> On Oct 7, 2018, at 8:55 PM, Brandon Martin wrote:
>
> Except that, in IPv6-land, anyone with effective MTU < 1280 has the onus put
> on them to "make things work" i.e. come up with an adaptation layer or some
> sort of tunnel-layer transparent fragmentation. If you're relying on The
> Int
On 10/7/18 11:47 PM, Naslund, Steve wrote:
That is true provided that you accept that some people may not be able to
respond without the packet getting fragmented due to tunneling or a million
other reasons they may not support that MTU. Nonstandard MTU has always and
seems will continue to
>On 10/5/18 1:53 AM, Mark Andrews wrote:
> If you don’t want fragmented IPv6 UDP responses use
>
> server ::/0 { edns-udp-size 1232; };
>
> That’s 1280 - IPv6 header - UDP header. Anything bigger than that can
> theoretically be fragmented. You will then have to deal with PMTUD
> failur
On 10/5/18 3:16 AM, Mark Andrews wrote:
So require frag 0 to have what you require to do the filtering. Most stacks
send maximal sized initial fragments up to 1280 bytes. For DNS the UDP header
will be there as there is at least 8 bytes of fragmented packet. Additionally
reassembly attacks ar
> On 5 Oct 2018, at 4:22 pm, Brandon Martin wrote:
>
> On 10/5/18 1:53 AM, Mark Andrews wrote:
>> If you don’t want fragmented IPv6 UDP responses use
>> server ::/0 { edns-udp-size 1232; };
>> That’s 1280 - IPv6 header - UDP header. Anything bigger than that can
>> theoretically
>> be f
On 10/5/18 1:53 AM, Mark Andrews wrote:
If you don’t want fragmented IPv6 UDP responses use
server ::/0 { edns-udp-size 1232; };
That’s 1280 - IPv6 header - UDP header. Anything bigger than that can
theoretically
be fragmented. You will then have to deal with PMTUD failures as the se
> On 5 Oct 2018, at 3:12 pm, Mark Tinka wrote:
>
>
>
> On 5/Oct/18 03:07, John Levine wrote:
>
>> Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of
>> fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot
>> easier to stick to v4.
>>
>> Geoff Huston has
On 5/Oct/18 03:07, John Levine wrote:
> Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of
> fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot
> easier to stick to v4.
>
> Geoff Huston has written about this a lot and it's a well known problem
> in the DNS
In article <60afb948-5f6d-8ea8-00c9-6d4d92ff0...@forfun.net>,
Marco Davids via NANOG wrote:
>> Even if you do have v6, some things like DNSSEC don't work very well
>> if you can't do them over v4.
>
>Is that so?
Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of
fix it by doing
Op 04-10-18 om 22:07 schreef John Levine:
Even if you do have v6, some things like DNSSEC don't work very well
if you can't do them over v4.
Is that so?
--
Marco
signature.asc
Description: OpenPGP digital signature
In article
you
write:
>
>If is a new US business and you are working internationally why not go
>simple and use IPv6 addresses?
Just a guess, but it's probably because they would like for the large
fraction of the net that is still v4 only to be able to contact them.
Even if you do have v6, so
If is a new US business and you are working internationally why not go
simple and use IPv6 addresses?
John Lee
On Thu, Oct 4, 2018 at 10:59 AM Ross Tajvar wrote:
> Thanks everyone who replied. I got many responses off-list, including a
> lot of positive endorsements for several different vendor
On Thu, Oct 4, 2018 at 11:20 AM Ross Tajvar wrote:
> I'm rolling my eyes. We'll be using IPv6, but obviously we need IPv4 too.
>
> On Thu, Oct 4, 2018, 12:00 PM John Lee wrote:
>
>> If is a new US business and you are working internationally why not go
>> simple and use IPv6 addresses?
>>
>> Joh
I'm rolling my eyes. We'll be using IPv6, but obviously we need IPv4 too.
On Thu, Oct 4, 2018, 12:00 PM John Lee wrote:
> If is a new US business and you are working internationally why not go
> simple and use IPv6 addresses?
>
> John Lee
>
> On Thu, Oct 4, 2018 at 10:59 AM Ross Tajvar wrote:
>
Thanks everyone who replied. I got many responses off-list, including a lot
of positive endorsements for several different vendors. It's good to know
there are so many reputable options.
-Ross
On Mon, Oct 1, 2018 at 9:57 PM, Ross Tajvar wrote:
> Hi all,
>
> My US-based employer will be starting
On 1 Oct 2018, at 6:57 PM, Ross Tajvar wrote:
>
> Hi all,
>
> My US-based employer will be starting a new business unit soon that will
> require IPv4 addresses (aiming for a /22 to start with). I know ARIN has a
> waitlist (though I'm not sure where they're getting new IPs from), but the
> fa
Hi Ross
Try ripe ncc’s broker list here:
https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/brokers
They would easily find what you need. As the process is usually through
escrow.com, there shouldn’t be a serious concern.
This one:
https://www.ipv4auctions.com is doing that.
I've used IPv4 Market Group before. Process was pretty painless, and they
were trusting enough to allow us to pay by PO (your mileage may vary).
http://ipv4marketgroup.com/
On Mon, Oct 1, 2018 at 6:57 PM, Ross Tajvar wrote:
> Hi all,
>
> My US-based employer will be starting a new business unit
Hi all,
My US-based employer will be starting a new business unit soon that will
require IPv4 addresses (aiming for a /22 to start with). I know ARIN has a
waitlist (though I'm not sure where they're getting new IPs from), but the
faster way is to buy blocks from people who already have them. I'm
19 matches
Mail list logo