From mcr@sandelman.ottawa.on.ca Wed May 1 02:57:22 2002 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Tue, 30 Apr 2002 21:57:22 -0400 Subject: about IPv6 PPPoE In-Reply-To: Your message of "Tue, 30 Apr 2002 16:51:24 MDT." <20020430165124.A3979@lightbearer.com> Message-ID: <200205010157.g411vMB05802@marajade.sandelman.ottawa.on.ca> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "Joel" == Joel Baker writes: Joel> Bandwidth subscription rates typically go at *least* 20:1 for residential Joel> DSL; sometimes 30:1. This is not, actually, a problem for most situations, Joel> if combined with proper monitoring of the circuit and engineers who *bandwidth* subscription rates are not as bad or relevant. Being unable to terminate every layer-2 from every homeowner, who now, having address space, has his fridge, TV, home alarm system, etc. online *IS* a problem. You do not get any space for oversubscribing the local loop when you have things that are just online all the time. Remember that this is 6bone@isi.edu. A major thing about IPv6 is that it restores end-to-end. That means that I don't necessarily care how oversubscribed the uplink is - IF I AM PHONING MY NEIGHBOUR. This nonsense of underengineering the local loop is all about turning us into consumers, not users. Consumers can cope with web browsers, there is no demand for end-to-end connectivity. IPv4+NAT+web proxies is all a consumer needs to shop. Joel> The statistics in question were taken over the span of a month and a half, Joel> at 5 minute intervals, and processed extensively (some of it useful, much Joel> of it for making pretty graphs to prove to the people paying for upstream Joel> circuits that they couldn't safely try to multiplex 30:1 on the business Joel> T1s, even having hundreds of customers). And remember how the "Internet" as it first arrived on copper screwed the oversubscription policies of the telcos systems up completedly. Rural areas are still way badly underprovisioned now that people want to use modems more often. If you let it return, then forget about using IPv6 for anything other than web-bunnies. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPM9LgIqHRg3pndX9AQEJjQQAv+2jegdeP6t97idBy7E+SaUvVCJKeVNM wAZsPCmqrh/G33nhlLun/pflwNRB44Cm+ZZqb8nVsoe0hy4v7v6h6ASHzOm3F3kR 2C72WUN3p4tzS5jh0wYWkrgA7TrUZR1sAwY0XyQvRR0Ag2pR1L7eB1UqUXbv8bxW zWmM1Ia270U= =Fe15 -----END PGP SIGNATURE----- From lucifer@lightbearer.com Wed May 1 05:36:07 2002 From: lucifer@lightbearer.com (Joel Baker) Date: Tue, 30 Apr 2002 22:36:07 -0600 Subject: about IPv6 PPPoE In-Reply-To: <200205010157.g411vMB05802@marajade.sandelman.ottawa.on.ca>; from mcr@sandelman.ottawa.on.ca on Tue, Apr 30, 2002 at 09:57:22PM -0400 References: <20020430165124.A3979@lightbearer.com> <200205010157.g411vMB05802@marajade.sandelman.ottawa.on.ca> Message-ID: <20020430223607.A15143@lightbearer.com> On Tue, Apr 30, 2002 at 09:57:22PM -0400, Michael Richardson wrote: > > >>>>> "Joel" == Joel Baker writes: > Joel> Bandwidth subscription rates typically go at *least* 20:1 for > Joel> residential DSL; sometimes 30:1. This is not, actually, a problem > Joel> for most situations, Joel> if combined with proper monitoring of > Joel> the circuit and engineers who > > *bandwidth* subscription rates are not as bad or relevant. Indeed. Please note that I was not actually intending to enter into the fray about what is right or proper for PVC oversubs or similar such; only to provide information about where the number he quoted may have come from. The rest of the points made are salient, but elided, since I only wanted to clarify the relevant of the point I was origionally making - IE, that 20:1 isn't necessarily unreasonable *if* it's bandwidth, rather than PVC, oversub. The notion of oversubscribing PVC structures causes the engineer in me to cry out in despair at the amount of things it utterly screws up. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://users.lightbearer.com/lucifer/ From bo@bbyrd.net Wed May 1 06:55:41 2002 From: bo@bbyrd.net (Bo Byrd) Date: Wed, 1 May 2002 01:55:41 -0400 Subject: about IPv6 PPPoE In-Reply-To: <20020430165124.A3979@lightbearer.com> Message-ID: <000601c1f0d4$d68c81b0$0202a8c0@biz.mindspring.com> OK I see what you're saying I have in operation a system with 10,000 active ADSL subs(1.5mbps each). This system has a GIG-E interface. 10000 users X 1.5mbps = 15Gbps. So this is the same as 15:1 Consider this.....my traffic on this GIGE interface has NEVER gone above 200mbps. Never...not once. So say I had put 2 load balanced FastE interfaces on my system instead of a single GIGE interface.. Then that would equate to a 75:1 ratio, and my users wouldn't be able to tell the difference. -Bo -----Original Message----- From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of Joel Baker Sent: Tuesday, April 30, 2002 6:51 PM To: 6bone@ISI.EDU Subject: Re: about IPv6 PPPoE On Tue, Apr 30, 2002 at 08:24:16AM -0400, Bo Byrd wrote: > 20:1 seems very extreme. From what I've seen a subscriber management > system can terminate around 32000 PVC's and can support 8000 active > PVC's, that's 4:1. Of course for the best interests of the customers > you cant normally run it like that, for best performance you usually > see around 3:1 in datacenters with multiple SMS devices. Surely 20:1 > is in reference to some other set of figures. Bandwidth subscription rates typically go at *least* 20:1 for residential DSL; sometimes 30:1. This is not, actually, a problem for most situations, if combined with proper monitoring of the circuit and engineers who grok how statistical multiplexing works and when you shouldn't be using it. (FWIW: observed traffic showed about a 10:1 ration of capacity:traffic on a device terminating business T1 customers, at least 2-3 of which were running their lines full-bore 24x7; the business DSL folks ended up being something between 15:1 and 20:1, and all of those customers pay lots of money to never have a bottleneck inside the providers network; that's *not* what residential customers pay for, and so they aren't guaranteed it, and sometimes end up 30:1, or even 40:1 in one rumored instance). The statistics in question were taken over the span of a month and a half, at 5 minute intervals, and processed extensively (some of it useful, much of it for making pretty graphs to prove to the people paying for upstream circuits that they couldn't safely try to multiplex 30:1 on the business T1s, even having hundreds of customers). -- ************************************************************************ *** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://users.lightbearer.com/lucifer/ From ck@arch.bellsouth.net Wed May 1 13:55:50 2002 From: ck@arch.bellsouth.net (Christian Kuhtz) Date: Wed, 1 May 2002 08:55:50 -0400 Subject: about IPv6 PPPoE In-Reply-To: <200205010157.g411vMB05802@marajade.sandelman.ottawa.on.ca>; from Michael Richardson on Tue, Apr 30, 2002 at 09:57:22PM -0400 References: <20020430165124.A3979@lightbearer.com> <200205010157.g411vMB05802@marajade.sandelman.ottawa.on.ca> Message-ID: <20020501085550.A19101@ns1.arch.bellsouth.net> On Tue, Apr 30, 2002 at 09:57:22PM -0400, Michael Richardson wrote: [..] > Remember that this is 6bone@isi.edu. A major thing about IPv6 is that it > restores end-to-end. That means that I don't necessarily care how > oversubscribed the uplink is - IF I AM PHONING MY NEIGHBOUR. > > This nonsense of underengineering the local loop is all about turning us > into consumers, not users. Consumers can cope with web browsers, there is no > demand for end-to-end connectivity. > IPv4+NAT+web proxies is all a consumer needs to shop. *sigh* none of this has to do anything with technology, much less with ipv6. it's simply the result of capacity planning and marketeering. from a techology standpoint anything's possible. less oversubscription means increased cost to the customer. if the customer's willing to pay for it and there is enough demand to make it worthwhile spinning up yet-another-dsl-product to meet the demand. it's very simple to do it. in fact, different grades of business dsl already exist from us, and i believe different grades of consumer dsl are in the works or already deployed (i don't always keep up with the launch of every gazillionth dsl product, sorry ;). can we kill this hopeless thread now please? ;) From fink@es.net Wed May 1 16:50:48 2002 From: fink@es.net (Bob Fink) Date: Wed, 01 May 2002 08:50:48 -0700 Subject: 6bone pTLA 3FFE:4006::/32 allocated to DOLPHINS-CH Message-ID: <5.1.0.14.0.20020501084740.02791898@imap2.es.net> DOLPHINS-CH has been allocated pTLA 3FFE:4006::/32 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] Thanks, Bob From fink@es.net Wed May 1 16:52:10 2002 From: fink@es.net (Bob Fink) Date: Wed, 01 May 2002 08:52:10 -0700 Subject: 6bone pTLA 3FFE:4007::/32 allocated to NL-CONCEPTS6 Message-ID: <5.1.0.14.0.20020501084931.027bd578@imap2.es.net> NL-CONCEPTS6 has been allocated pTLA 3FFE:4007::/32 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] Thanks, Bob From cdel@firsthand.net Wed May 1 17:16:25 2002 From: cdel@firsthand.net (Christian de Larrinaga) Date: Wed, 1 May 2002 17:16:25 +0100 Subject: about IPv6 PPPoE In-Reply-To: <000601c1f0d4$d68c81b0$0202a8c0@biz.mindspring.com> Message-ID: Bo BT are now imposing bandwidth contention for business 500kbits service of 50:1 so with your figures this should not effect e2e app's. At least until they all start simulcasting streaming video to each other! Christian > -----Original Message----- > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU]On Behalf Of Bo > Byrd > Sent: Wednesday, May 01, 2002 06:56 > To: 'Joel Baker'; 6bone@ISI.EDU; users@ipv6.org > Subject: RE: about IPv6 PPPoE > > > OK I see what you're saying > > I have in operation a system with 10,000 active ADSL subs(1.5mbps each). > This system has a GIG-E interface. > 10000 users X 1.5mbps = 15Gbps. So this is the same as 15:1 > Consider this.....my traffic on this GIGE interface has NEVER gone above > 200mbps. Never...not once. So say I had put 2 load balanced FastE > interfaces on my system instead of a single GIGE interface.. Then that > would equate to a 75:1 ratio, and my users wouldn't be able to tell the > difference. > > > -Bo From pim@ipng.nl Wed May 1 21:52:42 2002 From: pim@ipng.nl (Pim van Pelt) Date: Wed, 1 May 2002 22:52:42 +0200 Subject: Internet2 Land Speed Record award for IPv6 In-Reply-To: <5.1.0.14.0.20020430075736.02757c20@imap2.es.net> References: <5.1.0.14.0.20020430075736.02757c20@imap2.es.net> Message-ID: <20020501205242.GA14056@bfib.colo.bit.nl> I spoke to NIKHEF (the NL physics and nuclear research institution) and they plan to do OC48 from NL to Alaska via Chicago. Looks like that IPv6 'record' will be beaten with both hands and the left foot tied to their backs, the right being for the accelerator on GEANT and SURFnet. For IPv6 even ;-) I'm very curious as to the outcome of their speed-tests. groet, Pim On Tue, Apr 30, 2002 at 08:14:27AM -0700, Bob Fink wrote: | 6bone Folk, | | I am passing along a request I think our community should be interested in: | participating in the Internet 2's Land Speed Record project for IPv6, which | you can read about at: | | | | These folk have created a category for IPv6 (so you don't have to compete | against IPv4 for speed) but have had no entrants to date. This is fertile | ground to prove what IPv6 can do. | | (Note that, contrary to the web site statement, there is currently no | financial reward, just a very nice engraved plaque, a press release, and a | formal presentation at an Internet 2 member meeting). | | The record is set similar to other international awards projects, requiring | a 10% improvement over a previous record to decide when a new record has | been set. I have been told that the closing date requirement for applicants | has been removed (contrary to the web site writeup). | | Please take a look and see if we can start setting IPv6 speed records. Who | knows, as this develops we may be able to compete with IPv4 speed records, | which currently is: | | >A team from the University of Washington, the Information Sciences | >Institute of the University of Southern California, Qwest and Microsoft | >set a new standard for Internet performance by transferring 8.4 GB worth | >of data from Redmond, Washington to Arlington, Virginia (5,626 Km) in 81 | >seconds at a rate of over 830 megabits per second. They won both the | >single stream and multistream classes of the I2-LSR competition. | | Maybe we should have an additional category for tunneled networks as well. | Please contact if you want to know more. | | | Thanks, | | Bob -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From yjchui@cht.com.tw Thu May 2 09:26:27 2002 From: yjchui@cht.com.tw (yjchu) Date: Thu, 2 May 2002 16:26:27 +0800 Subject: about IPv6 PPPoE References: <27746.1019709133@itojun.org> <002501c1ec38$5d04bd80$034b2780@6115> Message-ID: <009e01c1f1b3$0e5a1830$8d59900a@chttl.com.tw> Hi: I am curious about what you have tried. Can you tell me where can I download PPPoE software to try the dial up? Do you really try PPPoE or just PPP (not PPPoE) over p2p link? I am confusing .........As I know, PPPoE must perform ARP and thus, there is a field to carry IPv4 address in PPPoE protocol. Why does PPPoE(v4) not need to be modified to support IPv6 ? IPv6 uses neighbor discovery to find MAC <--> IPv6 address map. The protocol is over IP, not like ARP(v4). Is that the reason why PPPoE need not to be modified for IPv6 ? Thanks Yann-Ju CHu ----- Original Message ----- From: "Jørgen Hovland" To: "yjchu" ; Cc: <6bone@ISI.EDU> Sent: Thursday, April 25, 2002 5:05 PM Subject: Re: about IPv6 PPPoE > Are you sure about that? We are using PPPoE with ipv6 and its working fine (IPCP6 or something). > > Joergen Hovland > > ----- Original Message ----- > From: > To: "yjchu" > Cc: <6bone@ISI.EDU> > Sent: Thursday, April 25, 2002 6:32 AM > Subject: Re: about IPv6 PPPoE > > > > >Hi: > > > At present, there is no specification for PPPoE (IPv6). However, = > > >What we will do in the future if we want to dial to IPv6 network through = > > >ADSL? Or, we will use fixed rather than dial-up connection in the future = > > >IPv6 ADSL access? > > > fixed, permanent connectivity with static address is preferred than > > dialups, however: > > - there are cases where dialup is really necessary - like travelling > > notebooks. > > - there are needs for automating customer device configuration. > > > > so, a protocol for assigning prefix to customer would be nice. > > the topic is under discussion at IETF ipngwg. > > > > you may want to check the following: > > overview: > > draft-itojun-ipv6-dialup-requirement-02.txt > > protocol proposals: > > draft-troan-dhcpv6-opt-prefix-delegation-00.txt > > (there are other proposals exist) > > IETF ipngwg minutes for last meeting (www.ietf.org) > > > > itojun > > > From wizard@italiansky.com Thu May 2 12:43:45 2002 From: wizard@italiansky.com (Matteo Tescione) Date: Thu, 2 May 2002 13:43:45 +0200 Subject: route expiration Message-ID: <008801c1f1ce$9e17c740$8cf51150@local.comv6.com> This is a multi-part message in MIME format. ------=_NextPart_000_0085_01C1F1DF.614FB820 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi to all,=20 sometimes in my router i see a route entry via tunnelx and tunnely while = tunnelx doesn't exist anymore, so this route doesn't work. Is there any = suggestion to prevent this problem? Thanks in advance, Matteo Tescione Ipv6 Dept. COMV6 - Italy ------=_NextPart_000_0085_01C1F1DF.614FB820 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi to all,
sometimes in my router i see a route = entry via=20 tunnelx and tunnely while tunnelx doesn't exist anymore, so this route = doesn't=20 work. Is there any suggestion to prevent this problem?
Thanks in advance,
 
Matteo Tescione
Ipv6 Dept.
COMV6 = -=20 Italy
------=_NextPart_000_0085_01C1F1DF.614FB820-- From bjorn@mork.no Thu May 2 12:59:09 2002 From: bjorn@mork.no (=?iso-8859-1?q?Bj=F8rn?= Mork) Date: Thu, 02 May 2002 13:59:09 +0200 Subject: about IPv6 PPPoE In-Reply-To: <009e01c1f1b3$0e5a1830$8d59900a@chttl.com.tw> ("yjchu"'s message of "Thu, 2 May 2002 16:26:27 +0800") References: <27746.1019709133@itojun.org> <002501c1ec38$5d04bd80$034b2780@6115> <009e01c1f1b3$0e5a1830$8d59900a@chttl.com.tw> Message-ID: "yjchu" writes: > I am curious about what you have tried. Can you tell me where > can I download PPPoE software to try the dial up? Do you really try PPPoE or > just PPP (not PPPoE) over p2p link? E.g. http://www.roaringpenguin.com/pppoe/ > I am confusing .........As I know, PPPoE must perform ARP No, it must not. It defines it's own discovery protocol. > and thus, there is > a field to carry IPv4 address in PPPoE protocol. No, there is not. The PPPoE header consists of the fields VER TYPE CODE SESSION_ID LENGTH See RFC 2516 for further details. > Why does PPPoE(v4) not > need to be modified to support IPv6 ? Because PPPoE is just that: Support for PPP over ethernet. It will support anything that PPP supports with one exception: There is no support for framentation, so the PPP frames (including the 6 bytes used for the PPPoE header) must fit within an ethernet frame. I don't think that is a problem for IPv6. > IPv6 uses neighbor discovery to find > MAC <--> IPv6 address map. The protocol is over IP, not like ARP(v4). Is > that the reason why PPPoE need not to be modified for IPv6 ? If there is PPP support for IPv6 then there is PPPoE support for IPv6. The same goes for PPPoA support BTW. Bjørn From Francis.Dupont@enst-bretagne.fr Thu May 2 13:04:51 2002 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Thu, 02 May 2002 14:04:51 +0200 Subject: about IPv6 PPPoE In-Reply-To: Your message of Thu, 02 May 2002 16:26:27 +0800. <009e01c1f1b3$0e5a1830$8d59900a@chttl.com.tw> Message-ID: <200205021204.g42C4pT07719@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: I am curious about what you have tried. Can you tell me where can I download PPPoE software to try the dial up? Do you really try PPPoE or just PPP (not PPPoE) over p2p link? => user mode PPP with ng_pppoe (netgraph PPPoE node) on FreeBSD 4.5 + KAME snapshot. I am confusing .........As I know, PPPoE must perform ARP and thus, there is a field to carry IPv4 address in PPPoE protocol. Why does PPPoE(v4) not need to be modified to support IPv6 ? => because the IPv6 dependent part is in the higher part of PPP and works for PPP over synchronous line, asynchronous line, ISDN, UDP, TCP, Ethernet (aka PPPoE), etc, as any NCP (network control protocol). Regards Francis.Dupont@enst-bretagne.fr From bo@bbyrd.net Thu May 2 13:13:07 2002 From: bo@bbyrd.net (Bo Byrd) Date: Thu, 2 May 2002 08:13:07 -0400 Subject: about IPv6 PPPoE In-Reply-To: <009e01c1f1b3$0e5a1830$8d59900a@chttl.com.tw> Message-ID: <000001c1f1d2$bb184280$0202a8c0@biz.mindspring.com> No, PPPoE doesn't ARP. There is no layer3 field in the packet. How it works is that a client will send out a PPPoE PADI packet which is a broadcast. (PADI is PPPoE Active Discovery Initiation) A PPPoE server (Access Concentrator) will see this broadcast and send a PADO - PPPoE active Discovery Offer packet to the MAC address requesting the PADI. The session then continues on. That’s how the 2 ends discover mac addresses. If you sniff a PPPoE session with Ethereal you can see exactly what I'm talking about. You can actually have many PPPoE servers on the same network segment, that are differentiated by their AccessConcentrator-Name. You can manually place the name of a specific AccessConcentrator in the PADI packet if you know the particular name of the one you want to connect to, and your PPPoE client software supports you doing this. This is never required and rarely do you see more than 1 AccessConcentrator per lan segment anyways. I'd say PPPoE would not need to be modified to work with IPv6 by my understanding of how PPPoE works but I could be wrong. -Bo -----Original Message----- From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of yjchu Sent: Thursday, May 02, 2002 4:26 AM To: Jørgen Hovland; 6bone@ISI.EDU Subject: Re: about IPv6 PPPoE Hi: I am curious about what you have tried. Can you tell me where can I download PPPoE software to try the dial up? Do you really try PPPoE or just PPP (not PPPoE) over p2p link? I am confusing .........As I know, PPPoE must perform ARP and thus, there is a field to carry IPv4 address in PPPoE protocol. Why does PPPoE(v4) not need to be modified to support IPv6 ? IPv6 uses neighbor discovery to find MAC <--> IPv6 address map. The protocol is over IP, not like ARP(v4). Is that the reason why PPPoE need not to be modified for IPv6 ? Thanks Yann-Ju CHu ----- Original Message ----- From: "Jørgen Hovland" To: "yjchu" ; Cc: <6bone@ISI.EDU> Sent: Thursday, April 25, 2002 5:05 PM Subject: Re: about IPv6 PPPoE > Are you sure about that? We are using PPPoE with ipv6 and its working fine (IPCP6 or something). > > Joergen Hovland > > ----- Original Message ----- > From: > To: "yjchu" > Cc: <6bone@ISI.EDU> > Sent: Thursday, April 25, 2002 6:32 AM > Subject: Re: about IPv6 PPPoE > > > > >Hi: > > > At present, there is no specification for PPPoE (IPv6). > > >However, = What we will do in the future if we want to dial to IPv6 > > >network through = > > >ADSL? Or, we will use fixed rather than dial-up connection in the future = > > >IPv6 ADSL access? > > > fixed, permanent connectivity with static address is preferred than > > dialups, however: > > - there are cases where dialup is really necessary - like travelling > > notebooks. > > - there are needs for automating customer device configuration. > > > > so, a protocol for assigning prefix to customer would be nice. the > > topic is under discussion at IETF ipngwg. > > > > you may want to check the following: > > overview: > > draft-itojun-ipv6-dialup-requirement-02.txt > > protocol proposals: draft-troan-dhcpv6-opt-prefix-delegation-00.txt > > (there are other proposals exist) > > IETF ipngwg minutes for last meeting (www.ietf.org) > > > > itojun > > > From jorgen@hovland.cx Thu May 2 13:55:30 2002 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Thu, 2 May 2002 14:55:30 +0200 Subject: about IPv6 PPPoE References: <27746.1019709133@itojun.org><002501c1ec38$5d04bd80$034b2780@6115><009e01c1f1b3$0e5a1830$8d59900a@chttl.com.tw> Message-ID: <003801c1f1d8$a3b14be0$0200000a@hera> If your pppd doesnt support ipv6, you need to edit the proper Makefile for your system in ppp-2.x.x/pppd/ (Makefile.linux for example, HAVE_INET6=y) pppd can be found at www.samba.org/ppp Bsd works fine too. About windows: I only tried raspppoe with windows 2000, and it doesnt support ipv6. Does anybody know if its possible with windows / any software around? -j > > Why does PPPoE(v4) not > > need to be modified to support IPv6 ? > > Because PPPoE is just that: Support for PPP over ethernet. It will > support anything that PPP supports with one exception: There is no > support for framentation, so the PPP frames (including the 6 bytes > used for the PPPoE header) must fit within an ethernet frame. I don't > think that is a problem for IPv6. From pim@ipng.nl Thu May 2 15:35:10 2002 From: pim@ipng.nl (Pim van Pelt) Date: Thu, 2 May 2002 16:35:10 +0200 Subject: route expiration In-Reply-To: <008801c1f1ce$9e17c740$8cf51150@local.comv6.com> References: <008801c1f1ce$9e17c740$8cf51150@local.comv6.com> Message-ID: <20020502143510.GA26414@bfib.colo.bit.nl> On Thu, May 02, 2002 at 01:43:45PM +0200, Matteo Tescione wrote: | Hi to all, | sometimes in my router i see a route entry via tunnelx and tunnely while tunnelx doesn't exist anymore, so this route doesn't work. Is there any suggestion to prevent this problem? | Thanks in advance, Matteo, perhaps you can first tell us which platform you are using. I think that if you delete a tunnel, that your box (whichever OS it is running) should simply disassociate the routes over this tunnel. If it does, not, you should open a ticket with your hardware vendor. I don't think that the BSDs and Linux exhibit this behavior, so I am assuming you are running IOS. You should upgrade to 12.2-T train then, at least. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From wizard@italiansky.com Thu May 2 15:40:19 2002 From: wizard@italiansky.com (Matteo Tescione) Date: Thu, 2 May 2002 16:40:19 +0200 Subject: route expiration References: <008801c1f1ce$9e17c740$8cf51150@local.comv6.com> <20020502143510.GA26414@bfib.colo.bit.nl> Message-ID: <001501c1f1e7$489de010$8cf51150@local.comv6.com> PIm, thanks for your quicly answer, i'm using Cisco IOS 12.1 on my tunnel broker service, sometimes when a tunnel is deleted and a new tunnel is created with the same ipv6 i see on my routing table somethin' like: IPv6 Routing Table - 412 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP Timers: Uptime/Expires C 3FFE:2C02::A023:EB14/127 [0/0] via ::, Tunnel188, 2d19h/never via ::, Tunnel219, 1d03h/never But tunnel188 doesn't exist anymore, it was the old tunnel before the user recreate another one. Any suggestion? Matteo Tescione Ipv6 Dept. COMV6 - Italy ----- Original Message ----- From: "Pim van Pelt" To: "Matteo Tescione" Cc: <6bone@ISI.EDU> Sent: Thursday, May 02, 2002 4:35 PM Subject: Re: route expiration > On Thu, May 02, 2002 at 01:43:45PM +0200, Matteo Tescione wrote: > | Hi to all, > | sometimes in my router i see a route entry via tunnelx and tunnely while tunnelx doesn't exist anymore, so this route doesn't work. Is there any suggestion to prevent this problem? > | Thanks in advance, > > Matteo, > > perhaps you can first tell us which platform you are using. I think that > if you delete a tunnel, that your box (whichever OS it is running) > should simply disassociate the routes over this tunnel. If it does, > not, you should open a ticket with your hardware vendor. > > I don't think that the BSDs and Linux exhibit this behavior, so I am > assuming you are running IOS. You should upgrade to 12.2-T train then, > at least. > > groet, > Pim > > -- > ---------- - - - - -+- - - - - ---------- > Pim van Pelt Email: pim@ipng.nl > http://www.ipng.nl/ IPv6 Deployment > ----------------------------------------------- From jorgen@hovland.cx Thu May 2 15:43:07 2002 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Thu, 2 May 2002 16:43:07 +0200 Subject: about IPv6 PPPoE References: <000001c1f1d2$bb184280$0202a8c0@biz.mindspring.com> Message-ID: <006b01c1f1e7$ac7e1cd0$0200000a@hera> >You can actually have many PPPoE > servers on the same network segment, that are differentiated by their > AccessConcentrator-Name. And as long as the session-numbers in use are unique. ----- Original Message ----- From: "Bo Byrd" To: <6bone@ISI.EDU> Cc: Sent: Thursday, May 02, 2002 2:13 PM Subject: RE: about IPv6 PPPoE > No, PPPoE doesn't ARP. There is no layer3 field in the packet. How it > works is that a client will send out a PPPoE PADI packet which is a > broadcast. (PADI is PPPoE Active Discovery Initiation) A PPPoE server > (Access Concentrator) will see this broadcast and send a PADO - PPPoE > active Discovery Offer packet to the MAC address requesting the PADI. > The session then continues on. That's how the 2 ends discover mac > addresses. If you sniff a PPPoE session with Ethereal you can see > exactly what I'm talking about. You can actually have many PPPoE > servers on the same network segment, that are differentiated by their > AccessConcentrator-Name. You can manually place the name of a specific > AccessConcentrator in the PADI packet if you know the particular name of > the one you want to connect to, and your PPPoE client software supports > you doing this. This is never required and rarely do you see more than > 1 AccessConcentrator per lan segment anyways. > > I'd say PPPoE would not need to be modified to work with IPv6 by my > understanding of how PPPoE works but I could be wrong. > > > -Bo > > > > -----Original Message----- > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of > yjchu > Sent: Thursday, May 02, 2002 4:26 AM > To: Jørgen Hovland; 6bone@ISI.EDU > Subject: Re: about IPv6 PPPoE > > > > Hi: > I am curious about what you have tried. Can you tell me > where can I download PPPoE software to try the dial up? Do you really > try PPPoE or just PPP (not PPPoE) over p2p link? > > I am confusing .........As I know, PPPoE must perform ARP and thus, > there is a field to carry IPv4 address in PPPoE protocol. Why does > PPPoE(v4) not need to be modified to support IPv6 ? IPv6 uses neighbor > discovery to find MAC <--> IPv6 address map. The protocol is over IP, > not like ARP(v4). Is that the reason why PPPoE need not to be modified > for IPv6 ? > > Thanks > Yann-Ju CHu > > ----- Original Message ----- > From: "Jørgen Hovland" > To: "yjchu" ; > Cc: <6bone@ISI.EDU> > Sent: Thursday, April 25, 2002 5:05 PM > Subject: Re: about IPv6 PPPoE > > > > Are you sure about that? We are using PPPoE with ipv6 and its working > fine (IPCP6 or something). > > > > Joergen Hovland > > > > ----- Original Message ----- > > From: > > To: "yjchu" > > Cc: <6bone@ISI.EDU> > > Sent: Thursday, April 25, 2002 6:32 AM > > Subject: Re: about IPv6 PPPoE > > > > > > > >Hi: > > > > At present, there is no specification for PPPoE (IPv6). > > > >However, = What we will do in the future if we want to dial to IPv6 > > > > >network > through = > > > >ADSL? Or, we will use fixed rather than dial-up connection in the > future = > > > >IPv6 ADSL access? > > > > > fixed, permanent connectivity with static address is preferred than > > > dialups, however: > > > - there are cases where dialup is really necessary - like travelling > > > notebooks. > > > - there are needs for automating customer device configuration. > > > > > > so, a protocol for assigning prefix to customer would be nice. the > > > topic is under discussion at IETF ipngwg. > > > > > > you may want to check the following: > > > overview: > > > draft-itojun-ipv6-dialup-requirement-02.txt > > > protocol proposals: draft-troan-dhcpv6-opt-prefix-delegation-00.txt > > > (there are other proposals exist) > > > IETF ipngwg minutes for last meeting (www.ietf.org) > > > > > > itojun > > > > > > > > > From pim@ipng.nl Thu May 2 15:52:01 2002 From: pim@ipng.nl (Pim van Pelt) Date: Thu, 2 May 2002 16:52:01 +0200 Subject: route expiration In-Reply-To: <001501c1f1e7$489de010$8cf51150@local.comv6.com> References: <008801c1f1ce$9e17c740$8cf51150@local.comv6.com> <20020502143510.GA26414@bfib.colo.bit.nl> <001501c1f1e7$489de010$8cf51150@local.comv6.com> Message-ID: <20020502145201.GA26570@bfib.colo.bit.nl> | C 3FFE:2C02::A023:EB14/127 [0/0] | via ::, Tunnel188, 2d19h/never | via ::, Tunnel219, 1d03h/never | | But tunnel188 doesn't exist anymore, it was the old tunnel before the user | recreate another one. I have seen this on 12.0 also. Please try to get your hands on 12.2(8) and run the newest version of that OS. I do not know about bugtracking in IOS, but I do know that a *LOT* of stuff was fixed regarding IPv6. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From pekkas@netcore.fi Thu May 2 19:30:57 2002 From: pekkas@netcore.fi (Pekka Savola) Date: Thu, 2 May 2002 21:30:57 +0300 (EEST) Subject: route expiration In-Reply-To: <20020502145201.GA26570@bfib.colo.bit.nl> Message-ID: On Thu, 2 May 2002, Pim van Pelt wrote: > | C 3FFE:2C02::A023:EB14/127 [0/0] > | via ::, Tunnel188, 2d19h/never > | via ::, Tunnel219, 1d03h/never > | > | But tunnel188 doesn't exist anymore, it was the old tunnel before the user > | recreate another one. > > I have seen this on 12.0 also. Please try to get your hands on 12.2(8) > and run the newest version of that OS. I do not know about bugtracking > in IOS, but I do know that a *LOT* of stuff was fixed regarding IPv6. We noticed a related IOS bug in 12.2(4)T. If you deleted the interface before removing static routes through it, the routes could not be deleted. The only way to fix it was to reload a router. This was partially fixed in 12.2(8)T. Now the wrong static routes only stick to the configuration listing, and are only forgotten on a reload. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From tapas.das@teleweb.net.in Fri May 3 13:07:14 2002 From: tapas.das@teleweb.net.in (Tapas Das) Date: Fri, 3 May 2002 17:37:14 +0530 Subject: 6bone pTLA 3FFE:4006::/32 allocated to DOLPHINS-CH In-Reply-To: <5.1.0.14.0.20020501084740.02791898@imap2.es.net> Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C1F2C9.29AC23A0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear all, I have got a IPV6 address from Freenet6. I can also ping to few of the IPV6 address, but when I goto www.kame.net i don't see the dancing turtle also at the end of the page it says "you are using IPv4",can somebody explain me why is this happening. Also I would like to know how do I install a IPV6 DNS server(On linux) at my place. I am trying to get a pool of IPV6 address from 6Bone, I have created the "Person" object but not able to create "mntner" object I get this error Objects without errors have been processed. New FAILED: [mntner] MNT-6BONE Thanx In advance Tapas Das. ------=_NextPart_000_0006_01C1F2C9.29AC23A0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Dear all,

I have got a IPV6 address from = Freenet6. I can=20 also ping to few of the IPV6 address, but when I goto www.kame.net i = don't see=20 the dancing turtle also at the end of the page it says "you are using = IPv4",can=20 somebody explain me why is this happening.

Also I would like to = know how=20 do I install a IPV6 DNS server(On linux) at my place. I am trying to get = a pool=20 of IPV6 address from 6Bone, I have created the "Person" object but not = able to=20 create "mntner" object I get this error

Objects without errors = have been=20 processed.

New FAILED: [mntner] MNT-6BONE

Thanx In=20 advance
Tapas Das.

------=_NextPart_000_0006_01C1F2C9.29AC23A0-- From dnewman@maraudingpirates.org Fri May 3 14:39:22 2002 From: dnewman@maraudingpirates.org (David F. Newman) Date: Fri, 3 May 2002 09:39:22 -0400 Subject: Internal Address Space Message-ID: <200205030939.22293.dnewman@maraudingpirates.org> Hi there, In the old IPv4 days sites would use private address space inside a firewall for either address conservation or just plain old security through obscurity. Now that a site can get a /48 to do with as they please is it necessary to use private IP space anymore. I am wondering if people out there use public routable IPs on both sides of their firewall. I figure if a node is behind a firewall it is ok to have a valid IP, but I could be wrong. -Dave From daniel@prisec.net Fri May 3 14:57:57 2002 From: daniel@prisec.net (Daniel Hirche) Date: Fri, 03 May 2002 15:57:57 +0200 Subject: 6bone pTLA 3FFE:4006::/32 allocated to DOLPHINS-CH In-Reply-To: References: Message-ID: <26563306.1020441477@[172.16.2.2]> Tapas, --On Friday, May 03, 2002 5:37 PM +0530 Tapas Das wrote: > I have got a IPV6 address from Freenet6. I can also ping to few of the > IPV6 address, but when I goto www.kame.net i don't see the dancing turtle > also at the end of the page it says "you are using IPv4",can somebody > explain me why is this happening. Maybe you don't use a ipv6 enabled browser? Try with Mozilla on Linux/BSD or IE6 when using Windows XP/2k with ipv6 support. > Also I would like to know how do I install a IPV6 DNS server(On linux) at > my place. I am trying to get a pool of IPV6 address from 6Bone, I have > created the "Person" object but not able to create "mntner" object I get > this error If you're using Viagenie/Freenet6 address space, read http://www.freenet6.net/reverse-dns.shtml > > Objects without errors have been processed. > > New FAILED: [mntner] MNT-6BONE Well. MNT-6BONE does already exist. Create a non existing one ;) (whois -h whois.6bone.net MNT-yourchoise to check if exist or not) wkr, --Daniel From nicolas.deffayet-extml@ndsoftwaregroup.com Fri May 3 16:32:44 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Fri, 3 May 2002 17:32:44 +0200 Subject: unknow subject In-Reply-To: Message-ID: <004e01c1f2b7$c57264f0$0103010a@lnet.fr.ndsoftwaregroup.com> 1/ Don't send HTML 2/ Don't reply directly to a message for create a new one (that keep subject and message ID) 3/ Use a correct subject 4/ No need use big character Resend your message by respecting this rules to the list, and i will reply. -----Original Message----- From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of Tapas Das Sent: Friday, May 03, 2002 2:07 PM To: Bob Fink; 6BONE List Cc: Matthias Cramer; 6bone reverse DNS registration Subject: RE: 6bone pTLA 3FFE:4006::/32 allocated to DOLPHINS-CH Dear all, I have got a IPV6 address from Freenet6. I can also ping to few of the IPV6 address, but when I goto www.kame.net i don't see the dancing turtle also at the end of the page it says "you are using IPv4",can somebody explain me why is this happening. Also I would like to know how do I install a IPV6 DNS server(On linux) at my place. I am trying to get a pool of IPV6 address from 6Bone, I have created the "Person" object but not able to create "mntner" object I get this error Objects without errors have been processed. New FAILED: [mntner] MNT-6BONE Thanx In advance Tapas Das. From fink@es.net Fri May 3 16:36:07 2002 From: fink@es.net (Bob Fink) Date: Fri, 03 May 2002 08:36:07 -0700 Subject: 6bone pTLA 3FFE:4008::/32 allocated to SSVL Message-ID: <5.1.0.14.0.20020503083131.00b43cb0@imap2.es.net> SSVL has been allocated pTLA 3FFE:4008::/32 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] Thanks, Bob From david@IPRG.nokia.com Fri May 3 16:52:31 2002 From: david@IPRG.nokia.com (David Kessens) Date: Fri, 3 May 2002 08:52:31 -0700 Subject: Internal Address Space In-Reply-To: <200205030939.22293.dnewman@maraudingpirates.org>; from dnewman@maraudingpirates.org on Fri, May 03, 2002 at 09:39:22AM -0400 References: <200205030939.22293.dnewman@maraudingpirates.org> Message-ID: <20020503085231.A972@iprg.nokia.com> David, On Fri, May 03, 2002 at 09:39:22AM -0400, David F. Newman wrote: > > In the old IPv4 days sites would use private address space inside a firewall > for either address conservation or just plain old security through obscurity. Are you saying that 64-bits/number of hosts on one LAN doesn't give you a nice amount of obscurity if you want to try to guess IP addressess within a particular /48 ?!? :-) > Now that a site can get a /48 to do with as they please is it > necessary to use private IP space anymore. It has never been necessary or required to use private space for anything. That doesn't mean that there are cases where private address come handy, for example for home-users who are often a victim of 'a little faster than ISDN speed' Internet providers who seem to think that customers want PPPoE and charge obscene amounts of money for getting a few IP addresses. > I am wondering if people out there use public routable IPs on both > sides of their firewall. Of course, people are doing that. People do that with ipv4 all the time too. v6 doesn't really change anything here except that it is quite a bit harder to guess somebodies v6 address since there are just many more to guess... David K. --- From chill@west.rr.com Fri May 3 20:34:22 2002 From: chill@west.rr.com (Charles Hill) Date: Fri, 03 May 2002 14:34:22 -0500 Subject: Internal Address Space References: <200205030939.22293.dnewman@maraudingpirates.org> <20020503085231.A972@iprg.nokia.com> Message-ID: <3CD2E63E.58A7C498@west.rr.com> This is a multi-part message in MIME format. --------------757BE8F9A428C377C8B63101 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I agree. If you insist on using "private" IPv6 address space that doesn't route on the internet, why not just use 2002::10.x.x.x to avoid any conflicts? -CH David Kessens wrote: > > David, > > On Fri, May 03, 2002 at 09:39:22AM -0400, David F. Newman wrote: > > > > In the old IPv4 days sites would use private address space inside a firewall > > for either address conservation or just plain old security through obscurity. > > Are you saying that 64-bits/number of hosts on one LAN doesn't give > you a nice amount of obscurity if you want to try to guess IP > addressess within a particular /48 ?!? :-) > > > Now that a site can get a /48 to do with as they please is it > > necessary to use private IP space anymore. > > It has never been necessary or required to use private space for > anything. That doesn't mean that there are cases where private address > come handy, for example for home-users who are often a victim of 'a > little faster than ISDN speed' Internet providers who seem to think > that customers want PPPoE and charge obscene amounts of money for > getting a few IP addresses. > > > I am wondering if people out there use public routable IPs on both > > sides of their firewall. > > Of course, people are doing that. People do that with ipv4 all the > time too. v6 doesn't really change anything here except that it is > quite a bit harder to guess somebodies v6 address since there are just > many more to guess... > > David K. > --- -- Regards, Charles Hill Sr. Network Engineer Time Warner - Broadband Network Services Kansas City Regional Data Center chill@west.rr.com -- "One who trades his privacy to government in exchange for security will end up with neither." -Benjamin Franklin "It has been said, too, that our governments, both federal and particular, want energy; that it is difficult to restrain both individuals and States from committing wrong. This is true, and it is an inconvenience." -Thomas Jefferson --------------757BE8F9A428C377C8B63101 Content-Type: text/x-vcard; charset=us-ascii; name="chill.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Charles Hill Content-Disposition: attachment; filename="chill.vcf" begin:vcard n:Hill;Charles tel;pager:888-716-8908 tel;cell:816-674-3816 tel;fax:816-358-7069 tel;work:816-358-5898 x113 x-mozilla-html:FALSE org:Road Runner;Regional Operations adr:;;6601 Winchester Ave Ste 220;Kansas City;MO;64133;USA version:2.1 email;internet:chill@west.rr.com title:Network Engineer fn:Charles Hill end:vcard --------------757BE8F9A428C377C8B63101-- From dnewman@maraudingpirates.org Fri May 3 21:14:10 2002 From: dnewman@maraudingpirates.org (David F. Newman) Date: Fri, 3 May 2002 16:14:10 -0400 Subject: Internal Address Space In-Reply-To: <3CD2E63E.58A7C498@west.rr.com> References: <200205030939.22293.dnewman@maraudingpirates.org> <20020503085231.A972@iprg.nokia.com> <3CD2E63E.58A7C498@west.rr.com> Message-ID: <200205031614.10792.dnewman@maraudingpirates.org> On Friday 03 May 2002 03:34 pm, Charles Hill wrote: > I agree. If you insist on using "private" IPv6 address space that > doesn't route on the internet, why not just use 2002::10.x.x.x to avoid > any conflicts? -CH > Well, I'm not insisting on anything. I was just wondering what others are doing. Actually it has always seemed logical to me to use public address behind a firewall. It was the networking group at my company that informed me that private space is used behind firewalls just as a matter of course. My own ISP gives me one address and so I use a private address space inside my firewall. I was thinking that if my firewall tunnels to 6bone then my inside machines could have private IPv4 addresses and public IPv6 addresses. -Dave From pekkas@netcore.fi Sat May 4 07:10:41 2002 From: pekkas@netcore.fi (Pekka Savola) Date: Sat, 4 May 2002 09:10:41 +0300 (EEST) Subject: Internal Address Space In-Reply-To: <200205030939.22293.dnewman@maraudingpirates.org> Message-ID: On Fri, 3 May 2002, David F. Newman wrote: > Hi there, > In the old IPv4 days sites would use private address space inside a firewall > for either address conservation or just plain old security through obscurity. > > Now that a site can get a /48 to do with as they please is it necessary to use > private IP space anymore. I am wondering if people out there use public > routable IPs on both sides of their firewall. I figure if a node is behind a > firewall it is ok to have a valid IP, but I could be wrong. You could always use site-local addresses from under fec0::/10 there. If you're configuring e.g. PR:EF:IX:ABCD::/64 on a link, you could also systematically configure FEC0:0:0:ABCD::/64 on the link. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From pim@ipng.nl Sat May 4 09:27:20 2002 From: pim@ipng.nl (Pim van Pelt) Date: Sat, 4 May 2002 10:27:20 +0200 Subject: Internal Address Space In-Reply-To: <3CD2E63E.58A7C498@west.rr.com> References: <200205030939.22293.dnewman@maraudingpirates.org> <20020503085231.A972@iprg.nokia.com> <3CD2E63E.58A7C498@west.rr.com> Message-ID: <20020504082719.GA12319@bfib.colo.bit.nl> On Fri, May 03, 2002 at 02:34:22PM -0500, Charles Hill wrote: | I agree. If you insist on using "private" IPv6 address space that | doesn't route on the internet, why not just use 2002::10.x.x.x to avoid | any conflicts? -CH Charles, Because 2002::/16 has not been devised for this. It is for the process for 6to4 transition, and that kind of implies a globally routable IPv4 address. You are making a fatal misconception that your 2002:10.x.x.x::/48 space is not routable on the Internet, because it is. Also 2002::10.x.x.x (assuming that was really what you meant and not just a typo) is routable, because lots of people announce 6to4 relays which implies their AS announcing 2002::/16 (and they should not be announcing any more specific in this /16 either). I will personally come and kick anyones ass that uses 2002:$rfc1918::/48 space on the 6to4 relays. This is because if some packet arrives at my (or another) 6to4 relay, it will decapsulate the packet and try to send it to $rfc1918 space in the IPv4 world. This causes two things: o unnessecary load on the 6bone and production IPv6 network o unnessecary load on my 6to4 relay for processing this crap I have seen one DDoS on my own 6to4 relay (becasue there were 'bad users' relaying through it) that was a bunch of traffic coming from all sides of the 6bone (v6 connectivity side) and outbound for this nonexisting space (both rfc1918 and unallocated space). To wrap it up, let me state the obvious. If you want 'private' space, please use the scope that was designed for this: sitelocal (fec0::/10) groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From kre@munnari.OZ.AU Sat May 4 11:24:07 2002 From: kre@munnari.OZ.AU (Robert Elz) Date: Sat, 04 May 2002 20:24:07 +1000 Subject: Internal Address Space In-Reply-To: <200205031614.10792.dnewman@maraudingpirates.org> References: <200205031614.10792.dnewman@maraudingpirates.org> <200205030939.22293.dnewman@maraudingpirates.org> <20020503085231.A972@iprg.nokia.com> <3CD2E63E.58A7C498@west.rr.com> Message-ID: <29948.1020507847@mundamutti.cs.mu.OZ.AU> Date: Fri, 3 May 2002 16:14:10 -0400 From: "David F. Newman" Message-ID: <200205031614.10792.dnewman@maraudingpirates.org> | Actually it has always seemed logical to me to use public address | behind a firewall. It is. After all, private address space is a comparatively recent addition, before that everyone used public address space (either legitimately obtained, or "borrowed"). | It was the networking group at my company that informed | me that private space is used behind firewalls just as a matter of course. For IPv4 these days it is - because the addresses are scarce, and using them to number things that cannot be reached from outside is just wasteful. It used not to be that way, and for IPv6, never needs to be that way. | My own ISP gives me one address and so I use a private address space | inside my firewall. Same thing, they're just only allocating the minimum that they can get away with, so they have addresses to allocate to others (and besides, it means that they can charge you more, for nothing really, if you want more public addresses). | I was thinking that if my firewall tunnels to 6bone | then my inside machines could have private IPv4 addresses and public | IPv6 addresses. Yes, that is not at all uncommon. kre From tapas.das@teleweb.net.in Sat May 4 11:58:54 2002 From: tapas.das@teleweb.net.in (Tapas Das) Date: Sat, 4 May 2002 16:28:54 +0530 Subject: Got one IPV6 address from Freenet6 but not working. In-Reply-To: <004e01c1f2b7$c57264f0$0103010a@lnet.fr.ndsoftwaregroup.com> Message-ID: Dear all, I have got a IPV6 address from Freenet6. I can also ping to few of the IPV6 address, but when I goto www.kame.net i don't see the dancing turtle also at the end of the page it says "you are using IPv4",can somebody explain me why is this happening. Also I would like to know how do I install a IPV6 DNS server(On linux) at my place. I am trying to get a pool of IPV6 address from 6Bone, I have created the "Person" object but not able to create "mntner" object I get this error Objects without errors have been processed. New FAILED: [mntner] MNT-6BONE Thanx In advance Tapas Das. From nicolas.deffayet-extml@ndsoftwaregroup.com Sat May 4 14:13:57 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Sat, 4 May 2002 15:13:57 +0200 Subject: Got one IPV6 address from Freenet6 but not working. In-Reply-To: Message-ID: <000201c1f36d$8d492350$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On > Behalf Of Tapas Das > Sent: Saturday, May 04, 2002 12:59 PM > To: '6BONE List' > Subject: Got one IPV6 address from Freenet6 but not working. > Dear Tapas Das, > I have got a IPV6 address from Freenet6. I can also ping to > few of the IPV6 address, but when I goto www.kame.net i don't > see the dancing turtle also at the end of the page it says > "you are using IPv4",can somebody explain me why is this happening. What's web browser do you use ? Have you try with Mozilla ? Have you try to access to a IPv6 only site (http://www.ipv6.cnit.it for exemple) ? > > Also I would like to know how do I install a IPV6 DNS > server(On linux) at my place. Install BIND9 and: use AAAA record for forward use PTR record for reverse DNS server work same in IPv4 and IPv6. For more informations: http://www.isi.edu/~bmanning/v6DNS.html > I am trying to get a pool of > IPV6 address from 6Bone, I have created the "Person" object > but not able to create "mntner" object I get this error > Objects without errors have been processed. > > New FAILED: [mntner] MNT-6BONE What's error message do you have after this ? object exist ? (i think yes because MNT-6BONE exist) The mntner objects must free for register like domains... > > Thanx In advance > Tapas Das. You are welcome. Best Regards, Nicolas DEFFAYET From paitken@cisco.com Sat May 4 15:39:47 2002 From: paitken@cisco.com (Paul Aitken) Date: Sat, 04 May 2002 15:39:47 +0100 Subject: Got one IPV6 address from Freenet6 but not working. References: Message-ID: <3CD3F2B3.2000107@cisco.com> Tapas, > I have got a IPV6 address from Freenet6. I can also ping to few of the > IPV6 address, but when I goto www.kame.net i don't see the dancing > turtle also at the end of the page it says "you are using IPv4",can > somebody explain me why is this happening. Most likely your DNS is resolving www.kame.net into an IPv4 address. Use a browser that supports IPv6 and a DNS server that supports AAAA records. Cheers. -- Paul Aitken IPv6 Development, Cisco Systems Ltd, Edinburgh, Scotland. EH6 6LX From cyouse@geekbean.com Sat May 4 23:57:41 2002 From: cyouse@geekbean.com (Chuck Youse) Date: Sat, 4 May 2002 18:57:41 -0400 (EDT) Subject: Internal Address Space In-Reply-To: <29948.1020507847@mundamutti.cs.mu.OZ.AU> Message-ID: <20020504185606.M4872-100000@wind.geekbean.com> On Sat, 4 May 2002, Robert Elz wrote: > | I was thinking that if my firewall tunnels to 6bone > | then my inside machines could have private IPv4 addresses and public > | IPv6 addresses. > > Yes, that is not at all uncommon. Just be wary of the interesting security 'features' this kind of set up has. Be sure to filter the IPv6 traffic at the edge. C. From rocheml@httrack.com Mon May 6 06:30:43 2002 From: rocheml@httrack.com (Xavier Roche) Date: Mon, 06 May 2002 07:30:43 +0200 Subject: Router neighbor advertisement problems between linux/windows Message-ID: <5.1.0.14.0.20020506073035.03bd1908@pop.pro.proxad.net> Hi, I have weird routing/router advert. problems using an ipv6 stack on both linux and windows: the linux and windows does not seem to "see" each others very well on ipv6. Here is how they are configured: Windows 2000 (test workstation) 3ffe:b80:9e2:1:201:2ff:fefa:903d fe80::201:2ff:fefa:903d || \/ Linux (test router) 3ffe:b80:9e2:1::1 fe80::250:daff:fe0d:d0a3 || \/ Outside world: IPv6-in-IPv4 tunnel (freenet6) - I can ping/connect from the Linux router any v6/v4 addresses outside and vice-versa - I can ping/connect from the Linux router any v4 internal addresses but NOT ipv6 internal addresses, except **sometimes** (!). Generally I got "Destination unreachable" errors: # ping6 3ffe:b80:9e2:1:201:2ff:fefa:903d PING 3ffe:b80:9e2:1:201:2ff:fefa:903d(3ffe:b80:9e2:1:201:2ff:fefa:903d) from 3ffe:b80:9e2:1::1 : 56 data bytes >From ::1 icmp_seq=1 Destination unreachable: Address unreachableFrom ::1 - I can ping/connect from the Windows any v4 external addresses, NOT v6 addresses except the local link ::1 and the machine address 3ffe:b80:9e2:1:201:2ff:fefa:903d itself, except sometimes, too (!) - for example I can *sometimes* ping the windows machine from the outside world, IF I also ping FROM the *Linux* machine to the outside world (!!): PING 3ffe:b80:9e2:1:201:2ff:fefa:903d(3ffe:b80:9e2:1:201:2ff:fefa:903d) from 3ffe:80b0:100:1:250:4ff:fe37:5976 : 56 data bytes 64 bytes from 3ffe:b80:9e2:1:201:2ff:fefa:903d: icmp_seq=1 hops=60 time=3.289 sec 64 bytes from 3ffe:b80:9e2:1:201:2ff:fefa:903d: icmp_seq=2 hops=60 time=2.599 sec .. And I get strange network traffic between the two machines ; these three icmpv6 packets are being sent each seconds: 23:07:21.651872 fe80::250:daff:fe0d:d0a3 > ff02::1:fffa:903d: icmp6: neighbor sol: who has 3ffe:b80:9e2:1:201:2ff:fefa:903d 23:07:21.651885 fe80::250:daff:fe0d:d0a3 > ff02::1:ff0d:d0a3: icmp6: neighbor sol: who has fe80::250:daff:fe0d:d0a3 23:07:21.652015 3ffe:b80:9e2:1:201:2ff:fefa:903d > fe80::250:daff:fe0d:d0a3: icmp6: neighbor adv: tgt is 3ffe:b80:9e2:1:201:2ff:fefa:903d With the associated log entry on the linux box: May 5 22:54:25 linux kernel: icmpv6_send: no reply to icmp error It seems that the linux box is endlessly asking "where are fe80::250:daff:fe0d:d0a3 and fe80::250:daff:fe0d:d0a3?" (the two windows addresses) and the windows seem to reply.. but this does'nt work at all. The linux routine tables seem okay: # ip -6 route 3ffe:b80:9e2:1::/64 dev eth0 proto kernel metric 256 mtu 1500 3ffe:b80:9e2::/48 dev eth0 metric 1 mtu 1500 2000::/3 dev sit1 metric 1 mtu 1472 fe80::/10 dev eth0 proto kernel metric 256 mtu 1500 fe80::/10 via :: dev sit1 proto kernel metric 256 mtu 1472 ff00::/8 dev eth0 proto kernel metric 256 mtu 1500 ff00::/8 dev sit1 proto kernel metric 256 mtu 1472 default dev sit1 metric 1 mtu 1472 unreachable default dev lo metric -1 error -101 And I also have v4+v6 routing activated, and a radvd demon running. No v6 firewalling problems, too (I even tried for a moment to disable the firewall - not better). To summarize, I have no idea of where can be the problem.. did I miss something on the router advert protocol? From sekiya@sfc.wide.ad.jp Mon May 6 19:14:36 2002 From: sekiya@sfc.wide.ad.jp (Yuji Sekiya) Date: Tue, 07 May 2002 03:14:36 +0900 Subject: Router neighbor advertisement problems between linux/windows In-Reply-To: <5.1.0.14.0.20020506073035.03bd1908@pop.pro.proxad.net> References: <5.1.0.14.0.20020506073035.03bd1908@pop.pro.proxad.net> Message-ID: At Mon, 06 May 2002 07:30:43 +0200, Xavier Roche wrote: > - I can ping/connect from the Linux router any v6/v4 addresses outside and vice-versa > - I can ping/connect from the Linux router any v4 internal addresses but NOT ipv6 internal addresses, except **sometimes** (!). Generally I got "Destination unreachable" errors: Please try USAGI Linux kernel with CONFIG_IPV6_EN_DFLT option because the original Linux kernel ignores IPv6 default route when it acts as IPv6 router. You can get USAGI kernel from http://www.linux-ipv6.org/ Regards, -- Yuji Sekiya From rocheml@httrack.com Mon May 6 21:47:46 2002 From: rocheml@httrack.com (Xavier Roche) Date: Mon, 06 May 2002 22:47:46 +0200 Subject: Router neighbor advertisement problems between linux/windows In-Reply-To: References: <5.1.0.14.0.20020506073035.03bd1908@pop.pro.proxad.net> <5.1.0.14.0.20020506073035.03bd1908@pop.pro.proxad.net> Message-ID: <5.1.0.14.0.20020506224232.03bd4140@www> >>except **sometimes** (!). Generally I got "Destination unreachable" errors: >>Please try USAGI Linux kernel with CONFIG_IPV6_EN_DFLT option because >>the original Linux kernel ignores IPv6 default route when it acts as >>IPv6 router. >>You can get USAGI kernel from http://www.linux-ipv6.org/ Thanks, I'll try it - I found a temporary fix by shutting down all routes, addresses and interfaces, and bringing them up again, this seem to be related to the loopback virtual interface (?) [using 2.4.19-pre6] From root@TheSocket.remoteserver.org Tue May 7 08:03:04 2002 From: root@TheSocket.remoteserver.org (Charlie ROOT) Date: Tue, 7 May 2002 07:03:04 +0000 (GMT) Subject: remove Message-ID: From bjargmun@simi.is Tue May 7 14:01:04 2002 From: bjargmun@simi.is (bjargmun@simi.is) Date: Tue, 7 May 2002 13:01:04 +0000 Subject: remove Message-ID: _______________________________________________________________________ Þessi tölvupóstur og viðhengi hans gætu innihaldið trúnaðarupplýsingar eingöngu ætlaðar þeim sem hann er stílaður á. Efni tölvupóstsins og viðhengi er á ábyrgð sendanda ef það tengist ekki starfsemi Símans. Sjá nánar: http://www.siminn.is/control/index?pid=6164 This e-mail and it's attachments may contain confidential and privileged information only intended for the person or entity to which it is addressed. Further information: http://www.siminn.is/control/index?pid=6772 _______________________________________________________________________ From fink@es.net Tue May 7 17:43:43 2002 From: fink@es.net (Bob Fink) Date: Tue, 07 May 2002 09:43:43 -0700 Subject: pTLA request VERAT - review closes 21 May 2002 Message-ID: <5.1.0.14.0.20020507093556.02867940@imap2.es.net> 6bone Folk, VERAT has requested a pTLA allocation and I find their request fully compliant with RFC2772. The open review period for this will close 21 May 2002. Please send your comments to me or the list. Thanks, Bob === >Date: Tue, 7 May 2002 17:14:01 +0200 (CEST) >From: Milos Prodanovic >To: >cc: >Subject: pTLA request > >To whom it may concern > > > >I would like to request a pTLA on behalf of the VERAT (Verat.net) . > > > VERAT.net : > >(RFC 2772 7.1) - is present on 6BONE more than 6 months, >(RFC 2772 7.1a) - have maintained, up to date, 6Bone Registry for all > objects. >(RFC 2772 7.1b) - have BGP4+ peering with most of connection point to > the 6BONE. (BERKOM,FASTNETXP,HURRICANE,LAVANET,SSVL > and CYBERNET) >(RFC 2772 7.1c) - Fully maintained DNS forward (AAAA) and reverse > (ip6.int) at ns1.ng.verat.net, ns2.ng.verat.net and > ns1.v6.verat.net, ns2.v6.verat.net . >(RFC 2772 7.1d) - have IPv6 and IPv4 pingable and accessible web server > (http://lab.verat.net) with unique and interesting > services (Jaspvi). >(RFC 2772 7.2) - already provides reliable 6BONE services, and has the > ability and intent to provide 6Bone services. For more > information please look at 'Monitoring' on > http://lab.verat.net, and wide range of 6pinger web > applications on the 6BONE. >(RFC 2772 7.2a) - three registered persons in ipv6-site object > (MB5-6BONE, NM4-6BONE [NM303-RIPE], MP10-6BONE > [MP6868-RIPE]) >(RFC 2772 7.4b) - common mailbox (mailto:ipv6-support@verat.net) >(RFC 2772 7.3) - * is major ISP in Serbia (Yugoslavia), with good > connectivity with west > * have regional importance for Balkan Peninsula that > includes Bulgaria, Romania and ex-Yugoslav countries > (Slovenia,Croatia,Bosnia and Macedonia), > * have peering with with all major ISP in Yugoslavia, > and Academic Network of Belgrade University. >(RFC 2772 7.4) - commits to abide by the current 6Bone operational rules > and policies as they exist at time of its application, and > agree to abide by future 6Bone backbone operational rules > and policies. > > >For more information about Verat, feel free to look at attachment, >http://lab.verat.net, or http://www.viagenie.qc.ca/cgi-bin/whois.pl?VERAT . > >If you have any questions regarding our application, please do not >hesitate to send an email to ipv6-support@verat.net. > > > >Kind Regards > > >in the name of Verat.net > >Milos Prodanovic >(MP10-6BONE,MP6868-RIPE) > From aaron@lo-res.org Wed May 8 00:24:49 2002 From: aaron@lo-res.org (aaron) Date: Wed, 8 May 2002 01:24:49 +0200 Subject: priority question Message-ID: <200205080124.49970.aaron@lo-res.org> Hi! short question: whats the current status of the priority field in the IPv6 header? is it already effectively used (=consered as routing decision on KAME based routers)? any experience? Thanks, aaron. From itojun@iijlab.net Wed May 8 02:41:06 2002 From: itojun@iijlab.net (itojun@iijlab.net) Date: Wed, 08 May 2002 10:41:06 +0900 Subject: priority question In-Reply-To: aaron's message of Wed, 08 May 2002 01:24:49 +0200. <200205080124.49970.aaron@lo-res.org> Message-ID: <22432.1020822066@itojun.org> >short question: whats the current status of the priority field in the IPv6 >header? is it already effectively used (=consered as routing decision on KAME >based routers)? do you mean traffic class field by "priority field"? at this moment KAME does not really use the field, except: - tunnel code honors ECN (explicit congestion notification) bits as stated in RFC3168 section 9 - ALTQ can classify traffic based on traffic class field, and uses ECN bits - there's an API to modify the field from userland (see 2292bis i-d) - TCP code supports ECN bits the first two items are integrated in *BSD (not sure if FreeBSD has ALTQ integrated yet), the rest is in KAME patch release only. itojun From xavier@sudre.fr Wed May 8 04:26:54 2002 From: xavier@sudre.fr (Xavier Sudre) Date: Wed, 8 May 2002 05:26:54 +0200 Subject: Linux QOS ipv4 affects kernel using zebra for ipv6 Message-ID: <20020508032654.GA3395@xavier.sudre> Hi everybody, I sent 3 days to find the trouble I had with dynamic routing tool zebra and I have isolate a problem into the netfilter code of the kernel or the iptables tool. In faact I have QOS on my linux box running Debian with 2.4.18 usagi kernel. The QOS is applied to ipv4 stack using iproute tool routing with the help of packet marquing. To mark packets I use iptables and the mangle table like this: iptables -t mangle -A OUTPUT -m length --length 0:500 -j MARK --set-mark 3 iptables -t mangle -A OUTPUT -m length --length 500:1500 -j MARK --set-mark 4 I use tc tool to create cues and filter packet marked by iptables. I have isolated this two lines of iptables marking process and they are doing a very starnge stuff on my dynamic routing process in ipv6. I use zebra bgp facilities for ipv6 and using it it does not redistribute routes to the kernel when marking process is used. In this case I have the following error message from the kernel: kernel: route_me_harder: ip_route_output_key(dst=213.91.4.3, src=80.65.229.50, oif=7, tos=0x0, fwmark=0x0) error -19 I searched for a solution and switched form kernel 2.4.18 to 2.4.18 usagi, and I have also tried the 2.4.19-pre8 kernel but I get always the same eror message. I am using the latest iptables 1.2.6a, and there is no bug known on their web-site for that problem. Do you have any solution or any experience with this problem ? I really hope that you would be able to help me because QOS is a big part of my ipv4 routing and I dont want to slow down in ipv6 because of ipv4... Thanks, -- Xavier Sudre URL: EMAIL: From xavier@sudre.fr Thu May 9 22:58:53 2002 From: xavier@sudre.fr (Xavier Sudre) Date: Thu, 9 May 2002 23:58:53 +0200 Subject: Linux QOS ipv4 affects kernel using zebra for ipv6 In-Reply-To: <20020508032654.GA3395@xavier.sudre> References: <20020508032654.GA3395@xavier.sudre> Message-ID: <20020509215852.GA388@xavier.sudre> So do I have to suppose nobody had this poblem before ? On Wed, May 08, 2002 at 05:26:54AM +0200, Xavier Sudre wrote: > Hi everybody, > > I sent 3 days to find the trouble I had with dynamic routing tool zebra > and I have isolate a problem into the netfilter code of the kernel or > the iptables tool. > > In faact I have QOS on my linux box running Debian with 2.4.18 usagi > kernel. The QOS is applied to ipv4 stack using iproute tool routing with > the help of packet marquing. > To mark packets I use iptables and the mangle table like this: > > iptables -t mangle -A OUTPUT -m length --length 0:500 -j MARK --set-mark > 3 > > iptables -t mangle -A OUTPUT -m length --length 500:1500 -j MARK > --set-mark 4 > > I use tc tool to create cues and filter packet marked by iptables. > > I have isolated this two lines of iptables marking process and they are > doing a very starnge stuff on my dynamic routing process in ipv6. > I use zebra bgp facilities for ipv6 and using it it does not > redistribute routes to the kernel when marking process is used. > In this case I have the following error message from the kernel: > > kernel: route_me_harder: ip_route_output_key(dst=213.91.4.3, src=80.65.229.50, > oif=7, tos=0x0, fwmark=0x0) error -19 > > I searched for a solution and switched form kernel 2.4.18 to 2.4.18 usagi, and > I have also tried the 2.4.19-pre8 kernel but I get always the same eror > message. > > I am using the latest iptables 1.2.6a, and there is no bug known on > their web-site for that problem. > > Do you have any solution or any experience with this problem ? > > I really hope that you would be able to help me because QOS is a big part > of my ipv4 routing and I dont want to slow down in ipv6 because of > ipv4... > > Thanks, > -- > Xavier Sudre > URL: > EMAIL: > -- Xavier Sudre URL: EMAIL: From smith.r.mark@wcom.com.au Fri May 10 01:39:25 2002 From: smith.r.mark@wcom.com.au (Smith, Mark - Sydney) Date: Fri, 10 May 2002 08:39:25 +0800 Subject: Linux QOS ipv4 affects kernel using zebra for ipv6 Message-ID: Well, I haven't had the specific problem you having, but I have been having trouble with zebra on a 2.4.18 kernel, on a debian 2.2 box. Specifically, I can't get zebra to recognise and advertise new IPv6 prefixes via ripng when I bring up a new interface. Initially I thought it was because I didn't compile in netlink support, but after doing that, the zebra daemon does recognise when I bring up / down the interface externally, assign a prefix via "ip addr add" etc, but ripng just won't advertise it out the other Ripng enabled interfaces, when I add that interface to the "router ripng" config section. Strangely enough, this only seems to happen after the machine is booted. I have boot scripts on the box that bring up the interfaces, assign prefixes, and then run zebra / ripng, it all works fine (I'm initially running zebra with an ethernet (facing a ripng running cisco router) and a tap interface, with http://openvpn.sf.net sitting behind it, running a virtual ethernet tunnel to my home over a dial up link.). I do have all of netfilter compiled in, with all the options / plug ins enabled, but I haven't actually done any netfilter config yet. Could be a netfilter code / zebra / ripng conflict as you suggest. Hope this helps a bit, Mark. > -----Original Message----- > From: Xavier Sudre [mailto:xavier@sudre.fr] > Sent: Friday, 10 May 2002 7:59 > To: Xavier Sudre > Cc: 6bone@ISI.EDU > Subject: Re: Linux QOS ipv4 affects kernel using zebra for ipv6 > > > > So do I have to suppose nobody had this poblem before ? > > On Wed, May 08, 2002 at 05:26:54AM +0200, Xavier Sudre wrote: > > Hi everybody, > > > > I sent 3 days to find the trouble I had with dynamic > routing tool zebra > > and I have isolate a problem into the netfilter code of the > kernel or > > the iptables tool. > > > > In faact I have QOS on my linux box running Debian with 2.4.18 usagi > > kernel. The QOS is applied to ipv4 stack using iproute tool > routing with > > the help of packet marquing. > > To mark packets I use iptables and the mangle table like this: > > > > iptables -t mangle -A OUTPUT -m length --length 0:500 -j > MARK --set-mark > > 3 > > > > iptables -t mangle -A OUTPUT -m length --length 500:1500 -j MARK > > --set-mark 4 > > > > I use tc tool to create cues and filter packet marked by iptables. > > > > I have isolated this two lines of iptables marking process > and they are > > doing a very starnge stuff on my dynamic routing process in ipv6. > > I use zebra bgp facilities for ipv6 and using it it does not > > redistribute routes to the kernel when marking process is used. > > In this case I have the following error message from the kernel: > > > > kernel: route_me_harder: > ip_route_output_key(dst=213.91.4.3, src=80.65.229.50, > > oif=7, tos=0x0, fwmark=0x0) error -19 > > > > I searched for a solution and switched form kernel 2.4.18 > to 2.4.18 usagi, and > > I have also tried the 2.4.19-pre8 kernel but I get always > the same eror > > message. > > > > I am using the latest iptables 1.2.6a, and there is no bug known on > > their web-site for that problem. > > > > Do you have any solution or any experience with this problem ? > > > > I really hope that you would be able to help me because QOS > is a big part > > of my ipv4 routing and I dont want to slow down in ipv6 because of > > ipv4... > > > > Thanks, > > -- > > Xavier Sudre > > URL: > > EMAIL: > > > > -- > Xavier Sudre > URL: > EMAIL: > From tapas.das@teleweb.net.in Fri May 10 05:09:19 2002 From: tapas.das@teleweb.net.in (Tapas Das) Date: Fri, 10 May 2002 09:39:19 +0530 Subject: Getting IPV6 address from 6BONE In-Reply-To: <5.1.0.14.0.20020501084931.027bd578@imap2.es.net> Message-ID: Dear All, I have created a Person Object & Mntner , whats next how do i get IPV6 address from 6BONE. I already hav IP-Address from Freenet 6. Thanks In advance Regards Tapas Das. From fink@es.net Fri May 10 07:21:46 2002 From: fink@es.net (Bob Fink) Date: Thu, 09 May 2002 23:21:46 -0700 Subject: pTLA request SATEC - review closes 23 May 2002 Message-ID: <5.1.0.14.0.20020509231404.01ec3a40@imap2.es.net> 6bone Folk, SATEC has requested a pTLA allocation and I find their request fully compliant with RFC2772. The open review period for this will close 23 May 2002. Please send your comments to me or the list. Thanks, Bob === >Date: Wed, 08 May 2002 20:15:33 +0200 >Reply-To: enric@satec.es >From: enric@satec.es (Enric Corominas) >To: fink@es.net >Cc: ipv6@satec.es >Subject: pTLA Request for SATEC (AS16091), revised version > >Hello 6Bone folks, > > >Here we present our application for a 6Bone pTLA. > >SATEC S.A. (www.satec.es) is currently connected to the 6Bone over a >tunnel to the CERN. > >"IVI-net" is the internal name of our IPv6 deployment project, referenced >throughout the 6Bone registry objects. > >Please find enclosed the details of the application. Perhaps there is too >much information, but we prefer being explicit so that we may save you the >need of requesting us further information. > >Thanks, > >Enric Corominas. > > > >==================================================================== > > a 1. The pTLA Applicant must have a minimum of three (3) months > qualifying experience as a 6Bone end-site or pNLA transit. During > the entire qualifying period the Applicant must be operational, -ly- > providing the following: > > a. Fully maintained, up to date, 6Bone Registry entries for their > ipv6-site inet6num, mntner, and person objects, including each > tunnel that the Applicant has. > >==================================================================== >These are the entries in the 6Bone registry database for the >3FFE:8120:FFFB::/48 prefix. > > >% RIPEdb(3.0.0b2) with ISI RPSL extensions > >mntner: MNT-IVI >descr: Manteiner group IVINET >admin-c: JA5-6BONE >admin-c: JCM1-6BONE >tech-c: JCM1-6BONE >tech-c: JA5-6BONE >upd-to: jalba@satec.es >mnt-nfy: jalba@satec.es >mnt-nfy: jcm@satec.es >auth: CRYPT-PW * >mnt-by: MNT-IVI >changed: jalba@satec.es 20020131 >source: 6BONE > > > > > >% RIPEdb(3.0.0b2) with ISI RPSL extensions > >ipv6-site: SATEC >origin: AS16091 >descr: SATEC, S.A. > Avda. Europa, 34 A > 28023 Aravaca (Madrid) >country: ES >prefix: 3FFE:8120:FFFB::/48 >application: ping socket.gstartnet.com >tunnel: IPv6 in IPv4 socket.gstartnet.com -> cern-atm7.cern.ch CERN >BGP4+ >contact: SR9-6BONE >mnt-by: MNT-IVI >changed: jcm@satec.es 20020131 >changed: jcm@satec.es 20020202 >source: 6BONE > >inet6num: 3FFE:8120:FFFB::/48 >netname: IVINET >descr: SATEC, S.A. >country: ES >admin-c: JCM1-6BONE >tech-c: SR9-6BONE >remarks: IVINET, pilot project for transition ADSL access to ipv6 >notify: ipv6@satec.es >mnt-by: MNT-IVI >changed: jcm@satec.es 20020202 >source: 6BONE > >role: SATEC Registry >address: SATEC, S.A. >address: Avda. Europa, 34 A >address: E-28023 Aravaca (Madrid) >address: GS9-6BONE >address: RN2-6BONE >e-mail: ipv6@satec.es >admin-c: JCM1-6BONE >tech-c: JA5-6BONE >tech-c: JA6-6BONE >tech-c: SS11-6BONE >tech-c: SPD1-6BONE >tech-c: EC4-6BONE >tech-c: JMB1-6BONE >nic-hdl: SR9-6BONE >mnt-by: MNT-IVI >changed: jcm@satec.es 20020131 >source: 6BONE > >person: Juan Carlos Moreno >address: SATEC S.A. >address: Avda. Europa 34 >address: 28023 (Aravaca) Madrid >address: Madrid >phone: +34 1 7089000 >fax-no: +34 1 7089090 >e-mail: jcm@satec.es >nic-hdl: JCM1-6BONE >url: http://www.satec.es >notify: jcm@satec.es >mnt-by: MNT-IVI >changed: jalba@satec.es 20020125 >source: 6BONE > >person: Julio Alba >address: SATEC S.A. >address: Avda. Europa 34 >address: 28023 (Aravaca) Madrid >phone: +34 1 7089000 >fax-no: +34 1 7089090 >e-mail: jalba@satec.es >nic-hdl: JA5-6BONE >url: http://www.satec.es >notify: jalba@satec.es >mnt-by: MNT-IVI >changed: julio.alba@satec.es 20020125 >source: 6BONE > >person: Joan Adroer >address: Sistemas Avanzados de Tecnología (SATEC) >address: Alcalde Barnils, 64, A 1 (Edificio TESTA Sant Cugat) >address: 08190 Sant Cugat del Vallès Barcelona - SPAIN >phone: +34 935 816 700 >fax-no: +34 935 816 701 >e-mail: joan@satec.es >nic-hdl: JA6-6BONE >url: http://www.satec.es >notify: jalba@satec.es >notify: joan@satec.es >mnt-by: MNT-IVI >changed: jalba@satec.es 20020129 >source: 6BONE > >person: Sergi Seira >address: Sistemas Avanzados de Tecnología (SATEC) >address: Alcalde Barnils, 64, A 1 (Edificio TESTA Sant Cugat) >address: 08190 Sant Cugat del Vallès Barcelona - SPAIN >phone: +34 935 816 700 >fax-no: +34 935 816 701 >e-mail: sergi@satec.es >nic-hdl: SS11-6BONE >url: http://www.satec.es >notify: jalba@satec.es >notify: sergi@satec.es >mnt-by: MNT-IVI >changed: jalba@satec.es 20020129 >source: 6BONE > >person: Simon Peter Dyer >address: Sistemas Avanzados de Tecnología (SATEC) >address: Alcalde Barnils, 64, A 1 (Edificio TESTA Sant Cugat) >address: 08190 Sant Cugat del Vallès Barcelona - SPAIN >address: http://www.satec.es >phone: +34 935 816 700 >fax-no: +34 935 816 701 >e-mail: simon@satec.es >nic-hdl: SPD1-6BONE >notify: simon@satec.es >notify: jalba@satec.es >mnt-by: MNT-IVI >changed: jalba@satec.es 20020130 >source: 6BONE > >person: Enric Corominas >address: Sistemas Avanzados de Tecnología (SATEC) >address: Alcalde Barnils, 64, A 1 (Edificio TESTA Sant Cugat) >address: 08190 Sant Cugat del Vallès Barcelona - SPAIN >phone: +34 935 816 700 >fax-no: +34 935 816 701 >e-mail: enric@satec.es >nic-hdl: EC4-6BONE >url: http://www.satec.es >notify: jalba@satec.es >notify: enric@satec.es >mnt-by: MNT-IVI >changed: jalba@satec.es 20020129 >source: 6BONE > >person: Juan Miguel Bocanegra >address: Sistemas Avanzados de Tecnología (SATEC) >address: Alcalde Barnils, 64, A 1 (Edificio TESTA Sant Cugat) >address: 08190 Sant Cugat del Vallès Barcelona - SPAIN >phone: +34 935 816 700 >fax-no: +34 935 816 701 >e-mail: juanmi@satec.es >nic-hdl: JMB1-6BONE >url: http://www.satec.es >notify: jalba@satec.es >notify: juanmi@satec.es >mnt-by: MNT-IVI >changed: jalba@satec.es 20020129 >source: 6BONE > >==================================================================== > > > > > b. Fully maintained, and reliable, BGP4+ peering and connectivity > between the Applicant's boundary router and the appropriate > connection point into the 6Bone. This router must be IPv6 > pingable. This criteria is judged by members of the 6Bone > Operations Group at the time of the Applicant's pTLA request. > > > >==================================================================== >This BPG peering with CERN (delegation of a /48) was established on 1 >February 2002. >We had a little shortage, as you can see, three weeks ago. > > >Socket201>sh ipv6 int br >Ethernet0/0 [up/up] > 3FFE:8120:FFFB:801:230:94FF:FE0A:B420 >Tunnel0 [up/up] > 3FFE:8120:FFFB::1 >Socket201> > >Socket201>sh ip int br >Interface IP-Address OK? Method >Status Protocol >Ethernet0/0 213.164.61.201 YES >NVRAM up up >Tunnel0 unassigned YES >NVRAM up up >Socket201> > > > >Socket201>sh bgp summary >BGP router identifier 213.164.61.201, local AS number 16091 >BGP table version is 11864, main routing table version 11864 >212 network entries and 212 paths using 41764 bytes of memory >180 BGP path attribute entries using 10800 bytes of memory >176 BGP AS-PATH entries using 4546 bytes of memory >0 BGP route-map cache entries using 0 bytes of memory >0 BGP filter-list cache entries using 0 bytes of memory >BGP activity 2511/1163960 prefixes, 2530/2318 paths, scan interval 15 secs > >Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ >Up/Down State/PfxRcd >3FFE:8120:FFFB::2 > 4 513 36801 27696 11864 0 0 21:32:45 211 >Socket201> > >==================================================================== > > > > > c. Fully maintained DNS forward (AAAA) and reverse (ip6.int) > entries for the Applicant's router(s) and at least one host > system. > > >==================================================================== >The main DNS server is hartree.gstartnet.com > > > > >DIRECT RESOLUTION OF THE ROUTER NAME (socket.gstartnet.com) ====> > > > > > >enric@fock:~$ dig -t any socket.gstartnet.com > >; <<>> DiG 9.2.0 <<>> -t any socket.gstartnet.com >;; global options: printcmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45711 >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 6 > >;; QUESTION SECTION: >;socket.gstartnet.com. IN ANY > >;; ANSWER SECTION: >socket.gstartnet.com. 604800 IN A 213.164.61.201 >socket.gstartnet.com. 604800 IN AAAA >3ffe:8120:fffb:801:230:94ff:fe0a:b420 >socket.gstartnet.com. 604800 IN A6 0 >3ffe:8120:fffb:801:230:94ff:fe0a:b420 > >;; AUTHORITY SECTION: >gstartnet.com. 604800 IN NS druida.gstartnet.com. >gstartnet.com. 604800 IN NS hartree.gstartnet.com. >gstartnet.com. 604800 IN NS ns2.interhost.com. > >;; ADDITIONAL SECTION: >druida.gstartnet.com. 604800 IN A 213.164.54.2 >druida.gstartnet.com. 604800 IN A6 0 3ffe:8120:fffb:c03::2 >druida.gstartnet.com. 604800 IN AAAA 3ffe:8120:fffb:c03::2 >hartree.gstartnet.com. 604800 IN A 213.164.61.198 >hartree.gstartnet.com. 604800 IN A6 0 >3ffe:8120:fffb:803:200:1ff:fe00:b06c >hartree.gstartnet.com. 604800 IN AAAA >3ffe:8120:fffb:803:200:1ff:fe00:b06c > >;; Query time: 13 msec >;; SERVER: 213.164.61.198#53(213.164.61.198) >;; WHEN: Mon May 6 16:31:51 2002 >;; MSG SIZE rcvd: 328 > >enric@fock:~$ >enric@fock:~$ > > > > > >REVERSE RESOLUTION OF THE ROUTER NAME (socket.gstartnet.com) ====> > > > > >enric@fock:~$ >enric@fock:~$ dig -t any -x 3FFE:8120:FFFB:801:230:94FF:FE0A:B420 > >; <<>> DiG 9.2.0 <<>> -t any -x 3FFE:8120:FFFB:801:230:94FF:FE0A:B420 >;; global options: printcmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17433 >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 6 > >;; QUESTION SECTION: >;\[x3FFE8120FFFB0801023094FFFE0AB420/128].ip6.arpa. IN ANY > >;; ANSWER SECTION: >\[x3FFE8120FFFB08/56].ip6.arpa. 604800 IN DNAME ipv6-rev-BCN. >\[x3FFE8120FFFB0801023094FFFE0AB420/128].ip6.arpa. 604800 IN CNAME >\[x01023094FFFE0AB420/72].ipv6-rev-BCN. >\[x01/8].ipv6-rev-BCN. 604800 IN DNAME ipv6-rev-BCN-external. >\[x01023094FFFE0AB420/72].ipv6-rev-BCN. 604800 IN CNAME >\[x023094FFFE0AB420/64].ipv6-rev-BCN-external. >\[x023094FFFE0AB420/64].ipv6-rev-BCN-external. 604800 IN PTR >socket.gstartnet.com. > >;; AUTHORITY SECTION: >ipv6-rev-BCN-external. 604800 IN NS druida.gstartnet.com. >ipv6-rev-BCN-external. 604800 IN NS hartree.gstartnet.com. >ipv6-rev-BCN-external. 604800 IN NS ns2.interhost.com. > >;; ADDITIONAL SECTION: >druida.gstartnet.com. 604800 IN A 213.164.54.2 >druida.gstartnet.com. 604800 IN A6 0 3ffe:8120:fffb:c03::2 >druida.gstartnet.com. 604800 IN AAAA 3ffe:8120:fffb:c03::2 >hartree.gstartnet.com. 604800 IN A 213.164.61.198 >hartree.gstartnet.com. 604800 IN A6 0 >3ffe:8120:fffb:803:200:1ff:fe00:b06c >hartree.gstartnet.com. 604800 IN AAAA >3ffe:8120:fffb:803:200:1ff:fe00:b06c > >;; Query time: 12 msec >;; SERVER: 213.164.61.198#53(213.164.61.198) >;; WHEN: Mon May 6 16:32:02 2002 >;; MSG SIZE rcvd: 417 > >enric@fock:~$ >enric@fock:~$ > > > > >DIRECT RESOLUTION OF A HOST NAME (fock.gstartnet.com) ====> > > > > >enric@fock:~$ >enric@fock:~$ dig -t any fock.gstartnet.com > >; <<>> DiG 9.2.0 <<>> -t any fock.gstartnet.com >;; global options: printcmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 333 >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 6 > >;; QUESTION SECTION: >;fock.gstartnet.com. IN ANY > >;; ANSWER SECTION: >fock.gstartnet.com. 604800 IN A 213.164.61.194 >fock.gstartnet.com. 604800 IN AAAA >3ffe:8120:fffb:803:5054:ff:fedb:ed56 >fock.gstartnet.com. 604800 IN A6 0 >3ffe:8120:fffb:803:5054:ff:fedb:ed56 > >;; AUTHORITY SECTION: >gstartnet.com. 604800 IN NS ns2.interhost.com. >gstartnet.com. 604800 IN NS druida.gstartnet.com. >gstartnet.com. 604800 IN NS hartree.gstartnet.com. > >;; ADDITIONAL SECTION: >druida.gstartnet.com. 604800 IN A 213.164.54.2 >druida.gstartnet.com. 604800 IN A6 0 3ffe:8120:fffb:c03::2 >druida.gstartnet.com. 604800 IN AAAA 3ffe:8120:fffb:c03::2 >hartree.gstartnet.com. 604800 IN A 213.164.61.198 >hartree.gstartnet.com. 604800 IN A6 0 >3ffe:8120:fffb:803:200:1ff:fe00:b06c >hartree.gstartnet.com. 604800 IN AAAA >3ffe:8120:fffb:803:200:1ff:fe00:b06c > >;; Query time: 9 msec >;; SERVER: 213.164.61.198#53(213.164.61.198) >;; WHEN: Mon May 6 16:50:15 2002 >;; MSG SIZE rcvd: 326 > >enric@fock:~$ >enric@fock:~$ > > > > > >REVERSE RESOLUTION OF A HOST NAME (fock.gstartnet.com) ====> > > > > >enric@fock:~$ >enric@fock:~$ dig -t any -x 3FFE:8120:FFFB:803:5054:ff:fedb:ed56 > >; <<>> DiG 9.2.0 <<>> -t any -x 3FFE:8120:FFFB:803:5054:ff:fedb:ed56 >;; global options: printcmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29794 >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 6 > >;; QUESTION SECTION: >;\[x3FFE8120FFFB0803505400FFFEDBED56/128].ip6.arpa. IN ANY > >;; ANSWER SECTION: >\[x3FFE8120FFFB08/56].ip6.arpa. 604800 IN DNAME ipv6-rev-BCN. >\[x3FFE8120FFFB0803505400FFFEDBED56/128].ip6.arpa. 604800 IN CNAME >\[x03505400FFFEDBED56/72].ipv6-rev-BCN. >\[x03/8].ipv6-rev-BCN. 604800 IN DNAME ipv6-rev-BCN-technical. >\[x03505400FFFEDBED56/72].ipv6-rev-BCN. 604800 IN CNAME >\[x505400FFFEDBED56/64].ipv6-rev-BCN-technical. >\[x505400FFFEDBED56/64].ipv6-rev-BCN-technical. 604800 IN PTR >fock.gstartnet.com. > >;; AUTHORITY SECTION: >ipv6-rev-BCN-technical. 604800 IN NS hartree.gstartnet.com. >ipv6-rev-BCN-technical. 604800 IN NS ns2.interhost.com. >ipv6-rev-BCN-technical. 604800 IN NS druida.gstartnet.com. > >;; ADDITIONAL SECTION: >druida.gstartnet.com. 604800 IN A 213.164.54.2 >druida.gstartnet.com. 604800 IN A6 0 3ffe:8120:fffb:c03::2 >druida.gstartnet.com. 604800 IN AAAA 3ffe:8120:fffb:c03::2 >hartree.gstartnet.com. 604800 IN A 213.164.61.198 >hartree.gstartnet.com. 604800 IN A6 0 >3ffe:8120:fffb:803:200:1ff:fe00:b06c >hartree.gstartnet.com. 604800 IN AAAA >3ffe:8120:fffb:803:200:1ff:fe00:b06c > >;; Query time: 16 msec >;; SERVER: 213.164.61.198#53(213.164.61.198) >;; WHEN: Mon May 6 16:50:36 2002 >;; MSG SIZE rcvd: 416 > >enric@fock:~$ > >==================================================================== > > > > > d. A fully maintained, and reliable, IPv6-accessible system > providing, at a mimimum, one or more web pages, describing the > Applicant's IPv6 services. This server must be IPv6 pingable. > > >==================================================================== > >The web is hosted on the server hartree.gstartnet.com and is accessible >on the URL http://www.gstartnet.com . > >Therein, you shall find a brief description of our IPv6-enabled network, >some documentation, and the AS-Path program from Telecom Italia. > >==================================================================== > > > 2. The pTLA Applicant MUST have the ability and intent to provide > "production-quality" 6Bone backbone service. Applicants must > provide a statement and information in support of this claim. > This MUST include the following: > > a. A support staff of two persons minimum, three preferable, with > person attributes registered for each in the ipv6-site object > for the pTLA applicant. > >==================================================================== > >person: Juan Carlos Moreno >notify: jcm@satec.es > >person: Julio Alba >notify: jalba@satec.es > >person: Joan Adroer >notify: joan@satec.es > >person: Sergi Seira >notify: sergi@satec.es > >person: Simon Peter Dyer >notify: simon@satec.es > >person: Enric Corominas >notify: enric@satec.es > >person: Juan Miguel Bocanegra >notify: juanmi@satec.es > >==================================================================== > > > b. A common mailbox for support contact purposes that all support > staff have acess to, pointed to with a notify attribute in the > ipv6-site object for the pTLA Applicant. > > >==================================================================== >The common mailbox for IPv6 in the SATEC working group is > >ipv6@satec.es > > >This addres is configured as a "e-mail" attribute in the "role" object. > > >ipv6-site: SATEC >contact: SR9-6BONE > >role: SATEC Registry >e-mail: ipv6@satec.es >nic-hdl: SR9-6BONE > > >inet6num: 3FFE:8120:FFFB::/48 >notify: ipv6@satec.es > > > >==================================================================== > > > > 3. The pTLA Applicant MUST have a potential "user community" that > would be served by its becoming a pTLA, e.g., the Applicant is a > major provider of Internet service in a region, country, or focus > of interest. Applicants must provide a statement and information in > support this claim. > > >==================================================================== > >SATEC is a group of enterprises whose main interests are in the IT area, >providing consulting, engineering, hosting and e-commerce solutions to >fulfill >the needs of a vast range of enterprises, including major ISPs and public >administration amongst others. > >We are currently present in Spain, Portugal and Morocco. > >The first phase in our IPv6 migration plan is to provide our ADSL users >with access >to a IPv6 VPN. > >Later on, we plan to provide IPv6 access to the rest of companies in the >group, >acting as an IPS for them. > >We also agree with the policy of not charging for services offered using >the 6bone prefix to any of our potential customers. > >==================================================================== > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > operational rules and policies as they exist at time of its > application, and agree to abide by future 6Bone backbone > operational rules and policies as they evolve by consensus of the > 6Bone backbone and user community. > >==================================================================== > >SATEC S.A. understands and agrees with the current 6Bone Policy as stated >in RFC2772. > >We also agree with future evolution of this rules. > >==================================================================== > > > >Thanks, > > >Enric Corominas From nicolas.deffayet-extml@ndsoftwaregroup.com Fri May 10 09:31:16 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Fri, 10 May 2002 10:31:16 +0200 Subject: Getting IPV6 address from 6BONE In-Reply-To: Message-ID: <001701c1f7fd$0e1a0f60$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On > Behalf Of Tapas Das > Sent: Friday, May 10, 2002 6:09 AM > To: 6BONE List > Subject: Getting IPV6 address from 6BONE > Dear Tapas Das, > I have created a Person Object & Mntner , whats next how do i > get IPV6 address from 6BONE. I already hav IP-Address from Freenet 6. For get a pTLA, read this: http://www.6bone.net/6bone_pTLA_rqst.html Best Regards, Nicolas DEFFAYET From pim@ipng.nl Fri May 10 09:39:07 2002 From: pim@ipng.nl (Pim van Pelt) Date: Fri, 10 May 2002 10:39:07 +0200 Subject: Getting IPV6 address from 6BONE In-Reply-To: References: <5.1.0.14.0.20020501084931.027bd578@imap2.es.net> Message-ID: <20020510083907.GA16421@bfib.colo.bit.nl> On Fri, May 10, 2002 at 09:39:19AM +0530, Tapas Das wrote: | Dear All, | I have created a Person Object & Mntner , whats next how do i get IPV6 | address from 6BONE. I already hav IP-Address from Freenet 6. Check out their website (www.freenet6.net) as it has guidelines on how to procede with a /48 delegation from them. If you want your own space, please note that you need to read RFC2772 and be compliant with that. That means having BGP feeds already and a company to back the request. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From ali@ali.dnsalias.com Fri May 10 15:11:00 2002 From: ali@ali.dnsalias.com (ali@ali.dnsalias.com) Date: Fri, 10 May 2002 16:11:00 +0200 Subject: No subject Message-ID: <200205101411.g4AEB0q04162@ali.dnsalias.com> This is a MIME-encapsulated message. --------------275938058004792947712364 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit list --------------275938058004792947712364-- From ccordova@inictel.gob.pe Fri May 10 16:05:32 2002 From: ccordova@inictel.gob.pe (Claudia Cordova Yamauchi) Date: Fri, 10 May 2002 10:05:32 -0500 Subject: Tunnel-DomainName? Message-ID: <200205101513.KAA06346@mail.inictel.gob.pe> Dear all, I'm trying to register my tunnel, without any success... I have INICTEL-PE and we are connecting NITCOM and have some trouble with that DomainName thing. Syntaxis: IPv6 in IPv4 -> Src DomainName: INICTEL-PE or 6BONE COMPENDIUM-AR INICTEL-PE (Bad) Dst DomainName:NITCOM (Bad) IPv6-Site: NITCOM (good. I guess :-) ) Protocol: BGP4+ (good. I guess :-) ) How can I get a domain name? Thank you in advance Claudia From michel@arneill-py.sacramento.ca.us Fri May 10 18:17:09 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 10 May 2002 10:17:09 -0700 Subject: Tunnel-DomainName? Message-ID: <2B81403386729140A3A899A8B39B046405E045@server2000.arneill-py.sacramento.ca.us> Actually, the and are the hostnames for then endpoint routers (common practice). Should look like IPv6 in IPv4 yourrouter.inictel.gob.pe -> theirrouter.nitcom.com NITCOM BGP4+ -----Original Message----- From: Claudia Cordova Yamauchi [mailto:ccordova@inictel.gob.pe] Sent: Friday, May 10, 2002 8:06 AM To: 6BONE@ISI.EDU Subject: Tunnel-DomainName? Dear all, I'm trying to register my tunnel, without any success... I have INICTEL-PE and we are connecting NITCOM and have some trouble with that DomainName thing. Syntaxis: IPv6 in IPv4 -> Src DomainName: INICTEL-PE or 6BONE COMPENDIUM-AR INICTEL-PE (Bad) Dst DomainName:NITCOM (Bad) IPv6-Site: NITCOM (good. I guess :-) ) Protocol: BGP4+ (good. I guess :-) ) How can I get a domain name? Thank you in advance Claudia From pfournier@loups.net Tue May 14 22:44:01 2002 From: pfournier@loups.net (Patrice Fournier) Date: Tue, 14 May 2002 17:44:01 -0400 Subject: Preferred method of advertizing a dual-stack mx server Message-ID: <1021412641.3ce18521a769a@www.courrier.sabius.net> Hi all, I currently have my mail server set to accept mail from either an IPv4 address or an IPv6 one (a 2002::/16 address at the moment). and added an AAAA record to the host that is the MX record. Now, with that change, I've had a report of at least two users who couldn't mail us (nobody at their domains could). As soon as I changed the MX to point a host that only had the A address, mail started to flow again. I know both those place use Lotus Notes internally and the servers that connect to us are using: Sendmail AIX4.3/8.9.3/jtpda-5.3.3 Sendmail AIX4.3/8.9.3/8.9.3 I don't know which of Notes or Sendmail AIX is causing this problem but I was wondering which kind of MX setup you know should work with ALL software out there? Now, I have those records: mail.example.com. IN A 192.0.2.1 mail.example.com. IN AAAA 2002:C000:0201::1 mail.ipv4.example.com. IN A 192.0.2.1 mail.ipv6.example.com. IN AAAA 2002:C000:0201::1 If I have this MX setup: example.net. IN MX 0 mail.example.com. it doesn't work, the server never ever try to connect to either ipv6/ipv4 address. (now, I must say that I haven't tested receiving mail on the IPv6 interface other than from the local machine and I can tracepath6/traceroute6 out of the machine but the sending server MUST try IPv4 if it can't go through with IPv6, right?) If I have: example.net. IN MX 0 mail.ipv4.example.com. it works obiously, but now I can't receive mail by IPv6... Now, would there be a drawback or any other kind of problem by using a setup such as (and would that be the preferred setup considering that the first one showed causes problems?): example.net. IN MX 0 mail.ipv4.example.com. example.net. IN MX 0 mail.ipv6.example.com. Now, I've got many domains to change, and I'd like to be sure of the solution before I implement it for all of them... Thanks, -- Patrice Fournier pfournier@loups.net From itojun@iijlab.net Tue May 14 23:48:54 2002 From: itojun@iijlab.net (Jun-ichiro itojun Hagino) Date: Wed, 15 May 2002 07:48:54 +0900 Subject: Preferred method of advertizing a dual-stack mx server In-Reply-To: pfournier's message of Tue, 14 May 2002 17:44:01 -0400. <1021412641.3ce18521a769a@www.courrier.sabius.net> Message-ID: <20020514224855.0AA0A7B9@starfruit.itojun.org> >I currently have my mail server set to accept mail from either an IPv4 >address or an IPv6 one (a 2002::/16 address at the moment). and added an >AAAA record to the host that is the MX record. Now, with that change, I've >had a report of at least two users who couldn't mail us (nobody at their >domains could). just to make sure: are the "two users" dual-stacked, or IPv4 only? if dual-stacked, is IPv6 connectivity between you and "two users" okay? itojun From gnea@garson.org Wed May 15 03:37:41 2002 From: gnea@garson.org (Scott Prader) Date: Tue, 14 May 2002 22:37:41 -0400 Subject: Preferred method of advertizing a dual-stack mx server In-Reply-To: <1021412641.3ce18521a769a@www.courrier.sabius.net> References: <1021412641.3ce18521a769a@www.courrier.sabius.net> Message-ID: <20020515023741.GD31539@garson.org> * Patrice Fournier (pfournier@loups.net) cobbled forth: > Hi all, > > setup such as (and would that be the preferred setup considering that the > first one showed causes problems?): > example.net. IN MX 0 mail.ipv4.example.com. > example.net. IN MX 0 mail.ipv6.example.com. You may want to try changing the MX handlers to the following: example.net. IN MX 10 mail.ipv6.example.com. example.net IN MX 20 mail.ipv4.example.com. This will simply try to deliver mail to the ipv6-capable host first, then fall back on the ipv4 host. The reasoning is that by using the same priorities will generally cause a round-robin situation, in which the mail and dns servers won't care which host it goes to, but with a defined priority schedule if the first host doesn't work it will fall back to the other host by default instead of becoming confused. HTH .oO Gnea [gnea at garson dot org] Oo. .oO url [http://gnea.net] Oo. "You can tune a filesystem, but you can't tune a fish." -Kirk McKusick From pfournier@loups.net Wed May 15 03:57:40 2002 From: pfournier@loups.net (Patrice Fournier) Date: Tue, 14 May 2002 22:57:40 -0400 Subject: Preferred method of advertizing a dual-stack mx server In-Reply-To: <20020514224855.0AA0A7B9@starfruit.itojun.org> References: <20020514224855.0AA0A7B9@starfruit.itojun.org> Message-ID: <1021431460.3ce1cea49a477@www.courrier.sabius.net> Quoting Jun-ichiro itojun Hagino : > >I currently have my mail server set to accept mail from either an > > IPv4 address or an IPv6 one (a 2002::/16 address at the moment). > > and added an AAAA record to the host that is the MX record. Now, > > with that change, I've had a report of at least two users who > > couldn't mail us (nobody at their domains could). > > just to make sure: > are the "two users" dual-stacked, or IPv4 only? if dual-stacked, > is IPv6 connectivity between you and "two users" okay? AFAIK, they are both IPv4 only... which is what I find the strangest in this. -- Patrice Fournier pfournier@loups.net From dave.wilson@heanet.ie Wed May 15 16:15:32 2002 From: dave.wilson@heanet.ie (Dave Wilson) Date: Wed, 15 May 2002 16:15:32 +0100 Subject: [Fwd: Re: Preferred method of advertizing a dual-stack mx server] Message-ID: <3CE27B94.4080601@heanet.ie> This is starting to sound like a problem with the remote site's DNS. Any idea what happens when they try to do an A lookup for mail.example.com? > example.net. IN MX 10 mail.ipv6.example.com. > example.net IN MX 20 mail.ipv4.example.com. > > This will simply try to deliver mail to the ipv6-capable host first, > then fall back on the ipv4 host. Since the vast majority of hosts are working ipv4 hosts, would it be safe to try example.net. IN MX 10 mail.example.com. example.net. IN MX 20 mail.ipv4.example.com. --although since we're talking about a broken site here, there's no guarantee that *any* of the above will work. The site is failing in unpredictable ways on zones with AAAA records. And if this works for one site, it might break another 8-) BTW, if you'd like to test IPv6 SMTP transport, send a mail to LISTSERV@LISTSERV.HEANET.IE with just the word "thanks" in the body. Dave From yeti@bigpond.com Thu May 16 01:41:51 2002 From: yeti@bigpond.com (Dan Webb) Date: Thu, 16 May 2002 09:41:51 +0900 Subject: 6bone mailing list In-Reply-To: <3CE27B94.4080601@heanet.ie> Message-ID: Morning all, I've been lurking on this list for almost 12 months trying to get my head around all of this, (and I'm still lurking) :) However this morning I just received a 'Welcome to the 6bone mailing list' email to another email address of mine, that I know I havn't also signed up on. so it does appear someone/somthing somewhere is adding email addresses to the list. This being where all those remove requests are comming from. Apart from tracking down where the subscriptions are coming from I do agree with adding a tag line at the bottom with instructions on how to unsubscribe. In other news I am learning a lot about the 6-bone :) Dan PS the account that was not added by me is yeti@cutthisout.bigpond.com From hansolofalcon@worldnet.att.net Thu May 16 04:32:39 2002 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Wed, 15 May 2002 23:32:39 -0400 Subject: 6bone mailing list In-Reply-To: Message-ID: <000401c1fc8a$551f8520$8560580c@who> Hello from Gregg C Levine Well I don't know. Earlier I did see such a message, it was sent to this address. So something is working. What it is, remains to be seen. It could be that the mailman program is learning how to send things, and it needs to be taught about how we manage our addresses. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) > -----Original Message----- > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of Dan > Webb > Sent: Wednesday, May 15, 2002 8:42 PM > To: 6bone@ISI.EDU > Subject: 6bone mailing list > > > Morning all, I've been lurking on this list for almost 12 months trying to > get my head around all of this, (and I'm still lurking) :) > > However this morning I just received a 'Welcome to the 6bone mailing list' > email to another email address of mine, that I know I havn't also signed up > on. so it does appear someone/somthing somewhere is adding email addresses > to the list. > > This being where all those remove requests are comming from. > > Apart from tracking down where the subscriptions are coming from I do agree > with adding a tag line at the bottom with instructions on how to > unsubscribe. > > In other news I am learning a lot about the 6-bone :) > > Dan > > PS the account that was not added by me is yeti@cutthisout.bigpond.com From dave@dave.tj Thu May 16 07:32:59 2002 From: dave@dave.tj (Dave) Date: Thu, 16 May 2002 02:32:59 -0400 (EDT) Subject: 6bone mailing list In-Reply-To: <000401c1fc8a$551f8520$8560580c@who> Message-ID: <200205160634.g4G6Yx301169@dave2.dave.tj> The "mailman" program running the 6bone mailing list seems an awful lot like a majordomo program ... I'd bet (1 cent, of course - you must pay the shipping cost for the penny) it's just majordomo masquerading as GNU mailman (or maybe the more historically correct GNU mailman masquerading as majordomo?). Can somebody please clear up the mystery? BTW - Sorry, Gregg, for the rest of this message ;-) ------------------- Dave Y Cohen dave@dave.tj ------------------------------------------------------------ (This company dedicates this E-Mail to anybody who hates Star Wars ) Gregg C Levine wrote: > > Hello from Gregg C Levine > Well I don't know. Earlier I did see such a message, it was sent to this > address. So something is working. What it is, remains to be seen. It > could be that the mailman program is learning how to send things, and it > needs to be taught about how we manage our addresses. > ------------------- > Gregg C Levine hansolofalcon@worldnet.att.net > ------------------------------------------------------------ > "The Force will be with you...Always." Obi-Wan Kenobi > "Use the Force, Luke."  Obi-Wan Kenobi > (This company dedicates this E-Mail to General Obi-Wan Kenobi ) > (This company dedicates this E-Mail to Master Yoda ) > > > > > -----Original Message----- > > From: owner-6bone@ISI.EDU [mailto:owner-6bone@ISI.EDU] On Behalf Of > Dan > > Webb > > Sent: Wednesday, May 15, 2002 8:42 PM > > To: 6bone@ISI.EDU > > Subject: 6bone mailing list > > > > > > Morning all, I've been lurking on this list for almost 12 months > trying to > > get my head around all of this, (and I'm still lurking) :) > > > > However this morning I just received a 'Welcome to the 6bone mailing > list' > > email to another email address of mine, that I know I havn't also > signed up > > on. so it does appear someone/somthing somewhere is adding email > addresses > > to the list. > > > > This being where all those remove requests are comming from. > > > > Apart from tracking down where the subscriptions are coming from I do > agree > > with adding a tag line at the bottom with instructions on how to > > unsubscribe. > > > > In other news I am learning a lot about the 6-bone :) > > > > Dan > > > > PS the account that was not added by me is yeti@cutthisout.bigpond.com > > From dave@dave.tj Thu May 16 04:35:51 2002 From: dave@dave.tj (Dave) Date: Wed, 15 May 2002 23:35:51 -0400 (EDT) Subject: 6bone mailing list In-Reply-To: Message-ID: <200205160635.g4G6ZRJ01197@dave2.dave.tj> LOL ... I got the same message this morning, but it came to the address I am already subscribed with (dave@dave.tj) ... weird, eh? I hope I don't start getting duplicates of all messages now (although I believe majordomo has automatic duplicate removal) ;-/ - Dave Dan Webb wrote: > > > Morning all, I've been lurking on this list for almost 12 months trying to > get my head around all of this, (and I'm still lurking) :) > > However this morning I just received a 'Welcome to the 6bone mailing list' > email to another email address of mine, that I know I havn't also signed up > on. so it does appear someone/somthing somewhere is adding email addresses > to the list. > > This being where all those remove requests are comming from. > > Apart from tracking down where the subscriptions are coming from I do agree > with adding a tag line at the bottom with instructions on how to > unsubscribe. > > In other news I am learning a lot about the 6-bone :) > > Dan > > PS the account that was not added by me is yeti@cutthisout.bigpond.com > From bmanning@ISI.EDU Thu May 16 09:41:40 2002 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 16 May 2002 01:41:40 -0700 (PDT) Subject: {2002.05.669} Converting 6bone to Mailman Message-ID: <200205160841.g4G8fe815633@boreas.isi.edu> >From kemp@ISI.EDU Wed May 15 16:46:11 2002 Subject: Re: {2002.05.669} Converting Mbone & 6bone to Mailman Date: Wed, 15 May 2002 16:46:04 -0700 > These lists exist but are not in use meaning the server > mail aliases for "Mbone" and "6bone" still point to the Majordomo lists. We have configured the Mbone and 6bone mailing list. Please convert the server mail aliases for Friday, May 17th by 11am (PDT). Thank you, --Joe K. ----- End of forwarded message from Joe Kemp ----- It seems that Joe Kemp was/is not an approved poster to the 6bone/majordomo list so his original notification was not sent. The 6bone mailing list is in the process of being migrated from majordomo to mailman. You should have received a notice from "mailman" that you are on its version of the list. As the notice above points out, the change to the "live" system is scheduled to occur this friday. Note that Joe Kemp will be the new list administrator and I'll provide backup. --bill From dave@dave.tj Thu May 16 11:42:37 2002 From: dave@dave.tj (Dave) Date: Thu, 16 May 2002 06:42:37 -0400 (EDT) Subject: 6bone mailing list In-Reply-To: <20020516115037.D17897@xs4all.nl> Message-ID: <200205161042.g4GAgxs02930@dave2.dave.tj> Yup, I know. (I run installations of both majordomo and mailman.) I was just hoping for somebody who knows what software the 6bone list is using to tell us which it is, so I know whether I should get my penny out, or whether I should be expecting an extra penny :-) - Dave Remco van Zuijlen wrote: > > On Thu, May 16, 2002 at 02:32:59AM -0400, Dave wrote: > > The "mailman" program running the 6bone mailing list seems an awful lot > > like a majordomo program ... I'd bet (1 cent, of course - you must pay > > the shipping cost for the penny) it's just majordomo masquerading as GNU > > mailman (or maybe the more historically correct GNU mailman masquerading > > as majordomo?). Can somebody please clear up the mystery? > > Well, I know majordomo is written in perl, and mailman in Python.. the admin > part is also much better than the stone age technology of majordomo :) > > Remco > > -- > Remco van Zuijlen > > Hi! I'm a .signature virus! copy me into your .signature file to help me spread! > From dave@dave.tj Thu May 16 12:40:00 2002 From: dave@dave.tj (Dave) Date: Thu, 16 May 2002 07:40:00 -0400 (EDT) Subject: {2002.05.669} Converting 6bone to Mailman In-Reply-To: <200205160841.g4G8fe815633@boreas.isi.edu> Message-ID: <200205161140.g4GBe0d03344@dave2.dave.tj> Oh, yeah ... I was right! It _is_ really majordomo masquerading as mailman ... LOL!!! /me dances around the room :-) Okay, somebody (who took me up on the bet?) owes me a penny now. . . - Dave Bill Manning wrote: > > >From kemp@ISI.EDU Wed May 15 16:46:11 2002 > Subject: Re: {2002.05.669} Converting Mbone & 6bone to Mailman > Date: Wed, 15 May 2002 16:46:04 -0700 > > > > These lists exist but are not in use meaning the server > > mail aliases for "Mbone" and "6bone" still point to the Majordomo lists. > > We have configured the Mbone and 6bone mailing list. Please convert the server > mail aliases for Friday, May 17th by 11am (PDT). > > Thank you, > > --Joe K. > ----- End of forwarded message from Joe Kemp ----- > > > It seems that Joe Kemp was/is not an approved poster to > the 6bone/majordomo list so his original notification was > not sent. > > The 6bone mailing list is in the process of being migrated > from majordomo to mailman. You should have received a > notice from "mailman" that you are on its version of the > list. As the notice above points out, the change to the > "live" system is scheduled to occur this friday. > > Note that Joe Kemp will be the new list administrator and > I'll provide backup. > > --bill > From michael@kjorling.com Thu May 16 14:30:33 2002 From: michael@kjorling.com (Michael Kjorling) Date: Thu, 16 May 2002 15:30:33 +0200 (CDT) Subject: 6bone mailing list In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 16 2002 09:41 +0900, Dan Webb wrote: > However this morning I just received a 'Welcome to the 6bone mailing list' > email to another email address of mine, that I know I havn't also signed up > on. so it does appear someone/somthing somewhere is adding email addresses > to the list. Well, the notice I received was from Mailman, and when I signed up to the 6bone list it was running on Majordomo, so I figured that it was migrated. If this is wrong, please let me know. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE847R7KqN7/Ypw4z4RAgj0AJ4sNMs0jS4lpeLwxZm1IruTUNCngwCgkmTq 4Ex/PeFrObym9RMoJMNOMrA= =0yL2 -----END PGP SIGNATURE----- From allan@cefetba.br Fri May 17 00:01:37 2002 From: allan@cefetba.br (Allan Edgard Silva Freitas) Date: Thu, 16 May 2002 20:01:37 -0300 Subject: Some problems with sendmail, Linux and v6 Message-ID: <00bb01c1fd2d$a204e530$1f02010a@intracefet> This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B8_01C1FD14.7CA6E450" ------=_NextPart_000_00B8_01C1FD14.7CA6E450 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi folks, I get some problems running sendmail in an IPv6/IPv4 Linux box (kernel = 2.4.5 - conectiva a based-RedHat distribution). I compiled both Sendmail = 8.9.1 with WINE patch and Sendmail 8.12 using -DNETINET6 option and I = see if I use at the same time the two lines below in sendmail.cf: "O DaemonPortOptions=3DName=3DIPv4, Family=3Dinet" ("O = DaemonPortOptions=3DFamily=3Dinet6" in /etc/sendmail6.cf using WINE) "O DaemonPortOptions=3DName=3DIPv6, Family=3Dinet6" ("O = DaemonPortOptions=3DFamily=3Dinet6" in /etc/sendmail6.cf using WINE) I get no runing sendmail, I can only use: "O DaemonPortOptions=3DName=3DIPv4, Family=3Dinet" or=20 "O DaemonPortOptions=3DName=3DIPv6, Family=3Dinet6" So, I only could have an IPv6 SMTP Server or an IPv4 SMTP Server but = never the both running. I had a FreeBSD box, where IPv6 is native and I = see that the same configuration have no problems in Free. Do anyone know = some specific bug regarding about this configuration above described? = Some hint to I overpass it?? Thanks, Allan Freitas ------=_NextPart_000_00B8_01C1FD14.7CA6E450 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi folks,
 
I get some problems running sendmail in = an=20 IPv6/IPv4 Linux box (kernel 2.4.5 - conectiva a based-RedHat = distribution). I=20 compiled both Sendmail 8.9.1 with WINE patch and Sendmail 8.12 using = -DNETINET6=20 option and I see if I use at the same time the two lines below in=20 sendmail.cf:
"O DaemonPortOptions=3DName=3DIPv4, = Family=3Dinet"=20         ("O = DaemonPortOptions=3DFamily=3Dinet6" in=20 /etc/sendmail6.cf using WINE)
"O DaemonPortOptions=3DName=3DIPv6,=20 Family=3Dinet6"       ("O=20 DaemonPortOptions=3DFamily=3Dinet6" in /etc/sendmail6.cf using = WINE)
 
I get no runing sendmail, I can only = use:
"O DaemonPortOptions=3DName=3DIPv4, Family=3Dinet"
    or
"O DaemonPortOptions=3DName=3DIPv6, Family=3Dinet6"
So, I only could have an IPv6 SMTP Server or an IPv4 SMTP = Server but=20 never the both running. I had a FreeBSD box, where IPv6 is native and I = see that=20 the same configuration have no problems in Free. Do anyone know some = specific=20 bug regarding about this configuration above described? Some hint to I = overpass=20 it??
 
Thanks,
 
Allan Freitas
 
 ------=_NextPart_000_00B8_01C1FD14.7CA6E450-- --------------InterScan_NT_MIME_Boundary-- From yeti@bigpond.com Fri May 17 01:39:10 2002 From: yeti@bigpond.com (Dan Webb) Date: Fri, 17 May 2002 09:39:10 +0900 Subject: [6bone] RE: 6bone mailing list In-Reply-To: Message-ID: Yeah I was a little wrong, it did go to the correct mailing email address, but my filter didn't catch it for some reason and sent it to the wrong folder. Thats what I get for reading and replying to email before my morning coffee(s) :) Dan From pekkas@netcore.fi Fri May 17 06:00:54 2002 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 17 May 2002 08:00:54 +0300 (EEST) Subject: [6bone] Re: Some problems with sendmail, Linux and v6 In-Reply-To: <00bb01c1fd2d$a204e530$1f02010a@intracefet> Message-ID: On Thu, 16 May 2002, Allan Edgard Silva Freitas wrote: > I get no runing sendmail, I can only use: > "O DaemonPortOptions=Name=IPv4, Family=inet" > or > "O DaemonPortOptions=Name=IPv6, Family=inet6" > > So, I only could have an IPv6 SMTP Server or an IPv4 SMTP Server but > never the both running. I had a FreeBSD box, where IPv6 is native and I > see that the same configuration have no problems in Free. Do anyone know > some specific bug regarding about this configuration above described? > Some hint to I overpass it?? You must bind one to an IP address, like: DAEMON_OPTIONS(`port=smtp,Addr=2001:670:86::1, Name=MTA-v6, Family=inet6') This is due to the way Linux bind() currently works (reason: mapped addresses) -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From jorgen@hovland.cx Fri May 17 10:51:11 2002 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Fri, 17 May 2002 11:51:11 +0200 Subject: [6bone] Re: Some problems with sendmail, Linux and v6 References: <00bb01c1fd2d$a204e530$1f02010a@intracefet> Message-ID: <001701c1fd88$60c753e0$0200000a@hera> This is a multi-part message in MIME format. ------=_NextPart_000_0014_01C1FD99.23FF1DB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable In linux, INET6 :: is also INET4 0.0.0.0 (atleast for sendmail) So you dont need to specify inet if you are using inet6 anyip. -j ----- Original Message -----=20 From: Allan Edgard Silva Freitas=20 To: 6Bone@ISI.EDU=20 Sent: Friday, May 17, 2002 1:01 AM Subject: Some problems with sendmail, Linux and v6 Hi folks, I get some problems running sendmail in an IPv6/IPv4 Linux box (kernel = 2.4.5 - conectiva a based-RedHat distribution). I compiled both Sendmail = 8.9.1 with WINE patch and Sendmail 8.12 using -DNETINET6 option and I = see if I use at the same time the two lines below in sendmail.cf: "O DaemonPortOptions=3DName=3DIPv4, Family=3Dinet" ("O = DaemonPortOptions=3DFamily=3Dinet6" in /etc/sendmail6.cf using WINE) "O DaemonPortOptions=3DName=3DIPv6, Family=3Dinet6" ("O = DaemonPortOptions=3DFamily=3Dinet6" in /etc/sendmail6.cf using WINE) I get no runing sendmail, I can only use: "O DaemonPortOptions=3DName=3DIPv4, Family=3Dinet" or=20 "O DaemonPortOptions=3DName=3DIPv6, Family=3Dinet6" So, I only could have an IPv6 SMTP Server or an IPv4 SMTP Server but = never the both running. I had a FreeBSD box, where IPv6 is native and I = see that the same configuration have no problems in Free. Do anyone know = some specific bug regarding about this configuration above described? = Some hint to I overpass it?? Thanks, Allan Freitas ------=_NextPart_000_0014_01C1FD99.23FF1DB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
In linux, INET6 :: is also INET4 = 0.0.0.0 (atleast=20 for sendmail)
So you dont need to specify inet if you = are using=20 inet6 anyip.
 
 
-j
----- Original Message -----
From:=20 Allan = Edgard Silva=20 Freitas
Sent: Friday, May 17, 2002 1:01 = AM
Subject: Some problems with = sendmail,=20 Linux and v6

Hi folks,
 
I get some problems running sendmail = in an=20 IPv6/IPv4 Linux box (kernel 2.4.5 - conectiva a based-RedHat = distribution). I=20 compiled both Sendmail 8.9.1 with WINE patch and Sendmail 8.12 using=20 -DNETINET6 option and I see if I use at the same time the two lines = below in=20 sendmail.cf:
"O DaemonPortOptions=3DName=3DIPv4, = Family=3Dinet"=20         ("O = DaemonPortOptions=3DFamily=3Dinet6" in=20 /etc/sendmail6.cf using WINE)
"O DaemonPortOptions=3DName=3DIPv6,=20 Family=3Dinet6"       ("O=20 DaemonPortOptions=3DFamily=3Dinet6" in /etc/sendmail6.cf using = WINE)
 
I get no runing sendmail, I can only = use:
"O DaemonPortOptions=3DName=3DIPv4, Family=3Dinet"
    or
"O DaemonPortOptions=3DName=3DIPv6, Family=3Dinet6"
So, I only could have an IPv6 SMTP Server or an IPv4 SMTP = Server but=20 never the both running. I had a FreeBSD box, where IPv6 is native and = I see=20 that the same configuration have no problems in Free. Do anyone know = some=20 specific bug regarding about this configuration above described? Some = hint to=20 I overpass it??
 
Thanks,
 
Allan Freitas
 
------=_NextPart_000_0014_01C1FD99.23FF1DB0-- From michael@kjorling.com Fri May 17 10:53:53 2002 From: michael@kjorling.com (Michael Kjorling) Date: Fri, 17 May 2002 11:53:53 +0200 (CDT) Subject: [6bone] Re: Some problems with sendmail, Linux and v6 In-Reply-To: <00bb01c1fd2d$a204e530$1f02010a@intracefet> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 16 2002 20:01 -0300, Allan Edgard Silva Freitas wrote: > I compiled both Sendmail 8.9.1 with WINE patch and Sendmail 8.12 > using -DNETINET6 option and I see if I use at the same time the two > lines below in sendmail.cf: > "O DaemonPortOptions=Name=IPv4, Family=inet" ("O DaemonPortOptions=Family=inet6" in /etc/sendmail6.cf using WINE) > "O DaemonPortOptions=Name=IPv6, Family=inet6" ("O DaemonPortOptions=Family=inet6" in /etc/sendmail6.cf using WINE) > > I get no runing sendmail, I can only use: > "O DaemonPortOptions=Name=IPv4, Family=inet" > or > "O DaemonPortOptions=Name=IPv6, Family=inet6" > > So, I only could have an IPv6 SMTP Server or an IPv4 SMTP Server but > never the both running. I had a FreeBSD box, where IPv6 is native > and I see that the same configuration have no problems in Free. Do > anyone know some specific bug regarding about this configuration > above described? Some hint to I overpass it?? Hmmm... I have sendmail accepting connections over both IPv4 and IPv6 on a dual-stacked Linux 2.4.18 box with no problem, and every now and then I do get a mail in my inbox that has travelled over IPv6 - even though most are still, obviously, IPv4. Here's what I have in my sendmail.mc that relates to this: dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA-IPv4, Family=inet') dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA-IPv6, Family=inet6') DAEMON_OPTIONS(`Port=smtp, Name=MTA, Family=inet6') As you can see, I effectively only have one DAEMON_OPTIONS() line, giving Family=inet6. There is some peculiarity with the Linux kernel that an IPv6 listening socket will also accept IPv4 connections - it was in the original standard but experience has shown since then that it does not always produce the desired results. Anyway, why don't you go ahead and try your sendmail over IPv4 with only an AF_INET6 socket listening? Provided that you have a stock kernel release that might do the trick. I'm running sendmail 8.11.6 compiled with IPv6 support (of course) in case that matters. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE85NM1KqN7/Ypw4z4RAguQAKCAYDkjGdFI2QbiNVYoabEuNG8xBACg1Eem 0hzi8HmPJSjK7Kwvic5+7Tw= =t/1v -----END PGP SIGNATURE----- From hans.goes@wcom.com Fri May 17 14:41:37 2002 From: hans.goes@wcom.com (Hans Goes) Date: Fri, 17 May 2002 13:41:37 +0000 (GMT) Subject: [6bone] ipv6 software for cisco 2600 Message-ID: Hi, As far as I can see there is no IOS software available for Cisco 2600 with only 32meg memory ? 48 megs seems to be the lowest possibility. Thanks Hans Goes WorldCom EMEA Network Operations Joan Muyskenweg 24 1096 CJ Amsterdam The Netherlands Tel: +31 20 7112428 Fax: +31 20 7112455 Email: hans.goes@wcom.com http://www.wcom.com/nl/ From paitken@cisco.com Fri May 17 20:35:05 2002 From: paitken@cisco.com (Paul Aitken) Date: Fri, 17 May 2002 20:35:05 +0100 Subject: [6bone] ipv6 software for cisco 2600 References: Message-ID: <3CE55B69.7040208@cisco.com> Hans, > As far as I can see there is no IOS software available for Cisco 2600 with > only 32meg memory ? > 48 megs seems to be the lowest possibility. Correct; the smallest footprint for a 2600 is an IP PLUS image requiring 48M RAM and 16M Flash. Note that this sort of question is best sent to either tac@cisco.com or ipv6-support@cisco.com Cheers. -- Paul Aitken IPv6 Development, Cisco Systems Ltd, Edinburgh, Scotland. EH6 6LX From itojun@iijlab.net Sat May 18 03:44:15 2002 From: itojun@iijlab.net (Jun-ichiro itojun Hagino) Date: Sat, 18 May 2002 11:44:15 +0900 Subject: [6bone] Re: Some problems with sendmail, Linux and v6 In-Reply-To: michael's message of Fri, 17 May 2002 11:53:53 +0200. Message-ID: <20020518024415.AFE4E7BC@starfruit.itojun.org> >> I compiled both Sendmail 8.9.1 with WINE patch and Sendmail 8.12 >> using -DNETINET6 option and I see if I use at the same time the two >> lines below in sendmail.cf: > >> "O DaemonPortOptions=Name=IPv4, Family=inet" ("O DaemonPortOptions=Family=inet6" in /etc/sendmail6.cf using WINE) >> "O DaemonPortOptions=Name=IPv6, Family=inet6" ("O DaemonPortOptions=Family=inet6" in /etc/sendmail6.cf using WINE) >> >> I get no runing sendmail, I can only use: >> "O DaemonPortOptions=Name=IPv4, Family=inet" >> or >> "O DaemonPortOptions=Name=IPv6, Family=inet6" >> >> So, I only could have an IPv6 SMTP Server or an IPv4 SMTP Server but >> never the both running. I had a FreeBSD box, where IPv6 is native >> and I see that the same configuration have no problems in Free. Do >> anyone know some specific bug regarding about this configuration >> above described? Some hint to I overpass it?? The trouble is caused by the lack of standard for bind(2) behavior, when bind(2) to AF_INET and AF_INET6 are made the same port number. Linux rejects AF_INET bind(2) after AF_INET6 bind(2). therefore, you need to open only a single AF_INET6 socket, and expect IPv4 traffic to come in from AF_INET6 socket. so the following should make your sendmail to accept both IPv4 and IPv6 connections: >> "O DaemonPortOptions=Name=IPv6, Family=inet6" on other platforms, two line configuration ("inet" and "inet6") should work fine. i really feel sorry for you, and sad about the lack of standard here. itojun From Francis.Dupont@enst-bretagne.fr Sat May 18 17:11:25 2002 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Sat, 18 May 2002 18:11:25 +0200 Subject: [6bone] Re: Some problems with sendmail, Linux and v6 In-Reply-To: Your message of Sat, 18 May 2002 11:44:15 +0900. <20020518024415.AFE4E7BC@starfruit.itojun.org> Message-ID: <200205181611.g4IGBPT99930@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: i really feel sorry for you, and sad about the lack of standard here. => the IPV6_V6ONLY stuff was added in the RFC 2553 revision (when it will be published BTW) just to fill this hole (and not in the general case where a RFC 2553 compliant implementation should accept IPv4 and IPv6 traffic on a socket bound to ::, but for the case where a different policy is applied to IPv6 and IPv5 traffics. Today the only application in this case is BIND 9). Regards Francis.Dupont@enst-bretagne.fr From itojun@iijlab.net Sat May 18 23:40:00 2002 From: itojun@iijlab.net (Jun-ichiro itojun Hagino) Date: Sun, 19 May 2002 07:40:00 +0900 Subject: [6bone] Re: Some problems with sendmail, Linux and v6 In-Reply-To: Francis.Dupont's message of Sat, 18 May 2002 18:11:25 +0200. <200205181611.g4IGBPT99930@givry.rennes.enst-bretagne.fr> Message-ID: <20020518224000.6429E7B9@starfruit.itojun.org> >=> the IPV6_V6ONLY stuff was added in the RFC 2553 revision (when it will >be published BTW) just to fill this hole (and not in the general case >where a RFC 2553 compliant implementation should accept IPv4 and IPv6 >traffic on a socket bound to ::, but for the case where a different policy >is applied to IPv6 and IPv5 traffics. Today the only application in this >case is BIND 9). and mozilla uses it too. what IPV6_V6ONLY spec says is not really enough, IMHO. itojun From paul@timmins.net Sun May 19 17:57:29 2002 From: paul@timmins.net (Paul Timmins) Date: 19 May 2002 12:57:29 -0400 Subject: [6bone] IPv6 port scanners? Message-ID: <1021827449.24642.6.camel@pikachu> I'm looking for an IPv6 portscanner, preferrably for UNIX, to audit my network for unnecessary services. I'd prefer something like NMAP that can scan a block of IP addresses, but one that can scan just one at a time works fine for me too. Any suggestions? -Paul From jim@daedelus.com Sun May 19 18:00:50 2002 From: jim@daedelus.com (Jim Martin) Date: Sun, 19 May 2002 10:00:50 -0700 Subject: [6bone] 6Bone registry entries when multihomed? Message-ID: <5.1.1.2.0.20020519095858.0294dfc8@imap.daedelus.com> [This is a resend - sorry for any duplicates!] Gentlepeople, I've got a procedural question for the group. Let's say someone has gotten two tunnels from two upstream v6 providers. Each provider has delegated him a /48. When being a responsible 6Bone citizen, does he register 2 inet6num objects and one ipv6-site object? Or perhaps two inet6num objects and two ipv6-site objects? If it's two ipv6-site objects, is there a naming convention (ie, MYSITE-PROVIDER1 and MYSITE-PROVIDER2)? Just trying to play nicely with the group ... :-) - Jim From nicolas.deffayet-extml@ndsoftwaregroup.com Sun May 19 18:59:18 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Sun, 19 May 2002 19:59:18 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <5.1.1.2.0.20020519095858.0294dfc8@imap.daedelus.com> Message-ID: <000301c1ff5e$e591a260$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Jim Martin > Sent: Sunday, May 19, 2002 7:01 PM > To: 6bone@ISI.EDU > Subject: [6bone] 6Bone registry entries when multihomed? > > > [This is a resend - sorry for any duplicates!] > > Gentlepeople, > I've got a procedural question for the group. Let's say > someone has gotten > two tunnels from two upstream v6 providers. Each provider has > delegated him > a /48. When being a responsible 6Bone citizen, does he > register 2 inet6num > objects and one ipv6-site object? Or perhaps two inet6num > objects and two > ipv6-site objects? If it's two ipv6-site objects, is there a naming > convention (ie, MYSITE-PROVIDER1 and MYSITE-PROVIDER2)? > 2 inet6num 1 ipv6-site A exemple: http://whois.6bone.net/cgi-bin/whois?NDSOFTWARE From michel@arneill-py.sacramento.ca.us Sun May 19 21:59:37 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sun, 19 May 2002 13:59:37 -0700 Subject: [6bone] 6Bone registry entries when multihomed? Message-ID: <2B81403386729140A3A899A8B39B046405E076@server2000.arneill-py.sacramento.ca.us> Jim, > Jim Martin wrote: > I've got a procedural question for the group. Let's say > someone has gotten two tunnels from two upstream v6 providers. > Each provider has delegated him a /48. When being a responsible > 6Bone citizen, does he register 2 inet6num objects and one > ipv6-site object? Yes. > Nicolas DEFFAYET wrote > A exemple: http://whois.6bone.net/cgi-bin/whois?NDSOFTWARE Nicolas is an ISP. If you got /48s it probably means you are not, here is an example that might be closer to your needs: http://whois.6bone.net/cgi-bin/whois?ARNEILLPY Note that this does not provide you with a multihoming solution, since both of your upstreams will filter your /48. Michel. From itojun@iijlab.net Mon May 20 06:20:01 2002 From: itojun@iijlab.net (itojun@iijlab.net) Date: Mon, 20 May 2002 14:20:01 +0900 Subject: [6bone] IPv6 site count Message-ID: <15005.1021872001@itojun.org> you may find it interesting: http://www.jp.ipv6.org/sitecount/index.en.html we think there are at least 1000 /48 IPv6 sites in Japan. (since it is rather hard to count # of 6to4 sites, there can be a lot more) itojun From michael@kjorling.com Mon May 20 12:49:31 2002 From: michael@kjorling.com (Michael Kjorling) Date: Mon, 20 May 2002 13:49:31 +0200 (CDT) Subject: [6bone] IPv6 port scanners? In-Reply-To: <1021827449.24642.6.camel@pikachu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 19 2002 12:57 -0400, Paul Timmins wrote: > I'm looking for an IPv6 portscanner, preferrably for UNIX, to audit my > network for unnecessary services. > I'd prefer something like NMAP that can scan a block of IP addresses, > but one that can scan just one at a time works fine for me too. > Any suggestions? > -Paul A fairly quick Google search turned up a page on Freshmeat listing halfscan6, "An IPv6 port scanner." See http://freshmeat.net/projects/halfscan6/ Disclaimer: I have not tried it myself, and have no idea about its quality! Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE86OLaKqN7/Ypw4z4RAtPvAKCinkH/8RlLp5SGSPRwJFAbcOieEQCeMF8o PozORcOM95h0C0645FRZlsk= =/eXz -----END PGP SIGNATURE----- From rocheml@httrack.com Mon May 20 13:41:46 2002 From: rocheml@httrack.com (Xavier Roche) Date: Mon, 20 May 2002 14:41:46 +0200 Subject: [6bone] AAAA and A6 recent status? Message-ID: <5.1.0.14.0.20020520143041.00a14540@wheresmymailserver.com> Hi, rfc #2874 seem to suggest that AAAA records will "soon" disappear ; is the A6 record format the definitive one? If the 2874 considered as 'final' standard? Regards, Xavier From michael@kjorling.com Mon May 20 14:28:46 2002 From: michael@kjorling.com (Michael Kjorling) Date: Mon, 20 May 2002 15:28:46 +0200 (CDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <5.1.0.14.0.20020520143041.00a14540@wheresmymailserver.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 20 2002 14:41 +0200, Xavier Roche wrote: > Hi, > > rfc #2874 seem to suggest that AAAA records will "soon" disappear ; > is the A6 record format the definitive one? If the 2874 considered > as 'final' standard? > > > Regards, > Xavier I believe not. There is draft-ietf-dnsext-ipv6-addresses-01 which says: Abstract This document clarifies and updates the standards status of RFCs that define direct and reverse map of IPv6 addresses in DNS. This document moves the A6 and Bit label specifications to experimental status. and: 1.1 Standards action taken This document changes the status of RFCs 2673 and 2874 from Proposed Standard to Experimental. as well as: 2.2 Recommended standard action Based on the perceived consensus, this document recommend that RFC 1886 stay on standards track and be advanced, while moving RFC 2874 to Experimental status. The I-D, dated March 2002 and expiring September 2002, is available at ftp://ftp.isi.edu/in-notes/search.ietf.org/internet-drafts/draft-ietf-dnsext-ipv6-addresses-01.txt and updates RFCs 1886, 2673 and 2874. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE86PoZKqN7/Ypw4z4RArMVAJ9gEpK3EjD3019KuwTdDbxPtba2HwCgskwx yTZbMYHyLAc7FNJomTmjN7s= =f18o -----END PGP SIGNATURE----- From nicolas.deffayet-extml@ndsoftwaregroup.com Mon May 20 14:33:31 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Mon, 20 May 2002 15:33:31 +0200 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <5.1.0.14.0.20020520143041.00a14540@wheresmymailserver.com> Message-ID: <003901c20002$eeb63b90$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Xavier Roche > Sent: Monday, May 20, 2002 2:42 PM > To: 6bone@ISI.EDU > Subject: [6bone] AAAA and A6 recent status? > Hi, > rfc #2874 seem to suggest that AAAA records will "soon" > disappear ; is the A6 record format the definitive one? If > the 2874 considered as 'final' standard? I don't reply to your initial question, but i want add my comment: Don't forget that old system will try to resolve only AAAA. I suggest to use AAAA and A6 for each dns forward entry. It's the same problem with .int and .arpa for reverse (PTR)... Best Regards, Nicolas DEFFAYET From itojun@iijlab.net Mon May 20 14:40:06 2002 From: itojun@iijlab.net (itojun@iijlab.net) Date: Mon, 20 May 2002 22:40:06 +0900 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: rocheml's message of Mon, 20 May 2002 14:41:46 +0200. <5.1.0.14.0.20020520143041.00a14540@wheresmymailserver.com> Message-ID: <20213.1021902006@itojun.org> >rfc #2874 seem to suggest that AAAA records will "soon" disappear ; is the A6 >record format the definitive one? If the 2874 considered as 'final' standard? AAAA is the final standard. draft-ietf-dnsext-ipv6-addresses-01.txt itojun From pekkas@netcore.fi Mon May 20 15:15:48 2002 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 20 May 2002 17:15:48 +0300 (EEST) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <5.1.0.14.0.20020520143041.00a14540@wheresmymailserver.com> Message-ID: On Mon, 20 May 2002, Xavier Roche wrote: > rfc #2874 seem to suggest that AAAA records will "soon" disappear ; is > the A6 record format the definitive one? If the 2874 considered as > 'final' standard? Short answer: forget about A6 altogether. Long answer: look in the archives of the mailing list and e.g. http://search.ietf.org/internet-drafts/draft-ietf-dnsext-ipv6-addresses-01.txt -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords From bmanning@ISI.EDU Mon May 20 15:35:00 2002 From: bmanning@ISI.EDU (Bill Manning) Date: Mon, 20 May 2002 07:35:00 -0700 (PDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <20213.1021902006@itojun.org> from "itojun@iijlab.net" at "May 20, 2 10:40:06 pm" Message-ID: <200205201435.g4KEZ1i04991@boreas.isi.edu> % >rfc #2874 seem to suggest that AAAA records will "soon" disappear ; is the A6 % >record format the definitive one? If the 2874 considered as 'final' standard? % % AAAA is the final standard. % draft-ietf-dnsext-ipv6-addresses-01.txt % % itojun final is such a strong word. The current recommendation is: draft-ietf-dnsext-ipv6-addresses-01.txt, which might become an RFC. Even then, changes can and do occur. Its a pretty safe bet that AAAA records will get you what you want, but apps should be prepared to deal w/ A6 records, since they do exist and show every likelyhood of remaining in the code. -- --bill From thomas@habets.pp.se Mon May 20 16:32:36 2002 From: thomas@habets.pp.se (Thomas Habets) Date: Mon, 20 May 2002 17:32:36 +0200 Subject: [6bone] IPv6 port scanners? In-Reply-To: References: Message-ID: <200205201606.g4KG6VIL017008@akilles.darkface.pp.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 20 May 2002 13:49, you wrote: > A fairly quick Google search turned up a page on Freshmeat listing > halfscan6, "An IPv6 port scanner." I love it when my programs pop up on mailing lists. :-) > Disclaimer: I have not tried it myself, and have no idea about its > quality! Works on: Linux x86 Linux sparc Does not work on: OpenBSD 3.0 sparc NetBSD 1.5.2 alpha Also, Linux seems to set the source address to what it wants even though I'm sending them out a raw socket, which sucks since I've already calculated the checksum. If anyone knows why, please tell me. Same goes for getting it to work on OpenBSD, which doesn't deliver the packets to my AF_INET6/SOCK_RAW socket. In short: the argument to -s must match what Linux actually puts out as source, since I don't seem to have control over that. (at least not without going more raw). But if you just want a connect() portscanner there are others. But I do believe that mine is the only halfscan (synscan or whatever you want to call it). - --------- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "thomas@habets.pp.se" }; char kernel[] = { "Linux 2.4" }; char *pgpKey[] = { "http://darkface.pp.se/~thompa/pubkey.txt" }; char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE86RcbKGrpCq1I6FQRAjCbAKD9F9z4175KXxDluY+KTWfHbM6cIACeOyCB IPln8sdTtisQrfVP+AsO0QM= =LxZ4 -----END PGP SIGNATURE----- From rocheml@httrack.com Mon May 20 19:13:51 2002 From: rocheml@httrack.com (Xavier Roche) Date: Mon, 20 May 2002 20:13:51 +0200 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <87it5izsar.fsf@snark.piermont.com> References: <200205201435.g4KEZ1i04991@boreas.isi.edu> <200205201435.g4KEZ1i04991@boreas.isi.edu> Message-ID: <5.1.0.14.0.20020520201056.03c9b518@www> >>With respect, Bill, I disagree. It is likely that only one would >>survive because of the complexity of dealing with both, and it appears >>at this point the survivor will be AAAA. A6 looked pretty useful for local configuration.. A6 could be kept as internal DNS entries, that is, allowing to reconfigure local dns zones without having to rewrite everything, but "hidden" from the outside world. From tjc@ecs.soton.ac.uk Mon May 20 22:44:27 2002 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Mon, 20 May 2002 22:44:27 +0100 (BST) Subject: [6bone] IPv6 port scanners? In-Reply-To: Message-ID: You really want to scan an IPv6 /64 subnet? :-) Tim On Mon, 20 May 2002, Michael Kjorling wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On May 19 2002 12:57 -0400, Paul Timmins wrote: > > > I'm looking for an IPv6 portscanner, preferrably for UNIX, to audit my > > network for unnecessary services. > > I'd prefer something like NMAP that can scan a block of IP addresses, > > but one that can scan just one at a time works fine for me too. > > Any suggestions? > > -Paul > > A fairly quick Google search turned up a page on Freshmeat listing > halfscan6, "An IPv6 port scanner." > > See http://freshmeat.net/projects/halfscan6/ > > Disclaimer: I have not tried it myself, and have no idea about its > quality! > > > Michael Kjörling > > - -- > Michael Kjörling -- Programmer/Network administrator ^..^ > Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ > PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e > > ``And indeed people sometimes speak of man's "bestial" cruelty, but > this is very unfair and insulting to the beasts: a beast can never be > so cruel as a man, so ingeniously, so artistically cruel.'' > (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: Public key is at http://michael.kjorling.com/contact/pgp.html > > iD8DBQE86OLaKqN7/Ypw4z4RAtPvAKCinkH/8RlLp5SGSPRwJFAbcOieEQCeMF8o > PozORcOM95h0C0645FRZlsk= > =/eXz > -----END PGP SIGNATURE----- > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From bmanning@ISI.EDU Tue May 21 00:09:07 2002 From: bmanning@ISI.EDU (Bill Manning) Date: Mon, 20 May 2002 16:09:07 -0700 (PDT) Subject: [6bone] IPv6 port scanners? In-Reply-To: from Tim Chown at "May 20, 2 10:44:27 pm" Message-ID: <200205202309.g4KN97m03186@boreas.isi.edu> naw... I want to scan a /32 -- --bill From thomas@habets.pp.se Tue May 21 02:14:24 2002 From: thomas@habets.pp.se (Thomas Habets) Date: Tue, 21 May 2002 03:14:24 +0200 Subject: [6bone] IPv6 port scanners? In-Reply-To: <200205202309.g4KN97m03186@boreas.isi.edu> References: <200205202309.g4KN97m03186@boreas.isi.edu> Message-ID: <200205210115.g4L1F2IL010335@akilles.darkface.pp.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 21 May 2002 01:09, Bill Manning wrote: > naw... I want to scan a /32 Why not just scan the whole IPv6 address space? Also, do a traceroute to every address and sell it! See you in time for IPv2^32. :-) - --------- typedef struct me_s { char name[] = { "Thomas Habets" }; char email[] = { "thomas@habets.pp.se" }; char kernel[] = { "Linux 2.4" }; char *pgpKey[] = { "http://darkface.pp.se/~thompa/pubkey.txt" }; char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; } me_t; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE86Z99KGrpCq1I6FQRAjoXAJ9Bf7Ma77S5KueP3TB1ct31OpJuaACeJW+X PuoMmgcqVOZYy2/1VRoaNDI= =Zd/g -----END PGP SIGNATURE----- From kre@munnari.OZ.AU Tue May 21 02:33:26 2002 From: kre@munnari.OZ.AU (Robert Elz) Date: Tue, 21 May 2002 08:33:26 +0700 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <20213.1021902006@itojun.org> References: <20213.1021902006@itojun.org> Message-ID: <5070.1021944806@munnari.OZ.AU> Date: Mon, 20 May 2002 22:40:06 +0900 From: itojun@iijlab.net Message-ID: <20213.1021902006@itojun.org> | AAAA is the final standard. | draft-ietf-dnsext-ipv6-addresses-01.txt That's just a draft RFC, someone's opinion, currently not accepted by anything. It doesn't even have working group consensus, let alone IETF. (Which isn't to say that A6 has WG consensus either, of course). kre From rocheml@httrack.com Tue May 21 06:37:58 2002 From: rocheml@httrack.com (Xavier Roche) Date: Tue, 21 May 2002 07:37:58 +0200 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <5070.1021944806@munnari.OZ.AU> References: <20213.1021902006@itojun.org> <20213.1021902006@itojun.org> Message-ID: <5.1.0.14.0.20020521073459.03cad138@www> >>That's just a draft RFC, someone's opinion, currently not accepted >>by anything. It doesn't even have working group consensus, let alone IETF. >>(Which isn't to say that A6 has WG consensus either, of course). Any chance for this document to become more 'official' (with big quotes) ? AAAA/A6 confusion is really a nuisance, and is slowing down a little more many v6 migrations From pim@ipng.nl Tue May 21 06:43:19 2002 From: pim@ipng.nl (Pim van Pelt) Date: Tue, 21 May 2002 07:43:19 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <2B81403386729140A3A899A8B39B046405E076@server2000.arneill-py.sacramento.ca.us> References: <2B81403386729140A3A899A8B39B046405E076@server2000.arneill-py.sacramento.ca.us> Message-ID: <20020521054319.GA27295@bfib.colo.bit.nl> | > Nicolas DEFFAYET wrote | > A exemple: http://whois.6bone.net/cgi-bin/whois?NDSOFTWARE | | Nicolas is an ISP. If you got /48s it probably means you are not, here | is an example that might be closer to your needs: Nicolas is an inmensly irritating clueless kiddie, because he blatantly refuses to remove his AS65526 number from the registries and to be even worse, he uses this on the 6bone, because he cannot get his hands on a real ASN (because he does not have a LIR relationship with a RIR). www.ndsoftwarenet.net (mind ND - Nicolas Defayet), does not have content and there is no company behind FastNET XP, it's just some (Windows running?) children being a total ass on the Internet. Nicolas, did you know that people were even complaining about your destructive IPv6 efforts at RIPE42 :-) ? Just to put things in proper perspective. pompompom, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From pim@ipng.nl Tue May 21 06:45:41 2002 From: pim@ipng.nl (Pim van Pelt) Date: Tue, 21 May 2002 07:45:41 +0200 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: References: <5.1.0.14.0.20020520143041.00a14540@wheresmymailserver.com> Message-ID: <20020521054541.GB27295@bfib.colo.bit.nl> On Mon, May 20, 2002 at 05:15:48PM +0300, Pekka Savola wrote: | On Mon, 20 May 2002, Xavier Roche wrote: | > rfc #2874 seem to suggest that AAAA records will "soon" disappear ; is | > the A6 record format the definitive one? If the 2874 considered as | > 'final' standard? | | Short answer: forget about A6 altogether. haha :) The cool thing about Pekka is, that his mails on 'drop it ' come in after others explained about it, I remember mine coming in as first response half a year ago and that started quite a thread. Drop A6/DNAME. They belong in Hell. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From nicolas.deffayet-extml@ndsoftwaregroup.com Tue May 21 11:32:02 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Tue, 21 May 2002 12:32:02 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <20020521054319.GA27295@bfib.colo.bit.nl> Message-ID: <004601c200b2$c00e8170$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: Pim van Pelt [mailto:pim@ipng.nl] > Sent: Tuesday, May 21, 2002 7:43 AM > To: Michel Py > Cc: Nicolas DEFFAYET; Jim Martin; 6bone@ISI.EDU > Subject: Re: [6bone] 6Bone registry entries when multihomed? I don't like reply to a troll, but i reply for many reasons. > | > Nicolas DEFFAYET wrote > | > A exemple: http://whois.6bone.net/cgi-bin/whois?NDSOFTWARE > | > | Nicolas is an ISP. If you got /48s it probably means you > are not, here > | is an example that might be closer to your needs: > ISP is not a good word for that. I prefer call it project. > Nicolas is an inmensly irritating clueless kiddie, because he > blatantly refuses to remove his AS65526 number from the > registries and to be even worse, he uses this on the 6bone, > because he cannot get his hands on a real ASN (because he > does not have a LIR relationship with a RIR). Where is problem of use a private ASN number when you notify the peer and you add a community no-export to your route ? If ISP don't want that i send my route i don't send route and/or the ISP can filter my route. I'm running with this configuration since 1 year, and no problem reported. I'm ***NOT*** the only people who use private ASN on 6bone. I plain to get a public ASN and be a LIR, but before i need to create a real IPv4 network because you can't justify a ASN with 2 IPv6 peering (native of course). Create a IPv4 network can't be do in a week (except if you have a lot of money for this). If RIPE accept to allocate me a public ASN now, i accept of course :) I recall that 6bone is for test. I don't remove my AS for your pleasure. A lot of users/other projects use the services of my projet. You want a list of projects who use my services ? Another question that you have forgot: why i have a lot of peer ? Because with a community no-export you need directly peer for that the ISP can have your route (if the ISP accept it). Why you are jealous of my projet ? > www.ndsoftwarenet.net (mind ND - Nicolas Defayet), does not have content and there is no >company behind FastNET XP, it's just some (Windows >running?) children being a total ass on the Internet. My name is with 2 f: DEFFAYET. You criticism people and you can't write correctly my name ? Yes www.ndsoftware.net is not ready (need to finish the developpement of backend), if you want help us, don't hesitate :) FastNetXP is just a name of project beetween friend, not a real company. But i have stop to use FastNetXP because many problem with the name FastNetXP (a trademark FastNet exist [...]) I'm not running Windows (except for a workstation, for many reason). On my webserver you can see: Apache/2.0.36 (Unix) mod_ssl/2.0.36 OpenSSL/0.9.6d PHP/4.2.0 I'm not a children. Just a question, are you intelligent ? Because with this mail you make a fool of oneself. >Nicolas, did you know that people were even complaining about your destructive IPv6 >efforts at RIPE42 :-) ? Just to put things in proper perspective. 6bone and RIPE is not the same. I work on 6bone, not with the RIPE. Best Regards, Nicolas DEFFAYET From chuck+6bone@snew.com Tue May 21 13:00:16 2002 From: chuck+6bone@snew.com (Chuck Yerkes) Date: Tue, 21 May 2002 05:00:16 -0700 Subject: [6bone] Re: Internal Address Space In-Reply-To: <200205030939.22293.dnewman@maraudingpirates.org>; from dnewman@maraudingpirates.org on Fri, May 03, 2002 at 09:39:22AM -0400 References: <200205030939.22293.dnewman@maraudingpirates.org> Message-ID: <20020521050016.A27912@snew.com> Quoting David F. Newman (dnewman@maraudingpirates.org): > Hi there, > In the old IPv4 days sites would use private address space inside a firewall > for either address conservation or just plain old security through obscurity. In the old days, we'd use our real IPv4 addresses and that would route across the Internet. We eventually put up firewalls, and screening routers (or screend). As we ran out of IPv4 (they will all be gone by 1998 or so :), rfc1918 came along a bit after the concept of NAT - network address translation. Many lesser admins believe NAT to be actual firewalling (it's neat the probes that still work with an established bit set). > Now that a site can get a /48 to do with as they please is it necessary to use > private IP space anymore. I am wondering if people out there use public > routable IPs on both sides of their firewall. I figure if a node is behind a > firewall it is ok to have a valid IP, but I could be wrong. Now that I have 65k Internets of address that will route (nobody will route my class C anymore), I use actual addresses on the machines that will take them. I run firewalling software on my gateways somewhat. I also make sure that the machines on my network are hardened. There is no "soft chewy center" if you get past the firewall. From oliver.michael@gargantuan.com Tue May 21 14:04:01 2002 From: oliver.michael@gargantuan.com (Michael W. Oliver) Date: Tue, 21 May 2002 09:04:01 -0400 Subject: [6bone] AAAA and A6 recent status? Message-ID: Folks, Is there any negative effect of using both A6 and AAAA records? Most of the hosts on my small network are dual-stack, and I have configured BIND with A6, AAAA, and A records for each of them. Is this bad practice in anyone's opinion? Thanks in advance for your insight. Regards, Michael Oliver -----Original Message----- From: Xavier Roche [mailto:rocheml@httrack.com] Sent: Tuesday, May 21, 2002 1:38 AM To: 6bone@ISI.EDU Subject: Re: [6bone] AAAA and A6 recent status? >>That's just a draft RFC, someone's opinion, currently not accepted >>by anything. It doesn't even have working group consensus, let alone IETF. >>(Which isn't to say that A6 has WG consensus either, of course). Any chance for this document to become more 'official' (with big quotes) ? AAAA/A6 confusion is really a nuisance, and is slowing down a little more many v6 migrations _______________________________________________ 6bone mailing list 6bone@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/6bone From bmanning@ISI.EDU Tue May 21 14:27:46 2002 From: bmanning@ISI.EDU (Bill Manning) Date: Tue, 21 May 2002 06:27:46 -0700 (PDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: from "Michael W. Oliver" at "May 21, 2 09:04:01 am" Message-ID: <200205211327.g4LDRkm14245@boreas.isi.edu> % Folks, % % Is there any negative effect of using both A6 and AAAA records? Most of % the hosts on my small network are dual-stack, and I have configured BIND % with A6, AAAA, and A records for each of them. Is this bad practice in % anyone's opinion? % % Thanks in advance for your insight. % % Regards, % % Michael Oliver I use both A6 and AAAA on most nodes. Some only have A6 records. Some of those are chained. You can even find a DNAME or two... So I guess that, according to some, I'm in "Hell". :) --bill From sdegler@degler.net Tue May 21 14:40:27 2002 From: sdegler@degler.net (Stephen Degler) Date: Tue, 21 May 2002 09:40:27 -0400 Subject: [6bone] Re: Internal Address Space In-Reply-To: <20020521050016.A27912@snew.com>; from chuck+6bone@snew.com on Tue, May 21, 2002 at 05:00:16AM -0700 References: <200205030939.22293.dnewman@maraudingpirates.org> <20020521050016.A27912@snew.com> Message-ID: <20020521094027.B20244@crusoe.degler.net> Hi, Given the immediate future will continue to be Windows Impaired as well, its completely possible (and unfortunately, necessary) to establish a "soft chewy center" model with routeable addresses on the inside. Stateful firewalls are your friend. skd On Tue, May 21, 2002 at 05:00:16AM -0700, Chuck Yerkes wrote: > Quoting David F. Newman (dnewman@maraudingpirates.org): > > Hi there, > > In the old IPv4 days sites would use private address space inside a firewall > > for either address conservation or just plain old security through obscurity. > In the old days, we'd use our real IPv4 addresses and that would > route across the Internet. We eventually put up firewalls, and > screening routers (or screend). As we ran out of IPv4 (they will > all be gone by 1998 or so :), rfc1918 came along a bit after the > concept of NAT - network address translation. > > Many lesser admins believe NAT to be actual firewalling (it's > neat the probes that still work with an established bit set). > > > Now that a site can get a /48 to do with as they please is it necessary to use > > private IP space anymore. I am wondering if people out there use public > > routable IPs on both sides of their firewall. I figure if a node is behind a > > firewall it is ok to have a valid IP, but I could be wrong. > > Now that I have 65k Internets of address that will route (nobody > will route my class C anymore), I use actual addresses on the > machines that will take them. I run firewalling software on my > gateways somewhat. I also make sure that the machines on my network > are hardened. There is no "soft chewy center" if you get past the > firewall. > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From michael@kjorling.com Tue May 21 14:46:10 2002 From: michael@kjorling.com (Michael Kjorling) Date: Tue, 21 May 2002 15:46:10 +0200 (CDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 21 2002 09:04 -0400, Michael W. Oliver wrote: > Folks, > > Is there any negative effect of using both A6 and AAAA records? Most of > the hosts on my small network are dual-stack, and I have configured BIND > with A6, AAAA, and A records for each of them. Is this bad practice in > anyone's opinion? > > Thanks in advance for your insight. > > Regards, > > Michael Oliver All your slave servers have to at least be able to serve A6 RRs. Actually I think the real problem is not the A6 forward records (they can be dealt with) but bitlabels. Just as the I-D points out, queries containing bitlabels can quite easily be rejected as malformed. Not a good thing. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE86k+nKqN7/Ypw4z4RAqSbAKDkMY+XCJuJCh8IjwqXDwUH1JEpMwCgyXyI gjtK5BWzHK+4zszBUAm+byw= =hh7X -----END PGP SIGNATURE----- From fink@es.net Tue May 21 14:51:10 2002 From: fink@es.net (Bob Fink) Date: Tue, 21 May 2002 06:51:10 -0700 Subject: [6bone] 6bone pTLA 3FFE:4009::/32 allocated to VERAT Message-ID: <5.1.0.14.0.20020521064954.02989c98@imap2.es.net> VERAT has been allocated pTLA 3FFE:4009::/32 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] Thanks, Bob From michael@kjorling.com Tue May 21 15:01:12 2002 From: michael@kjorling.com (Michael Kjorling) Date: Tue, 21 May 2002 16:01:12 +0200 (CDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: <200205211327.g4LDRkm14245@boreas.isi.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 21 2002 06:27 -0700, Bill Manning wrote: > I use both A6 and AAAA on most nodes. Some only have A6 records. > Some of those are chained. You can even find a DNAME or two... > So I guess that, according to some, I'm in "Hell". :) > > --bill Well, if you want to scan an IPv6 /32... :-) I personally use only AAAAs. Can't say I have devoted to IPv6-only but I do get an occasional hit over IPv6 on my servers. The reason for this is that I am unsure if one of the slave DNS servers can handle A6 records, let alone chains. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE86lMrKqN7/Ypw4z4RAhcGAKDujRN8Sfb4SJhfGE/gdG7OhrRiIACg9Jd2 rbhUBSd5eSIAjAG0EZer8uM= =RlK7 -----END PGP SIGNATURE----- From sdegler@degler.net Tue May 21 15:08:32 2002 From: sdegler@degler.net (Stephen Degler) Date: Tue, 21 May 2002 10:08:32 -0400 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: ; from oliver.michael@gargantuan.com on Tue, May 21, 2002 at 09:04:01AM -0400 References: Message-ID: <20020521100832.C20244@crusoe.degler.net> Hi, If you are running DNS via bind 9.2 or newer you can instruct bind to convert the A6's to AAAA's on the fly "options allow-v6-synthesis". On the other hand. If you aren't specifically testing or using features available with A6 and DNAME (renumbering and the new style reverse mappings) Its unlikely that you have any clients that will make use of them. skd On Tue, May 21, 2002 at 09:04:01AM -0400, Michael W. Oliver wrote: > Folks, > > Is there any negative effect of using both A6 and AAAA records? Most of > the hosts on my small network are dual-stack, and I have configured BIND > with A6, AAAA, and A records for each of them. Is this bad practice in > anyone's opinion? > > Thanks in advance for your insight. > > Regards, > > Michael Oliver > > > > > -----Original Message----- > From: Xavier Roche [mailto:rocheml@httrack.com] > Sent: Tuesday, May 21, 2002 1:38 AM > To: 6bone@ISI.EDU > Subject: Re: [6bone] AAAA and A6 recent status? > > > > >>That's just a draft RFC, someone's opinion, currently not accepted > >>by anything. It doesn't even have working group consensus, let alone > IETF. > >>(Which isn't to say that A6 has WG consensus either, of course). > > Any chance for this document to become more 'official' (with big quotes) > ? AAAA/A6 confusion is really a nuisance, and is slowing down a little > more many v6 migrations > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From todd@fries.net Tue May 21 15:15:07 2002 From: todd@fries.net (Todd T. Fries) Date: Tue, 21 May 2002 09:15:07 -0500 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: References: Message-ID: <20020521141507.GC32690@fries.net> Just beware that anything but recent dns servers cannot secondary domains that use A6 or DNAME records. Personally, I've used m4 to generate my dns zone for fries.net, and have two 'versions'... one with and one without DNAME's and A6's .. I've not used the A6/DNAME version in a while, I just hope future bind's try to lookup AAAA by default instead of A6 (you can do 'host -n 3ffe:..' but that is not default behavior) .. I do not believe any of my secondaries outside my local network can transfer zones containing A6/DNAME records, so I can setup two views, one for older slave servers, and one for 'the rest of the world' .. not that I am right now, but I certainly could if need be. Just thought I'd share my headaches with regards to A6 .. -- Todd Fries .. todd@fries.net (last updated $ToddFries: signature.p,v 1.2 2002/03/19 15:10:18 todd Exp $) Penned by Michael W. Oliver on Tue, May 21, 2002 at 09:04:01AM -0400, we have: | Folks, | | Is there any negative effect of using both A6 and AAAA records? Most of | the hosts on my small network are dual-stack, and I have configured BIND | with A6, AAAA, and A records for each of them. Is this bad practice in | anyone's opinion? | | Thanks in advance for your insight. | | Regards, | | Michael Oliver | | | | | -----Original Message----- | From: Xavier Roche [mailto:rocheml@httrack.com] | Sent: Tuesday, May 21, 2002 1:38 AM | To: 6bone@ISI.EDU | Subject: Re: [6bone] AAAA and A6 recent status? | | | | >>That's just a draft RFC, someone's opinion, currently not accepted | >>by anything. It doesn't even have working group consensus, let alone | IETF. | >>(Which isn't to say that A6 has WG consensus either, of course). | | Any chance for this document to become more 'official' (with big quotes) | ? AAAA/A6 confusion is really a nuisance, and is slowing down a little | more many v6 migrations | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From michel@arneill-py.sacramento.ca.us Tue May 21 15:31:48 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 07:31:48 -0700 Subject: [6bone] Re: Internal Address Space Message-ID: <2B81403386729140A3A899A8B39B046405E07E@server2000.arneill-py.sacramento.ca.us> > Stephen Degler wrote: > Given the immediate future will continue to be Windows Impaired > as well, its completely possible (and unfortunately, necessary) > to establish a "soft chewy center" model with routeable addresses > on the inside. Stateful firewalls are your friend. Stateful firewalls are not good as they used to be. There are various mechanisms that allow to bypass them these days and it's not getting better. I would not be surprised to see an IE plugin to circumvent firewalls soon. The best way to secure a host is to use a link-local or site-local only address and go to a proxy (yuck). Michel. From michel@arneill-py.sacramento.ca.us Tue May 21 15:44:41 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 07:44:41 -0700 Subject: [6bone] 6Bone registry entries when multihomed? Message-ID: <2B81403386729140A3A899A8B39B046405E07F@server2000.arneill-py.sacramento.ca.us> > Pim van Pelt wrote. > because he blatantly refuses to remove his AS65526 number from > the registries and to be even worse, he uses this on the 6bone, > because he cannot get his hands on a real ASN (because he > does not have a LIR relationship with a RIR). There is nothing wrong in using a private ASN on the 6bone. pTLAs accept it, and it is not a long-term solution but allows people to get started. This is exactly what the 6bone is for: experiments and staging. Michel. From sdegler@degler.net Tue May 21 15:50:36 2002 From: sdegler@degler.net (Stephen Degler) Date: Tue, 21 May 2002 10:50:36 -0400 Subject: [6bone] Re: Internal Address Space In-Reply-To: <2B81403386729140A3A899A8B39B046405E07E@server2000.arneill-py.sacramento.ca.us>; from michel@arneill-py.sacramento.ca.us on Tue, May 21, 2002 at 07:31:48AM -0700 References: <2B81403386729140A3A899A8B39B046405E07E@server2000.arneill-py.sacramento.ca.us> Message-ID: <20020521105036.D20244@crusoe.degler.net> Hi, Please be more specific. I believe that there are flaws in the implementations of statefull firewalls as there all in all things, but it is my impression that they are relatively secure from the design perspective. How exactly would this IE plugin work? skd On Tue, May 21, 2002 at 07:31:48AM -0700, Michel Py wrote: > > Stephen Degler wrote: > > Given the immediate future will continue to be Windows Impaired > > as well, its completely possible (and unfortunately, necessary) > > to establish a "soft chewy center" model with routeable addresses > > on the inside. Stateful firewalls are your friend. > > Stateful firewalls are not good as they used to be. There are various > mechanisms that allow to bypass them these days and it's not getting > better. I would not be surprised to see an IE plugin to circumvent > firewalls soon. The best way to secure a host is to use a link-local or > site-local only address and go to a proxy (yuck). > > Michel. From michel@arneill-py.sacramento.ca.us Tue May 21 16:05:33 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 08:05:33 -0700 Subject: [6bone] Re: Internal Address Space Message-ID: <2B81403386729140A3A899A8B39B046405E081@server2000.arneill-py.sacramento.ca.us> Stephen, > Stephen Degler wrote: > Please be more specific. I believe that there are flaws in the > implementations of statefull firewalls as there all in all things, > but it is my impression that they are relatively secure from the > design perspective. > How exactly would this IE plugin work? By initiating the traffic from the inside at both hosts, which opens a temporary hole in the firewall to allow return traffic. A good example of that kind of trick is Morpheus: People can pull mp3s from your RFC 1918 host crossing NAT and crossing a stateful firewall _without_ having to punch a hole in the firewall and without static NAT configuration. I think that teredo also allows to do the same. All these mechanisms are based in contacting an agent outside; if that agent is listening on port 80 there is not much you can do to prevent your host talking to it. Michel. From itojun@iijlab.net Tue May 21 16:09:00 2002 From: itojun@iijlab.net (itojun@iijlab.net) Date: Wed, 22 May 2002 00:09:00 +0900 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: michel's message of Tue, 21 May 2002 07:44:41 MST. <2B81403386729140A3A899A8B39B046405E07F@server2000.arneill-py.sacramento.ca.us> Message-ID: <1648.1021993740@itojun.org> >There is nothing wrong in using a private ASN on the 6bone. pTLAs accept >it, and it is not a long-term solution but allows people to get started. >This is exactly what the 6bone is for: experiments and staging. why would you advertise private ASN onto the 6bone whois? they should be used locally within certain pTLAs, not globally. also do not forget that 6bone is interconnected with worldwide IPv6 network (including commercially-operated network), and there's no well-defined boundary. therefore, my recommendation is: - to remove/forbid private ASN from 6bone whois. - do not advertise private ASNs beyond pTLA/sTLA boundary itojun From todd@fries.net Tue May 21 16:05:26 2002 From: todd@fries.net (Todd T. Fries) Date: Tue, 21 May 2002 10:05:26 -0500 Subject: [6bone] AAAA and A6 recent status? In-Reply-To: References: Message-ID: <20020521150526.GD32690@fries.net> A6 and/or DNAME both cause 'unknown record type' style errors with bind4, and older bind8 (newer bind8 can deal with A6 and/or DNAME) .. The problem stems from the fact that prior to current bind8/bind9 .. there was hardcoded a list of valid RR types in the dns servers. A6 and DNAME both add a new 'type' that is unknown, therefore invalid to older dns servers. -- Todd Fries .. todd@fries.net (last updated $ToddFries: signature.p,v 1.2 2002/03/19 15:10:18 todd Exp $) Penned by Michael Kjorling on Tue, May 21, 2002 at 03:46:10PM +0200, we have: | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | On May 21 2002 09:04 -0400, Michael W. Oliver wrote: | | > Folks, | > | > Is there any negative effect of using both A6 and AAAA records? Most of | > the hosts on my small network are dual-stack, and I have configured BIND | > with A6, AAAA, and A records for each of them. Is this bad practice in | > anyone's opinion? | > | > Thanks in advance for your insight. | > | > Regards, | > | > Michael Oliver | | All your slave servers have to at least be able to serve A6 RRs. | | Actually I think the real problem is not the A6 forward records (they | can be dealt with) but bitlabels. Just as the I-D points out, queries | containing bitlabels can quite easily be rejected as malformed. Not a | good thing. | | | Michael Kjörling | | - -- | Michael Kjörling -- Programmer/Network administrator ^..^ | Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ | PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e | | ``And indeed people sometimes speak of man's "bestial" cruelty, but | this is very unfair and insulting to the beasts: a beast can never be | so cruel as a man, so ingeniously, so artistically cruel.'' | (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') | -----BEGIN PGP SIGNATURE----- | Version: GnuPG v1.0.7 (GNU/Linux) | Comment: Public key is at http://michael.kjorling.com/contact/pgp.html | | iD8DBQE86k+nKqN7/Ypw4z4RAqSbAKDkMY+XCJuJCh8IjwqXDwUH1JEpMwCgyXyI | gjtK5BWzHK+4zszBUAm+byw= | =hh7X | -----END PGP SIGNATURE----- | | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From michel@arneill-py.sacramento.ca.us Tue May 21 16:17:38 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 08:17:38 -0700 Subject: [6bone] 6Bone registry entries when multihomed? Message-ID: <2B81403386729140A3A899A8B39B046405E082@server2000.arneill-py.sacramento.ca.us> > Itojun wrote: > they should be used locally within certain pTLAs, not globally. > also do not forget that 6bone is interconnected with worldwide > IPv6 network (including commercially-operated network), and > there's no well-defined boundary. therefore, my recommendation > is: > - do not advertise private ASNs beyond pTLA/sTLA boundary I completely agree with the above. > why would you advertise private ASN onto the 6bone whois? > - to remove/forbid private ASN from 6bone whois. Why not having accurate information in the 6bone database? We are not talking about a xTLA peering with a private ASN, but about a site peering with a xTLA that can use remove-private-as. Michel. From randy@psg.com Tue May 21 16:26:33 2002 From: randy@psg.com (Randy Bush) Date: Tue, 21 May 2002 08:26:33 -0700 Subject: [6bone] AAAA and A6 recent status? References: <20020521150526.GD32690@fries.net> Message-ID: a6, dname, and bitstring labels are dog meat. folk should spend their time on useful work. randy From sdegler@degler.net Tue May 21 16:37:39 2002 From: sdegler@degler.net (Stephen Degler) Date: Tue, 21 May 2002 11:37:39 -0400 Subject: [6bone] Re: Internal Address Space In-Reply-To: <2B81403386729140A3A899A8B39B046405E081@server2000.arneill-py.sacramento.ca.us>; from michel@arneill-py.sacramento.ca.us on Tue, May 21, 2002 at 08:05:33AM -0700 References: <2B81403386729140A3A899A8B39B046405E081@server2000.arneill-py.sacramento.ca.us> Message-ID: <20020521113739.E20244@crusoe.degler.net> Ok, Private addresses and a proxy won't help you against these methods either, as long as http connect methods are permitted by the proxies. Like you said, The p-to-p world utilizes these techniques already. So a statefull firewall is still protects against external attacks. If one can convince software or a user to execute malicious code, all bets are off. Being addressable doesn't alter the status quo. skd On Tue, May 21, 2002 at 08:05:33AM -0700, Michel Py wrote: > Stephen, > > > Stephen Degler wrote: > > Please be more specific. I believe that there are flaws in the > > implementations of statefull firewalls as there all in all things, > > but it is my impression that they are relatively secure from the > > design perspective. > > How exactly would this IE plugin work? > > By initiating the traffic from the inside at both hosts, which opens a > temporary hole in the firewall to allow return traffic. A good example > of that kind of trick is Morpheus: People can pull mp3s from your RFC > 1918 host crossing NAT and crossing a stateful firewall _without_ having > to punch a hole in the firewall and without static NAT configuration. I > think that teredo also allows to do the same. All these mechanisms are > based in contacting an agent outside; if that agent is listening on port > 80 there is not much you can do to prevent your host talking to it. > > Michel. From jeroen@unfix.org Tue May 21 16:56:32 2002 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 21 May 2002 17:56:32 +0200 Subject: [6bone] Re: Internal Address Space In-Reply-To: <2B81403386729140A3A899A8B39B046405E081@server2000.arneill-py.sacramento.ca.us> Message-ID: <003601c200e0$157d4240$420d640a@unfix.org> Michel Py wrote: > By initiating the traffic from the inside at both hosts, which opens a > temporary hole in the firewall to allow return traffic. A good example > of that kind of trick is Morpheus: People can pull mp3s from your RFC > 1918 host crossing NAT and crossing a stateful firewall _without_ having > to punch a hole in the firewall and without static NAT configuration. I > think that teredo also allows to do the same. All these mechanisms are > based in contacting an agent outside; if that agent is listening on port > 80 there is not much you can do to prevent your host talking to it. As long as one has a bit of clue and has "data" going from the inside to the outside you can do anything you want. Unless you got a team of sniffing admins who destroy anything that even looks suspicious. Just think: IP over Email, IP over HTTP etc. If you want to have a secure network you'll need to fully trust your local users and ofcourse the software they use. Effectively that's a nogo everywhere you go. Greets, Jeroen BTW: Just in case someone claimes "But I can check all my OpenSource software for backdoors": Start reading _and_ understanding for instance the linux kernel, Mozilla, KDE, etc... and we'll hear back from you in a couple of years. It's all about trust, but do you trust your glass of milk ? :) From michael@kjorling.com Tue May 21 16:58:55 2002 From: michael@kjorling.com (Michael Kjorling) Date: Tue, 21 May 2002 17:58:55 +0200 (CDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 21 2002 08:26 -0700, Randy Bush wrote: > a6, dname, and bitstring labels are dog meat. folk should spend > their time on useful work. > > randy And if you pardon my question, what do you consider to be "useful work"? I believe that working toward an actual standard with regards to IPv6 forward and reverse mapping is a good thing, instead of having the current situation with two different standards and ad-hoc solutions to "interconnect" them. Both the AAAA and A6 record types have advantages as well as disadvantages. Unfortunately I don't think there is any simple solution, especially not to combine AAAA's speed with the ease of renumbering brought forth by A6. If I had a good idea I would have submitted an I-D long ago. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE86m7DKqN7/Ypw4z4RAhHvAKCDLvm581yw9mXJWiQgvMFuxKIduwCdENY5 OpjTTwNhOO2kJ2fPHmkGxYE= =l/g8 -----END PGP SIGNATURE----- From michel@arneill-py.sacramento.ca.us Tue May 21 17:09:34 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 09:09:34 -0700 Subject: [6bone] Re: Internal Address Space Message-ID: <2B81403386729140A3A899A8B39B046405E083@server2000.arneill-py.sacramento.ca.us> > Stephen Degler wrote: > Private addresses and a proxy won't help you against these methods > either, as long as http connect methods are permitted by the proxies. Correct, but they do make the hacker's task a little more difficult as the malicious code has to figure out the proxy settings and encapsulate its own stuff into http requests. Security is not a single thing, and the more obstacles you put in the hacker's way the more secure you are. A good setup is a combination of multiple methods including but not limited to stateful firewalls. I have seen generic mechanisms to bypass stateful firewalls, I have not seen any to go trough proxies yet. Michel. From bmanning@ISI.EDU Tue May 21 17:17:03 2002 From: bmanning@ISI.EDU (Bill Manning) Date: Tue, 21 May 2002 09:17:03 -0700 (PDT) Subject: [6bone] AAAA and A6 recent status? In-Reply-To: from Randy Bush at "May 21, 2 08:26:33 am" Message-ID: <200205211617.g4LGH3601174@boreas.isi.edu> % a6, dname, and bitstring labels are dog meat. folk should spend % their time on useful work. % % randy % _______________________________________________ ...dog meat? perhaps insofar as "the dog ate my homework". they are products of the IETF and, as far as I can tell, are still floating around the IESG pool as RFCs. If you feel so strongly about excising them, please use your considerable influence and postition in the IESG/IAB to move them to historic status and then remove support for them from the reference implementation. And even -IF- you are able to pull this off, your insinuation that a6,dname,bitstring work did not represent "useful work" is flawed on at least a couple of counts: ) it is useful to know what does not work ) it is useful to know why things don't work --bill From Namal@datavox.net Tue May 21 17:43:58 2002 From: Namal@datavox.net (RS Namal) Date: Tue, 21 May 2002 11:43:58 -0500 Subject: [6bone] unsubscribe Message-ID: <8E8A6F537294EA4481D8821DCB2F22B75553@mail.DATAVOXin.net> This is a multi-part message in MIME format. ------_=_NextPart_001_01C200E6.B428EDD6 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Can somebody help me to unsubscribe from 6bone? I am trying various ways, but yet unsuccessful. =20 ------_=_NextPart_001_01C200E6.B428EDD6 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Can somebody help me to unsubscribe from 6bone? I am = trying various ways, but yet unsuccessful.

 

=00 ------_=_NextPart_001_01C200E6.B428EDD6-- From nicolas.deffayet-extml@ndsoftwaregroup.com Tue May 21 17:43:31 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Tue, 21 May 2002 18:43:31 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <1648.1021993740@itojun.org> Message-ID: <008201c200e6$a4599e90$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of itojun@iijlab.net > Sent: Tuesday, May 21, 2002 5:09 PM > To: Michel Py > Cc: 6bone@ISI.EDU > Subject: Re: [6bone] 6Bone registry entries when multihomed? > > > > why would you advertise private ASN onto the 6bone > whois? they should > be used locally within certain pTLAs, not globally. > also do not forget that 6bone is interconnected with > worldwide IPv6 > network (including commercially-operated network), and > there's no > well-defined boundary. therefore, my recommendation is: > - to remove/forbid private ASN from 6bone whois. > - do not advertise private ASNs beyond pTLA/sTLA boundary I'm not agree with you. A ipv6-site who use a private ASN can peer with many pTLA/sTLA, only 1 AS is used for all peers like a real pTLA/sTLA with a public ASN. I think, that it's can be a good idea to allow register private ASN (autnum object) in 6bone whois database because a same AS can't be used for 2 differents ipv6-site. If a private AS don't respect the routing rules (announce a block in global 6bone routing table), it's more easy to contact the person. When you have register your private ASN, it will be reserved for you, any other don't must use your ASN. In all case private ASN don't must be advertised in global 6bone routing table. Peering with private ASN must be considerate as private peering, all ISP who peer with private ASN must don't reannounces routes of private ASN. pTLA/sTLA -> private ASN = full or not transit pTLA/sTLA <- private ASN = only routes of private ASN (not transit) with community no-export (if pTLA/sTLA accept route with private ASN) private ASN <-> private ASN = full or not transit Production network don't advertise/receive all 6bone routes, but use only 3ffe::/16 for can be interconnected to the 6bone (you can see this in IPv6 BGP policy of a lof of production ISP). Why remove/forbid private ASN (ipv6-site ? because a aut-num can't be registered at this time) from 6bone whois ? 6bone whois is a test whois database. mnt-lower don't work and you can register what all you want like the RIPE test whois database. I hope be clear. Sorry if my english is not perfect, it's not my native language. Best Regards, Nicolas DEFFAYET From nicolas.deffayet-extml@ndsoftwaregroup.com Tue May 21 17:45:53 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Tue, 21 May 2002 18:45:53 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <2B81403386729140A3A899A8B39B046405E082@server2000.arneill-py.sacramento.ca.us> Message-ID: <008301c200e6$f8f1f600$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Michel Py > Sent: Tuesday, May 21, 2002 5:18 PM > To: itojun@iijlab.net > Cc: 6bone@ISI.EDU > Subject: RE: [6bone] 6Bone registry entries when multihomed? > > > why would you advertise private ASN onto the 6bone whois? > > - to remove/forbid private ASN from 6bone whois. > > Why not having accurate information in the 6bone database? We > are not talking about a xTLA peering with a private ASN, but > about a site peering with a xTLA that can use remove-private-as. > Warning, remove-private-as don't drop route with private ASN but only remove private ASN in AS path. For filtering private ASN, use: ip as-path access-list private-asn-in deny _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0 -9]|6553[0-5])_ Best Regards, Nicolas DEFFAYET From pim@ipng.nl Tue May 21 19:34:30 2002 From: pim@ipng.nl (Pim van Pelt) Date: Tue, 21 May 2002 20:34:30 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <2B81403386729140A3A899A8B39B046405E082@server2000.arneill-py.sacramento.ca.us> References: <2B81403386729140A3A899A8B39B046405E082@server2000.arneill-py.sacramento.ca.us> Message-ID: <20020521183430.GF16534@bfib.colo.bit.nl> On Tue, May 21, 2002 at 08:17:38AM -0700, Michel Py wrote: | > Itojun wrote: | > they should be used locally within certain pTLAs, not globally. | > also do not forget that 6bone is interconnected with worldwide | > IPv6 network (including commercially-operated network), and | > there's no well-defined boundary. therefore, my recommendation | > is: | > - do not advertise private ASNs beyond pTLA/sTLA boundary | | I completely agree with the above. | | > why would you advertise private ASN onto the 6bone whois? | > - to remove/forbid private ASN from 6bone whois. | | Why not having accurate information in the 6bone database? We are not | talking about a xTLA peering with a private ASN, but about a site | peering with a xTLA that can use remove-private-as. Can, but doesn't, as has been visible in the global routing tables for many months now. I normally don't engage in personal flames, but this has been on my chest for a looong time. I'm sure other members of the 6bone community will agree with me, so here goes (my 2 cents worth of rant). Deffayet claims 'RIPE wont give him an AS' but this is only logical as he does not operate an autonomous system, nor is he a LIR, rather two or three cablemodems at residential sites. He may (naturally) do what he pleases, however he has been asked by numerous people not to have his AS show up all around the place, but he simply blames his uplinks for not filtering them out. My opinion is that he is using private-as numbers to gain global visibility and not for any other purpose. I might as well filter off those pTLAs that are not well behaving then, or shall I go to the root of the problem ? AS65526 is giving transit to others, which is completely ludicrous. This shows up in the looking glass at AS8954: Network Path * 3ffe:82a0::/28 15589 12337 15671 65526 7521 i Now apparently AS15671 is non-well behaved (therefor the CC to their contact), and it is leaking this as-path into its peers. Looking at the prefixes that AS15671 announces regularly, Deffayet's aren't amongst them. This leads me to believe that Deffayet is not using a private AS number to establish a session with his uplinks (he has three), but simply to circumvent the RIR policies which denied him an AS number (for, I might add, obvious reasons!). Now I ask again: can you please clean up the mess you are making ? -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From michel@arneill-py.sacramento.ca.us Tue May 21 19:56:08 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 11:56:08 -0700 Subject: [6bone] 6Bone registry entries when multihomed? Message-ID: <2B81403386729140A3A899A8B39B046405E086@server2000.arneill-py.sacramento.ca.us> > Nicolas DEFFAYET wrote: > Warning, remove-private-as don't drop route with private ASN but > only remove private ASN in AS path. Correct, combined with aggregation this is what your ISP is supposed to do. Filtering private ASNs should not be necessary if everyone configured things the way they are supposed to, which is not the case. BGP table version is 29198, local router ID is 209.233.126.65 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 3FFE:82A0::/28 3FFE:B00:C18::8C 0 10566 12337 15671 65526 7521 i The bottom line is that you should _not_ announce AS 7521 to AS 15671. Also, AS 15671 should strip the private AS from the ASPATH. Michel. From michel@arneill-py.sacramento.ca.us Tue May 21 20:09:57 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 21 May 2002 12:09:57 -0700 Subject: [6bone] 6Bone registry entries when multihomed? Message-ID: <2B81403386729140A3A899A8B39B046405E087@server2000.arneill-py.sacramento.ca.us> Pim, >> Michel Py wrote: >> Why not having accurate information in the 6bone database? We are not >> talking about a xTLA peering with a private ASN, but about a site >> peering with a xTLA that can use remove-private-as. > Pim van Pelt wrote: > Can, but doesn't, as has been visible in the global routing > tables for many months now. This is the root of the problem, IMHO. > He may (naturally) do what he pleases, however he has been asked > by numerous people not to have his AS show up all around the place, > but he simply blames his uplinks for not filtering them out. Well, it is the role of an xTLA to make sure that whatever crap their customers feed them is not seen in the global routing table. To some extent, it's good that people do announce private ASNs, because it points out filtering flaws. > I might as well filter off those pTLAs that are not well > behaving then Have you contacted them? If someone forgot to put a filter, it's one thing. If they do it on purpose, I would filter these non-behaving pTLAs myself. Michel. From nicolas.deffayet-extml@ndsoftwaregroup.com Tue May 21 22:53:18 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Tue, 21 May 2002 23:53:18 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <20020521183430.GF16534@bfib.colo.bit.nl> Message-ID: <00b701c20111$eadb2f20$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Pim van Pelt > Sent: Tuesday, May 21, 2002 8:35 PM > To: Michel Py > Cc: itojun@iijlab.net; 6bone@ISI.EDU; peering@v6bone.de > Subject: Re: [6bone] 6Bone registry entries when multihomed? I don't like reply to a troll, but i reply for many reasons. > I normally don't engage in personal flames, but this has been > on my chest for a looong time. I'm sure other members of the > 6bone community will agree with me, so here goes (my 2 cents > worth of rant). > > Deffayet claims 'RIPE wont give him an AS' but this is only > logical as he does not operate an autonomous system, nor is > he a LIR, rather > two or three cablemodems at residential sites. First please respect me. I'm not your dog, call me Nicolas or Nicolas DEFFAYET or Mr DEFFAYET, not "DEFFAYET" I don't claim this. Have you read my mail ? Be a LIR is plained for my project... Have you create your network in one day ? I don't use "cablemodems at residential sites". It's the same if i tell that IPng.nl use 3 56k modems ! You are a troll expert :) I don't like liar. > AS65526 is giving transit to others, which is completely > ludicrous. This shows up in the looking glass at AS8954: > Network Path > * 3ffe:82a0::/28 15589 12337 15671 65526 7521 i > > Now apparently AS15671 is non-well behaved (therefor the CC > to their contact), and it is leaking this as-path into its peers. All routes sent my me, are in ALL case with community no-export. This is not possible (execept of ISP have bugy router who don't understand community). For information, community no-export = send routes to ibgp but NOT to other eBGP. I have shutdown the announcement of my routes to v6bone. > > Looking at the prefixes that AS15671 announces regularly, > Deffayet's aren't amongst them. This leads me to believe that > Deffayet is not using a private AS number to establish a > session with his uplinks (he has three), but simply to > circumvent the RIR policies which denied him an AS number > (for, I might add, obvious reasons!). I will get soon a public AS. But for respect the RIPE allocation rule, i need 2 transit IPv4. It's plained before for maximum the end of this year. > > Now I ask again: can you please clean up the mess you are making ? If you have problem with "my" private ASN: noc@ndsoftwarenet.com But it's very very rare because all my routes are sent with community no-export and i send all routes (transit) only to peer who request this to me. You can add filter if you want: ip as-path access-list private-asn-in deny _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0 -9]|6553[0-5])_ ip as-path access-list private-asn-in permit .* Best Regards, Nicolas DEFFAYET From nicolas.deffayet-extml@ndsoftwaregroup.com Tue May 21 22:56:25 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Tue, 21 May 2002 23:56:25 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <2B81403386729140A3A899A8B39B046405E086@server2000.arneill-py.sacramento.ca.us> Message-ID: <00b801c20112$5a3a1430$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Michel Py > Sent: Tuesday, May 21, 2002 8:56 PM > To: Nicolas DEFFAYET > Cc: 6bone@ISI.EDU; jens.gottbehuet@completel.de; randy@ipcenta.de > Subject: RE: [6bone] 6Bone registry entries when multihomed? > > > > Nicolas DEFFAYET wrote: > > Warning, remove-private-as don't drop route with private > ASN but only > > remove private ASN in AS path. > > Correct, combined with aggregation this is what your ISP is > supposed to do. Filtering private ASNs should not be > necessary if everyone configured things the way they are > supposed to, which is not the case. > > BGP table version is 29198, local router ID is 209.233.126.65 > Status codes: s suppressed, d damped, h history, * valid, > > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > * 3FFE:82A0::/28 3FFE:B00:C18::8C > 0 10566 12337 15671 > 65526 7521 i > > The bottom line is that you should _not_ announce AS 7521 to > AS 15671. Also, AS 15671 should strip the private AS from the ASPATH. I think that completel's router don't understand community (read my reply to Pim for more information about that). Now, i don't send any routes to completel, i accept it only (a BGP view). Best Regards, Nicolas DEFFAYET From Daniel Austin" Message-ID: <001b01c20114$98d42990$611c08d9@windoze> And again from the correct address :-) ----- Original Message ----- From: "Daniel Austin (fxp0)" To: "Nicolas DEFFAYET" Cc: "'Pim van Pelt'" ; "'Michel Py'" ; ; <6bone@ISI.EDU>; Sent: Tuesday, May 21, 2002 11:05 PM Subject: RE: [6bone] 6Bone registry entries when multihomed? > Hiya, > > Nicolas peers with us, and his ASN is not exported to our upstream > providers. IPv6 is a new technology and people are going to use it > differently to IPv4 so why should be restrict them to the current ipv4 > requirements? > > If they want to use private ASN's then thats not a problem. If everyone > applies the correct filters everything is fine. > > > With Thanks, > > Daniel Austin, > kewlio.net Limited. > > > On Tue, 21 May 2002, Nicolas DEFFAYET wrote: > > > > -----Original Message----- > > > From: 6bone-admin@mailman.isi.edu > > > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Pim van Pelt > > > Sent: Tuesday, May 21, 2002 8:35 PM > > > To: Michel Py > > > Cc: itojun@iijlab.net; 6bone@ISI.EDU; peering@v6bone.de > > > Subject: Re: [6bone] 6Bone registry entries when multihomed? > > > > I don't like reply to a troll, but i reply for many reasons. > > > > > I normally don't engage in personal flames, but this has been > > > on my chest for a looong time. I'm sure other members of the > > > 6bone community will agree with me, so here goes (my 2 cents > > > worth of rant). > > > > > > Deffayet claims 'RIPE wont give him an AS' but this is only > > > logical as he does not operate an autonomous system, nor is > > > he a LIR, rather > > > two or three cablemodems at residential sites. > > > > First please respect me. > > I'm not your dog, call me Nicolas or Nicolas DEFFAYET or Mr DEFFAYET, > > not "DEFFAYET" > > > > I don't claim this. > > > > Have you read my mail ? > > Be a LIR is plained for my project... > > > > Have you create your network in one day ? > > > > I don't use "cablemodems at residential sites". > > It's the same if i tell that IPng.nl use 3 56k modems ! > > > > You are a troll expert :) > > > > I don't like liar. > > > > > > > AS65526 is giving transit to others, which is completely > > > ludicrous. This shows up in the looking glass at AS8954: > > > Network Path > > > * 3ffe:82a0::/28 15589 12337 15671 65526 7521 i > > > > > > Now apparently AS15671 is non-well behaved (therefor the CC > > > to their contact), and it is leaking this as-path into its peers. > > > > All routes sent my me, are in ALL case with community no-export. > > This is not possible (execept of ISP have bugy router who don't > > understand community). > > > > For information, community no-export = send routes to ibgp but NOT to > > other eBGP. > > > > I have shutdown the announcement of my routes to v6bone. > > > > > > > > Looking at the prefixes that AS15671 announces regularly, > > > Deffayet's aren't amongst them. This leads me to believe that > > > Deffayet is not using a private AS number to establish a > > > session with his uplinks (he has three), but simply to > > > circumvent the RIR policies which denied him an AS number > > > (for, I might add, obvious reasons!). > > > > I will get soon a public AS. > > But for respect the RIPE allocation rule, i need 2 transit IPv4. > > > > It's plained before for maximum the end of this year. > > > > > > > > Now I ask again: can you please clean up the mess you are making ? > > > > If you have problem with "my" private ASN: noc@ndsoftwarenet.com > > But it's very very rare because all my routes are sent with community > > no-export and i send all routes (transit) only to peer who request this > > to me. > > > > You can add filter if you want: > > > > ip as-path access-list private-asn-in deny > > _(6451[2-9]|645[2-9][0-9]|64[6-9][0-9][0-9]|65[0-4][0-9][0-9]|655[0-2][0 > > -9]|6553[0-5])_ > > ip as-path access-list private-asn-in permit .* > > > > > > Best Regards, > > > > Nicolas DEFFAYET > > > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > From david@IPRG.nokia.com Wed May 22 01:57:15 2002 From: david@IPRG.nokia.com (David Kessens) Date: Tue, 21 May 2002 17:57:15 -0700 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <008201c200e6$a4599e90$0103010a@lnet.fr.ndsoftwaregroup.com>; from nicolas.deffayet-extml@ndsoftwaregroup.com on Tue, May 21, 2002 at 06:43:31PM +0200 References: <1648.1021993740@itojun.org> <008201c200e6$a4599e90$0103010a@lnet.fr.ndsoftwaregroup.com> Message-ID: <20020521175715.A3637@iprg.nokia.com> Nicolas, On Tue, May 21, 2002 at 06:43:31PM +0200, Nicolas DEFFAYET wrote: > > Why remove/forbid private ASN (ipv6-site ? because a aut-num can't be > registered at this time) from 6bone whois ? 6bone whois is a test whois > database. Please don't spread this kind of misinformation about the server. The whois server is not a test server at all and is the official registry for the 6bone. We have very liberal policies in place for registration of information. That means that everybody who uses this information is well advised to use filters in order to distinguise some bad information from the good information. We are this liberal because we don't want to make the use of the registry a burden for the legitimate 6bone community. I can put in more restrictive policies if the community desires so. It's users like you who sometimes make me wonder whether I should ask the community to put such more restrictive policies in place. You might want to consider to be more careful in what you are doing on the 6bone and the work that you create for me with your continious changing objects and mail servers that never seem to work. There is serious people on the 6bone who want to work with ipv6. Your project is causing an enormous distraction for many people who want to find out about the real problems in deploying ipv6. You are welcome to participate, whether you are small or big. However, this participation comes with certain responsibilities. One of these responsibilities is that you take comments/concerns from other people seriously and fix issues when they arise. You clearly have a problem with private AS#'s leaking out and I would like to suggest that you try to resolve that with your providers instead of blaming other people for a problem that ultimately originates from your network. Thanks, David K. --- From dave@dave.tj Wed May 22 05:24:17 2002 From: dave@dave.tj (Dave) Date: Wed, 22 May 2002 00:24:17 -0400 (EDT) Subject: [6bone] unsubscribe In-Reply-To: <8E8A6F537294EA4481D8821DCB2F22B75553@mail.DATAVOXin.net> Message-ID: <200205220424.g4M4OIH21102@dave2.dave.tj> Try sending an email with the subject "unsubscribe" to <6bone-request@isi.edu>. That should work, now that 6bone is on real mailman (as opposed to their majordomo's attempts at fooling us into thinking it was mailman a week or so ago). - Dave RS Namal wrote: > > This is a multi-part message in MIME format. > > ------_=_NextPart_001_01C200E6.B428EDD6 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > Can somebody help me to unsubscribe from 6bone? I am trying various > ways, but yet unsuccessful. > > =20 > > > ------_=_NextPart_001_01C200E6.B428EDD6 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > > > > charset=3Dus-ascii"> > > > > > > > > > > >
> >

style=3D'font-size:10.0pt; > font-family:Arial'>Can somebody help me to unsubscribe from 6bone? I am = > trying > various ways, but yet unsuccessful.

> >

style=3D'font-size:10.0pt; > font-family:Arial'> 

> >
> > > > > =00 > ------_=_NextPart_001_01C200E6.B428EDD6-- > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From nicolas.deffayet-extml@ndsoftwaregroup.com Wed May 22 13:20:59 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Wed, 22 May 2002 14:20:59 +0200 Subject: [6bone] 6Bone registry entries when multihomed? In-Reply-To: <20020521175715.A3637@iprg.nokia.com> Message-ID: <011e01c2018b$220ffbf0$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: David Kessens [mailto:david@IPRG.nokia.com] > Sent: Wednesday, May 22, 2002 2:57 AM > To: Nicolas DEFFAYET > Cc: 6bone@ISI.EDU > Subject: Re: [6bone] 6Bone registry entries when multihomed? > > Dear David, > On Tue, May 21, 2002 at 06:43:31PM +0200, Nicolas DEFFAYET wrote: > > > > I can put in more restrictive policies if the community > desires so. It's users like you who sometimes make me wonder > whether I should ask the community to put such more > restrictive policies in place. You might want to consider to > be more careful in what you are doing on the 6bone and the > work that you create for me with your continious changing > objects and mail servers that never seem to work. There is > serious people on the 6bone who want to work with ipv6. Your > project is causing an enormous distraction for many people > who want to find out about the real problems in deploying ipv6. I'm sorry if i create work for you. 6bone database is not fully automatic (except for mnter object who need manual intervention) ? I have decide this before this mail (i have remove ipv6-fr-cust and all user whois)): i don't create anymore individual whois for users of IPv6-FR project (it's not the same project that NDSoftware, IPv6-FR is a french project for the developement of IPv6 in France). I have do this because you have a lot of problem with mail servers of users and with more than 40 users i can't maint individual whois in good conditions. I don't think that you have problem with my mail servers because i have many MX checked my monitoring tool. I will now more pay attention to whois create/update/delete. > > You are welcome to participate, whether you are small or big. > However, this participation comes with certain > responsibilities. One of these responsibilities is that you > take comments/concerns from other people seriously and fix > issues when they arise. You clearly have a problem with > private AS#'s leaking out and I would like to suggest that > you try to resolve that with your providers instead of > blaming other people for a problem that ultimately originates > from your network. For information, i'm responsable of NDSoftware and IPv6-FR project, you (and all peoples) can contact me if you have problem with this projects, don't hesitate, i'm open to all requests (except troll like the Pim's troll) for fix my errors. I do very attention with my private ASN (all my routes are sent with community no-export) and i don't provide transit except if the peer ask me for it. "Dear Nicolas DEFFAYET, Peer is ok. BTW, please give me your full route. It seems disappear from yesterday. Thank you." I don't send anymore routes to v6bone (completel) because one of users of 6bone have report me a problem (see previous mails). I will apply this for each peer who reannonce my routes with my private ASN. Problem with it => don't annonces routes anymore If anyone find this policy bad, tell me. I wait your comments... Thanks Best Regards, Nicolas DEFFAYET From bmanning@ISI.EDU Wed May 22 17:13:13 2002 From: bmanning@ISI.EDU (Bill Manning) Date: Wed, 22 May 2002 09:13:13 -0700 (PDT) Subject: [6bone] 6bone pTLA 3FFE:4009::/32 allocated to VERAT In-Reply-To: <5.1.0.14.0.20020521064954.02989c98@imap2.es.net> from Bob Fink at "May 21, 2 06:51:10 am" Message-ID: <200205221613.g4MGDD919274@boreas.isi.edu> until then.... ;; QUESTION SECTION: ;9.0.0.4.e.f.f.3.ip6.int. IN NS ;; AUTHORITY SECTION: 9.0.0.4.e.f.f.3.ip6.int. 86400 IN NS noserver. % VERAT has been allocated pTLA 3FFE:4009::/32 having finished its 2-week % review period. % % % % % Note that it will take a short while for their pTLA inet6num entry to % appear in the 6bone registry as they have to create it themselves. However, % their registration is listed on: % % % % % [To create a reverse DNS registration for pTLAs, please send the prefix % allocated above, and a list of at least two authoritative nameservers, to % hostmaster@ep.net.] % % % Thanks, % % Bob % % _______________________________________________ % 6bone mailing list % 6bone@mailman.isi.edu % http://mailman.isi.edu/mailman/listinfo/6bone % -- --bill From michael@kjorling.com Wed May 22 19:00:56 2002 From: michael@kjorling.com (Michael Kjorling) Date: Wed, 22 May 2002 20:00:56 +0200 (CDT) Subject: [6bone] 6bone pTLA 3FFE:4009::/32 allocated to VERAT In-Reply-To: <200205221613.g4MGDD919274@boreas.isi.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 22 2002 09:13 -0700, Bill Manning wrote: > until then.... > > ;; QUESTION SECTION: > ;9.0.0.4.e.f.f.3.ip6.int. IN NS > > ;; AUTHORITY SECTION: > 9.0.0.4.e.f.f.3.ip6.int. 86400 IN NS noserver. Wouldn't it be better to simply not put in any delegation information? That would give a quick NXDOMAIN response, instead of the resolver having to go off and ask the root servers about "noserver", only to find out it doesn't exist. Granted, negative caching will mitigate this problem, but why put unnecessary load on the root servers when it can be avoided? Also I'm not sure how exactly a NS pointing to a non-existent RR is handled. NXDOMAIN, or SERVFAIL? Might have to check, just for the heck of it... Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE869zbKqN7/Ypw4z4RApxIAJ9I8ihYbCoQ4NyGRv+FPhA4PFUu8wCgl7YS g6qeNUMl+9LLJqtKGaiAJXM= =mOM0 -----END PGP SIGNATURE----- From nicolas.deffayet-extml@ndsoftwaregroup.com Wed May 22 20:31:41 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Wed, 22 May 2002 21:31:41 +0200 Subject: [6bone] 6bone pTLA 3FFE:4009::/32 allocated to VERAT In-Reply-To: Message-ID: <019f01c201c7$4c999b10$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Michael Kjorling > Sent: Wednesday, May 22, 2002 8:01 PM > To: 6bone > Subject: Re: [6bone] 6bone pTLA 3FFE:4009::/32 allocated to VERAT > > On May 22 2002 09:13 -0700, Bill Manning wrote: > > > until then.... > > > > ;; QUESTION SECTION: > > ;9.0.0.4.e.f.f.3.ip6.int. IN NS > > > > ;; AUTHORITY SECTION: > > 9.0.0.4.e.f.f.3.ip6.int. 86400 IN NS noserver. > > Wouldn't it be better to simply not put in any delegation > information? That would give a quick NXDOMAIN response, > instead of the resolver having to go off and ask the root > servers about "noserver", only to find out it doesn't exist. > > Granted, negative caching will mitigate this problem, but why > put unnecessary load on the root servers when it can be avoided? > > Also I'm not sure how exactly a NS pointing to a non-existent > RR is handled. NXDOMAIN, or SERVFAIL? > > Might have to check, just for the heck of it... I think that it's a good idea to ask for nameservers in pTLA request. It's plained to do stats on nameserver of pTLA like the RIPE ? (http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html) Best Regards, Nicolas DEFFAYET From michael@kjorling.com Wed May 22 21:14:34 2002 From: michael@kjorling.com (Michael Kjorling) Date: Wed, 22 May 2002 22:14:34 +0200 (CDT) Subject: [6bone] 6bone pTLA 3FFE:4009::/32 allocated to VERAT In-Reply-To: <019f01c201c7$4c999b10$0103010a@lnet.fr.ndsoftwaregroup.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 22 2002 21:31 +0200, Nicolas DEFFAYET wrote: > I think that it's a good idea to ask for nameservers in pTLA request. While I agree in principle, there is one problem with this. Without knowing the prefix allocated, setting up the name servers to serve it gets pretty tricky. I do think it would be a good idea to clearly state that reverse DNS _is_ required in either RFC 2772 or its successor, though. The problem is that without some way to enforce that, it gets nothing but a blow in the air. We don't need rules that are impossible or extremely hard to enforce beyond the "would you please do this" point - I think more or less everyone here can agree with that. Michael Kjörling - -- Michael Kjörling -- Programmer/Network administrator ^..^ Internet: michael@kjorling.com -- FidoNet: 2:204/254.4 \/ PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e ``And indeed people sometimes speak of man's "bestial" cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel.'' (Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Public key is at http://michael.kjorling.com/contact/pgp.html iD8DBQE86/wuKqN7/Ypw4z4RAgu0AKDSG1cAm23JkI0/A0vMjDBEUaC9ngCeMqQw NrOrymUKY+n+8OHRUPnrKhc= =OX5h -----END PGP SIGNATURE----- From ishida@netlab.nttdocomo.co.jp Tue May 21 01:05:54 2002 From: ishida@netlab.nttdocomo.co.jp (ishida@netlab.nttdocomo.co.jp) Date: Tue, 21 May 2002 09:05:54 +0900 Subject: [6bone] Magic Packet with IPv6 Message-ID: <20020521090259.6A26.ISHIDA@netlab.nttdocomo.co.jp> Dear all, I want to start my PC on other Ethernet with Magic Packet ( http://www.amd.com/us-en/Networking/NetworkingApplications/0,,50_2332_2627_2481,00.html ). What destination IPv6 address I use? If I send IPv4 packet to broadcast IPv4 address of other Ethernet, the router may send the packet with broad-cast MAC address. Then my PC's LAN controller catch the packet and my PC wake up. I want to do this with IPv6. ----------------- Ishida So Network Laboratories, NTT DoCoMo, Inc. From michel@arneill-py.sacramento.ca.us Thu May 23 04:45:08 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Wed, 22 May 2002 20:45:08 -0700 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. Message-ID: <2B81403386729140A3A899A8B39B046406C75E@server2000.arneill-py.sacramento.ca.us> 6boner, My candid view on IPv6 multihoming, comments welcomed. Michel. +-----------------------------------------------+ | Roadmap to IPv6 multihoming: no PI addresses. | +-----------------------------------------------+ Assessment of the current IPv6 multihoming situation: ----------------------------------------------------- - Regardless of the availability of multihoming protocols, independence from the service provider is highly desired by multihomers. - The pressure is increasing on RIRs to allocate PI blocks. - RIRs have delayed PI allocation as it creates long-term known problems. - The current policies effectively prohibit multihoming for everyone but ISPs (even RIRs themselves can not use PI addresses). - It is clear at this time that PA addresses alone do not address today's needs. The current roadmap to IPv6 multihoming is: - Offer a short-term alternative that would prevent the deployment of PI addresses: "geo for now". - Finish developing a long-term, scalable solution: MHAP. - ISP multihoming remains unchanged. "geo for now" ------------- The idea is to create a low-ambition geographic aggregation model that can be adopted using today's technology, requires no changes to physical infrastructure and few changes to current operational practices. Current work includes making geo for now and MHAP compatible to the migration from the shorter-term geo for now to the longer-term MHAP smooth. Geo addresses are: - Allocated depending on the location of the site. - Allocated by RIRs or NIRs - Locally portable. - Globally unique. - Aggregatable. Regardless of the actual aggregation ratio achieved, geo addresses are always preferable to PI; PI addresses will never be aggregated, geo will some day. Therefore, no IPv6 PI addresses must be ever used in any situation and geo addresses must be used instead. In other words, PI addresses offers no hope of aggregation, geo addresses do. The choice between PI and geo is a no-brainer: geo. MHAP ---- This is currently a working document of the ipv6mh mailing list. The draft is relatively mature and an earlier form was submitted to the IETF a year ago (it has evolved since then). MHAP is a full-blown mid to long-term solution. MHAP Features: - Zero impact on the DFZ's routing table. The DFZ's routing table stays strongly aggregated. - Provides multihomed, provider-independent, /48 address space for any site. - Very large organizations that require more can get a /47 or bigger. - Scalable (4 billion multihomed sites, initial allocation). - Addresses are aggregated at geographic areas boundaries. - There is no need for Internet eXchanges at aggregation boundaries. - MHAP is transparent to hosts. No modification of existing stacks is required and end-to-end traffic is unchanged. - More than 90% of routers would not require modification. - Provides global load balancing. - Provides survivability of open sessions. - There is no MTU reduction. - Can be run on hardware available today. - Gradual migration, no "flag day". - IPv6 only protocol. - MHAP provides site multihoming. ISP multihoming is unchanged. MHAP Concepts: - Multihomed address space exists only at the edge. The end-to-end multihomed traffic is carried over aggregated PA address space in the core. - A site gets PA addresses from ISPs and multihomed provider-independent space from a registry. - The process of transforming multihomed traffic to PA and back is called aliasing and relies on the presence of rendezvous points and aggregators. - Rendezvous points and aggregators answer topology requests. They do not carry traffic. - There is a separation between the DFZ's routing table and the multihomed space routing tables. The entire multihomed space is represented by two aggregates in the DFZ's routing table. - The only multihomed traffic on backbones is topology requests and routing updates. - There are two types of multihomed addresses: o Centralized, portable, for large multinational organizations. o Geographical, portable only within a geographic area. - There is no centralized table for geographic addresses. - The routing table for centralized prefixes remains contained to rendezvous points. - No multihomed site receives full multihomed tables. All a multihomed site needs is the small DFZ's routing table. From fink@es.net Thu May 23 14:43:30 2002 From: fink@es.net (Bob Fink) Date: Thu, 23 May 2002 06:43:30 -0700 Subject: [6bone] 6bone pTLA 3FFE:400A::/32 allocated to SATEC Message-ID: <5.1.0.14.0.20020523064231.02a89750@imap2.es.net> SATEC has been allocated pTLA 3FFE:400A::/32 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] Thanks, Bob From jorgen@hovland.cx Thu May 23 16:02:16 2002 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Thu, 23 May 2002 17:02:16 +0200 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. References: <2B81403386729140A3A899A8B39B046406C75E@server2000.arneill-py.sacramento.ca.us> Message-ID: <005701c2026a$d47b6240$0200000a@hera> I dont really think there is a problem. If everybody used ipv6 instead of ipv4 right now, we would probably have less prefixes than today. There are around 109327 ipv4 prefixes today, but only around 65000 as numbers. Im not sure really how big/the usage of a ipv6 /35 is if you compare it to a ipv4 /16. There are no lir's today with more than 1 real ipv6 prefix anyway? That would result in something like: number of asn's == number of prefixes wouldnt it? As you stated, the problem might begin with too many wanting a multihomed solution. Since becoming a LIR is not free (atleast not in europe/ripe), it would restrict itself. Small company's probably wont spend that ammount of money just to get a LIR membership. Its not worth it. Some enterprises do need multihoming: stockexchanges, banks etc. Only allowing isp's to be multihomed is crap. As long as the price for LIR membership is high enough, the problem is solved :-) I agree with the PI-address suggestion. They should drop it completely. Right now, I recieved an email from ripe. They are implementing a new global ipv6 policy. Im not familiar with it, but Im looking forward to read it. Maybe somebody knows whats it about? --------------- Dear Colleagues, We are pleased to announce that the RIPE NCC will implement the new Global IPv6 Policy on 1 July 2002. This policy has been agreed by the communities of all the Regional Internet Registries (RIRs). Before 1 July 2002 we will publish and announce the following as RIPE Documents: - Global IPv6 Policy Document - Initial IPv6 Allocation Request Form in the RIPE NCC Service Region - IPv6 End User Site Assignment Request Form in the RIPE NCC Service Region (for prefixes shorter than a /48) ------------------------------ Joergen Hovland WebOnline AS ----- Original Message ----- From: "Michel Py" To: <6bone@ISI.EDU> Sent: Thursday, May 23, 2002 5:45 AM Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. > 6boner, > > My candid view on IPv6 multihoming, comments welcomed. > > Michel. > > +-----------------------------------------------+ > | Roadmap to IPv6 multihoming: no PI addresses. | > +-----------------------------------------------+ > > Assessment of the current IPv6 multihoming situation: > ----------------------------------------------------- > > - Regardless of the availability of multihoming protocols, independence > from the service provider is highly desired by multihomers. > - The pressure is increasing on RIRs to allocate PI blocks. > - RIRs have delayed PI allocation as it creates long-term known > problems. > - The current policies effectively prohibit multihoming for everyone but > ISPs (even RIRs themselves can not use PI addresses). > - It is clear at this time that PA addresses alone do not address > today's needs. > > The current roadmap to IPv6 multihoming is: > - Offer a short-term alternative that would prevent the deployment of PI > addresses: "geo for now". > - Finish developing a long-term, scalable solution: MHAP. > - ISP multihoming remains unchanged. > > > "geo for now" > ------------- > The idea is to create a low-ambition geographic aggregation model that > can be adopted using today's technology, requires no changes to physical > infrastructure and few changes to current operational practices. Current > work includes making geo for now and MHAP compatible to the migration > from the shorter-term geo for now to the longer-term MHAP smooth. > > Geo addresses are: > - Allocated depending on the location of the site. > - Allocated by RIRs or NIRs > - Locally portable. > - Globally unique. > - Aggregatable. > > Regardless of the actual aggregation ratio achieved, geo addresses are > always preferable to PI; PI addresses will never be aggregated, geo will > some day. > > Therefore, no IPv6 PI addresses must be ever used in any situation and > geo addresses must be used instead. > > In other words, PI addresses offers no hope of aggregation, geo > addresses do. The choice between PI and geo is a no-brainer: geo. > > > > MHAP > ---- > This is currently a working document of the ipv6mh mailing list. The > draft is relatively mature and an earlier form was submitted to the IETF > a year ago (it has evolved since then). MHAP is a full-blown mid to > long-term solution. > > > MHAP Features: > > - Zero impact on the DFZ's routing table. The DFZ's routing table stays > strongly aggregated. > - Provides multihomed, provider-independent, /48 address space for any > site. > - Very large organizations that require more can get a /47 or bigger. > - Scalable (4 billion multihomed sites, initial allocation). > - Addresses are aggregated at geographic areas boundaries. > - There is no need for Internet eXchanges at aggregation boundaries. > - MHAP is transparent to hosts. No modification of existing stacks is > required and end-to-end traffic is unchanged. > - More than 90% of routers would not require modification. > - Provides global load balancing. > - Provides survivability of open sessions. > - There is no MTU reduction. > - Can be run on hardware available today. > - Gradual migration, no "flag day". > - IPv6 only protocol. > - MHAP provides site multihoming. ISP multihoming is unchanged. > > > MHAP Concepts: > > - Multihomed address space exists only at the edge. The end-to-end > multihomed traffic is carried over aggregated PA address space in the > core. > - A site gets PA addresses from ISPs and multihomed provider-independent > space from a registry. > - The process of transforming multihomed traffic to PA and back is > called aliasing and relies on the presence of rendezvous points and > aggregators. > - Rendezvous points and aggregators answer topology requests. They do > not carry traffic. > - There is a separation between the DFZ's routing table and the > multihomed space routing tables. The entire multihomed space is > represented by two aggregates in the DFZ's routing table. > - The only multihomed traffic on backbones is topology requests and > routing updates. > - There are two types of multihomed addresses: > o Centralized, portable, for large multinational organizations. > o Geographical, portable only within a geographic area. > - There is no centralized table for geographic addresses. > - The routing table for centralized prefixes remains contained to > rendezvous points. > - No multihomed site receives full multihomed tables. All a multihomed > site needs is the small DFZ's routing table. > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From michel@arneill-py.sacramento.ca.us Thu May 23 16:33:50 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Thu, 23 May 2002 08:33:50 -0700 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. Message-ID: <2B81403386729140A3A899A8B39B046405E095@server2000.arneill-py.sacramento.ca.us> Jørgen, > Jørgen Hovland wrote: > I dont really think there is a problem. If everybody used ipv6 instead > of ipv4 right now, we would probably have less prefixes than today. > There are around 109327 ipv4 prefixes today, but only around 65000 as > numbers. About ~12k ASNs are allocated today. > Im not sure really how big/the usage of a ipv6 /35 is if you compare > it to a ipv4 /16. There are no lir's today with more than 1 real ipv6 > prefix anyway? That would result in something like: number of asn's > == number of prefixes wouldnt it? We have made the same analysis, and it's close enough although a little optimistic (some will have both a 2001 prefix and a 3ffe); the issue here is that 64k ASNs are not going to last forever, see: http://search.ietf.org/internet-drafts/draft-ietf-idr-as4bytes-05.txt > Since becoming a LIR is not free (at least not in europe/ripe), it would > restrict itself. Small company's probably wont spend that ammount of > money just to get a LIR membership. Its not worth it. I have a problem with a system that favors the rich and the powerful. It is a legitimate demand for any size site to be multihomed, especially the small that uses cheesy technology. A large routing table favors big operators, because they are the only ones that can afford to buy the GSR or M160 that gets the job done. We can do better than this. > Right now, I recieved an email from ripe. They are implementing a new > global ipv6 policy. Im not familiar with it, but Im looking forward to > read it. Maybe somebody knows whats it about? ==> - IPv6 End User Site Assignment Request Form in the RIPE ==> NCC Service Region (for prefixes shorter than a /48) I have not seen this very form yet, regardless of its name this is the beginning of PI allocation. (Note that I support the new policy by lack of a better one). Michel. From Robert.Kiessling@de.easynet.net Thu May 23 18:28:41 2002 From: Robert.Kiessling@de.easynet.net (Robert Kiessling) Date: 23 May 2002 17:28:41 +0000 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. In-Reply-To: <2B81403386729140A3A899A8B39B046405E095@server2000.arneill-py.sacramento.ca.us> References: <2B81403386729140A3A899A8B39B046405E095@server2000.arneill-py.sacramento.ca.us> Message-ID: "Michel Py" writes: > ==> - IPv6 End User Site Assignment Request Form in the RIPE > ==> NCC Service Region (for prefixes shorter than a /48) > > I have not seen this very form yet, regardless of its name this is the beginning of PI allocation. Not at all. This is for very large sites for which an assignment of /48 is too small. It is still PA, without any signs of PI, apart from *possibly* the size of the netblock which *might* make it more likely to be accepted globally. But that is not under the RIRs' control. Robert From michel@arneill-py.sacramento.ca.us Thu May 23 21:10:31 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Thu, 23 May 2002 13:10:31 -0700 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. Message-ID: <2B81403386729140A3A899A8B39B046405E097@server2000.arneill-py.sacramento.ca.us> Robert, ==> - IPv6 End User Site Assignment Request Form in the RIPE ==> NCC Service Region (for prefixes shorter than a /48) > Robert Kiessling wrote: > Not at all. This is for very large sites for which an assignment of > /48 is too small. It is still PA, without any signs of PI, apart from > *possibly* the size of the netblock which *might* make it more likely > to be accepted globally. But that is not under the RIRs' control. Thanks for the precision. It would be interesting to follow up how many of these are allocated, as it makes little sense to me. If you need a /48, you have more than 64k subnets. It appears dangerous to me configuring a network that size with addresses that belongs to a LIR, even if you actually own the LIR. If my memory is correct, the feds forced WorldCom to sell CWnet a while ago, leaving some parts of MCI to renumber. Michel. From Robert.Kiessling@de.easynet.net Fri May 24 01:44:17 2002 From: Robert.Kiessling@de.easynet.net (Robert Kiessling) Date: 24 May 2002 00:44:17 +0000 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. In-Reply-To: <2B81403386729140A3A899A8B39B046405E097@server2000.arneill-py.sacramento.ca.us> References: <2B81403386729140A3A899A8B39B046405E097@server2000.arneill-py.sacramento.ca.us> Message-ID: "Michel Py" writes: > Thanks for the precision. It would be interesting to follow up how > many of these are allocated, as it makes little sense to me. Just look at the respective whois databases. > If you need a /48, you have more than 64k subnets. Right, if you make full use of them. But bear in mind that in IPv6 aggregation wins over conservation. A suitable hierarchy "wastes" a lot of address space. Thus the H ratio was chosen as a better approach to measure utilisation, taking into account aggregation and hierarchy, and in my understanding you wouldn't actually need 64k subnets to justify a larger assignment, but rather about 7k. > It appears dangerous to me configuring a network that size with > addresses that belongs to a LIR, even if you actually own the LIR. So you question the very principle of PA addresses. Well, I don't feel like arguing about that. Robert From nicolas.deffayet-extml@ndsoftwaregroup.com Fri May 24 00:54:44 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Fri, 24 May 2002 01:54:44 +0200 Subject: [6bone] IPv6 routing problem with zebra and kernel Message-ID: <005201c202b5$36be4310$0103010a@lnet.fr.ndsoftwaregroup.com> Hello, First, sorry for cross-post but the problem is related to a lot of mailing-lists. I have a strange problem on one of my router: lacr1.us.ndsoftwarenet.net. I get "connect: Network is unreachable", when i try a traceroute or a connection from the router to a host on 6bone. The problem is random, because a destination www.kame.net can work but not www.6bone.net (for exemple) and after restart zebra www.6bone.net can work but not www.kame.net. Often, all destinations don't work. OS: Debian 3.0 (sid/unstable) with last update Kernel: 2.4.18 (i have try kernel 2.4.18 USAGI (last snapshot) and standard (from kernel.org) but same problem Zebra: 0.93 CVS (i have try 0.92a too but same problem) It's not the zebra configuration (zebra.conf, bgpd.conf), because all my routers have the same configuration. How i can fix this problem ? Any help are welcome. --- When a user, connected on router try traceroute: wireless:/etc/zebra# /usr/sbin/traceroute6 phenix.rootshell.be traceroute to phenix.rootshell.be (3ffe:8100:200:1fff::25) from 3ffe:81f1:3:2006::2, 30 hops max, 16 byte packets 1 tun6-0-lacr1.us.ndsoftwarenet.net (3ffe:81f1:3:2006::1) 118.109 ms !H 125.594 ms !H 119.42 ms !H wireless:/etc/zebra# --- When i try a traceroute from router: # traceroute6 www.6bone.net connect: Network is unreachable --- Kernel routing table, good route on the good interface: # route -A inet6 | grep 3ffe:b00::/24 3ffe:b00::/24 fe80::d55b:403 UG 1024 0 0 sit1 --- BGP is OK: lacr1.us.ndsoftwarenet.net> show ipv6 bgp 3ffe:b00::/24 BGP routing table entry for 3ffe:b00::/24 Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 3ffe:81f1:3:1000::2 10566 3ffe:81f1:1:2054::1 from 3ffe:81f1:1:2054::1 (213.91.4.3) (fe80::d55b:403) Origin incomplete, localpref 100, valid, internal, best Last update: Thu May 23 06:04:22 2002 2042 10566 3ffe:81f1:3:2004::2 from 3ffe:81f1:3:2004::2 (202.187.22.65) (fe80::cabb:1602) Origin incomplete, localpref 100, valid, external Last update: Thu May 23 06:04:20 2002 lacr1.us.ndsoftwarenet.net> --- Zebra routing table is OK: lacr1.us.ndsoftwarenet.net> show ipv6 route 3ffe:b00::/24 Routing entry for 3ffe:b00::/24 Known via "bgp", distance 200, metric 0, best Last update 00:06:35 ago * fe80::d55b:403, via sit1 lacr1.us.ndsoftwarenet.net> --- Zebra compiled with --enable-netlink zebra.log: 2002/05/23 06:06:26 ZEBRA: netlink-listen error: File exists, type=RTM_NEWROUTE(24), seq=742, pid=0 2002/05/23 06:06:26 ZEBRA: netlink-listen error: File exists, type=RTM_NEWROUTE(24), seq=743, pid=0 2002/05/23 06:14:20 ZEBRA: netlink_talk: ignoring message type 0x0019 2002/05/23 06:14:20 ZEBRA: netlink_talk: ignoring message type 0x0019 --- Zebra compiled with --disable-netlink zebra.log: 2002/05/23 06:15:13 ZEBRA: can't delete ipv6 route: No such process 2002/05/23 06:15:13 ZEBRA: can't delete ipv6 route: No such process 2002/05/23 06:15:13 ZEBRA: can't add ipv6 route: File exists 2002/05/23 06:15:13 ZEBRA: can't add ipv6 route: File exists --- Best Regards, Nicolas DEFFAYET From michel@arneill-py.sacramento.ca.us Fri May 24 00:56:35 2002 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Thu, 23 May 2002 16:56:35 -0700 Subject: [6bone] Roadmap to IPv6 multihoming: no PI addresses. Message-ID: <2B81403386729140A3A899A8B39B046405E09A@server2000.arneill-py.sacramento.ca.us> Robert, >> If you need a /48, you have more than 64k subnets. > Robert Kiessling wrote: > Right, if you make full use of them. But bear in mind that in > IPv6 aggregation wins over conservation. A suitable hierarchy > "wastes" a lot of address space. Thus the H ratio was chosen as a > better approach to measure utilisation, taking into account > aggregation and hierarchy, and in my understanding you wouldn't > actually need 64k subnets to justify a larger assignment, but > rather about 7k. Agree. For 65k actual subnets, we are talking about a /45 or so. >> It appears dangerous to me configuring a network that size with >> addresses that belongs to a LIR, even if you actually own the LIR. > So you question the very principle of PA addresses. You misunderstand me, I don't. It is one of the necessary building blocks. I question the business sense and timing of building today a 7k+ subnets network in the lack of a multihoming solution and by getting married to a provider. Michel. From Marc.Blanchet@viagenie.qc.ca Fri May 24 10:41:31 2002 From: Marc.Blanchet@viagenie.qc.ca (Marc Blanchet) Date: Fri, 24 May 2002 05:41:31 -0400 Subject: [6bone] Re: IPv6 routing problem with zebra and kernel In-Reply-To: <005201c202b5$36be4310$0103010a@lnet.fr.ndsoftwaregroup.com> References: <005201c202b5$36be4310$0103010a@lnet.fr.ndsoftwaregroup.com> Message-ID: <153180000.1022233291@classic.viagenie.qc.ca> just guessing: - might be just a problem of connexion time. - I would try traceroute -w with some higher number than the default and see if it is still the same issue. might be not the problem. Marc. -- vendredi, mai 24, 2002 01:54:44 +0200 Nicolas DEFFAYET wrote/a écrit: > Hello, > > First, sorry for cross-post but the problem is related to a lot of > mailing-lists. > > I have a strange problem on one of my router: > lacr1.us.ndsoftwarenet.net. > > I get "connect: Network is unreachable", when i try a traceroute or a > connection from the router to a host on 6bone. > The problem is random, because a destination www.kame.net can work but > not www.6bone.net (for exemple) and after restart zebra www.6bone.net > can work but not www.kame.net. Often, all destinations don't work. > > OS: Debian 3.0 (sid/unstable) with last update > Kernel: 2.4.18 (i have try kernel 2.4.18 USAGI (last snapshot) and > standard (from kernel.org) but same problem > Zebra: 0.93 CVS (i have try 0.92a too but same problem) > > It's not the zebra configuration (zebra.conf, bgpd.conf), because all my > routers have the same configuration. > > How i can fix this problem ? > > Any help are welcome. > > --- > > When a user, connected on router try traceroute: > > wireless:/etc/zebra# /usr/sbin/traceroute6 phenix.rootshell.be > traceroute to phenix.rootshell.be (3ffe:8100:200:1fff::25) from > 3ffe:81f1:3:2006::2, 30 hops max, 16 byte packets > 1 tun6-0-lacr1.us.ndsoftwarenet.net (3ffe:81f1:3:2006::1) 118.109 ms > !H 125.594 ms !H 119.42 ms !H > wireless:/etc/zebra# > > --- > > When i try a traceroute from router: > ># traceroute6 www.6bone.net > connect: Network is unreachable > > --- > > Kernel routing table, good route on the good interface: > ># route -A inet6 | grep 3ffe:b00::/24 > 3ffe:b00::/24 fe80::d55b:403 > UG 1024 0 0 sit1 > > --- > > BGP is OK: > > lacr1.us.ndsoftwarenet.net> show ipv6 bgp 3ffe:b00::/24 > BGP routing table entry for 3ffe:b00::/24 > Paths: (2 available, best #1, table Default-IP-Routing-Table) > Advertised to non peer-group peers: > 3ffe:81f1:3:1000::2 > 10566 > 3ffe:81f1:1:2054::1 from 3ffe:81f1:1:2054::1 (213.91.4.3) > (fe80::d55b:403) > Origin incomplete, localpref 100, valid, internal, best > Last update: Thu May 23 06:04:22 2002 > > 2042 10566 > 3ffe:81f1:3:2004::2 from 3ffe:81f1:3:2004::2 (202.187.22.65) > (fe80::cabb:1602) > Origin incomplete, localpref 100, valid, external > Last update: Thu May 23 06:04:20 2002 > > lacr1.us.ndsoftwarenet.net> > > --- > > Zebra routing table is OK: > > lacr1.us.ndsoftwarenet.net> show ipv6 route 3ffe:b00::/24 > Routing entry for 3ffe:b00::/24 > Known via "bgp", distance 200, metric 0, best > Last update 00:06:35 ago > * fe80::d55b:403, via sit1 > > lacr1.us.ndsoftwarenet.net> > > --- > > Zebra compiled with --enable-netlink > > zebra.log: > 2002/05/23 06:06:26 ZEBRA: netlink-listen error: File exists, > type=RTM_NEWROUTE(24), seq=742, pid=0 > 2002/05/23 06:06:26 ZEBRA: netlink-listen error: File exists, > type=RTM_NEWROUTE(24), seq=743, pid=0 > 2002/05/23 06:14:20 ZEBRA: netlink_talk: ignoring message type 0x0019 > 2002/05/23 06:14:20 ZEBRA: netlink_talk: ignoring message type 0x0019 > > --- > > Zebra compiled with --disable-netlink > > zebra.log: > 2002/05/23 06:15:13 ZEBRA: can't delete ipv6 route: No such process > 2002/05/23 06:15:13 ZEBRA: can't delete ipv6 route: No such process > 2002/05/23 06:15:13 ZEBRA: can't add ipv6 route: File exists > 2002/05/23 06:15:13 ZEBRA: can't add ipv6 route: File exists > > --- > > Best Regards, > > Nicolas DEFFAYET > > --------------------------------------------------------------------- > The IPv6 Users Mailing List > Unsubscribe by sending "unsubscribe users" to majordomo@ipv6.org > ------------------------------------------ Marc Blanchet Viagénie tel: +1-418-656-9254x225 ------------------------------------------ http://www.freenet6.net: IPv6 connectivity ------------------------------------------ http://www.normos.org: IETF(RFC,draft), IANA,W3C,... standards. ------------------------------------------ From nicolas.deffayet-extml@ndsoftwaregroup.com Fri May 24 11:58:38 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Fri, 24 May 2002 12:58:38 +0200 Subject: [6bone] RE: IPv6 routing problem with zebra and kernel In-Reply-To: <3CEDBC7F.8070706@fabbione.net> Message-ID: <002801c20311$f661d810$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: Fabio Massimo Di Nitto [mailto:fabbione@fabbione.net] > Sent: Friday, May 24, 2002 6:07 AM > To: Nicolas DEFFAYET > Cc: Mailing-List 6bone; Mailing-List Debian IPv6; > Mailing-List IPv6 Users; Mailing-List USAGI; Mailing-List Zebra > Subject: Re: IPv6 routing problem with zebra and kernel > Hi Fabio, > Nicolas DEFFAYET wrote: > > > > >Zebra compiled with --enable-netlink > > > Did you enable the netlink emulation in the kernel as well???? Same problem with or without netlink_dev. I reboot the machine and recompile zebra with and without netlink options after each change... > > A similar problem was discussed in one of the debian ml and > it seems that having netlink enable fix the problem but it > needs to be done both in the kernel and in zebra. Don't find this discussion on google. What's the list for i can search in the archive ? Best Regards, Nicolas DEFFAYET From nicolas.deffayet-extml@ndsoftwaregroup.com Fri May 24 12:15:26 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Fri, 24 May 2002 13:15:26 +0200 Subject: [6bone] IPv6 routing problem with zebra and kernel In-Reply-To: <5.1.0.14.0.20020524092750.038d7c40@213.46.233.213> Message-ID: <002b01c20314$4e65aa30$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: Roger Jorgensen [mailto:rjorgensen@upctechnology.com] > Sent: Friday, May 24, 2002 9:29 AM > To: Nicolas DEFFAYET > Subject: Re: [6bone] IPv6 routing problem with zebra and kernel > > > How does your routing table look like (ip -6 ro with > iproute2) ? Is the via address right? > > A destination who work: # traceroute6 www.ipv6.chello.com traceroute to future.ipv6.chello.com (2001:730:0:1:a00:20ff:fec1:b1f0) from 3ffe:81f1:1:2054::2, 30 hops max, 16 byte packets 1 tun54-0-parcr1.fr.ndsoftwarenet.net (3ffe:81f1:1:2054::1) 200.536 ms 174.857 ms 164.169 ms 2 chello-gw-parcr1.fr.ndsoftwarenet.net (3ffe:81f1:1:2022::2) 196.507 ms 202.46 ms 192.882 ms 3 future.ipv6.chello.com (2001:730:0:1:a00:20ff:fec1:b1f0) 193.6 ms 194.294 ms 193.905 ms # ip -6 ro | grep 2001:730 2001:730::/35 via fe80::d55b:403 dev sit1 metric 1024 mtu 1480 advmss 1420 --- A destination who don't work: # traceroute6 www.ipv6.uni-muenster.de connect: Network is unreachable # ip -6 ro | grep 3ffe:400 unreachable 3ffe:400::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 Best Regards, Nicolas DEFFAYET From ali@ali.dnsalias.com Fri May 24 14:12:12 2002 From: ali@ali.dnsalias.com (ali@ali.dnsalias.com) Date: Fri, 24 May 2002 15:12:12 +0200 Subject: [6bone] (no subject) Message-ID: <200205241312.g4ODCCA02662@ali.dnsalias.com> This is a MIME-encapsulated message. --------------768076484109871907011644 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit which ali@ali.dnsalias.com --------------768076484109871907011644-- From fabbione@fabbione.net Fri May 24 05:07:27 2002 From: fabbione@fabbione.net (Fabio Massimo Di Nitto) Date: Fri, 24 May 2002 06:07:27 +0200 Subject: [6bone] Re: IPv6 routing problem with zebra and kernel References: <005201c202b5$36be4310$0103010a@lnet.fr.ndsoftwaregroup.com> Message-ID: <3CEDBC7F.8070706@fabbione.net> Hi Nicolas Nicolas DEFFAYET wrote: > >Zebra compiled with --enable-netlink > Did you enable the netlink emulation in the kernel as well???? A similar problem was discussed in one of the debian ml and it seems that having netlink enable fix the problem but it needs to be done both in the kernel and in zebra. Fabio From fabbione@fabbione.net Fri May 24 13:19:50 2002 From: fabbione@fabbione.net (Fabio Massimo Di Nitto) Date: Fri, 24 May 2002 14:19:50 +0200 Subject: [6bone] Re: [zebra 13790] RE: IPv6 routing problem with zebra and kernel References: <002801c20311$f661d810$0103010a@lnet.fr.ndsoftwaregroup.com> Message-ID: <3CEE2FE6.5060901@fabbione.net> Nicolas DEFFAYET wrote: >Hi Fabio, > > >Don't find this discussion on google. >What's the list for i can search in the archive ? > > > As far as I remember was on debian-ipv6 or debian-devel. Regards Fabio From elisaudo@telegoias.com.br Wed May 29 02:25:23 2002 From: elisaudo@telegoias.com.br (Elisaudo Sousa de Jesus) Date: Tue, 28 May 2002 22:25:23 -0300 Subject: [6bone] thesis about active network over ipv6 Message-ID: <976F547C242D554A82920C6606ACB2240185BBC2@GOEXCHANGE.telegoias.com.br> Hi, I'm writing a thesis about active network over ipv6. I found your e-mail on the internet. Could you give me some hints about papers, sites or books that i can find good information of these subject. Thanks very much! Elisaudo Sousa de Jesus elisaudo@telegoias.com.br From nicolas.deffayet-extml@ndsoftwaregroup.com Wed May 29 17:28:50 2002 From: nicolas.deffayet-extml@ndsoftwaregroup.com (Nicolas DEFFAYET) Date: Wed, 29 May 2002 18:28:50 +0200 Subject: [6bone] thesis about active network over ipv6 In-Reply-To: <976F547C242D554A82920C6606ACB2240185BBC2@GOEXCHANGE.telegoias.com.br> Message-ID: <020801c2072d$eab3f460$0103010a@lnet.fr.ndsoftwaregroup.com> > -----Original Message----- > From: 6bone-admin@mailman.isi.edu > [mailto:6bone-admin@mailman.isi.edu] On Behalf Of Elisaudo > Sousa de Jesus > Sent: Wednesday, May 29, 2002 3:25 AM > To: '6bone@ISI.EDU' > Subject: [6bone] thesis about active network over ipv6 > Hi, > I'm writing a thesis about active network over ipv6. I found > your e-mail on the internet. It's a mailing-list. > > Could you give me some hints about papers, sites or books > that i can find good information of these subject. > Have you try to search on this sites ? http://www.6bone.net http://www.hs247.com http://dmoz.org/Computers/Internet/Protocols/IP/IPng/ Best Regards, Nicolas DEFFAYET From ck@arch.bellsouth.net Wed May 29 17:45:54 2002 From: ck@arch.bellsouth.net (Christian Kuhtz) Date: Wed, 29 May 2002 12:45:54 -0400 Subject: [6bone] thesis about active network over ipv6 In-Reply-To: <976F547C242D554A82920C6606ACB2240185BBC2@GOEXCHANGE.telegoias.com.br>; from Elisaudo Sousa de Jesus on Tue, May 28, 2002 at 10:25:23PM -0300 References: <976F547C242D554A82920C6606ACB2240185BBC2@GOEXCHANGE.telegoias.com.br> Message-ID: <20020529124554.D10249@ns1.arch.bellsouth.net> active network? care to explain what _exactly_ you mean by that? marketeers with their marketecture slides have screwed that word up quite nicely. On Tue, May 28, 2002 at 10:25:23PM -0300, Elisaudo Sousa de Jesus wrote: > Hi, > > I'm writing a thesis about active network over ipv6. I found your e-mail on > the internet. > > Could you give me some hints about papers, sites or books that i can find > good information of these subject. > > Thanks very much! > > Elisaudo Sousa de Jesus > elisaudo@telegoias.com.br > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From dax@inf.enst.fr Wed May 29 18:13:24 2002 From: dax@inf.enst.fr (Philippe Dax) Date: Wed, 29 May 2002 19:13:24 +0200 Subject: [6bone] thesis about active network over ipv6 In-Reply-To: <20020529124554.D10249@ns1.arch.bellsouth.net> References: <976F547C242D554A82920C6606ACB2240185BBC2@GOEXCHANGE.telegoias.com.br> <20020529124554.D10249@ns1.arch.bellsouth.net> Message-ID: <20020529171324.GA4589@horla.enst.fr> On 29/05, Christian Kuhtz wrote: | | active network? care to explain what _exactly_ you mean by that? | | marketeers with their marketecture slides have screwed that word up | quite nicely. From: http://nms.lcs.mit.edu/darpa-activenet/mission.html What is an active network? Active networks allow individual user, or groups of users, to inject customized programs into the nodes of the network. "Active" architectures enable a massive increase in the complexity and customization of the computation that is performed within the network, e.g., that is interposed between the communicating end points. See http://nms.lcs.mit.edu/darpa-activenet/ and http://ww.isi.edu/abone/ Philippe Dax -- | On Tue, May 28, 2002 at 10:25:23PM -0300, Elisaudo Sousa de Jesus wrote: | > Hi, | > | > I'm writing a thesis about active network over ipv6. I found your e-mail on | > the internet. | > | > Could you give me some hints about papers, sites or books that i can find | > good information of these subject. | > | > Thanks very much! | > | > Elisaudo Sousa de Jesus | > elisaudo@telegoias.com.br | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone