[6bone] pTLA request NDSOFTWARE - review closes 23 October 2002

[Nicolas DEFFAYET]

On Sun, 2002-10-20 at 10:42, John Fraizer wrote: 

> Now. let me pose some questions to you.  Your open, honest answers to
> these questions will determine my vote (and perhaps many others) on your
> pTLA application:
> 
> (1) Who are the following and what are their qualifications to be
> technical contacts?  The last thing I want to hear on the other end of the
> phone line when I contact someones technical contacts is "I'm sorry.  
> He's at school.  I'll tell him you called."  Do these people all have
> enable on your routers?  Do they understand v6 routing?  Would they know
> what I was talking about if I told them that you were leaking leaking
> routes or that your peering session was flapping?

There is a common phone contact for a best manegement. 

I'm NOT at school because i'm NOT a kid. 
I work for NDSoftware all the day. 

All tech contact in NDSoftware's whois have a root access on each
routers. They understand v4/v6 routing, unix administration,... 

> (2) Do you have a network plan?  IE; How are your current /32's
> dispersed?

Yes we have a network plan. Our network plan is not clear for this 3
/32, but now i know my errors of IP management, and NDSoftware pTLA
address plan will be clear. 

We have 3 /32, but 1 /32 is enough. We have 3 /32 for have a backup if
one of our upstream can't provide us anymore a BGP peering. 

> (3) Do _you_ have a network or are you simply colocated someplace on
> someone elses network?

The both currently because our network is not finish. 

> If you're colocated, do you #1 have 24hr _physical_ access to the
> equipment?  Can you be onsite within a reasonable amount of time in the
> event that physical access to equipment is required to remedy a
> problem?  If not, do you have a "remote hands" contract in place?

Yes, we have an 24x7 access. 

> (4) If you don't have your own network, how do you propose to provide
> "production quality" 6bone backbone services?  

No need to have your network for provide a production quality service...
> I submit that without your own portable v4 address space for an endpoint
> of tunnels, you're at the mercy of your upstreams.  If they require you to
> renumber, every one of your peers will have to reconfigure their tunnels.

Yes, i know. 

> (5) I find this strange.  Can you explain it?
> 
> Nice routing loop there.  Have you considered: (1) Not having a v6 default on your border
> router. (2) Having a connection between your two border routers and running an IGP between them?

Ops, fixed. 

I have forgot to add "ifconfig lo add 3ffe:81f1:2:1::1/64" in the init
scripts of parcr1.fr.ndsoftwarenet.net. 

2  eth1-0-parcr2.fr.ndsoftwarenet.net (3ffe:81f1:12:1::1)  1.023 ms 
1.068 ms  0.961 ms 
3  lo0-0-parcr1.fr.ndsoftwarenet.net (3ffe:81f1:2:1::1)  189.781 ms 
227.238 ms  212.632 ms 

> (6) It can't be a good sign for a "production quality" network when your
> route-server can't maintain a BGP peering session with your own routers:

Yes, i know, it's because i use peer group. 
This problem will be fixed when parcr1.fr.ndsoftwarenet.net will have
the new AS (i will do the migration of parcr1.fr.ndsoftwarenet.net after
the 23th October). 

> (7) "a. Fully maintained, up to date, 6Bone Registry entries for their
>     ipv6-site inet6num, mntner, and person objects, including each
>     tunnel that the Applicant has."
> 
> You've got parcr3.fr.ndsoftwarenet.net listed in your ipv6-site object but:

Removed of the whois the time that we update the DNS. 

parcr3.fr.ndsoftwarenet.net is the first pre-production router on our
network and don't have IPv4 connectivity. 
 
> (8) With regards to #7 above, I suggest that with your recent policy
> change regarding BGP peers, you remove the following line from your
> ipb6-site object:
> 
> remarks:      NDSoftware have an open peering policy.

We are open, why remove this ? 

It's not because we have delete 5-6 BGP sessions with private ASN for
new peer with pTLA and sTLA that we aren't open... 

> (9) What is your "potential user community" IE; What gap are you going to
> be filling in the service delivery arena that is not already served by
> other pTLAs?

NDSoftware operates an IPv6 network and provide a lot of IPv6 services
to many projects. 

We provide to: 

IPv6-FR (a non profit organisation for the developement of IPv6 in
France) 
tunnel broker:  200 users, each user have a /48. 


NexGentCollective (http://www.nextgencollective.net/)
tunnel broker:  150 users, each user have a /48. 

ATI (A tunisian ISP, http://www.ipv6net.tn/)

and a lot of others (see our whois), this services: IPv6 connectivity 
(STATIC or BGP with a IPv6 block), IPv6 newsfeeds/newsread,... 

We do many actions in IPv6 research, we created FNIX6 (French 
International Internet Exchange IPv6, http://www.fnix6.net/), we host
many mirrors available in IPv6, we created ftp://ftp.openipv6.com/ (a
FTP with a lot of IPv6 stuff). 

> (10) What purpose will having your OWN pTLA serve that your current 3
> /32's don't already serve?  Keep in mind that _wanting_ your own pTLA !=
> _NEEDING_ your own pTLA and _NEEDING_ to announce a pTLA into the DFZ
> because it's a requirement for you to have your own ASN is _not_
> sufficient justification for you to be issued a 

A lot of peers filter our /32 because it's not a pTLA. 
We want a pTLA for can announce without any problems our network, don't
break the IPv6 aggregation and be independant of a upstream (we don't
want be down because our upstream is down). 

> (11) "d. A fully maintained, and reliable, IPv6-accessible system
>       providing, at a mimimum, one or more web pages, describing the
>       Applicant's IPv6 services.  This server must be IPv6 pingable."
> 
> Looking at http://noc.ndsoftwarenet.com, information about what
> NDSOFTWARE actually *does* is strangely absent.  Your peering-policy link
> returns a 404 error. Your route-filtering link returns a 404 error. Your
> usenet-policy link returns a 404 error.  Register, Login and Help all
> point to your bgp-communities page, as do your "go" button and the
> advanced-search link.  Home, Products & Services,  Support, Download, Buy
> and Contact links at the top page simply link the whatever page you're
> currently viewing.  There is no information about what your
> "company?" actually does or offers to do even.

NDSoftware website is not ready for the moment, but the NOC website is
ready. 

We will fix this 404 errors. 

> (12) "b. Fully maintained, and reliable, BGP4+ peering and connectivity
>      between the Applicant's boundary router and the appropriate
>      connection point into the 6Bone. This router must be IPv6
>      pingable. This criteria is judged by members of the 6Bone
>      Operations Group at the time of the Applicant's pTLA request.
> 
> We have currently 101 BGP4+ sessions."
> 
> Looking at parcr1.fr.ndsoftwarenet.net, I count 87 neighbors, 15 of which
> are down, 3 of which have never established an adjacency, two of the 87
> peering sessions being yourself. (84 ?real? sessions on this router.)
> 
> Looking at parcr2.fr.ndsoftwarenet.net, I count 11 neighbors, 4 of which
> are down with two of the 11 peering sessions being yourself.  (9
> ?real? peering sessions.)
> 
> I don't know about in France but, in the US, 84 + 9 = 93 peering sessions,
> not 101 peering sessions.
> 
> Can you perhaps explain your math to us?

"We have currently 101 BGP4+ sessions."
         ^^^^^^^^^ 
We have delete many peering down since many weeks after our pTLA
request, for prepare the migration of parcr1.fr.ndsoftwarenet.net 

> (13) Of those 84 peering sessions, have you verified that they have
> appropriate entries in their ipv6-site objects for the tunnel/connection
> or that they have ipv6-site objects AT-ALL?  Before you answer this, take
> a look at this:

A lot don't want create an ipv6-site. 

> Part of properly maintaining _YOUR_ ipv6-site object is making sure that
> you don't reference an object that doesn't exist.  If someone is unable or
> unwilling to create & maintain an ipv6-site object, do you really feel
> that they are a good peering candidate?  I certainly don't.

They can be a good peering candidate !

A whois updated or not don't make the quality of a peering. 

> (13) Just for my own personal amusement... You have a VPI/VCI pair field
> in your list of public peering points that you participate in or plan to
> participate in on your website but, your interconnects are all listed as
> 100M FE.  Um, what kind of ethernet are you using that supports VPI/VCI or
> did you just think it would look "cool" to have that field?

VPI/VCI field is for a futur use. 


Why all this questions ? 
I don't have asked all this questions, when you have request your
pTLA.... 

Best Regards, 

Nicolas DEFFAYET