* /32 for ISPs unless they can justify more
* /48 for subscribers unless they can justify more
* /64 when you know for certain that one and only one subnet will ever be
required
* /128 when you know for certain you're dealing with a single device
* Sparse allocation so whichever size you choose
On Jan 3, 2008 3:52 AM, Rick Astley [EMAIL PROTECTED] wrote:
Take someone like Comcast with ~12 million subscribers.
It would take an IPv6 /24 to get 16.7 million /48's (2^24). With a net
efficiency of 10% they are going to need to be allocated 120 million /48's.
It would take a /21 to give
On Wed, 2 Jan 2008, Rick Astley wrote:
Some of the comments here have cleared things up a bit.
I suspect we will see NAT doing some 4to6 and 6to4 through migration, but
there is little reason to use NAT in place of stateful firewall in the v6 to
v6 world.
I think RFC3041 (Privacy
On 23 Dec 2007, at 20:34, Jeroen Massar wrote:
[...]
When an ISP is not going to provide /48's to endusers then RIPE NCC
should revoke the IPv6 prefix they received as they are not
following
the reasons why they received the prefix for.
They received the prefix because they had a plan.
hi there,
I'm analyzing NetFlow traces from Abilene (which uses Juniper, of
course) and I'm seeing a periodic pattern in the traces. I know about
the activity and inactivity timeouts that can be set in JunOS to
control flow exports, but in the data I'm analyzing it seems like
there is some kind
On Jan 3, 2008, at 5:57 PM, Fernando Silveira wrote:
Can anyone tell me if there is such a
timer in JunOS, i.e., flushing the flow cache every minute (or an
interval defined as a parameter)?
I don't know about Juniper routers, but there's such a setting in
Cisco routers, it's called the
On Jan 3, 2008 4:10 AM, Mikael Abrahamsson [EMAIL PROTECTED] wrote:
On Thu, 3 Jan 2008, Rick Astley wrote:
If Bob has a multihomed network, he can't just give one /48 to a
customer in
NY and the next one to a customer in CA unless he wants to fill up
Internet
routing tables with /48's,
Now instead what I can do is tag my california routes with a
california bgp community, and export only those specific routes to
you there. This way your traffic to me in NY will not go over this
session.
dunno about the community in which you peer. but the big kids have
pretty much
So if /64 is subnet rather than node then the practice of
placing one and only one node per subnet is pretty wasteful.
In an IPv6 network, a /64 is the subnet prefix of a single
broadcast domain, i.e. a single unbridged Ethernet segment.
Within this subnet, there are many /128s which
No, it gives them 16 bits for subnetting. Everybody gets
64 bits for addressing because everybody (except oddballs
and enevelope pushers) uses a /64 subnet size. Since 64
bits are more than anyone could ever possibly need for
addressing and 16 bits is more than an end site could ever
hi Roland,
actually I believe the patterns I'm talking about are not caused by
the activity timer.
As fair as I know, the activity timer exports a flow which has been
active for too long. Therefore, it should be counted from the
beginning of the flow (its first packet), right? The patterns I'm
On Jan 3, 2008, at 7:53 PM, Fernando Silveira wrote:
The patterns I'm
talking about would imply an absolute clock (independent of any flow)
ticking every minute, and flushing the entire flow cache. The result
of this would be the binning effect I mentioned.
Yes, what you're describing is
No, it gives them 16 bits for subnetting. Everybody gets
64 bits for addressing because everybody (except oddballs and
enevelope pushers) uses a /64 subnet size. Since 64 bits
are more than
anyone could ever possibly need for addressing and 16 bits is more
than an end site could
So if /64 is subnet rather than node then the practice of placing one
and only one node per subnet is pretty wasteful.
The whole point here is flexibility. IEEE defined several standards for
globally unique identifiers including EUI-48/MAC-48 and EUI-64.
MAC-48 should last us til 2100, but
The only place in which people have noted that there is a possibility
of running out of bits in the existing IPv6 addressing hierarchy
is when they look at a model where every residential customer gets
a /48. In that scenario there is a possibility that we might runout
in 50 to 100 years from
Is it even a possibility then? A /48 to everyone means 48
bits left over for the network portion of the address.
That's 281,474,976,710,656 /48 customer networks. It's 16
million times the number of class C's in the current IPv4
Internet. Am I just not thinking large or long term
Once upon a time, Donald Stahl [EMAIL PROTECTED] said:
It leaves them with 65k subnets to choose from. Would a /56 make more
sense? Right now- sure- becaue we lack the imagination to really guess
what might happen in the future. Nanobots each with their own address, IP
connected
I'd rather push for /48 and have people settle on /56 than push for
/56 and have people settle on /64.
Again, why the hang-up on 8 bit boundaries?
Look, why are we arguing about this? Why not split
the difference? If /48 is too big and /64 is too small,
let's go halfway and use /56, OK?
On Jan 3, 2008 3:52 AM, Rick Astley [EMAIL PROTECTED] wrote:
* /32 for ISPs unless they can justify more
* /48 for subscribers unless they can justify more
Take someone like Comcast with ~12 million subscribers.
It would take an IPv6 /24 to get 16.7 million /48's (2^24). With a net
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Leo Bicknell
Sent: Thursday, December 27, 2007 8:51 AM
To: North American Network Operators Group
Subject: Re: v6 subnet size for DSL leased line customers
In a message written on Thu, Dec 27, 2007 at
Do you really think that today's allocations are going to be in use
(unchanged) when people are building homes out of IPv6-addressed
nanobots, or when people are trying to firewall the fridge from the TV
remote, etc.?
I certainly hope not- but then again I never thought IPv4 would be around
That's 281,474,976,710,656 /48 customer networks. It's 16
million times the number of class C's in the current IPv4
Internet. Am I just not thinking large or long term enough?
No, you are just counting wrong. When you are talking /48's
you are talking number of bits of of subnet hierarchy,
On Thu, January 3, 2008 3:17 pm, William Herrin wrote:
In my ever so humble opinion, IPv6 will not reach significant
penetration at the customer level until NAT has been thoroughly
implemented. Corporate information security officers will insist.
Here's the thing: a stateful non-NAT firewall
On Jan 3, 2008 11:25 AM, Tim Franklin [EMAIL PROTECTED] wrote:
Only assuming the nature of your mistake is 'turn it off'.
I can fat-finger a 'port-forward *all* ports to important internal
server', rather than just '80/TCP' pretty much exactly as easily as I can
fat-finger 'permit *all*
Tim Franklin wrote:
On Thu, January 3, 2008 3:17 pm, William Herrin wrote:
In my ever so humble opinion, IPv6 will not reach significant
penetration at the customer level until NAT has been thoroughly
implemented. Corporate information security officers will insist.
Here's the thing: a
In article [EMAIL PROTECTED] you write:
I'd rather push for /48 and have people settle on /56 than push for=20
/56 and have people settle on /64.
=20
Again, why the hang-up on 8 bit boundaries?
Look, why are we arguing about this? Why not split
the difference? If /48 is too big and /64 is
Thus spake Simon Lyall [EMAIL PROTECTED]
On Wed, 2 Jan 2008, Deepak Jain wrote:
Is there anything inherently harmful with suggesting that filtering at
RIR boundaries should be expected, but those that accept somewhat
more lenient boundaries are nice guys??? When the nice guys run
out of
Could someone from Verizon incident response/security please contact me off
list. Thanks -A
28 matches
Mail list logo