Re: Blackholing traffic by ASN
wee! and for some extra fun, just append the bad-guy's ASN to your route announcements, force bgp loop-detection to kill the traffic on their end (presuming they don't default-route as well) Even more fun if you are not the only one filtering that ASN. :) Andras
Re: /48 for each and every endsite (Was: European ISP enables IPv6 for all?)
But even in 2000 the policy was and still is: /128 for really a single device /64 if you know for sure that only one single subnet will ever be allocated. /48 for every other case (smart bet, should be used per default) I believe this policy is changing. The new text is: End Users are assigned an End Site assignment from their LIR or ISP. The size of the assignment is a local decision for the LIR or ISP to make, using a minimum value of a /64 (only one subnet is anticipated for the End Site). RIPE Policy Proposal 2005-08 was accepted in November. http://www.ripe.net/ripe/policies/proposals/2005-08.html Andras
Re: European ISP enables IPv6 for all?
doesn't more address space just give us more routes to handle? No. It only makes more possible prefixes. Migrating to IPv6 while keeping the current (IPv4) routing and current business relations, there would be somewhat less routes: bigger address space - bigger chunks - less need to incrementally add prefixes to the same place - less prefixes Andras
Re: European ISP enables IPv6 for all?
doesn't more address space just give us more routes to handle? No. It only makes more possible prefixes. Migrating to IPv6 while keeping the current (IPv4) routing and current business relations, there would be somewhat less routes: bigger address space - bigger chunks - less need to incrementally add prefixes to the same place - less prefixes You mean more address space - individual businesses want to multihome and are willing to pay for their own space - more prefixes. These are different business relations. I know for sure that IPv6 allows us to keep the number of prefixes lower, assuming the current business relations. IPv6 may of course modify the business relations as you described, but I'm not smart enough to know for sure in advance whether that will happen or not. Andras
Re: NeXT Default Network
Fred, Brandon, Spiro, Thanks for all your answers. operating system called NextStep. It sounds like they came up with a variety of site-local address pre-RFC1918 and pre-RFC3927 that did something similar to RFC 3927 addresses. That's it. 192.42.172.0/24 is often used in examples, but I also found in the Automatic Host Addition chapter of http://www.levenez.com/NeXTSTEP/netinfo_user_guide.pdf the following: The second property, configuration_ipaddr, is required and specifies the address that must not be allocated by nibootpd. This address is in fact the address that NeXT uses to identify a new workstation temporarily during the boot process. It should always be set to 192.42.172.253 explicitly. It looks like this /24 is (was) a must for their Automatic Host Addition process. So now I see how this prefix got into Barry's list. Andras
RE: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
break. It seems like an IPv6-only ISP would need to operate the NAT-PT boxes, and dedicate a block of v4 addresses the size of the expected concurrent online users to the NAT-PT box. Keep in mind that a v6 ISP with 1 million customers won't need a million v4 addresses, for obvious reasons. It's going to be considerably less than if each customer got a v4 address. NAT-PT does seem like a viable short term solution. I'm An IPv6-only ISP with enough IPv4 addresses for its concurrent online users seems strange. Why wouldn't that ISP give those v4 addresses to the online users instead of the NAT-PT box? And why do you call it IPv6-only? Andras
Re: ICANN registrar supporting v6 glue?
;. IN NS A.ROOT-SERVERS.NET. 360 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 360 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 360 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 360 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 360 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 360 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 360 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 360 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 360 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 360 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 360 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 360 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 360 IN A 202.12.27.33 I don't see any v6 glue there... Rather than having conversations about transition to IPv6, maybe we should be sure it works natively first? It's rather ironic to think that for v6 DNS to work an incumbent legacy protocol is still required. At least something is happening: http://www.icann.org/committees/security/sac016.htm http://www.icann.org/committees/security/sac017.htm Regards, Andras
Re: TCP and WAN issue
Philip, I have an east coast and west coast data center connected with a DS3. I am running into issues with streaming data via TCP and was wondering besides hardware acceleration, is there any options at increasing throughput and maximizing the bandwidth? How can I overcome the TCP stack limitations inherent in Windows (registry tweaks seem to not functions too well)? I don't know the RTT, but you should have at least 300 kByte buffers on the end hosts for a 60 ms RTT path to reach 40 Mbps TCP throughput. (This requires window scaling as well.) Is this what you were trying to tune on your Windows hosts? Is your DS3 free of errors? Even a very low packet loss can degrade TCP performance badly. You'll find a lot of useful information about TCP performance in the GEANT2 PERT Knowledge Base at http://www.kb.pert.geant2.net/ Andras
Re: IPv6 subnet calculators?
Jeff, I am trying to find an IPv6 subnet calculator or even a cheat sheet that will help show how a /32 allocation is broken down into /40, /48 and /64 I guess that you don't even need a cheat sheet for that. All the prefix lengths you mention are multiples of four, which means they're on nibble boundaries. Since IPv6 addresses are usually written in hex, this is just as simple as to break a dotted decimal IPv4 /8 to /16s or /24s. Maybe the only common mistake you should be careful about: You must always write down the digits to the next colon (16 bit boundary). So if you break down 2005:2001::/32 into /40s, then the second /40 is 2005:2001:0100::/40. (NOT 2005:2001:01::/40, because that would mean 2005:2001:0001::/40, which is the 2005:2001::/40 prefix.) Andras
Re: Cisco 4000 series switches
Hello, I've pretty much always assumed that what a switch reported as a status regarding the link of a node was the actual status of the line to be the case. However, when I I think that there is no such thing as the actual status of the line. Each end of the cable has a status, either full or half. That is, they don't use or do use CSMA/CD. Is this a common situation or just a mis-understanding of the column that makes up Duplex for the Cisco IOS? Or is it that The Cisco Switch truly is trying to do full duplex but the end node is only doing half. It's quite common, that one end or the cable works in full duplex mode, while the other works in half duplex. There can be various reasons for this. Improper configuration (setting on end to auto-negotiate while setting the other to fix full-10 for example), software/firmware bugs, etc. If so would/should I see line errors at some point under heavy You should see late collisions on the half duplex end, since the full duplex end will transmit frames whenever it has them, and this happens too between the transmission of the 64th octet and the CRC of frames sent out on the half duplex end, which is a violation of CSMA/CD (late collision). On the full duplex end, you'll find CRC errors, runts, alignment errors, because the half duplex end stops transmitting frames in the middle, when it senses late collisions. Andras
Re: /31 mask address
Has anyone used /31 mask addresses on their network? Yes, works fine (on an all Cisco network). Maybe not interesting for an ISP, but I'm using it on a vlan interface on a 6500/7600. It works fine with IOS 12.1.8-EX5, but 12.1.11-E1 refused the configuration because it's not a p2p interface. I know, documentation only talks about p2p, but sometimes I don't like when a feature gets fixed... Andras
EDFA
Hello, A bit off-topic and maybe stupid question: I was told yesterday, that a Hungarian telco/ISP is experimenting with EDFAs. My friend said that the box looks like if they just brought it from a research lab (however it's a commercial product). How common is it nowadays to use EDFAs in ISP backbones? Please reply me off-list. Thanks. Andras