Re: Companies using public IP space owned by others for internal routing
I had a vendor at $dayjob prior to my arrival who assigned all their customers ip space based on the customer number. when i got there all the internal network was assigned space from an company in the middle east. $dayjob didn't have the in-house knowledge to know what was going on and as they never worried about the middle east it didn't affect their business. On Sun, Dec 17, 2017 at 3:25 PM, Jens Link wrote: > Matt Hoppes writes: > > > Had a previous employee or I discovered it on the network segment after > > we had some weird routing issues and had to get that cleaned up. I don't > > know why anyone would do that when there is tons of private IP space. > > Excuse 1: "We'll never connect to the internet!" > > Excuse 2: "It's only temporary!" > > Excuse 3: Typo (At some customers customer I found 192.!168 address which > where apparently a typo but in use for years so nobody wanted > to change it.) I also know one company who is using (has > used?) 2001:8db::/48. I suggested to get v6 PI an properly > implement IPv6 but never heard from them again. > > Excuse 4: "We used the addresses from out training material." - I heard > this story some time ago: A large German government agency > wanted to implement IP(v4) and the people attended a course > about this new TCP/IP stuff at $Vendor. The training material > was prepared by a student who was using his university's /16 as > an example. > > BTW: Is the Cisco WLC 1.1.1.1 as default address for DHCP? > > Jens > -- > > > | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 > | > | http://blog.quux.de | jabber: jensl...@quux.de| > --- | > > >
Re: Issues with 4-octet BGP AS and Akamai?
Greg, I don't see a routing database object for your routes pointing too your AS394666 /24's, I only see one for AS12 for the /23 and /24's. It is possible (and probable) you are being filtered due to that. james route: 216.165.124.0/23 descr: NEW YORK UNIVERSITY (added by MAINT-AS6517) origin: AS12 remarks: This route object was registered by Global Cloud Xchange MAINT-AS6517 on behalf of their customer: NEW YORK UNIVERSITY notify: supp...@relianceglobalcom.com mnt-by: MAINT-AS6517 changed: supp...@globalcloudxchange.com 20160506 #00:49:14Z source: RADB (125-127) route: 216.165.127.0/24 descr: New York University Medical Center (maintained by NYU NOC) origin: AS12 mnt-by: MAINT-AS12 changed: n...@nyu.edu 20121121 #16:23:31Z source: RADB
Re: Issues with 4-octet BGP AS and Akamai?
Greg, I have a 4 byte ASN and have not had any issues with reach ability, including the 2 websites you have linked. James
Re: Internet access for security consultants - pen tests, attack traffic, bulk e-mail, etc.
On Mon, Sep 11, 2017 at 3:40 PM, Sean Pedersen wrote: > We were recently approached by a company that does security consulting. > Some > of the functions they perform include discovery scans, penetration testing, > bulk e-mail generation (phishing, malware, etc.), hosting fake botnets - > basically, they'd be generating a lot of bad network traffic. Targeted at > specific clients/customers, but still bad. As an ISP, this is new territory > for us and there are some concerns about potential impact, abuse reports, > reputation, authorization to perform such tests, etc. > > > > Does anyone have experience in this area that would be willing to offer > advice? > > > From a customer point of view: We have written agreements with our vendors on who they can and can not send this traffic from, where exactly it is coming from and what type of traffic it will be. One reason our vendor does this is to not get on black hole/spam lists or to cause their ISP issues, as well as having proof that they are allowed to send specific traffic to specific addresses for a specific time period. The test managers then know what to expect and to head off abuse notifications after detection of the specific traffic. We, also, use this traffic to test other vendors we might have and only after detection we will have white lists or black lists put in place as warranted. I would expect the company in question to be able to provide documentation that could track any specific traffic back to an engagement that has the approval of their customer. If they have been around for a bit they should have a track record and may have current IP space that could be vetted to see what condition it is in. Are they leaving it or adding too it. If they are leaving their current space then find out why. James
Re: Domain renawals
so who would you quantify as secure and reliable? who does not require additional "services" besides registration or spend all their time trying to upsell you? james On Wed, Sep 21, 2016 at 10:18 AM, Jim Mercer wrote: > > cheap, secure, reliable > > pick two. > > --jim > > On Mon, Sep 19, 2016 at 12:19 PM, Jeff Jones > wrote: > > Sorry if this is low level. But are people sick of registrars jacking up > > prices? Who is the cheapest and most reliable? I have been using > whois.com, > > networksolutions.com and am looking for input on who is cheap, secure, > > reliable registrar. Thanks for your input. > > -- > Jim Mercer Reptilian Research j...@reptiles.org+1 416 410-5633 > > Life should not be a journey to the grave with the intention of > arriving safely in a pretty and well preserved body, but rather > to skid in broadside in a cloud of smoke, thoroughly used up, > totally worn out, and loudly proclaiming "Wow! What a Ride!" > -- Hunter S. Thompson >
Re: IPv6 Deployment for Mobile Subscribers
Ricardo, I know from previous discussions on this list that Android phones are looking for DHCPD leases and not /128's or /64's. From what I remember this is due to the current requirement for multiple ipv6 subnets for various applications (vpns among others) to function correctly. As a result Google has disabled Android from receiving a DHCP lease as it wasn't long enough. if you look back about 6 months there is probably 100+ posts on the subject. All I really know is that I can not provide an ipv6 dhcp lease to an android phone and have it receive the address. james On Fri, Jul 22, 2016 at 1:54 AM, Ricardo Ferreira < ricardofbferre...@gmail.com> wrote: > Is there anyone here working in an ISP where IPv6 is deployed? > We are starting to plan the roll-out IPv6 to mobile subscribers (phones) I > am interesting in knowing the mask you use for the assignment; whether it > is /64 or /128. > > In RFC 3177, it says: > 3. Address Delegation Recommendations > >The IESG and the IAB recommend the allocations for the boundary >between the public and the private topology to follow those general >rules: > > - /48 in the general case, except for very large subscribers. > - /64 when it is known that one and only one subnet is needed by > design. > - /128 when it is absolutely known that one and only one device > is connecting. > > Basically a sole device will be connecting to the internet so I am > wondering if this rule is follwed. > > Cheers > > -- > Ricardo Ferreira >
Re: Netflix banning HE tunnels
http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/ fusion just did a story on how this. On Wed, Jun 8, 2016 at 3:10 PM, Spencer Ryan wrote: > The center of the US is maxmind's unknown location. Fill out the form and > they'll correct it. > > > *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net > *Arbor Networks* > +1.734.794.5033 (d) | +1.734.846.2053 (m) > www.arbornetworks.com > > On Wed, Jun 8, 2016 at 6:09 PM, Ricky Beam wrote: > > > On Wed, 08 Jun 2016 17:24:48 -0400, Matthew Huff wrote: > > > > What does https://www.maxmind.com/en/geoip-demo show for your IPv6 > >> prefix? If it is incorrect, try > >> https://support.maxmind.com/geoip-data-correction-request/ > >> > >> > > HAH. Funny... 39.76,-98.5 for every HE address I enter. And it's not like > > they haven't been registered for years. (that's the center of the US, > btw.) > > >
TeamNANOG youtube video seeding
First I am thrilled to see older Nanog meetings making it to youtube. Having said that can the people putting up the files put the Nanog meeting number in the title of the videos to make it easier to search and determine relevance? Thanks, james
Re: Cogent BGP Woes
Justin, What are you trying to do? I had a similar situation as my rep got the wrong product for BGP. I actually cleaned it up by talking to support and I had to fill out a second BGP questionnaire but it was resolved and turned up in a couple of days. James On Thu, Oct 15, 2015 at 11:38 AM, Justin Wilson - MTIN wrote: > Have the rest of you been having as hard a time I am having in turning up BgP > sessions with Cogent? They have made it a sales order nowadays instead of > support. I filled out the questionnaire on the support site over 3 weeks ago > and was directed to sales. I am going on 3 weeks waiting on a session to be > turned up. > > Just wondering if I am alone. > > > Justin Wilson > j...@mtin.net > > --- > http://www.mtin.net Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com COO/Chairman > Internet Exchange - Peering - Distributed Fabric >
Re: Branch Location Over The Internet
On Aug 11, 2015 11:22 AM, "Colton Conor" wrote: > > We have an enterprise that has a headquarter office with redundant fiber > connections, its own ASN, its own /22 IP block from ARIN, and a couple of > gigabit internet connections from multiple providers. The office is taking > full BGP routes from tier 1 providers using a Juniper MX80. > > They are establishing their first branch location, and need the branch > location to be able to securely communicate back to headquarters, AND be > able to use a /24 of headquarters public IP addresses. Ideally the device > at the HQ location would hand out public IP address using DHCP to the other > side of the tunnel at the branch location. > > We know that in an ideal world it would be wise to get layer 2 transport > connections from HQ to the branch location, but lets assume that is not an > option. Please don't flood this thread about how it could be an option > because it's not at this time. This setup will be temporary and in service > for the next year until we get fiber to the branch site. > > Let's assume at the branch location we can get a DOCSIS cable internet > connection from a incumbent cable provider such as Comcast, and that > provider will give us a couple static IP address. Assume as a backup, we > have a PPPoE DSL connection from the ILEC such as Verizon who gives us a > dynamic IP address. > > What solution could we put at the HQ site and the branch site to achieve > this? Ideally we would want the solution to load balance between the > connections based on the connections speeds, and failover if one is down. > The cable connection will be much faster speed (probably 150Mbps down and > 10 Upload) compared to the DSL connection (10 download and 1 upload). If we > need more speed we can upgrade the cable modem to a higher package, but for > DSL that is the max speed so we might have to get multiple DSL lines. The > cable solution could always be used as the primary, and the DSL connection > could only be used as backup if that makes things easier. > > If you were to do this with Juniper or Cisco gear what would you have at > each location? What technology would you use? > Colton, The Cisco solution for this would be Cisco Intelligent WAN (iWAN) utilizing ASRs and ISRs. iWAN utilizes a combination of DMVPNs and pFR to make this happen. Another name I've heard but have no feedback on is Viptela > I know there is Pepewave and a couple of other software solutions that seem > to have a proprietary load balancing solutions developed, but I would > prefer to use a common Cisco or Juniper solution if one exists. > > There will be 50 users at the branch office. There is only one branch > location at this time, but they might expand to a couple more but under 10. James
Re: Inexpensive software bgp router that supports route tags?
David, check out exabgp https://github.com/Exa-Networks/exabgp james On Wed, Jul 1, 2015 at 8:19 AM, David H wrote: > Hi all, I was wondering if anyone can recommend a software (preferable), or > hardware-based router with an API, that supports BGP with tags on > advertised routes? I want to use it for a RTBH feed and having it in > software would make certain things easier to automate. I tried > Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers > have an API, but I can't tell if the API supports adding BGP networks, so I > need to investigate that further. I can go hardware if I have to, with > some ssh/expect scripts, but thought there may be other options that are > easier. > > Thanks, > > David
Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6
On Tue, Jun 30, 2015 at 1:43 PM, Ricky Beam wrote: > On Tue, 30 Jun 2015 10:28:13 -0400, Justin M. Streiner > wrote: >> >> There are still isolated pockets of devices out there speaking IPX, >> DECnet, Appletalk, etc > > > Indeed. I'm one of them. (rarely) ... IPX managed print server. It speaks > IP, but cannot be managed by IP. I'd throw it away, but it functions as a > two port serial terminal server as well. (2 parallel, 2 serial) > > I don't have any true appletalk (or localtalk!) hardware anymore. But I know > where there's a palet of them. :-) > > I still have MCA token-ring cards for an RS/6000 (and the RS/6000.) I'm just > waiting for the NCDOT to need one to recoup a wad of tax money. > >> or their traffic passes through other devices that encapsulate and >> de-encapsulate it in IP to allow it to be transported. > > > A, the "internet in a box" IPX-IP gateway device. God, how we hated > those things. But some companies refused to install an IP stack, 'tho they'd > install the IPX "IP app" suite. (late '90s) But how much memory you could save if you only ran IPX. Adding the IP stack would take you below 500K and then you would have programs that just wouldn't run. QEMM could only do so much.
Re: Issues encountered with assigning .0 and .255 as usable addresses?
On Mon, Oct 22, 2012 at 6:49 PM, Justin Krejci wrote: > And since owen has not yet mentioned it, consider something that supports > having : in its address as well. > > Sort of tangentially related, I had a support rep for a vendor once tell me > that a 255 in the second or third octet was not valid for an ipv4 address. > Hard to troubleshoot a problem when I had to first explain how ip addressing > worked because the rep was so fixated on the 255 we were using on the > network. If any product really doesn't like 255 in any position then you > should consider yourself lucky to still be in business at all. Jimmy Hess > wrote:On 10/22/12, Paul Zugnoni > wrote: > [snip] >> Any experience or recommendations? Besides replace the ISA proxy…. Since >> it's not mine to replace. Also curious whether there's an RFC recommending >> against the use of .0 or .255 addresses for this reason. > > ISA is old, and might not be supported anymore, unless you have an > extended support contract. If it's not supported anymore, then don't > be surprised if it has breakage you will not be able to repair. I > don't recommend upgrading to TMG, either: although still supported, > that was just discontinued. > > If ISA is refusing traffic to/from IPs ending in .0, then ISA is > either broken, or misconfigured. > Get a support case with the vendor, raise it as a critical issue -- > unable to pass traffic to critical infrastructure that ends with a > .255 or .0 IP address, demand that the vendor provide a resolution, > And explain that changing the IP address of the remote server is not an > option. > > > If the vendor can't or won't provide a resolution, then not only is > the proxy server broken, > but malfunctioning in a way that has an impact on network connectivity. > > I would consider its removal compulsory, as you never know, when a > network resource, web site, e-mail server, etc. your org has a > business critical need to access, or be accessed from; may be > placed on .255 or .0 > > -- > -JH > this was also discussed back in August in this thread http://mailman.nanog.org/pipermail/nanog/2012-August/051290.html james
Re: Detection of Rogue Access Points
On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers wrote: > I like the idea of looking at the ARP table periodically, but this presents > some possible issues for us. The edge routers at our remote sites are Cisco > 1841 devices, typically with either an MPLS T1 or a Public T1 (connected > via an IAD owned by Centurylink; router to router, so dumb). Aside from > manually logging in to those individual routers (all 140 or so of them) and > checking them on a schedule, can anyone think of a good way to capture that > information automatically? If I had to I could probably come up with a > script to log in to them and scrape the info then process it but...eww. > quite a few people have leveraged RANCID (http://www.shrubbery.net/rancid/) for doing stuff like this. it is made to pull configs from routers on a cycle and produces text files that can be worked with. you can use the tools that are there to pull specific information, such as arp tables, and then process the resultant files with your scripting language of choice. check the mail list for examples of this kind of thing. > Another possible option (although costly) is installing a Ruckus device at > each location; we have a Ruckus infrastructure at our HDQ and it works > great (almost too good, it's super sensitive) at picking up rogues. A > Ruckus WAP could talk to our ZoneDirector appliance and do that for us at > each site, I think, but it may be difficult to justify the cost. > > --JR > james
Re: Level 3 BGP Advertisements
On Thu, Aug 30, 2012 at 11:50 AM, Blake Hudson wrote: > Matt Addison wrote the following on 8/29/2012 6:08 PM: > >> Sent from my mobile device, so please excuse any horrible misspellings. >> >> On Aug 29, 2012, at 18:30, james machado wrote: >> >>> On Wed, Aug 29, 2012 at 1:55 PM, STARNES, CURTIS >>> wrote: >>>> >>>> Sorry for the top post... >>>> >>>> Not necessarily a Level 3 problem but; >>>> >>>> We are announcing our /19 network as one block via BGP through AT&T, not >>>> broken up into smaller announcements. >>>> Earlier in the year I started receiving complaints that some of our >>>> client systems were having problems connecting to different web sites. >>>> After much troubleshooting I noticed that in every instance the xlate in >>>> our Cisco ASA for the client's IP last octet was either a 0 or 255. >>>> Since I am announcing our network as a /19, the subnet mask is >>>> 255.255.224.0, that would make our network address x.x.192.0 and the >>>> broadcast x.x.223.255. >>>> So somewhere the /24 boundary addresses were being dropped. >>>> >>>> Just curious if anyone else has seen this before. >>> >>> some OS's by M and others as well as some devices have IP stacks which >>> will not send or receive unicast packets ending in 0 or 255. have had >>> casses where someone was doing subnets that included those in the DCHP >>> scopes and the computers that received these addresses were black >>> holes. >>> >>> james >> >> MSKB 281579 affects XP home and below. Good times anytime someone adds >> a .0 or .255 into an IP pool. >> > It might be relevant to note that XP and below is simply respecting classful > boundaries. This does not affect all .0 or .255 address, just class C > addresses (192.0.0.0 through 223.255.255.255) that end with .0 or .255. If > your IP range is 0.0.0.0 - 191.255.255.255 you are not affected (by this > particular bug) by using .0 or .255 as the last octet unless the address is > ALSO the last octet of the classful boundary for your subnet. In effect, > these OS's simply enforce classful boundaries regardless of the subnet mask > you have set. As the KB states, this "bug" affects supernets only. I'm not > trying to defend MS (they can do that themselves), but your statement was > misleading. I can distinctly remember having the issue in 10/8 address space with Win2k and WinXP > > We do, sometimes, use .0 and .255 addresses. Most clients work fine with > them (including XP). However, I have personally seen a few networks where an > administrator had blocked .0 and .255 addresses, causing problems for people > on his network communicating to hosts that ended in .0 or .255. It has been > years since I have seen an issue with a .0 or a .255 IP however. Given fears > over IP shortages, even a couple percent of addresses wasted due to > subnetting can be cause for adjusting network policy. I would not be > surprised if folks who excluded .0 and .255 addresses from their assignable > pools will re-evaluate that decision over the next few years. > > --Blake > > >
Re: Level 3 BGP Advertisements
On Wed, Aug 29, 2012 at 1:55 PM, STARNES, CURTIS wrote: > Sorry for the top post... > > Not necessarily a Level 3 problem but; > > We are announcing our /19 network as one block via BGP through AT&T, not > broken up into smaller announcements. > Earlier in the year I started receiving complaints that some of our client > systems were having problems connecting to different web sites. > After much troubleshooting I noticed that in every instance the xlate in our > Cisco ASA for the client's IP last octet was either a 0 or 255. > Since I am announcing our network as a /19, the subnet mask is 255.255.224.0, > that would make our network address x.x.192.0 and the broadcast x.x.223.255. > So somewhere the /24 boundary addresses were being dropped. > > Just curious if anyone else has seen this before. some OS's by M and others as well as some devices have IP stacks which will not send or receive unicast packets ending in 0 or 255. have had casses where someone was doing subnets that included those in the DCHP scopes and the computers that received these addresses were black holes. james
Re: BGPttH. Neustar can do it, why can't we?
On Mon, Aug 6, 2012 at 3:55 PM, Owen DeLong wrote: > That's simply not true at all... > > Let's look at what it takes to configure BGP as I suggested... > > 1. The ASN number of the two providers > 2. The ASN to be used for the local side > 3. The IP Address to use on the local end of each connection > 4. The IP Address to peer with on each connection > 5. Te prefix(es) to be advertised. > > Of these 5, only items 2 and 5 have to come from the customer and the > customer needs to provide both of these to both ISPs anyway for them to > configure their side. > > It would be trivial for providers and CPE vendors to develop a standardized > API by which a router could retrieve all 5 pieces of information for a given > connection once that connection is plugged in to the router. It could > literally be as simple as: > > 1. Port gets address via SLAAC or DHCP > 2. Port retrieves XML configuration document from > http://bgpconfig.local (or user-specified URL provided by ISP, or whatever) > > 6939 > 65512 > 192.0.2.21/30 > > 2001:db8:1fea:93a9::1/64 > 192.0.2.22/30 > > 2001:db8:1fea:93a9::2/64 > > > 203.0.113.0/24 > > 198.51.100.0/24 > > 0.0.0.0/0 > > > > (Yes, I realize that is a bit of an oversimplification of the XML syntax, but > you get the idea) > > 3. Router configures port and BGP session according to received > XML document, including > appropriate prefix filters. > > 4. Router runs with that XML based configuration as long as > link-state and power remain. > > That would allow a zeroconf BGP-enabled router in relatively small hardware > accepting a default route that would work at least as well as today's > dual-NAT based boxes. Note that BGP is not redesigned or even altered to > achieve this. Since Linksys/DLink/Netgear/$EVERYONE already has web servers > and clients embedded in their gear, the XML parser (or JSON or whatever they > choose to use for standard encoding) would be pretty straight forward. > >From a SMB perspective this is part of the problem. Why pay for: 1. An ASN 2. 2 BGP connections 3. PI space 4. More expensive hardware (potentially and probably) when I'm only going to get a Default Route? I've added complexity to my life, administrative and OPEX overhead when I'm getting no benefits of BGP other than a default route. I can get a default route from a provider without adding complexity and overhead. An SMB who does not have a staff on hand wants it cheap and to work. Everything else is a potential expense they don't want to spend. They don't want to have to call either their support company or vendor because the "Internet is down", at most they want to pull the power on the router and plug it back in and have it all work. At best they want to only know what that "little black box with the blinky lights" is when someone packs it into a box because it's wasting power and now the "Internet is broken". >From an SMB who has a staff on hand it still may not be worth it if they don't have someone who is BGP smart. And truth to tell *you* don't want more BGP idiots polluting the routing table either intentionally or unintentionally. Conversely if you do make BGP that available to SMB's and home users (not necessarily a bad thing) the issues with routing table size has to be dealt with. Right now there are roughly 42K ASes with routes in the routing table. Add SMB's and home users and your looking at potentially millions of ASes with routes in the routing table. Heck if you *only* double the ASes and associated routes many many routers are going to crash and need replacement. > Yes, the operator/provider has to do some additional configuration, but > speaking as a network operator, I know that this can be automated because the > management of BGP configurations, including the filters _IS_ that automated > where I work. If the provider is telling the router which prefixes to permit > announcement of through the configuration URL, then it's even more reliable, > right? > > Owen > > On Aug 6, 2012, at 15:05 , Scott Helms wrote: > >> Owen, >> >>That's like saying if it were easy to fly we'd all be pilots, which isn't >> true either. BGP would need to be completely redesigned/replaced before it >> could possibly be automated to that level much less implemented by the >> Lynksis/DLink/Netgear/$yourfavoritesohorouter vendor. Business would need a >> reason to implement BGP and most simply don't AND BGP would have to be >> dram
Re: Shim6, was: Re: filtering /48 is going to be necessary
2012/3/14 Masataka Ohta : < stuff deleted > > For high speed (fixed time) routed look up with 1M entries, SRAM is > cheap at /24 and is fine at /32 but expensive and power consuming > TCAM is required at /48. > > That's one reason why we should stay away from IPv6. > > Masataka Ohta > I found this bit of research from 2007 ( http://www.cise.ufl.edu/~wlu/papers/tcam.pdf ). It seems to me there are probably more ways to mix and match different types of ram to be able to deal with this beast. james
Re: [rt-users] External Auth using Active Directory 2008
my apologies - fat fingered the email address james
Re: [rt-users] External Auth using Active Directory 2008
I would use ldapsearch on that machine to make sure you can bind to the AD server using the login credentials in your Site_Config. Make sure you are using the proper certificates to connect via the TLS you have configured. I've noticed that being one of the biggest problems with ldap and Windows 2008 and 2008 R2 AD servers. james
Re: Windows UDP packet generator software?
d-itg works very well. http://www.grid.unina.it/software/ITG/index.php you can create reports of loss/jitter etc. windows and qos don't work so don't try setting qos values as they will just be reset to 0 by the windows tcp/ip stack. james
Re: flow generating tool
you might also try D-ITG http://www.grid.unina.it/software/ITG/index.php james
Re: IPv6 end user addressing
> It isn't hard to do some arithmetic and guess that if every household > in the world had IPv6 connectivity from a relatively low-density > service like the above example, we would still only burn through about > 3% of the IPv6 address space on end-users (nothing said about server > farms, etc. here) but what does bother me is that the typical end-user > today has one, single IP address; and now we will be issuing them 2^16 > subnets; yet it is not too hard to imagine a future where the global > IPv6 address pool becomes constrained due to service-provider > inefficiency. > what is the life expectancy of IPv6? It won't live forever and we can't reasonably expect it too. I understand we don't want run out of addresses in the next 10-40 years but what about 100? 200? 300? We will run out and our decedents will go through re-numbering again. The question becomes what is the life expectancy of IPv6 and does the allocation plan make a reasonable attempt to run out of addresses around the end of the expected life of IPv6. > Jeff S Wheeler > Sr Network Operator / Innovative Network Concepts > > james
Re: dynamic or static IPv6 prefixes to residential customers
> I would argue that I am not an "abnormal" household by any definition other > than > my internet access and that even by that definition, I am not particularly > abnormal > where I live. > your based out of san jose, there might not be any other area like that in the U.S. as far as connectivity and concentration of i.t. savy. there might be 10 cities in the U.S. with the same infrastructure and availability as you have accessible. there are not 50. while not abnormal where you live, it is abnormal to the rest of the country. > There are many people I know of with much more expensive and elaborate > internet connectivity to their houses than what I have within 30 miles of me. > > While I don't think I represent the typical residential ISP customer, I do > think that > the typical customer will eventually learn what static addressing is and will > want > it for a variety of reasons. > > Owen scott's user base is more typical than what you can find in your neighborhood. i am sure some of the same users live within 30 miles of you too but you,i, scott, or anybody else on this list can not be considered normal in this respect. james
Re: dynamic or static IPv6 prefixes to residential customers
On Tue, Aug 2, 2011 at 3:28 PM, Joel Jaeggli wrote: > > On Aug 2, 2011, at 2:42 PM, james machado wrote: > >>>> Lets look at some issues here. >>>> >>>> 1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat >>>> will be able to qualify for their own end user assignment from ARIN. >>>> >>> >>> Interesting... >>> >>> I have a "normal household". >>> I lack 2.5 kids and have no dog or cat. >>> >>> I have my own ARIN assignment. >>> >>> Are you saying that the 2.5 kids and the dog/cat would disqualify them? I >>> can't >>> find such a statement in ARIN policy. >>> >>> Are you saying that a household that multihomes is abnormal? Perhaps today, >>> but, not necessarily so in the future. >>> >> >> Yes I am saying a household that mulithomes is abnormal and with >> today's and contracted monopolies I expect that to continue. You are >> not a normal household in that 1) you multihome 2) you are willing to >> pay $1500+ US a year for your own AS, IP assignments > > while I don't disagree with the assertion that this is unrealistic the annual > fee is $100 per org-id for direct assignments. sorry was unclear - I was guessing $1500+ for ASnumer + IP Assignments but not counting ISP costs for a year. Looks like ARIN is charging about $1250 per year for a new IPv6 assignment and the AS yearly cost is rolled into that. Granted ISP costs will probably be in the ballpark of $150 per month for 2 consumer grade connections and more for business or better connections. James
Re: dynamic or static IPv6 prefixes to residential customers
>> Lets look at some issues here. >> >> 1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat >> will be able to qualify for their own end user assignment from ARIN. >> > > Interesting... > > I have a "normal household". > I lack 2.5 kids and have no dog or cat. > > I have my own ARIN assignment. > > Are you saying that the 2.5 kids and the dog/cat would disqualify them? I > can't > find such a statement in ARIN policy. > > Are you saying that a household that multihomes is abnormal? Perhaps today, > but, not necessarily so in the future. > Yes I am saying a household that mulithomes is abnormal and with today's and contracted monopolies I expect that to continue. You are not a normal household in that 1) you multihome 2) you are willing to pay $1500+ US a year for your own AS, IP assignments 3) Internet service, much like cell phone service is a commodity product and many people go for the lowest price. They are not looking for the best options. >> 2) if their router goes down they loose network connectivity on the >> same subnet due to loosing their ISP assigned prefix. > > I keep hearing this myth, and I really do not understand where it comes from. > If they get a static prefix from their ISP and configure it into their router > and/or > other equipment, it does not go away when they loose their router. It simply > isn't true. If they are using RA's to assign their network and the router goes down they can loose the network as well as the router thus going to link-local addresses. This has been discusses ad-nauseum on this list. As I recall you played a big part of that discussion and it was very interesting and informative. > >> 3) If they are getting dynamic IP's from their ISP and it changes they >> may or may not be able to print, connect to a share, things like that. >> > Perhaps, but, this is another reason that I think sane customers will start > demanding > static IPv6 from their providers in relatively short order. > I hope this happens but I'm guessing that with marketing and sales in the mix it will be another up charge to get this "service" and enough people won't pay it that we will be fighting these problems for a long time. Some businesses will pay it and some won't but the home user will probably not. >> these 3 items make a case for everybody having a ULA. however while >> many of the technical bent will be able to manage multiple addresses I >> know how much tech support I'll be providing my parents with either an >> IP address that goes away/changes or multiple IP addresses. I'll set >> them up on a ULA so there is consistency. >> > > No, they don't. They make a great case for giving people static GUA. These are businesses were talking about. They are not going to "give" anything away. > >> Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 >> made things such as these much nicer in a home and business setting. >> > > No, it really didn't. If IPv4 had contained enough addresses we probably > wouldn't have always-on dynamic connections in the first place. > Debatable but not worth an argument. Having said that the ability to 1) not have to renumber internal address space on changing ISPs 2) not having to give a printer (or other device with no security) a public IP address or run multiple addressing schemes and the security implications there of 3) change the internals of my network without worrying about the world are all important and critical issues for me. I realize that these arguments are at layers 8 & 9 of the OSI model (politics and religion) but that does not make them less real nor less important. They are not the same issues that ISP operators may normally have to deal with but they are crucial to business operators. The DSCP/RA arguments are of the same criticality and importance. > Owen > james
Re: dynamic or static IPv6 prefixes to residential customers
> I don't understand why this is a problem if your ISP gives you a static > address. > There are, of course, other sources of addresses available as well. > Nobody has yet presented me a situation where I would prefer to use ULA over > GUA. > >> while link-local is necessary it's also probably not sufficient. >> >t > True. > > Owen Lets look at some issues here. 1) it's unlikely that a "normal" household with 2.5 kids and a dog/cat will be able to qualify for their own end user assignment from ARIN. 2) if their router goes down they loose network connectivity on the same subnet due to loosing their ISP assigned prefix. 3) If they are getting dynamic IP's from their ISP and it changes they may or may not be able to print, connect to a share, things like that. these 3 items make a case for everybody having a ULA. however while many of the technical bent will be able to manage multiple addresses I know how much tech support I'll be providing my parents with either an IP address that goes away/changes or multiple IP addresses. I'll set them up on a ULA so there is consistency. Complain about NAT all you want but NAT + RFC 1918 addressing in IPv4 made things such as these much nicer in a home and business setting. james
