From perry@piermont.com Sat Dec 1 08:45:33 2001 From: perry@piermont.com (Perry E. Metzger) Date: 01 Dec 2001 03:45:33 -0500 Subject: ad hoc list created to discuss v6 usage measurement Message-ID: <87pu5ze3bm.fsf@snark.piermont.com> I've been trying to get a bunch of statistics together on v6 usage growth and have found that few people are collecting serious statistics. I thought I'd start a small discussion on the subject -- accurate statistics are important to demonstrate that v6 is indeed deploying and that people should spend time and money on preparing and deploying their own networks. I've set up an ad hoc list, "metrics@ipv6.org" to host the discussion. Subscribe via majordomo@ipv6.org. Perry From nsayer@quack.kfu.com Tue Dec 4 06:16:12 2001 From: nsayer@quack.kfu.com (Nick Sayer) Date: Mon, 03 Dec 2001 22:16:12 -0800 Subject: IPv4->6 application shim library Message-ID: <3C0C6A2C.7020900@quack.kfu.com> It's come to the point now that, applications willing, it is possible to configure a network without IPv4 and still experience the Internet fully (you do this with the Trick-or-Treat DNS proxy and a NAT/PT gateway like faith/faithd). The only problem with this schema is that all of your applications have to be aware of IPv4. My idea is an LD_PRELOAD shim that will transparently "massage" IPv4 apps. It replaces gethostbyname() and gethostbyaddr(). It looks for IPv6 addresses for the names presented and keeps a list in memory. It returns a phony IPv4 address that can be used later to find the IPv6 host desired. socket also gets intercepted and changes AF_INET to AF_?INET6, and connect changes the ersatz IPv4 sockaddr into the real IPv6 one before calling the real connect. I'm writing to see if anyone has any comments on this idea, or perhaps someone has already done this...? From itojun@iijlab.net Tue Dec 4 07:59:25 2001 From: itojun@iijlab.net (itojun@iijlab.net) Date: Tue, 04 Dec 2001 16:59:25 +0900 Subject: IPv4->6 application shim library In-Reply-To: nsayer's message of Mon, 03 Dec 2001 22:16:12 PST. <3C0C6A2C.7020900@quack.kfu.com> Message-ID: <5402.1007452765@itojun.org> >My idea is an LD_PRELOAD shim that will transparently "massage" IPv4 apps. (snip) >I'm writing to see if anyone has any comments on this idea, or perhaps >someone has already done this...? check out draft-ietf-ngtrans-bia-01.txt. an implementation on Solaris was demonstrated at N+I tokyo couple of years ago. itojun From Francis.Dupont@enst-bretagne.fr Tue Dec 4 10:05:28 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Tue, 04 Dec 2001 11:05:28 +0100 Subject: IPv4->6 application shim library In-Reply-To: Your message of Mon, 03 Dec 2001 22:16:12 PST. <3C0C6A2C.7020900@quack.kfu.com> Message-ID: <200112041005.fB4A5SD87617@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: I'm writing to see if anyone has any comments on this idea, or perhaps someone has already done this...? => this is the BIA (Bump-In-the-Api) idea. I know Eric Nordmark wrote one for Solaris, I expect someone from Sun will answer... Regards Francis.Dupont@enst-bretagne.fr From lists@geminis.myip.org Tue Dec 4 11:41:44 2001 From: lists@geminis.myip.org (Flavio Villanustre) Date: Tue, 4 Dec 2001 08:41:44 -0300 (ART) Subject: IPv4->6 application shim library In-Reply-To: <3C0C6A2C.7020900@quack.kfu.com> Message-ID: Nick, I don't fully understand you idea... On Mon, 3 Dec 2001, Nick Sayer wrote: > The only problem with this schema is that all of your applications have > to be aware of IPv4. Why should your IPv6 ready applications be aware of IPv4 if you translate contents in a proxy (close to the gateway of your network)? They just should, let's say, deliver an email using SMTP over IPv6 to your proxy which speaks both IPv4 and IPv6 and it, in turn delivers it to real destination using IPv4. Same for web browsing or even for interactive applications like SSH or telnet. Your IPv6 applications don't need to be aware of IPv4... > > My idea is an LD_PRELOAD shim that will transparently "massage" IPv4 apps. > > It replaces gethostbyname() and gethostbyaddr(). It looks for IPv6 > addresses for the names presented and keeps a list in memory. It returns > a phony IPv4 address that can be used later to find the IPv6 host > desired. socket also gets intercepted and changes AF_INET to AF_?INET6, > and connect changes the ersatz IPv4 sockaddr into the real IPv6 one > before calling the real connect. > Regards, Flavio. From fink@es.net Tue Dec 4 16:00:53 2001 From: fink@es.net (Bob Fink) Date: Tue, 04 Dec 2001 08:00:53 -0800 Subject: 6bone pTLA 3FFE:82D0::/28 allocated to OXYGEN Message-ID: <5.1.0.14.0.20011204075906.00acb1b8@imap2.es.net> OXYGEN has been allocated pTLA 3FFE:82D0::/28 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to either bmanning@isi.edu or hostmaster@ep.net.] Thanks, Bob From fink@es.net Tue Dec 4 16:15:11 2001 From: fink@es.net (Bob Fink) Date: Tue, 04 Dec 2001 08:15:11 -0800 Subject: pTLA request for UDG - review closes 18 December 2001 Message-ID: <5.1.0.14.0.20011204080949.02f22280@imap2.es.net> 6bone Folk, UDG has requested a pTLA allocation. The open review period for this will close 13 December 2001. Please send your comments to me or the list. Thanks, Bob === >Date: Mon, 3 Dec 2001 10:55:15 -0600 (CST) >From: Harold de Dios Tovar Volunt >To: fink@es.net >Subject: pTLA request for UDg > >Hi Bob, > > We would like to apply for a pTLA allocation from 6bone, we are UDG, > Universidad de Guadalajara http://www.udg.mx. we are one of the members > of Internet 2 here in Mexico, the name of the organisation is CUDI. > The Mission of CUDI is to promote and to coordinate the development of > networks of telecommunications and computing, focused to the scientific > and educative development in Mexico. > > We would like to request one pTLA, conformance to RFC 2772 > > >pTLA prefix requests. > > >The following rules apply to qualify for a 6Bone pTLA allocation. It >should be recognized that holders of 6Bone pTLA allocations are >expected to provide production quality backbone network services for >the 6Bone. > >1. The pTLA Applicant must have a minimum of three (3) months > qualifying experience as a 6Bone end-site or pNLA transit. > During the entire qualifying period the Applicant must be operationally > providing the following: > > UDG is in 6bone since Mon, 3 Sep 2001 as pNLA of ITESM > 3ffe:8240:8012::/48, at this moment we have pNLA 3FFE:8070:1012::1/64 > from UNAM too. > > a. Fully maintained, up to date, 6Bone Registry entries for their > ipv6-site inet6num, mntner, and person objects, including each > tunnel that the Applicant has. > > The UDG has the following objects: > > inet6num: 3FFE:8070:1012::/48 > ipv6-site: UDG > mntner: MNT-UDG > mnt-by: UDG-6BONE > person: Harold de Dios Tovar. > > theses are our BGP4+ peer conections: > > tunnels: IPv6 in IPv4 border.ipv6.udg.mx -> gwipv6.ipv6.itesm.mx > ITESM BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> unam-ipv6-1.ipv6.unam.mx > UNAM STATIC > IPv6 in IPv4 border.ipv6.udg.mx -> ipv6-lab-gw.cisco.com > CISCO BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> pioneer.ipv6.berkom.de > BERKOM BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> rtr.ipv6.he.net > HURRICANE BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> v6-gw.cygate.fi > SMS BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> cern-atm7.cern.ch > CERN BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> ipv6-gw.grnet.gr > GRNET BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> border-gw2.caladan.net > CALADAN BGP4+ > IPv6 in IPv4 border.ipv6.udg.mx -> ziggy.ci.ulsa.mx > ULSA STATIC > > application: ping imperio.ipv6.udg.mx > ping noc6.ipv6.udg.mx > > url: www.ipv6.udg.mx > > b. Fully maintained, and reliable, BGP4+ peering and connectivity > between the Applicant's boundary router and the appropriate > connection point into the 6Bone. This router must be IPv6 > pingable. This criteria is judged by members of the 6Bone > Operations Group at the time of the Applicant's pTLA > request. > > > Our BGP4+ conections are working under cisco 3600, this router is > border.ipv6.udg.mx and can be Ipv6 pingable. > > > c. Fully maintained DNS forward (AAAA) and reverse (ip6.int) > entries for the Applicant's router(s) and at least one host > system. > > UDG has the following about DNS, actually we have 3 IPv6 zone, it > is maintain and is using DNS forward (AAAA) and reverse (ip6.int). > > Those are the records: > > ;; QUESTION SECTION: > ;imperio.ipv6.udg.mx. IN ANY > > ;; ANSWER SECTION: > imperio.ipv6.udg.mx. 86400 IN AAAA > 3ffe:8240:8012:1:201:3ff:fee6:ad36 > imperio.ipv6.udg.mx. 86400 IN A 148.202.15.149 > ------------------- > ;; QUESTION SECTION: > ;noc6.ipv6.udg.mx. IN ANY > > ;; ANSWER SECTION: > noc6.ipv6.udg.mx. 86400 IN AAAA > 3ffe:8240:8012:1:210:5aff:fe99:f59b > noc6.ipv6.udg.mx. 86400 IN A 148.202.15.220 > ------------------ > ;; QUESTION SECTION: > ;border.ipv6.udg.mx. IN ANY > > ;; ANSWER SECTION: > border.ipv6.udg.mx. 86400 IN A 148.202.15.8 > border.ipv6.udg.mx. 86400 IN AAAA > 3ffe:8240:8012:1:204:c1ff:fe89:5c71 > > d. A fully maintained, and reliable, IPv6-accessible system > providing, at a mimimum, one or more web pages, describing the > Applicant's IPv6 services. This server must be IPv6 pingable. > > Our web page is http://www.ipv6.udg.mx/ here you could find some basicall > information about IPv6,in fact our tunnels status can be seen here. > We are implementing TunnelBroker and other aplications to be used by > people interested in IPv6. > > >2. The pTLA Applicant MUST have the ability and intent to provide > "production-quality" 6Bone backbone service. Applicants must > provide a statement and information in support of this claim. > This MUST include the following: > > a. A support staff of two persons minimum, three preferable, with > person attributes registered for each in the ipv6-site object > for the pTLA applicant. > > HDDT2-6BONE > > The support staff of UdG has 7 person, the name person in charge > is Harold de Dios Tovar. > OBEJCT:ipv6-site > changed: dios-vol@telecom.noc.udg.mx > OBJECT:person > changed: harold@noc.udg.mx > > > b. A common mailbox for support contact purposes that all support > staff have acess to, pointed to with a notify attribute in the > ipv6-site object for the pTLA Applicant. > > staff@ipv6.udg.mx > > >3. The pTLA Applicant MUST have a potential "user community" that > would be served by its becoming a pTLA, e.g., the Applicant is a > major provider of Internet service in a region, country, or focus > of interest. Applicant must provide a statement and information in > support this claim. > > About our University network (multi-campus)...We are the Network > Opration Center of the University of Gdl. We have five campuses whit > gi ethernet, we have 13 regionals campuses, and we have a cloud of > frame relay that connect our regional high school, even we have a E3 link > to the internet with MCI world. We have a dedicated connection to the > Internet 2 associated with CUDI sociaty. > We have 6,000 hosts and our university community is around 100,000 > elements. We are the second largest University in the country and we > are between the high performance centers computing in the country. > You can find this information at NOC web page > http://telecom.noc.udg.mx > > UDG is one of the principal members of CUDI (Corporacion Universitaria > para el desarollo de internet), this is the internet 2 consortium in > Mexico. --> http://www.cudi.edu.mx > > >4. The pTLA Applicant MUST commit to abide by the current 6Bone > operational rules and policies as they exist at time of its > application, and agree to abide by future 6Bone backbone > operational rules and policies as they evolve by consensus of the > 6Bone backbone and user community. > > UDG undertand the 6bone operational rules and we are strongly agree > whit them all and we will to abide to the current and the future 6bone > operational rules and policies. > > > Regards from Mexico!! > > > -------------------------------------- > Harold de Dios Tovar > > home: (01) 36 726016 > work: (01) 31 342232 ext. 2321 > e-m@il: harold@noc.udg.mx > harold@mexp5.mexplaza.com.mx > > NOC: Network Operation Center > IPv6 Staff Working Group > -------------------------------------- From michael@kjorling.com Tue Dec 4 20:23:39 2001 From: michael@kjorling.com (Michael Kjorling) Date: Tue, 4 Dec 2001 21:23:39 +0100 (CET) Subject: IPv6, firewall issues and numbering schemes Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, Long time lurker who wants to get involved with IPv6. My main problem is that I have a firewall that only allows me to specify TCP, UDP and ICMP or "default" (I don't know if this is IP, or _any_ traffic, and the manual provides little clue) allow/reject rules. Yes, I know this sucks, but it is what I've got right now and it's a separate hardware box so it's not as simple as replacing the software with something else. Well, on to my question. Is it possible to set up at least an IPv4 tunnel so that I can gain external IPv6 connectivity, with this firewall still in place? Or will I have to bitch at the manufacturer, or even ditch that box it for something more flexible? I haven't really digged into IPv6 yet since it seems pretty pointless to have only two or three computers talk IPv6 to each other on a LAN - however, if I can reasonably expect external connectivity to work, it suddenly comes in an all different light. Also if someone would care to point me to some documents specifying a common or recommended IPv6 numbering scheme, that would be great. I have been thinking about using the 64-bit local part as 48 bit MAC address + 16 bit counter, but this would mean addresses that are even harder to remember than usual, and may have security implications as well (publishing local addresses in global DNS). Suggestions or pointers on this topic are also greatly appreciated! Thanks in advance, Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8DTDOKqN7/Ypw4z4RAsHzAKDZxgcb/GCkI/l+o5r8MQzO+kDSqwCgg58C gVmEqWpJ3HPT/3AEoVNsD2I= =5yOs -----END PGP SIGNATURE----- From Jan Oravec Tue Dec 4 21:53:35 2001 From: Jan Oravec (Jan Oravec) Date: Tue, 4 Dec 2001 22:53:35 +0100 Subject: invalid prefixes advertised Message-ID: <20011204225335.A78253@ipv6.isternet.sk> Hello, I see a lot of invalid prefixes advertised in BGP table received from several peers of XS26 network. If I ignore non-aggregated prefixes received, the following invalid prefixes are in global BGP: 2001:4b00::/35 0 8277 15589 11630 i - not delegated 2001:a00::/35 0 8277 15589 1275 i - according to IANA, not delegated 2002:a00::/35 0 8277 15589 1275 i - same AS source - 1275 - configuration error? -> 6to4 of 10.0.0.0/19 2003::/16 0 8277 45328 278 237 5761 ? - according to whois.arin.net: $ whois -a 5761 Microsoft Corporation (ASN-MSN-SEATTLE) One Microsoft Way Redmond, WA 98052-6399 US Autonomous System Name: MSN-SEATTLE Autonomous System Number: 5761 Coordinator: Whipple, David (DW727-ARIN) dwhipple@MICROSOFT.COM 206-703-3876 - according to IANA, 2003::/16 is not delegated peers of Microsoft, please filter bogus updates or cancel peering Best Regards, Jan Oravec XS26 - 'Access to IPv6' jan.oravec@xs26.net From lists@geminis.myip.org Wed Dec 5 02:44:09 2001 From: lists@geminis.myip.org (Flavio Villanustre) Date: Tue, 4 Dec 2001 23:44:09 -0300 (ART) Subject: IPv6, firewall issues and numbering schemes In-Reply-To: Message-ID: Hi Michael... On Tue, 4 Dec 2001, Michael Kjorling wrote: > Is it possible to set up at least an IPv4 tunnel so that I can gain > external IPv6 connectivity, with this firewall still in place? Or will > I have to bitch at the manufacturer, or even ditch that box it for > something more flexible? Many firewalls just ignore content of packets so if you can let normal IPv4 transverse it (by allowing ip connectivity between your IPv4/IPv6 gateway and a tunnel broker) you will be probably able to establish an IPv6 over IPv4 tunnel without problems. > Also if someone would care to point me to some documents specifying a > common or recommended IPv6 numbering scheme, that would be great. I > have been thinking about using the 64-bit local part as 48 bit MAC > address + 16 bit counter, but this would mean addresses that are even > harder to remember than usual, and may have security implications as > well (publishing local addresses in global DNS). Suggestions or > pointers on this topic are also greatly appreciated! > IPv6 features autodiscovery and autoconfiguration in LAN environments. So as soon as you load RADVD (route advertisement daemon) on your gateway, IPv6 capable machines will autoconfigure themselves (hopefully) discovering their own ip addresses as well as their gateway. That's a good starting point. After that you can begin experimenting with DHCPv6, etc. However I'd recommend you reading latest IPv6 allocation policies ietf documents (you can find them from pointers in http://www.6bone.net or http://geminis.myip.org). It's worth a read. Regards and good luck, Flavio. From Francis.Dupont@enst-bretagne.fr Wed Dec 5 08:52:36 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Wed, 05 Dec 2001 09:52:36 +0100 Subject: IPv6, firewall issues and numbering schemes In-Reply-To: Your message of Tue, 04 Dec 2001 21:23:39 +0100. Message-ID: <200112050852.fB58qaD92960@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: Is it possible to set up at least an IPv4 tunnel so that I can gain external IPv6 connectivity, with this firewall still in place? Or will I have to bitch at the manufacturer, or even ditch that box it for something more flexible? => I believe the best solution is to run PPP over UDP. I asked some months ago if this has to be standardized (for the port number or access control for instance)... PPP over UDP is very common on Unixes (this is a standard feature of user mode PPP on FreeBSDs) and/or is very easy to implement with a tunnel interface/device. Also if someone would care to point me to some documents specifying a common or recommended IPv6 numbering scheme, that would be great. => just use the standard MAC to interface ID stuff or (if you don't use names which always are a better way) a small counter. I have been thinking about using the 64-bit local part as 48 bit MAC address + 16 bit counter, => I don't understand why you need something so complex... but this would mean addresses that are even harder to remember than usual, and may have security implications as well (publishing local addresses in global DNS). => ??? Suggestions or pointers on this topic are also greatly appreciated! => read a good book about DNS? Regards Francis.Dupont@enst-bretagne.fr From michael@kjorling.com Wed Dec 5 09:43:50 2001 From: michael@kjorling.com (Michael Kjorling) Date: Wed, 5 Dec 2001 10:43:50 +0100 (CET) Subject: IPv6, firewall issues and numbering schemes In-Reply-To: <200112050852.fB58qaD92960@givry.rennes.enst-bretagne.fr> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 5 2001 09:52 +0100, Francis Dupont wrote: > In your previous mail you wrote: > > Is it possible to set up at least an IPv4 tunnel so that I can gain > external IPv6 connectivity, with this firewall still in place? Or will > I have to bitch at the manufacturer, or even ditch that box it for > something more flexible? > > => I believe the best solution is to run PPP over UDP. I asked some > months ago if this has to be standardized (for the port number or > access control for instance)... PPP over UDP is very common on > Unixes (this is a standard feature of user mode PPP on FreeBSDs) > and/or is very easy to implement with a tunnel interface/device. This sounds very interesting. Filtering at the tunnel endpoint is hardly a problem; I just want to have _some_ filtering on IPv6. Also I could try allowing all traffic from the other end of the tunnel to my end, as Flavio Villanustre suggested. Also, another person suggested that I just allow protocol 41 (SIP); however, the firewall won't let me do this. I've been facing that very same obstacle when trying to set up IPsec, but then there are not two clearly defined endpoints which makes it a lot harder to do in a secure fashion. > Also if someone would care to point me to some documents specifying a > common or recommended IPv6 numbering scheme, that would be great. > > => just use the standard MAC to interface ID stuff or (if you don't > use names which always are a better way) a small counter. > > I have been thinking about using the 64-bit local part as 48 bit MAC > address + 16 bit counter, > > => I don't understand why you need something so complex... Well, I did point it out in the next few words - the addresses do get complicated and hard to remember. > but this would mean addresses that are even > harder to remember than usual, and may have security implications as > well (publishing local addresses in global DNS). > > => ??? I assume you mean the latter part - well, I am not sure I want my local Ethernet addresses available to anyone capable of using nslookup. > Suggestions or pointers on this topic are also greatly appreciated! > > => read a good book about DNS? Actually I have read through "DNS and BIND", 4th edition, cover to cover. And it covers very little on IPv6-in-IPv4 tunnels. None that I have seen, in fact. I will look, and try to learn. I tried searching the list archives for "ppp over udp" as well but got an error message saying that htdig could not open the configuration file. If anyone has got any good pointers in the archive, please let me know. Thanks everyone for your input - it is appreciated! Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8DexZKqN7/Ypw4z4RAsxHAJ4k3CFTLQlcRChemtOxvbNJwbdpJwCfca/3 0arz6yg69xe3SzYktxwra/8= =huOi -----END PGP SIGNATURE----- From mlehman@microsoft.com Wed Dec 5 17:37:57 2001 From: mlehman@microsoft.com (Matthew Lehman) Date: Wed, 5 Dec 2001 09:37:57 -0800 Subject: invalid prefixes advertised Message-ID: We are testing a new protocol and expected IANA to make the address block assignment by now. The proposed block to IANA is 2003::/16. A copy of the protocol draft can be found at: http://www.ietf.org/internet-drafts/draft-ietf-ngtrans-shipworm-03.txt Sorry if this is causing anyone any grief. -Matthew -----Original Message----- From: Jan Oravec [mailto:wsx@wsx6.net] Sent: Tuesday, December 04, 2001 1:54 PM To: 6bone@ISI.EDU Subject: invalid prefixes advertised Hello, I see a lot of invalid prefixes advertised in BGP table received from several peers of XS26 network. If I ignore non-aggregated prefixes received, the following invalid prefixes are in global BGP: 2001:4b00::/35 0 8277 15589 11630 i - not delegated 2001:a00::/35 0 8277 15589 1275 i - according to IANA, not delegated 2002:a00::/35 0 8277 15589 1275 i - same AS source - 1275 - configuration error? -> 6to4 of 10.0.0.0/19 2003::/16 0 8277 45328 278 237 5761 ? - according to whois.arin.net: $ whois -a 5761 Microsoft Corporation (ASN-MSN-SEATTLE) One Microsoft Way Redmond, WA 98052-6399 US Autonomous System Name: MSN-SEATTLE Autonomous System Number: 5761 Coordinator: Whipple, David (DW727-ARIN) dwhipple@MICROSOFT.COM 206-703-3876 - according to IANA, 2003::/16 is not delegated peers of Microsoft, please filter bogus updates or cancel peering Best Regards, Jan Oravec XS26 - 'Access to IPv6' jan.oravec@xs26.net From Ken@kdmd.net Wed Dec 5 16:50:17 2001 From: Ken@kdmd.net (Ken Diliberto) Date: Wed, 05 Dec 2001 10:50:17 -0600 Subject: In search of a peer Message-ID: Can anyone suggest a peer for me? I've been looking without success. My IP address is 63.151.193.48. Thanks. Ken From dy@davidyip.com Wed Dec 5 18:56:27 2001 From: dy@davidyip.com (David Yip) Date: Thu, 06 Dec 2001 02:56:27 +0800 Subject: IPv6 DNS on Solaris 8 Message-ID: <5.1.0.14.2.20011206025516.0300fa98@mail.davidyip.com> Dear all, Is Solaris 8 supports only A6 but not AAAA? -- David Yip From fink@es.net Wed Dec 5 19:12:50 2001 From: fink@es.net (Bob Fink) Date: Wed, 05 Dec 2001 11:12:50 -0800 Subject: In search of a peer In-Reply-To: Message-ID: <5.1.0.14.0.20011205111141.030b2d90@imap2.es.net> Ken, At 10:50 AM 12/5/2001 -0600, Ken Diliberto wrote: >Can anyone suggest a peer for me? I've been looking without success. My >IP address is 63.151.193.48. Have you looked into using 6to4? Bob From tony@lava.net Wed Dec 5 19:47:25 2001 From: tony@lava.net (Antonio Querubin) Date: Wed, 5 Dec 2001 09:47:25 -1000 (HST) Subject: In search of a peer In-Reply-To: Message-ID: On Wed, 5 Dec 2001, Ken Diliberto wrote: > Can anyone suggest a peer for me? I've been looking without success. > My IP address is 63.151.193.48. Looks like you're connected through UUNet. Have you contacted them? From roam@ringlet.net Thu Dec 6 00:20:54 2001 From: roam@ringlet.net (Peter Pentchev) Date: Thu, 6 Dec 2001 02:20:54 +0200 Subject: IPv6 DNS on Solaris 8 In-Reply-To: <5.1.0.14.2.20011206025516.0300fa98@mail.davidyip.com>; from dy@davidyip.com on Thu, Dec 06, 2001 at 02:56:27AM +0800 References: <5.1.0.14.2.20011206025516.0300fa98@mail.davidyip.com> Message-ID: <20011206022053.A517@straylight.oblivion.bg> On Thu, Dec 06, 2001 at 02:56:27AM +0800, David Yip wrote: > Dear all, > > Is Solaris 8 supports only A6 but not AAAA? This is not really an OS issue, rather a resolver / nameserver issue. I believe Solaris 8 packs the BIND resolver library by default, not sure about the version; if you are indeed having problems, you might upgrade your BIND installation to a newer version, or switch to a different resolver library and name server/cache software. G'luck, Peter -- Thit sentence is not self-referential because "thit" is not a word. From psb@ast.cam.ac.uk Thu Dec 6 07:58:05 2001 From: psb@ast.cam.ac.uk (Peter Bunclark) Date: Thu, 6 Dec 2001 07:58:05 +0000 (GMT) Subject: IPv6 DNS on Solaris 8 In-Reply-To: <5.1.0.14.2.20011206025516.0300fa98@mail.davidyip.com> Message-ID: On Thu, 6 Dec 2001, David Yip wrote: > Dear all, > > Is Solaris 8 supports only A6 but not AAAA? > > David Yip It's the other way round. Pete. From Francis.Dupont@enst-bretagne.fr Thu Dec 6 09:38:43 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Thu, 06 Dec 2001 10:38:43 +0100 Subject: In search of a peer In-Reply-To: Your message of Wed, 05 Dec 2001 11:12:50 PST. <5.1.0.14.0.20011205111141.030b2d90@imap2.es.net> Message-ID: <200112060938.fB69chD00540@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: Have you looked into using 6to4? => BTW I am looking for a 6to4 node connected to the 6bone (I'd like to try my private 6to4 gateway and its security rules). Thanks Francis.Dupont@enst-bretagne.fr From paitken@cisco.com Thu Dec 6 11:13:54 2001 From: paitken@cisco.com (Paul Aitken) Date: Thu, 06 Dec 2001 11:13:54 +0000 Subject: In search of a peer References: <200112060938.fB69chD00540@givry.rennes.enst-bretagne.fr> Message-ID: <3C0F52F2.9080209@cisco.com> Francis Dupont wrote: > => BTW I am looking for a 6to4 node connected to the 6bone > (I'd like to try my private 6to4 gateway and its security rules). http://www.kfu.com/~nsayer/6to4/#list -- Paul Aitken IPv6 Development, Cisco Systems Ltd, Edinburgh, Scotland. EH6 6LX From dap23@cornell.edu Thu Dec 6 16:18:33 2001 From: dap23@cornell.edu (Dan Perry) Date: Thu, 6 Dec 2001 11:18:33 -0500 Subject: 6bone access from behind NAT Message-ID: <002501c17e71$a96b99d0$0132a8c0@dogfood.local> Hi all, I'm trying (unsuccessfully) to connect a small network of windows 2000 machines to the 6bone. Originally, I had one machine running the standard Windows NAT service, and that server had one NIC connected directly to the DSL line, and the other to the private network. I had that server running as a 6to4 router, and everything worked fine. However, I've since replaced that server with a common hardware cable/DSL router. I've configured that new router to forward all incoming packets to the old server. The old server current has one NIC now. I've been trying to use freenet6's tunnel broker service to connect to the 6bone. At first this failed as the server had a private IP. However, I changed the tspc.conf file to include the external IP provided by my ISP as the v4 address used for the tunnel. After doing this, the tunnel seems to set itself up properly. However, I'm not able to ping anything but the server, or any other machine with IPv6 on my private network. Can anyone point out something that I need to do in order to get this to work? Here are some outputs from the command line on the server I'm trying to create a 6to4 router on: C:\>ping6 www.6bone.net Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data: Request timed out. Request timed out. C:\>ping6 perr2187.tsps1.freenet6.net Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes of data: Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms C:\>ipv6 if Interface 4 (site 1): Local Area Connection uses Neighbor Discovery sends Router Advertisements forwards packets link-level address: 00-01-02-72-e1-4a preferred address fe80::201:2ff:fe72:e14a, infinite/infinite multicast address ff02::1, 1 refs, not reportable multicast address ff02::1:ff72:e14a, 1 refs, last reporter multicast address ff02::2, 1 refs, last reporter multicast address ff05::2, 1 refs, last reporter link MTU 1500 (true link MTU 1500) current hop limit 128 reachable time 23500ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 3 (site 1): 6-over-4 Virtual Interface uses Neighbor Discovery sends Router Advertisements forwards packets link-level address: 192.168.50.1 preferred address fe80::c0a8:3201, infinite/infinite multicast address ff02::1, 1 refs, not reportable multicast address ff02::1:ffa8:3201, 1 refs, last reporter multicast address ff02::2, 1 refs, last reporter multicast address ff05::2, 1 refs, last reporter link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 15500ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 2 (site 0): Tunnel Pseudo-Interface does not use Neighbor Discovery forwards packets link-level address: 0.0.0.0 preferred address 2002:ac1f:2aef::ac1f:2aef, infinite/infinite preferred address 3ffe:b80:2:2f4e::2, infinite/infinite preferred address 2002:c0a8:3201::c0a8:3201, infinite/infinite preferred address ::192.168.50.1, infinite/infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 0ms (base 0ms) retransmission interval 0ms DAD transmits 0 Interface 1 (site 0): Loopback Pseudo-Interface does not use Neighbor Discovery link-level address: preferred address ::1, infinite/infinite link MTU 1500 (true link MTU 1500) current hop limit 1 reachable time 0ms (base 0ms) retransmission interval 0ms DAD transmits 0 C:\>ipv6 rt ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2 pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime infinite) As you can probably tell, I'm relatively new to IPv6, but any comments or suggestions would be greatly appreciated. Thanks, Dan From nsayer@quack.kfu.com Thu Dec 6 19:41:15 2001 From: nsayer@quack.kfu.com (Nick Sayer) Date: Thu, 06 Dec 2001 11:41:15 -0800 Subject: IPv6 PPP procedures? Message-ID: <3C0FC9DB.8050402@kfu.com> I have begun experimenting with IPv6 PPP using Brian Somers' latest BSD PPP sources. I am at the point where PPP connections come up and a link-local address is negotiated for each end, vis: tun0: flags=8051 mtu 1398 inet6 fe80::1387:a573%tun0 --> fe80::1422:8917%tun0 prefixlen 128 scopeid 0x6 As soon as it is in this state, I can also use 'iface add' to assign routable addresses to both sides manually to get inet6 3ffe:1200:301b:3::1 --> 3ffe:1200:301b:3::2 prefixlen 128 at which point route6d on the "server" makes the endpoint reachable and everything is good and righteous. The problem is that it requires more or less manual intervention to do all of that. Is there a spec for what a PPP connection is supposed to do once the link-local addresses are established? Shouldn't the "client" at that point perform a router solicitation to determine the prefix on its endpoint or something? From michael@kjorling.com Thu Dec 6 19:48:35 2001 From: michael@kjorling.com (Michael Kjorling) Date: Thu, 6 Dec 2001 20:48:35 +0100 (CET) Subject: 6bone access from behind NAT In-Reply-To: <002501c17e71$a96b99d0$0132a8c0@dogfood.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you don't mind the question, why on Earth do you want to NAT with IPv6? I read somewhere that IPv6 addresses allow each and every molecule on the planet to have its own IP address - I haven't checked that but there are tons of IPv6 addresses available. You get a 64-bit part (or is it even 80 bits?) to use any way you like; MAC addresses which are used on Ethernet networks are 48 bits long. Lots of room to spare even if you'd have every Ethernet card in the world on your LAN. Also, I noted this in the 'ipv6 if' output: > Interface 3 (site 1): 6-over-4 Virtual Interface > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 192.168.50.1 > preferred address fe80::c0a8:3201, infinite/infinite Just a question to the gurus here - wouldn't the address be 2001:c0a8:3201::? http://www.6bone.net/6bone_6to4.html seems to imply this, if I read the text correctly: "A special IPv6 routing prefix (2002::/16) is used to indicate that the remaining 32-bits of the external routing prefix contain the IPv4 end-point address of a boundary IPv6 router for that site that will respond to IPv6 in IPv4 encapsulation." And here's a suggestion for you: tracert6. What does it output? How far do you get? Michael Kjörling On Dec 6 2001 11:18 -0500, Dan Perry wrote: > Hi all, > I'm trying (unsuccessfully) to connect a small network of > windows 2000 machines to the 6bone. Originally, I had one machine > running the standard Windows NAT service, and that server had one NIC > connected directly to the DSL line, and the other to the private > network. I had that server running as a 6to4 router, and everything > worked fine. However, I've since replaced that server with a common > hardware cable/DSL router. I've configured that new router to forward > all incoming packets to the old server. The old server current has one > NIC now. > I've been trying to use freenet6's tunnel broker service to > connect to the 6bone. At first this failed as the server had a private > IP. However, I changed the tspc.conf file to include the external IP > provided by my ISP as the v4 address used for the tunnel. After doing > this, the tunnel seems to set itself up properly. However, I'm not > able to ping anything but the server, or any other machine with IPv6 on > my private network. Can anyone point out something that I need to do > in order to get this to work? > > Here are some outputs from the command line on the server I'm trying to > create a 6to4 router on: > > > C:\>ping6 www.6bone.net > > Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data: > > Request timed out. > Request timed out. > > C:\>ping6 perr2187.tsps1.freenet6.net > > Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes > of data: > > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > > > C:\>ipv6 if > /ipv6 output snipped/ > > C:\>ipv6 rt > ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2 > pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime > infinite) > > > As you can probably tell, I'm relatively new to IPv6, but any comments > or suggestions would be greatly appreciated. > > Thanks, > > Dan - -- Michael Kjörling -- Programmer/Network administrator ^..^ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8D8uXKqN7/Ypw4z4RAp1CAJ9Aiy143lIEFnma23ITBrYOzYTlwACgw/vM FbGWIXTEa9JB8hmlGrKDKW8= =Az7Q -----END PGP SIGNATURE----- From Marc.Blanchet@viagenie.qc.ca Thu Dec 6 20:59:03 2001 From: Marc.Blanchet@viagenie.qc.ca (Marc Blanchet) Date: Thu, 06 Dec 2001 15:59:03 -0500 Subject: 6bone access from behind NAT In-Reply-To: <002501c17e71$a96b99d0$0132a8c0@dogfood.local> References: <002501c17e71$a96b99d0$0132a8c0@dogfood.local> Message-ID: <59480000.1007672343@classic> freenet6 does not give you any 6to4, it gives you a normal prefix, so I'm confused about your reference to a 6to4 router. I would suggest you to bring this to the users@freenet6.net mailing list. Marc -- jeudi, décembre 06, 2001 11:18:33 -0500 Dan Perry wrote/a écrit: > Hi all, > I'm trying (unsuccessfully) to connect a small network of > windows 2000 machines to the 6bone. Originally, I had one machine > running the standard Windows NAT service, and that server had one NIC > connected directly to the DSL line, and the other to the private > network. I had that server running as a 6to4 router, and everything > worked fine. However, I've since replaced that server with a common > hardware cable/DSL router. I've configured that new router to forward > all incoming packets to the old server. The old server current has one > NIC now. > I've been trying to use freenet6's tunnel broker service to > connect to the 6bone. At first this failed as the server had a private > IP. However, I changed the tspc.conf file to include the external IP > provided by my ISP as the v4 address used for the tunnel. After doing > this, the tunnel seems to set itself up properly. However, I'm not > able to ping anything but the server, or any other machine with IPv6 on > my private network. Can anyone point out something that I need to do > in order to get this to work? > > Here are some outputs from the command line on the server I'm trying to > create a 6to4 router on: > > > C:\>ping6 www.6bone.net > > Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data: > > Request timed out. > Request timed out. > > C:\>ping6 perr2187.tsps1.freenet6.net > > Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes > of data: > > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > > > C:\>ipv6 if > Interface 4 (site 1): Local Area Connection > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 00-01-02-72-e1-4a > preferred address fe80::201:2ff:fe72:e14a, infinite/infinite > multicast address ff02::1, 1 refs, not reportable > multicast address ff02::1:ff72:e14a, 1 refs, last reporter > multicast address ff02::2, 1 refs, last reporter > multicast address ff05::2, 1 refs, last reporter > link MTU 1500 (true link MTU 1500) > current hop limit 128 > reachable time 23500ms (base 30000ms) > retransmission interval 1000ms > DAD transmits 1 > Interface 3 (site 1): 6-over-4 Virtual Interface > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 192.168.50.1 > preferred address fe80::c0a8:3201, infinite/infinite > multicast address ff02::1, 1 refs, not reportable > multicast address ff02::1:ffa8:3201, 1 refs, last reporter > multicast address ff02::2, 1 refs, last reporter > multicast address ff05::2, 1 refs, last reporter > link MTU 1280 (true link MTU 65515) > current hop limit 128 > reachable time 15500ms (base 30000ms) > retransmission interval 1000ms > DAD transmits 1 > Interface 2 (site 0): Tunnel Pseudo-Interface > does not use Neighbor Discovery > forwards packets > link-level address: 0.0.0.0 > preferred address 2002:ac1f:2aef::ac1f:2aef, infinite/infinite > preferred address 3ffe:b80:2:2f4e::2, infinite/infinite > preferred address 2002:c0a8:3201::c0a8:3201, infinite/infinite > preferred address ::192.168.50.1, infinite/infinite > link MTU 1280 (true link MTU 65515) > current hop limit 128 > reachable time 0ms (base 0ms) > retransmission interval 0ms > DAD transmits 0 > Interface 1 (site 0): Loopback Pseudo-Interface > does not use Neighbor Discovery > link-level address: > preferred address ::1, infinite/infinite > link MTU 1500 (true link MTU 1500) > current hop limit 1 > reachable time 0ms (base 0ms) > retransmission interval 0ms > DAD transmits 0 > > > C:\>ipv6 rt > ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2 > pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime > infinite) > > > As you can probably tell, I'm relatively new to IPv6, but any comments > or suggestions would be greatly appreciated. > > Thanks, > > Dan > ------------------------------------------ Marc Blanchet Viagénie tel: +1-418-656-9254x225 ------------------------------------------ http://www.freenet6.net: IPv6 connectivity ------------------------------------------ http://www.normos.org: IETF(RFC,draft), IANA,W3C,... standards. ------------------------------------------ From vertigo@panix.com Thu Dec 6 21:01:37 2001 From: vertigo@panix.com (vertigo) Date: Thu, 6 Dec 2001 16:01:37 -0500 (EST) Subject: 6bone access from behind NAT In-Reply-To: Message-ID: I would guess it has something to do with security. vertigo On Thu, 6 Dec 2001, Michael Kjorling wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If you don't mind the question, why on Earth do you want to NAT with > IPv6? I read somewhere that IPv6 addresses allow each and every > molecule on the planet to have its own IP address - I haven't checked > that but there are tons of IPv6 addresses available. You get a 64-bit > part (or is it even 80 bits?) to use any way you like; MAC addresses > which are used on Ethernet networks are 48 bits long. Lots of room to > spare even if you'd have every Ethernet card in the world on your LAN. > > Also, I noted this in the 'ipv6 if' output: > > > Interface 3 (site 1): 6-over-4 Virtual Interface > > uses Neighbor Discovery > > sends Router Advertisements > > forwards packets > > link-level address: 192.168.50.1 > > preferred address fe80::c0a8:3201, infinite/infinite > > Just a question to the gurus here - wouldn't the address be > 2001:c0a8:3201::? http://www.6bone.net/6bone_6to4.html seems to imply > this, if I read the text correctly: "A special IPv6 routing prefix > (2002::/16) is used to indicate that the remaining 32-bits of the > external routing prefix contain the IPv4 end-point address of a > boundary IPv6 router for that site that will respond to IPv6 in IPv4 > encapsulation." > > And here's a suggestion for you: tracert6. What does it output? How > far do you get? > > > Michael Kjörling > > > On Dec 6 2001 11:18 -0500, Dan Perry wrote: > > > Hi all, > > I'm trying (unsuccessfully) to connect a small network of > > windows 2000 machines to the 6bone. Originally, I had one machine > > running the standard Windows NAT service, and that server had one NIC > > connected directly to the DSL line, and the other to the private > > network. I had that server running as a 6to4 router, and everything > > worked fine. However, I've since replaced that server with a common > > hardware cable/DSL router. I've configured that new router to forward > > all incoming packets to the old server. The old server current has one > > NIC now. > > I've been trying to use freenet6's tunnel broker service to > > connect to the 6bone. At first this failed as the server had a private > > IP. However, I changed the tspc.conf file to include the external IP > > provided by my ISP as the v4 address used for the tunnel. After doing > > this, the tunnel seems to set itself up properly. However, I'm not > > able to ping anything but the server, or any other machine with IPv6 on > > my private network. Can anyone point out something that I need to do > > in order to get this to work? > > > > Here are some outputs from the command line on the server I'm trying to > > create a 6to4 router on: > > > > > > C:\>ping6 www.6bone.net > > > > Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data: > > > > Request timed out. > > Request timed out. > > > > C:\>ping6 perr2187.tsps1.freenet6.net > > > > Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes > > of data: > > > > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > > > > > > C:\>ipv6 if > > /ipv6 output snipped/ > > > > C:\>ipv6 rt > > ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2 > > pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime > > infinite) > > > > > > As you can probably tell, I'm relatively new to IPv6, but any comments > > or suggestions would be greatly appreciated. > > > > Thanks, > > > > Dan > > - -- > Michael Kjörling -- Programmer/Network administrator ^..^ > PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e \/ > Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 > > "There is something to be said about not trying to be glamorous > and popular and cool. Just be real -- and life will be real." > (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: Public key is at http://michael.kjorling.com/contact/pgp.html > > iD8DBQE8D8uXKqN7/Ypw4z4RAp1CAJ9Aiy143lIEFnma23ITBrYOzYTlwACgw/vM > FbGWIXTEa9JB8hmlGrKDKW8= > =Az7Q > -----END PGP SIGNATURE----- > > From lists@geminis.myip.org Thu Dec 6 22:18:57 2001 From: lists@geminis.myip.org (Flavio Villanustre) Date: Thu, 6 Dec 2001 19:18:57 -0300 (ART) Subject: 6bone access from behind NAT In-Reply-To: <002501c17e71$a96b99d0$0132a8c0@dogfood.local> Message-ID: If you're using freenet6, you should request a /48 prefix that can be done by simply doing: Add host_type=router in tspc.conf Add prefixlen=48 in tspc.conf Add if_prefix=YOUR_NETWORK_INTERFACE in tspc.conf After that it should establish tunnel and set up local interface with a /64 prefix for your other boxes to use it as a gateway (currently all your ip addresses in your local interface are link scope addresses and not global scope addresses). And hopefully it should run a router advertisement daemon (or its equivalent under windows) to autoconfigure other boxes. Regards, Flavio. On Thu, 6 Dec 2001, Dan Perry wrote: > Hi all, > I'm trying (unsuccessfully) to connect a small network of > windows 2000 machines to the 6bone. Originally, I had one machine > running the standard Windows NAT service, and that server had one NIC > connected directly to the DSL line, and the other to the private > network. I had that server running as a 6to4 router, and everything > worked fine. However, I've since replaced that server with a common > hardware cable/DSL router. I've configured that new router to forward > all incoming packets to the old server. The old server current has one > NIC now. > I've been trying to use freenet6's tunnel broker service to > connect to the 6bone. At first this failed as the server had a private > IP. However, I changed the tspc.conf file to include the external IP > provided by my ISP as the v4 address used for the tunnel. After doing > this, the tunnel seems to set itself up properly. However, I'm not > able to ping anything but the server, or any other machine with IPv6 on > my private network. Can anyone point out something that I need to do > in order to get this to work? > > Here are some outputs from the command line on the server I'm trying to > create a 6to4 router on: > > > C:\>ping6 www.6bone.net > > Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data: > > Request timed out. > Request timed out. > > C:\>ping6 perr2187.tsps1.freenet6.net > > Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes > of data: > > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > > > C:\>ipv6 if > Interface 4 (site 1): Local Area Connection > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 00-01-02-72-e1-4a > preferred address fe80::201:2ff:fe72:e14a, infinite/infinite > multicast address ff02::1, 1 refs, not reportable > multicast address ff02::1:ff72:e14a, 1 refs, last reporter > multicast address ff02::2, 1 refs, last reporter > multicast address ff05::2, 1 refs, last reporter > link MTU 1500 (true link MTU 1500) > current hop limit 128 > reachable time 23500ms (base 30000ms) > retransmission interval 1000ms > DAD transmits 1 > Interface 3 (site 1): 6-over-4 Virtual Interface > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 192.168.50.1 > preferred address fe80::c0a8:3201, infinite/infinite > multicast address ff02::1, 1 refs, not reportable > multicast address ff02::1:ffa8:3201, 1 refs, last reporter > multicast address ff02::2, 1 refs, last reporter > multicast address ff05::2, 1 refs, last reporter > link MTU 1280 (true link MTU 65515) > current hop limit 128 > reachable time 15500ms (base 30000ms) > retransmission interval 1000ms > DAD transmits 1 > Interface 2 (site 0): Tunnel Pseudo-Interface > does not use Neighbor Discovery > forwards packets > link-level address: 0.0.0.0 > preferred address 2002:ac1f:2aef::ac1f:2aef, infinite/infinite > preferred address 3ffe:b80:2:2f4e::2, infinite/infinite > preferred address 2002:c0a8:3201::c0a8:3201, infinite/infinite > preferred address ::192.168.50.1, infinite/infinite > link MTU 1280 (true link MTU 65515) > current hop limit 128 > reachable time 0ms (base 0ms) > retransmission interval 0ms > DAD transmits 0 > Interface 1 (site 0): Loopback Pseudo-Interface > does not use Neighbor Discovery > link-level address: > preferred address ::1, infinite/infinite > link MTU 1500 (true link MTU 1500) > current hop limit 1 > reachable time 0ms (base 0ms) > retransmission interval 0ms > DAD transmits 0 > > > C:\>ipv6 rt > ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2 > pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime > infinite) > > > As you can probably tell, I'm relatively new to IPv6, but any comments > or suggestions would be greatly appreciated. > > Thanks, > > Dan > From dap23@cornell.edu Thu Dec 6 22:30:53 2001 From: dap23@cornell.edu (Dan Perry) Date: Thu, 6 Dec 2001 17:30:53 -0500 Subject: 6bone access from behind NAT In-Reply-To: Message-ID: <002801c17ea5$aabde5c0$0132a8c0@dogfood.local> Thanks for the suggestions I've gotten so far. But it seems I didn't clearly state what was wrong. The real problem I'm having is that I have a 2000 behind NAT. I want that server to connect to the 6bone and act as a router for the local network behind the NAT. However, I can't figure out how to get the server to connect to the 6bone, since it is behind NAT. I've been trying to use freenet6 as a tunnel broker. I've manually configured the NAT to route all incoming ports to my server. My idea was that the tunnel would get forwarder along with the other incoming IPv4 traffic, and then my server could act as a terminator for the tunnel, and also route IPv6 traffic to the other clients behind the NAT. What I want to know is has anyone successfully connected to the 6bone from behind a NAT. Is this even possible? The freenet6 tunnel broker gives a success message that it has connected, but I can't ping anything outside. Is there anything I can read up on the might help me deal with the NAT that my server is behind. Thanks again, Dan -----Original Message----- On Thu, 6 Dec 2001, Dan Perry wrote: > Hi all, > I'm trying (unsuccessfully) to connect a small network of > windows 2000 machines to the 6bone. Originally, I had one machine > running the standard Windows NAT service, and that server had one NIC > connected directly to the DSL line, and the other to the private > network. I had that server running as a 6to4 router, and everything > worked fine. However, I've since replaced that server with a common > hardware cable/DSL router. I've configured that new router to forward > all incoming packets to the old server. The old server current has one > NIC now. > I've been trying to use freenet6's tunnel broker service to > connect to the 6bone. At first this failed as the server had a private > IP. However, I changed the tspc.conf file to include the external IP > provided by my ISP as the v4 address used for the tunnel. After doing > this, the tunnel seems to set itself up properly. However, I'm not > able to ping anything but the server, or any other machine with IPv6 on > my private network. Can anyone point out something that I need to do > in order to get this to work? > > Here are some outputs from the command line on the server I'm trying to > create a 6to4 router on: > > > C:\>ping6 www.6bone.net > > Pinging 6bone.net [3ffe:b00:c18:1::10] with 32 bytes of data: > > Request timed out. > Request timed out. > > C:\>ping6 perr2187.tsps1.freenet6.net > > Pinging perr2187.tsps1.freenet6.net [3ffe:b80:2:2f4e::2] with 32 bytes > of data: > > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > Reply from 3ffe:b80:2:2f4e::2: bytes=32 time<1ms > > > C:\>ipv6 if > Interface 4 (site 1): Local Area Connection > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 00-01-02-72-e1-4a > preferred address fe80::201:2ff:fe72:e14a, infinite/infinite > multicast address ff02::1, 1 refs, not reportable > multicast address ff02::1:ff72:e14a, 1 refs, last reporter > multicast address ff02::2, 1 refs, last reporter > multicast address ff05::2, 1 refs, last reporter > link MTU 1500 (true link MTU 1500) > current hop limit 128 > reachable time 23500ms (base 30000ms) > retransmission interval 1000ms > DAD transmits 1 > Interface 3 (site 1): 6-over-4 Virtual Interface > uses Neighbor Discovery > sends Router Advertisements > forwards packets > link-level address: 192.168.50.1 > preferred address fe80::c0a8:3201, infinite/infinite > multicast address ff02::1, 1 refs, not reportable > multicast address ff02::1:ffa8:3201, 1 refs, last reporter > multicast address ff02::2, 1 refs, last reporter > multicast address ff05::2, 1 refs, last reporter > link MTU 1280 (true link MTU 65515) > current hop limit 128 > reachable time 15500ms (base 30000ms) > retransmission interval 1000ms > DAD transmits 1 > Interface 2 (site 0): Tunnel Pseudo-Interface > does not use Neighbor Discovery > forwards packets > link-level address: 0.0.0.0 > preferred address 2002:ac1f:2aef::ac1f:2aef, infinite/infinite > preferred address 3ffe:b80:2:2f4e::2, infinite/infinite > preferred address 2002:c0a8:3201::c0a8:3201, infinite/infinite > preferred address ::192.168.50.1, infinite/infinite > link MTU 1280 (true link MTU 65515) > current hop limit 128 > reachable time 0ms (base 0ms) > retransmission interval 0ms > DAD transmits 0 > Interface 1 (site 0): Loopback Pseudo-Interface > does not use Neighbor Discovery > link-level address: > preferred address ::1, infinite/infinite > link MTU 1500 (true link MTU 1500) > current hop limit 1 > reachable time 0ms (base 0ms) > retransmission interval 0ms > DAD transmits 0 > > > C:\>ipv6 rt > ::/0 -> 2 pref 0 (lifetime infinite, publish, no aging) 2002::/16 -> 2 > pref 0 (lifetime 1800s, publish, no aging) ::/96 -> 2 pref 0 (lifetime > infinite) > > > As you can probably tell, I'm relatively new to IPv6, but any comments > or suggestions would be greatly appreciated. > > Thanks, > > Dan > From pekkas@netcore.fi Thu Dec 6 22:34:55 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 7 Dec 2001 00:34:55 +0200 (EET) Subject: 6bone access from behind NAT In-Reply-To: Message-ID: On Thu, 6 Dec 2001, Michael Kjorling wrote: > Also, I noted this in the 'ipv6 if' output: > > > Interface 3 (site 1): 6-over-4 Virtual Interface > > uses Neighbor Discovery > > sends Router Advertisements > > forwards packets > > link-level address: 192.168.50.1 > > preferred address fe80::c0a8:3201, infinite/infinite > > Just a question to the gurus here - wouldn't the address be > 2001:c0a8:3201::? http://www.6bone.net/6bone_6to4.html seems to imply > this, if I read the text correctly: "A special IPv6 routing prefix > (2002::/16) is used to indicate that the remaining 32-bits of the > external routing prefix contain the IPv4 end-point address of a > boundary IPv6 router for that site that will respond to IPv6 in IPv4 > encapsulation." Packets to private addresses and their 6to4 equivalents MUST not be discarded. You need a global address, otherwise you can't use 6to4. Shipworm (see http://www.6bone.net/ngtrans/) is a solution for access with private addresses, ie. in cases where your operator or your IPv6-incapable DSL/cable modem performs NAT. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From Jan Oravec Fri Dec 7 02:03:58 2001 From: Jan Oravec (Jan Oravec) Date: Fri, 7 Dec 2001 03:03:58 +0100 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: ; from huitema@windows.microsoft.com on Thu, Dec 06, 2001 at 05:19:38PM -0800 References: Message-ID: <20011207030357.A36704@ipv6.isternet.sk> > You may have observed Microsoft announcing reachability of the prefix > 2003::/16 over the 6Bone. The appended e-mail sent to the NGTRANS > working group explains why. We are currently testing the "Shipworm" > protocol, which carries IPv6 through NAT by using encapsulation over Although I welcome your will to participate on IPv6 protocol development, I cannot agree with announcing 2003::/16. There are active production IPv6 networks over the world already which are connected to 6bone and receiving this non-official prefixe. It is the same as advertising 197.0.0.0/8 over the Internet which is, according to IANA, reserved prefix. Anyway, I don't see the point of using the Shipworm. The cleaner solution is to configure IPv6 on the box, which provide NAT for the private network. Best Regards, Jan Oravec XS26 - 'Access to IPv6' jan.oravec@xs26.net From paul@timmins.net Fri Dec 7 04:17:04 2001 From: paul@timmins.net (Paul Timmins) Date: Thu, 06 Dec 2001 23:17:04 -0500 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011207030357.A36704@ipv6.isternet.sk> References: Message-ID: <5.1.0.14.2.20011206231046.05195ae0@new.workbench.net> Something like this can become very useful for people trapped behind firewalls that cannot yet do IPv6, and will be useful until IPv6 is ubiquitous enough to garner enough support for all companies to support IPv6 in production hardware. Also, I heard there are a few cablemodem providers that block non tcp/udp protocols to prevent use of IPSEC by telecommuters and it breaks IPv6 over IPv4. Shall these people just be isolated until their providers can get their act together? I could see this being useful to me. Hopefully the standard that is published is the standard that Microsoft sticks to when implementing this in a release of their OS, so it can be implemented by other platforms. My god, I'm not only thanking Microsoft, I'm sticking up for them too. What is this world coming to? -Paul At 09:03 PM 12/6/2001, you wrote: >Anyway, I don't see the point of using the Shipworm. The cleaner solution >is to configure IPv6 on the box, which provide NAT for the private network. From Jan Oravec Fri Dec 7 06:18:24 2001 From: Jan Oravec (Jan Oravec) Date: Fri, 7 Dec 2001 07:18:24 +0100 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <5.1.0.14.2.20011206231046.05195ae0@new.workbench.net>; from paul@timmins.net on Thu, Dec 06, 2001 at 11:17:04PM -0500 References: <20011207030357.A36704@ipv6.isternet.sk> <5.1.0.14.2.20011206231046.05195ae0@new.workbench.net> Message-ID: <20011207071824.A59367@ipv6.isternet.sk> On Thu, Dec 06, 2001 at 11:17:04PM -0500, Paul Timmins wrote: > Something like this can become very useful for people trapped behind > firewalls that cannot yet do IPv6, and will be useful until IPv6 is > ubiquitous enough to garner enough support for all companies to support > IPv6 in production hardware. > Also, I heard there are a few cablemodem providers that block non tcp/udp > protocols to prevent use of IPSEC by telecommuters and it breaks IPv6 over > IPv4. Shall these people just be isolated until their providers can get > their act together? I would not choose such provider. It's bussiness. One provides, one not. Your favourite transport company fly to XYZ doesn't imply all transport companies fly to XYZ. Anyway, I have some computers behind NAT successfully connected to 6bone over stunnel/ppp. Not so clean solution, but works. > I could see this being useful to me. Hopefully the standard that is > published is the standard that Microsoft sticks to when implementing this > in a release of their OS, so it can be implemented by other platforms. > My god, I'm not only thanking Microsoft, I'm sticking up for them too. What > is this world coming to? I am not against Microsoft, just I don't like when *ANYONE* (not just Microsoft) is breaking the rules. I can also write some draft about tunneling IPv6 over proxy server or anything other requiring another /16. It is as much necessary as Shipworm. Really, there are some users with just connection to web proxy who may need IPv6. Will you tolerate such "testing" without IANA agreement ? Best Regards, Jan Oravec XS26 - 'Access to IPv6' jan.oravec@xs26.net From paul@timmins.net Fri Dec 7 06:57:31 2001 From: paul@timmins.net (Paul Timmins) Date: Fri, 07 Dec 2001 01:57:31 -0500 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011207071824.A59367@ipv6.isternet.sk> References: <5.1.0.14.2.20011206231046.05195ae0@new.workbench.net> <20011207030357.A36704@ipv6.isternet.sk> <5.1.0.14.2.20011206231046.05195ae0@new.workbench.net> Message-ID: <5.1.0.14.2.20011207015636.024e0008@new.workbench.net> At 01:18 AM 12/7/2001, Jan Oravec wrote: >On Thu, Dec 06, 2001 at 11:17:04PM -0500, Paul Timmins wrote: >I can also write some draft about tunneling IPv6 over proxy server or >anything other requiring another /16. It is as much necessary as Shipworm. >Really, there are some users with just connection to web proxy who may need >IPv6. Will you tolerate such "testing" without IANA agreement ? It's my understanding that IANA gave their consent, and just hasn't posted such yet. Can the microsoft guy confirm this? -Paul From pekkas@netcore.fi Fri Dec 7 07:04:43 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 7 Dec 2001 09:04:43 +0200 (EET) Subject: 6bone access from behind NAT In-Reply-To: Message-ID: On Fri, 7 Dec 2001, Pekka Savola wrote: > On Thu, 6 Dec 2001, Michael Kjorling wrote: > > Also, I noted this in the 'ipv6 if' output: > > > > > Interface 3 (site 1): 6-over-4 Virtual Interface > > > uses Neighbor Discovery > > > sends Router Advertisements > > > forwards packets > > > link-level address: 192.168.50.1 > > > preferred address fe80::c0a8:3201, infinite/infinite > > > > Just a question to the gurus here - wouldn't the address be > > 2001:c0a8:3201::? http://www.6bone.net/6bone_6to4.html seems to imply > > this, if I read the text correctly: "A special IPv6 routing prefix > > (2002::/16) is used to indicate that the remaining 32-bits of the > > external routing prefix contain the IPv4 end-point address of a > > boundary IPv6 router for that site that will respond to IPv6 in IPv4 > > encapsulation." > > Packets to private addresses and their 6to4 equivalents MUST not be > discarded. You need a global address, otherwise you can't use 6to4. Doh. MUST be discarded, of course. Sorry! -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From Sascha 'sb' Bielski" References: <5.1.0.14.2.20011206231046.05195ae0@new.workbench.net> Message-ID: <358500182.20011207080238@rdns.de> Dear Paul Timmins, On Freitag, 7. Dezember 2001 at 05:17 you wrote: PT> Something like this can become very useful for people trapped behind PT> firewalls that cannot yet do IPv6, and will be useful until IPv6 is PT> ubiquitous enough to garner enough support for all companies to support PT> IPv6 in production hardware. Then Microsoft should use their own ranges. They can test that with 3ffe space, too. There is no need to pollute the main routing table! PT> Also, I heard there are a few cablemodem providers that block non tcp/udp PT> protocols to prevent use of IPSEC by telecommuters and it breaks IPv6 over PT> IPv4. Shall these people just be isolated until their providers can get PT> their act together? No. Sure, Microsoft does good work with this protocol, but again: There is no need to pollute the global routing table! PT> I could see this being useful to me. Hopefully the standard that is PT> published is the standard that Microsoft sticks to when implementing this PT> in a release of their OS, so it can be implemented by other platforms. PT> My god, I'm not only thanking Microsoft, I'm sticking up for them too. What PT> is this world coming to? PT> -Paul I would support them, to. But Microsoft thinks "we are god, we can pollute what we want" and that's really bad. Their Peers should really filter such invalid routes. -- best regards, Sascha 'sb' Bielski mailto:sb@rdns.de rdns.de admin team xs26.net German Coordination phone: +49 (0) 174 / 432 93 76 email: sb@rdns.de From pekkas@netcore.fi Fri Dec 7 07:06:36 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 7 Dec 2001 09:06:36 +0200 (EET) Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011207030357.A36704@ipv6.isternet.sk> Message-ID: On Fri, 7 Dec 2001, Jan Oravec wrote: > Anyway, I don't see the point of using the Shipworm. The cleaner solution > is to configure IPv6 on the box, which provide NAT for the private network. Sure, but the world was never a clean place. Most often, you just can't get IPv6 to e.g. your Cable/DSL modems. Or the operator is performing NAT... -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From mlehman@microsoft.com Fri Dec 7 07:59:28 2001 From: mlehman@microsoft.com (Matthew Lehman) Date: Thu, 6 Dec 2001 23:59:28 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" Message-ID: Christian will have to give an official response on the current status from IANA, but my understanding is that there are no objections and we are waiting on a final response. I also should say that we are working under a few (possibly incorrect assumptions): 1) The 6Bone is a research network developed for the main use of learning about and furthering the deployment of IPv6. I haven't seen anything about production networks in it's charter, but I may have missed something. We wouldn't have announced a non-assigned route in a production network. 2) We have put forth IETF drafts for comment of this protocol and applied for the address range from IANA. While I agree that anyone can put forward a draft (or an RFC for that matter), it does undergo scrutiny from the Internet community and it was never our intention to hijack address space without going through the appropriate processes. 3) There is a large body of people that are interested in a NAT traversal mechanism for IPv6. Sorry if we jumped the gun, we're just trying to do due diligence and test the protocol in a larger scale scenario in the right network. I thought the 6Bone was the right place to do that. -Matthew -----Original Message----- From: Paul Timmins [mailto:paul@timmins.net] Sent: Thu 12/6/2001 10:57 PM To: Jan Oravec Cc: 6bone@ISI.EDU Subject: Re: Announcing 2003::/16 during tests of "shipworm" At 01:18 AM 12/7/2001, Jan Oravec wrote: >On Thu, Dec 06, 2001 at 11:17:04PM -0500, Paul Timmins wrote: >I can also write some draft about tunneling IPv6 over proxy server or >anything other requiring another /16. It is as much necessary as Shipworm. >Really, there are some users with just connection to web proxy who may need >IPv6. Will you tolerate such "testing" without IANA agreement ? It's my understanding that IANA gave their consent, and just hasn't posted such yet. Can the microsoft guy confirm this? -Paul From itojun@iijlab.net Fri Dec 7 08:54:55 2001 From: itojun@iijlab.net (itojun@iijlab.net) Date: Fri, 07 Dec 2001 17:54:55 +0900 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: mlehman's message of Thu, 06 Dec 2001 23:59:28 PST. Message-ID: <4563.1007715295@itojun.org> >1) The 6Bone is a research network developed for the main use of >learning about and furthering the deployment of IPv6. I haven't >seen anything about production networks in it's charter, but I may >have missed something. We wouldn't have announced a non >-assigned route in a production network. since there's only one single IPv6 network (just like there's only one IPv4 internet), the 6bone is interconnected to other serious commercial IPv6 networks. the above assumption may not be appropriate. itojun From pekkas@netcore.fi Fri Dec 7 09:29:39 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 7 Dec 2001 11:29:39 +0200 (EET) Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011207071824.A59367@ipv6.isternet.sk> Message-ID: On Fri, 7 Dec 2001, Jan Oravec wrote: > > I could see this being useful to me. Hopefully the standard that is > > published is the standard that Microsoft sticks to when implementing this > > in a release of their OS, so it can be implemented by other platforms. > > My god, I'm not only thanking Microsoft, I'm sticking up for them too. What > > is this world coming to? > > I am not against Microsoft, just I don't like when *ANYONE* (not just > Microsoft) is breaking the rules. > > I can also write some draft about tunneling IPv6 over proxy server or > anything other requiring another /16. It is as much necessary as Shipworm. > Really, there are some users with just connection to web proxy who may need > IPv6. Will you tolerate such "testing" without IANA agreement ? I don't understand your point; IANA agreement is not a short process. What's the drawback here? I wouldn't tolerate this kind of testing if it conflicted with any current, valid prefixes, thus degrading service. Here, there is no service loss for anyone, quite the contrary. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From Francis.Dupont@enst-bretagne.fr Fri Dec 7 09:52:20 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Fri, 07 Dec 2001 10:52:20 +0100 Subject: In search of a peer In-Reply-To: Your message of Thu, 06 Dec 2001 11:13:54 GMT. <3C0F52F2.9080209@cisco.com> Message-ID: <200112070952.fB79qKD05188@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: > => BTW I am looking for a 6to4 node connected to the 6bone > (I'd like to try my private 6to4 gateway and its security rules). http://www.kfu.com/~nsayer/6to4/#list => I am looking for end-nodes, not for 6to4 gateways. Francis.Dupont@enst-bretagne.fr From Francis.Dupont@enst-bretagne.fr Fri Dec 7 10:26:31 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Fri, 07 Dec 2001 11:26:31 +0100 Subject: IPv6 PPP procedures? In-Reply-To: Your message of Thu, 06 Dec 2001 11:41:15 PST. <3C0FC9DB.8050402@kfu.com> Message-ID: <200112071026.fB7AQVD05598@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: Is there a spec for what a PPP connection is supposed to do once the link-local addresses are established? Shouldn't the "client" at that point perform a router solicitation to determine the prefix on its endpoint or something? => there are three cases: - both ends are hosts: nothing to do. - one end is a host, the other one is a route: the host sends router solicitations, the router sends router advertisements, and when the host receives a router advertisement it applies RFC 2462 (auto-configuration) and can get global addresses. - both ends are routers: a routing protocol should be started (look at Itojun's dialup draft for other details). Regards Francis.Dupont@enst-bretagne.fr PS: in the common case (router-host) the router uses a static config (in the ipv6-up script) and the host auto-conf/neighbor discovery. This works well for a /128 if the implementation is good but Itojun has good arguments about what to do further (so read his draft). From roam@ringlet.net Fri Dec 7 12:24:28 2001 From: roam@ringlet.net (Peter Pentchev) Date: Fri, 7 Dec 2001 14:24:28 +0200 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <4563.1007715295@itojun.org>; from itojun@iijlab.net on Fri, Dec 07, 2001 at 05:54:55PM +0900 References: <4563.1007715295@itojun.org> Message-ID: <20011207142428.E41230@straylight.oblivion.bg> On Fri, Dec 07, 2001 at 05:54:55PM +0900, itojun@iijlab.net wrote: > >1) The 6Bone is a research network developed for the main use of > >learning about and furthering the deployment of IPv6. I haven't > >seen anything about production networks in it's charter, but I may > >have missed something. We wouldn't have announced a non > >-assigned route in a production network. > > since there's only one single IPv6 network (just like there's only > one IPv4 internet), the 6bone is interconnected to other serious > commercial IPv6 networks. the above assumption may not be appropriate. Besides, the address range used for this testing - 2003::/16 - is not really part of the 6bone. G'luck, Peter -- This would easier understand fewer had omitted. From pasky@pasky.ji.cz Fri Dec 7 13:08:52 2001 From: pasky@pasky.ji.cz (Petr Baudis) Date: Fri, 7 Dec 2001 14:08:52 +0100 Subject: 6bone access from behind NAT In-Reply-To: <002801c17ea5$aabde5c0$0132a8c0@dogfood.local> References: <002801c17ea5$aabde5c0$0132a8c0@dogfood.local> Message-ID: <20011207130852.GG18228@pasky.ji.cz> Dear diary, on Thu, Dec 06, 2001 at 11:30:53PM CET, I got a letter, where Dan Perry told me, that... > Thanks for the suggestions I've gotten so far. But it seems I didn't clearly > state what was wrong. The real problem I'm having is that I have a 2000 > behind NAT. I want that server to connect to the 6bone and act as a router > for the local network behind the NAT. However, I can't figure out how to > get the server to connect to the 6bone, since it is behind NAT. I've been > trying to use freenet6 as a tunnel broker. I've manually configured the NAT > to route all incoming ports to my server. My idea was that the tunnel would > get forwarder along with the other incoming IPv4 traffic, and then my server > could act as a terminator for the tunnel, and also route IPv6 traffic to the > other clients behind the NAT. What I want to know is has anyone > successfully connected to the 6bone from behind a NAT. Is this even > possible? The freenet6 tunnel broker gives a success message that it has > connected, but I can't ping anything outside. Is there anything I can read > up on the might help me deal with the NAT that my server is behind. The SIT tunnel (used for tunneling of IPv6) traffic uses special protocol (number 41) at the same level as TCP or UDP is, so with forwarding of TCP or UDP traffic you won't forward SIT traffic. Solution is either to persuade your NAT to forward also every traffic with protocol number 41 to your win2k machine or to use some kind of IPv4 tunneling for this. E.g. you will get IPv4 IP from someone and estabilish PPP tunnel to him thru internet. And then you will dig your SIT tunnel to that public IPv4 address, which will actually belong to you. I wonder if there is also any other application which would allow SIT tunneling behind NAT, using TCP or (rather) UDP. On UNIX systems this can be done by conjuring with pppd, however I have no idea how to do this on Windows systems. -- Petr "Pasky" Baudis UN*X programmer, UN*X administrator, hobbies = IPv6, IRC, FreeCiv hacking From rrockell@sprint.net Fri Dec 7 13:37:01 2001 From: rrockell@sprint.net (Robert J. Rockell) Date: Fri, 7 Dec 2001 08:37:01 -0500 (EST) Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011207030357.A36704@ipv6.isternet.sk> Message-ID: 6bone=testbed testbed=announce routes that allow people to Test. I see no reason to not allow *ANY* prefix that has a legit purpose for testing on the 6bone. This should in no way break any existing asignments. Unless I hear something from Working-Group chairs, I will be appending this prefix to my filters today. P.S. If any of you have this route in your table now, you aren't abiding by rfc2772 for filtering anyhow, so I don't see where the room to complain about it exists. If you filter strictly, you would not see this route in your RIB... Thanks Rob Rockell Principal Engineer SprintLink Europe/Asia (+1) 703-689-6322 Sprint IP Services : Thinking outside the 435 box ----------------------------------------------------------------------- On Fri, 7 Dec 2001, Jan Oravec wrote: ->> You may have observed Microsoft announcing reachability of the prefix ->> 2003::/16 over the 6Bone. The appended e-mail sent to the NGTRANS ->> working group explains why. We are currently testing the "Shipworm" ->> protocol, which carries IPv6 through NAT by using encapsulation over -> ->Although I welcome your will to participate on IPv6 protocol development, ->I cannot agree with announcing 2003::/16. There are active production IPv6 ->networks over the world already which are connected to 6bone and receiving ->this non-official prefixe. It is the same as advertising 197.0.0.0/8 over ->the Internet which is, according to IANA, reserved prefix. -> ->Anyway, I don't see the point of using the Shipworm. The cleaner solution ->is to configure IPv6 on the box, which provide NAT for the private network. -> -> ->Best Regards, -> ->Jan Oravec ->XS26 - 'Access to IPv6' ->jan.oravec@xs26.net -> From michel@arneill-py.sacramento.ca.us Fri Dec 7 16:01:09 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 7 Dec 2001 08:01:09 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" Message-ID: <2B81403386729140A3A899A8B39B046403AF6E@server2000.arneill-py.sacramento.ca.us> Jan Oravec Wrote: >> Although I welcome your will to participate on IPv6 protocol >> development, I cannot agree with announcing 2003::/16. There >> are active production IPv6 networks over the world already >> which are connected to 6bone and receiving this non-official >> prefixe. Any serious production network would not be affected by this. Does your IPv4 production network accept BGP advertisements for 10.0.0.0/8 ? >> Anyway, I don't see the point of using the Shipworm. Lots of other people do. >> I am not against Microsoft, just I don't like when *ANYONE* >> (not just Microsoft) is breaking the rules. Can you clarify which rules you are refering to? Michel. From mlehman@microsoft.com Fri Dec 7 16:42:28 2001 From: mlehman@microsoft.com (Matthew Lehman) Date: Fri, 7 Dec 2001 08:42:28 -0800 Subject: Merit contact Message-ID: This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C17F3E.287D43BE" ------_=_NextPart_001_01C17F3E.287D43BE Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I need to move a tunnel from Merit and the only contact I have bounces (masaki@merit.edu). Anyone from Merit have another contact I should use? =20 Thanks, =20 -Matthew =20 =20 ------_=_NextPart_001_01C17F3E.287D43BE Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I need to move a tunnel from Merit and the only = contact I have bounces (masaki@merit.edu).  Anyone from Merit have another contact I should = use?

 

Thanks,

 

-Matthew

 

 

=00 ------_=_NextPart_001_01C17F3E.287D43BE-- --------------InterScan_NT_MIME_Boundary-- From fink@es.net Fri Dec 7 15:04:48 2001 From: fink@es.net (Bob Fink) Date: Fri, 07 Dec 2001 07:04:48 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: References: <20011207030357.A36704@ipv6.isternet.sk> Message-ID: <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> At 08:37 AM 12/7/2001 -0500, Robert J. Rockell wrote: >6bone=testbed > >testbed=announce routes that allow people to Test. > >I see no reason to not allow *ANY* prefix that has a legit purpose for >testing on the 6bone. This should in no way break any existing asignments. I do agree with this. The 6bone is a test network, and as such would not be doing a proper job if we didn't allow new ideas (and prefixes) to be used for testing, as long as they don't mess up others (which Rob covers below). A point that should be re-emphasized about the 6bone is that it does have a need to interconnect to the "production" IPv6 Internet. A non-interconnected set of networks is not the Internet as we all know and love it, and the v6 Internet is no exception. Many/most/all of the open v6 peering points around the world do, in fact, connect 3FFE and 2001 prefix-using networks together. Some of these networks even have both 3FFE and 2001 prefixes allocated to them. We continue to encourage such peerings and trust that properly managed and operated peerings protect bad things from happening (which is what RFC2772 is about, but read on below). >Unless I hear something from Working-Group chairs, I will be appending this >prefix to my filters today. >P.S. If any of you have this route in your table now, you aren't abiding by >rfc2772 for filtering anyhow, so I don't see where the room to complain >about it exists. If you filter strictly, you would not see this route >in your RIB... RFC2772 is the 6bone's current operational guidelines, both for routing and overall participation. Rob and a few others of us are now doing a rewrite to bring it up to date, but it is still in force and very relevant. As for the filtering rules in RFC2772, I presume Rob refers to the parenthetical note in RFC2772 3.1: "(Also, it is each pTLA, pNLA, and end-site's responsibility to not only filter their own BGP4+ sessions appropriately to peers, but to filter routes coming from peers as well, and to only allow those routes that fit the aggregation model, and do not cause operational problems)." The reader should also look at the rest of section 3, as well as sections 4 and 9, for more general guidance for routing policy and other filtering. As for SHIPWORM's status in ngtrans, you should read the ngtrans project status page (I do keep it quite up to date): which currently states: shipworm-02 published 26Sep01, last call for forwarding closes 12Oct01 shipworm-03 published 16Oct01 to answer last call comments forwarded to IESG 18Oct01 IESG evaluating nat traversal issues before proceeding The last communications on this with Randy Bush, our AD, are: >From: Randy Bush >To: Bob Fink >Cc: Bert Wijnen , > IETF Secretariat , > Alain Durand , Tony Hain , > NGtrans List >Subject: (ngtrans) Re: forwarding SHIPWORM for PS >Date: Thu, 18 Oct 2001 23:11:40 -0700 > > > SHIPWORM-02 finished ngtrans WG last call with comments that were resolved > > in the new -03 draft: > > > > > > > > Please process this draft as a candidate for PS. > >the iab has raised a general architectural issue regarding nat traversal >that has clear relevance to this draft, midcom, and so forth. i am trying >to understand it more before progressing. please stay tuned. > >randy and: >From: Randy Bush >To: Christian Huitema >Cc: Alain Durand , > Tony Hain , > Bob Fink , > Bert Wijnen >Subject: Re: shipworm progress? >Date: Thu, 08 Nov 2001 13:43:15 -0800 > > > When can we expect the IESG to issue a last call? > >no sooner than the architectural issues that were raised with the midcom >etc. work are resolved. > >randy We, the ngtrans chairs, do want SHIPWORM to progress into production, but a Shipworm IPv6 service prefix is not likely to be assigned by IANA until the IESG moves the draft forward (Randy can correct me if I am wrong). Meanwhile, testing is needed and underway. Any choice of interim prefix is almost certainly likely to be different than one assigned for production, so I don't particularly care what is used. If a 3FFE-based prefix is temporarily requested, I would support allocating it for further testing, but don't think it matters at this stage given the test use of 2003 for this is already underway. Thanks, Bob From dalef@merit.edu Fri Dec 7 17:12:59 2001 From: dalef@merit.edu (Dale Fay) Date: Fri, 7 Dec 2001 12:12:59 -0500 Subject: Merit contact In-Reply-To: ; from mlehman@microsoft.com on Fri, Dec 07, 2001 at 08:42:28AM -0800 References: Message-ID: <20011207121258.A6040@dharma.merit.edu> Matthew, You can reach the correct group at Merit for 6bone issues at ardt@merit.edu. Dale On Fri, Dec 07, 2001 at 08:42:28AM -0800, Matthew Lehman wrote: > I need to move a tunnel from Merit and the only contact I have bounces > (masaki@merit.edu). Anyone from Merit have another contact I should > use? > > > > Thanks, > > > > -Matthew > > > > > -- Dale Fay Merit RSng/RADB www.rsng.net www.radb.net From villearc@stealth.net Fri Dec 7 18:28:48 2001 From: villearc@stealth.net (Ville) Date: Fri, 7 Dec 2001 13:28:48 -0500 (EST) Subject: Announcing 2003::/16 during tests of "shipworm" Message-ID: On Fri, 7 Dec 2001, Jan Oravec wrote: > Anyway, I don't see the point of using the Shipworm. The cleaner solution > is to configure IPv6 on the box, which provide NAT for the private network. > [...] Personally, all I can see here is yet another Bash your parter -thread, TMPWBVL (too many people with big virtual LARTs). I doubt this ever would have gotten this far: a) If the organization announcing 2003::/16 was not Microsoft and such an indeniable amount of Microsoft-hatred did not exist on this and many other techie-lists. b) If the peers of Microsoft filtered announcements for invalid prefixes either manually (exclusively permitting known valid and allocated routes only) or automatically (based on the data synchronized from remote servers or databases). Both, for their own safety and for the sake of their own reputation as a responsible peer both IPv4- and IPv6-wise. c) If somebody had initially forwarded the e-mail many, but not all members of this list, saw on the ngtrans ML. And the optional d) about if people took things calmly and possibly tried approaching the remote party first to have the issue resolved- maybe we all would save a quarter of our time and an hour's worth of unnecessary headache. > Jan Oravec Cheers. -- Ville Network Security/IPv6 Solutions Stealth Communications, Inc. From 6bone-list@kessens.com Fri Dec 7 19:28:56 2001 From: 6bone-list@kessens.com (David Kessens) Date: Fri, 7 Dec 2001 11:28:56 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <5.1.0.14.0.20011207060243.0310b558@imap2.es.net>; from fink@es.net on Fri, Dec 07, 2001 at 07:04:48AM -0800 References: <20011207030357.A36704@ipv6.isternet.sk> <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> Message-ID: <20011207112856.C28047@iprg.nokia.com> Bob, On Fri, Dec 07, 2001 at 07:04:48AM -0800, Bob Fink wrote: > > A point that should be re-emphasized about the 6bone is that it does have a > need to interconnect to the "production" IPv6 Internet. A > non-interconnected set of networks is not the Internet as we all know and > love it, and the v6 Internet is no exception. It seems that we are already quite far past the point that the 6bone is just a test network. There really isn't any 'production' ipv6 network that is separate of the 6bone. It is one big (?) ipv6 Internet. Every network outside your own is totally out of your control (of course we are all under Microsofts control :-)). It is usually a good idea to protect oneself against all the evil that is out there and that is everybodies own reponsibility. You will need this protection anyways because there is not only people out there who are testing new protocols, but there is an even larger number of people who just make plain mistakes. Just keep continue the testing and if you consider yourself a production network, keep protecting yourself against the people testing the new protocols and we should be able to coexist for a long time to come. At the same time, there is nothing wrong with people raising questions on the maillist about things that seem to be wrong or in error. We do want to hear about such cases and judge for ourselves whether it merits to deploy extra protective armor that we didn't deploy already in our networks. David K. --- From rrockell@sprint.net Fri Dec 7 19:31:34 2001 From: rrockell@sprint.net (Robert J. Rockell) Date: Fri, 7 Dec 2001 14:31:34 -0500 (EST) Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> Message-ID: Sprint is now giving transit to 2003::/16. Thanks for the clarification, Bob. It is announced to all 3FFE::/16 addressed peers. Thanks Rob Rockell Principal Engineer SprintLink Europe/Asia (+1) 703-689-6322 Sprint IP Services : Thinking outside the 435 box ----------------------------------------------------------------------- On Fri, 7 Dec 2001, Bob Fink wrote: ->At 08:37 AM 12/7/2001 -0500, Robert J. Rockell wrote: ->>6bone=testbed ->> ->>testbed=announce routes that allow people to Test. ->> ->>I see no reason to not allow *ANY* prefix that has a legit purpose for ->>testing on the 6bone. This should in no way break any existing asignments. -> ->I do agree with this. The 6bone is a test network, and as such would not be ->doing a proper job if we didn't allow new ideas (and prefixes) to be used ->for testing, as long as they don't mess up others (which Rob covers below). -> ->A point that should be re-emphasized about the 6bone is that it does have a ->need to interconnect to the "production" IPv6 Internet. A ->non-interconnected set of networks is not the Internet as we all know and ->love it, and the v6 Internet is no exception. -> ->Many/most/all of the open v6 peering points around the world do, in fact, ->connect 3FFE and 2001 prefix-using networks together. Some of these ->networks even have both 3FFE and 2001 prefixes allocated to them. We ->continue to encourage such peerings and trust that properly managed and ->operated peerings protect bad things from happening (which is what RFC2772 ->is about, but read on below). -> -> ->>Unless I hear something from Working-Group chairs, I will be appending this ->>prefix to my filters today. ->>P.S. If any of you have this route in your table now, you aren't abiding by ->>rfc2772 for filtering anyhow, so I don't see where the room to complain ->>about it exists. If you filter strictly, you would not see this route ->>in your RIB... -> ->RFC2772 is the 6bone's current operational guidelines, both for routing and ->overall participation. Rob and a few others of us are now doing a rewrite ->to bring it up to date, but it is still in force and very relevant. -> ->As for the filtering rules in RFC2772, I presume Rob refers to the ->parenthetical note in RFC2772 3.1: -> ->"(Also, it is each pTLA, pNLA, and end-site's responsibility to not only ->filter their own BGP4+ sessions appropriately to peers, but to filter ->routes coming from peers as well, and to only allow those routes that fit ->the aggregation model, and do not cause operational problems)." -> ->The reader should also look at the rest of section 3, as well as sections 4 ->and 9, for more general guidance for routing policy and other filtering. -> -> ->As for SHIPWORM's status in ngtrans, you should read the ngtrans project ->status page (I do keep it quite up to date): -> -> -> ->which currently states: -> ->shipworm-02 published 26Sep01, last call for forwarding closes 12Oct01 ->shipworm-03 published 16Oct01 to answer last call comments -> forwarded to IESG 18Oct01 -> IESG evaluating nat traversal issues before proceeding -> ->The last communications on this with Randy Bush, our AD, are: -> ->>From: Randy Bush ->>To: Bob Fink ->>Cc: Bert Wijnen , ->> IETF Secretariat , ->> Alain Durand , Tony Hain , ->> NGtrans List ->>Subject: (ngtrans) Re: forwarding SHIPWORM for PS ->>Date: Thu, 18 Oct 2001 23:11:40 -0700 ->> ->> > SHIPWORM-02 finished ngtrans WG last call with comments that were resolved ->> > in the new -03 draft: ->> > ->> > ->> > ->> > Please process this draft as a candidate for PS. ->> ->>the iab has raised a general architectural issue regarding nat traversal ->>that has clear relevance to this draft, midcom, and so forth. i am trying ->>to understand it more before progressing. please stay tuned. ->> ->>randy -> ->and: -> ->>From: Randy Bush ->>To: Christian Huitema ->>Cc: Alain Durand , ->> Tony Hain , ->> Bob Fink , ->> Bert Wijnen ->>Subject: Re: shipworm progress? ->>Date: Thu, 08 Nov 2001 13:43:15 -0800 ->> ->> > When can we expect the IESG to issue a last call? ->> ->>no sooner than the architectural issues that were raised with the midcom ->>etc. work are resolved. ->> ->>randy -> -> ->We, the ngtrans chairs, do want SHIPWORM to progress into production, but a ->Shipworm IPv6 service prefix ->is not likely to be assigned by IANA until the IESG moves the draft forward ->(Randy can correct me if I am wrong). Meanwhile, testing is needed and ->underway. Any choice of interim prefix is almost certainly likely to be ->different than one assigned for production, so I don't particularly care ->what is used. -> ->If a 3FFE-based prefix is temporarily requested, I would support allocating ->it for further testing, but don't think it matters at this stage given the ->test use of 2003 for this is already underway. -> -> ->Thanks, -> ->Bob -> From bmanning@ISI.EDU Sat Dec 8 01:04:33 2001 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 7 Dec 2001 17:04:33 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <5.1.0.14.0.20011207060243.0310b558@imap2.es.net>; from fink@es.net on Fri, Dec 07, 2001 at 07:04:48AM -0800 References: <20011207030357.A36704@ipv6.isternet.sk> <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> Message-ID: <20011207170433.C10433@zed.isi.edu> Random hijacking of prefixes is a practice that should be discouraged. This sets a dangerous example. On Fri, Dec 07, 2001 at 07:04:48AM -0800, Bob Fink wrote: > At 08:37 AM 12/7/2001 -0500, Robert J. Rockell wrote: > >6bone=testbed > > > >testbed=announce routes that allow people to Test. > > > >I see no reason to not allow *ANY* prefix that has a legit purpose for > >testing on the 6bone. This should in no way break any existing asignments. > > I do agree with this. The 6bone is a test network, and as such would not be > doing a proper job if we didn't allow new ideas (and prefixes) to be used > for testing, as long as they don't mess up others (which Rob covers below). > > A point that should be re-emphasized about the 6bone is that it does have a > need to interconnect to the "production" IPv6 Internet. A > non-interconnected set of networks is not the Internet as we all know and > love it, and the v6 Internet is no exception. > > Many/most/all of the open v6 peering points around the world do, in fact, > connect 3FFE and 2001 prefix-using networks together. Some of these > networks even have both 3FFE and 2001 prefixes allocated to them. We > continue to encourage such peerings and trust that properly managed and > operated peerings protect bad things from happening (which is what RFC2772 > is about, but read on below). > > > >Unless I hear something from Working-Group chairs, I will be appending this > >prefix to my filters today. > >P.S. If any of you have this route in your table now, you aren't abiding by > >rfc2772 for filtering anyhow, so I don't see where the room to complain > >about it exists. If you filter strictly, you would not see this route > >in your RIB... > > RFC2772 is the 6bone's current operational guidelines, both for routing and > overall participation. Rob and a few others of us are now doing a rewrite > to bring it up to date, but it is still in force and very relevant. > > As for the filtering rules in RFC2772, I presume Rob refers to the > parenthetical note in RFC2772 3.1: > > "(Also, it is each pTLA, pNLA, and end-site's responsibility to not only > filter their own BGP4+ sessions appropriately to peers, but to filter > routes coming from peers as well, and to only allow those routes that fit > the aggregation model, and do not cause operational problems)." > > The reader should also look at the rest of section 3, as well as sections 4 > and 9, for more general guidance for routing policy and other filtering. > > > As for SHIPWORM's status in ngtrans, you should read the ngtrans project > status page (I do keep it quite up to date): > > > > which currently states: > > shipworm-02 published 26Sep01, last call for forwarding closes 12Oct01 > shipworm-03 published 16Oct01 to answer last call comments > forwarded to IESG 18Oct01 > IESG evaluating nat traversal issues before proceeding > > The last communications on this with Randy Bush, our AD, are: > > >From: Randy Bush > >To: Bob Fink > >Cc: Bert Wijnen , > > IETF Secretariat , > > Alain Durand , Tony Hain , > > NGtrans List > >Subject: (ngtrans) Re: forwarding SHIPWORM for PS > >Date: Thu, 18 Oct 2001 23:11:40 -0700 > > > > > SHIPWORM-02 finished ngtrans WG last call with comments that were resolved > > > in the new -03 draft: > > > > > > > > > > > > Please process this draft as a candidate for PS. > > > >the iab has raised a general architectural issue regarding nat traversal > >that has clear relevance to this draft, midcom, and so forth. i am trying > >to understand it more before progressing. please stay tuned. > > > >randy > > and: > > >From: Randy Bush > >To: Christian Huitema > >Cc: Alain Durand , > > Tony Hain , > > Bob Fink , > > Bert Wijnen > >Subject: Re: shipworm progress? > >Date: Thu, 08 Nov 2001 13:43:15 -0800 > > > > > When can we expect the IESG to issue a last call? > > > >no sooner than the architectural issues that were raised with the midcom > >etc. work are resolved. > > > >randy > > > We, the ngtrans chairs, do want SHIPWORM to progress into production, but a > Shipworm IPv6 service prefix > is not likely to be assigned by IANA until the IESG moves the draft forward > (Randy can correct me if I am wrong). Meanwhile, testing is needed and > underway. Any choice of interim prefix is almost certainly likely to be > different than one assigned for production, so I don't particularly care > what is used. > > If a 3FFE-based prefix is temporarily requested, I would support allocating > it for further testing, but don't think it matters at this stage given the > test use of 2003 for this is already underway. > > > Thanks, > > Bob From michel@arneill-py.sacramento.ca.us Sat Dec 8 06:16:36 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 7 Dec 2001 22:16:36 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" Message-ID: <2B81403386729140A3A899A8B39B046403AF7B@server2000.arneill-py.sacramento.ca.us> This issue is almost as bi-partisan as the Bush/Gore Florida ballots. I hereby call for a Bar BOF in Salt Lake about the topic. Maybe Microsoft could buy the beer or give away free licensed copies of WinXP to people that swear they are Unix zealots or something. My $0.02 Michel. From michel@arneill-py.sacramento.ca.us Sat Dec 8 21:47:15 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 8 Dec 2001 13:47:15 -0800 Subject: Hijacking of prefixes - IPv4 class E (was: Announcing 2003::/16 during tests of "shipworm") Message-ID: <2B81403386729140A3A899A8B39B046403AF7D@server2000.arneill-py.sacramento.ca.us> 6bone folk, In IPv4, there is something called class E (first bits 1111, 240 to 255) that is "Experimental ". The 6bone, IMHO, is not big enough in some experimental situations. There will be a few protocols (think about 6to4) that need the full 32 bits between the TLA and the SLA, which means they would need a /16 to test. Maybe it would be a good idea to create IPv6 "Experimental prefixes", allocate to it a handful of IPv6 /16 prefixes, well know to host wild experiments, that everybody could choose to filter or not. Michel. From Jan Oravec Sun Dec 9 01:36:08 2001 From: Jan Oravec (Jan Oravec) Date: Sun, 9 Dec 2001 02:36:08 +0100 Subject: Hijacking of prefixes - IPv4 class E (was: Announcing 2003::/16 during tests of "shipworm") In-Reply-To: <2B81403386729140A3A899A8B39B046403AF7D@server2000.arneill-py.sacramento.ca.us>; from michel@arneill-py.sacramento.ca.us on Sat, Dec 08, 2001 at 01:47:15PM -0800 References: <2B81403386729140A3A899A8B39B046403AF7D@server2000.arneill-py.sacramento.ca.us> Message-ID: <20011209023608.A76647@ipv6.isternet.sk> > Maybe it would be a good idea to create IPv6 "Experimental prefixes", > allocate to it a handful of IPv6 /16 prefixes, well know to host wild > experiments, that everybody could choose to filter or not. Something like that would be nice for experiments, but advertising such prefixes has no effect, because the prefix can be already used by someone else for another experiment. That implies that such experiments cannot be global experiments. The only one way is to make some authority for time limited prefix delegations <- ugly solution. Anyway, does anyone need to do global experiments ? Best Regards, Jan Oravec XS26 - 'Access to IPv6' jan.oravec@xs26.net From Jan Oravec Sun Dec 9 01:59:05 2001 From: Jan Oravec (Jan Oravec) Date: Sun, 9 Dec 2001 02:59:05 +0100 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <5.1.0.14.0.20011207060243.0310b558@imap2.es.net>; from fink@es.net on Fri, Dec 07, 2001 at 07:04:48AM -0800 References: <20011207030357.A36704@ipv6.isternet.sk> <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> Message-ID: <20011209025905.A78328@ipv6.isternet.sk> Bob, > >I see no reason to not allow *ANY* prefix that has a legit purpose for > >testing on the 6bone. This should in no way break any existing asignments. > I do agree with this. The 6bone is a test network, and as such would not be > doing a proper job if we didn't allow new ideas (and prefixes) to be used > for testing, as long as they don't mess up others (which Rob covers below). How can you ensure, invalid prefixes will not get into production networks ? 6bone is big enough to this be impossible - many AS does not filter anything. Microsoft does not need to announce 2003::/16 to test ShipWorm. They say, they want to test it, not to provide 6bone/IPv6 connection thru ShipWorm. If they want the second, they can SNAT 2003::/16 to some valid address or wait for IANA assignment. > The last communications on this with Randy Bush, our AD, are: and also: > Date: Fri, 07 Dec 2001 15:26:36 -0800 > From: Randy Bush > Subject: Re: (ngtrans) Testing Shipworm > To: "Christian Huitema" > Cc: > > > Our development team is getting ready to test Shipworm. Pending formal > > IANA assignment, we are testing with the following parameters: > > > > Shipworm IPv6 service prefix: 2003::/16 > > Shipworm IPv4 anycast address: 131.107.0.36 > > Shipworm UDP port: 337 > > cool! we should have great fun, as i am hijacking that same space for > a different experiment. > > isn't hijacking fun!!! and our expenses will go down now that we no > longer need the iana or registries. > > oh, and next week, we're going to conduct a bunch of ipv4 routing > experiments announcing various prefixes in 207.46.192.0/18. i'm sure > no one will mind. > > randy Best Regards, Jan Oravec XS26 - 'Access to IPv6' jan.oravec@xs26.net From michel@arneill-py.sacramento.ca.us Sun Dec 9 04:20:11 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 8 Dec 2001 20:20:11 -0800 Subject: Hijacking of prefixes - IPv4 class E (was: Announcing 2003::/16 during tests of "shipworm") Message-ID: <2B81403386729140A3A899A8B39B046403AF81@server2000.arneill-py.sacramento.ca.us> From: Jan Oravec [mailto:wsx@wsx6.net] >> Something like that would be nice for experiments, but advertising >> such prefixes has no effect, because the prefix can be already used >> by someone else for another experiment. There is a finite number of people that need to advertise a /16 on the IPv6 DFZ at the same time for the sole purpose of experimenting a new protocol. >> That implies that such experiments cannot be global experiments. Wrong. >> The only one way is to make some authority for time limited >> prefix delegations Absolutely, and there needs to be no authority for that. >> <- ugly solution. Why? >> Anyway, does anyone need to do global experiments ? This is not even debatable. Not everyone needs global experiments, but some people do. In the case that prompted all that turmoil (shipworm/microsoft), there is no doubt that whoever develops such a protocol will one day or another need to advertise a /16. Hijacking is bad, but regulated hijacking could have some use, especially if it does not break anything. Michel. From michel@arneill-py.sacramento.ca.us Sun Dec 9 04:28:11 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 8 Dec 2001 20:28:11 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" Message-ID: <2B81403386729140A3A899A8B39B046403AF82@server2000.arneill-py.sacramento.ca.us> >> How can you ensure, invalid prefixes will not get into >> production networks ? 6bone is big enough to this be impossible >> - many AS does not filter anything. Come on. Even on my HOME router I filter in and out BGP routes I send and receive to/from my IPv6 BGP peers. 6bone is very, very small. A production network without filtering? give me a break. Michel. From rrockell@sprint.net Sun Dec 9 23:55:15 2001 From: rrockell@sprint.net (Robert J. Rockell) Date: Sun, 9 Dec 2001 18:55:15 -0500 (EST) Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011209025905.A78328@ipv6.isternet.sk> Message-ID: Primary concern: safety. If you can't filter, or don't know how, you should not be connected to the 6bone. However, becuase of the controversy here, I will be allowing the 2003://16 prefix only to transit connections to 6175. If you receive transit from 6175, and do not wish to receive 2003::/16, please filter the prefix. IMHO, the position that "we can't do that becuase people don't filter" is nonsense. If people don't filter, they should not be allowed to participate on the 6bone. Thanks Rob Rockell Principal Engineer SprintLink Europe/Asia (+1) 703-689-6322 Sprint IP Services : Thinking outside the 435 box ----------------------------------------------------------------------- On Sun, 9 Dec 2001, Jan Oravec wrote: ->Bob, -> ->> >I see no reason to not allow *ANY* prefix that has a legit purpose for ->> >testing on the 6bone. This should in no way break any existing asignments. -> ->> I do agree with this. The 6bone is a test network, and as such would not be ->> doing a proper job if we didn't allow new ideas (and prefixes) to be used ->> for testing, as long as they don't mess up others (which Rob covers below). -> ->How can you ensure, invalid prefixes will not get into production ->networks ? 6bone is big enough to this be impossible - many AS does not ->filter anything. -> ->Microsoft does not need to announce 2003::/16 to test ShipWorm. They say, ->they want to test it, not to provide 6bone/IPv6 connection thru ShipWorm. ->If they want the second, they can SNAT 2003::/16 to some valid address or ->wait for IANA assignment. -> ->> The last communications on this with Randy Bush, our AD, are: -> ->and also: -> ->> Date: Fri, 07 Dec 2001 15:26:36 -0800 ->> From: Randy Bush ->> Subject: Re: (ngtrans) Testing Shipworm ->> To: "Christian Huitema" ->> Cc: ->> ->> > Our development team is getting ready to test Shipworm. Pending formal ->> > IANA assignment, we are testing with the following parameters: ->> > ->> > Shipworm IPv6 service prefix: 2003::/16 ->> > Shipworm IPv4 anycast address: 131.107.0.36 ->> > Shipworm UDP port: 337 ->> ->> cool! we should have great fun, as i am hijacking that same space for ->> a different experiment. ->> ->> isn't hijacking fun!!! and our expenses will go down now that we no ->> longer need the iana or registries. ->> ->> oh, and next week, we're going to conduct a bunch of ipv4 routing ->> experiments announcing various prefixes in 207.46.192.0/18. i'm sure ->> no one will mind. ->> ->> randy -> ->Best Regards, -> ->Jan Oravec ->XS26 - 'Access to IPv6' ->jan.oravec@xs26.net -> From fink@es.net Sun Dec 9 23:34:03 2001 From: fink@es.net (Bob Fink) Date: Sun, 09 Dec 2001 15:34:03 -0800 Subject: Hijacking of prefixes - IPv4 class E (was: Announcing 2003::/16 during tests of "shipworm") In-Reply-To: <2B81403386729140A3A899A8B39B046403AF7D@server2000.arneill- py.sacramento.ca.us> Message-ID: <5.1.0.14.0.20011209152332.033da840@imap2.es.net> Michel, At 01:47 PM 12/8/2001 -0800, Michel Py wrote: >6bone folk, > >In IPv4, there is something called class E (first bits 1111, 240 to 255) >that is "Experimental ". > >The 6bone, IMHO, is not big enough in some experimental situations. >There will be a few protocols (think about 6to4) that need the full 32 >bits between the TLA and the SLA, which means they would need a /16 to >test. > >Maybe it would be a good idea to create IPv6 "Experimental prefixes", >allocate to it a handful of IPv6 /16 prefixes, well know to host wild >experiments, that everybody could choose to filter or not. The 6bone only has control over the 3FFE::/16 prefix by direct allocation of the IANA per RFC2471. My take is that, at this stage, it would take a very compelling technical reason to allocate a further /16 for testing purposes, as well as a very strong show of community support to do so. Neither of which is yet obvious. If, over time, it becomes obvious that there is need and support, we can bring it to ngtrans for further evaluation. Meanwhile, I would wait and see what happens to the idea on the 6bone mail list. Thanks, Bob From fink@es.net Mon Dec 10 01:06:13 2001 From: fink@es.net (Bob Fink) Date: Sun, 09 Dec 2001 17:06:13 -0800 Subject: Announcing 2003::/16 during tests of "shipworm" In-Reply-To: <20011209025905.A78328@ipv6.isternet.sk> References: <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> <20011207030357.A36704@ipv6.isternet.sk> <5.1.0.14.0.20011207060243.0310b558@imap2.es.net> Message-ID: <5.1.0.14.0.20011209150351.033e3318@imap2.es.net> Jan, At 02:59 AM 12/9/2001 +0100, Jan Oravec wrote: >Bob, > > > >I see no reason to not allow *ANY* prefix that has a legit purpose for > > >testing on the 6bone. This should in no way break any existing > asignments. > > > I do agree with this. The 6bone is a test network, and as such would > not be > > doing a proper job if we didn't allow new ideas (and prefixes) to be used > > for testing, as long as they don't mess up others (which Rob covers below). > >How can you ensure, invalid prefixes will not get into production >networks ? 6bone is big enough to this be impossible - many AS does not >filter anything. Networks peering with 6bone pTLAs need to filter for many obvious production reasons. If they don't, many worse things can happen than this usage. >Microsoft does not need to announce 2003::/16 to test ShipWorm. They say, >they want to test it, not to provide 6bone/IPv6 connection thru ShipWorm. >If they want the second, they can SNAT 2003::/16 to some valid address or >wait for IANA assignment. Well, they clearly did feel the need to do this, and to my knowledge no harm has resulted. Note that I'm not supporting anything more here than the need to filter in general, and that the testing of SHIPWORM with this prefix isn't harmful to the 6bone if folks follow the rules. Thanks, Bob From michel@arneill-py.sacramento.ca.us Mon Dec 10 02:00:35 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sun, 9 Dec 2001 18:00:35 -0800 Subject: Hijacking of prefixes - IPv4 class E (was: Announcing 2003::/16 during tests of "shipworm") Message-ID: <2B81403386729140A3A899A8B39B046405DD88@server2000.arneill-py.sacramento.ca.us> This is a multi-part message in MIME format. ------_=_NextPart_001_01C1811E.75254FE0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Qm9iLA0KIA0KPj4gTXkgdGFrZSBpcyB0aGF0LCBhdCB0aGlzIHN0YWdlLCBpdCB3b3VsZCB0YWtl IGEgdmVyeSBjb21wZWxsaW5nDQp0ZWNobmljYWwNCj4+IHJlYXNvbiB0byBhbGxvY2F0ZSBhIGZ1 cnRoZXIgLzE2IGZvciB0ZXN0aW5nIHB1cnBvc2VzLCBhcyB3ZWxsIGFzIGENCnZlcnkNCj4+IHN0 cm9uZyBzaG93IG9mIGNvbW11bml0eSBzdXBwb3J0IHRvIGRvIHNvLiBOZWl0aGVyIG9mIHdoaWNo IGlzIHlldA0Kb2J2aW91cy4NCg0KSSBmdWxseSBhZ3JlZSwgSSB3YXMganVzdCB0cnlpbmcgdG8g Y29udHJpYnV0ZSBzb21ldGhpbmcgZGlmZmVyZW50IHRoYW4NCiJNaWNyb3NvZnQgaXMgZXZpbCIg b3IgImV2ZXJ5b25lIGNhbiBhZHZlcnRpc2Ugd2hhdGV2ZXIgcHJlZml4IHRoZXkNCnBsZWFzZSIu Li4NCg0KTWljaGVsDQoNCiANCg0K ------_=_NextPart_001_01C1811E.75254FE0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+IiUCAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAENgAQAAgAAAAIAAgABBYAD AA4AAADRBwwACQASAAAAIwAAACIBASCAAwAOAAAA0QcMAAkAEgAAACQAAAAjAQEJgAEAIQAAADgx QTA3Q0ZDMDlFRTc0NEY4NDczRkNCMzZBRDQyRDM5AFoHAQOQBgCUDwAAOAAAAB8AGgABAAAAEgAA AEkAUABNAC4ATgBvAHQAZQAAAAAAAwA2AAAAAAAfADcAAQAAAMAAAABSAEUAOgAgAEgAaQBqAGEA YwBrAGkAbgBnACAAbwBmACAAcAByAGUAZgBpAHgAZQBzACAALQAgAEkAUAB2ADQAIABjAGwAYQBz AHMAIABFACAAKAB3AGEAcwA6ACAAQQBuAG4AbwB1AG4AYwBpAG4AZwAgADIAMAAwADMAOgA6AC8A MQA2ACAAZAB1AHIAaQBuAGcAIAB0AGUAcwB0AHMAIABvAGYAIAAiAHMAaABpAHAAdwBvAHIAbQAi ACkAAABAADkA4E8ldR6BwQEfAD0AAQAAAAoAAABSAEUAOgAgAAAAAAACAUcAAQAAADMAAABjPXVz O2E9IDtwPWFybmVpbGwtcHk7bD1TRVJWRVIyMDAwLTAxMTIxMDAyMDAzNVotOAAAHwBJAAEAAADA AAAAUgBlADoAIABIAGkAagBhAGMAawBpAG4AZwAgAG8AZgAgAHAAcgBlAGYAaQB4AGUAcwAgAC0A IABJAFAAdgA0ACAAYwBsAGEAcwBzACAARQAgACgAdwBhAHMAOgAgAEEAbgBuAG8AdQBuAGMAaQBu AGcAIAAyADAAMAAzADoAOgAvADEANgAgAGQAdQByAGkAbgBnACAAdABlAHMAdABzACAAbwBmACAA IgBzAGgAaQBwAHcAbwByAG0AIgApAAAAQABOAICnQvwJgcEBHwBaAAEAAAASAAAAQgBvAGIAIABG AGkAbgBrAAAAAAACAVsAAQAAADIAAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABCb2IgRmluawBT TVRQAGZpbmtAZXMubmV0AAAAAgFcAAEAAAARAAAAU01UUDpGSU5LQEVTLk5FVAAAAAAfAF0AAQAA ABIAAABCAG8AYgAgAEYAaQBuAGsAAAAAAAIBXgABAAAAMgAAAAAAAACBKx+kvqMQGZ1uAN0BD1QC AAAAAEJvYiBGaW5rAFNNVFAAZmlua0Blcy5uZXQAAAACAV8AAQAAABEAAABTTVRQOkZJTktARVMu TkVUAAAAAB8AZgABAAAACgAAAFMATQBUAFAAAAAAAB8AZwABAAAAGAAAAGYAaQBuAGsAQABlAHMA LgBuAGUAdAAAAB8AaAABAAAACgAAAFMATQBUAFAAAAAAAB8AaQABAAAAGAAAAGYAaQBuAGsAQABl AHMALgBuAGUAdAAAAB8AcAABAAAAuAAAAEgAaQBqAGEAYwBrAGkAbgBnACAAbwBmACAAcAByAGUA ZgBpAHgAZQBzACAALQAgAEkAUAB2ADQAIABjAGwAYQBzAHMAIABFACAAKAB3AGEAcwA6ACAAQQBu AG4AbwB1AG4AYwBpAG4AZwAgADIAMAAwADMAOgA6AC8AMQA2ACAAZAB1AHIAaQBuAGcAIAB0AGUA cwB0AHMAIABvAGYAIAAiAHMAaABpAHAAdwBvAHIAbQAiACkAAAACAXEAAQAAABsAAAABwYEWwZ85 VRoVeqREXrabE0hevekMAAHYB8QAHwB0AAEAAAAsAAAATQBpAGMAaABlAGwAIABQAHkAOwAgADYA QgBPAE4ARQAgAEwAaQBzAHQAAAAfABoMAQAAABQAAABNAGkAYwBoAGUAbAAgAFAAeQAAAB8AHQ4B AAAAuAAAAEgAaQBqAGEAYwBrAGkAbgBnACAAbwBmACAAcAByAGUAZgBpAHgAZQBzACAALQAgAEkA UAB2ADQAIABjAGwAYQBzAHMAIABFACAAKAB3AGEAcwA6ACAAQQBuAG4AbwB1AG4AYwBpAG4AZwAg ADIAMAAwADMAOgA6AC8AMQA2ACAAZAB1AHIAaQBuAGcAIAB0AGUAcwB0AHMAIABvAGYAIAAiAHMA aABpAHAAdwBvAHIAbQAiACkAAAACAQkQAQAAABQFAAAQBQAAiA8AAExaRnUB5IpsAwAKAHJjcGcx MjWCMgNDaHRtbDEDMD8BAwH3CoACpAPjAgBjaMEKwHNldDAgBxMCgP8QAwBQBFYIVQeyEdUOUQMB 3RDXMgYABsMR1TMERhDZbxLrEeMI7wn3OxjPDjA1OxHSDGBjAFALCQFkMzaTEWALpTQgEAIqXA6y vQGQZxTwCqMR4x3oNBTwADwhRE9DVFlQAEUgSFRNTCBQAFVCTElDICItIC8vVzNDIYBEVCJEIJQz LjIhgEVOnCI+Hu0ejyPBMTgf8G8goiMPJB8mkDMdgCVwRXxBRCXNDvEm7ylvJPQ2QQ7wPE1FVEEH sEExLGA9IkcJ8ASQYXRFBbAiEtBPTlQi0FQTLPAF4UV4EPFuZ2U9BlJ2EzEvQQCQAiAgNoAuMC40 NDE3MBAnIv4qzyUDNzcf8FRJOFRMRSXOMFAH8GU6KSCQaWoA0GsLgGcgEG9mIHAY0GZpeEEHkS0g SVB2HYBjZwtgBBEggCh3NvA04EFkbm4IYG5jNWIB0DCQMzo6LywQIGQIcTU1cXQHkHQEIDWhJnFA dW90O3NoBSB3VQWwbToEKSRuNR/wL/8zTzF/JkU0kTxwKE8mn0BEgjURYDxCT0RZOPDoaXI9QGBy P7BAIwAhcwMwQsFkbwDgQsEKsVz+cRiwQsEQ8AMwQyURYD/bExzxQN9nOTjgPERJnlZC+QAARTc/ +TY0SG+pRY8xNCVRRi3RIACQcHplPTJIWwviRRlCqG9iLCR8NUfxL0zy/0L5QwdJmwHAQwcKolHI CoD9JHwwKBEh4Eg7UclFz0bf/0fvSP9KD0sfTC9NP05PXZ0XUI9Wv0AIOB2AJm5izHNwAoBDGCdh AUBa//9S/1QPVR9WL2OvWE9ZX1yPf1t/bt9dn16vX79xr2SlZ3s6QEMIPnUPdh93LwXQeXk5YGFr LvAEADlgEQB0fCwgLWB7cXtROZBAgGWNe8BpBUA6oHVsZHr0PmEvcnrgPlxs5QWgbXC4ZWxsOTQQ 8AMAYwdA/2E/Yk9Rz2dPaF9pb2p/d7//bJ9tr3Dfb8+LX3Hvcv90D/+OL3i/dz+SX5NvemUY0Dbw fy/RLXB70H/AQ/AtYH2SZv8IcHuAEzE4wgIQBcA5cjViS34vibJwCHBwbxEwc/t7wQQgd3+xnCJ9 tIC/gc//gt+D74T/hg+HH5RfiT+KT/+Nf4xvp++Oj4+fkK+qv5Vf/5Pfru+v/3plOZADYDVxOmDu bwfgNaF/cW038HzQeuD4c3Vwm8AAIJfSQ+CsoPxvLgexfNCZAjWhmk+mQm53OnBE8XtReRFANZBi 4nYvwHVzLp1Pnl+fb/+gf6GPop+jr7Dvpc+pWB/w/lBC+gqxCoHBZ6oPqx+sL/utP8bHSZixf8B6 4ECACdHne8DK4DdhIGq50HvxffCfOTOX8AWgAjAFEGJ1mHH/l6AHgHwRmh/C1UKAASAEkP8J8Hvy A5EuQA3gA2CXoAGAtXtCZbmgbC2gBbEi0ZCffeECIC7wgIADoGFkL0H/mfARMHzwe5HSMjXFzm/C 84+Y8XrgC1CXgWUiLtaw/7oPux+8Kb2/vsXEj8bfvUT/PGHEUcH/ww/EHsavx7/Iz//J39DBmQCA r9fv2P/aD9sf/+FP3T/eT99f4G/rT+KP45//rg/mH+cv8/9kr2W/6I/pn3/qr+u/7M/t3/8PQXcl US9/QjI/vwC/A0EzET9gJZN9AQVwHwA1EAEAAACgAAAAPAAyAEIAOAAxADQAMAAzADMAOAA2ADcA MgA5ADEANAAwAEEAMwBBADgAOQA5AEEAOABCADMAOQBCADAANAA2ADQAMAA1AEQARAA4ADgAQABz AGUAcgB2AGUAcgAyADAAMAAwAC4AYQByAG4AZQBpAGwAbAAtAHAAeQAuAHMAYQBjAHIAYQBtAGUA bgB0AG8ALgBjAGEALgB1AHMAPgAAAB8ARxABAAAAHgAAAG0AZQBzAHMAYQBnAGUALwByAGYAYwA4 ADIAMgAAAAAACwDyEAEAAAAfAPMQAQAAAOAAAABSAEUAJQAzAEEAIABIAGkAagBhAGMAawBpAG4A ZwAgAG8AZgAgAHAAcgBlAGYAaQB4AGUAcwAgAC0AIABJAFAAdgA0ACAAYwBsAGEAcwBzACAARQAg ACgAdwBhAHMAJQAzAEEAIABBAG4AbgBvAHUAbgBjAGkAbgBnACAAMgAwADAAMwAlADMAQQAlADMA QQD/+DEANgAgAGQAdQByAGkAbgBnACAAdABlAHMAdABzACAAbwBmACAAJQAyADIAcwBoAGkAcAB3 AG8AcgBtACUAMgAyACkALgBFAE0ATAAAAAsA9hAAAAAAQAAHMHBHsSEegcEBQAAIMGBvYnUegcEB AwDeP+n9AAADAPE/CQQAAB8A+D8BAAAAFAAAAE0AaQBjAGgAZQBsACAAUAB5AAAAAgH5PwEAAABg AAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC9PPUFSTkVJTEwtUFkvT1U9RklSU1QgQURN SU5JU1RSQVRJVkUgR1JPVVAvQ049UkVDSVBJRU5UUy9DTj1NSUNIRUwAHwD6PwEAAAAqAAAAUwB5 AHMAdABlAG0AIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAAAAAAACAfs/AQAAAB4AAAAAAAAA 3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAALgAAAAMA/T/kBAAAAwAZQAAAAAADABpAAAAAAAMAHUAA AAAAAwAeQAAAAAAfADBAAQAAAA4AAABNAEkAQwBIAEUATAAAAAAAHwAxQAEAAAAOAAAATQBJAEMA SABFAEwAAAAAAB8AMkABAAAAGAAAAGYAaQBuAGsAQABlAHMALgBuAGUAdAAAAB8AM0ABAAAAGAAA AGYAaQBuAGsAQABlAHMALgBuAGUAdAAAAB8AOEABAAAADgAAAE0ASQBDAEgARQBMAAAAAAAfADlA AQAAAAQAAAAuAAAACwApAAAAAAALACMAAAAAAAMABhC9kkJ9AwAHEDoBAAADABAQAAAAAAMAERAA AAAAHgAIEAEAAABlAAAAQk9CLE1ZVEFLRUlTVEhBVCxBVFRISVNTVEFHRSxJVFdPVUxEVEFLRUFW RVJZQ09NUEVMTElOR1RFQ0hOSUNBTFJFQVNPTlRPQUxMT0NBVEVBRlVSVEhFUi8xNkZPUlRFU1RJ TgAAAAACAX8AAQAAAFAAAAA8MkI4MTQwMzM4NjcyOTE0MEEzQTg5OUE4QjM5QjA0NjQwNUREODhA c2VydmVyMjAwMC5hcm5laWxsLXB5LnNhY3JhbWVudG8uY2EudXM+AE/P ------_=_NextPart_001_01C1811E.75254FE0-- From dave.wilson@heanet.ie Mon Dec 10 18:37:54 2001 From: dave.wilson@heanet.ie (Dave Wilson) Date: Mon, 10 Dec 2001 18:37:54 +0000 Subject: Routing of 2002::/16 Message-ID: <3C150102.1010504@heanet.ie> Hi all, I'm looking into setting up a 6to4 relay router for my customers, and could use some help parsing RFC3056. > On its native IPv6 interface, the relay router MUST advertise a route > to 2002::/16. It MUST NOT advertise a longer 2002:: routing prefix > on that interface. Routing policy within the native IPv6 routing > domain determines the scope of that advertisement, thereby limiting > the visibility of the relay router in that domain. > Now I take it that this means that I must advertise 2002::/16 within my own network, and to as many of my peers as I (and they) choose, but there is no requirement to advertise it to the entire IPv6 internet. Is this correct? If so, is it good practise to attempt to advertise 2002::/16 widely, or selectively? I see also that it's forbidden to advertise prefixes longer than 2002::/16, for good reason. This would seem to mean that packets going from native IPv6 site --> 6to4 site are reliant on either the native site (or their upstream) having a relay router, or on some kind person advertising 2002::/16 to the entire internet. Is this so? Many thanks, Dave From pekkas@netcore.fi Mon Dec 10 21:47:44 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 10 Dec 2001 23:47:44 +0200 (EET) Subject: Routing of 2002::/16 In-Reply-To: <3C150102.1010504@heanet.ie> Message-ID: On Mon, 10 Dec 2001, Dave Wilson wrote: > > On its native IPv6 interface, the relay router MUST advertise a route > > to 2002::/16. It MUST NOT advertise a longer 2002:: routing prefix > > on that interface. Routing policy within the native IPv6 routing > > domain determines the scope of that advertisement, thereby limiting > > the visibility of the relay router in that domain. > > > > Now I take it that this means that I must advertise 2002::/16 within my > own network, and to as many of my peers as I (and they) choose, but > there is no requirement to advertise it to the entire IPv6 internet. Is > this correct? If so, is it good practise to attempt to advertise > 2002::/16 widely, or selectively? Yes. Depending on your network connectivity, whether you want to provide free service etc. you may or may not advertise it to the whole Internet. It's up to you. The shortest paths win, so you probably wouldn't be getting all the traffic anyway. Here, we're announcing the route with no-export community to all of our neighbours even though there is no reason to be shy about it (we're already advertising 192.88.99.0/24 to the whole Internet). > I see also that it's forbidden to advertise prefixes longer than > 2002::/16, for good reason. This would seem to mean that packets going > from native IPv6 site --> 6to4 site are reliant on either the native > site (or their upstream) having a relay router, or on some kind person > advertising 2002::/16 to the entire internet. Is this so? Yes, multiple sources advertise 2002::/16 to the whole Internet. A route is required, in one way or the other. This is IMO a major problem with 6to4 -- the path for return packets may be very non-optimal. This can only be remedied by more 6to4 relays. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From michel@arneill-py.sacramento.ca.us Tue Dec 11 00:32:01 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Mon, 10 Dec 2001 16:32:01 -0800 Subject: Routing of 2002::/16 Message-ID: <2B81403386729140A3A899A8B39B046405DD95@server2000.arneill-py.sacramento.ca.us> This is a multi-part message in MIME format. ------_=_NextPart_001_01C181DB.403DA820 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Pj4gRnJvbTogRGF2ZSBXaWxzb24gDQo+PiBJJ20gbG9va2luZyBpbnRvIHNldHRpbmcgdXAgYSA2 dG80IHJlbGF5IHJvdXRlciBmb3IgbXkgY3VzdG9tZXJzDQoNCkkgZG9uJ3QgdW5kZXJzdGFuZCB3 aHkgeW91IG5lZWQgYSA2dG80IHJlbGF5IGluIHRoZSBmaXJzdCBwbGFjZS4gWW91IGFyZQ0KbWVu dGlvbm5pbmcgYWR2ZXJ0aXNpbmcgcm91dGVzIHRvIHlvdXIgY3VzdG9tZXJzLiBUaGlzIGltcGxp ZXMgdGhhdCB0aGV5DQpoYXZlIElQdjYgY2FwYWJsZSByb3V0ZXJzIHRoYXQgY2FuIGFsc28gdW5k ZXJzdGFuZCBSSVAgb3IgQkdQIGZvciBJUHY2Lg0KSWYgSSBhc3N1bWUgY29ycmVjdGx5LCB0aGVz ZSBjdXN0b21lcnMgYWxzbyBoYXZlIElQdjQgSW50ZXJuZXQgYWNjZXNzLA0KdGhlcmVmb3JlIHRo ZXkgc2hvdWQgYmUgYWJsZSB0byBjb25maWd1cmUgNnRvNCBvbiB0aGVpciBzaXRlcy4gSWYgdGhl eQ0KZG9uJ3Qga25vdyBob3csIHRoaXMgaXMgY2FsbGVkIGJpbGxhYmxlIHNlcnZpY2VzLi4uLi4N Cg0KTWljaGVsLg0KDQo= ------_=_NextPart_001_01C181DB.403DA820 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+IgMAAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAENgAQAAgAAAAIAAgABBYAD AA4AAADRBwwACgAQACAAAQABACABASCAAwAOAAAA0QcMAAoAEAAgAAEAAQAgAQEJgAEAIQAAAEND NTVGOTlDQ0Q3NjE5NDQ4MThBQTBDNUVFMDBDQkZFAHYHAQOQBgAYDAAAOAAAAB8AGgABAAAAEgAA AEkAUABNAC4ATgBvAHQAZQAAAAAAAwA2AAAAAAAfADcAAQAAADIAAABSAEUAOgAgAFIAbwB1AHQA aQBuAGcAIABvAGYAIAAyADAAMAAyADoAOgAvADEANgAAAAAAQAA5ACCoPUDbgcEBHwA9AAEAAAAK AAAAUgBFADoAIAAAAAAAAgFHAAEAAAA0AAAAYz11czthPSA7cD1hcm5laWxsLXB5O2w9U0VSVkVS MjAwMC0wMTEyMTEwMDMyMDFaLTE5AB8ASQABAAAAKgAAAFIAbwB1AHQAaQBuAGcAIABvAGYAIAAy ADAAMAAyADoAOgAvADEANgAAAAAAQABOAAAthsepgcEBHwBaAAEAAAAYAAAARABhAHYAZQAgAFcA aQBsAHMAbwBuAAAAAgFbAAEAAAA/AAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAAARGF2ZSBXaWxz b24AU01UUABkYXZlLndpbHNvbkBoZWFuZXQuaWUAAAIBXAABAAAAGwAAAFNNVFA6REFWRS5XSUxT T05ASEVBTkVULklFAAAfAF0AAQAAABgAAABEAGEAdgBlACAAVwBpAGwAcwBvAG4AAAACAV4AAQAA AD8AAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABEYXZlIFdpbHNvbgBTTVRQAGRhdmUud2lsc29u QGhlYW5ldC5pZQAAAgFfAAEAAAAbAAAAU01UUDpEQVZFLldJTFNPTkBIRUFORVQuSUUAAB8AZgAB AAAACgAAAFMATQBUAFAAAAAAAB8AZwABAAAALAAAAGQAYQB2AGUALgB3AGkAbABzAG8AbgBAAGgA ZQBhAG4AZQB0AC4AaQBlAAAAHwBoAAEAAAAKAAAAUwBNAFQAUAAAAAAAHwBpAAEAAAAsAAAAZABh AHYAZQAuAHcAaQBsAHMAbwBuAEAAaABlAGEAbgBlAHQALgBpAGUAAAAfAHAAAQAAACoAAABSAG8A dQB0AGkAbgBnACAAbwBmACAAMgAwADAAMgA6ADoALwAxADYAAAAAAAIBcQABAAAAGwAAAAHBgcXu QS8BhBhjM0xxmKmSURFjOwsABQ3NzQAfAHQAAQAAABwAAAA2AGIAbwBuAGUAQABJAFMASQAuAEUA RABVAAAAHwAaDAEAAAAUAAAATQBpAGMAaABlAGwAIABQAHkAAAAfAB0OAQAAACoAAABSAG8AdQB0 AGkAbgBnACAAbwBmACAAMgAwADAAMgA6ADoALwAxADYAAAAAAAIBCRABAAAA+AMAAPQDAABxCAAA TFpGdY4vQqcDAAoAcmNwZzEyNYIyA0NodG1sMQMw/wEDAfcKgAKkA+QHEwKAEAP/AFAEVghVB7IR NQ5RAwECAIRjaArAc2V0MgYA2wbDETUzBEYTxzASPBFD2wjvCfc7GC8OMDURMgxgzmMAUAsJAWQz NhZgC6VkNCAQAipcDrIBkGcvFFAKoxFDHUg0FFA8IQBET0NUWVBFIABIVE1MIFBVQgBMSUMgIi0v L4hXM0Mg4ERURB/0CDMuMiDgRU4iPuceTR3vIyExOB9QIAIibxsjfyXwMxzgJNBFQURfJS0O8SZP KM8kVDYO8DxQTUVUQQewQSvAPUwiRwnwBJBhdAWwItESME9OVCIwVCxQBeFERXgT4W5nZQZSdg8S kS6hAJACICA2LjDgLjQ0MTcvcCJeKi8JJGM3Nx9QVElUTE5FJS4vsAfxdXQLgGcQIG9mIAHQMDI6 rDovK3AjzjUfUC8yr38w3yWlM/E2gCevJf86VDUBFmA8Qk9EWSBk6GlyPTpwcjnAOjMAIXMDMDzR ZG8A4DzRCrFc/nEYEDzRE+ADMD01FmA569McUTrvZzYncVA9CQAAiz9POmM4HOAmZ3QCgJ09Jz5D D0QfRS8gRgNhkDogRGEuoCBXAxDecy8xI9wrcDwhUj0LC4D+ZQqBRa9Gv0U/TQ9OH0hlkEknbSAX wG9rNGIbC4As0CAUITRTdXAg/mEvUCzQHO0c4EDEGDALYHx5IANgNEASkQIQBcBt8VXgY3VzLNAH gBQQPSb/CqI9FwpyPTcKsUw/OjYBwL82cUIxP99A70H/WehJPIDlAiAnBUB1bgSBVwAAcFBkIHdo VeB5CGAgHyyQCYBT1lWkC4AgdGgtLlBmPKBXACALUWNl+C4gWWEhCsAuUFRfXOKfB4ACMC8hAwA0 cWFkLqH/NFAAkDRxVgMEIFMBYREFwLNW52OQVGgEAFLQbQtQ/wiQZ1ET8AVAYqFV4BPwSVEjZD9c 4klQdkrgY2H/CrACYC5QVgRpVWwAA6AHQDtJsGAaUmuwNJAFwEJHb26wVnJrsmOQSTSwX6BhfQQQ dQeAal9c0wWhGDBj8HRseSxikhQgVththPdqE2uxHOBJAjAEkRQwU9D+Y2NwBBBygxgwVnEuUGnD vHNoCGBgsHCvXOJiLlDXbDNTAQWgbmLgZwhwLlDfVAMvMWKhPKBTIGlnMW/DY2nDX8Rrbm8H4Hag d+9ygmjCBCBsAGxsUHbfd+X/AxALYGxCFCAukA3geqF/sv9Xf1iPWZ9ar1u/XM9d30Lq9k0N4GKw bH//gQ+CH4Mv34Q/hU+NrzuWJLEvPEI5z1+PT5HRMnE5cCTzfZQAHwA1EAEAAACgAAAAPAAyAEIA OAAxADQAMAAzADMAOAA2ADcAMgA5ADEANAAwAEEAMwBBADgAOQA5AEEAOABCADMAOQBCADAANAA2 ADQAMAA1AEQARAA5ADUAQABzAGUAcgB2AGUAcgAyADAAMAAwAC4AYQByAG4AZQBpAGwAbAAtAHAA eQAuAHMAYQBjAHIAYQBtAGUAbgB0AG8ALgBjAGEALgB1AHMAPgAAAB8ARxABAAAAHgAAAG0AZQBz AHMAYQBnAGUALwByAGYAYwA4ADIAMgAAAAAACwDyEAEAAAAfAPMQAQAAAEYAAABSAEUAJQAzAEEA IABSAG8AdQB0AGkAbgBnACAAbwBmACAAMgAwADAAMgAlADMAQQAlADMAQQD/+DEANgAuAEUATQBM AAAAAAALAPYQAAAAAEAABzCwo3Ml2oHBAUAACDAA8ExA24HBAQMA3j/p/QAAAwDxPwkEAAAfAPg/ AQAAABQAAABNAGkAYwBoAGUAbAAgAFAAeQAAAAIB+T8BAAAAYAAAAAAAAADcp0DIwEIQGrS5CAAr L+GCAQAAAAAAAAAvTz1BUk5FSUxMLVBZL09VPUZJUlNUIEFETUlOSVNUUkFUSVZFIEdST1VQL0NO PVJFQ0lQSUVOVFMvQ049TUlDSEVMAB8A+j8BAAAAKgAAAFMAeQBzAHQAZQBtACAAQQBkAG0AaQBu AGkAcwB0AHIAYQB0AG8AcgAAAAAAAgH7PwEAAAAeAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAA AAAAAC4AAAADAP0/5AQAAAMAGUAAAAAAAwAaQAAAAAADAB1AAAAAAAMAHkAAAAAAHwAwQAEAAAAO AAAATQBJAEMASABFAEwAAAAAAB8AMUABAAAADgAAAE0ASQBDAEgARQBMAAAAAAAfADJAAQAAACwA AABkAGEAdgBlAC4AdwBpAGwAcwBvAG4AQABoAGUAYQBuAGUAdAAuAGkAZQAAAB8AM0ABAAAALAAA AGQAYQB2AGUALgB3AGkAbABzAG8AbgBAAGgAZQBhAG4AZQB0AC4AaQBlAAAAHwA4QAEAAAAOAAAA TQBJAEMASABFAEwAAAAAAB8AOUABAAAABAAAAC4AAAALACkAAAAAAAsAIwAAAAAAAwAGEKSzM+ID AAcQlgEAAAMAEBACAAAAAwAREAEAAAAeAAgQAQAAAGUAAABGUk9NOkRBVkVXSUxTT05JTUxPT0tJ TkdJTlRPU0VUVElOR1VQQTZUTzRSRUxBWVJPVVRFUkZPUk1ZQ1VTVE9NRVJTSURPTlRVTkRFUlNU QU5EV0hZWU9VTkVFREE2VE80UkVMAAAAAAIBfwABAAAAUAAAADwyQjgxNDAzMzg2NzI5MTQwQTNB ODk5QThCMzlCMDQ2NDA1REQ5NUBzZXJ2ZXIyMDAwLmFybmVpbGwtcHkuc2FjcmFtZW50by5jYS51 cz4AHbk= ------_=_NextPart_001_01C181DB.403DA820-- From mcr@sandelman.ottawa.on.ca Tue Dec 11 02:51:27 2001 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Mon, 10 Dec 2001 19:51:27 -0700 Subject: Routing of 2002::/16 In-Reply-To: Your message of "Mon, 10 Dec 2001 18:37:54 GMT." <3C150102.1010504@heanet.ie> Message-ID: <200112110251.fBB2pRI00807@marajade.sandelman.ottawa.on.ca> >>>>> "Dave" == Dave Wilson writes: Dave> Now I take it that this means that I must advertise 2002::/16 within my Dave> own network, and to as many of my peers as I (and they) choose, but If you have a 6to4 gateway, you should advertise 2002::/16 so that your network will know how to find the gateway and thus reach 6to4 nodes. If you are *using* 6to4 addresses, then once you have formed your /48 prefix, you may well be subnetting that, and you likely want to advertise /64s (or however you subnet) internal to your network. Dave> I see also that it's forbidden to advertise prefixes longer than Dave> 2002::/16, for good reason. This would seem to mean that packets going Dave> from native IPv6 site --> 6to4 site are reliant on either the native Dave> site (or their upstream) having a relay router, or on some kind person Dave> advertising 2002::/16 to the entire internet. Is this so? I'm not entirely clear why an ISP that had, for instance 209.151.0.0/19, couldn't advertise a gateway to 2002:d197:0000::/35 to its v6 peers. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ From Francis.Dupont@enst-bretagne.fr Tue Dec 11 04:32:15 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Tue, 11 Dec 2001 05:32:15 +0100 Subject: Routing of 2002::/16 In-Reply-To: Your message of Mon, 10 Dec 2001 18:37:54 GMT. <3C150102.1010504@heanet.ie> Message-ID: <200112110432.fBB4WFD20031@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: I'm looking into setting up a 6to4 relay router for my customers, and could use some help parsing RFC3056. => I had the same problem for a set of experimental IPv6 networks so we can share ideas... Now I take it that this means that I must advertise 2002::/16 within my own network, and to as many of my peers as I (and they) choose, but there is no requirement to advertise it to the entire IPv6 internet. Is this correct? => yes, you have not to provide the service to everybody. If so, is it good practise to attempt to advertise 2002::/16 widely, or selectively? => this is economics... I see also that it's forbidden to advertise prefixes longer than 2002::/16, for good reason. => yes, in our case a longer prefix is useless. This would seem to mean that packets going from native IPv6 site --> 6to4 site are reliant on either the native site (or their upstream) having a relay router, or on some kind person advertising 2002::/16 to the entire internet. Is this so? => yes, the routing protocol will choose the best one. Between a native IPv6 node and a 6to4 one, the position of 6to4 relays will give what IPv6 and IPv4 infrastructures are used. As they are not free in general, this matters! My advice is we have to control this, by proper management of advertisements and filtering at the IPv6 relay against abuse (not only the long list of trivial abuses you can get in KAME stf manual page, Itojun can say more about this). Regards Francis.Dupont@enst-bretagne.fr From fink@es.net Tue Dec 11 04:43:34 2001 From: fink@es.net (Bob Fink) Date: Mon, 10 Dec 2001 20:43:34 -0800 Subject: pTLA request for CNIT - review closes 24 December 2001 Message-ID: <5.1.0.14.0.20011210204021.033b8218@imap2.es.net> 6bone Folk, CNIT has requested a pTLA allocation. The open review period for this will close 24 December 2001. Please send your comments to me or the list. Thanks, Bob === >Date: Mon, 10 Dec 2001 17:27:50 +0100 >From: Gianluca Mazzini >To: Bob Fink >Cc: ipv6@cnit.it >Subject: pTLA request > >Dear Bob, > >by following the suggestion you give me the last week, I have work a >lot around the submission of a IPv6 space request with a /24 or /28 >for the CNIT. In the following you can find our request that I hope >you will process. > >Best Regards > >Gianluca Mazzini > >7. Guidelines for 6Bone pTLA sites > > The following rules apply to qualify for a 6Bone pTLA allocation. It > should be recognized that holders of 6Bone pTLA allocations are > expected to provide production quality backbone network services for > the 6Bone. > > 1. The pTLA Applicant must have a minimum of three (3) months > qualifying experience as a 6Bone end-site or pNLA transit. During > the entire qualifying period the Applicant must be operationally > providing the following: > > >The applicance is for CNIT. This acronymous is for National Consortium >Inter-University for telecommunications. This consortium links a large >number of italian universities involved in projects, developments and >researches in the telecommunications field. The web site of the >consortium is www.cnit.it, where a lot of information about the >consortium and its parters are hosted. > >Since the beginning of 2001 the consortium has developed a proprietary >network based on ATM, HDSL, Frame relay and Satellite links with more >than 20 site connected. CNIT is an autonous system on IPv4 (AS20754) >with allocation 217.9.64.0/20. > >In parallel, University of Ferrara (UNIFE), a CNIT member has >performed a lot of activities on IPv6 since 1997, working on proxy >IPv6/v4 developing, multicast streaming (with CSELT now TILAB) and >redundant routing (European project www.depaude.org). CNIT has >recently ask to UNIFE some helps to create a native IPv6 network with >the aim of using it both in all the local site and in the geographic >connection. Where the native IPv6 is not supported, tunnelling has >been used. > >Actually the system is running with some /48 given by public tunnel >broker service but the potentially high number of users (researchers >and students), the large dimension of the network and the planned >developing and research activities need to migrate to a /24 or /28. > > a. Fully maintained, up to date, 6Bone Registry entries for their > ipv6-site inet6num, mntner, and person objects, including each > tunnel that the Applicant has. > >This point is satisfied as you can check searching for CNIT on the >6BONE database. > > >ipv6-site: CNIT >origin: AS20745 >descr: Consorzio Nazionale Interuniversitario per le Telecomunicazioni >country: IT >prefix: 3FFE:8171:49::/48 >tunnel: IPv6 in IPv4 gw-cnit-fe-na.cnit.it -> 6bone-gw1.edisontel.it >EDISONTEL BGP4+ >tunnel: IPv6 in IPv4 gw-cnit-fe-na.cnit.it -> >100tx-f1-0.c7206.ipv6.he.net HE BGP4+ >tunnel: IPv6 in IPv4 gw-cnit-fe-na.cnit.it -> >6bone-gw3.ipv6.cselt.it TILAB BGP4+ >contact: GM1-6BONE >contact: SZ-6BONE >contact: SV-6BONE >mnt-by: UNIFE-MNT >changed: g.mazzini@ieee.org 20010731 >changed: g.mazzini@ieee.org 20011206 >changed: g.mazzini@ieee.org 20011207 >source: 6BONE > >inet6num: 3FFE:8171:49::/48 >netname: CNIT >descr: Consorzio Nazionale Interuniversitario per le Telecomunicazioni >country: IT >admin-c: GM1-6BONE >tech-c: SZ-6BONE >tech-c: SV-6BONE >mnt-by: UNIFE-MNT >changed: g.mazzini@ieee.org 20010731 >changed: g.mazzini@ieee.org 20011206 >changed: g.mazzini@ieee.org 20011210 >source: 6BONE > >person: Gianluca Mazzini >address: University of Ferarra >address: Via Saragat 1 >address: 44100 Ferrara >address: Italy >phone: +39 335 8160916 >fax-no: +39 0532 768602 >e-mail: g.mazzini@ieee.org >nic-hdl: GM1-6BONE >notify: g.mazzini@ieee.org >mnt-by: UNIFE-MNT >changed: g.mazzini@ieee.org 20010731 >source: 6BONE > >person: Sandro Zappatore >address: Consorzio Nazionale Interuniversitario per le Telecomunicazioni >address: Via Diocleziano 328 >address: I- 80125 Napoli NA >address: Italy >phone: +39 081 2303311 >fax-no: +39 081 2303311 >e-mail: sandro.zappatore@cnit.it >nic-hdl: SZ-6BONE >mnt-by: UNIFE-MNT >changed: g.mazzini@ieee.org 20010731 >source: 6BONE > >person: Stefano Vignola >address: Consorzio Nazionale Interuniversitario per le Telecomunicazioni >address: Via Diocleziano 328 >address: I- 80125 Napoli NA >address: Italy >phone: +39 081 2303311 >fax-no: +39 081 2303311 >e-mail: stefano.vignola@cnit.it >nic-hdl: SV-6BONE >mnt-by: UNIFE-MNT >changed: g.mazzini@ieee.org 20010731 >source: 6BONE > > b. Fully maintained, and reliable, BGP4+ peering and connectivity > between the Applicant's boundary router and the appropriate > connection point into the 6Bone. This router must be IPv6 > pingable. This criteria is judged by members of the 6Bone > Operations Group at the time of the Applicant's pTLA request. > >Three differents connection between our autonomous system and the >6bone is active with BGP4+. Our router has IPv4 217.9.66.10, it is >pingable (also in ipv6 to 3FFE:8171:49::1, 3FFE:1200:3028:8116::1, >3FFE:1001:580::1) and the tunnels are > >tunnel: IPv6 in IPv4 gw-cnit-fe-na.cnit.it -> 6bone-gw1.edisontel.it >EDISONTEL BGP4+ >tunnel: IPv6 in IPv4 gw-cnit-fe-na.cnit.it -> >100tx-f1-0.c7206.ipv6.he.net HE BGP4+ >tunnel: IPv6 in IPv4 gw-cnit-fe-na.cnit.it -> >6bone-gw3.ipv6.cselt.it TILAB BGP4+ > >Furthermore, our main IPv6 router, a CISCO with IOS 12.2, give the >following output for the bgp > >BGP router identifier 217.9.66.10, local AS number 20745 >BGP table version is 956, main routing table version 956 >301 network entries and 706 paths using 86837 bytes of memory >503 BGP path attribute entries using 30180 bytes of memory >483 BGP AS-PATH entries using 13292 bytes of memory >956 BGP route-map cache entries using 15296 bytes of memory >0 BGP filter-list cache entries using 0 bytes of memory >BGP activity 1447/5859 prefixes, 4548/3842 paths, scan interval 15 secs > >Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down >State/PfxRcd >2001:750:E::C 4 15589 6480 12175 956 0 0 05:11:09 190 >3FFE:1001:1:F022::1 > 4 5609 7377 6794 956 0 0 05:20:01 280 >3FFE:1200:3028:FF01::4B04 > 4 6939 12990 6164 956 0 0 05:19:23 233 > > > c. Fully maintained DNS forward (AAAA) and reverse (ip6.int) > entries for the Applicant's router(s) and at least one host > system. > >An AAAA on cnit.it domain is available on the subdomain >ipv6.cnit.it. The actual dns are 217.9.64.3 and 192.167.215.104. This >works also for the reverse lookup for the network 3FFE:8171:49::/48 we >actually use. The dns is pingable and accessible but it is forbitten >to obtain the host list for security and privacy reason. The following >list of IPv6 host is actually registered and running but we are >strongly working to expand them. > >fs IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df20 >dns IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df49 >tlc1 IN AAAA 3ffe:8171:0049:0002:2c0:26ff:fe10:8d08 >tlc2 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df09 >tlc3 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df22 >tlc8 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df34 >tlc9 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df19 >tlc10 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df21 >tlc11 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df32 >tlc12 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df12 >tlc13 IN AAAA 3ffe:8171:0049:0002:201:2ff:fef2:d147 >tlc14 IN AAAA 3ffe:8171:0049:0002:201:2ff:fe94:df15 >tlc20 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3620 >tlc21 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:45e5 >tlc23 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:45e0 >tlc25 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3893 >tlc26 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3618 >tlc27 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3619 >tlc28 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3892 >tlc29 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3894 >tlc30 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:45cc >tlc32 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:460f >tlc33 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:45ea >tlc34 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3617 >tlc36 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3616 >tlc38 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:4628 >tlc39 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:45f2 >tlc40 IN AAAA 3ffe:8171:0049:0002:2e0:18ff:fe21:3621 > > > d. A fully maintained, and reliable, IPv6-accessible system > providing, at a mimimum, one or more web pages, describing the > Applicant's IPv6 services. This server must be IPv6 pingable. > >A web site at the address www.ipv6.cnit.it is available and >pingable. It is working in IPv6 only. The server actually does not >offer any service but it declare the service that we will implement >soon. > > 2. The pTLA Applicant MUST have the ability and intent to provide > "production-quality" 6Bone backbone service. Applicants must > provide a statement and information in support of this claim. > This MUST include the following: > > a. A support staff of two persons minimum, three preferable, with > person attributes registered for each in the ipv6-site object > for the pTLA applicant. > >As you can see from the previous reported list 3 persons is registered >for the CNIT IPv6 management, their name are Sandro Zappatore, Stefano >Vignola and Gianluca Mazzini. > > b. A common mailbox for support contact purposes that all support > staff have acess to, pointed to with a notify attribute in the > ipv6-site object for the pTLA Applicant. > >A common mailbox with address ipv6@cnit.it has been created for >technical contact and it is internally accessible by all the technical >person involved in the IPv6 management. > > 3. The pTLA Applicant MUST have a potential "user community" that > would be served by its becoming a pTLA, e.g., the Applicant is a > major provider of Internet service in a region, country, or focus > of interest. Applicant must provide a statement and information in > support this claim. > >As underlined in the 7.1 topic, the CNIT as broad consortium of >italian University cover the whole country and it will give access to >a potentially huge number of student, researcher and people. A lot of >projects in which CNIT is involved require network extension to final >users and to other company. Furthermore, the number of university >directly linked with CNIT growth every mounth with a very interesting >trend. The basic persons in the CNIT permanent staff is about 300 and >the number of students directly managed, and potentially involved in >the IPV6 use, are around a million. > > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > operational rules and policies as they exist at time of its > application, and agree to abide by future 6Bone backbone > operational rules and policies as they evolve by consensus of the > 6Bone backbone and user community. > >We agree with the actual policy and we will accept any future >decisions the 6bone will take, by operating as a consequence of these >actions. > > When an Applicant seeks to receive a pTLA allocation, it will apply > to the 6Bone Operations Group (see section 8 below) by providing to > the Group information in support of its claims that it meets the > criteria above. > >All the people involved in this request are directly interested on the >IPv6 and they are subscripted to the mailing list before the beginning >of this project. > >8. 6Bone Operations Group > > The 6Bone Operations Group is the group in charge of monitoring and > policing adherence to the current rules. Membership in the 6Bone > Operations Group is mandatory for, and restricted to, sites connected > to the 6Bone. > > The 6Bone Operations Group is currently defined by those members of > the existing 6Bone mailing list who represent sites participating in > the 6Bone. Therefore it is incumbent on relevant site contacts to > join the 6Bone mailing list. Instructions on how to join the list are > maintained on the 6Bone web site at < http://www.6bone.net>. > >In am registered in the 6BONE mailing list since a lot of years ago. From itojun@iijlab.net Tue Dec 11 15:53:10 2001 From: itojun@iijlab.net (Jun-ichiro itojun Hagino) Date: Wed, 12 Dec 2001 00:53:10 +0900 Subject: Routing of 2002::/16 In-Reply-To: Francis.Dupont's message of Tue, 11 Dec 2001 05:32:15 +0100. <200112110432.fBB4WFD20031@givry.rennes.enst-bretagne.fr> Message-ID: <20011211155311.085DB7BA@starfruit.itojun.org> >(not only the long list of trivial abuses you can get in KAME stf >manual page, Itojun can say more about this). just in case you don't have *BSD systems. http://www.tac.eu.org/cgi-bin/man-cgi?stf+4+NetBSD-current itojun From Francis.Dupont@enst-bretagne.fr Tue Dec 11 16:50:06 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Tue, 11 Dec 2001 17:50:06 +0100 Subject: Routing of 2002::/16 In-Reply-To: Your message of Mon, 10 Dec 2001 16:32:01 PST. <2B81403386729140A3A899A8B39B046405DD95@server2000.arneill-py.sacramento.ca.us> Message-ID: <200112111650.fBBGo6D21467@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: If I assume correctly, these customers also have IPv4 Internet access, => your assumption is not correct if you add "usable for 6to4 relaying". Regards Francis.Dupont@enst-bretagne.fr PS: a notable fraction of IPv6 sites I know are in fact IPv6 only (i.e. no IPv4 or IPv4 managed by other with firewalls, etc). From pekkas@netcore.fi Tue Dec 11 19:21:09 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Tue, 11 Dec 2001 21:21:09 +0200 (EET) Subject: Routing of 2002::/16 In-Reply-To: <200112110432.fBB4WFD20031@givry.rennes.enst-bretagne.fr> Message-ID: On Tue, 11 Dec 2001, Francis Dupont wrote: > (not only the long list of trivial abuses you can get in KAME stf > manual page, Itojun can say more about this). If someone finds this subject interesting, there is also an issue that clarifies security issues around 6to4 at: http://www.ietf.org/internet-drafts/draft-savola-ngtrans-6to4-security-00.txt -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From mcr@sandelman.ottawa.on.ca Tue Dec 11 19:55:13 2001 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Tue, 11 Dec 2001 12:55:13 -0700 Subject: Routing of 2002::/16 In-Reply-To: Your message of "Tue, 11 Dec 2001 11:02:00 EST." <20011211110200.A24477@litech.org> Message-ID: <200112111955.fBBJtE402060@marajade.sandelman.ottawa.on.ca> >>>>> "Nathan" == Nathan Lutchansky writes: Nathan> On Mon, Dec 10, 2001 at 07:51:27PM -0700, Michael Richardson wrote: >> >> I'm not entirely clear why an ISP that had, for instance 209.151.0.0/19, >> couldn't advertise a gateway to 2002:d197:0000::/35 to its v6 peers. Nathan> Because everyone would simply map their IPv4 tables into their IPv6 Nathan> tables, effectively bootstrapping the IPv6 DFZ with thousands of entries. Nathan> That's one thing we're trying to get away from with IPv6. Yes, I agree that the DFZ should filter out longer prefixes for this reason. I should have said *v6-only* peers. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ From Thomas.Foelski@icn.siemens.de Wed Dec 12 11:47:47 2001 From: Thomas.Foelski@icn.siemens.de (Foelski Thomas) Date: Wed, 12 Dec 2001 12:47:47 +0100 Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? Message-ID: Hello All, we are working here with Red Hat Linux 7.2 and W2000, and trying to connect to a telnet server ( Red Hat 7.2, Telnet Server 0.17-20 ). When we connect from a W2000 client, it is working, with the pure IPv6 address and also with a DNS ( Bind 9). When we want to connect from a Red Hat 7.2 client ( we tried Telnet-client 0.17-20 and 0.17-18 ), we get the error message " Invalid Argument". So, the question is, does the telnet-client package support IPv6 or do we something wrong ? Do we need to set a flag or give a special parameter to the command ? [root@host1 root]# telnet fe80::204:76ff:fe24:e52a Trying fe80::204:76ff:fe24:e52a... telnet: connect to address fe80::204:76ff:fe24:e52a: Invalid argument [root@host1 root]# Thanks Thomas From lists@geminis.myip.org Wed Dec 12 16:54:06 2001 From: lists@geminis.myip.org (Flavio Villanustre) Date: Wed, 12 Dec 2001 13:54:06 -0300 (ART) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: Message-ID: Thomas, AFAIK, included telnet client in RedHat 7.2 doesn't support IPv6. You could download an IPv6 capable telnet client or use shimlib library from Nick Sayer to enable any standard IPv4 application (i.e. telnet client) to resolve and connect to IPv6 servers. You can download a modified version of shimlib library that compiles cleanly under RedHat 7.2 from: http://flavio.acme.com (IPv6 only site) or http://geminis.myip.org (IPv4 only site) It's just a single C source, compile it with: gcc -shared -o shimlib.so shimlib.c -ldl To use shimlib just issue: LD_PRELOAD=./shimlib.so telnet IPv6_AAAA_or_A6_name_record Regards, Flavio. On Wed, 12 Dec 2001, Foelski Thomas wrote: > Hello All, > > we are working here with Red Hat Linux 7.2 and W2000, and trying to connect to a telnet server ( Red Hat 7.2, Telnet Server 0.17-20 ). > When we connect from a W2000 client, it is working, with the pure IPv6 address and also with a DNS ( Bind 9). > When we want to connect from a Red Hat 7.2 client ( we tried Telnet-client 0.17-20 and 0.17-18 ), > we get the error message " Invalid Argument". So, the question is, does the telnet-client package support > IPv6 or do we something wrong ? Do we need to set a flag or give a special parameter to the command ? > > [root@host1 root]# telnet fe80::204:76ff:fe24:e52a > Trying fe80::204:76ff:fe24:e52a... > telnet: connect to address fe80::204:76ff:fe24:e52a: Invalid argument > [root@host1 root]# > > Thanks > > Thomas > From itojun@iijlab.net Wed Dec 12 17:09:31 2001 From: itojun@iijlab.net (itojun@iijlab.net) Date: Thu, 13 Dec 2001 02:09:31 +0900 Subject: delegation under x.x.e.f.f.3.ip6.arpa. Message-ID: <20867.1008176971@itojun.org> hello, how can we get NS delegation under x.x.e.f.f.3.ip6.arpa. (not "int")? some of our zones are ready to go. itojun From bmanning@ISI.EDU Wed Dec 12 17:19:51 2001 From: bmanning@ISI.EDU (Bill Manning) Date: Wed, 12 Dec 2001 09:19:51 -0800 Subject: delegation under x.x.e.f.f.3.ip6.arpa. In-Reply-To: <20867.1008176971@itojun.org>; from itojun@iijlab.net on Thu, Dec 13, 2001 at 02:09:31AM +0900 References: <20867.1008176971@itojun.org> Message-ID: <20011212091951.E7703@zed.isi.edu> On Thu, Dec 13, 2001 at 02:09:31AM +0900, itojun@iijlab.net wrote: > hello, > > how can we get NS delegation under x.x.e.f.f.3.ip6.arpa. (not "int")? > some of our zones are ready to go. > > itojun Don't know. There are a number of zone cuts in IP6.INT that were not considered by ICANN when the ip6.arpa zone was created. I'm trying to open a dialog with them to see about including these other zones. --bill From lists@geminis.myip.org Wed Dec 12 18:08:45 2001 From: lists@geminis.myip.org (Flavio Villanustre) Date: Wed, 12 Dec 2001 15:08:45 -0300 (ART) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: <20011212184619.A18127@itea.ntnu.no> Message-ID: On Wed, 12 Dec 2001, Stig Venaas wrote: > It does support IPv6 and works quite nicely for me. Are you sure? Standard RPM telnet package in RedHat 7.2 is telnet-0.17-20.i386.rpm and it doesn't support IPv6... Regards, Flavio. From michael@kjorling.com Wed Dec 12 18:26:29 2001 From: michael@kjorling.com (Michael Kjorling) Date: Wed, 12 Dec 2001 19:26:29 +0100 (CET) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OK, I can't say I'm familiar with IPv6 yet, but do you have telnet6 on your system? If so, does it work any better? Michael Kjörling On Dec 12 2001 12:47 +0100, Foelski Thomas wrote: > Hello All, > > we are working here with Red Hat Linux 7.2 and W2000, and trying to connect to a telnet server ( Red Hat 7.2, Telnet Server 0.17-20 ). > When we connect from a W2000 client, it is working, with the pure IPv6 address and also with a DNS ( Bind 9). > When we want to connect from a Red Hat 7.2 client ( we tried Telnet-client 0.17-20 and 0.17-18 ), > we get the error message " Invalid Argument". So, the question is, does the telnet-client package support > IPv6 or do we something wrong ? Do we need to set a flag or give a special parameter to the command ? > > [root@host1 root]# telnet fe80::204:76ff:fe24:e52a > Trying fe80::204:76ff:fe24:e52a... > telnet: connect to address fe80::204:76ff:fe24:e52a: Invalid argument > [root@host1 root]# > > Thanks > > Thomas - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8F6FYKqN7/Ypw4z4RAgjQAKCh1eMf4grxiGoGcX4N2RpvzFvc9wCfSuNR u2oMAro8pkvllFOchTPCru4= =2sRh -----END PGP SIGNATURE----- From Jean-Luc.Richier@imag.fr Wed Dec 12 18:28:09 2001 From: Jean-Luc.Richier@imag.fr (Jean-Luc Richier) Date: Wed, 12 Dec 2001 19:28:09 +0100 (MET) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: Flavio Villanustre's message as of Dec 12, 15:08. Message-ID: <200112121828.fBCIS9715415@horus.imag.fr> In your mail dated Dec 12, 15:08 you wrote: >On Wed, 12 Dec 2001, Stig Venaas wrote: > >> It does support IPv6 and works quite nicely for me. > >Are you sure? Standard RPM telnet package in RedHat 7.2 is >telnet-0.17-20.i386.rpm and it doesn't support IPv6... > >Regards, > >Flavio. > sorry, it does support IPv6: bastet.imag.fr(20) /usr/bin/telnet www6.ipv6.imag.fr Trying 2001:660:181:1::50... Connected to www6.ipv6.imag.fr. Escape character is '^]'. FreeBSD/i386 (luna.imag.fr) (ttyp1) bastet.imag.fr(21) more /etc/redhat-release Red Hat Linux release 7.2 (Enigma) bastet.imag.fr(22) rpm -qf /usr/bin/telnet telnet-0.17-20 BUT !!! telnet only without path does not work, as: bastet.imag.fr(23) which telnet /usr/kerberos/bin/telnet bastet.imag.fr(24) rpm -qf /usr/kerberos/bin/telnet krb5-workstation-1.2.2-13 and kerberos telnet does not work with ipv6. As for the original question, the problem is not telnet, but trying to connect to a link local address. Therefore the scope of the connection is unknown and telnet fails. The correct telnet is: /usr/bin/telnet fe80::210:11ff:fe76:7800%eth0 using a scoped address. Regards -- Jean-Luc RICHIER (Jean-Luc.Richier@Imag.Fr richier@imag.fr) Laboratoire Logiciels, Systemes et Reseaux (LSR-IMAG) IMAG-CAMPUS, BP 72, F-38402 St Martin d'Heres Cedex Tel : +33 4 76 82 72 32 Fax : +33 4 76 82 72 87 From lists@geminis.myip.org Wed Dec 12 18:28:16 2001 From: lists@geminis.myip.org (Flavio Villanustre) Date: Wed, 12 Dec 2001 15:28:16 -0300 (ART) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: <20011212192127.A7965@itea.ntnu.no> Message-ID: You're absolutely right. My fault and probably Thomas' problem too. There is a package on RedHat 7.2 called krb5-workstation-1.2.2-13 that includes an IPv4 only telnet client installed under /usr/kerberos/bin/telnet and $PATH is: /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin: so, Thomas, just run /usr/bin/telnet or remove krb5-workstation-1.2.2-13 package and you'll have an IPv6 capable telnet on-board Thanks and regards, Flavio. On Wed, 12 Dec 2001, Stig Venaas wrote: > On Wed, Dec 12, 2001 at 03:08:45PM -0300, Flavio Villanustre wrote: > > On Wed, 12 Dec 2001, Stig Venaas wrote: > > > > > It does support IPv6 and works quite nicely for me. > > > > Are you sure? Standard RPM telnet package in RedHat 7.2 is > > telnet-0.17-20.i386.rpm and it doesn't support IPv6... > > That exact RPM supports IPv6. I know for sure that my telnet > binary is from telnet-0.17-20.i386.rpm, and for instance > > bash-2.05$ /usr/bin/telnet 2001:700:1:0:290:27ff:fe55:fe7b 389 > Trying 2001:700:1:0:290:27ff:fe55:fe7b... > Connected to 2001:700:1:0:290:27ff:fe55:fe7b. > Escape character is '^]'. > > works. It also tries all possible addresses which is good. > > bash-2.05$ /usr/bin/telnet ldap.uninett.no > Trying 2001:700:1:0:290:27ff:fe55:fe7b... > telnet: connect to address 2001:700:1:0:290:27ff:fe55:fe7b: Connection refused > Trying 3ffe:2a00:100:7001:290:27ff:fe55:fe7b... > telnet: connect to address 3ffe:2a00:100:7001:290:27ff:fe55:fe7b: Connection refused > Trying 2002:9e26:d6:1:290:27ff:fe55:fe7b... > telnet: connect to address 2002:9e26:d6:1:290:27ff:fe55:fe7b: Connection refused > Trying 158.38.60.76... > telnet: connect to address 158.38.60.76: Connection refused > > Stig > From pekkas@netcore.fi Wed Dec 12 19:13:04 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Wed, 12 Dec 2001 21:13:04 +0200 (EET) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: Message-ID: On Wed, 12 Dec 2001, Flavio Villanustre wrote: > Thomas, > > AFAIK, included telnet client in RedHat 7.2 doesn't support IPv6. You > could download an IPv6 capable telnet client or use shimlib library from > Nick Sayer to enable any standard IPv4 application (i.e. telnet client) > to resolve and connect to IPv6 servers. RHL72 telnet client supports IPv6. Problem here was Thomas tried to connect to link-local address without specifying scope. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From pekkas@netcore.fi Wed Dec 12 20:14:32 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Wed, 12 Dec 2001 22:14:32 +0200 (EET) Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: Message-ID: On Wed, 12 Dec 2001, Flavio Villanustre wrote: > On Wed, 12 Dec 2001, Stig Venaas wrote: > > > It does support IPv6 and works quite nicely for me. > > Are you sure? Standard RPM telnet package in RedHat 7.2 is > telnet-0.17-20.i386.rpm and it doesn't support IPv6... Positive. [psavola@haukka psavola]$ rpm -q telnet redhat-release telnet-0.17-20 redhat-release-7.2-1 [psavola@haukka psavola]$ telnet ipv6.netcore.fi 22 Trying 2001:670:86::1... Connected to ipv6.netcore.fi. Escape character is '^]'. [...] -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From rmk@arm.linux.org.uk Thu Dec 13 00:02:26 2001 From: rmk@arm.linux.org.uk (Russell King) Date: Thu, 13 Dec 2001 00:02:26 +0000 Subject: Telnet Client Red Hat 7.2 IPv6 enabled ?? In-Reply-To: ; from lists@geminis.myip.org on Wed, Dec 12, 2001 at 01:54:06PM -0300 References: Message-ID: <20011213000226.C4606@flint.arm.linux.org.uk> On Wed, Dec 12, 2001 at 01:54:06PM -0300, Flavio Villanustre wrote: > AFAIK, included telnet client in RedHat 7.2 doesn't support IPv6. RH7.2 telnet supports IPv6. Just make sure you're using /usr/bin/telnet, not the kerberos-ized version. (Chances are if you have kerberos stuff installed, you're using the kerberos telnet not /usr/bin/telnet). -- Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux http://www.arm.linux.org.uk/personal/aboutme.html From peter.juul@uni-c.dk Thu Dec 13 12:03:35 2001 From: peter.juul@uni-c.dk (Peter B . Juul) Date: Thu, 13 Dec 2001 13:03:35 +0100 Subject: IP addresses in 6bone Message-ID: <20011213130335.M21931@uni-c.dk> [Please correct any technical nonsense I might spew in this mail. I am just starting in figuring out how ipv6 works.] We, Uni-C, used to be connected to the 6bone, but changes in staff, hardware platforms and the lack of interest from our customers made us drop out. However, it seems 3FFE:1400::/24 is still assigned to us (that's a rather large assignment. A /32 or even af /36 would suffice - keeping to the 4bit borderlines). We are joining the 6net project, and I was thinking about just using the above-mentioned prefix in this. However, a lookup in whois.6bone.net gave me this info: $ whois "-M 3ffe:1400::/24"@whois.6bone.net ipv6-site: EMI-DTU origin: AS1835 descr: EMI, Tech. U. of Denmark, Lyngby, Denmark location: 55 46 8 N 12 31 0 E 45m 100m 100m 10m country: DK prefix: 3FFE:1401:1::/48 [..] ipv6-site: ECRC origin: AS1273 descr: Cable & Wireless ECRC GmbH Arabellastr. 17 D-81925 Munich Germany country: DE prefix: 3FFE:1402:1::/48 [..] ipv6-site: ICM-PL origin: AS8664 descr: Interdisciplinary Centre for Mathematical and Computational Modelling Warsaw University, Poland ul. Pawinskiego 5a 02-106 Warszawa location: 52 12 22 N 20 59 01 E 100m country: PL prefix: 3FFE:8010::/28 prefix: 3FFE:902::/32 prefix: 3FFE:280::/40 prefix: 3FFE:140F:1::/48 [..] Now, the first on (EMI-DTU) makes sense. They are an institution connected to the world through us (and through our AS-no.), but the latter two baffles me a bit. Their having addresses in out /24... Is that a consequence of our being marked as inactive, or is there some clue somewhere, that we delegated those addresses to them? If the former, I'd suggest that we and EMI-DTU (who are also inactive, since the one who dealt with ipv6 left years ago and we are their only connection) are simply removed from the registry, thereby making the inconsistencies go away. We would then have to apply for new addresses, but since we do not use the 3FFE:1400::/24 anyway (yet), that wouldn't be too much of a hassle. Peter B. Juul, Uni·C (PBJ255-RIPE) From fink@es.net Thu Dec 13 17:03:18 2001 From: fink@es.net (Bob Fink) Date: Thu, 13 Dec 2001 09:03:18 -0800 Subject: 6bone pTLA 3FFE:82E0::/28 allocated to LDCOM Message-ID: <5.1.0.14.0.20011213085913.036bec78@imap2.es.net> LDCOM has been allocated pTLA 3FFE:82E0::/28 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to either bmanning@isi.edu or hostmaster@ep.net.] Thanks, Bob From chuck+6bone@snew.com Sat Dec 15 06:06:01 2001 From: chuck+6bone@snew.com (Chuck Yerkes) Date: Fri, 14 Dec 2001 22:06:01 -0800 Subject: Presuming IPv4 (was Re: Routing of 2002::/16) Message-ID: <20011214220601.A29131@snew.com> Quoting Michel Py (michel@arneill-py.sacramento.ca.us): > >> From: Dave Wilson > >> I'm looking into setting up a 6to4 relay router for my customers > > I don't understand why you need a 6to4 relay in the first place. You are > mentioning advertising routes to your customers. This implies that they > have IPv6 capable routers that can also understand RIP or BGP for IPv6. > If I assume correctly, these customers also have IPv4 Internet access, > therefore they shoud be able to configure 6to4 on their sites. If they > don't know how, this is called billable services..... This may be a reasonable assumption at the moment, but in the context of an experimental and experimenting network (the 6bone) and, more, in the interests of preparing for a far more 6-aware world, I'd like to presume instead that there are many 6-only networks with no 4 network. This becomes more and more important as chunks of networks can start to lose their IP4 dependancy - we need to have a "best practices" documented for a truly mixed network. From nsayer@quack.kfu.com Sat Dec 15 17:46:19 2001 From: nsayer@quack.kfu.com (Nick Sayer) Date: Sat, 15 Dec 2001 09:46:19 -0800 Subject: Presuming IPv4 (was Re: Routing of 2002::/16) References: <20011214220601.A29131@snew.com> Message-ID: <3C1B8C6B.70007@quack.kfu.com> > > This may be a reasonable assumption at the moment, but in the > context of an experimental and experimenting network (the > 6bone) and, more, in the interests of preparing for a far more > 6-aware world, I'd like to presume instead that there are many > 6-only networks with no 4 network. > > This becomes more and more important as chunks of networks > can start to lose their IP4 dependancy - we need to have a > "best practices" documented for a truly mixed network. > Go visit http://www.kfu.com/~nsayer/6to4/noipv4.html . This page describes how you can get rid of IPv4 within the enterprise. Unfortunately, Windows still poses a bit of an obstacle (I attempted to implement BIA and immediately lost the ability to sign into the domain controller), but if you don't have (or don't care about) Windows, it's smooth sailing (the machine I'm typing on now has no IPv4 address). From michel@arneill-py.sacramento.ca.us Sat Dec 15 23:00:48 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 15 Dec 2001 15:00:48 -0800 Subject: Presuming IPv4 (was Re: Routing of 2002::/16) Message-ID: <2B81403386729140A3A899A8B39B046403D5A3@server2000.arneill-py.sacramento.ca.us> >> From: Chuck Yerkes [mailto:chuck+6bone@snew.com] >> This may be a reasonable assumption at the moment, but in the >> context of an experimental and experimenting network (the >> 6bone) and, more, in the interests of preparing for a far more >> 6-aware world, I'd like to presume instead that there are many >> 6-only networks with no 4 network. Dave's original text had the word "customer". Today, and for a while, the best advice you can give to a customer is that they need both v4 and v6. V6 only networks are good for experiments, but I would not run a business on them. Would you be able to read this email today if you were v6 only? Would you risk loosing customers that have transition mechanism problems for the pleasure of being v6 only? Let's be serious. The 6bone is a great place to test, but the day when Microsoft, Cisco, eBay, Amazon, Etrade, Travelocity and Cnn are moving their web sites to v6 only is years away. And I don't envision an Internet where you can pretend that Windows does not exist any time soon either. In the meantime, the reason I was mentionning that it would be preferable to have the customers have their own 6to4 solution is this: In the next three years, you will update the software that runs the 6to4 relay many times. People that have been doing this for a while will agree that there is a good chance that one of these many upgrades will introduce a new bug that will disable the 6to4 relay. If your design is that your customers rely on this 6to4 relay, when you break it, all the customers are screaming at the same time, which experienced network administrators try to avoid. On the other end, if customers have their own 6to4 relays on their own routers, not only they will not break all at the same time, but when they do break, it's not your fault. Michel. From nsayer@quack.kfu.com Sun Dec 16 18:00:04 2001 From: nsayer@quack.kfu.com (Nick Sayer) Date: Sun, 16 Dec 2001 10:00:04 -0800 Subject: Presuming IPv4 (was Re: Routing of 2002::/16) References: <2B81403386729140A3A899A8B39B046403D5A3@server2000.arneill-py.sacramento.ca.us> Message-ID: <3C1CE124.4010209@quack.kfu.com> Michel Py wrote: >>> From: Chuck Yerkes [mailto:chuck+6bone@snew.com] This may be a >>> reasonable assumption at the moment, but in the context of an >>> experimental and experimenting network (the 6bone) and, more, >>> in the interests of preparing for a far more 6-aware world, I'd >>> like to presume instead that there are many 6-only networks >>> with no 4 network. >>> > > Dave's original text had the word "customer". Today, and for a > while, the best advice you can give to a customer is that they need > both v4 and v6. V6 only networks are good for experiments, but I > would not run a business on them. Would you be able to read this > email today if you were v6 only? Would you risk loosing customers > that have transition mechanism problems for the pleasure of being > v6 only? I don't know if I would go as far as that. I believe that an enterprise needs a handfull of IPv4 addresses for things like web services, mail relays and NAT/NATPT endpoints. But if you're going to deal with the Internet via NAT, doing so via NATPT isn't any different, except for the fact that you have an opportunity to communicate with v6 sites without translation. > Let's be serious. The 6bone is a great place to test, but the day > when Microsoft, Cisco, eBay, Amazon, Etrade, Travelocity and Cnn > are moving their web sites to v6 only is years away. Perhaps, but the day that they add AAAA or A6 records to their DNS is perhaps a bit closer. In the meantime, I can reach them with NATPT without having anything except the NATPT gateway configured with IPv4. > And I don't > envision an Internet where you can pretend that Windows does not > exist any time soon either. There exist enterprises without Windows anywhere to be found. If you provide services for external sites, they will clearly need to have routable IPv4 addresses for now. But that's not the whole story here. > In the meantime, the reason I was mentionning that it would be > preferable to have the customers have their own 6to4 solution is > this: > > In the next three years, you will update the software that runs the > 6to4 relay many times. People that have been doing this for a while > will agree that there is a good chance that one of these many > upgrades will introduce a new bug that will disable the 6to4 relay. > > If your design is that your customers rely on this 6to4 relay, when > you break it, all the customers are screaming at the same time, > which experienced network administrators try to avoid. > > On the other end, if customers have their own 6to4 relays on their > own routers, not only they will not break all at the same time, but > when they do break, it's not your fault. Replace '6to4 relays' with 'e-mail' and you can make the same argument. They are adding value to their service, which I applaud. It makes their service more valuable. As for the idea that they're going to flash some software into a router and suddenly hose up their service, the same argument applies to any other aspect of their business. Which is why you either thoroughly test such things before hand or have a contingency plan to quickly migrate the service elsewhere or back the upgrade out should the need arise. From fink@es.net Sun Dec 16 19:07:11 2001 From: fink@es.net (Bob Fink) Date: Sun, 16 Dec 2001 11:07:11 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <5.1.0.14.0.20011216110232.0204c470@imap2.es.net> 6bone Folk, MICROSOFT has requested a pTLA allocation. The open review period for this will close 2 January 2002. Please send your comments to me or the list. Thanks, Bob === >Subject: pTLA Request for Microsoft >Date: Fri, 14 Dec 2001 10:02:27 -0800 >From: "Chris Engdahl" >To: "Bob Fink" >Cc: "ITG IPv6 Engineering Team" > >Hi Bob & the 6Bone- > >I'd like to request a pTLA for Microsoft Corporation, please find >relevant info below. > >Thank you- >Chris Engdahl > >------ > >7. Guidelines for 6Bone pTLA sites > The following rules apply to qualify for a 6Bone pTLA allocation. It > should be recognized that holders of 6Bone pTLA allocations are > expected to provide production quality backbone network services for > the 6Bone. > > 1. The pTLA Applicant must have a minimum of three (3) months > qualifying experience as a 6Bone end-site or pNLA transit. >During > the entire qualifying period the Applicant must be operationally > providing the following: > > a. Fully maintained, up to date, 6Bone Registry entries for their > ipv6-site inet6num, mntner, and person objects, including each > tunnel that the Applicant has. > >ipv6-site: MICROSOFT >origin: AS8070 >descr: Microsoft IPv6 Site >country: US >prefix: 3FFE:2900:201::/48 >prefix: 3FFE:C00:8036::/48 >tunnel: IPv6 in IPv4 iusdxbonec7501-l1.ipv6.microsoft.com -> >sl-bb1v6-nyc.sprintlink.net SPRINT BGP4+ >tunnel: IPv6 in IPv4 iusdxbonec7501-l1.ipv6.microsoft.com -> >ipv6-lab-gw.cisco.com CISCO BGP4+ >contact: CE1-6BONE >contact: DF4-6BONE >contact: DML1-6BONE >notify: ipv6eng@microsoft.com >mnt-by: MNT-MSFT >changed: cengdahl@microsoft.com 20011113 >changed: cengdahl@microsoft.com 20011213 >source: 6BONE > > b. Fully maintained, and reliable, BGP4+ peering and connectivity > between the Applicant's boundary router and the appropriate > connection point into the 6Bone. This router must be IPv6 > pingable. This criteria is judged by members of the 6Bone > Operations Group at the time of the Applicant's pTLA request. > >See router above: iusdxbonec7501.ipv6.microsoft.com currently peers with >Sprint and Cisco. > > c. Fully maintained DNS forward (AAAA) and reverse (ip6.int) > entries for the Applicant's router(s) and at least one host > system. > > >6to4 A 131.107.33.60 > AAAA 2002:836b:213c:1:e0:8f08:f020:8 >iusdxbonec7501-l1 AAAA 2002:836b:213c:1:e0:8f08:f020:8 >iusdxbonec7501-tun1 AAAA 3ffe:2900:2:1:0:0:0:2 >iusdxbonec7501-tun2 AAAA 3ffe:c00:8023:3a:0:0:0:2 >www A 131.107.152.134 > AAAA 2002:836b:9820:0:0:0:836b:9886 > >8.0.0.0.0.2.0.f.8.0.f.8.0.e.0.0.1.0.0.0.c.3.1.2.b.6.3.8.2.0.0.2.ip6.int. >\ > IN PTR iusdxbonec7501-l1.ipv6.microsoft.com. >2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.0.0.0.0.0.9.2.e.f.f.3.ip6.int. >\ > IN PTR iusdxbonec7501-tun1.ipv6.microsoft.com. >2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.3.0.0.3.2.0.8.0.0.c.0.e.f.f.3.ip6.int. >\ > IN PTR iusdxbonec7501-tun2.ipv6.microsoft.com. >6.8.8.9.b.6.3.8.0.0.0.0.0.0.0.0.0.0.0.0.0.2.8.9.b.6.3.8.2.0.0.2.ip6.int. >\ > IN PTR www.ipv6.microsoft.com. > > > d. A fully maintained, and reliable, IPv6-accessible system > providing, at a mimimum, one or more web pages, describing the > Applicant's IPv6 services. This server must be IPv6 pingable. > >[see above] > > 2. The pTLA Applicant MUST have the ability and intent to provide > "production-quality" 6Bone backbone service. Applicants must > provide a statement and information in support of this claim. > This MUST include the following: > > a. A support staff of two persons minimum, three preferable, with > person attributes registered for each in the ipv6-site object > for the pTLA applicant. > >contact: CE1-6BONE >contact: DF4-6BONE >contact: DML1-6BONE > > b. A common mailbox for support contact purposes that all support > staff have acess to, pointed to with a notify attribute in the > ipv6-site object for the pTLA Applicant. > >notify: ipv6eng@microsoft.com > > 3. The pTLA Applicant MUST have a potential "user community" that > would be served by its becoming a pTLA, e.g., the Applicant is a > major provider of Internet service in a region, country, or focus > of interest. Applicant must provide a statement and information in > support this claim. > >Statement of User Community and Intent to Provide Production-Quality >IPv6 Backbone Services: >Microsoft Information Technology Group provides enterprise-wide network >connectivity to Microsoft research and development sites across the >globe. Prefixes derived from the pTLA would be used to address sites >across several different geographic regions and will interconnect >externally with diverse providers. In addition, this will serve as >initial research toward eventual deployment of IPv6 services across >Microsoft's Internet network properties. > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > operational rules and policies as they exist at time of its > application, and agree to abide by future 6Bone backbone > operational rules and policies as they evolve by consensus of the > 6Bone backbone and user community. > >[We do indeed.] > > When an Applicant seeks to receive a pTLA allocation, it will apply > to the 6Bone Operations Group (see section 8 below) by providing to > the Group information in support of its claims that it meets the > criteria above. > >8. 6Bone Operations Group > The 6Bone Operations Group is the group in charge of monitoring and > policing adherence to the current rules. Membership in the 6Bone > Operations Group is mandatory for, and restricted to, sites connected > to the 6Bone. > The 6Bone Operations Group is currently defined by those members of > the existing 6Bone mailing list who represent sites participating in > the 6Bone. Therefore it is incumbent on relevant site contacts to > join the 6Bone mailing list. Instructions on how to join the list are > maintained on the 6Bone web site at < http://www.6bone.net>. From danny.listas@gmx.net Mon Dec 17 23:14:19 2001 From: danny.listas@gmx.net (Danny Angelo Carminati Grein) Date: Mon, 17 Dec 2001 21:14:19 -0200 Subject: unsibscribe Message-ID: <20011217231419.9BEE862692@darkbrain.noisehmad> unsibscribe -- Q: What's another name for the "Intel Inside" sticker they put on Pentiums? A: Warning label. From john@sixgirls.org Tue Dec 18 04:17:31 2001 From: john@sixgirls.org (John Klos) Date: Mon, 17 Dec 2001 23:17:31 -0500 (EST) Subject: Weird routing issue? Message-ID: Hi, For some reason, my IPv6 machines cannot browse 6bone.informatik.uni-leipzig.de. >From any of my machines, which are on FreeNet6, I route to: traceroute6 to 6bone.informatik.uni-leipzig.de (3ffe:400:280::1) from 3ffe:b80:2:2e72::2, 30 hops max, 12 byte packets 1 3ffe:b80:2:2e72::1 147.024 ms 146.554 ms 146.544 ms 2 3ffe:400:1090:1:8::2 138.321 ms 139.479 ms 152.833 ms 3 3ffe:8270:0:1::36 270.677 ms 265.623 ms 265.66 ms 4 * * * But from machines on other networks (ftp.netbsd.org), I get: traceroute6 to 6bone.informatik.uni-leipzig.de (3ffe:400:280::1) from 3ffe:8050:201:1860:2a0:c9ff:feed:b7ea, 30 hops max, 12 byte packets 1 3ffe:8050:201:1860:290:abff:fe11:941d 1.148 ms * 0.798 ms 2 orpa6.unnwo.net 2.735 ms 2.922 ms * 3 3ffe:1280:1001:1::1 3.75 ms 3.731 ms * 4 3ffe:1200:1002:1::e2 186.326 ms 186.155 ms 185.761 ms 5 * 3ffe:401:0:1::27:1 228.229 ms 228.906 ms 6 6bone.informatik.uni-leipzig.de 279.017 ms 251.985 ms 250.142 ms Clues? Thanks, John Klos Sixgirls Systems Administrator From chuck+6bone@snew.com Tue Dec 18 06:21:47 2001 From: chuck+6bone@snew.com (Chuck Yerkes) Date: Mon, 17 Dec 2001 22:21:47 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <5.1.0.14.0.20011216110232.0204c470@imap2.es.net>; from fink@es.net on Sun, Dec 16, 2001 at 11:07:11AM -0800 References: <5.1.0.14.0.20011216110232.0204c470@imap2.es.net> Message-ID: <20011217222146.A25476@snew.com> Quoting Bob Fink (fink@es.net): > 6bone Folk, > > MICROSOFT has requested a pTLA allocation. The open review period for this > will close 2 January 2002. Please send your comments to me or the list. > > .... Not to be petty, but this stanza jumps out as a potentially historic note. We will hope that MS does not live up to their long earned reputation for not playing with others (http, kerberos, DNS, DDNS, DHCP and others leap to mind). > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > operational rules and policies as they exist at time of its > application, and agree to abide by future 6Bone backbone > operational rules and policies as they evolve by consensus of the > 6Bone backbone and user community. > >[We do indeed.] Need we define "consensus" and other words very, very, very, clearly and concisely to avoid all loopholes? From fink@es.net Tue Dec 18 06:48:25 2001 From: fink@es.net (Bob Fink) Date: Mon, 17 Dec 2001 22:48:25 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <20011217222146.A25476@snew.com> References: <5.1.0.14.0.20011216110232.0204c470@imap2.es.net> <5.1.0.14.0.20011216110232.0204c470@imap2.es.net> Message-ID: <5.1.0.14.0.20011217224533.034a4340@imap2.es.net> Chuck, At 10:21 PM 12/17/2001 -0800, Chuck Yerkes wrote: >Quoting Bob Fink (fink@es.net): > > 6bone Folk, > > > > MICROSOFT has requested a pTLA allocation. The open review period for this > > will close 2 January 2002. Please send your comments to me or the list. > > > > > >.... > > >Not to be petty, but this stanza jumps out as a potentially historic >note. We will hope that MS does not live up to their long earned >reputation for not playing with others (http, kerberos, DNS, DDNS, >DHCP and others leap to mind). Speaking from my own experience on the 6bone, and as an IETF ngtrans wg chair, Microsoft has worked with the IPv6 community in an exemplary fashion. I appreciate their continuing high quality IPv6 efforts. Bob > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > > operational rules and policies as they exist at time of its > > application, and agree to abide by future 6Bone backbone > > operational rules and policies as they evolve by consensus of the > > 6Bone backbone and user community. > > > >[We do indeed.] > > >Need we define "consensus" and other words very, very, very, >clearly and concisely to avoid all loopholes? From john@sixgirls.org Tue Dec 18 09:17:26 2001 From: john@sixgirls.org (John Klos) Date: Tue, 18 Dec 2001 04:17:26 -0500 (EST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <20011217222146.A25476@snew.com> Message-ID: > > MICROSOFT has requested a pTLA allocation. The open review period for this > > will close 2 January 2002. Please send your comments to me or the list. > > > > > > Not to be petty, but this stanza jumps out as a potentially historic > note. We will hope that MS does not live up to their long earned > reputation for not playing with others (http, kerberos, DNS, DDNS, > DHCP and others leap to mind). > > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > > operational rules and policies as they exist at time of its > > application, and agree to abide by future 6Bone backbone > > operational rules and policies as they evolve by consensus of the > > 6Bone backbone and user community. > > Need we define "consensus" and other words very, very, very, > clearly and concisely to avoid all loopholes? I must agree with this sentiment. Does 6bone have a lawyer or lawyers? Are any lawyers on this list? It would be a VERY wise move to have Microsoft representatives agree to these terms plainly in a legal document; trying to get Microsoft to conform after the fact is, well, impossible (the US government cannot do it). The very least that 6bone can do is have Microsoft agree to such terms in writing. As a NetBSD developer, I do not want to see our work become irrelevant should Microsoft start making incompatible protocols. Thanks, John Klos Sixgirls Computing Labs From john@sixgirls.org Tue Dec 18 09:23:46 2001 From: john@sixgirls.org (John Klos) Date: Tue, 18 Dec 2001 04:23:46 -0500 (EST) Subject: Weird routing issue? In-Reply-To: <20011218080732.2C8E4110B@postfix1.uni-muenster.de> Message-ID: Hi, > As 6bone.informatik.uni-leipzig.de is one of our leaf-sites I guess the > next hop here should be JOIN. But our BGP connection to CALADAN (which is > 3ffe:8270::) is fine and you should reach us. What I don't like here, is > that 3ffe:400:1090::/48 (T-NET), another of our leaf sites, is involved. > While they are no backbone peer, they have many BGP tunnels and behave > like an pTLA. Maybe this causes problems, because one of their BGP peers > is filtering. In my opinion T-NET should apply for pTLA. Is IPv6 really so young as to be expected to be less reliable than the IPv4 on which it commonly travels? > Right now I can reach both of your IPs from the JOIN backbone router, which > means nothing, because meanwhile I use different routes than aboves. Do you > still have problems reaching 6bone.informatik.uni-leipzig.de or was it only > temporary? I reported this after I noticed that it's been several days since I was last able to see your site via IPv6. Should we contact T-NET? Thanks, John Klos Sixgirls Computing Labs From M.Knell@westminster.ac.uk Tue Dec 18 11:11:24 2001 From: M.Knell@westminster.ac.uk (Mike Knell) Date: Tue, 18 Dec 2001 11:11:24 +0000 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Your message of "Tue, 18 Dec 2001 04:17:26 EST." Message-ID: > > > MICROSOFT has requested a pTLA allocation. The open review period for thi s > > > will close 2 January 2002. Please send your comments to me or the list. (snip) > The very least that 6bone can do is have Microsoft agree to such terms in > writing. As a NetBSD developer, I do not want to see our work become > irrelevant should Microsoft start making incompatible protocols. Microsoft have had a presence on the 6bone for a long time, and I fail to see (not that, I must confess, I'm that active in v6 stuff at the moment after moving jobs) how granting them a block of address space should somehow be seen as giving Microsoft carte blanche to "develop incompatible protocols". Can we try and be realistic here? Mike -- This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must not copy or show them to anyone, nor should you take any action based on them, other than to notify the error by replying to the sender. From pekkas@netcore.fi Tue Dec 18 11:36:19 2001 From: pekkas@netcore.fi (Pekka Savola) Date: Tue, 18 Dec 2001 13:36:19 +0200 (EET) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Message-ID: On Tue, 18 Dec 2001, John Klos wrote: > > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > > > operational rules and policies as they exist at time of its > > > application, and agree to abide by future 6Bone backbone > > > operational rules and policies as they evolve by consensus of the > > > 6Bone backbone and user community. > > > > Need we define "consensus" and other words very, very, very, > > clearly and concisely to avoid all loopholes? > [snip] > > The very least that 6bone can do is have Microsoft agree to such terms in > writing. As a NetBSD developer, I do not want to see our work become > irrelevant should Microsoft start making incompatible protocols. How, exactly, would this situation change from today if MS was allocated a pTLA? I don't see any change happening. And I don't know if there's anything to complain about as of this writing. Everyone can still refuse to peer with MS if they don't act nicely, or filter all of their routes or whatever.. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From brigm@spawar.navy.mil Tue Dec 18 13:54:31 2001 From: brigm@spawar.navy.mil (Brig, Michael P.) Date: Tue, 18 Dec 2001 08:54:31 -0500 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <20E9E5720663D311957B0000F8E781DF03EDA6C8@sctern.atlantic.spawar.navy.mil> I think Microsoft should be allowed it's pTLA. If we allow Cisco and Compaq then why not Microsoft? We should encourage greater participation verses building barriers. Now concerning the point that the US government can't get Microsoft to conform... The US government has issues getting it's own personnel and agencies to conform and work as team players. I believe any real world organization, forum, industry group, alliance, coalition has this very same issue. Michael P. Brig -----Original Message----- From: John Klos [mailto:john@sixgirls.org] Sent: Tuesday, December 18, 2001 4:17 AM To: Chuck Yerkes Cc: Bob Fink; 6BONE List; Chris Engdahl; ITG IPv6 Engineering Team Subject: Re: pTLA request for MICROSOFT - review closes 2 January 2002 > > MICROSOFT has requested a pTLA allocation. The open review period for this > > will close 2 January 2002. Please send your comments to me or the list. > > > > > > Not to be petty, but this stanza jumps out as a potentially historic > note. We will hope that MS does not live up to their long earned > reputation for not playing with others (http, kerberos, DNS, DDNS, > DHCP and others leap to mind). > > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > > operational rules and policies as they exist at time of its > > application, and agree to abide by future 6Bone backbone > > operational rules and policies as they evolve by consensus of the > > 6Bone backbone and user community. > > Need we define "consensus" and other words very, very, very, > clearly and concisely to avoid all loopholes? I must agree with this sentiment. Does 6bone have a lawyer or lawyers? Are any lawyers on this list? It would be a VERY wise move to have Microsoft representatives agree to these terms plainly in a legal document; trying to get Microsoft to conform after the fact is, well, impossible (the US government cannot do it). The very least that 6bone can do is have Microsoft agree to such terms in writing. As a NetBSD developer, I do not want to see our work become irrelevant should Microsoft start making incompatible protocols. Thanks, John Klos Sixgirls Computing Labs From michael@kjorling.com Tue Dec 18 15:20:28 2001 From: michael@kjorling.com (Michael Kjorling) Date: Tue, 18 Dec 2001 16:20:28 +0100 (CET) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I agree. I am not a Microsoft fan myself, but I cannot see how them having more address space would enable them to develop more (or less) "incompatible protocols". As has been said, it is quite possible to filter their routes if they misbehave. If Microsoft wants to design incompatible protocols to be used over IPv6, they can do that with or without having a pTLA on 6bone. I haven't had any problems with pTLA applicants before and I don't have any problems with them either. Michael Kjörling On Dec 18 2001 11:11 -0000, Mike Knell wrote: > > > > MICROSOFT has requested a pTLA allocation. The open review period for this > > > > will close 2 January 2002. Please send your comments to me or the list. > (snip) > > The very least that 6bone can do is have Microsoft agree to such terms in > > writing. As a NetBSD developer, I do not want to see our work become > > irrelevant should Microsoft start making incompatible protocols. > > Microsoft have had a presence on the 6bone for a long time, and I fail to > see (not that, I must confess, I'm that active in v6 stuff at the moment > after moving jobs) how granting them a block of address space should somehow > be seen as giving Microsoft carte blanche to "develop incompatible protocols". > > Can we try and be realistic here? > > Mike - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8H17CKqN7/Ypw4z4RAiBCAJ9zLms9RV9kUWMSgo+I+LkE58lIMgCfQUN2 84kPc/XguQUDfgNswag7yMw= =rteI -----END PGP SIGNATURE----- From deana.grein@safeway.com Tue Dec 18 17:11:10 2001 From: deana.grein@safeway.com (Deana Grein) Date: Tue, 18 Dec 2001 09:11:10 -0800 Subject: unscribe Message-ID: <3C1F78AD.DC8E60E0@safeway.com> unscribe "WorldSecure Server " made the following annotations on 12/18/01 10:11:11 ------------------------------------------------------------------------------ Warning: All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. ============================================================================== From michel@arneill-py.sacramento.ca.us Tue Dec 18 17:17:54 2001 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 18 Dec 2001 09:17:54 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <2B81403386729140A3A899A8B39B046405DDE7@server2000.arneill-py.sacramento.ca.us> >> From: Brig, Michael P. [mailto:brigm@spawar.navy.mil] >> I think Microsoft should be allowed it's pTLA. If we allow Cisco >> and Compaq then why not Microsoft? We should encourage greater >> participation verses building barriers. I agree. Besides, If we don't allow Microsoft to get a pTLA they will probably find another way that will be worse for everyone. Michel. From riel@conectiva.com.br Tue Dec 18 17:38:00 2001 From: riel@conectiva.com.br (Rik van Riel) Date: Tue, 18 Dec 2001 15:38:00 -0200 (BRST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Message-ID: On Tue, 18 Dec 2001, John Klos wrote: > > > MICROSOFT has requested a pTLA allocation. The open review period for this > > > will close 2 January 2002. Please send your comments to me or the list. > > > > > > > > > > Not to be petty, but this stanza jumps out as a potentially historic > > note. We will hope that MS does not live up to their long earned > > reputation for not playing with others (http, kerberos, DNS, DDNS, > > DHCP and others leap to mind). > I must agree with this sentiment. > The very least that 6bone can do is have Microsoft agree to such terms in > writing. As a NetBSD developer, I do not want to see our work become > irrelevant should Microsoft start making incompatible protocols. The fact that 2003::/16 got announced not two weeks ago makes me somewhat suspicious, too. A written document stating that Microsoft won't pull an "embrace, extend, extinguish" on 6bone (or something roughly like this, in legalese). regards, Rik -- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ http://www.surriel.com/ http://distro.conectiva.com/ From fink@es.net Tue Dec 18 18:16:40 2001 From: fink@es.net (Bob Fink) Date: Tue, 18 Dec 2001 10:16:40 -0800 Subject: 6bone pTLA 3FFE:82F0::/28 allocated to UDG Message-ID: <5.1.0.14.0.20011218101509.029d9078@imap2.es.net> UDG has been allocated pTLA 3FFE:82F0::/28 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to either bmanning@isi.edu or hostmaster@ep.net.] Thanks, Bob From rrockell@sprint.net Tue Dec 18 20:37:02 2001 From: rrockell@sprint.net (Robert J. Rockell) Date: Tue, 18 Dec 2001 15:37:02 -0500 (EST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002m In-Reply-To: Message-ID: The fact that it got announced is not as big of an issue as the fact that people on the 6bone saw the announcement, which means that no one has sufficient filtering policy in place... So we need to blame the 6bone community, not microsoft, who was doing what they thought was right, and what was never explicitly (until later) denied on the 6bone. removed some CC's Thanks Rob Rockell Principal Engineer SprintLink Europe/Asia (+1) 703-689-6322 Sprint IP Services : Thinking outside the 435 box ----------------------------------------------------------------------- On Tue, 18 Dec 2001, Rik van Riel wrote: ->On Tue, 18 Dec 2001, John Klos wrote: -> ->> > > MICROSOFT has requested a pTLA allocation. The open review period for this ->> > > will close 2 January 2002. Please send your comments to me or the list. ->> > > ->> > > ->> > ->> > Not to be petty, but this stanza jumps out as a potentially historic ->> > note. We will hope that MS does not live up to their long earned ->> > reputation for not playing with others (http, kerberos, DNS, DDNS, ->> > DHCP and others leap to mind). -> ->> I must agree with this sentiment. -> ->> The very least that 6bone can do is have Microsoft agree to such terms in ->> writing. As a NetBSD developer, I do not want to see our work become ->> irrelevant should Microsoft start making incompatible protocols. -> ->The fact that 2003::/16 got announced not two weeks ago ->makes me somewhat suspicious, too. A written document ->stating that Microsoft won't pull an "embrace, extend, ->extinguish" on 6bone (or something roughly like this, in ->legalese). -> ->regards, -> ->Rik ->-- ->DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ -> ->http://www.surriel.com/ http://distro.conectiva.com/ -> From riel@conectiva.com.br Tue Dec 18 20:57:53 2001 From: riel@conectiva.com.br (Rik van Riel) Date: Tue, 18 Dec 2001 18:57:53 -0200 (BRST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002m In-Reply-To: Message-ID: On Tue, 18 Dec 2001, Robert J. Rockell wrote: > ->The fact that 2003::/16 got announced not two weeks ago > ->makes me somewhat suspicious, too. > The fact that it got announced is not as big of an issue as the fact > that people on the 6bone saw the announcement, which means that no one > has sufficient filtering policy in place... So we need to blame the > 6bone community, not microsoft, Ummm, isn't it _their_ responsability as well to make sure they don't announce invalid prefixes to the 6bone ? I know it's easy to blame bad filtering on "the rest of the world", but never forget that the rest of the world starts with yourself. regards, Rik -- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ http://www.surriel.com/ http://distro.conectiva.com/ From riel@conectiva.com.br Tue Dec 18 21:00:31 2001 From: riel@conectiva.com.br (Rik van Riel) Date: Tue, 18 Dec 2001 19:00:31 -0200 (BRST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <2B81403386729140A3A899A8B39B046405DDE7@server2000.arneill-py.sacramento.ca.us> Message-ID: On Tue, 18 Dec 2001, Michel Py wrote: > >> From: Brig, Michael P. [mailto:brigm@spawar.navy.mil] > >> I think Microsoft should be allowed it's pTLA. If we allow Cisco > >> and Compaq then why not Microsoft? We should encourage greater > >> participation verses building barriers. > > I agree. Besides, If we don't allow Microsoft to get a pTLA they will > probably find another way that will be worse for everyone. Despite my earlier criticism about 2003:/16 being announced, I have to say I agree with this point of view. Rik -- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ http://www.surriel.com/ http://distro.conectiva.com/ From john@sixgirls.org Tue Dec 18 21:38:33 2001 From: john@sixgirls.org (John Klos) Date: Tue, 18 Dec 2001 16:38:33 -0500 (EST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <20E9E5720663D311957B0000F8E781DF03EDA6C8@sctern.atlantic.spawar.navy.mil> Message-ID: Hello, I didn't mean to start any kind of flame war; I think I should clarify my position. If all prolems can be solved by just refusing to peer with any entity that doesn't follow the spirit of the group, then what's the point of having guidelines? Is it really unimaginable that Microsoft could start utilising proprietary routing and / or proprietary extensions to IPv6 that it plans to use in the future to make only their IPv6 work with their systems? Or at least only allow certain features over their networks? While 6bone has little to do with protocols, this would not be in spirit of a useful 6bone. If the operational rules and policies are irrelevant because we can just "punish later", then there's nothing to worry about. If they do matter, it'd be at least historically significant to have a legal agreement stating such. > I think Microsoft should be allowed it's pTLA. If we allow Cisco and Compaq > then why not Microsoft? We should encourage greater participation verses > building barriers. Of course they should be allowed a pTLA. I think they need to commit (legally) to being a responsible 6bone member considering their history. > Now concerning the point that the US government can't get Microsoft to > conform... The US government has issues getting it's own personnel and > agencies to conform and work as team players. I believe any real world > organization, forum, industry group, alliance, coalition has this very same > issue. This is the silliest argument I have heard in a long time! I'm sorry, but are US Government agencies running illegal monopolies? Are they ignoring court orders? This is not an issue to be dismissed because "they're being really nice". This is a serious issue about asking a big giant who is sometimes mean to make sure it understands the rules, and that they will not use 6bone to develop technologies that are intended to hurt non-MS users. Thanks, John Klos Sixgirls Computing Labs From bs@posix.co.za Tue Dec 18 22:34:38 2001 From: bs@posix.co.za (Byron Sorgdrager) Date: Tue, 18 Dec 2001 22:34:38 GMT Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: References: Message-ID: <20011218.22343800@firestar.posix.co.za> > > > > MICROSOFT has requested a pTLA allocation. The open review period for this > > > > will close 2 January 2002. Please send your comments to me or the list. > > > > > > > > > > > > > > Not to be petty, but this stanza jumps out as a potentially historic > > > note. We will hope that MS does not live up to their long earned > > > reputation for not playing with others (http, kerberos, DNS, DDNS, > > > DHCP and others leap to mind). By sheer marketing power alone, microsoft could make the world take note of ipv6 and start getting people more geared towards it's rollout ... "Windows v6 - 128bit enhanced internet power at your fingertips" <- Buy it NOW !!! *grin* This forum is designed to help people test/play/tinker with ipv6 - and this is exactly what microsoft wants to do ... I say, let them play ... at least under the 6bone banner, we can still maybe try and sort out some potential hiccups before they hit the market with buggy inet software ... which i believe is the point behind 6bone ? - creating a stable enough environment for ipv6 to implement it ? As for me, I'll stick to OpenSource: Linux :) Just my 00000010 worth ... Byron Sorgdrager From hansolofalcon@worldnet.att.net Tue Dec 18 23:59:35 2001 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Tue, 18 Dec 2001 18:59:35 -0500 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Message-ID: <001a01c18820$10df86a0$2e9afea9@who> Hello from Gregg C Levine normally with Jedi Knight Computers Despite some of my earlier misgivings, especially those, so am I.(For those, please contact me off list.) It will enable Microsoft to develop workable solutions for the 6Bone, regardless of our own problems. (Would somebody please update me regarding what was being considered regards to Cisco?) ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) > -----Original Message----- > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of Rik > van Riel > Sent: Tuesday, December 18, 2001 4:01 PM > To: Michel Py > Cc: Brig, Michael P.; 6BONE List > Subject: RE: pTLA request for MICROSOFT - review closes 2 January 2002 > > On Tue, 18 Dec 2001, Michel Py wrote: > > > >> From: Brig, Michael P. [mailto:brigm@spawar.navy.mil] > > >> I think Microsoft should be allowed it's pTLA. If we allow Cisco > > >> and Compaq then why not Microsoft? We should encourage greater > > >> participation verses building barriers. > > > > I agree. Besides, If we don't allow Microsoft to get a pTLA they will > > probably find another way that will be worse for everyone. > > Despite my earlier criticism about 2003:/16 being announced, > I have to say I agree with this point of view. > > Rik > -- > DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ > > http://www.surriel.com/ http://distro.conectiva.com/ > > From bmanning@ISI.EDU Wed Dec 19 00:20:50 2001 From: bmanning@ISI.EDU (Bill Manning) Date: Tue, 18 Dec 2001 16:20:50 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <20011218162050.A27936@zed.isi.edu> I would like to see some clarification on which "Microsoft" is making the request. Microsoft Research has been quite active in v6 development over the years and has even taken a pro-active stance in recent weeks ( 2003:: anyone? :) that would argue for caution. However, it would be highly desirable to see Microsoft (MSN, hotmail, et.al.) get connected to the 6bone and then we could ask Microsoft research to work within the corporate network administration for their IPv6 needs. IMHO, this would be ideal. --bill From mcr@sandelman.ottawa.on.ca Wed Dec 19 01:34:55 2001 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Tue, 18 Dec 2001 20:34:55 -0500 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Your message of "Tue, 18 Dec 2001 16:20:28 +0100." Message-ID: <200112190135.fBJ1Yt004077@marajade.sandelman.ottawa.on.ca> Imagine if Microsoft started assigning a /128 (or /120 for that matter) to each registered copy of XP. (A single /64 of their address space would last a rather long time) They then use this as the inner address of IPsec tunnels over which they provide services to their XP (XP 2.0, etc..) customers. You must use this in order to use, for instance, passport. {Oh, and they permit you to populate the reverse map with your certificate to be properly authenticated. } ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ From fink@es.net Wed Dec 19 02:31:50 2001 From: fink@es.net (Bob Fink) Date: Tue, 18 Dec 2001 18:31:50 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <20011218162050.A27936@zed.isi.edu> Message-ID: <5.1.0.14.0.20011218183011.03241e60@imap2.es.net> Bill, At 04:20 PM 12/18/2001 -0800, Bill Manning wrote: > I would like to see some clarification on which "Microsoft" is making >the request. Microsoft Research has been quite active in v6 development over >the years and has even taken a pro-active stance in recent weeks >( 2003:: anyone? :) that would argue for caution. However, it would be highly >desirable to see Microsoft (MSN, hotmail, et.al.) get connected to the 6bone >and then we could ask Microsoft research to work within the corporate network >administration for their IPv6 needs. IMHO, this would be ideal. The pTLA application said this is for their corporate net as well as research: >IPv6 Backbone Services: >Microsoft Information Technology Group provides enterprise-wide network >connectivity to Microsoft research and development sites across the >globe. Prefixes derived from the pTLA would be used to address sites >across several different geographic regions and will interconnect >externally with diverse providers. In addition, this will serve as >initial research toward eventual deployment of IPv6 services across >Microsoft's Internet network properties. Bob From tony@lava.net Wed Dec 19 05:31:35 2001 From: tony@lava.net (Antonio Querubin) Date: Tue, 18 Dec 2001 19:31:35 -1000 (HST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Message-ID: On Tue, 18 Dec 2001, John Klos wrote: > This is not an issue to be dismissed because "they're being really nice". > This is a serious issue about asking a big giant who is sometimes mean to > make sure it understands the rules, and that they will not use 6bone to > develop technologies that are intended to hurt non-MS users. While I would agree that getting MicroSoft to adhere to 6Bone rules is a serious issue, I don't think it warrants putting them through a gauntlet significantly more stringent than the rest of us have already gone through to obtain our pTLAs. They've agreed to the rules in the same manner that each of us did. If the process isn't binding enough for MicroSoft then it certainly isn't binding enough for the rest of us either and the rules should be modified. But I just don't see that as being necessary or desirable. From michael@kjorling.com Wed Dec 19 11:05:46 2001 From: michael@kjorling.com (Michael Kjorling) Date: Wed, 19 Dec 2001 12:05:46 +0100 (CET) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <200112190135.fBJ1Yt004077@marajade.sandelman.ottawa.on.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just a comment out of curiosity - why wouldn't they be able to do that same thing with what they have now? Matter of fact is that they do have two /48s: (from the 6Bone whois) ipv6-site: MICROSOFT origin: AS8070 descr: Microsoft IPv6 Site country: US prefix: 3FFE:2900:201::/48 prefix: 3FFE:C00:8036::/48 Two /48s is quite a bit of address space, even though it is not a pTLA. They could easily take a /64 out of that (or even a /80 - Ethernet MAC addresses are 48 bits and 80+48=128) and designate that to their customers, _if_they_want_to_. Plus, if they decide to make their services (say, Passport) IPv6-only when a great deal of the world does not speak IPv6, that will cause a major uproar. I don't think they would be able to do that, actually. As I have said, I am not a fan of Microsoft. But I don't see why them getting a pTLA on 6Bone or not would help or stop them from developing incompatible protocols. Those are two completely different issues. Michael Kjörling On Dec 18 2001 20:34 -0500, Michael Richardson wrote: > Imagine if Microsoft started assigning a /128 (or /120 for that matter) to > each registered copy of XP. (A single /64 of their address space would last > a rather long time) > > They then use this as the inner address of IPsec tunnels over which they > provide services to their XP (XP 2.0, etc..) customers. You must use this > in order to use, for instance, passport. > > {Oh, and they permit you to populate the reverse map with your certificate > to be properly authenticated. } - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8IHSNKqN7/Ypw4z4RAmQZAJ0SubeF2JLU1MSqhwx9a1y/gnJCjACg9efx 5VE7pL+3cIidHYxytk8OH54= =Zu1P -----END PGP SIGNATURE----- From fink@es.net Wed Dec 19 15:15:04 2001 From: fink@es.net (Bob Fink) Date: Wed, 19 Dec 2001 07:15:04 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: References: Message-ID: <5.1.0.14.0.20011219071429.032a1f60@imap2.es.net> Antonio, At 07:31 PM 12/18/2001 -1000, Antonio Querubin wrote: >On Tue, 18 Dec 2001, John Klos wrote: > > > This is not an issue to be dismissed because "they're being really nice". > > This is a serious issue about asking a big giant who is sometimes mean to > > make sure it understands the rules, and that they will not use 6bone to > > develop technologies that are intended to hurt non-MS users. > >While I would agree that getting MicroSoft to adhere to 6Bone rules is a >serious issue, I don't think it warrants putting them through a gauntlet >significantly more stringent than the rest of us have already gone through >to obtain our pTLAs. They've agreed to the rules in the same manner that >each of us did. If the process isn't binding enough for MicroSoft then it >certainly isn't binding enough for the rest of us either and the rules >should be modified. But I just don't see that as being necessary or >desirable. Your point is quite correct. Thanks for making it. Bob From F.J.Silva@inter.NL.net Thu Dec 20 06:47:35 2001 From: F.J.Silva@inter.NL.net (FJ) Date: Wed, 19 Dec 2001 22:47:35 -0800 Subject: No subject Message-ID: <000201c189dd$d2c9c1e0$a17a74d5@parents> This is a multi-part message in MIME format. ------=_NextPart_000_0009_01C188DF.26BEAF40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable unsubscribe ------=_NextPart_000_0009_01C188DF.26BEAF40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
unsubscribe
------=_NextPart_000_0009_01C188DF.26BEAF40-- From elch@toppoint.de Wed Dec 19 21:24:09 2001 From: elch@toppoint.de (=?iso-8859-1?Q?Bj=F6rn?= Roggensack) Date: Wed, 19 Dec 2001 22:24:09 +0100 Subject: Ipv6 -> ipv4 tunneling Message-ID: <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> Hi there, We have an little problem with our Network here. It is an little IPv4 network with some dial-in connections (with fix ip) And now we want to set up an ipv6 -> ipv4 tunnel to the dial-in connections, that our members can use ipv6 on there clients too. Now my problem is that I don´t know how to build an ipv6 -> ipv4 tunnel on my Debian 3.0. Someone knows how to build it? Or has an idea how to build?? So far Björn -- Ich wohn da wo andere Urlaub machen Hier gibt es nur Flachland, aber deshalb einen weiten Horizont From mcr@sandelman.ottawa.on.ca Wed Dec 19 21:22:40 2001 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Wed, 19 Dec 2001 16:22:40 -0500 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: Your message of "Wed, 19 Dec 2001 12:05:46 +0100." Message-ID: <200112192122.fBJLMf117582@marajade.sandelman.ottawa.on.ca> >>>>> "Michael" == Michael Kjorling writes: Michael> Just a comment out of curiosity - why wouldn't they be able to Michael> do that same thing with what they have now? Matter of fact is Michael> that they do have two /48s: Michael> (from the 6Bone whois) ipv6-site: MICROSOFT origin: AS8070 Michael> descr: Microsoft IPv6 Site country: US prefix: Michael> 3FFE:2900:201::/48 prefix: 3FFE:C00:8036::/48 Aren't these prefixes subject to recall? Michael> Plus, if they decide to make their services (say, Passport) Michael> IPv6-only when a great deal of the world does not speak IPv6, Michael> that will cause a major uproar. I don't think they would be able Michael> to do that, actually. Who said anything about making password IPv6 only? You just might have to have an IPv6 address to use it. Michael> As I have said, I am not a fan of Microsoft. But I don't see why Michael> them getting a pTLA on 6Bone or not would help or stop them from Michael> developing incompatible protocols. Those are two completely Michael> different issues. I'm just throwing a strawman into the field. There are many things that having control over a number space permits. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ From michael@kjorling.com Wed Dec 19 21:34:26 2001 From: michael@kjorling.com (Michael Kjorling) Date: Wed, 19 Dec 2001 22:34:26 +0100 (CET) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <200112192122.fBJLMf117582@marajade.sandelman.ottawa.on.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 19 2001 16:22 -0500, Michael Richardson wrote: > >>>>> "Michael" == Michael Kjorling writes: > Michael> (from the 6Bone whois) ipv6-site: MICROSOFT origin: AS8070 > Michael> descr: Microsoft IPv6 Site country: US prefix: > Michael> 3FFE:2900:201::/48 prefix: 3FFE:C00:8036::/48 > > Aren't these prefixes subject to recall? That is something I know nothing about, actually. > Michael> Plus, if they decide to make their services (say, Passport) > Michael> IPv6-only when a great deal of the world does not speak IPv6, > Michael> that will cause a major uproar. I don't think they would be able > Michael> to do that, actually. > > Who said anything about making password IPv6 only? > You just might have to have an IPv6 address to use it. Which, in the end, would amount to about the same thing. My definition of "IPv6-only" would be that you have to have IPv6 to use it. > Michael> As I have said, I am not a fan of Microsoft. But I don't see why > Michael> them getting a pTLA on 6Bone or not would help or stop them from > Michael> developing incompatible protocols. Those are two completely > Michael> different issues. > > I'm just throwing a strawman into the field. > There are many things that having control over a number space permits. I won't argue that particular point one way or another - I just wonder, does it help or prevent them from developing protocols, compatible or not? I seriously think it doesn't do much for that. There _are_ site local prefixes available if they just want a large number of addresses, and I am certain there is ways to toss packets back and forth between sites as well. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e "There is something to be said about not trying to be glamorous and popular and cool. Just be real -- and life will be real." (Joyce Sequichie Hifler, September 13 2001, www.hifler.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE8IQfmKqN7/Ypw4z4RApWoAKDrErVvK3HASBwo6OvQgC+hJFyiegCgmyWk ryyw7Bnd23BeLZdos6Y133c= =k3XE -----END PGP SIGNATURE----- From george+6bone@m5p.com Wed Dec 19 22:40:20 2001 From: george+6bone@m5p.com (george+6bone@m5p.com) Date: Wed, 19 Dec 2001 14:40:20 -0800 (PST) Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <200112192240.fBJMeKYf005365@m5p.com> I will yield to no one in the faintness of my admiration of Microsoft, but aren't we making a mountain out of a molehill? To make Microsoft a pTLA seems to me to guarantee that the world will begin to take notice of IPv6, which sure isn't happening now. -- George Mitchell (george+ipv6@m5p.com) From cengdahl@microsoft.com Wed Dec 19 23:32:43 2001 From: cengdahl@microsoft.com (Chris Engdahl) Date: Wed, 19 Dec 2001 15:32:43 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <629B9EAE2E453944BCBCFD693E6C5B7904AB493F@red-msg-03.redmond.corp.microsoft.com> Hi Bill, Bob, and greets to the 6Bone community- Thanks for this excellent opportunity to provide a bit more info on our request. We (Dennis, Matthew, and I, a.k.a. ipv6eng@microsoft.com) are part of the ITG division, which is the internal technology service organization for Microsoft Corporation. We are separate from MSN, from MS Research, and from all Windows development units. We count these other divisions as 'clients,' and we service the entire MS corporate network as well as some non-production Internet-based networks. It is in this spirit that we're assuming the maintenance of the existing 6Bone presence from MS Research in Redmond (Seattle, WA, US). We're picking up this service on their behalf to allow our Research folks to spend more time on actual research, and less on running networks. We hope to use this as a learning experience toward enabling IPv6 on more of Microsoft's Internet services in the as-yet-undefined future timeline, but enabling v6 on MSN, Hotmail, et al is not in MS ITG's charter. So, we are serving as an 'internal' service provider for IPv6 over our Enterprise network, and we'll serve as an 'external' service provider to the 6Bone for those groups who require it, and we will do our damndest to do so for both within the guidelines set forth by the 6Bone community. If there are ever any questions about our involvement in the 6Bone, we can be found at mailto:ipv6eng@microsoft.com. One of us will respond directly to anyone having questions or concerns about our routing implementation, policies, or any traffic generated by any of our sites. The garden-variety derogatory and/or pseudo-legal questions and comments will happily be ignored, thank you. If anyone is interested in Microsoft's involvement in the research, development, or efforts toward providing a wider user base for IPv6 and related technologies, check http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/. Thanks to all for the consideration of our request- Chris Engdahl -----Original Message----- From: Bill Manning [mailto:bmanning@ISI.EDU] Sent: Tuesday, December 18, 2001 4:21 PM To: 6bone@ISI.EDU Subject: RE: pTLA request for MICROSOFT - review closes 2 January 2002 I would like to see some clarification on which "Microsoft" is making the request. Microsoft Research has been quite active in v6 development over the years and has even taken a pro-active stance in recent weeks ( 2003:: anyone? :) that would argue for caution. However, it would be highly desirable to see Microsoft (MSN, hotmail, et.al.) get connected to the 6bone and then we could ask Microsoft research to work within the corporate network administration for their IPv6 needs. IMHO, this would be ideal. --bill From fink@es.net Wed Dec 19 23:58:16 2001 From: fink@es.net (Bob Fink) Date: Wed, 19 Dec 2001 15:58:16 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 In-Reply-To: <629B9EAE2E453944BCBCFD693E6C5B7904AB493F@red-msg-03.redmon d.corp.microsoft.com> Message-ID: <5.1.0.14.0.20011219155750.031f6688@imap2.es.net> Chris, Thanks for the information. Bob === At 03:32 PM 12/19/2001 -0800, Chris Engdahl wrote: >Hi Bill, Bob, and greets to the 6Bone community- > >Thanks for this excellent opportunity to provide a bit more info on our >request. > >We (Dennis, Matthew, and I, a.k.a. ipv6eng@microsoft.com) are part of >the ITG division, which is the internal technology service organization >for Microsoft Corporation. > >We are separate from MSN, from MS Research, and from all Windows >development units. We count these other divisions as 'clients,' and we >service the entire MS corporate network as well as some non-production >Internet-based networks. > >It is in this spirit that we're assuming the maintenance of the existing >6Bone presence from MS Research in Redmond (Seattle, WA, US). We're >picking up this service on their behalf to allow our Research folks to >spend more time on actual research, and less on running networks. > >We hope to use this as a learning experience toward enabling IPv6 on >more of Microsoft's Internet services in the as-yet-undefined future >timeline, but enabling v6 on MSN, Hotmail, et al is not in MS ITG's >charter. > >So, we are serving as an 'internal' service provider for IPv6 over our >Enterprise network, and we'll serve as an 'external' service provider to >the 6Bone for those groups who require it, and we will do our damndest >to do so for both within the guidelines set forth by the 6Bone >community. > >If there are ever any questions about our involvement in the 6Bone, we >can be found at mailto:ipv6eng@microsoft.com. One of us will respond >directly to anyone having questions or concerns about our routing >implementation, policies, or any traffic generated by any of our sites. >The garden-variety derogatory and/or pseudo-legal questions and comments >will happily be ignored, thank you. > >If anyone is interested in Microsoft's involvement in the research, >development, or efforts toward providing a wider user base for IPv6 and >related technologies, check http://www.microsoft.com/ipv6 and >http://research.microsoft.com/msripv6/. > >Thanks to all for the consideration of our request- >Chris Engdahl > >-----Original Message----- >From: Bill Manning [mailto:bmanning@ISI.EDU] >Sent: Tuesday, December 18, 2001 4:21 PM >To: 6bone@ISI.EDU >Subject: RE: pTLA request for MICROSOFT - review closes 2 January 2002 > > > I would like to see some clarification on which "Microsoft" is >making the request. Microsoft Research has been quite active in v6 >development over the years and has even taken a pro-active stance in >recent weeks >( 2003:: anyone? :) that would argue for caution. However, it would be >highly desirable to see Microsoft (MSN, hotmail, et.al.) get connected >to the 6bone and then we could ask Microsoft research to work within the >corporate network administration for their IPv6 needs. IMHO, this would >be ideal. > >--bill From helios@balios.org Thu Dec 20 07:09:24 2001 From: helios@balios.org (helios@balios.org) Date: Thu, 20 Dec 2001 08:09:24 +0100 Subject: Ipv6 -> ipv4 tunneling In-Reply-To: <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> References: <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> Message-ID: <1008832164.3c218ea4cca97@webmail1.t2.tuxfamily.net> Quoting Björn Roggensack : > Hi there, > > We have an little problem with our Network here. > It is an little IPv4 network with some dial-in > connections (with fix ip) > And now we want to set up an ipv6 -> ipv4 tunnel > to the dial-in connections, that our members can > use ipv6 on there clients too. > Now my problem is that I don´t know how to build > an ipv6 -> ipv4 tunnel on my Debian 3.0. > Someone knows how to build it? Or has an idea how > to build?? > So far Hi ! lynx http://www.freenet6.net apt-get install freenet6 vi /etc/tspc.conf /etc/init.d/freenet6 start Cheers, -- Helios de Creisquer From svein.ove@aas.no Thu Dec 20 13:17:41 2001 From: svein.ove@aas.no (Svein Ove Aas) Date: Thu, 20 Dec 2001 14:17:41 +0100 Subject: Ipv6 -> ipv4 tunneling In-Reply-To: <1008832164.3c218ea4cca97@webmail1.t2.tuxfamily.net> References: <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> <1008832164.3c218ea4cca97@webmail1.t2.tuxfamily.net> Message-ID: <200112201317.OAA28541@mail48.fg.online.no> > Hi ! > > lynx http://www.freenet6.net > apt-get install freenet6 > vi /etc/tspc.conf > /etc/init.d/freenet6 start > > Cheers, Did that, actually... got the following output. crfh:/home/svein# tspc -v tspc - Tunnel Server Protocol Client Loading configuration file Connecting to server Using [146.172.26.99] as source IPv4 address. Send request Process response from server TSP_HOST_TYPE router TSP_TUNNEL_INTERFACE sit1 TSP_HOME_INTERFACE eth0 TSP_CLIENT_ADDRESS_IPV4 146.172.26.99 TSP_CLIENT_ADDRESS_IPV6 3ffe:0b80:0002:33ea:0000:0000:0000:0002 TSP_SERVER_ADDRESS_IPV4 TSP_SERVER_ADDRESS_IPV6 3ffe:0b80:0002:33ea:0000:0000:0000:0001 TSP_TUNNEL_PREFIXLEN 128 TSP_PREFIX 3ffe:0b80:05af TSP_PREFIXLEN 48 TSP_VERBOSE 1 TSP_HOME_DIR /usr/lib/freenet6 --- Start of configuration script. --- Script: linux.sh sit1 setup Setting up link to Command line is not complete. Try option "help" Error while executing /sbin/ip Command: /sbin/ip tunnel add sit1 mode sit ttl 64 remote Closing, exit status: 0 Exiting with return code : 0 (0 = no error) ---------------------------------------------------------------- Pretty obvious what the error is, but I didn't get a response when I tried to contact them... any ideas? -- Beware those who would deny you information, for in their hearts they dream themselves your master. From elch@toppoint.de Thu Dec 20 17:12:22 2001 From: elch@toppoint.de (=?iso-8859-1?Q?Bj=F6rn?= Roggensack) Date: Thu, 20 Dec 2001 18:12:22 +0100 Subject: Ipv6 -> ipv4 tunneling In-Reply-To: <1008832164.3c218ea4cca97@webmail1.t2.tuxfamily.net> References: <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> Message-ID: <5.1.0.14.1.20011220181213.02a69b18@pop3.toppoint.de> Hi again! I thin you missunderstod me! I don´t need an tunnel client! I need something like an tunneld. Bjoern -- Ich wohn da wo andere Urlaub machen Hier gibt es nur Flachland, aber deshalb einen weiten Horizont From dios-vol@telecom.noc.udg.mx Thu Dec 20 18:13:44 2001 From: dios-vol@telecom.noc.udg.mx (Harold de Dios Tovar Volunt) Date: Thu, 20 Dec 2001 12:13:44 -0600 (CST) Subject: Gratefullnes.... Message-ID: The IPv6 Staff UDG is grateful for have gotten the pNLA prefix. We will keep working and investigating in this topic. Thanks for your attention Bob and 6bone folk..... -------------------------------------- Harold de Dios Tovar home: (01) 36 726016 work: (01) 31 342232 ext. 2321 e-m@il: harold@noc.udg.mx harold@mexp5.mexplaza.com.mx NOC: Network Operation Center IPv6 Staff Working Group -------------------------------------- From chuck+6bone@snew.com Thu Dec 20 19:48:18 2001 From: chuck+6bone@snew.com (Chuck Yerkes) Date: Thu, 20 Dec 2001 11:48:18 -0800 Subject: 6bone - experiment into production (no longer pTLA/MICROSOFT) Message-ID: <20011220114818.B12627@snew.com> Quoting -------- ... > Things is, like I mentioned, we may just need the marketing they can > provide to help people understand that ipv6 is available, and should be > used ... .... (other interesting, but not relevant stuff removed) I don't expect Windows with 6 only in the next 5 years. I do expect that the BACK END of large systems can become 6-only. E.g. All the routers and infrastructure hosts in large ISP's (Worldcom, Sprint, AOL, etc) and the parts that are hidden from desktop machines. So might Hotmail or the .net mess start being 6-only? Sure, in the infrastructure. As these clouds of 6 grow, where they join, they can drop ip4. So where Sprint peers with Worldcom, it may become IPv6 with gateways at the edges. Part of this, of course, requires that the routers themselves be able to gateway 6-4. Those reams of dialups that Earthlink uses will still run IPv4 only for a LONG time. The next hop has to start to be able to be that transition/translation point. We can hold out like that for the YEARS it will take for end-user tools to be IPv6 aware. At some point the "6bone" has to become ancillary as "real" production 6networks appear. Doesn't seem like much difference. The addresses I use are production for all intents and purposes, just like the 10.0.0.0 and other RFC1918 addresses that are at clients' sites. If my application needs were met, I could certainly run the infrastructure on 6. I can run 6 AND 4 right now just fine on the desktops that are ready for it. The experimental part seems to be the interconnectedness of any networks running IPv6. The folks on this list are into the bleeding edge. I'd offer that with *BSD, Solaris, Linux, AIX, Irix and others shipping with IPv6 for the last couple years, *and* now with Cisco shipping IPv6 support in the routers - important glue - that the pieces are in falling into place to have production 6 networks. (okay, apps like NFS, portmap and such are lagging, but I expect many of those to be fixed in the next year - perhaps 2 years for the closed-source OS's with only limited resources). The point is that we're at a turning point where 6 is available for general use. Some tools are certainly missing, but what? What needs to occur to take the 6 network from a playground/test network onward into real production? Are there companies that are willing to show that it's ready for the real world. Is it ready for a place like Worldcom/UUNet to start to use it's core at least? Is it ready for Covad to use from the DSL connection points out to their providers? What's the time line like for that technically? Politically? Are seed projects panning out? The more pressing points to me are where there are growth explosions. As PDAs and phones become connected, it's not inconceivable that CellOne or AT&T might come forward with a need for a several million addresses. Is the equipment ready to have them run a standard, or do they stick with proprietary protocols with translating proxies? I'd love to have some 6-net discussions at the next Usenix. It's too late (and perhaps too sparse) for a track, but a Works in progress or BOF, at the least, could be fruitful. Discuss. chuck From yjchui@cht.com.tw Fri Dec 21 07:17:07 2001 From: yjchui@cht.com.tw (yjchu) Date: Fri, 21 Dec 2001 15:17:07 +0800 Subject: about Toolnet6 Message-ID: <012401c189ef$7f9513f0$8d59900a@twinkletaipei> This is a multi-part message in MIME format. ------=_NextPart_000_0121_01C18A32.8DAEB700 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: quoted-printable Has anybody ever tried Hitachi toolnet6 freeware? I would like to know = if the tool can be used as a NAT-PT gateway?=20 Thanks a lot Yann-Ju Chu ChungHwa Telecom. Co. ------=_NextPart_000_0121_01C18A32.8DAEB700 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: quoted-printable
Has anybody ever tried Hitachi = toolnet6 freeware?=20 I would like to know if the tool can be used as a NAT-PT gateway? =
Thanks a lot
 
Yann-Ju Chu
ChungHwa Telecom. = Co.
------=_NextPart_000_0121_01C18A32.8DAEB700-- From Francis.Dupont@enst-bretagne.fr Fri Dec 21 16:20:32 2001 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Fri, 21 Dec 2001 17:20:32 +0100 Subject: 6bone - experiment into production (no longer pTLA/MICROSOFT) In-Reply-To: Your message of Thu, 20 Dec 2001 11:48:18 PST. <20011220114818.B12627@snew.com> Message-ID: <200112211620.fBLGKWD69785@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: (okay, apps like NFS, portmap and such are lagging, but I expect many of those to be fixed in the next year - => you are already a bit late, there were some SunRPC over IPv6 (with of course NFS & co) since two years. perhaps 2 years for the closed-source OS's with only limited resources). => so your estimation is highly pessimistic. Some tools are certainly missing, but what? => the real missing tool is network management (a special MIB session at next IETF meeting (:-)?) Regards Francis.Dupont@enst-bretagne.fr PS: send your desires of IPv6 discussion to the IPv6 Forum. From helios@balios.org Sat Dec 22 22:40:08 2001 From: helios@balios.org (Helios de Creisquer) Date: Sat, 22 Dec 2001 23:40:08 +0100 Subject: Ipv6 -> ipv4 tunneling In-Reply-To: <200112201317.OAA28541@mail48.fg.online.no> References: <5.1.0.14.1.20011219222304.029f3678@pop3.toppoint.de> <1008832164.3c218ea4cca97@webmail1.t2.tuxfamily.net> <200112201317.OAA28541@mail48.fg.online.no> Message-ID: <20011222224008.GA22770@balios.org> On Thu, Dec 20, 2001 at 02:17:41PM +0100, Svein Ove Aas wrote: > TSP_HOST_TYPE router > TSP_TUNNEL_INTERFACE sit1 > TSP_HOME_INTERFACE eth0 > TSP_CLIENT_ADDRESS_IPV4 146.172.26.99 > TSP_CLIENT_ADDRESS_IPV6 3ffe:0b80:0002:33ea:0000:0000:0000:0002 > TSP_SERVER_ADDRESS_IPV4 > TSP_SERVER_ADDRESS_IPV6 3ffe:0b80:0002:33ea:0000:0000:0000:0001 > TSP_TUNNEL_PREFIXLEN 128 > TSP_PREFIX 3ffe:0b80:05af > TSP_PREFIXLEN 48 > TSP_VERBOSE 1 > TSP_HOME_DIR /usr/lib/freenet6 > --- Start of configuration script. --- > Script: linux.sh > sit1 setup > Setting up link to > Command line is not complete. Try option "help" > Error while executing /sbin/ip > Command: /sbin/ip tunnel add sit1 mode sit ttl 64 remote > Closing, exit status: 0 > Exiting with return code : 0 (0 = no error) yep... You should downgrade to freenet6_0.9.3-2_i386.deb the 0.9.5 package is broken. it doesnt get the server ipv4 address and is therefore unable to establish the tunnel. Cheers, -- Helios de Creisquer http://www.tuxfamily.org/ http://www.vhffs.org/ +33 (0)6 70 71 20 29 http://www.gnu.org/ GPG(1024D/96EB1C44): FB11 8B80 4D86 D9C2 DE0C 11D7 2FA8 A5CC 96EB 1C44 From helios@balios.org Sat Dec 22 23:16:01 2001 From: helios@balios.org (Helios de Creisquer) Date: Sun, 23 Dec 2001 00:16:01 +0100 Subject: [helios@balios.org: Re: Ipv6 -> ipv4 tunneling] Message-ID: <20011222231601.GA22996@balios.org> Hello again ! I just written: > yep... > > You should downgrade to freenet6_0.9.3-2_i386.deb > the 0.9.5 package is broken. > it doesnt get the server ipv4 address and is therefore unable to > establish the tunnel. Hum, I've mistaken... With two hosts with the same config but different versions, one works, and the other not, but after upgrade, no differences: root@alter:~# grep '' freenet6fetched 16177 read(5, "200 Undefined\r\n\n \n
206.123.31.114
\n
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type=\"ipv6\">3ffe:0b80:0002:32e4:0000:0000:0000:0001
\n \n \n
193.252.53.21
\n
3ffe:0b80:0002:32e4:0000:0000:0000:0002
\n
baliosorg.tsps1.freenet6.net
\n \n 3ffe:0b80:02f1:0000:0000:0000:0000:0000\n \n \n\n", 516) = 516 root@camelot:~# grep '' freenet6fetched 3285 read(5, "200 Undefined\r\n\n \n
\n > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
3ffe:0b80:0002:33e5:0000:0000:0000:0001
\n \n \n
62.212.98.244
\n
3ffe:0b80:0002:33e5:0000:0000:0000:0002
\n
vguideparis.tsps1.freenet6.net
\n \n 3ffe:0b80:05ad:0000:0000:0000:0000:0000\n \n \n\n", 504) = 504 First works well, the other one not !!! the version is exactly the same, here are md5sums from binaries and diffs from config files: root@alter:~# md5sum `which tspc` be326b0711123b96ccbd4bef9beda802 /usr/sbin/tspc root@camelot:~# md5sum `which tspc` be326b0711123b96ccbd4bef9beda802 /usr/sbin/tspc root@alter:~# md5sum `locate linux.sh` f40f92e207b087a06a5f670c398a1a4b /usr/lib/freenet6/template/linux.sh root@camelot:~# md5sum `locate linux.sh` f40f92e207b087a06a5f670c398a1a4b /usr/lib/freenet6/template/linux.sh root@camelot:~# diff /etc/tspc.conf tspc.conf 11c11 < if_prefix=eth0 --- > if_prefix=eth1 13,14c13,14 < userid=[snip] < passwd=[snip] --- > userid=[snip] > passwd=[snip] It seems to me a little "Magic, more magic !!" If someone's got an idea... I'm very very very interested :) Cheers, -- Helios de Creisquer http://www.tuxfamily.org/ http://www.vhffs.org/ +33 (0)6 70 71 20 29 http://www.gnu.org/ GPG(1024D/96EB1C44): FB11 8B80 4D86 D9C2 DE0C 11D7 2FA8 A5CC 96EB 1C44 From cengdahl@microsoft.com Wed Dec 19 23:32:43 2001 From: cengdahl@microsoft.com (Chris Engdahl) Date: Wed, 19 Dec 2001 15:32:43 -0800 Subject: pTLA request for MICROSOFT - review closes 2 January 2002 Message-ID: <629B9EAE2E453944BCBCFD693E6C5B7904AB493F@red-msg-03.redmond.corp.microsoft.com> Hi Bill, Bob, and greets to the 6Bone community- Thanks for this excellent opportunity to provide a bit more info on our request. We (Dennis, Matthew, and I, a.k.a. ipv6eng@microsoft.com) are part of the ITG division, which is the internal technology service organization for Microsoft Corporation. We are separate from MSN, from MS Research, and from all Windows development units. We count these other divisions as 'clients,' and we service the entire MS corporate network as well as some non-production Internet-based networks. It is in this spirit that we're assuming the maintenance of the existing 6Bone presence from MS Research in Redmond (Seattle, WA, US). We're picking up this service on their behalf to allow our Research folks to spend more time on actual research, and less on running networks. We hope to use this as a learning experience toward enabling IPv6 on more of Microsoft's Internet services in the as-yet-undefined future timeline, but enabling v6 on MSN, Hotmail, et al is not in MS ITG's charter. So, we are serving as an 'internal' service provider for IPv6 over our Enterprise network, and we'll serve as an 'external' service provider to the 6Bone for those groups who require it, and we will do our damndest to do so for both within the guidelines set forth by the 6Bone community. If there are ever any questions about our involvement in the 6Bone, we can be found at mailto:ipv6eng@microsoft.com. One of us will respond directly to anyone having questions or concerns about our routing implementation, policies, or any traffic generated by any of our sites. The garden-variety derogatory and/or pseudo-legal questions and comments will happily be ignored, thank you. If anyone is interested in Microsoft's involvement in the research, development, or efforts toward providing a wider user base for IPv6 and related technologies, check http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/. Thanks to all for the consideration of our request- Chris Engdahl -----Original Message----- From: Bill Manning [mailto:bmanning@ISI.EDU] Sent: Tuesday, December 18, 2001 4:21 PM To: 6bone@ISI.EDU Subject: RE: pTLA request for MICROSOFT - review closes 2 January 2002 I would like to see some clarification on which "Microsoft" is making the request. Microsoft Research has been quite active in v6 development over the years and has even taken a pro-active stance in recent weeks ( 2003:: anyone? :) that would argue for caution. However, it would be highly desirable to see Microsoft (MSN, hotmail, et.al.) get connected to the 6bone and then we could ask Microsoft research to work within the corporate network administration for their IPv6 needs. IMHO, this would be ideal. --bill From hansolofalcon@worldnet.att.net Mon Dec 24 00:03:26 2001 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Sun, 23 Dec 2001 19:03:26 -0500 Subject: OT:Mail loop? Message-ID: <000001c18c0e$69e30140$2e9afea9@who> Hello from Gregg C Levine normally with Jedi Knight Computers I just received a message from the list server, that while welcome, was dated for Wednesday. Last week. Is there anyone else who has received just such a message? It was talking about the issues regarding Microsoft, and its efforts to enter IPv6. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) From Marc.Blanchet@viagenie.qc.ca Mon Dec 24 19:12:59 2001 From: Marc.Blanchet@viagenie.qc.ca (Marc Blanchet) Date: Mon, 24 Dec 2001 14:12:59 -0500 Subject: [helios@balios.org: Re: Ipv6 -> ipv4 tunneling] In-Reply-To: <20011222231601.GA22996@balios.org> References: <20011222231601.GA22996@balios.org> Message-ID: <62150000.1009221179@classic> it is probably more useful to discuss this in the freenet6 mailing lists: users@freenet6.net (users of freenet6) tsp-support@freenet6.net (support of freenet6) Marc. -- dimanche, décembre 23, 2001 00:16:01 +0100 Helios de Creisquer wrote/a écrit: > Hello again ! > > I just written: >> yep... >> >> You should downgrade to freenet6_0.9.3-2_i386.deb >> the 0.9.5 package is broken. >> it doesnt get the server ipv4 address and is therefore unable to >> establish the tunnel. > > Hum, I've mistaken... With two hosts with the same config but different > versions, one works, and the other not, but after upgrade, no > differences: > > root@alter:~# grep '' freenet6fetched > 16177 read(5, "200 Undefined\r\n lifetime=\"129600\">\n \n
type=\"ipv4\">206.123.31.114
\n
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > type=\"ipv6\">3ffe:0b80:0002:32e4:0000:0000:0000:0001
\n > \n \n
193.252.53.21
\n >
type=\"ipv6\">3ffe:0b80:0002:32e4:0000:0000:0000:0002
\n >
baliosorg.tsps1.freenet6.net
\n > \n length=\"48\">3ffe:0b80:02f1:0000:0000:0000:0000:0000\n > \n \n\n", 516) = 516 > > > > root@camelot:~# grep '' freenet6fetched > 3285 read(5, "200 Undefined\r\n lifetime=\"129600\">\n \n
\n >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >
type=\"ipv6\">3ffe:0b80:0002:33e5:0000:0000:0000:0001
\n > \n \n
62.212.98.244
\n >
type=\"ipv6\">3ffe:0b80:0002:33e5:0000:0000:0000:0002
\n >
vguideparis.tsps1.freenet6.net
\n > \n length=\"48\">3ffe:0b80:05ad:0000:0000:0000:0000:0000\n > \n \n\n", 504) = 504 > > > First works well, the other one not !!! > > the version is exactly the same, here are md5sums from binaries and > diffs from config files: > > root@alter:~# md5sum `which tspc` > be326b0711123b96ccbd4bef9beda802 /usr/sbin/tspc > > root@camelot:~# md5sum `which tspc` > be326b0711123b96ccbd4bef9beda802 /usr/sbin/tspc > > root@alter:~# md5sum `locate linux.sh` > f40f92e207b087a06a5f670c398a1a4b /usr/lib/freenet6/template/linux.sh > > root@camelot:~# md5sum `locate linux.sh` > f40f92e207b087a06a5f670c398a1a4b /usr/lib/freenet6/template/linux.sh > > root@camelot:~# diff /etc/tspc.conf tspc.conf > 11c11 > < if_prefix=eth0 > --- >> if_prefix=eth1 > 13,14c13,14 > < userid=[snip] > < passwd=[snip] > --- >> userid=[snip] >> passwd=[snip] > > It seems to me a little "Magic, more magic !!" > > If someone's got an idea... I'm very very very interested :) > > Cheers, > -- > Helios de Creisquer > http://www.tuxfamily.org/ > http://www.vhffs.org/ +33 (0)6 70 71 20 29 > http://www.gnu.org/ > GPG(1024D/96EB1C44): FB11 8B80 4D86 D9C2 DE0C 11D7 2FA8 A5CC 96EB 1C44 > ------------------------------------------ Marc Blanchet Viagénie tel: +1-418-656-9254x225 ------------------------------------------ http://www.freenet6.net: IPv6 connectivity ------------------------------------------ http://www.normos.org: IETF(RFC,draft), IANA,W3C,... standards. ------------------------------------------ From hgwill@directvinternet.com Mon Dec 24 22:00:31 2001 From: hgwill@directvinternet.com (Henry Williams) Date: 24 Dec 2001 14:00:31 -0800 Subject: No subject Message-ID: <20011224220031.15514.cpmta@c007.snv.cp.net> I'm very, very new at this! Let me qualify that statement. I'm currently studying for my CCNA. I just finished the first year, and am quite comfortable with subnetting. Until I ran into IPv6. I have a 6Bone tunnel, that I would just like to experiment with, by setting it up for operation by some close friends here in San Antonio. I am willing to make it available to anyone in the IPv6 research group, anywhere! My major point is strictly this. How does a subnetted Hex IPv6 network number look? I'm lost somewhere in between trying to first convert the hex to binary, and trying to make it represent something I'm familar with. My machine is, 64.194.105.181, as far as the tunnel is concerned. But I'm beginning to see that a lot of this is just over my head, at this point. Hence, my plea for help! My 'equipment' is: a 'DirecTV' ADSL box, with a LinkSys Router behind it, and about 4 PC's connected. My next project, hopefully, is to become an ISP to my friends. But, that's a future thing. Anyway you can help, will be greatly appreciated. From fink@es.net Tue Dec 25 00:07:55 2001 From: fink@es.net (Bob Fink) Date: Mon, 24 Dec 2001 16:07:55 -0800 Subject: 6bone pTLA 3FFE:8300::/28 allocated to CNIT Message-ID: <5.1.0.14.0.20011224155712.029a2f18@imap2.es.net> CNIT has been allocated pTLA 3FFE:8300::/28 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to either bmanning@isi.edu or hostmaster@ep.net.] Thanks, Bob From hansolofalcon@worldnet.att.net Mon Dec 24 00:03:26 2001 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Sun, 23 Dec 2001 19:03:26 -0500 Subject: OT:Mail loop? Message-ID: <000001c18c0e$69e30140$2e9afea9@who> Hello from Gregg C Levine normally with Jedi Knight Computers I just received a message from the list server, that while welcome, was dated for Wednesday. Last week. Is there anyone else who has received just such a message? It was talking about the issues regarding Microsoft, and its efforts to enter IPv6. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) From wmaton@ryouko.dgim.crc.ca Sun Dec 30 23:26:23 2001 From: wmaton@ryouko.dgim.crc.ca (William F. Maton) Date: Sun, 30 Dec 2001 18:26:23 -0500 (EST) Subject: Yet another IPv6 newsfeed Message-ID: To anyone interested in getting IPv6 news server peering: I've now got a new newserver running IPv6, being feed by it's bigger brother. I have ca.*, fj.* and the Big 8 to offer. Prefer peering over CA*Net 3 and it's peered networks[*]. Please send email if you're interested.... wfms [*] http://nic.crc.ca/x-bin/c3routes.pl to check if your route is listed.