Re: OpenDNS CGNAT Issues

[valdis . kletnieks]

On Wed, 12 Sep 2018 09:42:11 -0700, Owen DeLong said:
> If you do it for a mere footlocker, I will be happy to watch and laugh.

So.. taking this as a size: 
https://www.containerstore.com/s/storage/trunks/black-rolling-trunk-with-tray/12d?productId=1230

We'll shave off an inch or so off each dimension to get inside dimension.
30 x 16 x 15 is 7200 cubic inches.  Gold is 11.1 ounces per cubic inch.
(Oh, you'll need to get a special cart for that foot locker, I'm pretty sure
the provided wheels won't support the 4,995 pounds of gold...)
(Divide by 1.09 to convert to troy ounces)
Gold is sitting at US$1,198.15 per troy ounce today.

US$87,849,677.06

Still laughing?


pgp5oeAGs042g.pgp
Description: PGP signature

Re: OpenDNS CGNAT Issues

[Denys Fedoryshchenko]

On 2018-09-12 19:40, Lee Howard wrote:

On 09/11/2018 09:31 AM, Matt Hoppes wrote:

So don't CGNat?  Buy IPv4 addresses at auction?


Buy IPv4 addresses until CGN is cheaper. If a customer has to call,
and you have to assign an IPv4 address, you have to recover the cost
of that call and address.
While ((CostOfCall + CostOfAddress)*NumberOfCalls) >
(CostOfAddress*NumberOfNewCustomers):
 BuyAddresses(NumberOfNewCustomers)

Meanwhile, deploy IPv6, and move toward IPv4aaS, probably 464xlat or
MAP, but your religion may vary. That way your "CGN" is an IPv6-IPv4
translator, and that's easier than managing dual-stack.

At the very least, dual-stack your web sites now, so the rest of us
can get to it without translation.



Just regarding ipv4 issue solution, this process can be somehow 
automated by detecting those who use opendns(by netflow, for example), 
to avoid "CostOfCall" part.
Also, to avoid false claiming of nat pool, he can nat DNS requests for 
OpenDNS to different ip pool, that cannot be claimed.

Re: OpenDNS CGNAT Issues

[Owen DeLong]

If you do it for a mere footlocker, I will be happy to watch and laugh.

Owen


> On Sep 12, 2018, at 9:11 AM, valdis.kletni...@vt.edu wrote:
> 
> On Wed, 12 Sep 2018 14:10:05 -, Kenny Taylor said:
> 
>> For a truckload of gold, I’m pretty sure most of us would make that work ☺
> 
> Unless they get underbid by the one of us willing to settle for a foot locker 
> full of gold.
> 

Re: OpenDNS CGNAT Issues

[Lee Howard]

On 09/11/2018 09:31 AM, Matt Hoppes wrote:

So don't CGNat?  Buy IPv4 addresses at auction?


Buy IPv4 addresses until CGN is cheaper. If a customer has to call, and 
you have to assign an IPv4 address, you have to recover the cost of that 
call and address.
While ((CostOfCall + CostOfAddress)*NumberOfCalls) > 
(CostOfAddress*NumberOfNewCustomers):

 BuyAddresses(NumberOfNewCustomers)

Meanwhile, deploy IPv6, and move toward IPv4aaS, probably 464xlat or 
MAP, but your religion may vary. That way your "CGN" is an IPv6-IPv4 
translator, and that's easier than managing dual-stack.


At the very least, dual-stack your web sites now, so the rest of us can 
get to it without translation.


Lee



On 9/11/18 9:28 AM, Ca By wrote:



On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes 
> wrote:


    That isn’t a solution. He still will need to dual stack and CGNat 
that.



But the flows that can support ipv6, will go ipv6 and not be subject 
to these abuse triggers.


Look, this list has monthly reports from some small network operator 
hurting their customers with CGN NAT. Meanwhile, the big guys like 
Comcast / Charter / ATT / Cox have moved onto ipv6.


Where does that leave the little guy with CGN?

Right here. Screaming into the avoid begging for help. Some special 
exception.


And, me, saying you had 10+ years of not deploying ipv6.  Here’s to 
the next 10 years of you email this list about your own failure to 
keep up with the times.


We will have this discussion again and again.  Not sure your 
customers will stick around, all they know is your CGN space got 
black listed from yet another service


#realtalk


    On Sep 11, 2018, at 08:54, Ca By mailto:cb.li...@gmail.com>> wrote:




    On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl
    mailto:darin.ste...@mnwifi.com>> wrote:

    Hello,

    I have a ticket open with OpenDNS about filtering happening on
    some of our CGNAT IP space where a customer has "claimed" the
    IP as theirs so other customers using that same IP and OpenDNS
    are being filtered and not able to access sites that fall
    under their chosen filter.

    I have a ticket open from 6 days ago but it's not going
    anywhere fast.

    Can someone from OpenDNS contact me or point me to a contact
    there to help get this resolved? I believe we need to claim
    our CGNAT IP space so residential users can't claim IP's of
    their own.

    Thank you!


    You should provide your users ipv6, opendns supports ipv6 and
    likely will not have this issue you see

    https://www.opendns.com/about/innovations/ipv6/

    I am sure it may cost you time / money / effort. But this old
    thing we call ipv4 is in a death spiral, and it will just get
    worse and worse for you without ipv6.




    --     Darin Steffl
    Minnesota WiFi
    www.mnwifi.com 
    507-634-WiFi
     Like us on Facebook
    

Re: OpenDNS CGNAT Issues

[valdis . kletnieks]

On Wed, 12 Sep 2018 14:10:05 -, Kenny Taylor said:

> For a truckload of gold, I’m pretty sure most of us would make that work ☺

Unless they get underbid by the one of us willing to settle for a foot locker 
full of gold.



pgp6lNCVQkTiq.pgp
Description: PGP signature

Re: OpenDNS CGNAT Issues

[Owen DeLong]

Sure… The point was that short of that, anyone in their right mind wouldn’t 
bother.

Owen


> On Sep 12, 2018, at 7:10 AM, Kenny Taylor  wrote:
> 
> For a truckload of gold, I’m pretty sure most of us would make that work J
>  
> Kenny
>  
> From: NANOG  <mailto:nanog-bounces+kenny.taylor=kccd@nanog.org>> On Behalf Of Owen 
> DeLong
> Sent: Tuesday, September 11, 2018 10:04 PM
> To: Christopher Morrow  <mailto:morrowc.li...@gmail.com>>
> Cc: nanog list mailto:nanog@nanog.org>>
> Subject: Re: OpenDNS CGNAT Issues
>  
>  
> 
> 
> On Sep 11, 2018, at 21:58 , Christopher Morrow  <mailto:morrowc.li...@gmail.com>> wrote:
>  
>  
> 
> On Tue, Sep 11, 2018 at 9:06 PM Jerry Cloe  <mailto:je...@jtcloe.net>> wrote:
> OpenDNS, or anyone for that matter, should never see 100.64/10 ip's. If they 
> do, something is wrong at the source, and OpenDNS wouldn't be able to reply 
> anyway (or at least have the reply route back to the user).
>  
> maybeopendns peers directly with such an eyeball network? and in that case 
> maybe they have an agreement to accept traffic from the 100.64 space?
>  
> They’d only be able to do one such agreement per routing environment.
>  
> Managing that would be _UGLY_ for the first one and __UGLY__ at scale for 
> anything more than one.
>  
> It also pretty much eliminates potential for geographic diversity and anycast 
> for a provider in a local geography.
>  
> Certainly not something I’d choose to do if I were OpenDNS unless someone 
> arrived with a very large truck full of gold, diamonds, or other valuable 
> hard assets.
>  
> Owen

RE: OpenDNS CGNAT Issues

[Kenny Taylor]

For a truckload of gold, I’m pretty sure most of us would make that work ☺

Kenny

From: NANOG  On Behalf Of Owen 
DeLong
Sent: Tuesday, September 11, 2018 10:04 PM
To: Christopher Morrow 
Cc: nanog list 
Subject: Re: OpenDNS CGNAT Issues




On Sep 11, 2018, at 21:58 , Christopher Morrow 
mailto:morrowc.li...@gmail.com>> wrote:


On Tue, Sep 11, 2018 at 9:06 PM Jerry Cloe 
mailto:je...@jtcloe.net>> wrote:
OpenDNS, or anyone for that matter, should never see 100.64/10 ip's. If they 
do, something is wrong at the source, and OpenDNS wouldn't be able to reply 
anyway (or at least have the reply route back to the user).

maybeopendns peers directly with such an eyeball network? and in that case 
maybe they have an agreement to accept traffic from the 100.64 space?

They’d only be able to do one such agreement per routing environment.

Managing that would be _UGLY_ for the first one and __UGLY__ at scale for 
anything more than one.

It also pretty much eliminates potential for geographic diversity and anycast 
for a provider in a local geography.

Certainly not something I’d choose to do if I were OpenDNS unless someone 
arrived with a very large truck full of gold, diamonds, or other valuable hard 
assets.

Owen

Re: OpenDNS CGNAT Issues

[Christopher Morrow]

On Tue, Sep 11, 2018 at 10:03 PM Owen DeLong  wrote:

>
>
> On Sep 11, 2018, at 21:58 , Christopher Morrow 
> wrote:
>
>
>
> On Tue, Sep 11, 2018 at 9:06 PM Jerry Cloe  wrote:
>
>> OpenDNS, or anyone for that matter, should never see 100.64/10 ip's. If
>> they do, something is wrong at the source, and OpenDNS wouldn't be able to
>> reply anyway (or at least have the reply route back to the user).
>>
>
> maybeopendns peers directly with such an eyeball network? and in that case
> maybe they have an agreement to accept traffic from the 100.64 space?
>
>
> They’d only be able to do one such agreement per routing environment.
>
>
sure, I hear DNS servers are cheap and small, and easy to manage...


> Managing that would be _UGLY_ for the first one and __UGLY__ at scale for
> anything more than one.
>
>
meh? it's a dns server stack and router(s) for peering to the customer +
world... it's really not THAT hard to automate and deploy...
and really for 'single customer' or 'non overlapping sets of customers'
it's not like they need lots of horsepower here, right? this is ... simple
to do, simple to manage and simple to maintain.


> It also pretty much eliminates potential for geographic diversity and
> anycast for a provider in a local geography.
>
>
there are more than one building in the georgrahy, and probably/maybe these
providers appear in more than one local, right? so... a dns provider can
arrive in the right matrix of locations and connect + provide routing-data
 done.


> Certainly not something I’d choose to do if I were OpenDNS unless someone
> arrived with a very large truck full of gold, diamonds, or other valuable
> hard assets.
>
>
meh.. again, say the customer covers the cost of gear + network +
maintenance for the previous parts.. .then it's just managing 'another'
remote dns server .. .something I understand they do fairly well even? once
you have a hundred of somethign deployed you are automated or .. you are
doing it wrong.


> Owen
>
>

Re: OpenDNS CGNAT Issues

[Owen DeLong]

> On Sep 11, 2018, at 21:58 , Christopher Morrow  
> wrote:
> 
> 
> 
> On Tue, Sep 11, 2018 at 9:06 PM Jerry Cloe  > wrote:
> OpenDNS, or anyone for that matter, should never see 100.64/10 ip's. If they 
> do, something is wrong at the source, and OpenDNS wouldn't be able to reply 
> anyway (or at least have the reply route back to the user).
> 
> 
> maybeopendns peers directly with such an eyeball network? and in that case 
> maybe they have an agreement to accept traffic from the 100.64 space?

They’d only be able to do one such agreement per routing environment.

Managing that would be _UGLY_ for the first one and __UGLY__ at scale for 
anything more than one.

It also pretty much eliminates potential for geographic diversity and anycast 
for a provider in a local geography.

Certainly not something I’d choose to do if I were OpenDNS unless someone 
arrived with a very large truck full of gold, diamonds, or other valuable hard 
assets.

Owen

Re: OpenDNS CGNAT Issues

[Christopher Morrow]

On Tue, Sep 11, 2018 at 9:06 PM Jerry Cloe  wrote:

> OpenDNS, or anyone for that matter, should never see 100.64/10 ip's. If
> they do, something is wrong at the source, and OpenDNS wouldn't be able to
> reply anyway (or at least have the reply route back to the user).
>

maybeopendns peers directly with such an eyeball network? and in that case
maybe they have an agreement to accept traffic from the 100.64 space?


>
>
> -Original message-
> *From:* Aled Morris via NANOG 
> *Sent:* Tue 09-11-2018 11:57 am
> *Subject:* Re: OpenDNS CGNAT Issues
> *To:* cb.li...@gmail.com;
> *CC:* NANOG ;
>
> Incidentally, I hope OpenDNS considers 100.64.0.0/10 as space that can't
> be registered to any end-user.
>
> Aled
>
>

RE: OpenDNS CGNAT Issues

[Jerry Cloe]

OpenDNS, or anyone for that matter, should never see 100.64/10 ip's. If they 
do, something is wrong at the source, and OpenDNS wouldn't be able to reply 
anyway (or at least have the reply route back to the user).
 
-Original message-
From:Aled Morris via NANOG 
Sent:Tue 09-11-2018 11:57 am
Subject:Re: OpenDNS CGNAT Issues
To:cb.li...@gmail.com; 
CC:NANOG ; 
 
 Incidentally, I hope OpenDNS considers 100.64.0.0/10  as 
space that can't be registered to any end-user.
 Aled
 

Re: OpenDNS CGNAT Issues

[Mark Andrews]

> On 11 Sep 2018, at 11:07 pm, Aled Morris via NANOG  wrote:
> 
> On Tue, 11 Sep 2018 at 13:56, Ca By  wrote:
> You should provide your users ipv6, opendns supports ipv6 and likely will not 
> have this issue you see 
> 
> OpenDNS does not support IPv6 for their customisable services "Home" etc. 
> which I believe is the service the OP is using as he refers to the end-user 
> wanting to register their IP address.

We really should get away from using IP addresses for identifying anything.  At 
the
DNS level you can use a EDNS option to identify the client rather than the IP 
address.
I believe their Umbrella product does this.

You can also use TSIG to identify clients independent of IP address.

We added TSIG support to libresolv right at the beginning of the century.

Mark

> Incidentally, I hope OpenDNS considers 100.64.0.0/10 as space that can't be 
> registered to any end-user.
> 
> Aled

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Re: OpenDNS CGNAT Issues

[Jared Mauch]

The reason you are asking is because of a technical decision you have made that 
would be mitigated partially by deploying V6. 

I get you may not care, may not like the message but all the people who are 
having more problems because of this and other decisions you make in this area 
are driving up the price of v4 and also making more work for yourselves in the 
long term. 

Jared Mauch

> On Sep 11, 2018, at 10:22 AM, Darin Steffl  wrote:
> 
> Guys, I'm not asking about IPv6. I'm simply asking for a contact at OpenDNS.
> 
> And we are purchasing enough IPv4 space to provide an IP to every customer 
> but it's not ready yet.
> 
> Thank you
> 
>> On Tue, Sep 11, 2018 at 8:39 AM, Ca By  wrote:
>> 
>> 
>>> On Tue, Sep 11, 2018 at 6:31 AM Matt Hoppes 
>>>  wrote:
>>> So don't CGNat?  Buy IPv4 addresses at auction?
>> 
>> As long as you don’t deploy ipv6, you should be good. 
>> 
>> Seriously. Not sure why this is so hard. IPv4 does not scale.  Your 
>> customers, like my customers, probably mostly go to Youtube, google, fb, 
>> netflix,  all which have ipv6. Giving your existing customers ipv6 moves 
>> this traffic off your cgn. And gives them a path to dns services. 
>> 
>> But you do you. if you ask NANOG, how to solve this problem, and missed the 
>> 3 NANOG meeting presos at every meeting about how ipv6 is good  not sure 
>> what you expect here. Definately not a shoulder to cry on, but i wm sure 
>> some v4 brokers and cgn box pushers see your customers blood in the water. 
>> 
>> CB
>>> 
>>> On 9/11/18 9:28 AM, Ca By wrote:
>>> > 
>>> > 
>>> > On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes 
>>> > >> > > wrote:
>>> > 
>>> > That isn’t a solution. He still will need to dual stack and CGNat 
>>> > that.
>>> > 
>>> > 
>>> > But the flows that can support ipv6, will go ipv6 and not be subject to 
>>> > these abuse triggers.
>>> > 
>>> > Look, this list has monthly reports from some small network operator 
>>> > hurting their customers with CGN NAT. Meanwhile, the big guys like 
>>> > Comcast / Charter / ATT / Cox have moved onto ipv6.
>>> > 
>>> > Where does that leave the little guy with CGN?
>>> > 
>>> > Right here. Screaming into the avoid begging for help. Some special 
>>> > exception.
>>> > 
>>> > And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the 
>>> > next 10 years of you email this list about your own failure to keep up 
>>> > with the times.
>>> > 
>>> > We will have this discussion again and again.  Not sure your customers 
>>> > will stick around, all they know is your CGN space got black listed from 
>>> > yet another service
>>> > 
>>> > #realtalk
>>> > 
>>> > 
>>> > On Sep 11, 2018, at 08:54, Ca By >> > > wrote:
>>> > 
>>> >>
>>> >>
>>> >> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl
>>> >> mailto:darin.ste...@mnwifi.com>> wrote:
>>> >>
>>> >> Hello,
>>> >>
>>> >> I have a ticket open with OpenDNS about filtering happening on
>>> >> some of our CGNAT IP space where a customer has "claimed" the
>>> >> IP as theirs so other customers using that same IP and OpenDNS
>>> >> are being filtered and not able to access sites that fall
>>> >> under their chosen filter.
>>> >>
>>> >> I have a ticket open from 6 days ago but it's not going
>>> >> anywhere fast.
>>> >>
>>> >> Can someone from OpenDNS contact me or point me to a contact
>>> >> there to help get this resolved? I believe we need to claim
>>> >> our CGNAT IP space so residential users can't claim IP's of
>>> >> their own.
>>> >>
>>> >> Thank you!
>>> >>
>>> >>
>>> >> You should provide your users ipv6, opendns supports ipv6 and
>>> >> likely will not have this issue you see
>>> >>
>>> >> https://www.opendns.com/about/innovations/ipv6/
>>> >>
>>> >> I am sure it may cost you time / money / effort. But this old
>>> >> thing we call ipv4 is in a death spiral, and it will just get
>>> >> worse and worse for you without ipv6.
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> -- 
>>> >> Darin Steffl
>>> >> Minnesota WiFi
>>> >> www.mnwifi.com 
>>> >> 507-634-WiFi
>>> >>  Like us on Facebook
>>> >> 
>>> >>
> 
> 
> 
> -- 
> Darin Steffl
> Minnesota WiFi
> www.mnwifi.com
> 507-634-WiFi
>  Like us on Facebook

Re: OpenDNS CGNAT Issues

[Aled Morris via NANOG]

On Tue, 11 Sep 2018 at 13:56, Ca By  wrote:

> You should provide your users ipv6, opendns supports ipv6 and likely will
> not have this issue you see
>

OpenDNS does not support IPv6 for their customisable services "Home" etc.
which I believe is the service the OP is using as he refers to the end-user
wanting to register their IP address.

Incidentally, I hope OpenDNS considers 100.64.0.0/10 as space that can't be
registered to any end-user.

Aled

Re: OpenDNS CGNAT Issues

[Michael Crapse]

"Where does that leave the little guy with CGN?
Right here. Screaming into the avoid begging for help. Some special
exception. "
As a group that you'd consider a "little" guy, we've always ran full dual
stack ipv4/ipv6. The issue is being dual stack literally takes twice as
long to configure everything, it causes twice as many potential routing
problems, and you must now monitor twice as many routes, etc.. As a little
guy who has to fight tooth and nail for every customer, we hardly have time
in the day to run it this way, but we do, and guess what, every single day
we get ipv4 issues. Not CGNAT ipv4 issues, we actually have not seen a
single issue with CGNAT for our customer base, our techs ask a simple
question at install, "what do you use the internet for?", "gaming", "Okay,
dedicated public it is". And yet, with all those publics out there, we
still get calls everyday about some site not letting them in. It's all ipv4
issues. So not only do we have to expend the energy to implement dual stack
in our network, it doesn't save us any headaches. Until web hosting
companies, and cloud services offer ipv6 only as the defacto instead of the
premium service, only then will you see ipv4 not be an issue on the web.
The reason you only see the little guys screaming into the void is because
the big guys already have the contacts and already have the pull to get it
resolved in hours. I've posted in another forum the need for us as an
industry to have an association directly in charge of maintaining contacts
at all associations that have a history of aggressive filtering, so issues
like these don't take a little guy like us 2-4 weeks to resolve. If the
little guys were all a part of this association, they would contact their
membership rep for the contact and the membership rep would reach out as a
representative of the group as a whole to resolve any IP filtering issue
that occurs. Anything less than that will continue to have this forum
clogged with requests like these.

Michael


On Tue, 11 Sep 2018 at 07:31, Ca By  wrote:

>
>
> On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes <
> mattli...@rivervalleyinternet.net> wrote:
>
>> That isn’t a solution. He still will need to dual stack and CGNat that.
>>
>
> But the flows that can support ipv6, will go ipv6 and not be subject to
> these abuse triggers.
>
> Look, this list has monthly reports from some small network operator
> hurting their customers with CGN NAT. Meanwhile, the big guys like Comcast
> / Charter / ATT / Cox have moved onto ipv6.
>
> Where does that leave the little guy with CGN?
>
> Right here. Screaming into the avoid begging for help. Some special
> exception.
>
> And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the
> next 10 years of you email this list about your own failure to keep up with
> the times.
>
> We will have this discussion again and again.  Not sure your customers
> will stick around, all they know is your CGN space got black listed from
> yet another service
>
> #realtalk
>
>
>> On Sep 11, 2018, at 08:54, Ca By  wrote:
>>
>>
>>
>> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl 
>> wrote:
>>
>>> Hello,
>>>
>>> I have a ticket open with OpenDNS about filtering happening on some of
>>> our CGNAT IP space where a customer has "claimed" the IP as theirs so other
>>> customers using that same IP and OpenDNS are being filtered and not able to
>>> access sites that fall under their chosen filter.
>>>
>>> I have a ticket open from 6 days ago but it's not going anywhere fast.
>>>
>>> Can someone from OpenDNS contact me or point me to a contact there to
>>> help get this resolved? I believe we need to claim our CGNAT IP space so
>>> residential users can't claim IP's of their own.
>>>
>>> Thank you!
>>>
>>
>> You should provide your users ipv6, opendns supports ipv6 and likely will
>> not have this issue you see
>>
>> https://www.opendns.com/about/innovations/ipv6/
>>
>> I am sure it may cost you time / money / effort. But this old thing we
>> call ipv4 is in a death spiral, and it will just get worse and worse for
>> you without ipv6.
>>
>>
>>
>>>
>>> --
>>> Darin Steffl
>>> Minnesota WiFi
>>> www.mnwifi.com
>>> 507-634-WiFi
>>>  Like us on Facebook
>>> 
>>>
>>

Re: OpenDNS CGNAT Issues

[Darin Steffl]

Guys, I'm not asking about IPv6. I'm simply asking for a contact at OpenDNS.

And we are purchasing enough IPv4 space to provide an IP to every customer
but it's not ready yet.

Thank you

On Tue, Sep 11, 2018 at 8:39 AM, Ca By  wrote:

>
>
> On Tue, Sep 11, 2018 at 6:31 AM Matt Hoppes  rivervalleyinternet.net> wrote:
>
>> So don't CGNat?  Buy IPv4 addresses at auction?
>>
>
> As long as you don’t deploy ipv6, you should be good.
>
> Seriously. Not sure why this is so hard. IPv4 does not scale.  Your
> customers, like my customers, probably mostly go to Youtube, google, fb,
> netflix,  all which have ipv6. Giving your existing customers ipv6
> moves this traffic off your cgn. And gives them a path to dns services.
>
> But you do you. if you ask NANOG, how to solve this problem, and missed
> the 3 NANOG meeting presos at every meeting about how ipv6 is good  not
> sure what you expect here. Definately not a shoulder to cry on, but i wm
> sure some v4 brokers and cgn box pushers see your customers blood in the
> water.
>
> CB
>
>>
>> On 9/11/18 9:28 AM, Ca By wrote:
>> >
>> >
>> > On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes
>> > > > > wrote:
>> >
>> > That isn’t a solution. He still will need to dual stack and CGNat
>> that.
>> >
>> >
>> > But the flows that can support ipv6, will go ipv6 and not be subject to
>> > these abuse triggers.
>> >
>> > Look, this list has monthly reports from some small network operator
>> > hurting their customers with CGN NAT. Meanwhile, the big guys like
>> > Comcast / Charter / ATT / Cox have moved onto ipv6.
>> >
>> > Where does that leave the little guy with CGN?
>> >
>> > Right here. Screaming into the avoid begging for help. Some special
>> > exception.
>> >
>> > And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the
>> > next 10 years of you email this list about your own failure to keep up
>> > with the times.
>> >
>> > We will have this discussion again and again.  Not sure your customers
>> > will stick around, all they know is your CGN space got black listed
>> from
>> > yet another service
>> >
>> > #realtalk
>> >
>> >
>> > On Sep 11, 2018, at 08:54, Ca By > > > wrote:
>> >
>> >>
>> >>
>> >> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl
>> >> mailto:darin.ste...@mnwifi.com>> wrote:
>> >>
>> >> Hello,
>> >>
>> >> I have a ticket open with OpenDNS about filtering happening on
>> >> some of our CGNAT IP space where a customer has "claimed" the
>> >> IP as theirs so other customers using that same IP and OpenDNS
>> >> are being filtered and not able to access sites that fall
>> >> under their chosen filter.
>> >>
>> >> I have a ticket open from 6 days ago but it's not going
>> >> anywhere fast.
>> >>
>> >> Can someone from OpenDNS contact me or point me to a contact
>> >> there to help get this resolved? I believe we need to claim
>> >> our CGNAT IP space so residential users can't claim IP's of
>> >> their own.
>> >>
>> >> Thank you!
>> >>
>> >>
>> >> You should provide your users ipv6, opendns supports ipv6 and
>> >> likely will not have this issue you see
>> >>
>> >> https://www.opendns.com/about/innovations/ipv6/
>> >>
>> >> I am sure it may cost you time / money / effort. But this old
>> >> thing we call ipv4 is in a death spiral, and it will just get
>> >> worse and worse for you without ipv6.
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Darin Steffl
>> >> Minnesota WiFi
>> >> www.mnwifi.com 
>> >> 507-634-WiFi
>> >>  Like us on Facebook
>> >> 
>> >>
>>
>


-- 
Darin Steffl
Minnesota WiFi
www.mnwifi.com
507-634-WiFi
 Like us on Facebook

Re: OpenDNS CGNAT Issues

[Ca By]

On Tue, Sep 11, 2018 at 6:31 AM Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:

> So don't CGNat?  Buy IPv4 addresses at auction?
>

As long as you don’t deploy ipv6, you should be good.

Seriously. Not sure why this is so hard. IPv4 does not scale.  Your
customers, like my customers, probably mostly go to Youtube, google, fb,
netflix,  all which have ipv6. Giving your existing customers ipv6
moves this traffic off your cgn. And gives them a path to dns services.

But you do you. if you ask NANOG, how to solve this problem, and missed the
3 NANOG meeting presos at every meeting about how ipv6 is good  not
sure what you expect here. Definately not a shoulder to cry on, but i wm
sure some v4 brokers and cgn box pushers see your customers blood in the
water.

CB

>
> On 9/11/18 9:28 AM, Ca By wrote:
> >
> >
> > On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes
> >  > > wrote:
> >
> > That isn’t a solution. He still will need to dual stack and CGNat
> that.
> >
> >
> > But the flows that can support ipv6, will go ipv6 and not be subject to
> > these abuse triggers.
> >
> > Look, this list has monthly reports from some small network operator
> > hurting their customers with CGN NAT. Meanwhile, the big guys like
> > Comcast / Charter / ATT / Cox have moved onto ipv6.
> >
> > Where does that leave the little guy with CGN?
> >
> > Right here. Screaming into the avoid begging for help. Some special
> > exception.
> >
> > And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the
> > next 10 years of you email this list about your own failure to keep up
> > with the times.
> >
> > We will have this discussion again and again.  Not sure your customers
> > will stick around, all they know is your CGN space got black listed from
> > yet another service
> >
> > #realtalk
> >
> >
> > On Sep 11, 2018, at 08:54, Ca By  > > wrote:
> >
> >>
> >>
> >> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl
> >> mailto:darin.ste...@mnwifi.com>> wrote:
> >>
> >> Hello,
> >>
> >> I have a ticket open with OpenDNS about filtering happening on
> >> some of our CGNAT IP space where a customer has "claimed" the
> >> IP as theirs so other customers using that same IP and OpenDNS
> >> are being filtered and not able to access sites that fall
> >> under their chosen filter.
> >>
> >> I have a ticket open from 6 days ago but it's not going
> >> anywhere fast.
> >>
> >> Can someone from OpenDNS contact me or point me to a contact
> >> there to help get this resolved? I believe we need to claim
> >> our CGNAT IP space so residential users can't claim IP's of
> >> their own.
> >>
> >> Thank you!
> >>
> >>
> >> You should provide your users ipv6, opendns supports ipv6 and
> >> likely will not have this issue you see
> >>
> >> https://www.opendns.com/about/innovations/ipv6/
> >>
> >> I am sure it may cost you time / money / effort. But this old
> >> thing we call ipv4 is in a death spiral, and it will just get
> >> worse and worse for you without ipv6.
> >>
> >>
> >>
> >>
> >> --
> >> Darin Steffl
> >> Minnesota WiFi
> >> www.mnwifi.com 
> >> 507-634-WiFi
> >>  Like us on Facebook
> >> 
> >>
>

Re: OpenDNS CGNAT Issues

[Matt Hoppes]

So don't CGNat?  Buy IPv4 addresses at auction?

On 9/11/18 9:28 AM, Ca By wrote:



On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes 
> wrote:


That isn’t a solution. He still will need to dual stack and CGNat that.


But the flows that can support ipv6, will go ipv6 and not be subject to 
these abuse triggers.


Look, this list has monthly reports from some small network operator 
hurting their customers with CGN NAT. Meanwhile, the big guys like 
Comcast / Charter / ATT / Cox have moved onto ipv6.


Where does that leave the little guy with CGN?

Right here. Screaming into the avoid begging for help. Some special 
exception.


And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the 
next 10 years of you email this list about your own failure to keep up 
with the times.


We will have this discussion again and again.  Not sure your customers 
will stick around, all they know is your CGN space got black listed from 
yet another service


#realtalk


On Sep 11, 2018, at 08:54, Ca By mailto:cb.li...@gmail.com>> wrote:




On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl
mailto:darin.ste...@mnwifi.com>> wrote:

Hello,

I have a ticket open with OpenDNS about filtering happening on
some of our CGNAT IP space where a customer has "claimed" the
IP as theirs so other customers using that same IP and OpenDNS
are being filtered and not able to access sites that fall
under their chosen filter.

I have a ticket open from 6 days ago but it's not going
anywhere fast.

Can someone from OpenDNS contact me or point me to a contact
there to help get this resolved? I believe we need to claim
our CGNAT IP space so residential users can't claim IP's of
their own.

Thank you!


You should provide your users ipv6, opendns supports ipv6 and
likely will not have this issue you see

https://www.opendns.com/about/innovations/ipv6/

I am sure it may cost you time / money / effort. But this old
thing we call ipv4 is in a death spiral, and it will just get
worse and worse for you without ipv6.




-- 
Darin Steffl

Minnesota WiFi
www.mnwifi.com 
507-634-WiFi
 Like us on Facebook

Re: OpenDNS CGNAT Issues

[Ca By]

On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:

> That isn’t a solution. He still will need to dual stack and CGNat that.
>

But the flows that can support ipv6, will go ipv6 and not be subject to
these abuse triggers.

Look, this list has monthly reports from some small network operator
hurting their customers with CGN NAT. Meanwhile, the big guys like Comcast
/ Charter / ATT / Cox have moved onto ipv6.

Where does that leave the little guy with CGN?

Right here. Screaming into the avoid begging for help. Some special
exception.

And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the
next 10 years of you email this list about your own failure to keep up with
the times.

We will have this discussion again and again.  Not sure your customers will
stick around, all they know is your CGN space got black listed from yet
another service

#realtalk


> On Sep 11, 2018, at 08:54, Ca By  wrote:
>
>
>
> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl 
> wrote:
>
>> Hello,
>>
>> I have a ticket open with OpenDNS about filtering happening on some of
>> our CGNAT IP space where a customer has "claimed" the IP as theirs so other
>> customers using that same IP and OpenDNS are being filtered and not able to
>> access sites that fall under their chosen filter.
>>
>> I have a ticket open from 6 days ago but it's not going anywhere fast.
>>
>> Can someone from OpenDNS contact me or point me to a contact there to
>> help get this resolved? I believe we need to claim our CGNAT IP space so
>> residential users can't claim IP's of their own.
>>
>> Thank you!
>>
>
> You should provide your users ipv6, opendns supports ipv6 and likely will
> not have this issue you see
>
> https://www.opendns.com/about/innovations/ipv6/
>
> I am sure it may cost you time / money / effort. But this old thing we
> call ipv4 is in a death spiral, and it will just get worse and worse for
> you without ipv6.
>
>
>
>>
>> --
>> Darin Steffl
>> Minnesota WiFi
>> www.mnwifi.com
>> 507-634-WiFi
>>  Like us on Facebook
>> 
>>
>

Re: OpenDNS CGNAT Issues

[Matt Hoppes]

That isn’t a solution. He still will need to dual stack and CGNat that. 

> On Sep 11, 2018, at 08:54, Ca By  wrote:
> 
> 
> 
>> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl  wrote:
>> Hello,
>> 
>> I have a ticket open with OpenDNS about filtering happening on some of our 
>> CGNAT IP space where a customer has "claimed" the IP as theirs so other 
>> customers using that same IP and OpenDNS are being filtered and not able to 
>> access sites that fall under their chosen filter.
>> 
>> I have a ticket open from 6 days ago but it's not going anywhere fast.
>> 
>> Can someone from OpenDNS contact me or point me to a contact there to help 
>> get this resolved? I believe we need to claim our CGNAT IP space so 
>> residential users can't claim IP's of their own.
>> 
>> Thank you!
> 
> You should provide your users ipv6, opendns supports ipv6 and likely will not 
> have this issue you see 
> 
> https://www.opendns.com/about/innovations/ipv6/
> 
> I am sure it may cost you time / money / effort. But this old thing we call 
> ipv4 is in a death spiral, and it will just get worse and worse for you 
> without ipv6. 
> 
> 
>> 
>> 
>> -- 
>> Darin Steffl
>> Minnesota WiFi
>> www.mnwifi.com
>> 507-634-WiFi
>>  Like us on Facebook

Re: OpenDNS CGNAT Issues

[Ca By]

On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl 
wrote:

> Hello,
>
> I have a ticket open with OpenDNS about filtering happening on some of our
> CGNAT IP space where a customer has "claimed" the IP as theirs so other
> customers using that same IP and OpenDNS are being filtered and not able to
> access sites that fall under their chosen filter.
>
> I have a ticket open from 6 days ago but it's not going anywhere fast.
>
> Can someone from OpenDNS contact me or point me to a contact there to help
> get this resolved? I believe we need to claim our CGNAT IP space so
> residential users can't claim IP's of their own.
>
> Thank you!
>

You should provide your users ipv6, opendns supports ipv6 and likely will
not have this issue you see

https://www.opendns.com/about/innovations/ipv6/

I am sure it may cost you time / money / effort. But this old thing we call
ipv4 is in a death spiral, and it will just get worse and worse for you
without ipv6.



>
> --
> Darin Steffl
> Minnesota WiFi
> www.mnwifi.com
> 507-634-WiFi
>  Like us on Facebook
> 
>