tomers have customer-controlled identifiers that overlap, such as DUID,
MAC addresses etc. Track people on physical ports (so you know where that
port/cable goes) or on username/password (802.1x). Make sure the
customers/users can't affect each other (protect the Internet from them).
--
Mikael
call "IPv4 thinking".
I however do not operate wifi networks so I have no idea how widely this
is implemented in gear available today. If someone else knows, I would
appreciate if they would share.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ad it should have
additional bearer on mobile interface to handle this traffic.
How are you identifying this as IPSEC tunnels? What kind of device is it
you're looking at?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
where each internal IPv6 address gets a unique
external address so you avoid all the port translations).
--
Mikael Abrahamssonemail: swm...@swm.pp.se
e on this is that it's a Win10 only feature, and it's mobile
only.
Pity.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
led support for TCP Large Send Offload (LSO) over
464XLAT improving throughput and reducing CPU usage."
Is there anything specific I need to do to enable this?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ad my IPv6 down for
days before I actually needed it to ssh home to one of my devices. HE
solvs most user issues.
Only thing that makes it break is if there is PMTUD blackhole. So better
to stop IPv6 (or IPv4) working completely, than to introduce PMTUD
blackhole.
--
Mikael Abrahamsson
supported IPv6.
Also, since you needed two concurrent bearers and the 3GPP network vendors
charged per bearer, it also make IPv6 deployment extremely expensive.
Yes, plenty of blame to go around. It's not only a carrier problem.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
riers do not control handsets anymore. Those days are long gone.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
chosen to have stateful filtering toward the customers
by default.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
em.
yes, yes, being nice is good. But this is an impossible task. There is
no way you can make assumptions about the security of any unmanaged CPE,
with or without IPv6.
I tend to agree, but I can also understand why an ISP might hesitate in
this case.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
6 disabled", when I
change it to "Auto Detect" the setting "IPv6 filtering" is "secured" by
default.
So this seems to be same thing that you've been seeing.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Wed, 1 Mar 2017, JORDI PALET MARTINEZ wrote:
What I’ve seen, yes is on by default, but I also heard the same
complain, but actually never seen a device not-on by default … so I’m
not really convinced is very real.
"not-on", do you mean "IPv6" or "IPv6 firewalling
the
mean time would appreciate if others could share their experiences.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
idn't handle it itself. No
filtering, just bad vendor implementation or "oh, didn't think of that".
That's why I don't like people using the word "filtering", because this
not working isn't always intentional. "Filtering" implies intent.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
+ACK gets back.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
doing MSS re-write and/or announcing lower than 1500 MTU on
the customer LAN, so even if a customer has PPPoE with 1492 MTU, they
still won't see this problem.
I have seen swedish authorities websites with same "won't-respond-to-PTB",
no answer there either to fault reports
en to PTB
--
Mikael Abrahamssonemail: swm...@swm.pp.se
etc., is not reaching them.
Do you have an example of a website they host that I can test against?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
renew succeeds and the address is back again as (preferred) and the lease
time is 10 minutes.
I also have a Ubuntu 16.04 box that won't keep its lease either... so I
don't know what's going on. Will look further.
Harald, what DHCPv6 server are you using?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ID hwaddr/time type 1 time 529405186 24a43cb3b2e5)
(status-code success))
It just doesn't configure it afterwards. It COULD be some kind of problem
in my ER5, because this lease actually doesn't show up in the leases
database on the ER5 when I use the show command there.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
of high delay, because of something else. This information just
isn't available to the end user, and it's sad state of affairs.
The IETF, vendors and ISPs are all quite siloed so I don't know where we
would start to actually improve this. I tried talking to the TCP people at
the
On Tue, 16 Aug 2016, Bjørn Mork wrote:
if (L) then add route
if (A) then do autoconf
Win10 and MacOS seems to do the same as you described here.
Ok, goodness, that's what I wanted to hear.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
sider "the right thing". They autoconfigured
addresses and used them, and they did DAD on the link.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
flag determines
whether the route 2001:db8::/64 -> eth0 is installed or not.
Ok, thanks everybody. So it'll still do A=1 style addressing (EUI64,
privacy extension addressing etc)? Will it perform DAD?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ve a limited
number of operating systems available. Anyone here have any data or other
insights?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
point that has been made on this list so far, has already been made
in the huge thread on nanog-l. I would take for granted that Netflix is
aware of that one.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Sun, 12 Jun 2016, Robert Hosford wrote:
Hi,
First time caller long time listener. :)
http://seclists.org/nanog/2016/Jun/24
There is a thread with hundreds of email on nanog-l on this topic. I think
everything that can be said on the topic has already been said there.
--
Mikael
itfalls in doing so?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ent
the DHCPv6-PD server on the router itself, and fail to install route
according to the delegated prefix.
So basically, regarding how to actually implement PD in a network (from an
IETF point of view), everybody just gave up, declared the problem
unsolvable, and went back to sleep?
--
Mik
ay?
What other methods are there apart from provisioning a static route on the
relay? BGP?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
v6-PD process had completed the delegation.
I'm looking for experience with other equipment, please share!
--
Mikael Abrahamssonemail: swm...@swm.pp.se
with some suggestions on what might be wrong? Because if I send the
above to someone who isn't an IPv6 expert, I'd have to include 10-20 lines
of text to explain why above behaviour is wrong.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
the zone is signed wrong, then that ISP gets blamed. In Sweden, where 85%
of customers sit behind a DNSSEC validating resolver, nobody gets away
with screwing up their zone signing because now it's their problem.
It's all about critical mass.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
n't establish the notification channel?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
s for DNS, routes,
everything.
The version of rdisc6 included in Ubuntu 14.04 displays recursive DNS
server.
This is also seen in "tcpdump -vvv -n -i eth0 icmp6" and I see it as:
rdnss option (25), length 24 (3):
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ember the details but I seem to remember I've seen devices that
will turn off their wifi when they go to low power mode, and only keep
mobile data up.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
start for IPv6 (depending on
implementation), but if v6 is significantly worse parts of the time, then
you'll see the client bouncing between versions.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Fri, 29 Apr 2016, re wrote:
is it us or the deutsche telekom who is causing the problem?
This isn't a problem, this is expected behavior.
Don't trust the IP address to be stable, at least not between IPv4/IPv6.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
the site owner that their solution either is broken or
suboptimal (the fragment case isn't strictly broken, it's just not a good
way to do things).
Opinions? Thoughts?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
e
home". Their terminology for the first router in the home is "RG" as in
"Residential Gateway".
--
Mikael Abrahamssonemail: swm...@swm.pp.se
actually reduces the risk that Android runs into v6 DNS
resolver related problems, because in non-trivial amount of cases it will
not have a v6 based resolver configured :P
--
Mikael Abrahamssonemail: swm...@swm.pp.se
connection 1' # the name might be localised
nmcli> save
Alternatively, if you don't want RFC7212 addresses at all and prefer
the previous behaviour, you can do:
nmcli> set ipv6.addr-gen-mode eui64
This worked for me perfectly, and restored the old behavor so I get an
EUI64 addr
ff:ff:ff:ff:ff:ff promiscuity 0
addrgenmode none
I have another machine I upgraded that does still use EUI64. I will
compare settings and try to find out what the difference between them is.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitations = 3
net.ipv6.conf.eth0.suppress_frag_ndisc = 1
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.use_oif_addrs_only = 0
net.ipv6.conf.eth0.use_tempaddr = 2
--
Mikael Abrahamssonemail: swm...@swm.pp.se
t to continue using
SLAAC and I'm fine with privacy extension addresses over time, but I want
a single stable address across reboots.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ogent for a few weeks, ie
specifically ask its transit partners to not announce 15169 routes to
AS3320, and deciding AS15169 now to be IPv6 Tier1, and if you don't peer
with AS15169, you're not getting the routes.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
n the same subnet as the windows
machine), and VLC 2.0.6 gives an immediate error when trying to open the
same URL/stream.
I will send in this comment in the ticket.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ind anyone else complaining about this, but then again I don't
think that many people are doing IPv6 SSM video multicast...
Anyone have any insight?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
head start for IPv6 which is great news).
--
Mikael Abrahamssonemail: swm...@swm.pp.se
er does it help in detecting PMTU blackholing.
At least there is TCP PMTU blackhole detection in modern TCP, I couldn't
find any reference to this for QUIC in my 10 second google search.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
e
easily than having a newbie Java programmer try to fix Y2K problem in
Cobol.
So I still am hopeful and I keep hearing people discussing "when" IPv6
will be adopted, I don't really here "if" anymore.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
programming. This will hopefully improve, but it'll take time, the same
way IPv6 adoption will take time. However, it's still the truth that if
you're buying equipment today that you intend to have around for 5-10
years and you don't check them for IPv6 functionality, y
t of the box without any preparation. This is also a valid
strategy, as long as not everybody does this :)
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ct that initial packets might be
dropped and error messages be generated, but these should be ignored by
the application. Is this commonplace? Is it a problem at all?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Fri, 13 Feb 2015, Richard Hartmann wrote:
On Fri, Feb 13, 2015 at 12:26 PM, Mikael Abrahamsson wrote:
so I guess clients need to try a few times and not listen to the (initial)
ICMP messages until the "hole" is open.
That sounds slightly broken as well.
I agree. Do you hav
kets, so I guess clients need to try a few times
and not listen to the (initial) ICMP messages until the "hole" is open.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
- because xbox has problems with native IPv6.
xbox is no good example for *wanting* IPv6.
Could you elaborate on the IPv6 issues for xbox? I was under the impresion
that xbox works well with IPv6.
This thread probably:
http://lists.cluenet.de/pipermail/ipv6-ops/2014-March/009929.html
is doesn't work with anything that doesn't
have +P, so for instance my corporate VPN doesn't work because for some
reason it uses GRE.
I think we're going to have to do some kind of A+P for protocols with
port, and then do CGN (ds.lite) for everything else.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
When you roll new customers to behind a CGN I would highly recommend to
provide IPv4 connectivity by means of tunneling it over IPv6, such as
lw4o6, MAP-E or alike.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ation in Chrome will understand path MTU
and send smaller UDP packets than 1350 if needed. In my case it didn't.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
e LAN.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
my airport extreme
will send PTB=1280.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
chine with MSS 1440 and sometimes with 1220, the 1440 was for
destinations by which there was no PTB seen (yet), and 1220 for the ones
where PTB had been seen.
Ok, thanks for helping clearing that up!
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Fri, 23 Jan 2015, Mikael Abrahamsson wrote:
Anyone know how I can check in OSX for what destinations it has received
PTB packets and what the PMTU it think it has for these destionations?
Found it:
$ netstat -f inet6 -narlW
Internet6:
Destination Gateway
ented?
Anyone know how I can check in OSX for what destinations it has received
PTB packets and what the PMTU it think it has for these destionations?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
8:1:100::c: frag (0|1232) 59430 > 443:
UDP, length 1350
03:20:45.891286 IP6 2001:470:X > 2a02:808:1:100::c: frag (1232|126)
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Wed, 21 Jan 2015, Ignatios Souvatzis wrote:
Hi,
On Tue, Jan 20, 2015 at 03:40:23PM +0100, Marco d'Itri wrote:
On Jan 20, Mikael Abrahamsson wrote:
I turned off my IPv6 HE.net tunnel yesterday because family was complaining
about Youtube not working. I haven't enabled it ag
On Mon, 19 Jan 2015, Mikael Abrahamsson wrote:
But regardless, I had trouble this morning with Youtube that might be
related to the same issue.
I turned off my IPv6 HE.net tunnel yesterday because family was
complaining about Youtube not working. I haven't enabled it again. Other
peopl
ting hairs.
But regardless, I had trouble this morning with Youtube that might be
related to the same issue.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
27;s not a translation mechanism.
It seems you want a load balancer that can take an IPv6 incoming TCP
connection and talk to your IPv4 only news server... or you want to just
add a TCP bouncer that'll listen to an IPv6 socket and connect this
together with a new IPv4 socket call to :
, but as far as I can see,
there is no standards-track document for MLD/IGMP snooping.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ing properly standardized.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
keep emitting REGISTER
messages periodically? Is this something NICs do today, emitting packets
while the CPU is in fairly deep sleep?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
also lessen amount of table entries you need for
uRPF.
Downside:
People actually need CPE, they can't connect a computer directly (at least
not without turning on Internet Connection Sharing or alike).
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ker och similar backup service?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
e I can do? I control the dns resolver that all
devices use. I don't want to manually create entries, I would like this to
be dynamic. If I at the same time could get devices to register their GUA
IPv6 address at the same time (like dyndns) that would be an added bonus.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
address lookup, gets encapsulated, and then sent onto the CE.
Pure data plane.
I don't get why the BR should need to get involved in anything more
complicated than that?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
t.
Also, Section 8 of RFC5969 only talks about the CE testing the forward
path to the BR. Unless the BR also tests the reverse path to the CE it
has no way of knowing whether the CE can accept large packets.
You misread the text.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Fri, 17 Jan 2014, Mikael Abrahamsson wrote:
On Fri, 17 Jan 2014, Templin, Fred L wrote:
Sorry, I was looking at the wrong section. I see now that Section 8 is
talking about a method for a CE to send an ordinary data packet that loops
back via the BR. That method is fine, but it is no more
that way.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
tunnel still working with the
packet sizes, perhaps pinging itself over the tunnel once per minute with
the larger packet size if larger packet size is in use.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
his minute. 6RD is widely implemented today, by the
time any other mechanism is implemented, the use-case for IPv6 tunneled in
IPv4 might be much less interesting, hopefully more are moving towards
IPv4 over native IPv6 for new implementations.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
drop the MTU to 1480 and known working, than the jumbo alternative.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
Every time I post to the list I get an email back from
i...@prizmaphoto.com. Could someone please check if that address is
subscribed to this list, and in that case, remove it?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
to mind (having
routers that shouldn't have ::/0 pointed to them) is already implemented
in by means of RIO in RAs. There is just very little deployed support for
it as far as I know.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
done? It's probably documented in the RFCs from the 90ties. Now you're
coming and saying that thinking in invalid. I believe you have the burden
of proof here.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ment them so they can be presented in
a coherent consise manner (for instance an I-D). I know I have to do this
when I want things to change. Been there, done that.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
fine. You can even do protocol
based vlans to do one vlan per customer for IPv6 and have an aggregate
vlan for IPv4 traffic.
Been there, done that.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
there
is no address limitation that means you "must" do this.
What's the use-case that requires large L2 domains as the "best" solution?
And on top of that, that requires different hosts within this L2 domain to
have different default gateways?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Sat, 28 Dec 2013, "Roger Jørgensen" wrote:
did you see the start of my mail?
Yes.
It should be possible to have a network running DHCP without any RA, if
someone wants to do that.
Why?
"Because I want to" isn't a good technical answer.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
ould be done in userspace,
not in the kernel.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
kernel is a mistake.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Wed, 18 Dec 2013, Lorenzo Colitti wrote:
On Wed, Dec 18, 2013 at 9:59 PM, Mikael Abrahamsson wrote:
http://www.vyncke.org/ipv6status/project.php?metric=p&country=se
The above indicates that Sweden went from 0.2% to 0.6% in two weeks. I
don't know what this operator that did thi
http://www.vyncke.org/ipv6status/project.php?metric=p&country=se
The above indicates that Sweden went from 0.2% to 0.6% in two weeks. I
don't know what this operator that did this is, and I'm extremely curious.
How can I find out?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
27;.
quit
301 Moved Permanently
Moved Permanently
The document has moved href="http://www.brocade.com/index.page";>here.
IBM_HTTP_Server at internet.brocade.com Port 80
Connection closed by foreign host.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
the rest of the Internet (well,
actually my hosts are in 2a00::/16 really, but never mind, should be the
same).
What am I missing?
--
Mikael Abrahamssonemail: swm...@swm.pp.se
list",
but it still seems to be something special when it comes to the same /48
as the machine has addresses in.
Any help understanding what is going on is appreciated.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
On Tue, 15 Oct 2013, Mikael Abrahamsson wrote:
On Mon, 14 Oct 2013, Michael Loftis wrote:
or dscacheutil -flushcache
dhcp-28-70:Downloads mikaelabrahamsson$ dscacheutil -flushcache
dhcp-28-70:Downloads mikaelabrahamsson$ ping6 swm.pp.se
PING6(56=40+8+8 bytes) 2001:67c:64:47:ec62:fe83
sts
212.247.200.143uplift.swm.pp.se uplift swm.pp.se webmail.swm.pp.se
No DNS queries were done for swm.pp.se during this above interaction, as
verified by tcpdump on en0.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
1 - 100 of 122 matches
Mail list logo
