Re: bgp for ipv6 question
Can I know how many ipv6 full bgp table routes now? Right now there are about 15k routes. 8k when you filter based on IRR. -- //fredan The Last Mile Cache - http://tlmc.fredan.se
Re: The 100 Gbit/s problem in your network
And if you don't have said awesome software, then how do you propose to limit the bandwidth need for the cache so you aren't burning more bandwidth than your hit rate, which is what everyone is trying to ask you (or more accurately, explain to you)? Without the concept of TLMC, I don't know. I do think that I need to explain how TLMC works. (please see the file 'tlmc-20130207-r1.tar.gz' as well). This is going to be a long answer. We are trying to get the url: http://static.tlmc.csp.example/hello_world.html First the DNS needs to get the IP address of 'static.tlmc.csp.example', so we have something to connect to. What we would like to have is the IP address of a cache server at the ISP. The CSP has a 'database' of which ISP:s around the world do participate in TLMC. This information is stored in a remark field in the IRR. We do know of where the origin the DNS request is coming from, so we answer that request with a CNAME of: 'static.tlmc.csp.example' IN CNAME 'static.tlmc.csp.example.tlmc.isp.example' (If an ISP does not participate in TLMC, the CSP would instead answer with a A/ record). We now have to ask the DNS server at the ISP for an IP address to connect to. The ISP is in a good mood today, so we are getting the anycast address to connect to. (If the ISP is not in a good mode, called Offline mode in TLMC, the DNS server at the ISP will answer with a CNAME of: 'static.tlmc.csp.example.tlmc.isp.example' IN CNAME 'kaa.k.se.static.tlmc.csp.example' This assume that the DNS server was place in Karlskrona, Sweden. With this the geographic location of where a request is coming is already built in). If we have an end-user/residence which have an cache server, this is the address (the anycast one) its going to listen too. If an end-user does not have an cache server, the ISP must have one. Probably as close to the edge as possible. (Here starts the answer to your question in the beginning): These two have on thing in comment, though. They have a plug-in in the Traffic Server called, 'hash_remap' (which I made specifically for trying to solve the scenario you replied with. And Netflix's). What the plug-in will do is to change the hostname from 'static.tlmc.csp.example' to a hash-based one. In the example url giving, this will be: 'b1902023cbb5ff2597718437.tlmc.isp.example'. The first hash, 'b1902023cbb5ff25', is the combined hash of host and url. The second hash, '97718437' is the hash of the host only. With this, the ISP is going to have another DNS request. A hashed based one. Depending of how much information they are collecting from their cache servers, they know from which one they should load the content from in this case. This principle is called consistent hashing and scales very well. How many layers of consistent hashing should a ISP be using? Only they know the answer for this one. -- //fredan The Last Mile Cache - http://tlmc.fredan.se
Re: The 100 Gbit/s problem in your network
Just to clarify, Patrick is right here. Assumptions: All the movies is 120 minuters long. Each movie has an average bitrate of 50 Mbit/s. (50 Mbit/s / 8 (bits) * 7 200 (2 hours) / 1000 (MB) = 45 GB). That means that the storage capacity for the movies is going to be: 10 000 000 * 45 (GB) / 1000 (TB) / 1000 (PB) = 450 PB of storage. Some of you might want to raise your hand to say that this quality of the movie is to good. Ok, so we make it 10 times smaller to 5 Mbit/s in average: 450 PB / 10 = 45 PB or 45 000 TB. If we are using 800 GB SSD drives: 45 000 TB / 0,8 TB = 56 250 SSD drives! (And we don't have any kind of backup of the content here. That need more SSD drives as well. And don't forget the power consumption). So over to the streaming part. 10 000 000 Customers watching, each with a bandwidth of 5 Mbit/s = 50 000 000 Mbit/s / 1000 (Gbit/s) = 50 000 Gbit/s. We only need 500 * 100 Gbit/s connections to solve this kind of demand. For each ISP around the world with 10 000 000 Millions of customers. Will TLMC be able to solve the 100k users watching 10 different movies? Yes. Will TLMC be able to solve the other 10 Million watching 10 Million movies. No, since your network can not handle this kind of load in the first place. One of us has a different dictionary than everyone else. Assume I have 10 million movies in my library, and 10 million active users. Further assume there are 10 movies being watched by 100K users each, and 9,999,990 movies which are being watched by 1 user each. Which has more total demand, the 10 popular movies or the long tail? This doesn't mean Netflix or Hulu or iTunes or whatever has the aforementioned demand curve. But it does mean my "definition" & yours do not match. Either way, I challenge you to prove the long tail on one of the serious streaming services is a "tiny fraction" of total demand. -- //fredan The Last Mile Cache - http://tlmc.fredan.se
Re: The 100 Gbit/s problem in your network
These technologies are being unified by DASH in the MPEG/ISO standards bodies. Then we have to hope that we will see this implemented in Traffic Server, Squid, Varnish, so that everybody can benefit from this. -- //fredan The Last Mile Cache - http://tlmc.fredan.se
Re: 10 Mbit/s problem in your network
*Now* I understand the problem. Do you really think that the content providers, and the delivery systems they purposefully choose for that, actually make that possible, much less practical? (I'm not sure that I understand what you mean with that sentence). If you mean that a CSP already has an agreement with a CDN, why should they change it to something else since it works right now for them? If this is what you mean, yes the can add TLMC to their mix as well and continue with whatever they are using today for delivering their contents. Even in your country, much less the countries of, um, North America? I think that has more to do with the CSP since they are actual needed in the first place. After that it is the ISP, which in turns adds the possibility for a end-user/customer/residence to set-up their own cache server at home. Cheers, -- jra -- //fredan http://tlmc.fredan.se
Re: 10 Mbit/s problem in your network
You seem to be mistaken that any bandwidth issue will be remedied by TLMC. A significant number (well over the 50% mark I'd wager) will not be remedied. This thread was started over such a subject. And to save 1 - 5 Mbit/s of this bandwidth is wrong, how? The Apple TV cited as an example was an example. If the TV Show/films/movies/etc.. is static content, then we should be able to cache it, at the hotel's cache server. Travellers, be they corporate or leisure, have significant networking needs that the TLMC cannot address. Just think of "The Cloud" (yes, I'll go and flog myself for bringing it into a discussion on NANOG), where people are storing their (semi-) private documents or files - in the end it's similar to connecting back to the office to access the fileserver. (We have 1 - 5 Mbit/s of more bandwidth for these services). What you are talking about here is dynamic content, which should not be cached at all and everyone knows this. How about those who have limited bandwidth to the Internet? Like ferries, trains, buses or satellite links... And pray tell me, why should they all have TLMC's ? I'm not saying that they should have a cache server. I'm saying that they could. Now if you're a content provider, then yes I can imagine why you'd like everybody else to pay for better ways to deliver your content without having to pay for it yourself. It does matter how you are going to try to solve this, it is always the customer who is going to pay in the end. Within this discussion we're talking about the actual last mile. I call it "The Last Mile Cache", TLMC A proxy or cache won't be of any use if the users can't get to it with sufficient bandwidth to make it work anyway. So, as long as a user does not have enough bandwidth, they should not have a cache server on their side, correct? -- //fredan http://tlmc.fredan.se
Re: 10 Mbit/s problem in your network
Not to be pedantic, but The Last Mile Cache will actually help you to solve this problem, with a local cache server at the hotel. The hotel's ISP must participate in TLMC before they, the hotel, can have a cache server running. And as a business traveller I want to have the ISP or Hotel cache (aka be able to read and for others to be found!) my possibly very sensitive corporate documents exactly _why_ ? Since when have you started to publish your sensitive corporate documents on public sites, cause that's what's needed for TLMC to cache your documents in the first place. Look, If a CSP (Content Service Provider - where you host your documents) does not want to have it's content cached, they don't need too. The cache server(s) at the ISP:s around the world will then _not_ be able to cache it. The traffic will in this case, will be loaded directly from the CSP. The TLMC concept only has possible applications in certain residential settings. No. It will help the ISP:s to distribute their loads in their network. And even then it's very debatable as to how it could actually improve instead of overcomplicate and deteriorate the entire service along the route. How about those who have limited bandwidth to the Internet? Like ferries, trains, buses or satellite links... -- //fredan http://tlmc.fredan.se
Re: 10 Mbit/s problem in your network
Others think that load-balancing 150+ rooms with Fast Ethernet and WiFi in every room, plus a couple of conference/meeting rooms (e.g. potentially more than a single /24 worth of all sorts of devices) on a couple of independent T1 and ADSL links is an acceptable practice. Yes, a T1 and an ADSL, with some kind of Layer 3 / 4 balancing! This Not to be pedantic, but The Last Mile Cache will actually help you to solve this problem, with a local cache server at the hotel. The hotel's ISP must participate in TLMC before they, the hotel, can have a cache server running. -- //fredan http://tlmc.fredan.se
Re: The 100 Gbit/s problem in your network
But it has become unclear what your fundamental premise and argument are, by this point in the game. See the subject of this thread? Is it: "it is bad that content providers choose a business and technical model wherein local in-home transparent caching proxies won't work?" No, it's not. -- //fredan
Re: The 100 Gbit/s problem in your network
How about buy the movies in question, convert them to MP4, install a media server on a local box and configure Xbox, tablet, smart-phone, whatever to access the media server? No. Streaming from services, like Netflix, HBO, etc..., is what's coming. We need to prepare for the bandwidth they are going to be using. Oh, it also affords my wife and I the luxury of having our entire movie collection available for on demand viewing. No searching through cases or disc binders. Just a thought. You do have one point with this, though. Being able to watch movies when the Internet connection is down. -- //fredan
Re: The 100 Gbit/s problem in your network
"allow my customers as an ISP to cache the content at their home". Do you *mean* "their home" -- an end-user residence? Yes, I do *mean* that. As in you, Jay, should be allowed to run your own cache server in your home (Traffic Server is the one that I'm using in the TLMC concept). Wouldn't you like that? It would do little good; my hit rate on such a cache would be unlikely to be high enough to merit the traffic to keep it charged. (Children watching a movie only once? Not a chance. It's more like unlimited number of times and then some more...). So don't set-up an cache server at your home/residence. -- //fredan
Re: The 100 Gbit/s problem in your network
About 40 - 50 Mbit/s. Not bad at all. Downloading software does not have to be in real-time, like watching a movie, does. In both cases it's actually rather convenient if it's as fast as possible, Yes. What I would like to have is to allow the access switch, which a customer for an ISP is connected to, to let the customer have 1 Gbit/s of bandwidth if the traffic is to or from the cache servers at their ISP. -- //fredan
Re: The 100 Gbit/s problem in your network
How does Akamai or Limelight or any other CDN, allow your customers as an ISP to cache the content at their home, in their own cache server? Again: Akamai. See also Limelight, etc... fredrik danerklint wrote: My understanding is there is no appreciable amount of QHD programming available to watch anyway, and certainly nothing a) in English b) that isn't sports. Why wouldn't you like to solve the problem before it can happen? (I'm talk about static content here, not live events). -- //fredan -- //fredan http://tlmc.fredan.se
Re: The 100 Gbit/s problem in your network
My understanding is there is no appreciable amount of QHD programming available to watch anyway, and certainly nothing a) in English b) that isn't sports. Why wouldn't you like to solve the problem before it can happen? (I'm talk about static content here, not live events). -- //fredan
Re: The 100 Gbit/s problem in your network
I do have an suggestion for how to solve this. See my message yesterday to the mailing list. Ah, I get it, you are trying to get people to acknowledge the non-existence of your tool that does what every transparent HTTP proxy has been doing for years! ;) Where exactly do you put those transparent http proxy servers in your network? For that you do not need to do strange DNS-stealing hacks or coordination with various parties, one only has to steal port 80. There is two thing that The Last Mile Cache does _not_ do; Steal either the DNS nor the port 80 part. (I have to give it to you that it is a DNS solution part involved in TLMC as well as a reverse proxy server). It's an solution which does not force either the CSP (Content Service Provider) nor the ISP to participate in TLMC. It will tough, allow a customer of an ISP (which has to participate in TLMC in the first place) to have it's own cache server at their home. (And yes, the CSP needs to participate as well for it to work). Fortunately quite a few content providers are moving to HTTPS so that that can't happen anymore. If you want your content cached at various ISP:s around the world, encrypt the content, not the session. -- //fredan
Re: The 100 Gbit/s problem in your network
The media market has fragmented, so unless we're talking about the first week in February in the US it's not all from one source or 3 or 5. Explain further. I did not get that. So far the most common delivery format for quad HD content online rings in at around 20Mb/s so you're not delivering that to 10Mb/s customer(s). Isn't 20 Mbit/s more than 10 Mbit/s? (If so, we're taking about 10 000 customers * 20 Mbit/s = 200 000 Mbit/s or 200 Gbit/s). On the other hand, two weekends ago I bought skyrim on steam and it was delivered, all 5.5GB of it in about 20 minutes. That's not instant gratification but it's acceptable. About 40 - 50 Mbit/s. Not bad at all. Downloading software does not have to be in real-time, like watching a movie, does. -- //fredan
Re: The 100 Gbit/s problem in your network
You really think people did not have problems with the 1mbit links they had back then? Yes, I do. And you really think that we won't have problems with Zillion-HD or whatever they will call it in another 20 years? I think that this is something I'm trying to say, with the creation of this thread. That works if you are only distributing Video on Demands content. Thus the question becomes, for what would it not work? If you also want, for example, to have the possibility to distribute software, (static content as well), can you do that with Fussycast? As I asked; Static content, like in files (*.zip, *.tar.gz, *.iso, etc...) Read the documents and other related literature on that site a little bit further: you can overcome those first couple of seconds by fetching those 'quickly' using unicast. Since you are back to the Unicast thing, and as you sad the problem with the 1 Mbit/s links, I do think your question whould be: How could we put the cache servers right next to our DSLAM:s, aggregation switches (or what ever you want to place them in your network) and have everything that's static content, cached? I do have an suggestion for how to solve this. See my message yesterday to the mailing list. -- //fredan
Re: The 100 Gbit/s problem in your network
to watch the latest Quad-HD movie "Multicast" -I'm afraid it has to be unicast so that people can pause/resume anytime they need to go... well you know what I mean Works fine too with multicast, for instance with FuzzyCast: https://marcel.wanda.ch/Fuzzycast/ (I did notice that this was developed in 2001 - 2002!) That works if you are only distributing Video on Demands content. "32 seconds after the later, after the initial delay, enough data has been received such that playout can begin" So we are back to the b..u..f..f..e..r..i..n..g.. thing, again? If you also want, for example, to have the possibility to distribute software, (static content as well), can you do that with Fussycast? -- //fredan
Re: The 100 Gbit/s problem in your network
A movie is static. The content does not change despite how many times you watch it. "Multicast" Can be useful for live events, like news or sports. I give you that. -- //fredan
The 100 Gbit/s problem in your network
- Well, as it turns out, we don't have that kind of a problem. - You don't? - No, we do not have that kind of a problem in our network. We have plenty of bandwidth available to our customers, thank-you-every-much. - Do you have, just to make an example, about 10 000 customers in a specific area, like an city/county or part of a city/county? - Yes, of course! - Does these customers have at least 10 Mbit/s connection to the Internet? - Yes! Who do you think we are, like stupid! Haha! - Could all those 10 000 customers, just to make it theoretical, hit the 'play'-button on their Internet-connected-TV, at the same time, to watch the latest Quad-HD movie? - Yes. Oh wait a minute now! This is not fair! Damn. We're toast. -- //fredan
Re: Global caches
When I did post the following, I did not, as it turns out, have good documentation of how TLMC actually works. I do hope that what I've done during these days, can describe TLMC better than the current website can. So there is a file called 'document packages' on the site right now. (tlmc-20130207-r1.tar.gz) The file 'TLMC.OVERVIEW' should, hopefully, get you an better idea of how TLMC works. The complete DNS server for both the CSP and the ISP is included as well as the plug-in for the Traffic Server (which is required to let end user/customer to cache the content at their home). Does anybody know of any other CDN providers that offer similar caches? Yes. The Last Mile Cache. http://tlmc.fredan.se It's an completely open solution for everybody, both the ISP (Internet Service Provider) and CSP (Content Service Provider). -- //fredan
Re: Global caches
Does anybody know of any other CDN providers that offer similar caches? Yes. The Last Mile Cache. http://tlmc.fredan.se It's an completely open solution for everybody, both the ISP (Internet Service Provider) and CSP (Content Service Provider). -- //fredan
Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
Even tough you have very good arguments, my suggestion would be to have a class A network (I got that right, right?) for all the users and only having 6rd as service on that network. ARIN and IETF cooperated last year to allocate 100.64.0.0/10 for CGN use. See RFC 6598. This makes it possible to implement a CGN while conflicting with neither the user's RFC1918 activity nor the general Internet's use of assigned addresses. Hijacking a /8 somewhere instead is probably not a great move. Ok. If I have calculated the netmasks right that would mean to set aside: 2001:0DB8:6440::/42 for the use of 6rd service: 2001:0DB8:6440:::/64 = 100.64.0.0 2001:0DB8:647F:::/64 = 100.127.255.255 -- //fredan http://tlmc.fredan.se
Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
I would hope that PlusNet has valid, well-thought-out reasons for deploying CGN instead of IPv6. Not knowing those, I can only jugde their position on its face: foolish and short-sighted. Move along, nothing to see here. Barring a few fanatics, everyone here has known for several years now that CGN would be required for continuing IPv4 support regardless of the progress of IPv6. If you spin it right, it's a "Free network-based firewall to be installed next month. Opt out here if you don't want it." And the fewer than 1 in 10 folks who opt out really aren't a problem. Even tough you have very good arguments, my suggestion would be to have a class A network (I got that right, right?) for all the users and only having 6rd as service on that network. -- //fredan http://tlmc.fredan.se
Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
From the article: "Faced with the shortage of IPv4 addresses and the failure of IPv6 to take off, British ISP PlusNet is testing carrier-grade network address translation CG-NAT, where potentially all the ISP's customers could be sharing one IP address, through a gateway. The move is controversial as it could make some Internet services fail, but PlusNet says it is inevitable, and only a test at this stage." http://tech.slashdot.org/story/13/01/16/1417244/uk-isp-plusnet-testing-carrier-grade-nat-instead-of-ipv6 I'm only here to bring you the news. So don't complain to me... -- http://tlmc.fredan.se
do not filter your customers - part2
If we are gonna start to get somewhere with this issue, how about to make sure the routing/prefix databases is correct first? Please see: https://www.fredan.se/temp/prefixes.tar In that file you will find 'not_allowed_to_announce6' which contains about 2307 prefixes of ipv6 which is not in any routing/prefix databases OR the prefix that was submitted to it was wrong (probably the syntax of that prefix). Which bring us to the next question. Why on earth is it possible to submit a faulty prefix into a database today? Why is there (basically) no verification at all? Please take a look at 'databases_to_prefixes.sh' see what's going on (ok, some of the databases is probably for internal use only and we need to filter that - but it is so much more that needs to be filtered). Also in that file you will find 'prefixes4' and 'prefixes6' which contains all the prefixes after all the checking has been made (One prefix per line). These two files could be really useful for everybody in this community if someone (like the RIR:s) made those available to all of us, so we don't have to download all the databases, just the prefixes (And I know that AS52011 is announce to two prefixes which is not in the databases. Thank you very much). -- //fredan
Re: Question on 95th percentile and Over-usage transit pricing
I like thisone! > As I recall, their scheme went something like: > invoice_amount = some_constant * (quantity)^0.75 -- //fredan
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
Tony, Thanks for this explanation! I think this is what I've been looking for regarding securing DNSSEC. > > and how about a end user, who doesn't understand a computer at all, to > > be able verify the signatures, correctly? > > The current trust model for DNSSEC relies on the vendor of the validator > to bootstrap trust in the root key. This is partly a matter of pragmatism > since the validator is a black-box agent acting on the user's behalf, like > any other software. > > It is also required by the root key management policies, since a root key > rollover takes a small number of weeks, much shorter than the > not-in-service shelf life of validating software and hardware. This means > that a validator cannot simply use the root key as a trust anchor and > expect to work: it needs some extra infrastructure supported by the vendor > to authenticate the root key if there happens to have been a rollover > between finalizing the software and deploying it. > > Tony. -- //fredan
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
> > > > How about a TXT record with the CN string of the CA cert subject in > > > > it? If it exists and there's a conflict, don't trust it. Seems > > > > simple enough to implement without too much collateral damage. > > > > > > Needs to be a DNSSEC-validated TXT record, or you've opened yourself up > > > to attacks via DNS poisoning (either insert a malicious TXT that > > > matches your malicious certificate, or insert a malicious TXT that > > > intentionally *doesn't* match the vicitm's certificate) > > > > And how do you validate the dnssec to make sure that noone has tampered > > with it. > > Since you are from Sweden, and in an IT job, you probably have personal > relations to someone who has personal relations to one of the swedes > or other nationalities that were present at the key ceremonies for the > root. Once you've established that the signatures on the root KSK are good > (which -- because of the above -- should be doable OOB quite easily for > you) you can start validating the entire chain of trust. > > Quite trivial, in fact. and how about a end user, who doesn't understand a computer at all, to be able verify the signatures, correctly? -- //fredan
Re: vyatta for bgp
> The days of public-facing software-based routers were over years ago - you > need an ASIC-based edge router, else you'll end up getting zorched. wait, what? -- //fredan
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
> > How about a TXT record with the CN string of the CA cert subject in it? > > If it exists and there's a conflict, don't trust it. Seems simple > > enough to implement without too much collateral damage. > > Needs to be a DNSSEC-validated TXT record, or you've opened yourself up > to attacks via DNS poisoning (either insert a malicious TXT that matches > your malicious certificate, or insert a malicious TXT that intentionally > *doesn't* match the vicitm's certificate) And how do you validate the dnssec to make sure that noone has tampered with it. -- //fredan
Re: World IPv6 Only Day.
Well, that's another problem. To make a long story short, the network (not mine and I don't have any kind of control over that either) that my customers (including me) are using, did put in new equipment (a switch) over a year ago and after that I lost my IPv6 connection that I had previously. That switch does not support IPv6 it turns out. This is exactly the things that the customers really need to better understand and why it's not gonna work for them. You did miss a thing: $ dig mx fredan.se ;; ANSWER SECTION: fredan.se. 3597IN MX 10 mail.fredan.se. ;; ADDITIONAL SECTION: mail.fredan.se. 3597IN A 77.105.235.102 mail.fredan.se. 3597IN 2001:4db8:e001::2::17 So I do have a IPv6 connection but not to my customers. > > How about that one? > > > > (Please reply to the mailing list only) > > You wouldn't be posting to the list... :-) > > Received: from [77.105.232.43] (port=53699 helo=fredan-pc.localnet) > by mail.fredan.se with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) > (Exim 4.71) (envelope-from) > id 1QURHg-0004ZJ-4d > for nanog@nanog.org; Thu, 09 Jun 2011 00:31:32 +0200 -- //fredan
World IPv6 Only Day.
How about that one? (Please reply to the mailing list only) -- //fredan
Re: [v6z] Re: IPv6 day fun is beginning!
Sorry about this. When asked for the right thing it does resolv! $ dig www.facebook.com ;; QUESTION SECTION: ;www.facebook.com. IN ;; ANSWER SECTION: www.facebook.com. 30 IN 2620:0:1c08:4000:face:b00c:0:3 > That's because you're asking the wrong nameservers. The response you're > getting is pointing you to the correct nameservers (glb1/glb2.facebook.com) > which are defintely returning records for me : > > $ dig +short www.facebook.com @glb1.facebook.com > 2620:0:1c08:4000:face:b00c:0:3 > > Scott. > > > On Tue, Jun 7, 2011 at 5:04 PM, fredrik danerklint > > wrote: > > This is from Sweden. > > > > $ dig any www.facebook.com @ns1.facebook.com > > > > ; <<>> DiG 9.7.3 <<>> any www.facebook.com @ns1.facebook.com > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61742 > > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 > > ;; WARNING: recursion requested but not available > > > > ;; QUESTION SECTION: > > ;www.facebook.com. IN ANY > > > > ;; AUTHORITY SECTION: > > www.facebook.com. 86400 IN NS glb1.facebook.com. > > www.facebook.com. 86400 IN NS glb2.facebook.com. > > > > ;; ADDITIONAL SECTION: > > glb1.facebook.com. 3600IN A 69.171.239.10 > > glb2.facebook.com. 3600IN A 69.171.255.10 > > > > ;; Query time: 58 msec > > ;; SERVER: 204.74.66.132#53(204.74.66.132) > > ;; WHEN: Wed Jun 8 02:01:37 2011 > > ;; MSG SIZE rcvd: 104 > > > > > > No records at the moment. Checked alll their nameservers. > > > > -- > > //fredan -- //fredan
Re: IPv6 day fun is beginning!
This is from Sweden. $ dig any www.facebook.com @ns1.facebook.com ; <<>> DiG 9.7.3 <<>> any www.facebook.com @ns1.facebook.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61742 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.facebook.com. IN ANY ;; AUTHORITY SECTION: www.facebook.com. 86400 IN NS glb1.facebook.com. www.facebook.com. 86400 IN NS glb2.facebook.com. ;; ADDITIONAL SECTION: glb1.facebook.com. 3600IN A 69.171.239.10 glb2.facebook.com. 3600IN A 69.171.255.10 ;; Query time: 58 msec ;; SERVER: 204.74.66.132#53(204.74.66.132) ;; WHEN: Wed Jun 8 02:01:37 2011 ;; MSG SIZE rcvd: 104 No records at the moment. Checked alll their nameservers. -- //fredan
Re: Microsoft's participation in World IPv6 day
Two thing about this one after have read the manual of this product. This is probably for the american market. I'm in europe. Second, nowhere in their manual is the word "ipv6" or "v6" found. > Have a ZyXEL VSG1432 right behind me where the IPv6 works pretty good > (http://www.getipv6.info/index.php/Broadband_CPE#DSL). All the DSL modem > vendors could stand improving their GUI. > > Frank > > -Original Message- > From: fredrik danerklint [mailto:fredan-na...@fredan.se] > Sent: Friday, June 03, 2011 7:27 AM > To: nanog@nanog.org > Subject: Re: Microsoft's participation in World IPv6 day > > The problem is not all on Microsoft at this case. > > > For example; I've bought a ZyXEL P-2612HNU-F1(which has > 802.11n Wireless ADSL 2+ 4-port gateway 2 SIP 2 USB 3G Backup) > in december 2010. It basiclly has everything in it. > > How do I as a customer do to have a working IPv6 setup on this modem since > ZyXEL, basicilly, has decide that it will not support IPv6 at all? > > I mean, you can not say it does not have the the cpu power for handling > IPv6 > > when it can also act as a fileserver and a printserver for example. > > What they (ZyXEL) are saying to me (for not haveing IPv6 at this moment) is > that they don't have the skills to implement IPv6 in their current > products. > > > Think about all the CPE that will not be upgraded, since those that makes > them > don't care at all, even tough it probably has the cpu power to handle IPv6. > > > And I haven't even started at the network equiment that exists between me > as a > ISP and my customer (this equiment is out of my control), that can't handle > IPv6 even if my customer got an working CPE with IPv6. > > > How fun is that? > > > http://support.microsoft.com/kb/2533454/ > > > > Uh... > > > > -Bill -- //fredan
Re: Microsoft's participation in World IPv6 day
The problem is not all on Microsoft at this case. For example; I've bought a ZyXEL P-2612HNU-F1(which has 802.11n Wireless ADSL 2+ 4-port gateway 2 SIP 2 USB 3G Backup) in december 2010. It basiclly has everything in it. How do I as a customer do to have a working IPv6 setup on this modem since ZyXEL, basicilly, has decide that it will not support IPv6 at all? I mean, you can not say it does not have the the cpu power for handling IPv6 when it can also act as a fileserver and a printserver for example. What they (ZyXEL) are saying to me (for not haveing IPv6 at this moment) is that they don't have the skills to implement IPv6 in their current products. Think about all the CPE that will not be upgraded, since those that makes them don't care at all, even tough it probably has the cpu power to handle IPv6. And I haven't even started at the network equiment that exists between me as a ISP and my customer (this equiment is out of my control), that can't handle IPv6 even if my customer got an working CPE with IPv6. How fun is that? > http://support.microsoft.com/kb/2533454/ > > Uh... > > -Bill -- //fredan
Re: Tightened DNS security question re: DNS amplification attacks.
At 12:07:16 local time here in sweden, I saw a new address 70.86.80.98. At 12:09:36 another new address 64.57.246.123 At 12:20:10 the address 70.86.80.98 started to ask for funny domain name like: "pjphcdfwudgaaabaaacboinf". This ended at 12:55:01 when it was back to just ask for the .NS records again. -- //Fredrik Danerklint //Fredan