSD or > Solaris you get a lightweight RIP daemon as part of the > base system, so with these systems deployment is > actually a bit easier---you just turn it on. Then install Quagga/Zebra and run OSPF or IS-IS. > So beyond "normal" data center or medium-to-large > enterprise networks, but in environments without > specialized network admins, small enough network > diameter and modest failover time requirements, RIP does > have its niche. I'm sorry, I just don't subscribe to the idea of teaching folk to use RIP in today's networks, despite the size of their business (I hold workshops myself, I know) - because this stuff sticks. The most I tend to say about RIP - don't use it! In addition to the "other way" we we tend to describe it. > (And yes, I've seen people overextending themselves with > OSPF...) So tell them to ignore all those knobs the industry has added to the spec. They don't need (m)any of them. If you're having problems stuffing enough useful information about link state routing protocols into your tutorials, I'd, respectfully, look at working on that instead. Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100601/e6a2fdd8/attachment-0001.bin From juergen.becker at gmail.com Tue Jun 1 17:47:44 2010 From: juergen.becker at gmail.com (=?iso-8859-1?Q?J=FCrgen_Becker?=) Date: Tue, 1 Jun 2010 17:47:44 +0200 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses" a problem anyway?) In-Reply-To: <201006012334.51111.mtinka@globaltransit.net> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> Message-ID: On Jun 1, 2010, at 5:34 PM, Mark Tinka wrote: > On Tuesday 01 June 2010 11:01:16 pm Benedikt Stockebrand > wrote: > >> As far as deployment goes: If you use e.g. a BSD or >> Solaris you get a lightweight RIP daemon as part of the >> base system, so with these systems deployment is >> actually a bit easier---you just turn it on. > > Then install Quagga/Zebra and run OSPF or IS-IS. > >> So beyond "normal" data center or medium-to-large >> enterprise networks, but in environments without >> specialized network admins, small enough network >> diameter and modest failover time requirements, RIP does >> have its niche. > > I'm sorry, I just don't subscribe to the idea of teaching > folk to use RIP in today's networks, despite the size of > their business (I hold workshops myself, I know) - because > this stuff sticks. > > The most I tend to say about RIP - don't use it! In addition > to the "other way" we we tend to describe it. There is one simple reason why RIP is still used and why it most likely will be used in the future: RIP is cheaper then OSPF etc., because most hardware vendor consider it basic routing and include it for free. For advanced routing you have to buy licenses and/or more expensive hardware. > >> (And yes, I've seen people overextending themselves with >> OSPF...) > > So tell them to ignore all those knobs the industry has > added to the spec. They don't need (m)any of them. > > If you're having problems stuffing enough useful information > about link state routing protocols into your tutorials, I'd, > respectfully, look at working on that instead. > > Cheers, > > Mark. Regards, J?rgen From Sam.Wilson at ed.ac.uk Tue Jun 1 17:55:51 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Tue, 1 Jun 2010 16:55:51 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> On 1 Jun 2010, at 15:13, wrote: >> don't. What you do is that you enable router advertisements on both >> routers (and make sure they advertise the same prefixes). If you >> want, you can fiddle with their priority along the way. >> >> Then you simply leave the rest to Neighbor Unreachability Detection > > It seems to me that all of the good bits from this discussion are > the kind of thing that belongs on an IPv6 cookbook site. ... I just have a sort of feeling that this sort of thing might have been done before. Perhaps some of these need updating? and see under 'Public Deliverables' It seems odd that I can't find a link to such a document on , but I may not be looking in the right place. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From wmaton at ryouko.imsb.nrc.ca Tue Jun 1 17:58:32 2010 From: wmaton at ryouko.imsb.nrc.ca (William F. Maton Sotomayor) Date: Tue, 1 Jun 2010 11:58:32 -0400 (EDT) Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> Message-ID: On Tue, 1 Jun 2010, Sam Wilson wrote: > > On 1 Jun 2010, at 15:13, > wrote: > >>> don't. What you do is that you enable router advertisements on both >>> routers (and make sure they advertise the same prefixes). If you >>> want, you can fiddle with their priority along the way. >>> >>> Then you simply leave the rest to Neighbor Unreachability Detection >> >> It seems to me that all of the good bits from this discussion are >> the kind of thing that belongs on an IPv6 cookbook site. ... > > I just have a sort of feeling that this sort of thing might have been done > before. Perhaps some of these need updating? I do have a sense of deja-vu in a lot of instances, and all this has been covered before: you're correct. I also agree that existing sites simply need updating or new ownership just to get them pushed along. I'm currently facing that as I go throw my own IPv6 planning for another group. > > < wfms From mtinka at globaltransit.net Tue Jun 1 18:10:59 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Wed, 2 Jun 2010 00:10:59 +0800 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses" a problem anyway?) In-Reply-To: References: <201006012334.51111.mtinka@globaltransit.net> Message-ID: <201006020011.03653.mtinka@globaltransit.net> On Tuesday 01 June 2010 11:47:44 pm J?rgen Becker wrote: > There is one simple reason why RIP is still used and why > it most likely will be used in the future: RIP is > cheaper then OSPF etc., because most hardware vendor > consider it basic routing and include it for free. RFC 1812, final paragraph of section 7.2.1: "A router that implements any routing protocol (other than static routes) MUST IMPLEMENT OSPF (see Section [7.2.2]). A router MAY implement additional IGPs." Of course we all know that what the RFC's suggest and what happens on the ground may be vastly apart but I'd be hard- pressed to find a decent vendor out there that won't do OSPF in some way or form. Even Cisco's 800 series routers will happily do OSPF, and you can pick those up off E-Bay for a couple of bucks. If you need more horse-power from your router, chances are it supports OSPF. > For > advanced routing you have to buy licenses and/or more > expensive hardware. FUD. What we're seeing now is vendors that "were" charging for IPv6 since it was considered an "advanced feature". This included OSPFv3 (more reason to use IS-IS). However, some vendors have now put a US$0.00 cost on IPv6 and its related features, while the rest have began dropping back as well. Of course, if you buy a so-called Layer 3 switch (because it gives you cheap Ethernet ports) and get asked to pay additional for IP routing, while I wouldn't agree with it, I wouldn't fault them. You bought a switch, after all. And you don't need a Juniper MX960 or a Cisco ASR9000 to run OSPF. Heck, if you really are averse to paying vendors, download a copy of Quagga :-). Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100602/8382da1b/attachment.bin From nick at foobar.org Tue Jun 1 18:29:13 2010 From: nick at foobar.org (Nick Hilliard) Date: Tue, 01 Jun 2010 17:29:13 +0100 Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> Message-ID: <4C053559.8020808@foobar.org> On 01/06/2010 14:56, Benedikt Stockebrand wrote: > destination. NUD ensures that a dead router is detected at an average > 30s, plusminus 15s to avoid synchronization effects. RFC 4861 has all > the details. It kills me to add further noise to this thread, but this is probably one of the base sources of contention. It seems that you're happy with 15-45 seconds as an operationally / commercially acceptable time period for loss of service in the event of gateway failure / failover. If you accept this level of service unavailability, then RA / NUD is quite adequate. I don't accept that this is an acceptable operational / commercial proposition for my customers. Therefore RA / NUD is not viable on the networks which I deal with. Good, we've cleared something up. Nick From gbonser at seven.com Tue Jun 1 18:50:54 2010 From: gbonser at seven.com (George Bonser) Date: Tue, 1 Jun 2010 09:50:54 -0700 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses"a problem anyway?) In-Reply-To: <201006020011.03653.mtinka@globaltransit.net> References: <201006012334.51111.mtinka@globaltransit.net> <201006020011.03653.mtinka@globaltransit.net> Message-ID: <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> > -----Original Message----- > From: > On Behalf Of Mark Tinka > Sent: Tuesday, June 01, 2010 9:11 AM > To: J?rgen Becker > Cc: Benedikt Stockebrand; ipv6-ops at lists.cluenet.de > Subject: Re: The use of RIPng (was: Re: So why is "IPv4 with longer > addresses"a problem anyway?) > > On Tuesday 01 June 2010 11:47:44 pm J?rgen Becker wrote: > > > There is one simple reason why RIP is still used and why it most > > likely will be used in the future: RIP is cheaper then OSPF etc., > > because most hardware vendor consider it basic routing and include > it > > for free. > > RFC 1812, final paragraph of section 7.2.1: > > "A router that implements any routing protocol (other than > static routes) MUST IMPLEMENT OSPF (see Section [7.2.2]). > A router MAY implement additional IGPs." > > Of course we all know that what the RFC's suggest and what happens on > the ground may be vastly apart but I'd be hard- pressed to find a > decent vendor out there that won't do OSPF in some way or form. Even > Cisco's 800 series routers will happily do OSPF, and you can pick those > up off E-Bay for a couple of bucks. > > If you need more horse-power from your router, chances are it supports > OSPF. > > > For > > advanced routing you have to buy licenses and/or more expensive > > hardware. > > FUD. > > What we're seeing now is vendors that "were" charging for > IPv6 since it was considered an "advanced feature". This included > OSPFv3 (more reason to use IS-IS). However, some vendors have now put a > US$0.00 cost on IPv6 and its related features, while the rest have > began dropping back as well. > What do you mean "were"? If you own Brocade/Foundry SuperX units and want to run v6 layer 3 you need to buy special blades AND pay a premium license fee. Any networks unlucky enough to have purchased any of that kit over the past few years are suddenly feeling this burning sensation on their seat if they are considering v6 migration. I use RIPng only for "next hop" information where I redistribute connected links from my external peering connections among my BGP routers. Internally we use OSPF. From me at benedikt-stockebrand.de Tue Jun 1 19:07:40 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 17:07:40 +0000 Subject: The use of RIPng In-Reply-To: <201006012334.51111.mtinka@globaltransit.net> (Mark Tinka's message of "Tue, 1 Jun 2010 23:34:46 +0800") References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> Message-ID: Hi Mark and list, Mark Tinka writes: > On Tuesday 01 June 2010 11:01:16 pm Benedikt Stockebrand > wrote: > >> As far as deployment goes: If you use e.g. a BSD or >> Solaris you get a lightweight RIP daemon as part of the >> base system, so with these systems deployment is >> actually a bit easier---you just turn it on. > > Then install Quagga/Zebra and run OSPF or IS-IS. that's a bit of a pain involved there. Additionally, it is recommended not to run it on a machine that does anything else, mostly because the init scripts (or equivalent) and Quagga tend to interfere with each other. > I'm sorry, I just don't subscribe to the idea of teaching > folk to use RIP in today's networks, despite the size of > their business (I hold workshops myself, I know) - because > this stuff sticks. Valid point. And I agree that moving from RIP to OSPF is a rather gory business, especially if you delay the move until RIP becomes a problem rather than a solution. However, there are businesses that rarely grow to the point that they have a full-time sysadmin around, and the choices there are either static routes (which are fascinatingly prone to typos) or RIP to maintain routing tables automatically. At least here in Germany we have lots of small but IT-heavy businesses, like accounting/tax advisor shops, engineering offices and such. They usually have an external contractor to take care of everything related to computers, from buying the right type of toner cartridge to setting up and maintaining their networks (of 5--25 hosts, 2--3 routers). To them, RIP makes life easier while OSPF is an undefused bomb. > The most I tend to say about RIP - don't use it! In addition > to the "other way" we we tend to describe it. [Parse Error?] >> (And yes, I've seen people overextending themselves with >> OSPF...) > > So tell them to ignore all those knobs the industry has > added to the spec. They don't need (m)any of them. My point is on troubleshooting, not configuring things. You don't have to use areas (beyond backbone) or whatever, but it still takes quite some background to understand that the LSAs you see are wrong, figure out what they mean, why and how they mess up your routing, how to track down their source and how to get rid of them. > If you're having problems stuffing enough useful information > about link state routing protocols into your tutorials, I'd, > respectfully, look at working on that instead. Since I mostly do IPv6 tutorials I normally run into only one of two situations: - If I have participants who know about OSPFv2, then telling them about the differences between v2 and v3 is no big deal; it's mostly "router IDs are still 32 bits, so you can't just use an IPv6 address there, the authentication mechanisms have gone in favour of IPsec" and similar. - If I have participants who don't know about OSPFv2, usually because they are less routing centric, then I won't spend time on teaching elementary OSPF because there are plenty topics more relevant to them. Doing a three day course on OSPF alone is fine, but stuffing OSPF into a three day course on IPv6 is just running people into trouble. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From ted.m at ipinc.net Tue Jun 1 19:11:28 2010 From: ted.m at ipinc.net (Ted Mittelstaedt) Date: Tue, 01 Jun 2010 10:11:28 -0700 Subject: The use of RIPng In-Reply-To: <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> References: <201006012334.51111.mtinka@globaltransit.net> <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> Message-ID: <4C053F40.50704@ipinc.net> On 6/1/2010 9:50 AM, George Bonser wrote: > > >> -----Original Message----- From: On Behalf Of Mark Tinka Sent: >> Tuesday, June 01, 2010 9:11 AM To: J?rgen Becker Cc: Benedikt >> Stockebrand; ipv6-ops at lists.cluenet.de Subject: Re: The use of >> RIPng (was: Re: So why is "IPv4 with longer addresses"a problem >> anyway?) >> >> On Tuesday 01 June 2010 11:47:44 pm J?rgen Becker wrote: >> >>> There is one simple reason why RIP is still used and why it >>> most likely will be used in the future: RIP is cheaper then OSPF >>> etc., because most hardware vendor consider it basic routing and >>> include >> it >>> for free. >> >> RFC 1812, final paragraph of section 7.2.1: >> >> "A router that implements any routing protocol (other than static >> routes) MUST IMPLEMENT OSPF (see Section [7.2.2]). A router MAY >> implement additional IGPs." >> >> Of course we all know that what the RFC's suggest and what happens >> on the ground may be vastly apart but I'd be hard- pressed to find >> a decent vendor out there that won't do OSPF in some way or form. >> Even Cisco's 800 series routers will happily do OSPF, and you can >> pick those up off E-Bay for a couple of bucks. >> >> If you need more horse-power from your router, chances are it >> supports OSPF. >> >>> For advanced routing you have to buy licenses and/or more >>> expensive hardware. >> >> FUD. >> >> What we're seeing now is vendors that "were" charging for IPv6 >> since it was considered an "advanced feature". This included OSPFv3 >> (more reason to use IS-IS). However, some vendors have now put a >> US$0.00 cost on IPv6 and its related features, while the rest have >> began dropping back as well. >> > > What do you mean "were"? If you own Brocade/Foundry SuperX units and > want to run v6 layer 3 you need to buy special blades AND pay a > premium license fee. Any networks unlucky enough to have purchased > any of that kit over the past few years are suddenly feeling this > burning sensation on their seat if they are considering v6 migration. Then they were stupid. You can take that with a grain of salt because we don't own any of that stuff, but IPv6 has been out for what, the last decade? And your just now getting around to including it as a requirement in your RFPs? Those orgs are just paying the deserved "stupid tax" IMHO. Feel free to sling arrows, I'll listen to the sputtering justifications, but the fact remains you saved money by dropping what should have been a mandated spec from your RFP 5 years ago when you bought the stuff, and now your whining that they want more money. Uh huh. > I use RIPng only for "next hop" information where I redistribute > connected links from my external peering connections among my BGP > routers. Internally we use OSPF. > Yeah, well as an ISP, we have a few elderly 56K total control chassis that only speak RIP also so we have run it too - but I certainly don't run around -boasting- about it! Ted From ted.m at ipinc.net Tue Jun 1 19:14:09 2010 From: ted.m at ipinc.net (Ted Mittelstaedt) Date: Tue, 01 Jun 2010 10:14:09 -0700 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> Message-ID: <4C053FE1.6070307@ipinc.net> On 6/1/2010 10:07 AM, Benedikt Stockebrand wrote: > Hi Mark and list, > > Mark Tinka writes: > >> On Tuesday 01 June 2010 11:01:16 pm Benedikt Stockebrand >> wrote: >> >>> As far as deployment goes: If you use e.g. a BSD or >>> Solaris you get a lightweight RIP daemon as part of the >>> base system, so with these systems deployment is >>> actually a bit easier---you just turn it on. >> >> Then install Quagga/Zebra and run OSPF or IS-IS. > > that's a bit of a pain involved there. Additionally, it is > recommended not to run it on a machine that does anything else, mostly > because the init scripts (or equivalent) and Quagga tend to interfere > with each other. > >> I'm sorry, I just don't subscribe to the idea of teaching >> folk to use RIP in today's networks, despite the size of >> their business (I hold workshops myself, I know) - because >> this stuff sticks. > > Valid point. And I agree that moving from RIP to OSPF is a rather > gory business, especially if you delay the move until RIP becomes a > problem rather than a solution. > > However, there are businesses that rarely grow to the point that they > have a full-time sysadmin around, and the choices there are either > static routes (which are fascinatingly prone to typos) or RIP to > maintain routing tables automatically. > > At least here in Germany we have lots of small but IT-heavy > businesses, like accounting/tax advisor shops, engineering offices and > such. They usually have an external contractor to take care of > everything related to computers, from buying the right type of toner > cartridge to setting up and maintaining their networks (of 5--25 > hosts, 2--3 routers). To them, RIP makes life easier while OSPF is an > undefused bomb. > Why do you use 2-3 routers with a grand total of 25 hosts?!? Ted >> The most I tend to say about RIP - don't use it! In addition >> to the "other way" we we tend to describe it. > > [Parse Error?] > >>> (And yes, I've seen people overextending themselves with >>> OSPF...) >> >> So tell them to ignore all those knobs the industry has >> added to the spec. They don't need (m)any of them. > > My point is on troubleshooting, not configuring things. You don't > have to use areas (beyond backbone) or whatever, but it still takes > quite some background to understand that the LSAs you see are wrong, > figure out what they mean, why and how they mess up your routing, how > to track down their source and how to get rid of them. > >> If you're having problems stuffing enough useful information >> about link state routing protocols into your tutorials, I'd, >> respectfully, look at working on that instead. > > Since I mostly do IPv6 tutorials I normally run into only one of two > situations: > > - If I have participants who know about OSPFv2, then telling them about > the differences between v2 and v3 is no big deal; it's mostly > "router IDs are still 32 bits, so you can't just use an IPv6 address > there, the authentication mechanisms have gone in favour of IPsec" > and similar. > > - If I have participants who don't know about OSPFv2, usually because > they are less routing centric, then I won't spend time on teaching > elementary OSPF because there are plenty topics more relevant to them. > > Doing a three day course on OSPF alone is fine, but stuffing OSPF into > a three day course on IPv6 is just running people into trouble. > > > Cheers, > > Benedikt > From tedm at ipinc.net Tue Jun 1 19:25:10 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 01 Jun 2010 10:25:10 -0700 Subject: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C053559.8020808@foobar.org> References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <4C053559.8020808@foobar.org> Message-ID: <4C054276.5080700@ipinc.net> On 6/1/2010 9:29 AM, Nick Hilliard wrote: > On 01/06/2010 14:56, Benedikt Stockebrand wrote: >> destination. NUD ensures that a dead router is detected at an average >> 30s, plusminus 15s to avoid synchronization effects. RFC 4861 has all >> the details. > > It kills me to add further noise to this thread, but this is probably one > of the base sources of contention. It seems that you're happy with 15-45 > seconds as an operationally / commercially acceptable time period for loss > of service in the event of gateway failure / failover. If you accept this > level of service unavailability, then RA / NUD is quite adequate. > > I don't accept that this is an acceptable operational / commercial > proposition for my customers. Therefore RA / NUD is not viable on the > networks which I deal with. > I don't accept that routers routinely dying is an acceptable operational / commercial proposition for our customers. Just for grins I just checked and the last SCHEDULED reboot of our own largest and most complex BGP-running router was 50 weeks ago. The last UNSCHEDULED reboot was something like 5 YEARS ago. > Good, we've cleared something up. > Obviously. Clearly your standards for acceptable router hardware are far, far lower than a lot of peoples. I would guess that's why your so concerned with a 30 second slew time. Ted From nick at foobar.org Tue Jun 1 19:29:51 2010 From: nick at foobar.org (Nick Hilliard) Date: Tue, 01 Jun 2010 18:29:51 +0100 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> Message-ID: <4C05438F.6000200@foobar.org> On 01/06/2010 18:07, Benedikt Stockebrand wrote: > that's a bit of a pain involved there. Additionally, it is > recommended not to run it on a machine that does anything else, mostly > because the init scripts (or equivalent) and Quagga tend to interfere > with each other. lolwut?!??! >> I'm sorry, I just don't subscribe to the idea of teaching >> folk to use RIP in today's networks, despite the size of >> their business (I hold workshops myself, I know) - because >> this stuff sticks. > > Valid point. And I agree that moving from RIP to OSPF is a rather > gory business lolwut^2? > hosts, 2--3 routers). To them, RIP makes life easier while OSPF is an > undefused bomb. huh? > Doing a three day course on OSPF alone is fine, but stuffing OSPF into > a three day course on IPv6 is just running people into trouble. I have found that I don't need to understand the finer points of internal combustion mechanics, spark plug design and exhaust muffling technology in order to drive down to the shop to buy a loaf of bread. Ok, let me spell it out. If you're running a routing protocol on your end-user workstations, you're probably doing it wrong. If you're running a routing protocol on your routers, then it goes like this: RIP configuration: router rip version 2 redistribute connected redistribute static default-information originate passive-interface FastEthernetX/Y or OSPF: router ospf 1 redistribute connected subnets redistribute static subnets default-information originate network a.b.c.0 0.0.0.255 area 0 passive-interface FastEthernetX/Y The configuration parameters are similarly difficult for RIPng and OSPFv3, or if you use Quagga instead of IOS, or JunOS instead of Quagga. I'm at a loss to see why one is much more difficult than the other. Can you explain? This thread is becoming too bizarre for words, but for some reason, I can't seem to pull myself away from it. Maybe don't explain after all. Nick From me at benedikt-stockebrand.de Tue Jun 1 19:53:38 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 17:53:38 +0000 Subject: The use of RIPng In-Reply-To: <4C053FE1.6070307@ipinc.net> (Ted Mittelstaedt's message of "Tue, 01 Jun 2010 10:14:09 -0700") References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C053FE1.6070307@ipinc.net> Message-ID: Ted Mittelstaedt writes: > Why do you use 2-3 routers with a grand total of 25 hosts?!? to separate accounting from human resources from R&D from internal servers from externally visible servers from guest (W)LANs. And sometimes more. For starters, make it one dedicated router for Internet connectivity (in some cases provided and managed by their ISP), one for the "business" subnets and possibly yet another one for R&D. These sites aren't data centers, but that doesn't mean reliability and/or security isn't relevant to them. Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From bmanning at vacation.karoshi.com Tue Jun 1 20:08:01 2010 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Tue, 1 Jun 2010 18:08:01 +0000 Subject: The use of RIPng In-Reply-To: <4C05438F.6000200@foobar.org> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> Message-ID: <20100601180801.GD4379@vacation.karoshi.com.> Morning Nick.... On Tue, Jun 01, 2010 at 06:29:51PM +0100, Nick Hilliard wrote: > > Ok, let me spell it out. If you're running a routing protocol on your > end-user workstations, you're probably doing it wrong. If you're running a > routing protocol on your routers, then it goes like this: if you run a routing protocol on an end-station - you've turned it into a router... (much like what happens in some anycast clusters for node failover) > I'm at a loss to see why one is much more difficult than the other. Can > you explain? your looking at the configuration statements. what is the cpu/memory footprint for the two? > This thread is becoming too bizarre for words, but for some reason, I can't > seem to pull myself away from it. Maybe don't explain after all. trainwreck... can't look away! > > Nick From nick at foobar.org Tue Jun 1 20:18:50 2010 From: nick at foobar.org (Nick Hilliard) Date: Tue, 01 Jun 2010 19:18:50 +0100 Subject: The use of RIPng In-Reply-To: <20100601180801.GD4379@vacation.karoshi.com.> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> Message-ID: <4C054F0A.7090306@foobar.org> On 01/06/2010 19:08, bmanning at vacation.karoshi.com wrote: > your looking at the configuration statements. what is the cpu/memory > footprint for the two? for the scenario presented - 25 workstations (irrelevant number), 2-3 routers and a couple of LANs? I'd say approximately epsilon. >> This thread is becoming too bizarre for words, but for some reason, I can't >> seem to pull myself away from it. Maybe don't explain after all. > > trainwreck... can't look away! Dammit, I did it again! Nick From tedm at ipinc.net Tue Jun 1 20:19:07 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 01 Jun 2010 11:19:07 -0700 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C053FE1.6070307@ipinc.net> Message-ID: <4C054F1B.4060603@ipinc.net> On 6/1/2010 10:53 AM, Benedikt Stockebrand wrote: > Ted Mittelstaedt writes: > >> Why do you use 2-3 routers with a grand total of 25 hosts?!? > > to separate accounting from human resources from R&D from internal > servers from externally visible servers from guest (W)LANs. > > And sometimes more. > > For starters, make it one dedicated router for Internet connectivity > (in some cases provided and managed by their ISP), one for the > "business" subnets and possibly yet another one for R&D. > > These sites aren't data centers, but that doesn't mean reliability > and/or security isn't relevant to them. > For networks like that we use 1 decent Internet router (we -always- make any ISP that mandates an ISP-supplied CPE, set it up as a bridge or router providing a subnet) and 1 decent managed layer 3 gigabit switch - Netgear makes some really nice SOHO 24 & 48 port fully managed ones that aren't that expensive - if we have to create the same kind of network. Or, just use a flat network and MAC address filtering to prevent the different departments from seeing servers and such that they are not supposed to get to and a layer 2 switch. With fewer hardware boxes there's much less to go wrong. But rarely do we ever see that kind of need in a SOHO. Ted From jeffm at iglou.com Tue Jun 1 20:36:45 2010 From: jeffm at iglou.com (Jeff McAdams) Date: Tue, 01 Jun 2010 14:36:45 -0400 Subject: The use of RIPng In-Reply-To: <20100601180801.GD4379@vacation.karoshi.com.> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> Message-ID: <4C05533D.8000000@iglou.com> On 6/1/10 2:08 PM, bmanning at vacation.karoshi.com wrote: > On Tue, Jun 01, 2010 at 06:29:51PM +0100, Nick Hilliard wrote: >> Ok, let me spell it out. If you're running a routing protocol on your >> end-user workstations, you're probably doing it wrong. If you're running a >> routing protocol on your routers, then it goes like this: > if you run a routing protocol on an end-station - you've turned it into > a router... (much like what happens in some anycast clusters for node > failover) Uhm, no. If you run a routing protocol on an end-station - you've given that end-station a mechanism that it might learn what the network topology is in the overall network, beyond just its default next-hop. You *might* let it be a router, depending on how that routing protocol is set up and other configuration issues within the OS. ( echo 0 > /proc/sys/net/ipv4/ip_forward pretty much makes a Linux box *not* be an IPv4 router, regardless of what software is running on it (yeah, yeah, unless you start getting into user-space routing and such)) You might also give that end-station the ability to inject routes into that network topology, which could, indeed, cause problems. So, there are use cases where it could be beneficial for end-stations to have knowledge of the overall network topology by running a routing protocol. There are also, almost certainly drawbacks. I think it is possible for reasonable people to disagree (including based on their individual scenarios for use-case) on which is bigger, the benefits or the drawbacks. -- Jeff McAdams jeffm at iglou.com From bmanning at vacation.karoshi.com Tue Jun 1 20:42:30 2010 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Tue, 1 Jun 2010 18:42:30 +0000 Subject: The use of RIPng In-Reply-To: <4C05533D.8000000@iglou.com> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> <4C05533D.8000000@iglou.com> Message-ID: <20100601184230.GE4379@vacation.karoshi.com.> On Tue, Jun 01, 2010 at 02:36:45PM -0400, Jeff McAdams wrote: > On 6/1/10 2:08 PM, bmanning at vacation.karoshi.com wrote: > >On Tue, Jun 01, 2010 at 06:29:51PM +0100, Nick Hilliard wrote: > > >>Ok, let me spell it out. If you're running a routing protocol on your > >>end-user workstations, you're probably doing it wrong. If you're running > >>a > >>routing protocol on your routers, then it goes like this: > > > if you run a routing protocol on an end-station - you've turned it > > into > > a router... (much like what happens in some anycast clusters for > > node > > failover) > > Uhm, no. here we must part ways... sort of by definition, if there is a routing protocol running, its a router - granted (as you point out below) it may not forward packets (dependent on configuration options) but -understanding- the network topology past next-hop is a key attribute of routing. so other than defintional terms, i'm almost with you. :) --bill > > If you run a routing protocol on an end-station - you've given that > end-station a mechanism that it might learn what the network topology is > in the overall network, beyond just its default next-hop. You *might* > let it be a router, depending on how that routing protocol is set up and > other configuration issues within the OS. ( echo 0 > > /proc/sys/net/ipv4/ip_forward pretty much makes a Linux box *not* be > an IPv4 router, regardless of what software is running on it (yeah, > yeah, unless you start getting into user-space routing and such)) You > might also give that end-station the ability to inject routes into that > network topology, which could, indeed, cause problems. > > So, there are use cases where it could be beneficial for end-stations to > have knowledge of the overall network topology by running a routing > protocol. There are also, almost certainly drawbacks. I think it is > possible for reasonable people to disagree (including based on their > individual scenarios for use-case) on which is bigger, the benefits or > the drawbacks. > > -- > Jeff McAdams > jeffm at iglou.com From jeffm at iglou.com Tue Jun 1 21:58:03 2010 From: jeffm at iglou.com (Jeff McAdams) Date: Tue, 01 Jun 2010 15:58:03 -0400 Subject: The use of RIPng In-Reply-To: <20100601184230.GE4379@vacation.karoshi.com.> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> <4C05533D.8000000@iglou.com> <20100601184230.GE4379@vacation.karoshi.com.> Message-ID: <4C05664B.3050503@iglou.com> On 6/1/10 2:42 PM, bmanning at vacation.karoshi.com wrote: > here we must part ways... sort of by definition, if there is > a routing protocol running, its a router - granted (as you > point out below) it may not forward packets (dependent on > configuration options) but -understanding- the network topology > past next-hop is a key attribute of routing. > so other than defintional terms, i'm almost with you. :) Huh, I tend to think of a router as a system that, you know, routes. Call me crazy. That may, or may not, involve a routing protocol. And a routing protocol, which is used to share topology and routing information, need not be used by a system to make decisions about routing. Sure, that's by far and away the most common use of routing protocol information, but I think going from the premise of a system running a routing protocol software to that system necessarily being a router is fraught with semantic peril. There are any of a number of reasons that a system could run routing protocol software and never forward a single packet, nor even have the capability of forwarding a packet. I think calling those systems routers will lead to no end of confusion and you'll please pardon me if I think your definition of "router" leaves more than a little bit to be desired. > --bill > >> >> If you run a routing protocol on an end-station - you've given that >> end-station a mechanism that it might learn what the network topology is >> in the overall network, beyond just its default next-hop. You *might* >> let it be a router, depending on how that routing protocol is set up and >> other configuration issues within the OS. ( echo 0> >> /proc/sys/net/ipv4/ip_forward pretty much makes a Linux box *not* be >> an IPv4 router, regardless of what software is running on it (yeah, >> yeah, unless you start getting into user-space routing and such)) You >> might also give that end-station the ability to inject routes into that >> network topology, which could, indeed, cause problems. >> >> So, there are use cases where it could be beneficial for end-stations to >> have knowledge of the overall network topology by running a routing >> protocol. There are also, almost certainly drawbacks. I think it is >> possible for reasonable people to disagree (including based on their >> individual scenarios for use-case) on which is bigger, the benefits or >> the drawbacks. >> >> -- >> Jeff McAdams >> jeffm at iglou.com -- Jeff McAdams jeffm at iglou.com From gbonser at seven.com Tue Jun 1 22:34:38 2010 From: gbonser at seven.com (George Bonser) Date: Tue, 1 Jun 2010 13:34:38 -0700 Subject: The use of RIPng In-Reply-To: <4C05664B.3050503@iglou.com> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> <4C05533D.8000000@iglou.com><20100601184230.GE4379@vacation.karoshi.com.> <4C05664B.3050503@iglou.com> Message-ID: <5A6D953473350C4B9995546AFE9939EE09EA4873@RWC-EX1.corp.seven.com> > > Huh, I tend to think of a router as a system that, you know, routes. > Call me crazy. That may, or may not, involve a routing protocol. And > a > routing protocol, which is used to share topology and routing > information, need not be used by a system to make decisions about > routing. Sure, that's by far and away the most common use of routing > protocol information, but I think going from the premise of a system > running a routing protocol software to that system necessarily being a > router is fraught with semantic peril. > > There are any of a number of reasons that a system could run routing > protocol software and never forward a single packet, nor even have the > capability of forwarding a packet. I think calling those systems > routers will lead to no end of confusion and you'll please pardon me if > I think your definition of "router" leaves more than a little bit to be > desired. > > > --bill Actually, having systems run OSPF is the Solaris standard for interface failover these days (OSPF-MP) which uses Quagga. The end system has two links, each are on different layer 3 subnets. A host announces its loopback IPs over both links. When an interface or upstream switch or router fails, the network uses the remaining path. Using ECMP, it also creates a reasonable alternative to Spanning Tree in the net where you push layer 3 all the way down to the hosts. Running routing protocols out to the host is becoming more common these days. From me at benedikt-stockebrand.de Tue Jun 1 22:56:46 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 20:56:46 +0000 Subject: The use of RIPng In-Reply-To: <4C05438F.6000200@foobar.org> (Nick Hilliard's message of "Tue, 01 Jun 2010 18:29:51 +0100") References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> Message-ID: Nick Hilliard writes: > On 01/06/2010 18:07, Benedikt Stockebrand wrote: >> that's a bit of a pain involved there. Additionally, it is >> recommended not to run it on a machine that does anything else, mostly >> because the init scripts (or equivalent) and Quagga tend to interfere >> with each other. > > lolwut?!??! With the vast majority of network services available on common Unixes, the default configuration listens on all interfaces, i.e. it does a listen on 0.0.0.0 or ::. In that case it doesn't really matter in which sequence services get started, and for that reason the ordering constraints for services are frequently somewhat incomplete. Now if you configure a service to listen only on a specific address, then the starting order *does* matter, because if the address from the service configuration isn't configured on an interface when the service attempts to start, the service won't come up. This is particularly painful if it happens to the sshd, which on the other hand should be started as soon as possible to give an admin a chance to fix problems remotely even if the boot sequence doesn't finish. With parallel startup mechanisms like upstart or SMF the situation gets even worse because the startup order becomes nondeterministic. >>> I'm sorry, I just don't subscribe to the idea of teaching >>> folk to use RIP in today's networks, despite the size of >>> their business (I hold workshops myself, I know) - because >>> this stuff sticks. >> >> Valid point. And I agree that moving from RIP to OSPF is a rather >> gory business > > lolwut^2? If you wait for the move from RIP to OSPF until you reach the limitations of RIP, most notably network diameter, then you have quite likely reached a point where you have to use both RIP and OSPF simultaneously for the migration phase. Redistributing routes between different routing protocols in real-world environments tends to be messy, especially if you have to manipulate the metrics, and is one of those things you don't want to do only occasionally. Having little experience with OSPF yet doesn't make things easier, either. Doing multi-protocol routing is something you want to leave to people who do very little else, so that's usually only an option if you are either an ISP/NSP, a large data center or possibly a large enterprise. >> hosts, 2--3 routers). To them, RIP makes life easier while OSPF is an >> undefused bomb. > > huh? You send one or two of your generic system/network administrators to a three to five day OSPF training. Afterwards they manage to deploy OSPF in your network. Half a year later, and with absolutely no reason to fiddle around with OSPF since the network works, something breaks. Not having touched any OSPF for months, they have forgotten much of what they've learned and the only chance they have to find and fix the problem is to dig out those old training manuscripts, trying to recall what the relevant details of have learned. All this under significant time pressure. Since you are so keen on not having a 45s loss of service, this should be a particularly alarming scenario to you. Or maybe you can find out in 45s what a type 5 LSA with OSPFv3 means? >> Doing a three day course on OSPF alone is fine, but stuffing OSPF into >> a three day course on IPv6 is just running people into trouble. > > I have found that I don't need to understand the finer points of internal > combustion mechanics, spark plug design and exhaust muffling technology in > order to drive down to the shop to buy a loaf of bread. If it is your job to keep that car working, and more importantly, to fix it again if it breaks, then you *do* need to know about it. Of course, if you are an end user, that's not a problem to you. > Ok, let me spell it out. If you're running a routing protocol on your > end-user workstations, you're probably doing it wrong. If you're running a > routing protocol on your routers, then it goes like this: > > RIP configuration: > > router rip > version 2 > redistribute connected > redistribute static > default-information originate > passive-interface FastEthernetX/Y > > or OSPF: > > router ospf 1 > redistribute connected subnets > redistribute static subnets > default-information originate > network a.b.c.0 0.0.0.255 area 0 > passive-interface FastEthernetX/Y > > The configuration parameters are similarly difficult for RIPng and OSPFv3, > or if you use Quagga instead of IOS, or JunOS instead of Quagga. > > I'm at a loss to see why one is much more difficult than the other. Can > you explain? On FreeBSD, enabling RIPng is a single line ipv6_router_enable=YES in /etc/rc.conf, while on Solaris you run # routeadm -e ipv6-routing # routeadm -u This *is* simpler than installing anything extra, sorting out potential init script issues mentioned above or any such thing. So much about running OSPF on Unix. Beyond that, your RIP configuration apparently works, but your OSPF one doesn't---maybe in the future you could try them out first, before publicly posting them. I have taken the liberty to dump your configuration into a toy 1812W, running 12.4(15)T1, just to make sure that I didn't just imagine the obvious error. But I got what I expected when I actually checked things: Router#show ip ospf 1 %OSPF: Router process 1 is not running, please configure a router-id Router# This is one of the very first things you should learn about OSPF: Be extremely careful about properly setting unique router IDs---even more so with OSPFv3, where an IP address can't be conveniently re-used as a router ID. And in a more general context it's also one of the very first things you should learn about any system or network administration in general: Always check the results. And, if possible, double and triple check. But that's still not the point. The real point is that things happen. Hardware breaks, software is buggy and, most importantly, people make mistakes. Maybe you have never had to deal with a "mission critical" system, but I have (and no, that TOP500 cluster wasn't the worst one). Fixing a problem that costs anything from 10000 Euro (or USD, whatever) per minute isn't fun, especially because very quickly you tend to have a flash mob (aka. unscheduled meeting of the board) breathing down your neck. What's worse, situations that you could cope with in a relaxed lab environment tend to turn out much more difficult to handle when they happen in production, because that's usually at 03:00 when you are dog tired, the colleague you desperatley need at the other end of the line 5000 km (3000 sm) away is down with flu and you're so pumped with adrenaline that most of whatever intelligence it leaves you can barely keep the fight or flight reflex at bay. If you are too optimistic about your skills when you set up things, then you are likely to learn about your limits and those of your colleagues and successors the hard way. > This thread is becoming too bizarre for words, but for some reason, I can't > seem to pull myself away from it. Maybe for starters you could just try to stop posting broken configurations and false statements about protocols you haven't tried out and don't understand. > Maybe don't explain after all. I'm not so much explaining but trying to help people finding your postings in search engines from getting into unnecessary trouble. Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org Tue Jun 1 23:20:01 2010 From: nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org (Mark Smith) Date: Wed, 2 Jun 2010 06:50:01 +0930 Subject: The use of RIPng In-Reply-To: <20100601180801.GD4379@vacation.karoshi.com.> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> Message-ID: <20100602065001.30f0cc21@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> On Tue, 1 Jun 2010 18:08:01 +0000 bmanning at vacation.karoshi.com wrote: > Morning Nick.... > > > On Tue, Jun 01, 2010 at 06:29:51PM +0100, Nick Hilliard wrote: > > > > Ok, let me spell it out. If you're running a routing protocol on your > > end-user workstations, you're probably doing it wrong. If you're running a > > routing protocol on your routers, then it goes like this: > > if you run a routing protocol on an end-station - you've turned it into > a router... (much like what happens in some anycast clusters for node > failover) > > > I'm at a loss to see why one is much more difficult than the other. Can > > you explain? > > your looking at the configuration statements. what is the cpu/memory > footprint for the two? > I doesn't matter. If you think it does, then you haven't noticed the effect of Moore's law. IIRC, Cisco made a recommendation of a maximum of 50 routers and 200 links in an area many years ago. That was for *Cisco 2500s* i.e. a 25Mhz Motorolla 68030 CPU with (IIRC) a 1MB of RAM. Considering that Cisco 877s come with 400Mhz PowerPCs and a minium of 128MB of RAM, memory and CPU are of no concern in the RIP vs OSPF debate. So unless you're still running 2500s and have more than 50 routes, you won't have OSPF related CPU or memory issues - ever. I also don't think troubleshooting has much weight. In my experience, a well designed network commonly won't have failures that require protocol specific diagnosis i.e. understanding distance vector or link state methods of operation, packet traces etc. For smaller organisations, they'll be so rare that even if they do invest in that knowledge, by the time they need to use it, they'll have almost forgotten it anyway. Knowledge that isn't being used is being forgotten - that's how our brains work. It's better and quicker for those organisations to buy in that expertise on the rare occasions they need it. > > > This thread is becoming too bizarre for words, but for some reason, I can't > > seem to pull myself away from it. Maybe don't explain after all. > > trainwreck... can't look away! > > > > > Nick From me at benedikt-stockebrand.de Tue Jun 1 23:22:59 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Tue, 01 Jun 2010 21:22:59 +0000 Subject: The use of RIPng In-Reply-To: <4C054F1B.4060603@ipinc.net> (Ted Mittelstaedt's message of "Tue, 01 Jun 2010 11:19:07 -0700") References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C053FE1.6070307@ipinc.net> <4C054F1B.4060603@ipinc.net> Message-ID: Ted Mittelstaedt writes: > For networks like that we use 1 decent Internet router (we -always- > make any ISP that mandates an ISP-supplied CPE, set it up as a > bridge or router providing a subnet) and 1 decent managed layer 3 > gigabit switch - Netgear makes some really nice SOHO 24 & 48 port > fully managed ones that aren't that expensive - if we have to create > the same kind of network. I fully agree with the *decent* ISP :-) With the rest it is slightly more complex: > Or, just use a flat network and MAC address filtering to prevent the > different departments from seeing servers and such that they are not > supposed to get to and a layer 2 switch. This assumes that people don't do much fooling around, which is a reasonable assumption for a non-IT shop but not necessarily for a small software company or engineering office or such. > With fewer hardware boxes there's much less to go wrong. Agreed---as long as you still have arranged for access to spare components. It's just another variation of the "keeping complexity out where it doesn't help" theme. > But rarely do we ever see that kind of need in a SOHO. I'm not talking SoHo (as defined by what's generally sold as "SoHo equipment") here, but a bit larger. I'm thinking of the sort of people who actually need their network up and running to stay in business. If you are running an accounting/tax adviser office, then you have to deliver certain data to the German equivalent of the IRS. If you network is down the wrong day, it'll cost you. Possibly dearly. Similarly, and as a more internationally familar phenomenon, if you have agreed with a customer on some sort of penalty and can't deliver in time, things can quickly get rather ugly moneywise. Cheers Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From bmanning at vacation.karoshi.com Tue Jun 1 23:30:17 2010 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Tue, 1 Jun 2010 21:30:17 +0000 Subject: The use of RIPng In-Reply-To: <20100602065001.30f0cc21@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <20100601180801.GD4379@vacation.karoshi.com.> <20100602065001.30f0cc21@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> Message-ID: <20100601213017.GB5952@vacation.karoshi.com.> On Wed, Jun 02, 2010 at 06:50:01AM +0930, Mark Smith wrote: > On Tue, 1 Jun 2010 18:08:01 +0000 > bmanning at vacation.karoshi.com wrote: > > > Morning Nick.... > > > > > > On Tue, Jun 01, 2010 at 06:29:51PM +0100, Nick Hilliard wrote: > > > > > > Ok, let me spell it out. If you're running a routing protocol on your > > > end-user workstations, you're probably doing it wrong. If you're running a > > > routing protocol on your routers, then it goes like this: > > > > if you run a routing protocol on an end-station - you've turned it into > > a router... (much like what happens in some anycast clusters for node > > failover) > > > > > I'm at a loss to see why one is much more difficult than the other. Can > > > you explain? > > > > your looking at the configuration statements. what is the cpu/memory > > footprint for the two? > > > > I doesn't matter. If you think it does, then you haven't noticed the > effect of Moore's law. yes it does... particularly wrt mobile/embedded devices. cpu/memory == power == battery drain. as mentioned elsewhere - RIP is perhaps the smallest implementation of the D-V routing protocols and compared w/ link-state routing protocols (OSPF etc.), distance-vector routing protocols have less computational complexity and message overhead. ergo smaller resource constraints == more efficant. Just saying that there is a place for D-V in the world, its not just Link-state. Folks should (and do) use what works for them. As usual, YMMV. --bill From shane at time-travellers.org Wed Jun 2 09:21:56 2010 From: shane at time-travellers.org (Shane Kerr) Date: Wed, 02 Jun 2010 15:21:56 +0800 Subject: Reliability & downtime, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <4C054276.5080700@ipinc.net> References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <4C053559.8020808@foobar.org> <4C054276.5080700@ipinc.net> Message-ID: <1275463316.3658.149.camel@shane-asus-laptop> On Tue, 2010-06-01 at 10:25 -0700, Ted Mittelstaedt wrote: > > On 6/1/2010 9:29 AM, Nick Hilliard wrote: > > On 01/06/2010 14:56, Benedikt Stockebrand wrote: > >> destination. NUD ensures that a dead router is detected at an average > >> 30s, plusminus 15s to avoid synchronization effects. RFC 4861 has all > >> the details. > > > > It kills me to add further noise to this thread, but this is probably one > > of the base sources of contention. It seems that you're happy with 15-45 > > seconds as an operationally / commercially acceptable time period for loss > > of service in the event of gateway failure / failover. If you accept this > > level of service unavailability, then RA / NUD is quite adequate. > > > > I don't accept that this is an acceptable operational / commercial > > proposition for my customers. Therefore RA / NUD is not viable on the > > networks which I deal with. > > > > I don't accept that routers routinely dying is an acceptable operational > / commercial proposition for our customers. > > Just for grins I just checked and the last SCHEDULED reboot of our own > largest and most complex BGP-running router was 50 weeks ago. > > The last UNSCHEDULED reboot was something like 5 YEARS ago. Okay, that's one router... multiply that by 10 and you've got a router doing an unscheduled reboot every 6 months. See how that works? :) I think Nick was quite correct in identifying that for some operational environments (like yours apparently) RA is acceptable, but for others it doesn't fit the needs. And Ted, please try to stay nice! You are almost calling some of the other people on the list incompetent. That may be true, but I don't think you have enough information to know. ;) -- Shane From mtinka at globaltransit.net Wed Jun 2 10:06:15 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Wed, 2 Jun 2010 16:06:15 +0800 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses"a problem anyway?) In-Reply-To: <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> References: <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> Message-ID: <201006021606.19401.mtinka@globaltransit.net> On Wednesday 02 June 2010 12:50:54 am George Bonser wrote: > What do you mean "were"? If you own Brocade/Foundry > SuperX units and want to run v6 layer 3 you need to buy > special blades AND pay a premium license fee. Any > networks unlucky enough to have purchased any of that > kit over the past few years are suddenly feeling this > burning sensation on their seat if they are considering > v6 migration. Those folk should have known better when purchasing kit, then. We won't buy kit or code from vendors that won't (have plans to) support IPv6. We won't buy transit from providers who won't support IPv6 (including those that won't support a full v6 routing able). I realize needs differ, but if we all voted with our feet/wallets re: IPv6, maybe we'll see the result we're all looking for. > I use RIPng only for "next hop" > information where I redistribute connected links from my > external peering connections among my BGP routers. > Internally we use OSPF. Why not set the BGP NEXT_HOP attribute to 'self' in your iBGP sessions? Or, worst case, run your peering interfaces in 'passive' mode in OSPF? I would have avoid have multiple dynamic IGP's if I could. Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100602/e0a26d56/attachment.bin From michael.dillon at bt.com Wed Jun 2 10:13:55 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 2 Jun 2010 09:13:55 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> Message-ID: <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> > I do have a sense of deja-vu in a lot of instances, and all this has > been > covered before: you're correct. I also agree that existing sites > simply > need updating or new ownership just to get them pushed along. I'm > currently facing that as I go throw my own IPv6 planning for another > group. Neither the 6net or the Janet sites are "cookbooks", neither are wikis, and there is no easy way to update them. A cookbook should allow anyone to post their recipe/solution for a problem that they have faced, without requiring any bureaucratic process of contacting site owners. Hopefully the ARIN wiki already has links to the 6net and Janet resources. --Michael Dillon From mtinka at globaltransit.net Wed Jun 2 10:44:19 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Wed, 2 Jun 2010 16:44:19 +0800 Subject: The use of RIPng In-Reply-To: References: <201006012334.51111.mtinka@globaltransit.net> Message-ID: <201006021644.24263.mtinka@globaltransit.net> On Wednesday 02 June 2010 01:07:40 am Benedikt Stockebrand wrote: > that's a bit of a pain involved there. Additionally, it > is recommended not to run it on a machine that does > anything else, mostly because the init scripts (or > equivalent) and Quagga tend to interfere with each > other. Can't say I've heard of such a recommendation, but I'd likely spin more cycles making this do what I want than running RIP. But that's just me; it's a free world, you're welcome to run whatever you like :-). > Valid point. And I agree that moving from RIP to OSPF is > a rather gory business, especially if you delay the move > until RIP becomes a problem rather than a solution. Aye. > However, there are businesses that rarely grow to the > point that they have a full-time sysadmin around, and > the choices there are either static routes (which are > fascinatingly prone to typos) or RIP to maintain routing > tables automatically. These might probably afford to employ someone like yourself to come in as-needed to fix problems with their link state routing protocol. The workshops we do are generally formatted in a 'service provider' style, but we find all types of organizations attending and benefiting from them anyway, from enterprise to university, e.t.c. The moral of the story is that you never know how/when your network will scale up. So rather than having to migrate to a more scalable deployment in the future, just do it now even if it may look like a waste of time. It doesn't cost you much more. > > The most I tend to say about RIP - don't use it! In > > addition to the "other way" we we tend to describe it. > > [Parse Error?] Rest In Peace. > My point is on troubleshooting, not configuring things. > You don't have to use areas (beyond backbone) or > whatever, but it still takes quite some background to > understand that the LSAs you see are wrong, figure out > what they mean, why and how they mess up your routing, > how to track down their source and how to get rid of > them. We tackle this problem by having a Basic and Advanced set of sessions. We have found that it's easy to load a lot of fat on tutorials and make routing protocols seem more complicated than they actually are (or perhaps, should be), e.g., it probably is not very useful to go into Dijkstra Algorithm details, header format details, e.t.c. Advanced sessions can then look at more detail of the protocol. Provided you lock down the basics in the Basic session and encourage good network design, interaction with the IGP will not be as often as you might think, if ever (the only time we touch our IS-IS setup is when we're deploying a new router or new interface). If you're spending too much debugging your IGP, your probably have a poor network design to start with. > - If I have participants who don't know about OSPFv2, > usually because they are less routing centric, then I > won't spend time on teaching elementary OSPF because > there are plenty topics more relevant to them. I think routing protocols are as relevant to IP as IP, itself, is. Once your participants understand the IPv6 protocol, they need to understand how to propagate those IP addresses within the network. At some point, you can't detach the two. Whatever they take in now will stick for a very long time, and what we've seen with workshops is the hardest thing to teach participants is how to "unlearn" the bad stuff they've picked up from allover. > Doing a three day course on OSPF alone is fine, but > stuffing OSPF into a three day course on IPv6 is just > running people into trouble. I really can't tell you how to do your job. Only you know it best :-). But the fact about getting down the good principles in the start, remains, and personally, while you can't stop folk from doing what they want to do, RIP should really not be talked about in public, especially to virgin operators. But again, that's just me :-). Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100602/8cd4c13d/attachment.bin From mtinka at globaltransit.net Wed Jun 2 11:28:00 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Wed, 2 Jun 2010 17:28:00 +0800 Subject: The use of RIPng In-Reply-To: References: <4C053FE1.6070307@ipinc.net> Message-ID: <201006021728.04956.mtinka@globaltransit.net> On Wednesday 02 June 2010 01:53:38 am Benedikt Stockebrand wrote: > to separate accounting from human resources from R&D from > internal servers from externally visible servers from > guest (W)LANs. > > And sometimes more. > > For starters, make it one dedicated router for Internet > connectivity (in some cases provided and managed by > their ISP), one for the "business" subnets and possibly > yet another one for R&D. > > These sites aren't data centers, but that doesn't mean > reliability and/or security isn't relevant to them. Ummh, couldn't VLAN's help (which could seriously derail this thread into OT territory)? Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100602/92bb4f18/attachment.bin From mtinka at globaltransit.net Wed Jun 2 11:52:52 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Wed, 2 Jun 2010 17:52:52 +0800 Subject: The use of RIPng In-Reply-To: References: <4C05438F.6000200@foobar.org> Message-ID: <201006021752.56837.mtinka@globaltransit.net> On Wednesday 02 June 2010 04:56:46 am Benedikt Stockebrand wrote: > Beyond that, your RIP configuration apparently works, but > your OSPF one doesn't---maybe in the future you could > try them out first, before publicly posting them. I > have taken the liberty to dump your configuration into a > toy 1812W, running 12.4(15)T1, just to make sure that I > didn't just imagine the obvious error. But I got what I > expected when I actually checked things: > > Router#show ip ospf 1 > %OSPF: Router process 1 is not running, please > configure a router-id Router# > > This is one of the very first things you should learn > about OSPF: Be extremely careful about properly setting > unique router IDs---even more so with OSPFv3, where an > IP address can't be conveniently re-used as a router ID. Something tells me Nick is already familiar with this requirement in OSPFv2|v3 in IOS :-), and as such, supporting configuration was implied. The highest IPv4 Loopback or major interface address becomes the default Router-ID, and as such, does not necessarily call for the explicit definition of the same (even though this is not an uncommon design). The complaint you receive from the router is likely because you don't have any IPv4 address configured, a somewhat unlikely scenario for now, but maybe so in many years when new users/networks will never have access to public v4 address space. But you probably know all this already :-). Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100602/75c031d6/attachment.bin From mir at ripe.net Wed Jun 2 14:13:04 2010 From: mir at ripe.net (Mirjam Kuehne) Date: Wed, 02 Jun 2010 14:13:04 +0200 Subject: IPv6 CPE Survey on RIPE Labs Message-ID: <4C064AD0.1050300@ripe.net> [apologies for duplicates] Dear colleagues, At the recent RIPE Meeting in Prague, Marco Hogewoning presented the IPv6 CPE survey he conducted among various vendors. The results are now published on RIPE Labs. You can find it on the home page http://labs.ripe.net or you can go directly to: http://labs.ripe.net/content/ipv6-cpe-survey In order to keep this survey up to date, we are looking for feedback: If you have access to a testbed, are already running tests of your own or if you spot an error, please leave a comment in the IPv6 CPE Survey forum: http://labs.ripe.net/content/ipv6-cpe-survey-0 or contact us on labs at ripe.net Kind Regards, Mirjam K?hne RIPE NCC From Sam.Wilson at ed.ac.uk Wed Jun 2 14:14:53 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Wed, 2 Jun 2010 13:14:53 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> On 2 Jun 2010, at 09:13, wrote: >> I do have a sense of deja-vu in a lot of instances, and all this has >> been >> covered before: you're correct. I also agree that existing sites >> simply >> need updating or new ownership just to get them pushed along. I'm >> currently facing that as I go throw my own IPv6 planning for another >> group. > > Neither the 6net or the Janet sites are "cookbooks", neither are > wikis, > and there is no easy way to update them. A cookbook should allow > anyone > to post their recipe/solution for a problem that they have faced, > without requiring any bureaucratic process of contacting site owners. That's one definition of a cookbook. I'd hope there would be some editorial oversight and quality control, especially if the participants in recent discussions here were all to be offering their recipes and editing each others. > Hopefully the ARIN wiki already has links to the 6net and Janet > resources. Not to JANET. Searching for 6NET brings up only this . Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From marty at supine.com Wed Jun 2 14:43:43 2010 From: marty at supine.com (Martin Barry) Date: Wed, 2 Jun 2010 14:43:43 +0200 Subject: IPv6 Anycast Message-ID: <20100602124343.GA10342@merboo.mamista.net> I'm trying to get a good grasp of IPv6 anycast. It appears to me that it's not quite analogous to the concept of anycast which has prevailed in IPv4 and has some deficiencies which would lead some operators to prefer to continue using the old method with IPv6 unicast addresses. Anyone read a good comparison of how the two match / differ? cheers Marty From berni at birkenwald.de Wed Jun 2 15:01:29 2010 From: berni at birkenwald.de (Bernhard Schmidt) Date: Wed, 2 Jun 2010 15:01:29 +0200 Subject: IPv6 Anycast In-Reply-To: <20100602124343.GA10342@merboo.mamista.net> References: <20100602124343.GA10342@merboo.mamista.net> Message-ID: <20100602130129.GA6582@schleppi.birkenwald.de> On Wed, Jun 02, 2010 at 02:43:43PM +0200, Martin Barry wrote: > I'm trying to get a good grasp of IPv6 anycast. > > It appears to me that it's not quite analogous to the concept of anycast > which has prevailed in IPv4 and has some deficiencies which would lead some > operators to prefer to continue using the old method with IPv6 unicast > addresses. > > Anyone read a good comparison of how the two match / differ? IPv6 anycast is a special case of neighbor discovery where more than one system can serve an address on a shared link. We use(d) that for first-hop redundancy (shared address on two routers) back when HSRPv6 was not yet available. Standard anycast like it has been done in IPv4 before (with routingprotocols) is still possible and necessary, for example for anycasted DNS deployments. Bernhard From michael.dillon at bt.com Wed Jun 2 15:40:24 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 2 Jun 2010 14:40:24 +0100 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net><201006012334.51111.mtinka@globaltransit.net><4C05438F.6000200@foobar.org> Message-ID: <28E139F46D45AF49A31950F88C4974580637F5AA@E03MVZ2-UKDY.domain1.systemhost.net> > Half a year later, and with absolutely no reason to fiddle around with > OSPF since the network works, something breaks. Not having touched > any OSPF for months, they have forgotten much of what they've learned > and the only chance they have to find and fix the problem is to dig > out those old training manuscripts, trying to recall what the relevant > details of have learned. All this under significant time pressure. > What's worse, situations that you could cope with in a relaxed lab > environment tend to turn out much more difficult to handle when they > happen in production, because that's usually at 03:00 when you are dog > tired, the colleague you desperatley need at the other end of the line > 5000 km (3000 sm) away is down with flu and you're so pumped with > adrenaline that most of whatever intelligence it leaves you can barely > keep the fight or flight reflex at bay. That's why you should not rely on the information in some training manuscripts from several months ago. Make an internal wiki, and write down anything that is important on that wiki. Then when you are troubleshooting, you can use a search tool to help you find the relevant info. Because it is your wiki, and you intend for it to be a support resource, when you implement OSPFv3, you will add notes to the wiki as you go, noting what you did differently and why. >From time to time, look for interesting recipes and troubleshooting notes from other people on the net and add them to the wiki, i.e. copy any good bits from ipv6-ops emails. > If you are too optimistic about your skills when you set up things, > then you are likely to learn about your limits and those of your > colleagues and successors the hard way. In fact, it may be your successors who are doing the troubleshooting. --Michael Dillon From michael.dillon at bt.com Wed Jun 2 15:50:27 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 2 Jun 2010 14:50:27 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> Message-ID: <28E139F46D45AF49A31950F88C4974580637F5CB@E03MVZ2-UKDY.domain1.systemhost.net> > That's one definition of a cookbook. I'd hope there would be some > editorial oversight and quality control, especially if the > participants in recent discussions here were all to be offering their > recipes and editing each others. A wiki has the same editorial oversight and quality control as this list. Except it is cleaner because the editor can just delete the incorrect material and leave only the good stuff. > > Hopefully the ARIN wiki already has links to the 6net and Janet > > resources. > > Not to JANET. Searching for 6NET brings up only this www.getipv6.info/index.php/Review:An_IPv6_Deployment_Guide>. And you *DID* fix this, right? A lot of sites now rely on a simplified form of Wikipedia's editorial model which in a nutshell is, "If you complain about the cooking, you have just been elected as chief cook". --Michael Dillon From Sam.Wilson at ed.ac.uk Wed Jun 2 16:05:10 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Wed, 2 Jun 2010 15:05:10 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637F5CB@E03MVZ2-UKDY.domain1.systemhost.net> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F5CB@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <8E2CECC5-FF9E-4817-B30A-7A7AB595058B@ed.ac.uk> On 2 Jun 2010, at 14:50, wrote: >> That's one definition of a cookbook. I'd hope there would be some >> editorial oversight and quality control, especially if the >> participants in recent discussions here were all to be offering their >> recipes and editing each others. > > A wiki has the same editorial oversight and quality control as this > list. Except it is cleaner because the editor can just delete the > incorrect material and leave only the good stuff. Not so - there is no one editing this list to leave only the good stuff. >>> Hopefully the ARIN wiki already has links to the 6net and Janet >>> resources. >> >> Not to JANET. Searching for 6NET brings up only this > www.getipv6.info/index.php/Review:An_IPv6_Deployment_Guide>. > > And you *DID* fix this, right? A lot of sites now rely > on a simplified form of Wikipedia's editorial model > Wikipedia:Editorial_oversight_and_control> > which in a nutshell is, "If you complain about the cooking, you have > just been elected as chief cook". I didn't. I'm just the diner waiting for the chefs to finish arguing. By all means elect me but don't expect cordon bleu. Don't even expect something edible. And to stretch the analogy a little too far, I'm waiting until I'm sure the dish is perfected, the recipe is published and all the ingredients are readily available in my local supermarket before I start cooking. Given the discussions here recently I don't think we're even close and I may be off to McDonalds to keep my stomach from rumbling. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From Sam.Wilson at ed.ac.uk Wed Jun 2 16:08:57 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Wed, 2 Jun 2010 15:08:57 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <8E2CECC5-FF9E-4817-B30A-7A7AB595058B@ed.ac.uk> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F5CB@E03MVZ2-UKDY.domain1.systemhost.net> <8E2CECC5-FF9E-4817-B30A-7A7AB595058B@ed.ac.uk> Message-ID: <031B59EF-4BCF-4D50-914D-D694677BA1C2@ed.ac.uk> On 2 Jun 2010, at 15:05, Sam Wilson wrote: > > On 2 Jun 2010, at 14:50, wrote: > >> A wiki has the same editorial oversight and quality control as this >> list. Except it is cleaner because the editor can just delete the >> incorrect material and leave only the good stuff. > > Not so - there is no one editing this list to leave only the good > stuff. Sorry - ignore that - on first reading I missed the 'except'. I agree. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From michael.dillon at bt.com Wed Jun 2 16:13:17 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 2 Jun 2010 15:13:17 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <8E2CECC5-FF9E-4817-B30A-7A7AB595058B@ed.ac.uk> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F5CB@E03MVZ2-UKDY.domain1.systemhost.net> <8E2CECC5-FF9E-4817-B30A-7A7AB595058B@ed.ac.uk> Message-ID: <28E139F46D45AF49A31950F88C4974580637F623@E03MVZ2-UKDY.domain1.systemhost.net> > >> That's one definition of a cookbook. I'd hope there would be some > >> editorial oversight and quality control, especially if the > >> participants in recent discussions here were all to be offering > their > >> recipes and editing each others. > > > > A wiki has the same editorial oversight and quality control as this > > list. Except it is cleaner because the editor can just delete the > > incorrect material and leave only the good stuff. > > Not so - there is no one editing this list to leave only the good > stuff. That's why a wiki is cleaner than this list where people only can add good stuff at the end of a thread of bad stuff. > > And you *DID* fix this, right? A lot of sites now rely > > on a simplified form of Wikipedia's editorial model > > > Wikipedia:Editorial_oversight_and_control> > > which in a nutshell is, "If you complain about the cooking, you have > > just been elected as chief cook". > > I didn't. I'm just the diner waiting for the chefs to finish > arguing. By all means elect me but don't expect cordon bleu. Don't > even expect something edible. Nobody asked for something edible. Just go to http://www.getipv6.info register as a user, then go to the page that doesn't have enough URLs on it, and paste in the two or three that you think would be most useful. > And to stretch the analogy a little too far, I'm waiting until I'm > sure the dish is perfected, the recipe is published and all the > ingredients are readily available in my local supermarket before I > start cooking. It is all done. Go to that site that you like, copy the url from the location bar (or right click and copy) then go to the wiki page, click edit and paste the URL somewhere near the one that you did find. --Michael Dillon From nick at foobar.org Wed Jun 2 18:18:55 2010 From: nick at foobar.org (Nick Hilliard) Date: Wed, 02 Jun 2010 17:18:55 +0100 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> Message-ID: <4C06846F.2010805@foobar.org> On 01/06/2010 21:56, Benedikt Stockebrand wrote: > Now if you configure a service to listen only on a specific address, > then the starting order *does* matter ah, you're referring to the specific situation where you use the zebra daemon to configure interface addresses _instead_ of using the native operating system interface configuration mechanism. Yes, that causes problems, which is why people generally don't do this. If you need interface addresses in zebra, by all means put them in, but you'll need the equivalent directives in the operating system startup configuration. TBH, I've long given up on using server operating system routing daemons for soho / sme stuff - it's not worth the hassle. Routers are cheap. > If you wait for the move from RIP to OSPF until you reach the > limitations of RIP, most notably network diameter, then you have quite > likely reached a point where you have to use both RIP and OSPF > simultaneously for the migration phase. Honestly, if you have built a RIP based network which comes to within several orders of magnitude of reaching the limitations of RIP, you really need to reconsider your career choice and think about moving to something which doesn't involve computer networking. Nick From gbonser at seven.com Wed Jun 2 18:20:43 2010 From: gbonser at seven.com (George Bonser) Date: Wed, 2 Jun 2010 09:20:43 -0700 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses"a problem anyway?) In-Reply-To: <201006021606.19401.mtinka@globaltransit.net> References: <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> <201006021606.19401.mtinka@globaltransit.net> Message-ID: <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> > -----Original Message----- > From: Mark Tinka [mailto:mtinka at globaltransit.net] > Sent: Wednesday, June 02, 2010 1:06 AM > To: ipv6-ops at lists.cluenet.de > Cc: George Bonser > Subject: Re: The use of RIPng (was: Re: So why is "IPv4 with longer > addresses"a problem anyway?) > > On Wednesday 02 June 2010 12:50:54 am George Bonser wrote: > > > What do you mean "were"? If you own Brocade/Foundry SuperX units > and > > want to run v6 layer 3 you need to buy special blades AND pay a > > premium license fee. Any networks unlucky enough to have purchased > > any of that kit over the past few years are suddenly feeling this > > burning sensation on their seat if they are considering > > v6 migration. > > Those folk should have known better when purchasing kit, then. > > We won't buy kit or code from vendors that won't (have plans > to) support IPv6. Well, someone buying the stuff a few years ago as a layer2 switch and then deciding to go Layer 3 wouldn't have had a problem with v4. It would have bitten them only when they went to v6 and then they would discover the hardware and premium license requirement. To be fair, I believe it requires a premium license for anything other than base layer 3 even with v4. But the hardware requirement surprised me when I read it on a different list. This is just one more example (out of many) of the things that are holding back v6 adoption and deployment. It isn't the rolling out of v6 per se that is the problem. It is the lack of support tools (DNS management is one example) and vendor oddities that are adding additional barriers to networks who see the writing on the wall but have internal operational or financial barriers. This isn't going to change until people globally think of v6 as the standard and not some "optional" requirement. George From Sam.Wilson at ed.ac.uk Wed Jun 2 18:45:52 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Wed, 2 Jun 2010 17:45:52 +0100 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses"a problem anyway?) In-Reply-To: <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> References: <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> <201006021606.19401.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> Message-ID: <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> On 2 Jun 2010, at 17:20, George Bonser wrote: > ... It isn't the rolling out of v6 > per se that is the problem. It is the lack of support tools (DNS > management is one example) and vendor oddities that are adding > additional barriers to networks who see the writing on the wall but > have > internal operational or financial barriers. This isn't going to > change > until people globally think of v6 as the standard and not some > "optional" requirement. We were recently invited by a supplier to provide input on a particular IPv6 feature that was missing from a new product, to justify why they should implement it. My text ended this way: "... As network operators we would expect to provide the same standard of service for IPv6 as for IPv4. For that we simply expect parity of features between v4 and v6. Since you already offer [feature X for IPv4] on these platforms, and have done since the [previous generation] first appeared, why *wouldn't* you do [feature X] for IPv6?" Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From Sam.Wilson at ed.ac.uk Wed Jun 2 18:48:57 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Wed, 2 Jun 2010 17:48:57 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637F623@E03MVZ2-UKDY.domain1.systemhost.net> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <53C0775C-3092-4752-8BEB-9724B44E2884@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F5CB@E03MVZ2-UKDY.domain1.systemhost.net> <8E2CECC5-FF9E-4817-B30A-7A7AB595058B@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F623@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <637964F2-0602-4842-8771-E29A97172986@ed.ac.uk> On 2 Jun 2010, at 15:13, wrote: >> And to stretch the analogy a little too far, I'm waiting until I'm >> sure the dish is perfected, the recipe is published and all the >> ingredients are readily available in my local supermarket before I >> start cooking. > > It is all done. Go to that site that you like, copy the url from > the location bar (or right click and copy) then go to the wiki > page, click edit and paste the URL somewhere near the one that you did > find. Clearly the analogy did stretch too far. The ARIN site is the cookbook. IPv6 is the meal. I'm not competent to edit the cookbook. I'm waiting for the chefs to finish the IPv6 recipe. It still seems some way off. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From tedm at ipinc.net Wed Jun 2 19:48:57 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 02 Jun 2010 10:48:57 -0700 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C053FE1.6070307@ipinc.net> <4C054F1B.4060603@ipinc.net> Message-ID: <4C069989.7030105@ipinc.net> On 6/1/2010 2:22 PM, Benedikt Stockebrand wrote: > Ted Mittelstaedt writes: > >> For networks like that we use 1 decent Internet router (we -always- >> make any ISP that mandates an ISP-supplied CPE, set it up as a >> bridge or router providing a subnet) and 1 decent managed layer 3 >> gigabit switch - Netgear makes some really nice SOHO 24& 48 port >> fully managed ones that aren't that expensive - if we have to create >> the same kind of network. > > I fully agree with the *decent* ISP :-) > > With the rest it is slightly more complex: > >> Or, just use a flat network and MAC address filtering to prevent the >> different departments from seeing servers and such that they are not >> supposed to get to and a layer 2 switch. > > This assumes that people don't do much fooling around, which is a > reasonable assumption for a non-IT shop but not necessarily for a > small software company or engineering office or such. > >> With fewer hardware boxes there's much less to go wrong. > > Agreed---as long as you still have arranged for access to spare > components. > > It's just another variation of the "keeping complexity out where it > doesn't help" theme. > Complexity like running a routing protocol on each WS? ;-) >> But rarely do we ever see that kind of need in a SOHO. > > I'm not talking SoHo (as defined by what's generally sold as "SoHo > equipment") here, but a bit larger. We operate quite a lot in the low-end given our customer base's demands and I've got a lot of experience with the low-end gear as a result. The truth of the matter is that there really isn't a defined "SOHO" and a defined "business class" and a defined "industrial grade" class in networking gear anymore, at least, not for anything costing under $1,000.00 USD It's all marketing. For example take the Westell 2100 bridged DSL modem. Cheap as dirt, aimed directly at the lowest-common-denominator garbage-grade consumer, the last one rolled off the assembly line years ago, and the used market is flooded with them - people can't give them away. You would think this is a tremendous POS DSL modem. Yet, I can take a used one of those modems, couple it up to a $20.00 Airlink 101 router running dd-wrt, and for about $40 in parts have an installation that doesn't generate a callback, and runs at 7MBts all day long. However, I can attempt the same thing with a $400 Cisco 827 all-in-one DSL modem/router on the exact same DSL line and I get regular callbacks. I have to move up in the Cisco line to a modular router with an internal DSL WIC before I get the same reliability as the $40 solution, and I have the call history to prove it. This does NOT mean that all cheap solutions are reliable. The Westell 327 for example is pure trash. > I'm thinking of the sort of > people who actually need their network up and running to stay in > business. > Hmm, well we treat all our customers, including the residential ones, this way. I very much doubt that you could give me a 25-host network scenario that wasn't a corner case that couldn't be made reliable with a wide variety of products at a wide variety of price points. It's all in the selection and knowing the limitations of the gear. It's a bit snobby to infer that cheap "soho" products are for people who don't actually need their network up and running to stay in business, and it definitely contradicts what I've seen with my own 2 eyes down here in the trenches. In any case, as far as Internet connectivity goes, the Telco's control the reliability of THAT. You could be Microsoft for all they care - if the fiber-seeking backhoe has chosen the day before your taxes are due to be uploaded to the government to sever your connection, then your going to have to wait until whenever the Telco damn well feels like it before your connectivity is restored. If you get penalized, that's your problem. Perhaps the Telco's operate differently in Germany? Ted From tedm at ipinc.net Wed Jun 2 20:19:49 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 02 Jun 2010 11:19:49 -0700 Subject: The use of RIPng In-Reply-To: <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> References: <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> <201006021606.19401.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> Message-ID: <4C06A0C5.2060702@ipinc.net> On 6/2/2010 9:45 AM, Sam Wilson wrote: > > On 2 Jun 2010, at 17:20, George Bonser wrote: > >> ... It isn't the rolling out of v6 >> per se that is the problem. It is the lack of support tools (DNS >> management is one example) and vendor oddities that are adding >> additional barriers to networks who see the writing on the wall but have >> internal operational or financial barriers. This isn't going to change >> until people globally think of v6 as the standard and not some >> "optional" requirement. > > We were recently invited by a supplier to provide input on a particular > IPv6 feature that was missing from a new product, to justify why they > should implement it. My text ended this way: > > "... As network operators we would expect to provide the same > standard of service for IPv6 as for IPv4. For that we simply > expect parity of features between v4 and v6. Since you already > offer [feature X for IPv4] on these platforms, and have done > since the [previous generation] first appeared, why *wouldn't* > you do [feature X] for IPv6?" > That's a shame that you sent that. A real shame. You lost the opportunity to educate your supplier. Any vendor making and selling gear operates under a product feature principle. This is that all features can be sorted by the number of customers who -require- them. On top of the list are the features considered most critical to the most number of people, on the bottom the least critical. There is a price tag associated with each feature. The lower down the list you go, the chance a feature will be implemented is inversely proportional to it's price. Right now IPv6 is lower down on that feature list. The vendors know that as time passes it will become more important and so there is some weight to the idea of deploying IPv6 early, but what this means economically is your able to defer some of the cost of the IPv6 features into the future. When your supplier called you he called you about a feature that is low down on the feature list and apparently has a high price tag to implement. They know that not including it is going to lose some customers, they are trying to find out how many customers they would lose, to estimate the cost to them of not implementing it at this time. This is an arbitrary process relying on guessing, mainly. If you had taken the time to "sell" the vendor on the importance of this feature that would have weighed a lot more strongly than what you said, because your supplier might have been convinced that this feature would be critical to a lot of OTHER potential customers even if those customers didn't indicate so. But your response indicated that you were just operating off a checklist, and thus the feature is only of importance to you. This means if no other customers say they want it, your vendor will probably not implement it since they will assume that it's not going to be that important to most other customers. This supplier isn't asking for a quid-pro-quo, if you "sell" them on adding this feature it's not obligating you to buy anything. All you are doing by a response of this nature is REDUCING the pool of potential devices you can choose from in the future. Ted From dougb at dougbarton.us Wed Jun 2 20:35:05 2010 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 02 Jun 2010 11:35:05 -0700 Subject: Reliability & downtime, was Re: So why is "IPv4 with longer addresses" a problem anyway? In-Reply-To: <1275463316.3658.149.camel@shane-asus-laptop> References: <4C0189A0.4030509@netability.ie> <4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <4C053559.8020808@foobar.org> <4C054276.5080700@ipinc.net> <1275463316.3658.149.camel@shane-asus-laptop> Message-ID: <4C06A459.6000304@dougbarton.us> On 06/02/10 00:21, Shane Kerr wrote: > I think Nick was quite correct in identifying that for some operational > environments (like yours apparently) RA is acceptable, but for others it > doesn't fit the needs. Thanks, that's my point exactly. :) Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ From nick at foobar.org Wed Jun 2 22:03:24 2010 From: nick at foobar.org (Nick Hilliard) Date: Wed, 02 Jun 2010 21:03:24 +0100 Subject: The use of RIPng In-Reply-To: References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> Message-ID: <4C06B90C.9040501@foobar.org> On 01/06/2010 21:56, Benedikt Stockebrand wrote: > Beyond that, your RIP configuration apparently works, but your OSPF > one doesn't---maybe in the future you could try them out first, before > publicly posting them. I have taken the liberty to dump your > configuration into a toy 1812W, running 12.4(15)T1, just to make sure > that I didn't just imagine the obvious error. But I got what I > expected when I actually checked things: > > Router#show ip ospf 1 > %OSPF: Router process 1 is not running, please configure a router-id > Router# PRO TIP: a router with no IP address configured on any interface won't run OSPFv2. Nick From alex at digriz.org.uk Thu Jun 3 00:50:48 2010 From: alex at digriz.org.uk (Alexander Clouter) Date: Wed, 2 Jun 2010 23:50:48 +0100 Subject: The use of RIPng References: <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> <201006021606.19401.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> <4C06A0C5.2060702@ipinc.net> Message-ID: <8r3jd7-fd6.ln1@chipmunk.wormnet.eu> Ted Mittelstaedt wrote: > > Any vendor making and selling gear operates under a product > feature principle. > > This is that all features can be sorted by the number > of customers who -require- them. On top of the list are the > features considered most critical to the most number of > people, on the bottom the least critical. There is a price tag > associated with each feature. > > The lower down the list you go, the chance a feature will be > implemented is inversely proportional to it's price. > > Right now IPv6 is lower down on that feature list. The vendors > know that as time passes it will become more important and > so there is some weight to the idea of deploying IPv6 early, > but what this means economically is your able to defer some of > the cost of the IPv6 features into the future. > I would normally agree here if it was not that the feature was a L3 'thing' which is meant to be transparent to the layers above it. For example, I want a SIP based handset. There should be no reason that when SIP is implemented in the device by the vendor that it does not care about whether it is operating over IPv4 and IPv6. SSH and SNMP can also be considered similarly. I will agree things get a bit hazy when we are talking about devices that operate at or between L2 and L3, but for 'features' that live at L4 or above...I cannot understand why a vendor is not providing feature parity. There is a cost to *migrate* an existing codebase that is IPv4 only to dualstack, however for new devices/features, there is no excuse. Just my thoughts. Cheers -- Alexander Clouter .sigmonster says: Restaurant package, not for resale. From sethm at rollernet.us Thu Jun 3 04:21:17 2010 From: sethm at rollernet.us (Seth Mattinen) Date: Wed, 02 Jun 2010 19:21:17 -0700 Subject: "IPv6 for dummes" for sales staff? Message-ID: <4C07119D.8080002@rollernet.us> Does anyone have links or recommendations for some "IPv6 for dummies" materials suitable for marketing and sales staff? A lot of the stuff I'm finding or have used myself has a technical bent to it, which is fine for us, but confusing for sales. ~Seth From kuenzler at init7.net Thu Jun 3 07:39:02 2010 From: kuenzler at init7.net (Fredy Kuenzler) Date: Thu, 03 Jun 2010 07:39:02 +0200 Subject: "IPv6 for dummes" for sales staff? In-Reply-To: <4C07119D.8080002@rollernet.us> References: <4C07119D.8080002@rollernet.us> Message-ID: <4C073FF6.6010503@init7.net> Am 03.06.2010 04:21, schrieb Seth Mattinen: > Does anyone have links or recommendations for some "IPv6 for dummies" > materials suitable for marketing and sales staff? A lot of the stuff I'm > finding or have used myself has a technical bent to it, which is fine for > us, but confusing for sales. Maybe my slides from the IPv6 conference in Frankfurt two weeks ago are partly compatible for sales ... http://www.blogg.ch/uploads/IPv6-deployment-for-the-IPv4-clueful-heise-ipv6-conference.pdf Best regards, Fredy From gert at space.net Thu Jun 3 09:20:28 2010 From: gert at space.net (Gert Doering) Date: Thu, 3 Jun 2010 09:20:28 +0200 Subject: The use of RIPng In-Reply-To: <4C06B90C.9040501@foobar.org> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <4C06B90C.9040501@foobar.org> Message-ID: <20100603072028.GU99602@Space.Net> Hi, On Wed, Jun 02, 2010 at 09:03:24PM +0100, Nick Hilliard wrote: > PRO TIP: a router with no IP address configured on any interface won't run > OSPFv2. Why would anyone want OSPFv2? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 150584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From sthaug at nethelp.no Thu Jun 3 09:36:40 2010 From: sthaug at nethelp.no (sthaug at nethelp.no) Date: Thu, 03 Jun 2010 09:36:40 +0200 (CEST) Subject: The use of RIPng In-Reply-To: <20100603072028.GU99602@Space.Net> References: <4C06B90C.9040501@foobar.org> <20100603072028.GU99602@Space.Net> Message-ID: <20100603.093640.74705429.sthaug@nethelp.no> > > PRO TIP: a router with no IP address configured on any interface won't run > > OSPFv2. > > Why would anyone want OSPFv2? Presumably because OSPFv3 didn't use to support IPv4 (e.g. Juniper got their OSPFv3 IPv4 support in JunOS 9.2). Fortunately our backbone IGP has been IS-IS for many years. OSPFv2 or OSPFv3 has been a non-question... Steinar Haug, Nethelp consulting, sthaug at nethelp.no From tore.anderson at redpill-linpro.com Thu Jun 3 09:43:45 2010 From: tore.anderson at redpill-linpro.com (Tore Anderson) Date: Thu, 03 Jun 2010 09:43:45 +0200 Subject: The use of RIPng In-Reply-To: <20100603072028.GU99602@Space.Net> References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C05438F.6000200@foobar.org> <4C06B90C.9040501@foobar.org> <20100603072028.GU99602@Space.Net> Message-ID: <4C075D31.7040806@redpill-linpro.com> * Gert Doering > Why would anyone want OSPFv2? To run OSPFv3 on Juniper's EX series you'll need to buy a rather pricey advanced feature licence... :-( -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27 From gert at space.net Thu Jun 3 10:11:30 2010 From: gert at space.net (Gert Doering) Date: Thu, 3 Jun 2010 10:11:30 +0200 Subject: The use of RIPng In-Reply-To: <20100603.093640.74705429.sthaug@nethelp.no> References: <4C06B90C.9040501@foobar.org> <20100603072028.GU99602@Space.Net> <20100603.093640.74705429.sthaug@nethelp.no> Message-ID: <20100603081130.GV99602@Space.Net> Hi, On Thu, Jun 03, 2010 at 09:36:40AM +0200, sthaug at nethelp.no wrote: > > > PRO TIP: a router with no IP address configured on any interface won't run > > > OSPFv2. > > > > Why would anyone want OSPFv2? > > Presumably because OSPFv3 didn't use to support IPv4 (e.g. Juniper got > their OSPFv3 IPv4 support in JunOS 9.2). Thanks for emphasizing the point :-) - I was under the assumption that this discussion was about IPv6, not about legacy routing protocols. So "why would anyone want OSPFv2" (in an IPv6 routing protocols discussion)? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 150584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100603/295f806e/attachment.bin From bmanning at vacation.karoshi.com Thu Jun 3 11:12:50 2010 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Thu, 3 Jun 2010 09:12:50 +0000 Subject: The use of RIPng In-Reply-To: <20100603081130.GV99602@Space.Net> References: <4C06B90C.9040501@foobar.org> <20100603072028.GU99602@Space.Net> <20100603.093640.74705429.sthaug@nethelp.no> <20100603081130.GV99602@Space.Net> Message-ID: <20100603091250.GA15519@vacation.karoshi.com.> On Thu, Jun 03, 2010 at 10:11:30AM +0200, Gert Doering wrote: > Hi, > > On Thu, Jun 03, 2010 at 09:36:40AM +0200, sthaug at nethelp.no wrote: > > > > PRO TIP: a router with no IP address configured on any interface won't run > > > > OSPFv2. > > > > > > Why would anyone want OSPFv2? > > > > Presumably because OSPFv3 didn't use to support IPv4 (e.g. Juniper got > > their OSPFv3 IPv4 support in JunOS 9.2). > > Thanks for emphasizing the point :-) - I was under the assumption that > this discussion was about IPv6, not about legacy routing protocols. IPv4/6 are not routing protocols... perhaps you mean OSPF is a legacy routing protocol, and after all, who would ever run a legacy routing protocol. > So "why would anyone want OSPFv2" (in an IPv6 routing protocols discussion)? > > Gert Doering > -- NetMaster > -- > Total number of prefixes smaller than registry allocations: 150584 > > SpaceNet AG Vorstand: Sebastian v. Bomhard > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From david.freedman at uk.clara.net Thu Jun 3 11:49:46 2010 From: david.freedman at uk.clara.net (David Freedman) Date: Thu, 03 Jun 2010 10:49:46 +0100 Subject: IPv6 Infrastructure PI Message-ID: Now we have "LIRs can qualify for an IPv6 PI assignment for parts of their own infrastructure that are not used for customer end sites" in RIPE-481 Have been hearing talk of organisations applying for this to number their infrastructure out of it and make the space un-routable for security purposes. Would be keen to know what others think of this, here are the points I made: - That it is no different to people using IPV4 un-routed infrastructure addressing (i.e unshared RFC1918) - That I could still use ULA, pure linklocal, unnumbered /128 POS etc.. - That customer networks would still be attached to your equipment and the global addressing for their gateways are still attack vectors. - That once I know that there is some unique addressing which is trusted by your equipment, I know that if you slip up and don't filter it everywhere on ingress I can static route back to you somehow (through peering or customer connection) and impersonate your trusted hosts. I know this is not a new argument, but I'm interested to hear what others think... ------------------------------------------------ David Freedman Group Network Engineering Claranet Limited http://www.clara.net From gert at space.net Thu Jun 3 11:51:35 2010 From: gert at space.net (Gert Doering) Date: Thu, 3 Jun 2010 11:51:35 +0200 Subject: The use of RIPng In-Reply-To: <20100603091250.GA15519@vacation.karoshi.com.> References: <4C06B90C.9040501@foobar.org> <20100603072028.GU99602@Space.Net> <20100603.093640.74705429.sthaug@nethelp.no> <20100603081130.GV99602@Space.Net> <20100603091250.GA15519@vacation.karoshi.com.> Message-ID: <20100603095135.GW99602@Space.Net> Hi, On Thu, Jun 03, 2010 at 09:12:50AM +0000, bmanning at vacation.karoshi.com wrote: > > Thanks for emphasizing the point :-) - I was under the assumption that > > this discussion was about IPv6, not about legacy routing protocols. > > IPv4/6 are not routing protocols... > perhaps you mean OSPF is a legacy routing protocol, and > after all, who would ever run a legacy routing protocol. Being only useful for a legacy layer 3 protocol makes OSPFv2 a legacy routing protocol for me. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 150584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 306 bytes Desc: not available Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100603/ef351a5a/attachment.bin From gert at space.net Thu Jun 3 12:03:06 2010 From: gert at space.net (Gert Doering) Date: Thu, 3 Jun 2010 12:03:06 +0200 Subject: IPv6 Infrastructure PI In-Reply-To: References: Message-ID: <20100603100306.GX99602@Space.Net> Hi, On Thu, Jun 03, 2010 at 10:49:46AM +0100, David Freedman wrote: > Now we have "LIRs can qualify for an IPv6 PI assignment for parts of their > own infrastructure that are not used for customer end sites" in RIPE-481 > Have been hearing talk of organisations applying for this to number their > infrastructure out of it and make the space un-routable for security > purposes. > > Would be keen to know what others think of this, here are the points I made: > > - That it is no different to people using IPV4 un-routed infrastructure > addressing (i.e unshared RFC1918) It's better than that, because the addresses are guaranteed to be unique, and you can even have reverse DNS for it. RFC1918 for "visible" infrastructure (e.g. showing up in traceroutes) violates RFC1918 and, generally, sucks. > - That I could still use ULA, pure linklocal, unnumbered /128 POS etc.. ULA would also be a workable approach. Pure link-local works, but has the disadvantage that you can't ping the individual interfaces from your network monitoring systems. > - That customer networks would still be attached to your equipment and the > global addressing for their gateways are still attack vectors. Correct for your edge systems. > - That once I know that there is some unique addressing which is trusted by > your equipment, I know that if you slip up and don't filter it everywhere on > ingress I can static route back to you somehow (through peering or customer > connection) and impersonate your trusted hosts. True as well: hack a customer PC, access your network from there... So "non-routed backbone addresses alone" isn't auto-securing your network, you also need to filter it against folks statically routing it to you or against your customers trying to get access to it. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 150584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From tjc at ecs.soton.ac.uk Thu Jun 3 16:03:19 2010 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Thu, 3 Jun 2010 15:03:19 +0100 Subject: "IPv6 for dummes" for sales staff? In-Reply-To: <4C073FF6.6010503@init7.net> References: <4C07119D.8080002@rollernet.us> <4C073FF6.6010503@init7.net> Message-ID: On 3 Jun 2010, at 06:39, Fredy Kuenzler wrote: > Am 03.06.2010 04:21, schrieb Seth Mattinen: >> Does anyone have links or recommendations for some "IPv6 for dummies" >> materials suitable for marketing and sales staff? A lot of the stuff I'm >> finding or have used myself has a technical bent to it, which is fine for >> us, but confusing for sales. > > Maybe my slides from the IPv6 conference in Frankfurt two weeks ago are > partly compatible for sales ... > > http://www.blogg.ch/uploads/IPv6-deployment-for-the-IPv4-clueful-heise-ipv6-conference.pdf > There's some video e-learning material here care of 6DEPLOY: http://www.6deploy.org/index.php?page=e-learning The introduction bits may be useful for such staff, at least for a high level what/why view. Tim From tjc at ecs.soton.ac.uk Thu Jun 3 16:40:07 2010 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Thu, 3 Jun 2010 15:40:07 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> Message-ID: On 2 Jun 2010, at 09:13, wrote: >> I do have a sense of deja-vu in a lot of instances, and all this has >> been >> covered before: you're correct. I also agree that existing sites >> simply >> need updating or new ownership just to get them pushed along. I'm >> currently facing that as I go throw my own IPv6 planning for another >> group. > > Neither the 6net or the Janet sites are "cookbooks", neither are wikis, > and there is no easy way to update them. A cookbook should allow anyone > to post their recipe/solution for a problem that they have faced, > without requiring any bureaucratic process of contacting site owners. > > Hopefully the ARIN wiki already has links to the 6net and Janet > resources. As the author of the JANET guide, and a contributor to the 6NET Deployment Guide, I can maybe comment on both a little. I would say that it's unlikely the 6NET book will be updated, though some of the original contributors have had some discussion about the possibility. The original text was just one of 100+ deliverables/outputs of a project that ran from 2002-2005. Despite its age, a surprising amount of the guide is still accurate. The 'problem' probably lies more with what's not included, e.g. new perspectives and solutions for IPv4/IPv6 integration (6rd, Teredo, NAT64, etc). I am seeing if we can somehow distill the Word source into something wikifiable - I don't believe there should be any copyright issues on that, as it was produced largely by public funding (6NET being an EU IST project). As it happens I'm updating the JANET guide this month, and in parallel helping JANET(UK) produce some new IPv6 training material for network administrators. Any comments on what to add to the JANET guide are welcome by direct mail. This text would stay in fixed PDF form though as its a JANET-branded publication (JANET being the UK academic network). I can certainly try to rewrite the updated bits in a more 'generalised' way to be more widely applicable. Tim From cgrundemann at gmail.com Thu Jun 3 16:40:41 2010 From: cgrundemann at gmail.com (Chris Grundemann) Date: Thu, 3 Jun 2010 08:40:41 -0600 Subject: "IPv6 for dummes" for sales staff? In-Reply-To: <4C07119D.8080002@rollernet.us> References: <4C07119D.8080002@rollernet.us> Message-ID: Chapter 1 of Day One: Exploring IPv6 may be suitable. It is a Juniper Networks booklet but the first chapter is a vendor agnostic introduction to IPv6. The booklet is available to download free as a PDF[1] and printed copies[2] are available for purchase (cheap) as well. Cheers, ~Chris [1] http://www.juniper.net/us/en/community/junos/training-certification/day-one/exploring-ipv6/ [2] http://store.vervante.com/c/v/V4081408380.html?base_cat=Juniper%20Networks%3aJunos%26%230174%20Networking%20Technologies%20Series&pard=juniper I wrote this booklet On Wed, Jun 2, 2010 at 20:21, Seth Mattinen wrote: > Does anyone have links or recommendations for some "IPv6 for dummies" > materials suitable for marketing and sales staff? A lot of the stuff I'm > finding or have used myself has a technical bent to it, which is fine > for us, but confusing for sales. > > ~Seth > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.coisoc.org From chrisb at ripe.net Thu Jun 3 17:10:39 2010 From: chrisb at ripe.net (Chris Buckridge) Date: Thu, 3 Jun 2010 17:10:39 +0200 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org> <20100531134055.GV88261@ronin.4ever.de> <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> Message-ID: On 3 Jun 2010, at 16:40, Tim Chown wrote: > > On 2 Jun 2010, at 09:13, > wrote: > >>> I do have a sense of deja-vu in a lot of instances, and all this has >>> been >>> covered before: you're correct. I also agree that existing sites >>> simply >>> need updating or new ownership just to get them pushed along. I'm >>> currently facing that as I go throw my own IPv6 planning for another >>> group. >> >> Neither the 6net or the Janet sites are "cookbooks", neither are >> wikis, >> and there is no easy way to update them. A cookbook should allow >> anyone >> to post their recipe/solution for a problem that they have faced, >> without requiring any bureaucratic process of contacting site owners. >> >> Hopefully the ARIN wiki already has links to the 6net and Janet >> resources. > > As the author of the JANET guide, and a contributor to the 6NET > Deployment Guide, I can maybe comment on both a little. > > I would say that it's unlikely the 6NET book will be updated, though > some of the original contributors have had some discussion about the > possibility. The original text was just one of 100+ deliverables/ > outputs of a project that ran from 2002-2005. Despite its age, a > surprising amount of the guide is still accurate. The 'problem' > probably lies more with what's not included, e.g. new perspectives > and solutions for IPv4/IPv6 integration (6rd, Teredo, NAT64, > etc). I am seeing if we can somehow distill the Word source into > something wikifiable - I don't believe there should be any copyright > issues on that, as it was produced largely by public funding (6NET > being an EU IST project). > > As it happens I'm updating the JANET guide this month, and in > parallel helping JANET(UK) produce some new IPv6 training material > for network administrators. Any comments on what to add to the > JANET guide are welcome by direct mail. This text would stay in > fixed PDF form though as its a JANET-branded publication (JANET > being the UK academic network). I can certainly try to rewrite > the updated bits in a more 'generalised' way to be more widely > applicable. > > Tim I'm one of the people at the RIPE NCC responsible for the IPv6 Act Now website (http://www.ipv6actnow.org). It's not a website that can be edited by users, so is probably not directly suited to the "cookbook" format (though it does have links to resources like the 6Deploy site and ARIN wiki). However, various RIRs do have a number of options that might work well for this. Michael has already mentioned the ARIN IPv6 Wiki; RIPE Labs is another site that could be a good platform for this. (http://labs.ripe.net) RIPE Labs is already hosting a couple of IPv6-related resources that users can have input to (and will shortly have a functionality upgrade that will make direct user updates even easier): The IPv6 CPE Survey: http://labs.ripe.net/content/ipv6-cpe-survey Based on work already done by Marco Hogewoning, this was published only a couple of days ago and we plan to grow it into an extensive summary of CPEs and their IPv6 ability. IPv6 Measurements: A Compilation: http://labs.ripe.net/content/ipv6-measurement-compilation A list of various IPv6 measurements from around the web. We'd be happy to to provide RIPE Labs as a platform for the cookbook, and help out, where necessary, with collating some of the information. To that end, I've started a forum topic on Labs where people could post the type of information that you would like to see included: http://labs.ripe.net/content/ipv6-cookbook-looking-ingredients Depending on the response, we can then consider how best to proceed with editing/collating the information provided. Chris From me at benedikt-stockebrand.de Thu Jun 3 18:52:08 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Thu, 03 Jun 2010 16:52:08 +0000 Subject: The use of RIPng In-Reply-To: <201006021644.24263.mtinka@globaltransit.net> (Mark Tinka's message of "Wed, 2 Jun 2010 16:44:19 +0800") References: <201006012334.51111.mtinka@globaltransit.net> <201006021644.24263.mtinka@globaltransit.net> Message-ID: Hi Mark and list, Mark Tinka writes: > But that's just me; it's a free world, you're welcome to run > whatever you like :-). if that includes running RIP that's fine with me:-) > [...] > These might probably afford to employ someone like yourself > to come in as-needed to fix problems with their link state > routing protocol. (I'm not the one coming in, but some of the people that show up in my workshops do.) The problem here is the time it takes to call someone in. That time does cost money. And yes, software developers are particularly notorious at wantonly breaking things and then making things worse by trying to fix them. Finally, I assume you are rather network/routing-centric. With my customers that's only one of many relevant topics. > If you're spending too much debugging your IGP, your probably have a > poor network design to start with. Agreed. Unfortunately there are *many* of those "historically grown" network designs around. And then there are those people who claim that you just bring in OSPF (or EIGRP) and all problems will magically go away. The problem however is if you *rarely* touch anything. When things happen you're bound to figure out how you---or somebody else---made things work months and years ago. > I think routing protocols are as relevant to IP as IP, itself, is. >From your perspective it is, and since that's what you are paid for that's how it ought to be. But there are other issues far more pressing to some people: - Will /whatever/ software work with IPv6, and if not, how do I fix it and how much work is involved there? - What about performance impacts on applications? (Two of the more unusual participants in a training asked specifically about performance impacts on the DNS. They were working for DeNIC...) - What needs to be done with regard to monitoring? - What should change about the network topology when IPv6 is deployed? - Where do I find a replacement for my current XXX stuff? I've done rather network-centric workshops, too, and I've even done a two day in-house course on IPv6 protocol internals because that's what the customer wanted, but most of the time a network-centric workshop would have a far too narrow focus for my "usual" customers. > Whatever they take in now will stick for a very long time, > and what we've seen with workshops is the hardest thing to > teach participants is how to "unlearn" the bad stuff they've > picked up from allover. It's not that I don't explain about the limitations of RIP and why OSPF may eventually become relevant. But if you are dealing with people who so far have never touched any dynamic routing at all, OSPF tends to scare them. > I really can't tell you how to do your job. Only you know it > best :-). No, but my customers do:-) > But the fact about getting down the good principles in the start, > remains, and personally, while you can't stop folk from doing what > they want to do, RIP should really not be talked about in public, > especially to virgin operators. These aren't really "virgin operators" but people who have so far stuck with static routes (think of the average Linux geek here for example) and now want to avoid those pesky typos in IPv6 routing tables. It's pretty much down to "different customers have different needs". And of course that the Internet is way too diverse for anybody to entirely imagine anymore. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From Sam.Wilson at ed.ac.uk Thu Jun 3 18:59:45 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Thu, 3 Jun 2010 17:59:45 +0100 Subject: The use of RIPng In-Reply-To: <4C06A0C5.2060702@ipinc.net> References: <201006020011.03653.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA485A@RWC-EX1.corp.seven.com> <201006021606.19401.mtinka@globaltransit.net> <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> <4C06A0C5.2060702@ipinc.net> Message-ID: On 2 Jun 2010, at 19:19, Ted Mittelstaedt wrote: > > > On 6/2/2010 9:45 AM, Sam Wilson wrote: >> >> On 2 Jun 2010, at 17:20, George Bonser wrote: >> >>> ... It isn't the rolling out of v6 >>> per se that is the problem. It is the lack of support tools (DNS >>> management is one example) and vendor oddities that are adding >>> additional barriers to networks who see the writing on the wall >>> but have >>> internal operational or financial barriers. This isn't going to >>> change >>> until people globally think of v6 as the standard and not some >>> "optional" requirement. >> >> We were recently invited by a supplier to provide input on a >> particular >> IPv6 feature that was missing from a new product, to justify why they >> should implement it. My text ended this way: >> >> "... As network operators we would expect to provide the same >> standard of service for IPv6 as for IPv4. For that we simply >> expect parity of features between v4 and v6. Since you already >> offer [feature X for IPv4] on these platforms, and have done >> since the [previous generation] first appeared, why *wouldn't* >> you do [feature X] for IPv6?" >> > > That's a shame that you sent that. A real shame. You lost the > opportunity to educate your supplier. If that had been all I'd said I might agree with you. As you'll see above that was how my text ended. > [snip a whole load of stuff telling me what I did and didn't do and > what I should have done] I have to say I'm really finding it difficult to write a civil response here. I'm limited in what I can say - I really don't want to trespass on the relationship we have with our suppliers. The events that led up to this were: vendor NDAs new generation of product, trumpeting that they are offering parity of features for IPv4 and IPv6 for the first time. When the datasheet is eventually made public we note that some words are omitted and ask if that means that some features are not available for IPv6. Vendor confirms that is the case. We express dissatisfaction. We are invited to say why we need that feature. Our response is to explain what we use the previous generations of the product for, saying we expect to offer the same services for IPv6 in future and expressing surprise that matching IPv6 features are (still!) missing. If the corresponding IPv4 feature hadn't been there for years I wouldn't have been making the point. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From me at benedikt-stockebrand.de Thu Jun 3 19:57:28 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Thu, 03 Jun 2010 17:57:28 +0000 Subject: The use of RIPng In-Reply-To: <201006021752.56837.mtinka@globaltransit.net> (Mark Tinka's message of "Wed, 2 Jun 2010 17:52:52 +0800") References: <4C05438F.6000200@foobar.org> <201006021752.56837.mtinka@globaltransit.net> Message-ID: Hi again, Mark Tinka writes: > Something tells me Nick is already familiar with this > requirement in OSPFv2|v3 in IOS :-), and as such, supporting > configuration was implied. right. I probably should've caught some sleep before posting, the missing router ID only turns up this way with OSPFv3. Apologies to Nick. > The highest IPv4 Loopback or major interface address becomes > the default Router-ID, and as such, does not necessarily > call for the explicit definition of the same (even though > this is not an uncommon design). That's actually the one "anti-difference" between OSPFv2 and v3: With v3 it's still "a 32 bit integer that happens to be written like an IP(v4) address", so you want to be more careful there. And since duplicated router IDs are one of my favourite exercises on basic OSPF(v3) troubleshooting... > The complaint you receive from the router is likely because > you don't have any IPv4 address configured, Correct. > a somewhat unlikely scenario for now, Depends. My larger customers frequently insist on keeping IPv4 and IPv6 on separate machines in production setups so they won't accidentially interfere with each other. As long as there is enough equipment around that has been replaced by something bigger, that approach can actually make sense, depending on the particular circumstances. > but maybe so in many years when new users/networks will never have > access to public v4 address space. That's likely to happen in less than "many years" (for suitable definitions of "many") in some contexts: There is a tendency to dual-stack nodes and subnets on a need-to-have basis only. So there's a good chance that enterprise environments will use either IPv4 or IPv6 only for individual desktop-style clients, most likely IPv4 for XP and IPv6 for Win7, with dual-stacked clients being the exception. In an ISP/Carrier context the situation is obviously going to be different. > But you probably know all this already :-). Actually, it never occurred to me to set up OSPF without first setting a router ID. Call me paranoid if you like:-) Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From me at benedikt-stockebrand.de Thu Jun 3 20:20:45 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Thu, 03 Jun 2010 18:20:45 +0000 Subject: The use of RIPng In-Reply-To: <4C069989.7030105@ipinc.net> (Ted Mittelstaedt's message of "Wed, 02 Jun 2010 10:48:57 -0700") References: <201006010047.26322.mtinka@globaltransit.net> <201006012334.51111.mtinka@globaltransit.net> <4C053FE1.6070307@ipinc.net> <4C054F1B.4060603@ipinc.net> <4C069989.7030105@ipinc.net> Message-ID: Hi Ted and list, Ted Mittelstaedt writes: > Complexity like running a routing protocol on each WS? ;-) That's what we did fifteen years ago with IPv4. Then came VRRP and HSRP, plus whatever non-standardized mechanisms you would use with a stateful packet filter. Saved quite some trouble. And with IPv6, Autoconf+NUD becomes yet another option. > This does NOT mean that all cheap solutions are reliable. That's he problem: Too often you only find out after you've deployed them. As far as "buy Cisco/IBM/Microsoft/ and you're are out of trouble" goes, I think we agree that that only works if you need an excuse towards management rather than an actual solution. > Hmm, well we treat all our customers, including the residential ones, > this way. In that case you don't have those "buy cheap" people as customers. I've been working for a large ISP (then called T-Online), and with customer support showing up rather impressively on the balance sheet, no matter what you do it's eventually down to "you get what you pay for". In other words, consider yourself lucky. Small end users do have their own peculiarities, but the low-cost end user business can really drive you crazy. And no, I didn't do user support (whatever level) there. > In any case, as far as Internet connectivity goes, the Telco's > control the reliability of THAT. > [...] > Perhaps the Telco's operate differently in Germany? The people I talk about frequently have a dial-up backup solution, often with UMTS/3G as a last resort. And while the telcos are likely pretty much the same all over the world, there are smaller ISPs here who primarily target these customers. As I understand, they frequently offer fallback connectivity to business customers. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From michael.dillon at bt.com Fri Jun 4 10:50:46 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 4 Jun 2010 09:50:46 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org><20100531134055.GV88261@ronin.4ever.de><28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net><0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk><28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net><302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> Message-ID: <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> > However, various RIRs do have a number of options that > might work well for this. Michael has already mentioned the ARIN IPv6 > Wiki; RIPE Labs is another site that could be a good platform for > this. (http://labs.ripe.net) I'd prefer that RIPE *NOT* create another Ipv6 site since part of the problem is that Ipv6 information is too scattered. Intstead, since RIPE already has a good site with videos and interviews targetting technical decision makers, I would prefer to see ARIN and RIPE join together on this. The end result would be that RIPE promotes getipv6.info as the one right place to find and update operational experience and cookbook style recipes, and ARIN promotes Ipv6actnow.org as the one place for the latest IPv6 news and info. Similarly, this list should adopt the getipv6.info site and we should all register for logins and update the info from time to time. You don't need to be an Ipv6 expert to do this since often the experts don't realise how useful a particular email explanation was. I've already done something similar with the NANOG list about a year or so ago when there was a lot of Ipv6 discussion, i.e. I extracted the best bits of info and put them on getipv6.info. And, of course, we should invite APNIC, LACNIC and AfriNIC to join in as well rather than simply duplicating the same ideas and causing info to get more scattered. As for JANET and similar orgs, they will always do what they do, but the getipv6.info wiki can link to the JANET document and even include a "bopok review" of it so people know what is there. And Ipv6actnow.org could interview the author about the new guide and why it needed to be updated. Because of the working relationships between the RIRs and all network operators, I think that it is best to have these kinds of sites affiliated with one of the RIRs because a lot of people will look to the RIR for information knowing that other ISPs may have already solved a particular problem. --Michael Dillon From mohacsi at niif.hu Fri Jun 4 10:57:13 2010 From: mohacsi at niif.hu (Mohacsi Janos) Date: Fri, 4 Jun 2010 10:57:13 +0200 (CEST) Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org><20100531134055.GV88261@ronin.4ever.de><28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net><0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk><28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net><302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: Dear Michael, I would prefer that every who has IPv6 operational experiences share them one way or another. I don't care which portal or at which organisation. Internet is a free medium to publish documents. Janos Mohacsi Head of HBONE+ project Network Engineer, Deputy Director of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Fri, 4 Jun 2010, michael.dillon at bt.com wrote: >> However, various RIRs do have a number of options that >> might work well for this. Michael has already mentioned the ARIN IPv6 >> Wiki; RIPE Labs is another site that could be a good platform for >> this. (http://labs.ripe.net) > > I'd prefer that RIPE *NOT* create another Ipv6 site since part of the > problem is that Ipv6 information is too scattered. Intstead, since RIPE > already has a good site with videos and interviews > > targetting technical decision makers, I would prefer to see ARIN and > RIPE > join together on this. > > The end result would be that RIPE promotes getipv6.info as the one right > place to find and update operational experience and cookbook style > recipes, and ARIN promotes Ipv6actnow.org as the one place for the > latest > IPv6 news and info. > > Similarly, this list should adopt the getipv6.info site and we should > all > register for logins and update the info from time to time. You don't > need to > be an Ipv6 expert to do this since often the experts don't realise how > useful > a particular email explanation was. I've already done something similar > with > the NANOG list about a year or so ago when there was a lot of Ipv6 > discussion, > i.e. I extracted the best bits of info and put them on getipv6.info. > > And, of course, we should invite APNIC, LACNIC and AfriNIC to join in as > well > rather than simply duplicating the same ideas and causing info to get > more > scattered. > > As for JANET and similar orgs, they will always do what they do, but the > getipv6.info > wiki can link to the JANET document and even include a "bopok review" of > it so > people know what is there. And Ipv6actnow.org could interview the author > about > the new guide and why it needed to be updated. > > Because of the working relationships between the RIRs and all network > operators, > I think that it is best to have these kinds of sites affiliated with one > of the > RIRs because a lot of people will look to the RIR for information > knowing that > other ISPs may have already solved a particular problem. > > --Michael Dillon > > From michael.dillon at bt.com Fri Jun 4 11:13:59 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 4 Jun 2010 10:13:59 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: References: <4C0189A0.4030509@netability.ie><4C03BADF.3080902@foobar.org><20100531134055.GV88261@ronin.4ever.de><28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net><0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk><28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net><302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> > I would prefer that every who has IPv6 operational > experiences share them one way or another. When there are too many places to share experiences, many people don't share at all, or only share on a one-to-one basis. > I don't care which > portal or at which organisation. Internet is a free medium to publish > documents. Then you should support having fewer places which attempt to be portals and more groups banding together to support those places. This is not about freedom to publish, because as you pointed out, everyone already is free to publish as they wish on the Internet. This is about making information easier to find, and most importantly, making the quality of information better. If everyone just publishes their experiences on their blogs, then a newcomer who tries to make use of that information on a slightly different network will run into problems. Or you will find one blog saying RA is all you need, and another telling you that you must set up DHCPv6 and patch it in a certain way. But when you get many people working together on a wiki, you get some synergy so that the page recommending RA explains when it is appropriate and when it might not be. Then the page recommending DHCPv6 will say that smaller networks need not bother with the complexity, and there will also be a page explaining how to configure RA and DHCPv6 to work together. Similarly the issue of OSPFv3 and router IDs would get explained so that people don't have surprises when they shift from dual-stack to pure Ipv6. All of this is also discussed in mailing lists, but you have to wade through the whole thread to figure out what the end result was. A good wiki will publish a summing up with the CONCLUSIONS of a discussion, so that it is easier for a learner to understand. Both mailing lists and wikis require a critical mass of people in order to be successful. My suggestions to RIPE and ARIN are about achieving that kind of critical mass. --Michael Dillon From kaeso at email.it Fri Jun 4 11:51:50 2010 From: kaeso at email.it (Luca Bruno) Date: Fri, 4 Jun 2010 11:51:50 +0200 Subject: Fw: AS 7575 announcing 2400::/12 Message-ID: <20100604115150.40e5707a.kaeso@email.it> Begin forwarded message: Date: Fri, 4 Jun 2010 12:31:42 +1000 From: Geoff Huston To: nanog list , ausnog at lists.ausnog.net Subject: AS 7575 announcing 2400::/12 Hi, As part of some ongoing collaborative research work in looking at the "dark" traffic in IPv6, APNIC has requested AARNet to originate a supernet advertisement of the IPv6 prefix 2400::/12 for the next two weeks. The originating AS is AS7575. We would appreciate it if you could adjust your routing filters to permit this advertisement if you are actively filtering IPv6 routing advertisements. Reports from previous work in the IPv4 space can be found at http://www.potaroo.net/studies/ - we hope to add to this with a report describing data collected about the level (and type) of background traffic seen in this part of IPv6. We would also be grateful if other operational lists received this notification - so please forward this as appropriate (but preferably only once!) Many thanks, Geoff Huston, George Michaelson APNIC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100604/9f1f2a59/attachment.bin From marcoh at marcoh.net Fri Jun 4 12:34:28 2010 From: marcoh at marcoh.net (Marco Hogewoning) Date: Fri, 4 Jun 2010 12:34:28 +0200 Subject: IPv6 Infrastructure PI In-Reply-To: <20100603100306.GX99602@Space.Net> References: <20100603100306.GX99602@Space.Net> Message-ID: > It's better than that, because the addresses are guaranteed to be unique, > and you can even have reverse DNS for it. RFC1918 for "visible" > infrastructure (e.g. showing up in traceroutes) violates RFC1918 and, > generally, sucks. Using GUA, have it show up in traceroute but not route it on purpose sucks even more. It will make me wonder wether something is broken or this is by design. Groet, MarcoH From mtinka at globaltransit.net Fri Jun 4 16:51:12 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Fri, 4 Jun 2010 22:51:12 +0800 Subject: The use of RIPng In-Reply-To: References: <201006021752.56837.mtinka@globaltransit.net> Message-ID: <201006042251.13517.mtinka@globaltransit.net> On Friday 04 June 2010 01:57:28 am Benedikt Stockebrand wrote: > That's actually the one "anti-difference" between OSPFv2 > and v3: With v3 it's still "a 32 bit integer that > happens to be written like an IP(v4) address", so you > want to be more careful there. > > And since duplicated router IDs are one of my favourite > exercises on basic OSPF(v3) troubleshooting... I generally do prefer to lock-down my Router ID's (even though some feel this is too much work), but in the case of IOS, we run IS-IS anyway. > Depends. My larger customers frequently insist on > keeping IPv4 and IPv6 on separate machines in production > setups so they won't accidentially interfere with each > other. If by "interfering" you mean with regard to the routing protocols, OSPFv2 and OSPFv3 are ships-in-the-night. That said, interference is more likely in IS-IS since both IP protocols are integrated and supported by the routing protocol. This is sometimes enabled by default in some platforms, e.g., JUNOS. Lack of congruency between both IP protocols, on the wire, will lead to a disruption of adjacencies when v6 is turned up, dual-stack style. However, if by "interfering" you mean v4 and v6 traffic not playing nice with each other in a single router, that should be filed as a bug with your vendor :-). And you probably want to start finding such problems early on. > As long as there is enough equipment around that has been > replaced by something bigger, that approach can actually > make sense, depending on the particular circumstances. To each his own :-). > That's likely to happen in less than "many years" (for > suitable definitions of "many") in some contexts: I say "many" in the context of; even after the RIR's run out of v4 space, allocations which will have already been dished out will still be used for some time to build the network. However, how "many" actually is depends on how much v4 address space you end up with at the time of your last allocation, and how quickly you burn through it after that. This will vary from network to network (or not). > There > is a tendency to dual-stack nodes and subnets on a > need-to-have basis only. So there's a good chance that > enterprise environments will use either IPv4 or IPv6 > only for individual desktop-style clients, most likely > IPv4 for XP and IPv6 for Win7, with dual-stacked clients > being the exception. We currently have no data on how enterprise customers will deploy v6, in that degree of detail. But what we do in fixing the problems highlighted the long thread we had on v6 deployments in the LAN, will help determine that, moving forward. > In an ISP/Carrier context the situation is obviously > going to be different. Indeed. Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100604/e5911c14/attachment.bin From mtinka at globaltransit.net Fri Jun 4 16:52:44 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Fri, 4 Jun 2010 22:52:44 +0800 Subject: The use of RIPng (was: Re: So why is "IPv4 with longer addresses"a problem anyway?) In-Reply-To: <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> References: <5A6D953473350C4B9995546AFE9939EE09EA48B5@RWC-EX1.corp.seven.com> <667B1D57-BCD8-407F-B843-DD688E0E4422@ed.ac.uk> Message-ID: <201006042252.45153.mtinka@globaltransit.net> On Thursday 03 June 2010 12:45:52 am Sam Wilson wrote: > "... As network operators we would expect to provide > the same standard of service for IPv6 as for IPv4. For > that we simply expect parity of features between v4 and > v6. Since you already offer [feature X for IPv4] on > these platforms, and have done since the [previous > generation] first appeared, why *wouldn't* you do > [feature X] for IPv6?" Well, the standard answer would be, "Not enough software engineering resources, unless you're buying 1,000 units of the platform". Case in point, LDP support for IPv6 - 3 years and running between Cisco and Juniper? Look at when SNMP got native transport support for IPv6? We'll get there, eventually, but without pressure from more operators, movement will be relegated to cheque-book nudges. Of course, we all have different priorities, so... Keep on pushing, is all I can say. If you have more RFP's going out, use them. Will do the same on this end :-). Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100604/b4ab9da2/attachment.bin From michael.dillon at bt.com Fri Jun 4 17:12:56 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 4 Jun 2010 16:12:56 +0100 Subject: ARIN's new whois -- Coming Improvements to ARIN's Whois DirectoryService Message-ID: <28E139F46D45AF49A31950F88C497458063DFEA9@E03MVZ2-UKDY.domain1.systemhost.net> I don't know how widely ARIN distributes these notices, but for anyone interested in improving the whois system, there are a couple of URLs here where you can try ARIN's new whois and read some documentation about it. It would be interesting for RIPE labs to deploy a trial whois server that matches the ARIN spec to see if WHOIS-RWS is easily adaptable outside of ARIN or not. -----Original Message----- From: arin-announce-bounces at arin.net [mailto:arin-announce-bounces at arin.net] On Behalf Of Member Services Sent: 04 June 2010 16:05 To: arin-announce at arin.net Subject: [arin-announce] Coming Improvements to ARIN's Whois DirectoryService ARIN is pleased to announce that it plans to deploy an improved Whois service called Whois-RWS on 26 June 2010. Included in the deployment are the following services that provide the general public with access to ARIN's registration data. * a RESTful Web Service (RWS) * a NICNAME/WHOIS port 43 service * a user-friendly web site (http://whois.arin.net) A demo of this service has been available since October 2009. The demonstration service will be available at http://whoisrws-demo.arin.net until the production service is deployed on 26 June 2010. When using Whois-RWS you will notice some differences in behavior for certain queries and corresponding result sets on the NICNAME/WHOIS port 43 service. ARIN will make a separate announcement on 11 June when it publishes detailed documentation on these differences along with the demonstration service update. ARIN continues to welcome community participation on the Whois-RWS mailing list, and we invite you to subscribe and share your thoughts and suggestions at: http://lists.arin.net/mailman/listinfo/arin-whoisrws More detailed information on these changes and other future features that may impact the community at ARIN is available at: https://www.arin.net/features/ Regards, Mark Kosters Chief Technical Officer American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-announce Please contact info at arin.net if you experience any issues. From me at benedikt-stockebrand.de Fri Jun 4 17:47:14 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Fri, 04 Jun 2010 15:47:14 +0000 Subject: The use of RIPng In-Reply-To: <201006042251.13517.mtinka@globaltransit.net> (Mark Tinka's message of "Fri, 4 Jun 2010 22:51:12 +0800") References: <201006021752.56837.mtinka@globaltransit.net> <201006042251.13517.mtinka@globaltransit.net> Message-ID: Hi Mark and list, Mark Tinka writes: > I generally do prefer to lock-down my Router ID's (even > though some feel this is too much work), So do I. And with OSPFv3/IPv6 you have to do so anyway. > but in the case of IOS, we run IS-IS anyway. Whatever gets the job done. >> Depends. My larger customers frequently insist on >> keeping IPv4 and IPv6 on separate machines in production >> setups so they won't accidentially interfere with each >> other. > > If by "interfering" you mean with regard to the routing > protocols, OSPFv2 and OSPFv3 are ships-in-the-night. No, it's not something related to routing protocols at all (despite your point about IS-IS being perfectly valid). It's more about having to upgrade production equipment to support IPv6, management and established business processes being rather restrictive about doing "unnecessary" changes on production equipment and having signed service level agreements for IPv4 but not IPv6. At least here in Germany those ISPs and hosting providers that offer IPv6 tend to offer IPv6 on a "no guarantees" basis only, giving both their customers and themselves a chance to get their hands dirty. > However, if by "interfering" you mean v4 and v6 traffic not > playing nice with each other in a single router, that should > be filed as a bug with your vendor :-). Definitely. Preferably by sending back whatever you bought from them and demanding your money back in return:-) > And you probably want to start finding such problems early on. Sure, but I'd rather not do that on production machines. > We currently have no data on how enterprise customers will > deploy v6, in that degree of detail. Well, you never know what people do when they have to get things done in a rush, but so far there's a tendency (and good reasons) not to deploy unnecessary dual-stacking at a large scale. Of course, to anybody offering public Internet access (ISPS, Internet cafes and university (W)LANs immediately come to mind), dual-stacking will be a necessity for quite some time. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From woody at pch.net Wed Jun 2 19:02:41 2010 From: woody at pch.net (Bill Woodcock) Date: Wed, 2 Jun 2010 10:02:41 -0700 Subject: IPv6 Anycast In-Reply-To: <20100602124343.GA10342@merboo.mamista.net> References: <20100602124343.GA10342@merboo.mamista.net> Message-ID: On Jun 2, 2010, at 5:43 AM, Martin Barry wrote: > I'm trying to get a good grasp of IPv6 anycast. Good luck. > It appears to me that it's not quite analogous to the concept of anycast > which has prevailed in IPv4... That's correct. > ...and has some deficiencies which would lead some > operators to prefer to continue using the old method with IPv6 unicast > addresses. That would be an understatement. To the best of my knowledge, _all_ anycast operators use actual anycast in the same way for both IPv4 and IPv6. "IPv6 Anycast" was an unfortunate misnomer dubbed by IPv6 people who didn't understand anycast, and continues to occasionally confuse people. -Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100602/34d4b41e/attachment.bin From spz at serpens.de Sat Jun 5 21:13:32 2010 From: spz at serpens.de (S.P.Zeidler) Date: Sat, 5 Jun 2010 21:13:32 +0200 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <20100605191331.GX23124@serpens.de> Thus wrote michael.dillon at bt.com (michael.dillon at bt.com): > If everyone just publishes their experiences on their blogs, then > a newcomer who tries to make use of that information on a slightly > different network will run into problems. If everybody just wrote on one English-language wiki, a rather large audience would be left completely uninformed. May I remind you that other languages exist and not everyone running computers speaks English? regards, spz -- spz at serpens.de (S.P.Zeidler) From michael.dillon at bt.com Mon Jun 7 11:20:28 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 7 Jun 2010 10:20:28 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <20100605191331.GX23124@serpens.de> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> Message-ID: <28E139F46D45AF49A31950F88C497458063E0155@E03MVZ2-UKDY.domain1.systemhost.net> > > If everyone just publishes their experiences on their blogs, then > > a newcomer who tries to make use of that information on a slightly > > different network will run into problems. > > If everybody just wrote on one English-language wiki, a rather large > audience would be left completely uninformed. May I remind you that > other languages exist and not everyone running computers speaks > English? Even the German IPv6 council has problems avoiding the use of English, and let's not talk about Lena... http://www.ipv6council.de Even when I do a Google search for "seiten auf Deutsch" I get lots of pages with English on them. This is not something that I can fix. As for having a central wiki in English, this can still help solve your problem. A well-publicised central wiki will get checked out by lots of people. If it has a prominent link on the home page for "Resources in other languages" then you could set up a "Resources in German" page and point people to sites which they can understand. If you have a similar wiki that is in German, then you can translate key pieces of information for it. Nothing happens just by magic. It takes a lot of hard work by a lot of people. DENOG has a wiki http://wiki.denog.de/index.php/Hauptseite Perhaps they will let you use it to create a comprehensive German language reference for IPv6 deployment. --Michael Dillon From spz at serpens.de Mon Jun 7 20:54:12 2010 From: spz at serpens.de (S.P.Zeidler) Date: Mon, 7 Jun 2010 20:54:12 +0200 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C497458063E0155@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> <28E139F46D45AF49A31950F88C497458063E0155@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <20100607185410.GE23124@serpens.de> Hi, Thus wrote michael.dillon at bt.com (michael.dillon at bt.com): > > > If everyone just publishes their experiences on their blogs, then > > > a newcomer who tries to make use of that information on a slightly > > > different network will run into problems. > > > > If everybody just wrote on one English-language wiki, a rather large > > audience would be left completely uninformed. May I remind you that > > other languages exist and not everyone running computers speaks > > English? > > Even the German IPv6 council has problems avoiding the use of English, > and let's not talk about Lena... > http://www.ipv6council.de All these don't try to tell people that they must not create resources in a different language. > Even when I do a Google search for "seiten auf Deutsch" I get lots of > pages with English on them. This is not something that I can fix. That's not something I asked you to fix. Just, you know, when someone says "I'll write up info" not to tell them they must write it in that wiki and thus by implication in English. > As for having a central wiki in English, this can still help solve > your problem. Not if everybody who can parse its contents gets told that that is the only place they may leave information about IPv6 at, unless you propose to make that wiki multilingual (which I assume you are not). If everybody who understands IPv6 at all may just write there, how do you propose different-language resources get created? By translators who haven't got the faintest about what they are translating and produce gems like translating a backup link as tape storage connection? (Rest deleted because it just boils down to that of course for other languages there need to be be other resources. I disagree on whether they "may" be primary write-ups or "must" be translations, because I can't see me starting on a translation campaign and I don't assume the other people on here are that generally bored either, so the 'translate the One True Source' idea is a stillbirth IMO). regards, spz -- spz at serpens.de (S.P.Zeidler) From michael.dillon at bt.com Tue Jun 8 10:41:24 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 8 Jun 2010 09:41:24 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <20100607185410.GE23124@serpens.de> References: <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> <28E139F46D45AF49A31950F88C497458063E0155@E03MVZ2-UKDY.domain1.systemhost.net> <20100607185410.GE23124@serpens.de> Message-ID: <28E139F46D45AF49A31950F88C4974580644923C@E03MVZ2-UKDY.domain1.systemhost.net> > All these don't try to tell people that they must not create resources > in > a different language. I have never seen anyone tell people that they must not create resources in a different language. > That's not something I asked you to fix. Just, you know, when someone > says > "I'll write up info" not to tell them they must write it in that wiki > and > thus by implication in English. This is an English language mailing list. I think it is reasonable to SUGGEST that when people write something good, in English, for this mailing list, they should consider adding that information to the getipv6.info wiki as well. > Not if everybody who can parse its contents gets told that that is the > only place they may leave information about IPv6 at, unless you propose > to > make that wiki multilingual (which I assume you are not). If everybody > who > understands IPv6 at all may just write there, how do you propose > different-language resources get created? By translators who haven't > got > the faintest about what they are translating and produce gems like > translating a backup link as tape storage connection? Why do you want to boil the ocean? How will you translate the material to Pashto, and to Somali? Don't you believe that Afghanistan and Somalia should be on the Internet too? The fact is that we cannot solve all the problems of the world but we can solve the problems that are under our control. Regularly updating the getipv6.info with good material that comes through this mailing list, is something that everyone on this list has control over. --Michael Dillon Think globally but act locally The journey of a thousand miles begins with the first step From spz at serpens.de Tue Jun 8 11:35:19 2010 From: spz at serpens.de (S.P.Zeidler) Date: Tue, 8 Jun 2010 11:35:19 +0200 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580644923C@E03MVZ2-UKDY.domain1.systemhost.net> References: <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> <28E139F46D45AF49A31950F88C497458063E0155@E03MVZ2-UKDY.domain1.systemhost.net> <20100607185410.GE23124@serpens.de> <28E139F46D45AF49A31950F88C4974580644923C@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <20100608093518.GI23124@serpens.de> Thus wrote michael.dillon at bt.com (michael.dillon at bt.com): > > All these don't try to tell people that they must not create resources > > in > > a different language. > > I have never seen anyone tell people that they must not create > resources in a different language. Perceptions on this differ a lot. The thread is not going to profit the list IMO, so I'm taking it off. regards, spz From mir at ripe.net Tue Jun 8 12:44:08 2010 From: mir at ripe.net (Mirjam Kuehne) Date: Tue, 08 Jun 2010 12:44:08 +0200 Subject: ARIN's new whois -- Coming Improvements to ARIN's Whois DirectoryService In-Reply-To: <28E139F46D45AF49A31950F88C497458063DFEA9@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C497458063DFEA9@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <4C0E1EF8.7000408@ripe.net> Hi Michael, Thanks for the suggestion. The RIPE NCC has also implemented a database API in the form of a RESTful Web Service. You can find a description on RIPE Labs: Introduction to the RIPE Database API: http://labs.ripe.net/content/ripe-database-api We are working to integrate other sources into this service. Currently you can query for data originated in the APNIC and the AfriNIC database. We are now also looking to integrate data with source ARIN. Because of the different data formats this is not that trivial, but we will be working with the engineers at ARIN to find a solution. Kind Regards, Mirjam K?hne RIPE Labs at RIPE NCC ------------------------- P.S.: In addition to the announcement above, we published a number of follow-ups after that: RIPE Database Query API Including Search: http://labs.ripe.net/content/ripe-database-query-api-including-search RIPE Database Query API Update: http://labs.ripe.net/content/ripe-database-query-api-update Updates to the RIPE Database Query API and Search Clients: http://labs.ripe.net/content/updates-ripe-database-query-api-and-search-clients michael.dillon at bt.com wrote: > I don't know how widely ARIN distributes these notices, but for anyone > interested in improving the whois system, there are a couple of URLs > here where you can try ARIN's new whois and read some documentation > about it. It would be interesting for RIPE labs to deploy a trial whois > server that matches the ARIN spec to see if WHOIS-RWS is easily > adaptable outside of ARIN or not. > > > -----Original Message----- > From: arin-announce-bounces at arin.net > [mailto:arin-announce-bounces at arin.net] On Behalf Of Member Services > Sent: 04 June 2010 16:05 > To: arin-announce at arin.net > Subject: [arin-announce] Coming Improvements to ARIN's Whois > DirectoryService > > ARIN is pleased to announce that it plans to deploy an improved Whois > service called Whois-RWS on 26 June 2010. Included in the deployment are > > the following services that provide the general public with access to > ARIN's registration data. > > * a RESTful Web Service (RWS) > * a NICNAME/WHOIS port 43 service > * a user-friendly web site (http://whois.arin.net) > > A demo of this service has been available since October 2009. The > demonstration service will be available at > http://whoisrws-demo.arin.net until the production service is deployed > on 26 June 2010. > > When using Whois-RWS you will notice some differences in behavior for > certain queries and corresponding result sets on the NICNAME/WHOIS port > 43 service. ARIN will make a separate announcement on 11 June when it > publishes detailed documentation on these differences along with the > demonstration service update. > > ARIN continues to welcome community participation on the Whois-RWS > mailing list, and we invite you to subscribe and share your thoughts and > > suggestions at: > http://lists.arin.net/mailman/listinfo/arin-whoisrws > > More detailed information on these changes and other future features > that may impact the community at ARIN is available at: > https://www.arin.net/features/ > > Regards, > > Mark Kosters > Chief Technical Officer > American Registry for Internet Numbers (ARIN) > > > > > _______________________________________________ > ARIN-Announce > You are receiving this message because you are subscribed to > the ARIN Announce Mailing List (ARIN-announce at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-announce > Please contact info at arin.net if you experience any issues. From mtinka at globaltransit.net Wed Jun 9 00:38:49 2010 From: mtinka at globaltransit.net (Mark Tinka) Date: Wed, 9 Jun 2010 06:38:49 +0800 Subject: The use of RIPng In-Reply-To: References: <201006042251.13517.mtinka@globaltransit.net> Message-ID: <201006090638.50089.mtinka@globaltransit.net> On Friday 04 June 2010 11:47:14 pm Benedikt Stockebrand wrote: > So do I. And with OSPFv3/IPv6 you have to do so anyway. No, you don't. The highest IPv4 (Loopback) address on the router will be used as the Router ID. Leaving it non-deterministic may be risky, but valid. > At least here in Germany those ISPs and hosting providers > that offer IPv6 tend to offer IPv6 on a "no guarantees" > basis only, giving both their customers and themselves a > chance to get their hands dirty. Gert, is this true :-) - just curious, not out to crucify, hehe? In our case, we don't offer IPv4 access to the Internet "guaranteed" anyway. We guarantee that it will work in as far as forwarding it through our network is concerned (which is easy to guarantee), but not after it leaves our network. This is well-understood across the community. In that respect, IPv6 is not different, for us. Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100609/35381af5/attachment.bin From tedm at ipinc.net Wed Jun 9 02:06:23 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 08 Jun 2010 17:06:23 -0700 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <20100605191331.GX23124@serpens.de> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> Message-ID: <4C0EDAFF.3040707@ipinc.net> On 6/5/2010 12:13 PM, S.P.Zeidler wrote: > Thus wrote michael.dillon at bt.com (michael.dillon at bt.com): > >> If everyone just publishes their experiences on their blogs, then >> a newcomer who tries to make use of that information on a slightly >> different network will run into problems. > > If everybody just wrote on one English-language wiki, a rather large > audience would be left completely uninformed. May I remind you that > other languages exist and not everyone running computers speaks English? > From 1997 University of Brunei : http://www.tribunes.com/tribune/art97/wooda.htm "...Whatever method we may use to measure the growth in science, whether it be number of journals, number of articles, number of patents, it is clear that the trend is still inexorably upwards. And increasingly the language of publication is English...." From 2004 Associated Press: http://www.msnbc.msn.com/id/4387421/ "...?English is likely to remain one of the world?s most important languages for the foreseeable future..." "...English has become the dominant language of science, with an estimated 80 percent to 90 percent of papers in scientific journals written in English, notes Scott Montgomery in a separate paper in the same issue of Science. That?s up from about 60 percent in the 1980s, he observes...." From 2008 Live Journal: http://kvarko.livejournal.com/64285.html "...Over the past 80 years, there has been a steady increase in the proportion of scientific publications written in English and a corresponding decrease in the use of all other languages for global scientific communication...." And finally from 2007 NYT: http://www.nytimes.com/2007/04/10/world/europe/10iht-engbiz.2.5212499.html "...We understand that economics is a discipline, like most scientific fields, where the research is published in English," the petition read, in apologetic tones. But it declared that it is "unacceptable" for a native French professor to teach standard courses to French-speaking students in the adopted tongue of English..." In other words, IN FRANCE, we have NATIVE FRENCH, teaching NATIVE FRENCH students - IN ENGLISH. So OK, I GET that there is this thing called Political Correctness that causes us to want to make a nod to languages other than English. But THE FACT IS THAT THE ENGLISH LANGUAGE IS EVERYONE'S CONVENIENT LANGUAGE. Like it or not, there are fundamental advantages to using a SINGLE language in the diplomatic, scientific, economic and technological realm. Nobody is saying that native languages need to go away and be replaced. But what non-English speakers have discovered is that in any relations between other non-native speakers, you have 2 choices, learn THEIR language (unacceptable since they don't have to then expend effort learning yours) or learn a 3rd party language since then they have to learn it too and your both even. English is a convenient language for this. Imagine getting a native speaker of, say Arabic, to speak Hebrew as a second language. That's why Israelis and Muslims use English when they communicate with each other. Ted From michael.dillon at bt.com Wed Jun 9 10:21:44 2010 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 9 Jun 2010 09:21:44 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <4C0EDAFF.3040707@ipinc.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net><20100605191331.GX23124@serpens.de> <4C0EDAFF.3040707@ipinc.net> Message-ID: <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> [irrelevant SCIENCE references deleted] > But THE FACT IS THAT THE ENGLISH LANGUAGE IS EVERYONE'S CONVENIENT > LANGUAGE. Actually, your references only demonstrate that English is convenient for the few people who form part of the scientific elite which engage in publishing research and teaching. Even that is probably still a minority of scientists. Here in the real world of network operations we see things like this If you can't read Russian, it translates as "Cisco translated into Russian its CCNA and CCENT certification programmes". > Like it or not, there are fundamental advantages to using a SINGLE > language in the diplomatic, scientific, economic and technological > realm. In the diplomatic realm English-speaking government officials make a point of using their native language with translators when they meet, such as the UN Security Council. A notable exception was when Vladimir Putin and Angela Merkel of Germany met without translators because both were fluent in German and Russian. In the technological realm, the few who can manage good English, spend some of their time translating documents into their native language or presenting at conferences in their native language. You, however, being handicapped by not speaking several languages, cannot see this even though it is blatantly obvious to the rest of us. Let's all remember that we need to get everybody to deploy IPv6 in order to achieve the network effects which make the Internet such a valuable tool. And to do that, someone needs to speak their language and teach them. Best practices should be widely available in as many languages as possible, and if we can manage to collect them in one place, and publicise the collection, then other people will do the translating work. We don't have to organize that; we just have to collect the best practices of IPv6 in the first place. --Michael Dillon From nick at foobar.org Wed Jun 9 13:30:49 2010 From: nick at foobar.org (Nick Hilliard) Date: Wed, 09 Jun 2010 12:30:49 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <4C0EDAFF.3040707@ipinc.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> <4C0EDAFF.3040707@ipinc.net> Message-ID: <4C0F7B69.4020708@foobar.org> On 09/06/2010 01:06, Ted Mittelstaedt wrote: > So OK, I GET that there is this thing called Political Correctness that > causes us to want to make a nod to languages other than English. > > But THE FACT IS THAT THE ENGLISH LANGUAGE IS EVERYONE'S CONVENIENT > LANGUAGE. http://www.cafepress.com/cp/customize/product.aspx?number=454037293 Nick From me at benedikt-stockebrand.de Wed Jun 9 13:33:40 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Wed, 09 Jun 2010 11:33:40 +0000 Subject: The use of RIPng In-Reply-To: <201006090638.50089.mtinka@globaltransit.net> (Mark Tinka's message of "Wed, 9 Jun 2010 06:38:49 +0800") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> Message-ID: Hi Mark and list, Mark Tinka writes: > On Friday 04 June 2010 11:47:14 pm Benedikt Stockebrand > wrote: > >> So do I. And with OSPFv3/IPv6 you have to do so anyway. > > No, you don't. sorry, should have written with OSPFv3/IPv6-*only*. Thought it was obvious from the context. > The highest IPv4 (Loopback) address on the router will be > used as the Router ID. Leaving it non-deterministic may be > risky, but valid. This is a rather risky approach indeed: Eventually you disable IPv4 entirely on a machine and all of a sudden your IPv6 routing fails. Setting up these kinds of hidden dependencies sometimes helps on a short term basis but tends to cause significant trouble in the future. >> At least here in Germany those ISPs and hosting providers >> that offer IPv6 tend to offer IPv6 on a "no guarantees" >> basis only, giving both their customers and themselves a >> chance to get their hands dirty. > > In our case, we don't offer IPv4 access to the Internet > "guaranteed" anyway. I didn't write "guaranteed Internet access". There are things like fine print in standard contracts ("Allgemeine Gesch?ftsbedingungen" in German), or individually negotiated SLAs (service level agreements), or similar legal agreements, that cover various details, including various aspects of network connectivity. And in these, IPv4 and IPv6 tend to be treated rather differently. > We guarantee that it will work in as far as forwarding it through > our network is concerned (which is easy to guarantee), but not after > it leaves our network. At least here in Germany you frequently find statements there concerning "redundant (upstream) Internet connectivity" (not a legally exact translation, IANAL) in SLAs or standard fine print. That may not apply to you, though. > This is well-understood across the community. Stop treating me like an idiot. > In that respect, IPv6 is not different, for us. If you have - the same upstream connectivity - the same level of experience and skills through your entire operations team - the same levels of reliability and functionality with regard to your equipment with both IPv4 and IPv6, then IPv6 may be no different than IPv4. But these are assumptions that don't generally apply. As a consequence it is only prudent for ISPs or hosters to distinguish between IPv4 and IPv6 in whatever contracts and SLAs they sign. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From mir at ripe.net Wed Jun 9 14:08:46 2010 From: mir at ripe.net (Mirjam Kuehne) Date: Wed, 09 Jun 2010 14:08:46 +0200 Subject: "IPv6 Ripeness" follow-up measurements on RIPE Labs Message-ID: <4C0F844E.7070503@ripe.net> [apologies for duplicates] Dear colleagues, As a follow-up to the IPv6 Ripeness measurements done earlier (http://labs.ripe.net/content/ipv6-ripeness), we did some more analysis and looked at the age and size of the LIRs and the industry sector they are in. Please find the details on RIPE Labs: http://labs.ripe.net/content/ipv6-ripeness-sequel As always, any comments or suggestions are welcome. You can send us email or post your comments in the forum: http://labs.ripe.net/content/ipv6-ripeness-0 Kind Regards, Mirjam K?hne RIPE NCC From js at yllq.net Wed Jun 9 15:28:29 2010 From: js at yllq.net (Mateusz Pawlowski) Date: Wed, 09 Jun 2010 14:28:29 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <4C0EDAFF.3040707@ipinc.net> References: "<28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> " <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net> <20100605191331.GX23124@serpens.de> <4C0EDAFF.3040707@ipinc.net> Message-ID: Interesting very IPv6 unrelated conversation started here. I'm with Ted on that one. Sorta.. This is English Ops Mailing List for one. All of us speak/write/read English so lets use that common ground to collaborate. Receiving entities who do not read English can use translators like babelfish or google translate ( which is integrated in Chrome and gives seamless experience). There are people who wish to translate to different languages, lets leave that to them. We are going to make it easier for them as well when we stay with English as the common language. Just to clarify, I'm native Polish speaker, can read Russian and Ukrainian... so kinda know a bit about these issues with fragmented knowledge around the Internet On Tue, 08 Jun 2010 17:06:23 -0700, Ted Mittelstaedt wrote: > Imagine getting a native speaker of, say Arabic, to speak Hebrew > as a second language. That's why Israelis and Muslims use English > when they communicate with each other. >From my experience majority speaks Hebrew/Arabic. -- Regards, Mateusz using my Generik Hosting From gert at space.net Wed Jun 9 19:44:02 2010 From: gert at space.net (Gert Doering) Date: Wed, 9 Jun 2010 19:44:02 +0200 Subject: The use of RIPng In-Reply-To: <201006090638.50089.mtinka@globaltransit.net> References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> Message-ID: <20100609174402.GD99602@Space.Net> Hi, On Wed, Jun 09, 2010 at 06:38:49AM +0800, Mark Tinka wrote: > On Friday 04 June 2010 11:47:14 pm Benedikt Stockebrand > wrote: > > At least here in Germany those ISPs and hosting providers > > that offer IPv6 tend to offer IPv6 on a "no guarantees" > > basis only, giving both their customers and themselves a > > chance to get their hands dirty. > > Gert, is this true :-) - just curious, not out to crucify, > hehe? Well, I didn't comment because the thread was drifting a bit already :-) But anyway. What we offer is - customers can get IPv6 connectivity - the backbone and our external links are fully dual-stacked, so we expect and try to provide equal performance within the domain we control - we monitor our network for IPv4 and IPv6 breakage (smokeping etc) - enough of our staff know about IPv6, so if there is a problem with it, it *is* a "supported product" - but not all of the team has had enough operational experience with IPv6 yet, so you might be forwared to a colleague (who might be busy at the time, and thus things might get resolved slower). So it's not "supported as well as IPv4" yet. - if there is a problem "out there in the Internet", chances are that it will take longer to get it fixed with IPv6 than with IPv4 - due to other networks not taking IPv6 serious enough. - our SLAs (which is an interesting topic in itself) don't specifically mention IPv4 or IPv6, so if a customer's link is broken for IPv6 due to a problem in our domain ("misconfigured router"), that customer could point to the SLAs. That hasn't happened yet, because usually the link is broken due to "copper wires cut", which is fairly protocol agnostic :-) > In our case, we don't offer IPv4 access to the Internet > "guaranteed" anyway. We guarantee that it will work in as > far as forwarding it through our network is concerned (which > is easy to guarantee), but not after it leaves our network. > This is well-understood across the community. > > In that respect, IPv6 is not different, for us. Yes. Same here, basically. (We do give customers "Internet access reliability" numbers, based on the RIPE TTM measurements from the two test boxes in our network, and those are indeed a bit lower for the IPv6 enabled TTM boxes than for IPv4) Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 150584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From tedm at ipinc.net Wed Jun 9 19:50:57 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 09 Jun 2010 10:50:57 -0700 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net><20100605191331.GX23124@serpens.de> <4C0EDAFF.3040707@ipinc.net> <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <4C0FD481.3010301@ipinc.net> On 6/9/2010 1:21 AM, michael.dillon at bt.com wrote: > > [irrelevant SCIENCE references deleted] > >> But THE FACT IS THAT THE ENGLISH LANGUAGE IS EVERYONE'S CONVENIENT >> LANGUAGE. > > Actually, your references only demonstrate that English is convenient > for the few people who form part of the scientific elite which engage > in publishing research and teaching. Even that is probably still a > minority of scientists. > Well I was actually going to say that the English Language is everyone's convenient whore but I didn't want my post to get censored. Now that it's out, it won't matter if it does. > Here in the real world of network operations we see things like this > > > If you can't read Russian, it translates as "Cisco translated into > Russian > its CCNA and CCENT certification programmes". Except that with Bablefish I can generally get the data I need out of sites like that. Most software I work with the config files use english keys, even for the non-english localizations. Unfortunately, these days there's such a high signal-to-noise ratio on English websites that more and more in the last few years I've found answers to obscure questions (like for example, has anyone seen such and such happening in such and such program) on non-english language sites much faster than it would take to dig them out of the spammed-up English web. I fully expect that the non-English Internet is going to be stuffed with advertising and other such rubbish in a few years and then I won't be able to find anything there anymore, either. >> Like it or not, there are fundamental advantages to using a SINGLE >> language in the diplomatic, scientific, economic and technological >> realm. > > In the diplomatic realm English-speaking government officials make > a point of using their native language with translators when they > meet, such as the UN Security Council. A notable exception was when > Vladimir Putin and Angela Merkel of Germany met without translators > because both were fluent in German and Russian. > > In the technological realm, the few who can manage good English, spend > some of their time translating documents into their native language > or presenting at conferences in their native language. You, however, > being handicapped by not speaking several languages, cannot see this > even though it is blatantly obvious to the rest of us. > Once more your being totally besides the point. The issue isn't that speakers of only a single descendant dialect of proto-human are handicapped. The issue is that scientific and technological advancement works best the more players involved, and the story "Tower of Babel" serves as warning to the scientific and technological community should it NOT standardize on a single language. Most members of the scientific and technological community have recognized this which is why so many observers have noticed the standardization on a single language. Michael what your trying to do is obscure this simple truth with nationalistic fervor. We all know (or should) that cultures are very much tied up with their language. You could not, for example, have much of a Japanese culture left if you took away the Japanese language. (a fact made very obvious to my son, who learned to speak it) But, technology and science are the SAME across the entire world, a Transistor operates the same in the US as it does in Japan, the electrons don't care what language the people are speaking English ended up the de-facto language whore for a variety of reasons, some of which aren't even applicable any longer - the US isn't even the scientific leader in a number of areas anymore, Japan is. So yes I can get the annoyance of non-English speakers when they run into this, and the Japanese don't help much either since they happily borrow English words and mix them up with Kanji when they feel like it, so the non-English-speaking scientist cannot even hold out the hope that as Japan ascends over the US that English will be replaced by some other language (ie: Japanese) as the de-facto language of science, as a kind of "in-your-face, Westerners" revenge thing. But believe me, if English didn't exist, some OTHER language would become the de-facto scientific standard language and all of you political correctness types would be screaming about some other culture hegemony. You make the VERY COMMON MISTAKE that MANY people make when they equate adoption of the English language to indicate adoption of the Western culture. Well, just remember that the World Trade Center terrorists who flew the airplanes into the Twin Towers had an excellent command of English, to the point they were even getting certified to fly jets - but they certainly didn't adopt the US culture. I would go so far as to say that one of the PRIMARY reasons that English has supplanted German and French is because of this. When you encounter a multilingual person who is a non-native French speaker, or a non-native German speaker, who has taken the time to learn French or German, you know the second they open their mouths to speak it that not only do they know the language but they have an affinity for the French or German culture as well. Because, few people (nowadays) who don't speak French natively will take the trouble to learn it. By contrast, nobody would assume that a Frenchman who speaks English s a second language decided to choose English because he has an affinity for the Brits. People know they can learn English without feeling that their cultural identity is being threatened or that other people will assume they buy-off on Western hegemony > Let's all remember that we need to get everybody to deploy IPv6 in > order to achieve the network effects which make the Internet such > a valuable tool. And to do that, someone needs to speak their language > and teach them. Correct. > Best practices should be widely available in as many > languages as possible, and if we can manage to collect them in one > place, and publicise the collection, then other people will do the > translating work. We don't have to organize that; we just have to > collect the best practices of IPv6 in the first place. > I think you will find that what gets collected on the ARIN wiki isn't going to help the unwashed masses (ie: everybody) on to IPv6. It's going to be too technical. The unwashed masses what a plastic box they can buy that autoconfigures itself and "puts them on IPv6" Ted > --Michael Dillon > > From Sam.Wilson at ed.ac.uk Wed Jun 9 20:15:03 2010 From: Sam.Wilson at ed.ac.uk (Sam Wilson) Date: Wed, 9 Jun 2010 19:15:03 +0100 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <4C0FD481.3010301@ipinc.net> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net><20100605191331.GX23124@serpens.de> <4C0EDAFF.3040707@ipinc.net> <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> <4C0FD481.3010301@ipinc.net> Message-ID: <290DA09C-1238-4CF9-85C2-1FF236D25D27@ed.ac.uk> On 9 Jun 2010, at 18:50, Ted Mittelstaedt wrote: > ...The issue isn't that > speakers of only a single descendant dialect of proto-human are > handicapped. > The issue is that scientific and technological advancement works > best the more players involved, and the story > "Tower of Babel" serves as warning to the scientific and technological > community should it NOT standardize on a single language. Can you expand on that interpretation of the Tower of Babel story? ( non-English readers may find the drop-down menu useful) The usual view is that the humans were too likely to achieve their intention because of their single language and so were stopped by having their languages multiplied. That seems the opposite message to what you intend. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From tedm at ipinc.net Wed Jun 9 21:34:24 2010 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 09 Jun 2010 12:34:24 -0700 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <290DA09C-1238-4CF9-85C2-1FF236D25D27@ed.ac.uk> References: <28E139F46D45AF49A31950F88C4974580637EDE9@E03MVZ2-UKDY.domain1.systemhost.net> <0B45F6CC-23BE-4DC2-9364-BCF7B7C0A5E4@ed.ac.uk> <28E139F46D45AF49A31950F88C4974580637F0CE@E03MVZ2-UKDY.domain1.systemhost.net> <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <28E139F46D45AF49A31950F88C497458063DFA89@E03MVZ2-UKDY.domain1.systemhost.net><20100605191331.GX23124@serpens.de> <4C0EDAFF.3040707@ipinc.net> <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> <4C0FD481.3010301@ipinc.net> <290DA09C-1238-4CF9-85C2-1FF236D25D27@ed.ac.uk> Message-ID: <4C0FECC0.7050407@ipinc.net> On 6/9/2010 11:15 AM, Sam Wilson wrote: > > On 9 Jun 2010, at 18:50, Ted Mittelstaedt wrote: > >> ...The issue isn't that >> speakers of only a single descendant dialect of proto-human are >> handicapped. >> The issue is that scientific and technological advancement works best >> the more players involved, and the story >> "Tower of Babel" serves as warning to the scientific and technological >> community should it NOT standardize on a single language. > > Can you expand on that interpretation of the Tower of Babel story? > ( > non-English readers may find the drop-down menu useful) The usual view > is that the humans were too likely to achieve their intention because of > their single language and so were stopped by having their languages > multiplied. That seems the opposite message to what you intend. > There's actually a number of different interpretations of the Tower of Babel story. My personal view is that the story is pure fiction and was included in the old testament as a way of explaining why the Hebrews kept encountering different cultures in their travels. The Hebrews needed to reassure themselves that when they were busy killing off other people in the name of "purging uncleanliness" that there were right to do so - the story is one of many in Genesis that is used to justify that these "other people" were really supposed to be following the Hebrew God. (ie: not just following, but speaking Hebrew and basically assuming the entire culture) and thus OK to kill. They had "lost their way" But of course, that is a secular view of religion, and one guaranteed to have at least a legion of Bible-thumpers after me with pitchforks. But setting this aside, the "classical" interpretation of the story is useful as an example. The story is that "God" didn't want the tower construction to continue because He didn't want all the humans in one area, He wanted them spread out. But the humans didn't want to spread out they wanted to stay in one place and work together so they started construction of a huge temple on top of a mountain. God knew once the temple was completed that the people probably wouldn't be willing to move away from it, so rather than sending down lightning bolts or whatever to blow it up, he bifurcated the proto-human language that the people were using into incompatible dialects - apparently in an extremely short period of time, like a few minutes. As "God" deliberately didn't make even some humans working on the tower conversant in multiple ones of the new dialects, the construction was effectively halted. The general lesson we can draw from this is that if you want to effectively disrupt any large-scale, cooperative human effort, the quick and dirty yet effective way to do it is to disrupt communications. It follows then that smooth, undisrupted communication is (at the least) a fundamental requirement of any large-scale, cooperative human effort. And IMHO the global Internet today is probably one of the largest, most cooperative human effort we got going. It's very essence is communication, and the fact that virtually all of the world's cultures have embraced it proves that people do understand the importance of undisrupted, standardized communication. I kind of regard languages on the Internet as like different applications on the Internet. You speak HTTP to some devices, FTP to others, SSH to others. Just like you speak English to some people, French to others, Japanese to others. But, all of the actual devices out there that comprise the Internet itself, well THOSE only speak ONE language - IP, and the IPv4 version, mostly right now. This mailing list exists at all because we are trying to force all those devices to change dialect and speak a new dialect of IP - IPv6. We do this because we all know that the Internet won't work if protocols on it bifurcate, we do NOT want the Internet to turn into the next Tower of Babel. Ted From ipv6-ops at otoh.org Wed Jun 9 21:51:56 2010 From: ipv6-ops at otoh.org (Paul Armstrong) Date: Wed, 9 Jun 2010 12:51:56 -0700 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <4C0FECC0.7050407@ipinc.net> References: <302A476A-A092-4448-AB63-E7AC32303AB0@ecs.soton.ac.uk> <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <4C0EDAFF.3040707@ipinc.net> <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> <4C0FD481.3010301@ipinc.net> <290DA09C-1238-4CF9-85C2-1FF236D25D27@ed.ac.uk> <4C0FECC0.7050407@ipinc.net> Message-ID: <20100609195156.GG7631@otoh.org> At 2010-06-09T12:34-0700, Ted Mittelstaedt wrote: > But, all of the actual devices out there that comprise the Internet > itself, well THOSE only speak ONE language - IP, and the IPv4 > version, mostly right now. This mailing list exists at all because > we are trying to force all those devices to change dialect and > speak a new dialect of IP - IPv6. We do this because we all > know that the Internet won't work if protocols on it bifurcate, > we do NOT want the Internet to turn into the next Tower of Babel. A more current analogy: we don't want the Internet to turn into measurement in the USA where there are two systems, one of which is easy to use (metric) and one which is archaic ("english", "customary", insert host of other names). Doing this is insanely expensive and complicates the life of everyone needlessly. Unfortunately, getting people to move from something that's painful but known to something that's easy but requires a little bit of learning is difficult. If we let things get mired down with the IPv4 -> IPv6 we'll end up in a dual-stacked world that's just as miserable as measurement in the USA. It's not that it doesn't work, it's just utterly and needlessly painful. Paul From me at benedikt-stockebrand.de Thu Jun 10 15:51:45 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Thu, 10 Jun 2010 13:51:45 +0000 Subject: The use of RIPng In-Reply-To: <20100609174402.GD99602@Space.Net> (Gert Doering's message of "Wed, 9 Jun 2010 19:44:02 +0200") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> Message-ID: Hi Gert and list, Gert Doering writes: > - our SLAs (which is an interesting topic in itself) don't > specifically mention IPv4 or IPv6, Spacenet has a couple years worth of a headstart with regard to IPv6. With Web.de/United Internet you can get IPv6 to your root server if you just ask, but it's unofficial and to my knowledge not covered by any SLAs. Strato advertises IPv6 but as far as I know they also tag it as an "experimental" feature or whatever---but you know them better than I do. > so if a customer's link is broken for IPv6 due to a problem in > our domain ("misconfigured router"), that customer could point to > the SLAs. It's not only misconfiguration, but possibly also incomplete, unstable or inefficient implementations and the like. > That hasn't happened yet, because usually the link is broken due > to "copper wires cut", which is fairly protocol agnostic :-) Not to mention my long term personal favourite: Lightning strikes. I agree that the problems we have with the last mile are far more troublesome than any IPv4 vs. IPv6 issues. Unfortunately they involve significantly more money and politics than the move towards IPv6, so there's not much we can do about them (except going into politics or making money fast). Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From lists at quux.de Thu Jun 10 16:17:23 2010 From: lists at quux.de (Jens Link) Date: Thu, 10 Jun 2010 16:17:23 +0200 Subject: The use of RIPng In-Reply-To: (Benedikt Stockebrand's message of "Thu\, 10 Jun 2010 13\:51\:45 +0000") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> Message-ID: <87sk4vhszw.fsf@oban.berlin.quux.de> Benedikt Stockebrand writes: > With Web.de/United Internet you can get IPv6 to your root server if > you just ask, but it's unofficial and to my knowledge not covered by > any SLAs. Last time I asked (about 2 month ago) they told me that there was no IPv6 and that they had no plans when they would offer IPv6. I was told to use 6to4. cheers Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From me at benedikt-stockebrand.de Thu Jun 10 17:06:54 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Thu, 10 Jun 2010 15:06:54 +0000 Subject: The use of RIPng In-Reply-To: <87sk4vhszw.fsf@oban.berlin.quux.de> (Jens Link's message of "Thu, 10 Jun 2010 16:17:23 +0200") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> <87sk4vhszw.fsf@oban.berlin.quux.de> Message-ID: Hi Jens and list, Jens Link writes: > Last time I asked (about 2 month ago) they told me that there was no > IPv6 and that they had no plans when they would offer IPv6. I was told > to use 6to4. contact F.P., he knows who to ask. You can get a /56 over a configured tunnel (to one of their local routers) from them for quite some time (at least about a year) now. It's just that they are more prudent than Strato with regard to the support spike issue that a large scale IPv6 advertisement may cause. Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From tobias at linuxdingsda.de Thu Jun 10 18:40:25 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Thu, 10 Jun 2010 18:40:25 +0200 Subject: The use of RIPng In-Reply-To: <87sk4vhszw.fsf@oban.berlin.quux.de> References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> <87sk4vhszw.fsf@oban.berlin.quux.de> Message-ID: <4C111579.1040506@linuxdingsda.de> On 06/10/2010 04:17 PM, Jens Link wrote: > Benedikt Stockebrand writes: > >> With Web.de/United Internet you can get IPv6 to your root server if >> you just ask, but it's unofficial and to my knowledge not covered by >> any SLAs. > > Last time I asked (about 2 month ago) they told me that there was no > IPv6 and that they had no plans when they would offer IPv6. I was told > to use 6to4. Have a look here: http://hilfe-center.1und1.de/server/root_server/howtos/1.html Cheers Tobias -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100610/2afc5e90/attachment.bin From lists at quux.de Thu Jun 10 18:45:37 2010 From: lists at quux.de (Jens Link) Date: Thu, 10 Jun 2010 18:45:37 +0200 Subject: The use of RIPng In-Reply-To: <4C111579.1040506@linuxdingsda.de> (Tobias Winter's message of "Thu\, 10 Jun 2010 18\:40\:25 +0200") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> <87sk4vhszw.fsf@oban.berlin.quux.de> <4C111579.1040506@linuxdingsda.de> Message-ID: <87wru6bzv2.fsf@oban.berlin.quux.de> Tobias Winter writes: > http://hilfe-center.1und1.de/server/root_server/howtos/1.html I know that one and was told by one of the 1&1 networking guys that the FAQ is outdated and that he would to 6to4. cheers Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From spz at serpens.de Fri Jun 11 03:48:49 2010 From: spz at serpens.de (S.P.Zeidler) Date: Fri, 11 Jun 2010 03:48:49 +0200 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <20100609195156.GG7631@otoh.org> References: <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <4C0EDAFF.3040707@ipinc.net> <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> <4C0FD481.3010301@ipinc.net> <290DA09C-1238-4CF9-85C2-1FF236D25D27@ed.ac.uk> <4C0FECC0.7050407@ipinc.net> <20100609195156.GG7631@otoh.org> Message-ID: <20100611014845.GO23124@serpens.de> Thus wrote Paul Armstrong (ipv6-ops at otoh.org): > Doing this is insanely expensive and complicates the life of everyone > needlessly. Unfortunately, getting people to move from something that's > painful but known to something that's easy but requires a little bit of > learning is difficult. It's going to be even more difficult if you actively try to suppress giving the people who need to do the actual work the information they need to have. Contrary to what some people on this list seem to believe, you do not say "oh I want to speak another language now", clap your hands and a magic genie bestows the ability to you. If that was the case I'd speak half a dozen languages more than I do :-P I know quite a lot of people who had English lessons 4 hours per week for 7 years at school and still haven't reached 'competent'. They didn't manage to learn a second language well enough when they were teenagers and actually had the necessary time to sink into it (and 'bad grades' was an additional incentive), what makes you believe they would have any better success suddenly now? You don't need to go all "oh my precious culture" to just not be able to learn another language well enough. It's a good thing the actual power of people on this list to prevent other people from doing as they please is near null. regards, spz -- spz at serpens.de (S.P.Zeidler) From dougb at dougbarton.us Fri Jun 11 07:37:26 2010 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 10 Jun 2010 22:37:26 -0700 Subject: IPv6 cookbook - was RA vs. DHCPv6 discussion In-Reply-To: <20100611014845.GO23124@serpens.de> References: <28E139F46D45AF49A31950F88C497458063DFA2F@E03MVZ2-UKDY.domain1.systemhost.net> <4C0EDAFF.3040707@ipinc.net> <28E139F46D45AF49A31950F88C4974580644991E@E03MVZ2-UKDY.domain1.systemhost.net> <4C0FD481.3010301@ipinc.net> <290DA09C-1238-4CF9-85C2-1FF236D25D27@ed.ac.uk> <4C0FECC0.7050407@ipinc.net> <20100609195156.GG7631@otoh.org> <20100611014845.GO23124@serpens.de> Message-ID: <4C11CB96.3080004@dougbarton.us> If I'm alone in thinking that this thread veered off into the weeds many days ago, I can live with that .... -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ From gert at space.net Sun Jun 13 12:17:35 2010 From: gert at space.net (Gert Doering) Date: Sun, 13 Jun 2010 12:17:35 +0200 Subject: The use of RIPng In-Reply-To: <87wru6bzv2.fsf@oban.berlin.quux.de> References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> <87sk4vhszw.fsf@oban.berlin.quux.de> <4C111579.1040506@linuxdingsda.de> <87wru6bzv2.fsf@oban.berlin.quux.de> Message-ID: <20100613101735.GE99602@Space.Net> Hi, On Thu, Jun 10, 2010 at 06:45:37PM +0200, Jens Link wrote: > Tobias Winter writes: > > > http://hilfe-center.1und1.de/server/root_server/howtos/1.html > > I know that one and was told by one of the 1&1 networking guys that the > FAQ is outdated and that he would to 6to4. Well, so terminate your contract with 1&1 and go to Strato... "fully supported IPv6 there". (I know that 1&1 had issues with their last-hop router not being IPv6 capable, and thus they went for the "local tunnel" solution - which is not *that* bad. OTOH, just pointing interested customers to 6to4 is *very* bad). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 150584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From lists at quux.de Sun Jun 13 21:56:01 2010 From: lists at quux.de (Jens Link) Date: Sun, 13 Jun 2010 21:56:01 +0200 Subject: The use of RIPng In-Reply-To: <20100613101735.GE99602@Space.Net> (Gert Doering's message of "Sun\, 13 Jun 2010 12\:17\:35 +0200") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> <87sk4vhszw.fsf@oban.berlin.quux.de> <4C111579.1040506@linuxdingsda.de> <87wru6bzv2.fsf@oban.berlin.quux.de> <20100613101735.GE99602@Space.Net> Message-ID: <877hm2906m.fsf@oban.berlin.quux.de> Gert Doering writes: > Well, so terminate your contract with 1&1 and go to Strato... I don't have a contract with 1&1 and for personal reasons I would prefer not to become a customer of Strato. The reason why I asked 1&1 inofficialy was that an organization I'm working with has their servers there and I really would like to have IPv6 for these server. Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink at guug.de | ------------------- | ------------------------------------------------------------------------- From me at benedikt-stockebrand.de Mon Jun 14 11:26:42 2010 From: me at benedikt-stockebrand.de (Benedikt Stockebrand) Date: Mon, 14 Jun 2010 09:26:42 +0000 Subject: The use of RIPng In-Reply-To: <20100613101735.GE99602@Space.Net> (Gert Doering's message of "Sun, 13 Jun 2010 12:17:35 +0200") References: <201006042251.13517.mtinka@globaltransit.net> <201006090638.50089.mtinka@globaltransit.net> <20100609174402.GD99602@Space.Net> <87sk4vhszw.fsf@oban.berlin.quux.de> <4C111579.1040506@linuxdingsda.de> <87wru6bzv2.fsf@oban.berlin.quux.de> <20100613101735.GE99602@Space.Net> Message-ID: Hi Gert, Jens, Tobias and list, Gert Doering writes: > On Thu, Jun 10, 2010 at 06:45:37PM +0200, Jens Link wrote: >> Tobias Winter writes: >> >> > http://hilfe-center.1und1.de/server/root_server/howtos/1.html >> >> I know that one and was told by one of the 1&1 networking guys that the >> FAQ is outdated and that he would to 6to4. I double checked on a regional mailing list. According to Roman Meyer of 1&1 they are working to get away from the configured tunnel setup as soon as possible, but until then the (configured 6in4) tunnel solution as explained in the howto is still available. > Well, so terminate your contract with 1&1 and go to Strato... "fully > supported IPv6 there". Since I know about the machines Jens is referring to: This isn't exactly something you do over a weekend. > (I know that 1&1 had issues with their last-hop router not being IPv6 > capable, and thus they went for the "local tunnel" solution - which is > not *that* bad. OTOH, just pointing interested customers to 6to4 is > *very* bad). At least the people I know at 1&1 are well aware of this. Jens, did you ask through the mail address mentioned in the FAQ or did you just contact their general support? Cheers, Benedikt -- Business Grade IPv6 Consulting, Training, Projects Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/ From alan.batie at peakinternet.com Wed Jun 16 03:34:49 2010 From: alan.batie at peakinternet.com (Alan Batie) Date: Tue, 15 Jun 2010 18:34:49 -0700 Subject: Looking for DNS/Operational experience In-Reply-To: <4A03B4E6.9070104@ibctech.ca> References: <4A03B4E6.9070104@ibctech.ca> Message-ID: <4C182A39.6050701@peakinternet.com> On 5/7/09 9:28 PM, Steve Bertrand wrote: > It would also be fantastic if some of the persons who have extensive > operational experience could speak up and share: > > - the size of space received > - their number of clients and/or peers > - how they carved up their space > - why they carved it up that way > - what made them cut the space on specific boundaries I'm at this point myself; we (an ISP) have a /32 that we're starting to move from prototype to operational, and I'm specifically trying to iron out the reverse dns zones. I've never really understood why a zone would be different from a domain until now, but I'm thinking about putting zones at word boundaries, as doing them for every nibble seems overkill and add excessive queries. For now at least, word boundaries seem an optimal boundary between recursive queries and managing the zone; this will probably change as deployment ramps up. I'm open to education and "better practice" recommendations though... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5280 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100615/81b35c40/attachment.bin From alan.batie at peakinternet.com Fri Jun 18 00:34:12 2010 From: alan.batie at peakinternet.com (Alan Batie) Date: Thu, 17 Jun 2010 15:34:12 -0700 Subject: odd dns behavior on osx Message-ID: <4C1AA2E4.7030705@peakinternet.com> I've been using www.v6.facebook.com since I found out about it earlier this week, and OSX is exhibiting some odd behavior: after a short time (the cache timeout period?), gui apps, specifically firefox and safari complain "can't find host". From a terminal window, I can ping6 the site, after which firefox and safari can again find it themselves. Very odd... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5280 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100617/4eaa48cb/attachment.bin From alan.batie at peakinternet.com Fri Jun 18 01:41:54 2010 From: alan.batie at peakinternet.com (Alan Batie) Date: Thu, 17 Jun 2010 16:41:54 -0700 Subject: odd dns behavior on osx In-Reply-To: <4C1AA2E4.7030705@peakinternet.com> References: <4C1AA2E4.7030705@peakinternet.com> Message-ID: <4C1AB2C2.4040801@peakinternet.com> On 6/17/10 3:34 PM, Alan Batie wrote: > I've been using www.v6.facebook.com since I found out about it earlier > this week, and OSX is exhibiting some odd behavior: after a short time > (the cache timeout period?), gui apps, specifically firefox and safari > complain "can't find host". From a terminal window, I can ping6 the > site, after which firefox and safari can again find it themselves. Very > odd... To followup: I did a tcpdump and it's not doing a dns query at all when in this state. A "dscacheutil -flushcache" will fix it as well as the "ping6" --- it looks like the Aqua interface is doing its own dns caching, only not refreshing expired AAAA entries... I did report the problem to Apple, but the 2nd tech (who at least didn't think "IPv6" was a type of server ;-) ) didn't have IPv6 access to anything to test. He's reporting it up the chain though... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5280 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100617/34615f66/attachment.bin From tore.anderson at redpill-linpro.com Fri Jun 18 07:48:18 2010 From: tore.anderson at redpill-linpro.com (Tore Anderson) Date: Fri, 18 Jun 2010 07:48:18 +0200 Subject: odd dns behavior on osx In-Reply-To: <4C1AA2E4.7030705@peakinternet.com> References: <4C1AA2E4.7030705@peakinternet.com> Message-ID: <4C1B08A2.8060403@redpill-linpro.com> Hi Alan, * Alan Batie > I've been using www.v6.facebook.com since I found out about it earlier > this week, and OSX is exhibiting some odd behavior: after a short time > (the cache timeout period?), gui apps, specifically firefox and safari > complain "can't find host". From a terminal window, I can ping6 the > site, after which firefox and safari can again find it themselves. Very > odd... You're experiencing a known OS X bug. It will send out the A and AAAA queries in parallel, and will use the first answer it gets back and ignore the second one. You probably get an NXDOMAIN response to your A request first, and therefore the AAAA response you're actually interested in gets ignored. Using ping6 will force an AAAA-only query to be sent, that way you end up getting the correct response cached in the OS for some time. See: http://openradar.appspot.com/7333104 Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27 From ryan at u13.net Sat Jun 19 10:52:02 2010 From: ryan at u13.net (Ryan Rawdon) Date: Sat, 19 Jun 2010 04:52:02 -0400 Subject: odd dns behavior on osx In-Reply-To: <4C1B08A2.8060403@redpill-linpro.com> References: <4C1AA2E4.7030705@peakinternet.com> <4C1B08A2.8060403@redpill-linpro.com> Message-ID: <4C1C8532.8070000@u13.net> Firstly I'll point out that I'm not denying the existence of the bug described, it is something I've observed at least since Snow Leopard was released. However, if this is the case for v6-only hosts, then why wouldn't this cause IPv4-only hostnames to suffer the same sporadic brokenness that the OP describes with v6-only hostnames? e.g. the same dual queries for a v4-only host like mozilla.org go out, comes back with the AAAA NXDOMAIN first, thus causing the A answer to be refused and subsequently result in the browsing failure. Ryan On 6/18/10 1:48 AM, Tore Anderson wrote: > Hi Alan, > > * Alan Batie > > >> I've been using www.v6.facebook.com since I found out about it earlier >> this week, and OSX is exhibiting some odd behavior: after a short time >> (the cache timeout period?), gui apps, specifically firefox and safari >> complain "can't find host". From a terminal window, I can ping6 the >> site, after which firefox and safari can again find it themselves. Very >> odd... >> > You're experiencing a known OS X bug. It will send out the A and AAAA > queries in parallel, and will use the first answer it gets back and > ignore the second one. You probably get an NXDOMAIN response to your A > request first, and therefore the AAAA response you're actually > interested in gets ignored. > > Using ping6 will force an AAAA-only query to be sent, that way you end > up getting the correct response cached in the OS for some time. > > See: http://openradar.appspot.com/7333104 > > Best regards, > From bjorn at mork.no Sat Jun 19 11:47:31 2010 From: bjorn at mork.no (=?utf-8?Q?Bj=C3=B8rn_Mork?=) Date: Sat, 19 Jun 2010 11:47:31 +0200 Subject: odd dns behavior on osx In-Reply-To: <4C1B08A2.8060403@redpill-linpro.com> (Tore Anderson's message of "Fri, 18 Jun 2010 07:48:18 +0200") References: <4C1AA2E4.7030705@peakinternet.com> <4C1B08A2.8060403@redpill-linpro.com> Message-ID: <87fx0je4lo.fsf@nemi.mork.no> Tore Anderson writes: > * Alan Batie > >> I've been using www.v6.facebook.com since I found out about it earlier >> this week, and OSX is exhibiting some odd behavior: after a short time >> (the cache timeout period?), gui apps, specifically firefox and safari >> complain "can't find host". From a terminal window, I can ping6 the >> site, after which firefox and safari can again find it themselves. Very >> odd... > > You're experiencing a known OS X bug. It will send out the A and AAAA > queries in parallel, and will use the first answer it gets back and > ignore the second one. You probably get an NXDOMAIN response to your A > request first, and therefore the AAAA response you're actually > interested in gets ignored. I believe you meant NODATA instead of NXDOMAIN here? If you send two queries for the same name and one of them returns NXDOMAIN and the other not, then something is fundamentally broken. And it's not the resolver... But I assume that is not the case you are talking about. See RFC2308 for a useful classification of the different negative DNS results you may encounter. Bj?rn From tore.anderson at redpill-linpro.com Sun Jun 20 15:42:20 2010 From: tore.anderson at redpill-linpro.com (Tore Anderson) Date: Sun, 20 Jun 2010 15:42:20 +0200 Subject: odd dns behavior on osx In-Reply-To: <87fx0je4lo.fsf@nemi.mork.no> References: <4C1AA2E4.7030705@peakinternet.com> <4C1B08A2.8060403@redpill-linpro.com> <87fx0je4lo.fsf@nemi.mork.no> Message-ID: <4C1E1ABC.6010701@redpill-linpro.com> * Bj?rn Mork > Tore Anderson writes: >> You're experiencing a known OS X bug. It will send out the A and AAAA >> queries in parallel, and will use the first answer it gets back and >> ignore the second one. You probably get an NXDOMAIN response to your A >> request first, and therefore the AAAA response you're actually >> interested in gets ignored. > > I believe you meant NODATA instead of NXDOMAIN here? The bug report says NXDOMAIN, but now that you mention it, I agree that NODATA would make more sense in order for it to be considered an OS X bug. Perhaps the two just got confused. Can't confirm it myself though as I don't own a Mac. Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27 From tore.anderson at redpill-linpro.com Sun Jun 20 15:52:48 2010 From: tore.anderson at redpill-linpro.com (Tore Anderson) Date: Sun, 20 Jun 2010 15:52:48 +0200 Subject: odd dns behavior on osx In-Reply-To: <4C1C8532.8070000@u13.net> References: <4C1AA2E4.7030705@peakinternet.com> <4C1B08A2.8060403@redpill-linpro.com> <4C1C8532.8070000@u13.net> Message-ID: <4C1E1D30.20703@redpill-linpro.com> * Ryan Rawdon > However, if this is the case for v6-only hosts, then why wouldn't this > cause IPv4-only hostnames to suffer the same sporadic brokenness that > the OP describes with v6-only hostnames? e.g. the same dual queries > for a v4-only host like mozilla.org go out, comes back with the AAAA > NXDOMAIN first, thus causing the A answer to be refused and subsequently > result in the browsing failure. I can think of three possible options: - A queries are given preferential treatment, so that a negative AAAA response doesn't cause OS X to stop waiting for the A response, and/or: - OS X might optimise away AAAA queries if the machine doesn't have a global IPv6 address, thus masking the problem for most people on the internet today, and/or: - A responses are generally answered more rapidly than AAAA queries due to them being more likely to be pre-cached. I don't have a Mac, so I can't confirm any of them. Feel free to do so though, it shouldn't be more difficult than to look at the DNS traffic with tcpdump as the problem is being reproduced. Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27 From sthaug at nethelp.no Sun Jun 20 15:54:56 2010 From: sthaug at nethelp.no (sthaug at nethelp.no) Date: Sun, 20 Jun 2010 15:54:56 +0200 (CEST) Subject: odd dns behavior on osx In-Reply-To: <4C1E1ABC.6010701@redpill-linpro.com> References: <4C1B08A2.8060403@redpill-linpro.com> <87fx0je4lo.fsf@nemi.mork.no> <4C1E1ABC.6010701@redpill-linpro.com> Message-ID: <20100620.155456.74710874.sthaug@nethelp.no> > >> You're experiencing a known OS X bug. It will send out the A and AAAA > >> queries in parallel, and will use the first answer it gets back and > >> ignore the second one. You probably get an NXDOMAIN response to your A > >> request first, and therefore the AAAA response you're actually > >> interested in gets ignored. > > > > I believe you meant NODATA instead of NXDOMAIN here? > > The bug report says NXDOMAIN, but now that you mention it, I agree that > NODATA would make more sense in order for it to be considered an OS X > bug. Perhaps the two just got confused. Can't confirm it myself though > as I don't own a Mac. I believe the point here is that if you receive an NXDOMAIN response to an A query, it says that neither A nor *any other* resource record exists for the give name - and thus you cannot get an AAAA later. If AAAA exists and A does not, NODATA is the correct response to an A query. Steinar Haug, Nethelp consulting, sthaug at nethelp.no From tore.anderson at redpill-linpro.com Sun Jun 20 16:27:57 2010 From: tore.anderson at redpill-linpro.com (Tore Anderson) Date: Sun, 20 Jun 2010 16:27:57 +0200 Subject: odd dns behavior on osx In-Reply-To: <20100620.155456.74710874.sthaug@nethelp.no> References: <4C1B08A2.8060403@redpill-linpro.com> <87fx0je4lo.fsf@nemi.mork.no> <4C1E1ABC.6010701@redpill-linpro.com> <20100620.155456.74710874.sthaug@nethelp.no> Message-ID: <4C1E256D.4040104@redpill-linpro.com> * sthaug at nethelp.no >> The bug report says NXDOMAIN, but now that you mention it, I agree that >> NODATA would make more sense in order for it to be considered an OS X >> bug. Perhaps the two just got confused. Can't confirm it myself though >> as I don't own a Mac. > > I believe the point here is that if you receive an NXDOMAIN response > to an A query, it says that neither A nor *any other* resource record > exists for the give name - and thus you cannot get an AAAA later. Yep, you've understood it correctly. If the OpenRadar page is right about it being an NXDOMAIN answer that causes the problem to manifest itself, I would consider it to be a resolver bug instead of an OS X bug. But, like I said, it's possible that the report just mixed up NODATA with NXDOMAIN. In that case it would most definitely be an OS X bug. Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27 From alan.batie at peakinternet.com Tue Jun 22 00:28:43 2010 From: alan.batie at peakinternet.com (Alan Batie) Date: Mon, 21 Jun 2010 15:28:43 -0700 Subject: odd dns behavior on osx In-Reply-To: <4C1B08A2.8060403@redpill-linpro.com> References: <4C1AA2E4.7030705@peakinternet.com> <4C1B08A2.8060403@redpill-linpro.com> Message-ID: <4C1FE79B.5010901@peakinternet.com> On 6/17/10 10:48 PM, Tore Anderson wrote: > You're experiencing a known OS X bug. It will send out the A and AAAA > queries in parallel, and will use the first answer it gets back and > ignore the second one. The reason I think this is a cache timeout bug in the gui libraries is that it always works on a fresh query, i.e. after clearing the dns cache, and it always fails after a period of time (though I haven't had a chance to characterize the details, it "feels" like the one hour cache timeout facebook uses). Though I just upgraded to 10.6.4 this morning here at work, and I'm not seeing the problem now --- maybe they fixed it... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5280 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100621/48425d74/attachment.bin From alan.batie at peakinternet.com Thu Jun 24 01:06:17 2010 From: alan.batie at peakinternet.com (Alan Batie) Date: Wed, 23 Jun 2010 16:06:17 -0700 Subject: odd dns behavior on osx In-Reply-To: <4C1FE79B.5010901@peakinternet.com> References: <4C1AA2E4.7030705@peakinternet.com> <4C1B08A2.8060403@redpill-linpro.com> <4C1FE79B.5010901@peakinternet.com> Message-ID: <4C229369.9060307@peakinternet.com> On 6/21/10 3:28 PM, Alan Batie wrote: > Though I just upgraded to 10.6.4 this morning here at work, and I'm not > seeing the problem now --- maybe they fixed it... Nope, it didn't. If anything it's worse...