RE: OT: old farts recollecting -- Re: ASR1002
James Hess [mailto:mysi...@gmail.com] Saturday, April 17, 2010 4:27 PM Oh SMS/MMS do a few things that make blink tags look utterly benign... http://www.dreamfabric.com/sms/alert.html May be possible to send as a flash message that immediately displays blinking, and that depending on phone, the recipient doesn't get any option to control or save, e.g. forced to read before doing anything else, no history or storage of message text once read. But mail readers with javascript and animated GIFs still have them beat overall. E-Mail readers / text message readers epidemically trust the sender too much sometimes, thinking the recipient would rather be annoyed by more rich content (or pwned) than disappointed that rich content shows as plain text. -- -J Useful adjunct to your junc. http://www.gsmfavorites.com/documents/sms/packetformat -- Jim
Re: DSL aggregation.... NO
On Apr 15, 2010, at 5:39 PM, Jack Carrozzo wrote: You can balance over DSL by putting different L2TPv3 tunnels over each physical device and agg it at someplace with real connections and such. It's possible to do it with GRE or OpenVPN too, but much less classy. As Jack points out, aggregating xDSL links via l2tpv3 is possible. I'd like to suggest you consider this for a few other reasons, and mention that you needn't use v3 -- in fact, l2tp as implemented by Cisco IOS VPDN guts will transport layer-2 PPP in IP (or UDP+IP) without fuss. Here's a few reasons why you should consider l2 tunnel abstractions over your existing IP access: a) l2tp + vpdn permits the use of MLPPP over IP -- which means, you get *packet sequencing* and packet ordering, for free, because this is what ML does when added to PPP. b) with ML, you also get packet fragmentation support (i.e. split a single user 1500 byte packet into halves, each transported over l2tp tunnel sessions to the upstream/off-network box) -- this removes the need for l2tp endpoints to process fragments, at least when you have both DSLs (and 2 link members) up. c) even if you were not using fragmentation + mlppp, the inside IP packet's DF field is not copied into the PPP header (it can't be), and so outer lt2p packet does not get its DF set either. Fragmentation would be confounded by an inner IP packet of a full MTU size + DF set, and thus, it is not supported. Failing this, you can slum it with ECMP 0/0 route over both DSL links + NAT, or OER-type junk. This example doesn't suck and is easily adapted to dialer or other interfaces: http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/ Same thing, restated in a more cisco-y way: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml Finally, a great full-on OER (i.e. connection aware multi-egress point polling + FIB adjustment) example, which maybe more in line with what you want or expect your dual dsl edge router to provide: http://www.netcraftsmen.net/resources/archived-articles/468.html -Tk
Re: Senderbase is offbase, need some help
On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote: Interesting; I see similar results for my address space. Two addresses, one of which hasn't been attached to a machine for a decade and the other a virtual IP on a web server where the particular IP never emits connections. Magnitude's only 0.48 for both but still, they shouldn't even appear. Yep, same here, at two seperate sites. It's in the reserved for extreme emergencies zone at the top of each assigned block. As per house practice it is tcpdumped 24/7, and has been for the last 4 years. Zero traffic from it at the perimiter. Go figure. Gord -- Order of Magnitude delayed due to lack of stock, please call Despatch
Rate of growth on IPv6 not fast enough?
I'm looking at http://www.cidr-report.org/cgi-bin/plota?file=%2Fvar%2Fdata%2Fbgp%2Fv6%2Fas2.0%2Fbgp-as-count.txtdescr=Unique+ASesylabel=Unique+ASesrange=FullStartDate=EndDate=yrange=Autoymin=ymax=Width=1Height=1with=Stepcolor=autologscale=log I see the rate of grow is logarithmically linear since 2007 (well a bit better than that). And doing guess-o-matic extrapolation, it will take another 3 years before we reach 10,000 ASN advertising IPv6 networks. That will be 33% of ASN. With the impending running out of IPv4 starting next year, seems to me we are not going to make it in an orderly fashion? Anybody has better projections? What's the plan?
Re: Rate of growth on IPv6 not fast enough?
And doing guess-o-matic extrapolation, it will take another 3 years before we reach 10,000 ASN advertising IPv6 networks. That will be 33% of ASN. With the impending running out of IPv4 starting next year, seems to me we are not going to make it in an orderly fashion? hint: those asns have ipv4
Re: Senderbase is offbase, need some help
On 4/18/2010 16:02, Matthew Petach wrote: On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater gordsla...@ieee.org wrote: On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote: Interesting; I see similar results for my address space. Two addresses, one of which hasn't been attached to a machine for a decade and the other a virtual IP on a web server where the particular IP never emits connections. Magnitude's only 0.48 for both but still, they shouldn't even appear. Yep, same here, at two seperate sites. It's in the reserved for extreme emergencies zone at the top of each assigned block. As per house practice it is tcpdumped 24/7, and has been for the last 4 years. Zero traffic from it at the perimiter. Go figure. Gord Have you checked cyclops and other BGP announcement tracking systems to see if it might have been a short-lived whack-a-mole short prefix hijack (pop up, announce block, send burst of spam, remove announcement, disappear again)? Maybe I'm just tired and cranky or too old to understand.if the addresses in question never send traffic, who cares? And if senderbase is so bad, why use it? -- Somebody should have said: A democracy is two wolves and a lamb voting on what to have for dinner. Freedom under a constitutional republic is a well armed lamb contesting the vote. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Rate of growth on IPv6 not fast enough?
Sure the internet will not die... But by the time we run out of IPv4 to allocate, the IPv6 network will not have completed to dual stack the current IPv4 network. So what will happen? - Original Message - From: Randy Bush ra...@psg.com To: Franck Martin fra...@genius.com Cc: nanog@nanog.org Sent: Monday, 19 April, 2010 12:17:19 PM Subject: Re: Rate of growth on IPv6 not fast enough? And doing guess-o-matic extrapolation, it will take another 3 years before we reach 10,000 ASN advertising IPv6 networks. That will be 33% of ASN. With the impending running out of IPv4 starting next year, seems to me we are not going to make it in an orderly fashion? hint: those asns have ipv4
Re: Rate of growth on IPv6 not fast enough?
On Apr 18, 2010, at 5:17 PM, Randy Bush wrote: And doing guess-o-matic extrapolation, it will take another 3 years before we reach 10,000 ASN advertising IPv6 networks. That will be 33% of ASN. With the impending running out of IPv4 starting next year, seems to me we are not going to make it in an orderly fashion? hint: those asns have ipv4 And... contrary to Chicken Little, the sky is not falling.
Re: Rate of growth on IPv6 not fast enough?
On Sun, Apr 18, 2010 at 8:45 PM, Franck Martin fra...@genius.com wrote: Sure the internet will not die... But by the time we run out of IPv4 to allocate, the IPv6 network will not have completed to dual stack the current IPv4 network. So what will happen? Hi Franck, Zero-sum game. Deploying a new IPv4 address will require removing one from some other function. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Senderbase is offbase, need some help
On Sun, 18 Apr 2010, Larry Sheldon wrote: Have you checked cyclops and other BGP announcement tracking systems to see if it might have been a short-lived whack-a-mole short prefix hijack (pop up, announce block, send burst of spam, remove announcement, disappear again)? Maybe I'm just tired and cranky or too old to understand.if the addresses in question never send traffic, who cares? He's suggesting that maybe mail came from those IPs while someone else was using them without your knowledge. Given the available info, I think its far more likely senderbase has some glich causing bogus 0.48 scores for IPs that really haven't sent anything in recent history. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Rate of growth on IPv6 not fast enough?
But by the time we run out of IPv4 to allocate, the IPv6 network will not have completed to dual stack the current IPv4 network. So what will happen? as dual-stack requires as many ipv4 addresses as there are ipv6 interfaces, this question is rubbish
Re: Rate of growth on IPv6 not fast enough?
hint: those asns have ipv4 And... contrary to Chicken Little, the sky is not falling. then what are these diamonds on the soles of my shoes?
Re: Rate of growth on IPv6 not fast enough?
Sent from my iPhone, please excuse any errors. On Apr 18, 2010, at 21:28, Patrick Giagnocavo patr...@zill.net wrote: Franck Martin wrote: Sure the internet will not die... But by the time we run out of IPv4 to allocate, the IPv6 network will not have completed to dual stack the current IPv4 network. So what will happen? Reality is that as soon as SSL web servers and SSL-capable web browsers have support for name-based virtual hosts, the number of IPv4 addresses required will drop. Right now, you need 1 IP address for 1 SSL site; SNI spec of SSL gets rid of that. Agreed. When do you expect Windows XP earlier versions to be a small enough segment of the userbase that businesses will consider DoS'ing those customers? My guess is when the cost of additional v4 addresses is higher than the profit generated by those customers. Put another way: Not until it is too late. And we still have the way less than 4 billion possible addresses, but way more than 4 billion hosts problem. -- TTFN, patrick
Re: Rate of growth on IPv6 not fast enough?
In a message written on Mon, Apr 19, 2010 at 12:08:23PM +1200, Franck Martin wrote: And doing guess-o-matic extrapolation, it will take another 3 years before we reach 10,000 ASN advertising IPv6 networks. That will be 33% of ASN. With the impending running out of IPv4 starting next year, seems to me we are not going to make it in an orderly fashion? Which impending run out? IANA exhaustion occurs before RIR exhaustion; RIR exhaustion occurs before ISP exhaustion. ISP exhaustion occurs before end user exhaustion. [Ok peanut gallery, yes, there are 100 exceptions, work with me here.] So if you're looking at the data of IANA exhaustion and thinking an end user won't be able to turn on a new laptop and get an address, well no, that's wrong. Also note that some RIR's have an extremely slow burn rate, and their regions may have addresses for years to come. There has also been no real effort by ISP's or end users to squeeze internal allocations. ISP's who did buy a T1 and get a /24 years ago may revisit that business model and in fact find many of those customers are using 3 IP's, an external mail server, a web server, and a NAT box. Right sizing those returns a lot of space to the useful pool. Anybody has better projections? What's the plan? While I don't think the we're as far ahead as we would like, I caution against taking the last few years of IPv6 numbers and guestimating. We've had an unusually long period of early adopter time which dominates all current data. Also, plain linear and exponential models don't fit well as adoption curves are in fact S curves. While you can get linear and exponential models that look similar to the first curve on the S, it's no the same thing statistically. The sky is not falling, but a lot of people need to step it up if we're going to have any safety margin. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpI8KFhBKXmM.pgp Description: PGP signature
Re: Rate of growth on IPv6 not fast enough?
On 4/18/10 8:28 PM, Patrick Giagnocavo patr...@zill.net wrote: Reality is that as soon as SSL web servers and SSL-capable web browsers have support for name-based virtual hosts, the number of IPv4 addresses required will drop. And if Internet history teaches us one thing, it's that end users replace outdated browsers at the drop of a hat, right? -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Rate of growth on IPv6 not fast enough?
On Sun, Apr 18, 2010 at 9:28 PM, Patrick Giagnocavo patr...@zill.net wrote: Franck Martin wrote: Sure the internet will not die... But by the time we run out of IPv4 to allocate, the IPv6 network will not have completed to dual stack the current IPv4 network. So what will happen? Reality is that as soon as SSL web servers and SSL-capable web browsers have support for name-based virtual hosts, the number of IPv4 addresses required will drop. Right now, you need 1 IP address for 1 SSL site; SNI spec of SSL gets rid of that. And at what percentage of deployment of IPv6 will we see people decide that they no longer need to support IPv4 access to their web site? (Oh, sorry you were talking about SNI. My bad. :-) Personally, I think it is basically the same question and should have similar answers. Some people seemed to think that the number is 100%.From what I can tell about SNI, WIndows XP clients not using Firefox or Opera are never going to get it. I think Windows XP is down to just over 50% which is way more then IPv6 deployment numbers at this point. We may find that the same people who don't have IPv6 will also be running Windows XP and Internet Explorer. So the choice will be to either switch to SNI or switch to IPv6 and lose access to the same customers in either case.
Re: Rate of growth on IPv6 not fast enough?
On 4/18/2010 6:28 PM, Patrick Giagnocavo wrote: Franck Martin wrote: Sure the internet will not die... But by the time we run out of IPv4 to allocate, the IPv6 network will not have completed to dual stack the current IPv4 network. So what will happen? Reality is that as soon as SSL web servers and SSL-capable web browsers have support for name-based virtual hosts, the number of IPv4 addresses required will drop. Right now, you need 1 IP address for 1 SSL site; SNI spec of SSL gets rid of that. my load balancer needs 16 ips for every million simultaneous connections, so does yours. --Patrick
Re: Rate of growth on IPv6 not fast enough?
On Sun, Apr 18, 2010, joel jaeggli wrote: my load balancer needs 16 ips for every million simultaneous connections, so does yours. Only because it hasn't broken the spec further. :) adrian
Re: Rate of growth on IPv6 not fast enough?
joel jaeggli wrote: On 4/18/2010 6:28 PM, Patrick Giagnocavo wrote: Reality is that as soon as SSL web servers and SSL-capable web browsers have support for name-based virtual hosts, the number of IPv4 addresses required will drop. Right now, you need 1 IP address for 1 SSL site; SNI spec of SSL gets rid of that. my load balancer needs 16 ips for every million simultaneous connections, so does yours. That is an accurate statement but sort of a side issue. I would hazard a guess that ~95% of publicly reachable (i.e. non-SSL-VPN) SSL certificate using servers would never see that amount of traffic. I am talking about the 5 or 10 IPv4 IPs you get with a $99/month dedicated server, so that you can setup 5 or 10 different clients with a shopping cart - Amazon and other large e-tailers have the ability to buy/work around any shortage or bottleneck. Cordially --Patrick
Re: Rate of growth on IPv6 not fast enough?
On Mon, 19 Apr 2010, Franck Martin wrote: Anybody has better projections? What's the plan? My guess is that end user access will be more and more NAT444:ed (CGN) while at the same time end users will get more and more IPv6 access (of all types), and over a period of time more and more of the p2p traffic (VoIP, file transfers etc) will move to IPv6 because it'll stop working over IPv4. When enough users have IPv6 access the server-based content will be made reachable over v6 as well. The transition will take at least 5 years, I guess in 2015 we'll be perhaps halfway there. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Rate of growth on IPv6 not fast enough?
On 4/18/2010 9:56 PM, Mikael Abrahamsson wrote: On Mon, 19 Apr 2010, Franck Martin wrote: Anybody has better projections? What's the plan? My guess is that end user access will be more and more NAT444:ed (CGN) while at the same time end users will get more and more IPv6 access (of all types), and over a period of time more and more of the p2p traffic (VoIP, file transfers etc) will move to IPv6 because it'll stop working over IPv4. When enough users have IPv6 access the server-based content will be made reachable over v6 as well. The transition will take at least 5 years, I guess in 2015 we'll be perhaps halfway there. Just because the curve doesn't look steep enough now doesn't mean it won't in two years. Human behavior is hard to model and panic hasn't set in yet. The nutjobs are for example not headed for the hills yet. http://www.time.com/time/magazine/article/0,9171,990020-1,00.html