RE: IPv6 internet broken, cogent/telia/hurricane not peering
The reply must've been stuck in Cogent's network for the past 13 years. Chris -Original Message- From: NANOG On Behalf Of Chris Adams Sent: Thursday, August 11, 2022 10:17 AM To: nanog@nanog.org Subject: Re: IPv6 internet broken, cogent/telia/hurricane not peering Once upon a time, Niels Bakker said: > * volki...@gmail.com (VOLKAN KIRIK) [Thu 11 Aug 2022, 15:52 CEST]: > >hello > > You're replying to a thread from 2009. Please advise. Maybe they're a Cogent sales rep that, when trying snipe a customer's customer, got push-back on "can I get to Google and HE on IPv6 on your circuit?". -- Chris Adams
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Once upon a time, Niels Bakker said: > * volki...@gmail.com (VOLKAN KIRIK) [Thu 11 Aug 2022, 15:52 CEST]: > >hello > > You're replying to a thread from 2009. Please advise. Maybe they're a Cogent sales rep that, when trying snipe a customer's customer, got push-back on "can I get to Google and HE on IPv6 on your circuit?". -- Chris Adams
Re: IPv6 internet broken, cogent/telia/hurricane not peering
* volki...@gmail.com (VOLKAN KIRIK) [Thu 11 Aug 2022, 15:52 CEST]: hello You're replying to a thread from 2009. Please advise. -- Niels.
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Think twice before asking the largest global IPv6 network as measured by prefixes announced to pay Cogent for peering. Also what’s with Telia here? Best regards August Yang On 2022-08-11 09:46, VOLKAN KIRIK wrote: hello nobody has to peer with some operator for free. they are simply trading internet services. they do not have to believe in FREE (as in price) internet connectivity.. if they peered you, you would decrease the price of the products even more and more... ask cogentco (as174) for paid peering. they will give you nice paid peering or ip transit offer that you can use for both ipv4 and ipv6. for example i would assume they would be OK charging he.net (as6939) 5 usd cent per megabit. you need to understand that you are never going to become tier1 without support from as174. they are currently cheapest and they are okay with dual homing too. think like united nations security council. you must think twice; are you gaining any profit by segmenting world-wide internet? or are you loosing prospective single-homing customers because you lack connectivity to as174 clients? we must think big. asking for a money is OKay while begging for FREE service is not... operating NOC and backbone has some expenses that henet wouldnt understand with their rented links. cogentco bear much more expenses than henet i am not here to insult henet but i honestly think that they are contemptible... just like google's peering decision makers. sir! if you have become big content/eyeball operator, doesnt mean that every operator in the industry have to respect your tier-1 policy and give you their services for free. thats the thing henet and google couldnt understand. think like UNSC and you will understand even USA can not do anything they want in the world, as RU has voting right, too. TL;DR; instead of crying here and begging for free service. send real representatives that could negotiate the money you would pay. bye
RE: IPv6 internet broken, cogent/telia/hurricane not peering
hello nobody has to peer with some operator for free. they are simply trading internet services. they do not have to believe in FREE (as in price) internet connectivity.. if they peered you, you would decrease the price of the products even more and more... ask cogentco (as174) for paid peering. they will give you nice paid peering or ip transit offer that you can use for both ipv4 and ipv6. for example i would assume they would be OK charging he.net (as6939) 5 usd cent per megabit. you need to understand that you are never going to become tier1 without support from as174. they are currently cheapest and they are okay with dual homing too. think like united nations security council. you must think twice; are you gaining any profit by segmenting world-wide internet? or are you loosing prospective single-homing customers because you lack connectivity to as174 clients? we must think big. asking for a money is OKay while begging for FREE service is not... operating NOC and backbone has some expenses that henet wouldnt understand with their rented links. cogentco bear much more expenses than henet i am not here to insult henet but i honestly think that they are contemptible... just like google's peering decision makers. sir! if you have become big content/eyeball operator, doesnt mean that every operator in the industry have to respect your tier-1 policy and give you their services for free. thats the thing henet and google couldnt understand. think like UNSC and you will understand even USA can not do anything they want in the world, as RU has voting right, too. TL;DR; instead of crying here and begging for free service. send real representatives that could negotiate the money you would pay. bye
Re: IPv6 internet broken, cogent/telia/hurricane not peering
please full support huricane ! De-peer your ipv6 peering cogent/telia or max prepend it. ! Le mercredi 21 octobre 2009 à 05:00 -0700, Matthew Petach a écrit : On Wed, Oct 21, 2009 at 12:13 AM, Richard A Steenbergen r...@e-gerbil.netwrote: On Tue, Oct 20, 2009 at 10:53:17PM -0700, Matthew Petach wrote: And tonight we saw in public that even that path is being attempted: http://www.flickr.com/photos/77519...@n00/4031434206/ (and yes, it was yummy and enjoyed by all at the peering BoF!) So Cogent...won't you please make nice with HE.net and get back together again? ^_^ Matt (speaking for neither party, but very happy to eat cake nonetheless) Cogent Pleas IPv6... for some reason that cake typo is even funnier than the correct version. :) And now even better shots of the cake have been forthcoming from people. :) http://www.flickr.com/photos/77519...@n00/4031195041/ (I was all the way at the far other end of the room taking notes on the laptop, so I never got to see the cake intact at all--all the photos are from others who were closer to the cake, and got to see it in its pristine glory). Fortunately, I did get to partake in the eating of it. ^_^ Matt (This cake is great, it's so delicious and moist...* ;) *http://www.lyricsmode.com/lyrics/e/ellen_mclain/still_alive.html
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Please don't break existing connectivity in an effort to show support for Hurricane. That's going in the wrong direction and it doesn't help the users of the internet, your customers, or ours. Please do continue to, or start peering with Hurricane. The internet works best when people peer. Breaking or damaging that in any way is not helping any of our customers and it is contrary to Hurricane's desire. We appreciate the intended message of support, but, it's most important to preserve functionality for all of our customers. Thanks, Owen DeLong IPv6 Evangelist Hurricane Electric On Oct 22, 2009, at 5:08 AM, Frédéric wrote: please full support huricane ! De-peer your ipv6 peering cogent/telia or max prepend it. ! Le mercredi 21 octobre 2009 à 05:00 -0700, Matthew Petach a écrit : On Wed, Oct 21, 2009 at 12:13 AM, Richard A Steenbergen r...@e-gerbil.net wrote: On Tue, Oct 20, 2009 at 10:53:17PM -0700, Matthew Petach wrote: And tonight we saw in public that even that path is being attempted: http://www.flickr.com/photos/77519...@n00/4031434206/ (and yes, it was yummy and enjoyed by all at the peering BoF!) So Cogent...won't you please make nice with HE.net and get back together again? ^_^ Matt (speaking for neither party, but very happy to eat cake nonetheless) Cogent Pleas IPv6... for some reason that cake typo is even funnier than the correct version. :) And now even better shots of the cake have been forthcoming from people. :) http://www.flickr.com/photos/77519...@n00/4031195041/ (I was all the way at the far other end of the room taking notes on the laptop, so I never got to see the cake intact at all--all the photos are from others who were closer to the cake, and got to see it in its pristine glory). Fortunately, I did get to partake in the eating of it. ^_^ Matt (This cake is great, it's so delicious and moist...* ;) *http://www.lyricsmode.com/lyrics/e/ellen_mclain/still_alive.html
Re: IPv6 internet broken, cogent/telia/hurricane not peering
yes of course, sorry my wrong use of english. Le jeudi 22 octobre 2009 à 05:19 -0700, Owen DeLong a écrit : Please don't break existing connectivity in an effort to show support for Hurricane. That's going in the wrong direction and it doesn't help the users of the internet, your customers, or ours. Please do continue to, or start peering with Hurricane. The internet works best when people peer. Breaking or damaging that in any way is not helping any of our customers and it is contrary to Hurricane's desire. We appreciate the intended message of support, but, it's most important to preserve functionality for all of our customers. Thanks, Owen DeLong IPv6 Evangelist Hurricane Electric On Oct 22, 2009, at 5:08 AM, Frédéric wrote: please full support huricane ! De-peer your ipv6 peering cogent/telia or max prepend it. ! Le mercredi 21 octobre 2009 à 05:00 -0700, Matthew Petach a écrit : On Wed, Oct 21, 2009 at 12:13 AM, Richard A Steenbergen r...@e-gerbil.net wrote: On Tue, Oct 20, 2009 at 10:53:17PM -0700, Matthew Petach wrote: And tonight we saw in public that even that path is being attempted: http://www.flickr.com/photos/77519...@n00/4031434206/ (and yes, it was yummy and enjoyed by all at the peering BoF!) So Cogent...won't you please make nice with HE.net and get back together again? ^_^ Matt (speaking for neither party, but very happy to eat cake nonetheless) Cogent Pleas IPv6... for some reason that cake typo is even funnier than the correct version. :) And now even better shots of the cake have been forthcoming from people. :) http://www.flickr.com/photos/77519...@n00/4031195041/ (I was all the way at the far other end of the room taking notes on the laptop, so I never got to see the cake intact at all--all the photos are from others who were closer to the cake, and got to see it in its pristine glory). Fortunately, I did get to partake in the eating of it. ^_^ Matt (This cake is great, it's so delicious and moist...* ;) *http://www.lyricsmode.com/lyrics/e/ellen_mclain/still_alive.html
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Tue, Oct 20, 2009 at 10:53:17PM -0700, Matthew Petach wrote: And tonight we saw in public that even that path is being attempted: http://www.flickr.com/photos/77519...@n00/4031434206/ (and yes, it was yummy and enjoyed by all at the peering BoF!) So Cogent...won't you please make nice with HE.net and get back together again? ^_^ Matt (speaking for neither party, but very happy to eat cake nonetheless) Cogent Pleas IPv6... for some reason that cake typo is even funnier than the correct version. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Wed, Oct 21, 2009 at 12:13 AM, Richard A Steenbergen r...@e-gerbil.netwrote: On Tue, Oct 20, 2009 at 10:53:17PM -0700, Matthew Petach wrote: And tonight we saw in public that even that path is being attempted: http://www.flickr.com/photos/77519...@n00/4031434206/ (and yes, it was yummy and enjoyed by all at the peering BoF!) So Cogent...won't you please make nice with HE.net and get back together again? ^_^ Matt (speaking for neither party, but very happy to eat cake nonetheless) Cogent Pleas IPv6... for some reason that cake typo is even funnier than the correct version. :) And now even better shots of the cake have been forthcoming from people. :) http://www.flickr.com/photos/77519...@n00/4031195041/ (I was all the way at the far other end of the room taking notes on the laptop, so I never got to see the cake intact at all--all the photos are from others who were closer to the cake, and got to see it in its pristine glory). Fortunately, I did get to partake in the eating of it. ^_^ Matt (This cake is great, it's so delicious and moist...* ;) *http://www.lyricsmode.com/lyrics/e/ellen_mclain/still_alive.html
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Mon, Oct 12, 2009 at 12:41 PM, Mike Leber mle...@he.net wrote: ... We don't ignore comments about connectivity, in fact quite the opposite. We study each AS and which ASes are behind them. We work on getting peering with the specific AS, in the case that they are unresponsive, getting the ASes behind them. Among the things we do to discuss peering: send email to any relevant contacts, call them, contact them on IRC, send people to the relevant conferences to seek them out specifically, send people to their offices, etc. So far we stop short of baking cakes, but hey... And tonight we saw in public that even that path is being attempted: http://www.flickr.com/photos/77519...@n00/4031434206/ (and yes, it was yummy and enjoyed by all at the peering BoF!) So Cogent...won't you please make nice with HE.net and get back together again? ^_^ Matt (speaking for neither party, but very happy to eat cake nonetheless)
Re: IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
On Mon, Oct 12, 2009 at 2:44 PM, Seth Mattinen se...@rollernet.us wrote: Marco Hogewoning wrote: As this thread has drifted off topic any way, would it for instance be a good idea to simply not accept mail from hosts that clearly use autoconfig ie reject all smtp from EUI-64 addresses. Of course not a wise idea for your own outbound relays which should handle mail from your customers but on the incoming side it might as well save a lot of headache and there is no need to keep track of which /64 are access networks. That would be really, really bad. My 3750's won't accept arbitrary /128's in an ACL unless it's EUI-64 or I make up something similar that it will like. I'm sure I'm not the only person who owns a 3750. As such, my mail servers are using EUI-64 addresses. ~Seth As I understand it, (and Cisco's documentation seems to support this, http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/M1.html#wpxref54198 as an example), if you put a /128 in an ACL, you cannot specify any L4 port information for the address due to the limited width of the TCAM; in order to specify L4 information for the ACL, Cisco stuffs it into bits 24 through 39, losing what information was originally stored in those bits. It just so happens those are the fixed FFFE bits in an EUI-64 address, so if you're using EUI-64, no real information is lost. You can do your own non-EUI-64 addressing and still use ACLs with layer 4 port information as long as you don't put any addressing information into bits 24 through 39. Or, if you want to be *really* clever, you can address blocks of hosts with identical functions and identical security rules by assigning them addresses that differ *only* in bits 24 through 39; then, a single L4 /128 rule in you v6 ACL will actually apply to the entire equivalence class of servers, since from the router's perspective, it doesn't distinguish one server from the next as far as applying the ACL rule. However, if you opt to do this, make sure you document it *really* carefully, so the poor engineer who has to pick up after you will understand why the router is treating all of the servers identically, in spite of having what looks to be a single /128 listed in its ACL. ^_^; Matt
Re: IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
Matthew Petach wrote: As I understand it, (and Cisco's documentation seems to support this, http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/M1.html#wpxref54198 as an example), if you put a /128 in an ACL, you cannot specify any L4 port information for the address due to the limited width of the TCAM; in order to specify L4 information for the ACL, Cisco stuffs it into bits 24 through 39, losing what information was originally stored in those bits. It just so happens those are the fixed FFFE bits in an EUI-64 address, so if you're using EUI-64, no real information is lost. You can do your own non-EUI-64 addressing and still use ACLs with layer 4 port information as long as you don't put any addressing information into bits 24 through 39. Interesting; makes sense though. Thanks for the explanation. ~Seth
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Oct 12, 2009, at 7:41 AM, Igor Ybema wrote: I recently noticed that there seems a peering issue on the ipv6 internet. As we all know hurricane is currently the largest ipv6 carrier. Other large carriers are now implementing ipv6 on their networks, like Cogent and Telia. However, due to some politics it seems that they are not peering with each other resulting in a broken ipv6 internet currently. I noticed this by using the looking glasses from telia and hurricane. This is only a real problem if you use hurricane as the only transit. However, hurricane also announces 6to4 relays. When you happen to use the hurricane relay server (due to the shortest path), cogent and telia (and maybe more) are not reachable. I already asked hurricane about their point of view. They simply just ignore it because they 'are the biggest one'. It is sad to see that networks which used to care about connectivity, peering, latency, etc., when they are small change their mind when they are big. The most recent example is Cogent, an open peer who decided to turn down peers when they reached transit free status. I never thought HE would be one of those networks. -- TTFN, patrick
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Oct 12, 2009, at 6:09 PM, Patrick W. Gilmore wrote: It is sad to see that networks which used to care about connectivity, peering, latency, etc., when they are small change their mind when they are big. The most recent example is Cogent, an open peer who decided to turn down peers when they reached transit free status. I never thought HE would be one of those networks. Do we have any proof it's HE rejecting peering or is it that Cogent en Telia alike that are to proud to ask and think they can have a piece of the pie as they did with v4 ? MarcoH
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Igor Ybema wrote: Hi, I recently noticed that there seems a peering issue on the ipv6 internet. As we all know hurricane is currently the largest ipv6 carrier. Other large carriers are now implementing ipv6 on their networks, like Cogent and Telia. However, due to some politics it seems that they are not peering with each other resulting in a broken ipv6 internet currently. I noticed this by using the looking glasses from telia and hurricane. This is only a real problem if you use hurricane as the only transit. However, hurricane also announces 6to4 relays. When you happen to use the hurricane relay server (due to the shortest path), cogent and telia (and maybe more) are not reachable. I already asked hurricane about their point of view. They simply just ignore it because they 'are the biggest one'. I'm currious about you point of view. Don't get me started on IPv6 crap... ;) If you are interested, I don't want to spam the list with my Verizon horror story, but you can read it here: http://www.rollernet.us/wordpress/category/ipv6/ ~Seth
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Perhaps someone from HE can re-confirm their open peering policy for us? If they aren't (open) anymore, I'm impressed by the bravado... Deepak - Original Message - From: Marco Hogewoning mar...@marcoh.net To: Patrick W. Gilmore patr...@ianai.net Cc: NANOG list nanog@nanog.org Sent: Mon Oct 12 12:15:34 2009 Subject: Re: IPv6 internet broken, cogent/telia/hurricane not peering On Oct 12, 2009, at 6:09 PM, Patrick W. Gilmore wrote: It is sad to see that networks which used to care about connectivity, peering, latency, etc., when they are small change their mind when they are big. The most recent example is Cogent, an open peer who decided to turn down peers when they reached transit free status. I never thought HE would be one of those networks. Do we have any proof it's HE rejecting peering or is it that Cogent en Telia alike that are to proud to ask and think they can have a piece of the pie as they did with v4 ? MarcoH
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Oct 12, 2009, at 12:23 PM, Deepak Jain wrote: Perhaps someone from HE can re-confirm their open peering policy for us? If they aren't (open) anymore, I'm impressed by the bravado... To be clear, I was not trying to imply that HE has a closed policy. But I can see how people might think that given my Cogent example. My apologies to HE. And to be fair, I'm pounding on HE because they've always cared about their customers. I expect Telia to care more about their own ego than their customers' connectivity. So banging on them is nonproductive. In summary: HE has worked tirelessly and mostly thanklessly to promote v6. They have done more to bring v6 to the forefront than any other network. But at the end of day, despite HE's valiant effort on v6, v6 has all the problems of v4 on the backbone, PLUS growing pains. Which means it is difficult to rely on it, as v4 has enough dangers on its own. Anyway, I have confidence HE is trying to fix this. But I still think the fact that it happened - whatever the reason - is a black eye for the v6 Internet, whatever the hell that is. -- TTFN, patrick - Original Message - From: Marco Hogewoning mar...@marcoh.net To: Patrick W. Gilmore patr...@ianai.net Cc: NANOG list nanog@nanog.org Sent: Mon Oct 12 12:15:34 2009 Subject: Re: IPv6 internet broken, cogent/telia/hurricane not peering On Oct 12, 2009, at 6:09 PM, Patrick W. Gilmore wrote: It is sad to see that networks which used to care about connectivity, peering, latency, etc., when they are small change their mind when they are big. The most recent example is Cogent, an open peer who decided to turn down peers when they reached transit free status. I never thought HE would be one of those networks. Do we have any proof it's HE rejecting peering or is it that Cogent en Telia alike that are to proud to ask and think they can have a piece of the pie as they did with v4 ? MarcoH
Re: IPv6 internet broken, cogent/telia/hurricane not peering
sure would be nice if there was a diagnosis before the lynching
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Just saw that telia - HE AND telia - Cogent got fixed. They are now connected through CW. Maybe someone got woken up by these messages :) Cogent and HE is still broken but then again, i...@cogent is still beta. regards, Igor
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Oct 12, 2009, at 12:52 PM, Randy Bush wrote: sure would be nice if there was a diagnosis before the lynching If this happened in v4, would customers care 'why' it happened? Obviously not. Why should v6 be any different? It either is or is not production ready. I'm interested in HE's view on that. -- TTFN, patrick
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On October 12, 2009, Patrick W. Gilmore wrote: In summary: HE has worked tirelessly and mostly thanklessly to promote v6. They have done more to bring v6 to the forefront than any other network. But at the end of day, despite HE's valiant effort on v6, v6 has all the problems of v4 on the backbone, PLUS growing pains. Which means it is difficult to rely on it, as v4 has enough dangers on its own. And don't forget.. Once IPv6 gets to the mainstream.. IP Reputation lists are going to have a real fun time :) Spammers would love to see IPv6 in place I am sure. ;) Routing IPv6 is going to require one heck of a thinking re- adjustment. Would be nice to just leave IPv6 in the premises, and keep IPv4 for routing. -- -- Catch the Magic of Linux... Michael Peddemors - President/CEO - LinuxMagic Products, Services, Support and Development Visit us at http://www.linuxmagic.com A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic is a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-589-0037 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Mon, Oct 12, 2009 at 07:06:37PM +0200, Igor Ybema wrote: Just saw that telia - HE AND telia - Cogent got fixed. They are now connected through CW. Maybe someone got woken up by these messages :) Cogent and HE is still broken but then again, i...@cogent is still beta. Cogent has never carried a full IPv6 table, and probably never will (or at least, not for a REALLY long time). They aren't using any IPv6 transit, and will only turn up peering with a handful of large networks as measured by their IPv4 peering stats. This isn't even close to representative of the IPv6 routing table, so they're probably going to continue to miss huge chunks of IPv6 for many years to come. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Patrick W. Gilmore wrote: On Oct 12, 2009, at 12:52 PM, Randy Bush wrote: sure would be nice if there was a diagnosis before the lynching If this happened in v4, would customers care 'why' it happened? Obviously not. I suspect more NAT will become a better solution than migrating to IPv6 if/when runout becomes a problem because there's just not enough visibility or providers that take it seriously enough for IPv6 to be a viable solution. I try to do my part but it's a horrible pain. Why should v6 be any different? It either is or is not production ready. I'm interested in HE's view on that. As far as HE goes, they're so pro-IPv6 I would be surprised if anything intentionally bad was going on. I wish more providers had their attitude towards IPv6. ~Seth
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Mon, 2009-10-12 at 10:47 -0700, Seth Mattinen wrote: Patrick W. Gilmore wrote: On Oct 12, 2009, at 12:52 PM, Randy Bush wrote: sure would be nice if there was a diagnosis before the lynching If this happened in v4, would customers care 'why' it happened? Obviously not. I suspect more NAT will become a better solution than migrating to IPv6 if/when runout becomes a problem because there's just not enough visibility or providers that take it seriously enough for IPv6 to be a viable solution. I try to do my part but it's a horrible pain. And then you have the hoards of DSLreports people screaming about how they do not have a routeable IP address anymore, which is bad for business, and then IPv6 comes about because the people *demand* it. (although they do not necessarily know they are demanding that -- what they are demanding is the ability to continue having publically routeable IP addresses for their broadband connection.) William
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On 12/10/09 10:25 -0700, Michael Peddemors wrote: On October 12, 2009, Patrick W. Gilmore wrote: In summary: HE has worked tirelessly and mostly thanklessly to promote v6. They have done more to bring v6 to the forefront than any other network. But at the end of day, despite HE's valiant effort on v6, v6 has all the problems of v4 on the backbone, PLUS growing pains. Which means it is difficult to rely on it, as v4 has enough dangers on its own. And don't forget.. Once IPv6 gets to the mainstream.. IP Reputation lists are going to have a real fun time :) Spammers would love to see IPv6 in place I am sure. ;) Routing IPv6 is going to require one heck of a thinking re- adjustment. Would be nice to just leave IPv6 in the premises, and keep IPv4 for routing. Reputation lists will just be on the /64, /56 and /48 boundaries, rather than IPv4 /32. -- Dan White BTC Broadband
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Dan White wrote: Reputation lists will just be on the /64, /56 and /48 boundaries, rather than IPv4 /32. And then people will scream because someone setup a layout that hands out /128 addresses within a /64 pool. Jack
IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
On Oct 12, 2009, at 9:14 PM, Jack Bates wrote: Dan White wrote: Reputation lists will just be on the /64, /56 and /48 boundaries, rather than IPv4 /32. And then people will scream because someone setup a layout that hands out /128 addresses within a /64 pool. There is that chance yes especially from access networks which use RA. As this thread has drifted off topic any way, would it for instance be a good idea to simply not accept mail from hosts that clearly use autoconfig ie reject all smtp from EUI-64 addresses. Of course not a wise idea for your own outbound relays which should handle mail from your customers but on the incoming side it might as well save a lot of headache and there is no need to keep track of which /64 are access networks. Just a few cents, MarcoH
Re: IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
Marco Hogewoning wrote: [..] As this thread has drifted off topic any way, would it for instance be a good idea to simply not accept mail from hosts that clearly use autoconfig ie reject all smtp from EUI-64 addresses Can you please *NOT* suggest people *STUPID* ideas like filtering on arbitrary bits inside an address!? Thank you. I hope that you realize that stupid people will use these kind of practices and then forget to update them when they are actually realize that they are just that: stupid. Just a note: it is very useful to be able to just throw boxes in an ethernet, bootp them and assign them a function. This is how most large scale ISPs work, maybe no yours but there are lots that do. Assigning addresses using a stateless method like RA is suddenly a god-given. Of course if you do not want to receive mail from anybody, just don't use the Internet. Of course not a wise idea for your own outbound relays which should handle mail from your customers but on the incoming side it might as well save a lot of headache and there is no need to keep track of which /64 are access networks. Just use a *DYNAMIC* RBL, aka one which updates, aka the same system as currently in use on IPv4. These will most likely start blocking per /64, and when reaching a certain amount of /64s /48, will block the /48 and when reaching a certain amount of /48s per /32 just block out the whole /32. Of course other current IPv4 practices for fending of botted hosts include: - require a valid and correct SMTP conversation - require HELO/EHLO + that the given hostname properly forward + reverses and matches the host that is connecting (this simple check cuts out most botted hosts) - Score sending hosts and message based on RBL and message content (aka use spamassassin and keep your rules up to date) For IPv6 nothing changes, the only thing that might change is that RBLs will take above policy, aggregating their prefixes to avoid hosts that swap addresses inside a /64, /48 or even a complete /32 to spam the world. This is also a good thing, because ISPs who keep their network clean will not go into the RBL, just like in IPv4. or in postfix config something like: 8-- smtpd_data_restrictions = reject_unauth_pipelining smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_maps smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unauth_pipelining, permit_mynetworks smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_unknown_hostname, reject_invalid_hostname, reject_unauth_pipelining smtpd_helo_required = yes smtpd_client_restrictions = permit_mynetworks --8 Problem solved. Happy internetting Greets, Jeroen (Who indeed is not calling Marco stupid, as he is one of those people who is not stupid, he sometimes just has a wrong idea, just like me ;) signature.asc Description: OpenPGP digital signature
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Igor Ybema wrote: I recently noticed that there seems a peering issue on the ipv6 internet. As we all know hurricane is currently the largest ipv6 carrier. Other large carriers are now implementing ipv6 on their networks, like Cogent and Telia. However, due to some politics it seems that they are not peering with each other resulting in a broken ipv6 internet currently. I noticed this by using the looking glasses from telia and hurricane. I'll spell it out for your entertainment. Hurricane aggressively tries to solve connectivity problems, IPv4 or IPv6. In the case of Cogent, they hilariously are trying to reduce peering with Hurricane over time. Hurricane has IPv4 peering with Cogent. Years ago this was at four locations in the world, then this was at three locations in the world, then two locations in the world. Why? Because over time when a BGP session would go down for longer than 30 seconds, Cogent permanently shut the session. Both Cogent and Hurricane have progressively lowered the local preference and otherwise filtered the routes we receive from each other to prevent the connections from saturating due to the size of our networks and the number of prefixes we each announce. These connections were a combination of OC12s in the US and public peering in Europe. Hurricane repeatedly over the years has pushed to replace the OC12s with atleast giges (if not 10GE), on the principle it would be cheaper, conform to more of the hardware each of us uses, allow us to remove legacy OC12 cards from the network, etc. Cogent hasn't. Why? Because even though they are content heavy and due to the routing tables one might infer they don't have settlement free peering with all networks, they don't want to help Hurricane in any way. Ok, fine. Not everybody choses to operate their network this way, usually most are more concerned about their customers, however hey who am I to say whatever they view as their core mission isn't being met. If you've been around long enough, you'd know that normally nobody talks about peering publicly like this. Most of the core network operators here could just infer what I told you above. Then why would I write this post? Because I want to set the record straight regarding Hurricane Electric's IPv6 peering goals, and nothing in Cogent's case seems to get through to them. Oh, BTW, let me describe the special case of irony. If Cogent wanted to ensure they weren't in a subservient role in IPv6 as they are for IPv4 (and I'm not talking about Hurricane, I'm talking about all the networks they've ever had to pay or fight in one way or another), then they would be working to have a complete IPv6 table by working with a player like Hurricane which reduces their dependency on networks that will be difficult with them, that is: be cooperative with them rather than give them a huge amount of crap and try to torture them at each turn (i.e. in order to get peering you need to buy these local loops, etc etc etc). BTW, regarding the comments about 6to4, with Hurricane Electric you will reach more of the IPv6 Internet, with lower latency than anybody else. I already asked hurricane about their point of view. They simply just ignore it because they 'are the biggest one'. We don't ignore comments about connectivity, in fact quite the opposite. We study each AS and which ASes are behind them. We work on getting peering with the specific AS, in the case that they are unresponsive, getting the ASes behind them. Among the things we do to discuss peering: send email to any relevant contacts, call them, contact them on IRC, send people to the relevant conferences to seek them out specifically, send people to their offices, etc. So far we stop short of baking cakes, but hey... Our goal is to provide as much connectivity to as many people as possible. That might be our goal, however, not everybody's goal on the Internet is to provide as much connectivity as possible for their customers. Mike.
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On October 12, 2009, Dan White wrote: Reputation lists will just be on the /64, /56 and /48 boundaries, rather than IPv4 /32. IF Network Operators started advertising and routing /64 addresses, and assuming there were email servers our there running MX records on IPv6, http://eng.genius.com/blog/2009/09/14/email-on-ipv6/ for the spammers to send too, they would quickly adopt the idea of large blocks of IPv6 Addresses. If you had to apply reputation to them individually, it would make a much larger dataset to maintain. If you look at for instance the number of IP's on RATS-DYNA and RATS-NOPTR, (examples of IP's typically representative of DUL's) they have 65 Million IP's in the database at /32 IPv4, just think what the numbers would be with IPv6. Spammers could in theory be using a much larger set of routable IP's to send from. Once NAT is out, it opens a huge can of worms to detect and maintain the size of databases that would be needed to reflect this new space. With 18,446,744,073,709,551,616 compared to 4,294,967,296 anyone who is trying to build an effecient way to gather and store reputation, has their work cut out for them. Currently, maintaining the reputation of the IPv4 space is feasible, however once we reach IPv6 numbers, it would almost require a model of registering IP's for certain uses. We have enough trouble getting current providers to even have whois delgation, of who is using what part of their IPv4 spaces, I don't expect it to get any easier with IPv6. Imagine the size of ACL lists? -- -- Catch the Magic of Linux... Michael Peddemors - President/CEO - LinuxMagic Products, Services, Support and Development Visit us at http://www.linuxmagic.com A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic is a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-589-0037 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
Re: IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
On Oct 12, 2009, at 9:40 PM, Jeroen Massar wrote: Marco Hogewoning wrote: [..] As this thread has drifted off topic any way, would it for instance be a good idea to simply not accept mail from hosts that clearly use autoconfig ie reject all smtp from EUI-64 addresses Can you please *NOT* suggest people *STUPID* ideas like filtering on arbitrary bits inside an address!? Thank you. I was just testing out how others feel about this... (Who indeed is not calling Marco stupid, as he is one of those people who is not stupid, he sometimes just has a wrong idea, just like me ;) Just testing the waters, the solution you suggested is more practical but you know as well as i do that there are those people out there who just filter out any inetnum object which matches *dsl* or *dhcp* which is about the same. MarcoH
Re: IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
Marco Hogewoning wrote: On Oct 12, 2009, at 9:40 PM, Jeroen Massar wrote: Marco Hogewoning wrote: [..] As this thread has drifted off topic any way, would it for instance be a good idea to simply not accept mail from hosts that clearly use autoconfig ie reject all smtp from EUI-64 addresses Can you please *NOT* suggest people *STUPID* ideas like filtering on arbitrary bits inside an address!? Thank you. I was just testing out how others feel about this... (Who indeed is not calling Marco stupid, as he is one of those people who is not stupid, he sometimes just has a wrong idea, just like me ;) Just testing the waters, the solution you suggested is more practical but you know as well as i do that there are those people out there who just filter out any inetnum object which matches *dsl* or *dhcp* which is about the same. Well, that is simply because some people are stupid ;) Greets, Jeroen (Who now hopes these couple of messages are properly archived so that if stupid people at least google they don't fall into the above pitfulls). signature.asc Description: OpenPGP digital signature
RE: IPv6 internet broken, cogent/telia/hurricane not peering
No need for me to repeat what Mike has posted. I agree 100% with him on all fronts. Mike and his team have gone out of their way to promote and support IPv6 from the very beginning and I think everyone knows this. In the past, I had some differences with Mike over legacy policies that Hurricane adopted initially, but after spending time with him and explaining those issues, he did everything in his power to correct them. I'd even say he went above and beyond everyone's expectations. I hope this issue gets resolved quickly. I've seen first hand the political issues in v4 and I really hope we don't have a repeat of this in v6. There are a handful of providers that have turned to a restrictive IPv6 policy (or must be existing peer in v4 to peer in v6 with us) and I find it outrageous at this point in time. Cogent, get with the program. Regards, Randy
Re: IPv6 internet broken, cogent/telia/hurricane not peering
On Mon, Oct 12, 2009 at 1:56 PM, Randy Epstein repst...@chello.at wrote: No need for me to repeat what Mike has posted. I agree 100% with him on all fronts. Mike and his team have gone out of their way to promote and support IPv6 from the very beginning and I think everyone knows this. In the past, I had some differences with Mike over legacy policies that Hurricane adopted initially, but after spending time with him and explaining those issues, he did everything in his power to correct them. I'd even say he went above and beyond everyone's expectations. I hope this issue gets resolved quickly. I've seen first hand the political issues in v4 and I really hope we don't have a repeat of this in v6. There are a handful of providers that have turned to a restrictive IPv6 policy (or must be existing peer in v4 to peer in v6 with us) and I find it outrageous at this point in time. Cogent, get with the program. *shrug* If Cogent wants to isolate itself from the rest of the Internet, it's kinda their problem, right? I mean, it's their network, if they don't want to play with the rest of us, they don't have to. They just won't have much to offer their customers if they decide not to play along. There's no mandate about universal connectivity; when you buy service from a provider, you select which provider to buy from based on the breadth and scope of services you desire. There may be a huge customer base for Cogent that fears the rest of the IPv6 Internet, and doesn't want to connect to it. If there's enough of a revenue stream from them to keep Cogent afloat, more power to them, I applaud them for discovering an alternative business model. I, for one, don't particularly believe in the utility of such a service, and wouldn't pay for it, but that doesn't mean there aren't a lot of frightened, paranoid people who really do want to play in a sheltered walled garden, kept apart from everyone else--and if Cogent can make a business out of servicing them, more power to them. I just wouldn't put my salary on the line banking on that business model panning out.* Regards, Randy Matt *note, however, that I also opted to stay in college in 1991, rather than join Cisco because I felt they did not have a workable business model; in 1995, I rejected Mosaic Communications, because the idea of trying to compete with a freely downloadable browser seemed like business suicide; and I rejected Google's offer letter in early 2000, because it was clear that trying to compete with altavista by trying to support a company off revenues from search advertising was completely ludicrous. Given that track record, some may take my scathing indictment of Cogent's walled garden approach to IPv6 as a clear indicator of future earnings potential. :/
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Cogent: You are absolutely insane. You are doing nothing but alienating your customers and doing a disservice to IPv6 and the internet as a whole. You are publishing records for www.cogentco.com, which means that I CANNOT reach it to even look at your looking glass. I send my prefixes to 4436, 22822, and 6939 and you are not peering with any of them. Why not peer, for FREE, with 6939? What could you possibly gain from NOT doing this? HE is NOT going to buy transit from you (nor am I). Please fix your policy. May I suggest to vote with your feet and take your business somewhere else. They obviously are not interested in you, your traffic or your money. MarcoH
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Marco Hogewoning wrote: Cogent: You are absolutely insane. You are doing nothing but alienating your customers and doing a disservice to IPv6 and the internet as a whole. You are publishing records for www.cogentco.com, which means that I CANNOT reach it to even look at your looking glass. I send my prefixes to 4436, 22822, and 6939 and you are not peering with any of them. Why not peer, for FREE, with 6939? What could you possibly gain from NOT doing this? HE is NOT going to buy transit from you (nor am I). Please fix your policy. May I suggest to vote with your feet and take your business somewhere else. They obviously are not interested in you, your traffic or your money. MarcoH Already done. All they are doing is continuing to provide fodder for engineers to tell their bosses why to NOT consider 174 transit when it's brought up. -Dave
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Matt *note, however, that I also opted to stay in college in 1991, rather than join Cisco because I felt they did not have a workable business model; in 1995, I rejected Mosaic Communications, because the idea of trying to compete with a freely downloadable browser seemed like business suicide; and I rejected Google's offer letter in early 2000, because it was clear that trying to compete with altavista by trying to support a company off revenues from search advertising was completely ludicrous. Given that track record, some may take my scathing indictment of Cogent's walled garden approach to IPv6 as a clear indicator of future earnings potential. :/ *rofl* *cries* That was good!
Re: IPv6 internet broken, cogent/telia/hurricane not peering
sure would be nice if there was a diagnosis before the lynching If this happened in v4, would customers care 'why' it happened? Obviously not. Why should v6 be any different? It either is or is not production ready. I'm interested in HE's view on that. many of us are interested in diagnosis. few in your lynch rope. randy
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Funny enough, we've been looking at moving from 174 to HE for a large amount of traffic, and this discussion is making the decision *a lot* easier. On 10/12/09, Dave Temkin dav...@gmail.com wrote: Marco Hogewoning wrote: Cogent: You are absolutely insane. You are doing nothing but alienating your customers and doing a disservice to IPv6 and the internet as a whole. You are publishing records for www.cogentco.com, which means that I CANNOT reach it to even look at your looking glass. I send my prefixes to 4436, 22822, and 6939 and you are not peering with any of them. Why not peer, for FREE, with 6939? What could you possibly gain from NOT doing this? HE is NOT going to buy transit from you (nor am I). Please fix your policy. May I suggest to vote with your feet and take your business somewhere else. They obviously are not interested in you, your traffic or your money. MarcoH Already done. All they are doing is continuing to provide fodder for engineers to tell their bosses why to NOT consider 174 transit when it's brought up. -Dave -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Randy Bush wrote: sure would be nice if there was a diagnosis before the lynching If this happened in v4, would customers care 'why' it happened? Obviously not. Why should v6 be any different? It either is or is not production ready. I'm interested in HE's view on that. many of us are interested in diagnosis. few in your lynch rope. What Randy has been *hinting* at is largely relevant... I'm a /32 holder, with clients that have /48. I would appreciate some of the diagnostic paperwork that has been written... Steve ps. I'm not choosing sides in any way, nor do I want to start a flame, but HE has been exceptionally helpful v6-wise since I got into the game.
Re: IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
Marco Hogewoning wrote: As this thread has drifted off topic any way, would it for instance be a good idea to simply not accept mail from hosts that clearly use autoconfig ie reject all smtp from EUI-64 addresses. Of course not a wise idea for your own outbound relays which should handle mail from your customers but on the incoming side it might as well save a lot of headache and there is no need to keep track of which /64 are access networks. That would be really, really bad. My 3750's won't accept arbitrary /128's in an ACL unless it's EUI-64 or I make up something similar that it will like. I'm sure I'm not the only person who owns a 3750. As such, my mail servers are using EUI-64 addresses. ~Seth