RE: Best practice - dual stack DNS?

2013-10-22 Thread Trevor Warwick (twarwick) 
FWIW, the RFC6106 support that's in IOS (big I) allows one to specify  DNS 
Server Addresses but not, currently, the DNS Search List.  As Lorenzo 
mentioned, this is in the latest ASR1000 release, and will appear on other 
platforms over time as their releases pick up the latest version of ND. E.g. 
for the "T" release on ISRs, this is intended to ship in Q1CY14 - but as ever, 
contact your account team for committed dates.

Trevor


From: ipv6-ops-bounces+twarwick=cisco@lists.cluenet.de 
[mailto:ipv6-ops-bounces+twarwick=cisco@lists.cluenet.de] On Behalf Of Eric 
Vyncke (evyncke)
Sent: 22 October 2013 06:15
To: Lorenzo Colitti
Cc: Roger Wiklund; ipv6-ops@lists.cluenet.de
Subject: RE: Best practice - dual stack DNS?

I stand corrected and thanks for the good pieces of news

-éric

From: Lorenzo Colitti [mailto:lore...@google.com]
Sent: mardi 22 octobre 2013 10:42
To: Eric Vyncke (evyncke)
Cc: Roger Wiklund; ipv6-ops@lists.cluenet.de; 
Brian E Carpenter
Subject: RE: Best practice - dual stack DNS?


AIUI Cisco supports RFC 6106 on the ASR1K.
Mac OS X and iOS do support it, I think (tested recently).
Android does not yet support it.
Windows does not support it.
On 22 Oct 2013 13:45, "Eric Vyncke (evyncke)" 
mailto:evyn...@cisco.com>> wrote:
I can confirm the lack of support on IOS (see my email address). Moreover, 
AFAIK there is no support in Windows, Android and Mac OS/X

-éric

From: 
ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de
 
[mailto:ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de]
 On Behalf Of Roger Wiklund
Sent: mardi 22 octobre 2013 01:54
To: Brian E Carpenter
Cc: ipv6-ops@lists.cluenet.de
Subject: Re: Best practice - dual stack DNS?

Not supported on either IOS or JUNOS afaik.

/Roger

On Mon, Oct 21, 2013 at 9:41 PM, Brian E Carpenter 
mailto:brian.e.carpen...@gmail.com>> wrote:
What about http://tools.ietf.org/html/rfc6106 ?

   Brian

On 22/10/2013 01:24, Roger Wiklund wrote:
> Hi.
>
> I'm setting up a wireless guest network with dual stack.
> Private IPv4 via DHCP and public IPv6 via SLAAC.
>
> At first had the client first hop IPv6 routing on the WAN CPE using SLAAC
> and DHCPv6 just for DNS.
>
> I decided to move the client first hop IPv6 routing to the ASA firewall
> instead, but it does not support DHCPv6.
>
> So currently I only have IPv4 DNS and what works just fine. What's the best
> practice for dual stack DNS? Should I bother with setting up DHCPv6 relay
> etc?
>
> Thanks!
>
> /Roger
>

RE: The subnet-router anycast address

2013-10-09 Thread Trevor Warwick (twarwick) 
I think that the RFC4291 2.6.1 definition of "required to support"  is not made 
clear enough.

Section 2.6 says that anycast addresses must be "explicitly configured".  2.6.1 
mentions that one address per subnet is "pre-defined" as the subnet-router 
anycast address.   But the RFC doesn't say anything about the relationship 
between something being "explicitly configured" and "pre-defined", so you can 
argue for either behaviour being compliant to the wording.   The IOS (capital 
I!) implementation has always worked the way you note below, and requires 
explicit configuration. 

That apart, the HTC behaviour you mention is interesting, and I can't think 
what  it's for. Something related to tethering perhaps ??

Trevor


-Original Message-
From: ipv6-ops-bounces+twarwick=cisco@lists.cluenet.de 
[mailto:ipv6-ops-bounces+twarwick=cisco@lists.cluenet.de] On Behalf Of 
Harald Terkelsen
Sent: 09 October 2013 10:41
To: ipv6-ops@lists.cluenet.de
Subject: The subnet-router anycast address

Hi!

Is anyone actually using the subnet-router anycast address in your network?

RFC 4291 says in "2.6.1. Required Anycast Address":
"All routers are required to support the Subnet-Router anycast addresses for 
the subnets to which they have interfaces."

What does "required to support" mean here?

Should every device believing it is some kind of router always reply to 
neighbor solicitation requests for this address by default?

Should it be configurable and up to the administrator to decide which routers 
and interfaces should enable and use this address?


We have observed different behaviour from devices in our network. Our F5 
load balancer always responds to NS for the subnet-router anycast 
address with no obvious way to make it stop doing so. Our Cisco 6500 
only responds if the address is configured on the interface. Linux 
responds when IPv6 forwarding is enabled. On our wireless subnets, we 
see lots of DAD requests for the subnet-router anycast coming from MAC 
addresses registered to HTC. If the address is already in use, it looks 
like the HTC-device do not do anything about it. If the address is not 
in use, it will enable the subnet-router anycast address and starts 
responding to NS requests for this address.


Regards,

Harald Terkelsen

RE: Cisco IOS IPv6 TCP MSS adjustment (from orignial thread: option 212 for 6RD)

2013-05-10 Thread Trevor Warwick (twarwick) 
I thought it would be worth giving an update on a couple matters arising from 
this original thread.

- The behaviour Mikael noticed, where MSS adjustment wasn't working for TCP 
over IPv6, was a bug that was specific to the 7300 platform. The fix is now 
committed and will ship in the next maintenance update of 15.2(4)M.

- Partly as a result of the feedback received on the original thread, there is 
a revised implementation of TCP MSS adjustment planned initially for 15.3(3)M 
for ISR platforms, which will allow MSS for TCP over IPv4 and IPv6  to be 
adjusted independently. This implementation will then appear on the ASR1000 
series in a subsequent release, currently intended to be 15.4(1)S. [usual 
disclaimer about not taking these plans as commitments applies, if you have a 
need for any of these capabilities in a particular timeframe, please work with 
your account team to get formal agreements for delivery]

Trevor
--
Trevor Warwick
Director, Cisco NOSTG Software Engineering, UK

-Original Message-
From: Trevor Warwick (twarwick) 
Sent: 25 January 2013 10:05
To: 'Mikael Abrahamsson'
Cc: Ivan Pepelnjak; ipv6-ops@lists.cluenet.de
Subject: RE: option 212 for 6RD

OK, let me look at this offline and get back to you. The code is definitely 
present in that version, so it's either a bug or a config. issue.

Trevor


-Original Message-
From: Mikael Abrahamsson [mailto:swm...@swm.pp.se]
Sent: 25 January 2013 08:52
To: Trevor Warwick (twarwick)
Cc: Ivan Pepelnjak; ipv6-ops@lists.cluenet.de
Subject: RE: option 212 for 6RD

On Thu, 24 Jan 2013, Trevor Warwick (twarwick) wrote:

> In IOS 15.2(4)M and later, the "ip tcp adjust-mss" command will also 
> cause the same configured value to be used for adjusting IPv6 TCP 
> connections.

I tried this on my 6rd tunnel interface and it didn't work (no change seen on 
IPv6 MSS in either direction).

After reading your email I also tried to configure it on the uplink interfaces 
(they do IPv4/IPv6 native forwarding, no MPLS), and it didn't seem to make any 
difference (command used was "ip tcp adjust-mss 1200").

Cisco IOS Software, 7301 Software (C7301-ADVIPSERVICESK9-M), Version 15.2(4)M2, 
RELEASE SOFTWARE (fc2)

c7301-advipservicesk9-mz.152-4.M2.bin

-- 
Mikael Abrahamssonemail: swm...@swm.pp.se