RE: Transition Planning for IPv6 as mandated by the US Govt
Giving away code and hardware is quite the opposite of lucrative, let me assure you. Right. I looked at your message and it does not parse very clearly. Given that it is odd for people to offer to give away boxes, let alone quote a price for the box that they are giving away, I thought you were advertising something for sale. It moves about 20Mbit/s on a Soekris box, probably more. If you're doing more 6to4 and Teredo traffic than that, then well done. How fast can you do it on a Cisco (or, whatever) box? Someone lend me some hardware for a week and I'd be more than happy to test and publish numbers on that. It would be good for people to do some performance testing of all the various bits and pieces. And publish all that test info on the ARIN wiki. Perhaps you could test the hardware that you have and document the test environment so that people with Juniper, Cisco, etc. can do the same tests and post their numbers. If people are interested in alternatives to Soekris, then http://www.linuxdevices.com has pointers to tons of embedded systems which are quite capable of running FreeBSD as well as Linux. I've actually given this Soekris hardware away to several ISPs here in New Zealand, sponsored by InternetNZ. One wonders if there is any organization in the USA that might sponsor similar giveaways to ISPs. Just how much importance does the Federal government attach to IPv6 transition? Has anyone talked to their Congressional reps about tax relief for the special one-time costs of enabling IPv6? I've also got several slide packs with this stuff in it, if people want those. I believe they're reachable via the NZNOG website somewhere (nznog.org, I think). They can now also find it by looking at the wiki page http://www.getipv6.info/index.php/IPv6_Presentations_and_Documents with your name on it. It was a full-day tutorial on all aspects of IPv6 deployment. --Michael Dillon
Re: Transition Planning for IPv6 as mandated by the US Govt
Nathan Ward [EMAIL PROTECTED] writes: Perhaps you could integrate your work with a project like pfsense? From what I've seen, that's the best open source CPE solution, and doesn't yet have real IPv6 support (but has just about everything else). That would be a huge benefit to the community and potentially open up some business opportunities for you. It'd be good if the pfsense guys would do some IPv6 stuff, yes. I however, am not really interested in building CPEs, nor am I interested in building CPEs commercially. My understanding is that there is some IPv6 support in HEAD, but not in RELENG_1. Someone who has the time and inclination should join the development team; they do not seem averse to the notion of having v6 support in there, but like so many other endeavors, effort is commensurate with demand, yadda yadda yadda... ---rob
Re: Transition Planning for IPv6 as mandated by the US Govt
Randy Bush wrote: And the NAT-PT implementation at NANOG (naptd) did seem to work once some configuration issues were ironed out. Unfortunately, this was not resolved until the very end of the meeting. your made heroic efforts with the linux nat-pt, and finally got it. but do you think it will scale well? For the size of a NANOG meeting, it seemed to be sufficient. I don't think I'd recommend trying to put thousands of users behind it though. i suspect that all the nat-pt implementations are old and not well maintained. this needs to be fixed. Still trying to understand deployment scenarios for nat-pt. I could see a case for very controlled environments with uniform clients (with robust v6 support). Outside of that, native-v6 + v4-nat (as outlined in Michael Sinatra's lightning talk) and Alain Durand's v4v6v4 seem more likely deployment candidates. That said, nat-pt is very useful for exercising native v6 support in clients and their applications. -Larry
Re: Transition Planning for IPv6 as mandated by the US Govt
Still trying to understand deployment scenarios for nat-pt. enterprise native-v6 + v4-nat (as outlined in Michael Sinatra's lightning talk) i am not unhappy with ms's preso except that enterprise keeps whining about 1918 conflicts and Alain Durand's v4v6v4 seem more likely deployment candidates useful for big (broadband) provider where edge is consumer randy
RE: Transition Planning for IPv6 as mandated by the US Govt
If you're providing content or network services on v6 and you don't have both a Teredo and 6to4 relay, you should - there are more v6 users on those two than there are on native v6[1]. Talk to me and I'll give you a pre-built FreeBSD image that does it, boot off compact flash or hard drives. Soekris (~$350USD, incl. power supply and CF card), or regular server/whatever PC. Pardon me for interfering with your lucrative business here, but anyone contemplating running a Teredo relay and 6to4 relay should first understand the capacity issues before buying a little embedded box to stick in their network. The ARIN IPv6 wiki has this page http://www.getipv6.info/index.php/First_Steps_for_ISPs which not only gives you a number of options for setting up 6to4 and Teredo relays, it also points you to documents which describe what these things do so that you can understand how to size them and how to manage them. And the ARIN wiki tries to be vendor agnostic as well. --Michael Dillon
Re: Transition Planning for IPv6 as mandated by the US Govt
On 17-Mar-2008, at 06:07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: If you're providing content or network services on v6 and you don't have both a Teredo and 6to4 relay, you should - there are more v6 users on those two than there are on native v6[1]. Talk to me and I'll give you a pre-built FreeBSD image that does it, boot off compact flash or hard drives. Soekris (~$350USD, incl. power supply and CF card), or regular server/whatever PC. Pardon me for interfering with your lucrative business here, but anyone contemplating running a Teredo relay and 6to4 relay should first understand the capacity issues before buying a little embedded box to stick in their network. Do you imagine that Soekris are giving Nathan kick-backs for mentioning the price of their boxes on NANOG? :-) I'm sure for many small networks a Soekris box would do fine. For the record, FreeBSD also runs on more capable hardware. Joe
Re: Transition Planning for IPv6 as mandated by the US Govt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe Abley wrote: | I'm sure for many small networks a Soekris box would do fine. For the | record, FreeBSD also runs on more capable hardware. Can attest to that. I have picked up Nathan's handywork and used it on other hardware. some work is needed, but nevertheless quite useful for small networks. the soekris boxes are of good value nevertheless for something like this. thanks ~ -gaurab -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH3paBSo7fU26F3X0RAi2iAKC86xc9nqiK7CQDIgE5Jxmaf6xKhACg6oXg d9Ky9Rd4+kA0uH5ecLlIGVQ= =O5IL -END PGP SIGNATURE-
Re: Transition Planning for IPv6 as mandated by the US Govt
On 17/03/2008, at 11:07 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: If you're providing content or network services on v6 and you don't have both a Teredo and 6to4 relay, you should - there are more v6 users on those two than there are on native v6[1]. Talk to me and I'll give you a pre-built FreeBSD image that does it, boot off compact flash or hard drives. Soekris (~$350USD, incl. power supply and CF card), or regular server/whatever PC. Pardon me for interfering with your lucrative business here, but anyone contemplating running a Teredo relay and 6to4 relay should first understand the capacity issues before buying a little embedded box to stick in their network. The ARIN IPv6 wiki has this page http://www.getipv6.info/index.php/First_Steps_for_ISPs which not only gives you a number of options for setting up 6to4 and Teredo relays, it also points you to documents which describe what these things do so that you can understand how to size them and how to manage them. And the ARIN wiki tries to be vendor agnostic as well. Hi Michael, Giving away code and hardware is quite the opposite of lucrative, let me assure you. I'm not selling anything. Code is freely available. When I've got some decent instructions for it I'll post links to NANOG if you like. To be fair, it's really nothing more than FreeBSD with a couple of patches, and Miredo packaged up in a nice-to-deal-with bundle, that means you can plug it in today and make it work with 2 or 3 lines of config, instead of spending the next 3 years engineering a solution that the various parts of the business agree with - that is, assuming they give their engineers time to even think about IPv6, let alone engineer for it. Key word: pragmatic. It moves about 20Mbit/s on a Soekris box, probably more. If you're doing more 6to4 and Teredo traffic than that, then well done. How fast can you do it on a Cisco (or, whatever) box? Someone lend me some hardware for a week and I'd be more than happy to test and publish numbers on that. Soekris was an example of hardware, as that's what I've developed on. As I mentioned, it works on regular PC hardware as well - it's just an i386 FreeBSD thing. I've actually given this Soekris hardware away to several ISPs here in New Zealand, sponsored by InternetNZ. That's also related to another project - when I've got that all written up properly I'll let you know. Geoff Huston wrote about it on his ISP column a month or so back. The reason I do this, is so people at ISPs are deploying these things, instead of not because it might not scale at some point in the future. If it doesn't suit their needs in terms of scale, I'm more than happy to tell them other ways to do it - and have done. Note my comment something along the lines of ask me if you want cisco configs, and as I mentioned, this code will run on any i386 box you throw it at. I've also got several slide packs with this stuff in it, if people want those. I believe they're reachable via the NZNOG website somewhere (nznog.org, I think). Ps. Yes, vendors should do Teredo relay and 6to4 in hardware. If you're a vendor and do, tell me, and I'll encourage people to give you lots of money. Pps. I'll reply to those of you who asked me for 6to4 Cisco configs and code later today (it's 1.30pm here), I'm just heading off to fix some stuff first. That wiki thing Michael posted links to has the cisco stuff. Thanks, -- Nathan Ward
Re: Transition Planning for IPv6 as mandated by the US Govt
On Tue, 18 Mar 2008, Nathan Ward wrote: I'm not selling anything. Code is freely available. When I've got some decent instructions for it I'll post links to NANOG if you like. To be fair, it's really nothing more than FreeBSD with a couple of patches, and Miredo packaged up in a nice-to-deal-with bundle, that means you can plug it in today and make it work with 2 or 3 lines of config, instead of spending the next 3 years engineering a solution that the various parts of the business agree with - that is, assuming they give their engineers time to even think about IPv6, let alone engineer for it. Key word: pragmatic. Perhaps you could integrate your work with a project like pfsense? From what I've seen, that's the best open source CPE solution, and doesn't yet have real IPv6 support (but has just about everything else). That would be a huge benefit to the community and potentially open up some business opportunities for you. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: Transition Planning for IPv6 as mandated by the US Govt
On Mon, Mar 17, 2008, Andy Dills wrote: On Tue, 18 Mar 2008, Nathan Ward wrote: I'm not selling anything. Code is freely available. When I've got some decent instructions for it I'll post links to NANOG if you like. To be fair, it's really nothing more than FreeBSD with a couple of patches, and Miredo packaged up in a nice-to-deal-with bundle, that means you can plug it in today and make it work with 2 or 3 lines of config, instead of spending the next 3 years engineering a solution that the various parts of the business agree with - that is, assuming they give their engineers time to even think about IPv6, let alone engineer for it. Key word: pragmatic. Perhaps you could integrate your work with a project like pfsense? From what I've seen, that's the best open source CPE solution, and doesn't yet have real IPv6 support (but has just about everything else). That would be a huge benefit to the community and potentially open up some business opportunities for you. I believe whoever shows off a functional NAT-PT device at the next NANOG might get some praise. I heard it was a bit of a disaster. Adrian
Re: Transition Planning for IPv6 as mandated by the US Govt
I believe whoever shows off a functional NAT-PT device at the next NANOG might get some praise. I heard it was a bit of a disaster. by the time the show got to apnic/apricot the week after nanog, we had the cisco implementation of nat-pt and totd working and it worked well. randy
Re: Transition Planning for IPv6 as mandated by the US Govt
Randy Bush wrote: I believe whoever shows off a functional NAT-PT device at the next NANOG might get some praise. I heard it was a bit of a disaster. by the time the show got to apnic/apricot the week after nanog, we had the cisco implementation of nat-pt and totd working and it worked well. randy And the NAT-PT implementation at NANOG (naptd) did seem to work once some configuration issues were ironed out. Unfortunately, this was not resolved until the very end of the meeting.
Re: Transition Planning for IPv6 as mandated by the US Govt
And the NAT-PT implementation at NANOG (naptd) did seem to work once some configuration issues were ironed out. Unfortunately, this was not resolved until the very end of the meeting. your made heroic efforts with the linux nat-pt, and finally got it. but do you think it will scale well? i suspect that all the nat-pt implementations are old and not well maintained. this needs to be fixed. randy
Re: Transition Planning for IPv6 as mandated by the US Govt
On 18/03/2008, at 3:34 PM, Andy Dills wrote: On Tue, 18 Mar 2008, Nathan Ward wrote: I'm not selling anything. Code is freely available. When I've got some decent instructions for it I'll post links to NANOG if you like. To be fair, it's really nothing more than FreeBSD with a couple of patches, and Miredo packaged up in a nice-to-deal-with bundle, that means you can plug it in today and make it work with 2 or 3 lines of config, instead of spending the next 3 years engineering a solution that the various parts of the business agree with - that is, assuming they give their engineers time to even think about IPv6, let alone engineer for it. Key word: pragmatic. Perhaps you could integrate your work with a project like pfsense? From what I've seen, that's the best open source CPE solution, and doesn't yet have real IPv6 support (but has just about everything else). That would be a huge benefit to the community and potentially open up some business opportunities for you. It'd be good if the pfsense guys would do some IPv6 stuff, yes. I however, am not really interested in building CPEs, nor am I interested in building CPEs commercially. Thanks, -- Nathan Ward
Re: Transition Planning for IPv6 as mandated by the US Govt
No, and no. Shouldn't be a surprise. (all is the dealbreaker, certain agencies are on the ball, but most are barely experimenting). On Sat, 15 Mar 2008, Glen Kent wrote: : :Hi, : :I was just reading :http://www.whitehouse.gov/omb/egov/b-1-information.html#IPV6, released :some time back in 2005, and it seems that the US Govt. had set the :target date of 30th June 2008 for all federal govt agencies to move :their network backbones to IPv6. This deadline is almost here. Are we :any close for this transition? : :I have another related question: : :Do all ISPs atleast support tunneling the IPv6 pkts to some end point? :For example, is there a way for an IPv6 enthusiast to send his IPv6 :packet from his laptop to a remote IPv6 server in the current :circumstances if his ISP does not actively support native IPv6? : :Cheers, :Glen :
Re: Transition Planning for IPv6 as mandated by the US Govt
On 15/03/2008, at 7:19 PM, Glen Kent wrote: I have another related question: Do all ISPs atleast support tunneling the IPv6 pkts to some end point? For example, is there a way for an IPv6 enthusiast to send his IPv6 packet from his laptop to a remote IPv6 server in the current circumstances if his ISP does not actively support native IPv6? Yes - 6to4 and Teredo. 6to4[1] if your router (or some host with an unfiltered non-RFC1918 address) supports it. Teredo[2] if you're behind NAT or some other filtering. - These are enabled by default in Vista. - Enable them in XP SP2 by typing 'netsh interface ipv6 install'. - Apple Airport Extreme has 6to4 enabled by default if it is your NAT router (stateful firewall, allowing new connections outgoing- only by default) - Cisco supports 6to4 and has for years. - Linux and FreeBSD both support 6to4 (no OpenBSD, can't recall RE. NetBSD). - Teredo support in Linux and *BSD with 'miredo' software - it's in APT and FreeBSD ports. Azureus bittorrent client uses IPv6 for DHT. More DHT IPv6 bidirectional relationships than DHT IPv4 bidirectional relationships. So, it's not just IPv6 enthusiasts. Numbers here: http://www.ops.ietf.org/lists/v6ops/v6ops.2007/msg00859.html More up to date numbers when I get around to processing them [3]. Upcoming version of uTorrent will enable IPv6 (so, Teredo/6to4) on XP SP2 as part of the install process - currently Azureus only uses it if it's enabled already. If you're providing content or network services on v6 and you don't have both a Teredo and 6to4 relay, you should - there are more v6 users on those two than there are on native v6[1]. Talk to me and I'll give you a pre-built FreeBSD image that does it, boot off compact flash or hard drives. Soekris (~$350USD, incl. power supply and CF card), or regular server/whatever PC. Also, if you want config for 6to4 on Cisco, email me and I'll hook you up so I'm not spamming the list with it, alternatively Google. It's about 10 lines, and requires you to inject an anycast IPv4 /24 and an IPv6 /16 in to your IGP(s). Thanks, -- Nathan Ward [1] RFC3056 [2] RFC4380, see also http://technet.microsoft.com/en-us/library/bb457011.aspx [3] I made this up. But seriously, prove me wrong. Current numbers (well, I got bored of waiting, processing 800MB of PCAP takes a while) are that I've had 1,402,634 unique host addresses talk to one of my test host over IPv6/6to4 - and that's just people running a recent version of Azureus with a public unfiltered IPv4 address, and have 6to4 enabled. Imagine what the numbers are like for Teredo users (ie. no requirement for public unfiltered IPv4 address, works through NAT). Imagine what the numbers are for people not running Azureus. Yeah, you get the idea. I really should get around to writing this stuff up properly.. If there's anyone out there who wants to roll some code to pull some stats out of PCAP files so I don't have to process this stuff with cut sed awk uniq etc. please contact me. Oh also if anyone knows Java and can hack some changes in to Azureus for me that'd be useful - it only seems to want to listen on one IPv6 address, I want it to listen on.. 3.
RE: Transition Planning for IPv6 as mandated by the US Govt
My understanding of the mandate is that they (the Department and Agencies) demonstrate passing IPv6 traffic on their backbone from one system out to their backbone and back to another system. A number of agencies, if I remember the number of about 30 have IPv6 allocations. IRS has demonstrated mandate compliance and several others are in line to also show mandate compliance. Both the Federal CIO Council and the Small CIO council are working with a number of their members to not only obtain compliance with the mandate but examine their processes to see how IPv6 can give them a better method of providing their services to each other and the public. John (ISDN) Lee From: [EMAIL PROTECTED] on behalf of Glen Kent Sent: Sat 3/15/2008 2:19 AM To: NANOG list Subject: Transition Planning for IPv6 as mandated by the US Govt Hi, I was just reading http://www.whitehouse.gov/omb/egov/b-1-information.html#IPV6, released some time back in 2005, and it seems that the US Govt. had set the target date of 30th June 2008 for all federal govt agencies to move their network backbones to IPv6. This deadline is almost here. Are we any close for this transition? I have another related question: Do all ISPs atleast support tunneling the IPv6 pkts to some end point? For example, is there a way for an IPv6 enthusiast to send his IPv6 packet from his laptop to a remote IPv6 server in the current circumstances if his ISP does not actively support native IPv6? Cheers, Glen