From rain@bluecherry.net Fri Aug 1 06:24:06 2003 From: rain@bluecherry.net (Ben Winslow) Date: 01 Aug 2003 01:24:06 -0400 Subject: [6bone] Nothing is sacred... Message-ID: <1059715446.3176.126.camel@portal.home> --=-GIRoSoGjGbhMUYiEkStS Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of a spammer with the audacity to operate over IPv6! I've posted the spammer's payload at http://themuffin.net/ipv6-spam/ipv6-spam-2001:0638:0500 and reported it to Uni-Muenster, who'll hopefully bludgeon those responsible. The source IP didn't change for any of the message attempts. I have to say, though, that this sits somewhere on the fine line between 'sad' and 'ridiculous...' --=20 Ben Winslow --=-GIRoSoGjGbhMUYiEkStS Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Fingerprint: 17F8 0D02 A7DA 7C7F A661 183D 6E2A 04FD 410A 2DCF iQIVAwUAPyn5dm4qBP1BCi3PAQKe5g/+M8dwRphWcApY02WMIZPGPOfvtuwlVFEB 1lnZaYQKHMtO5LEW4ybgDQH447jcKNgI2irk17CNVX8J3A6097lTg5NMyckX5If/ h5aOkj+e9r/Ku2oeDfXgD47cQYcNbpMDKjUA1DVgilsVV3MPluvi7dphl/ixW/pw MxQx++QRyysboeIf43qeTdJ4Kl8xNaTK94erZA5DqgxzCZg9KYyUjc1P4rOkUohm Wg5JVknastewjJ++0apk/8pBMmc5urj9HeecbL7C+9z1Rh2lKrzlVqG1BFgNJMsn 4OBZEvl4keSZMlyDD/WllYOniyNbGoR44FFK9XpBuvNTPRA72sXJpAX1TrXq23ay iqKAgV33gSY25M0SecrLk1J171rfyDWRrpSlMvznSxMiaBsob95DfFDTjDsDFpIk jHMIUakkyKJTiBHMrTPxI8CP280DIrxznIGS6HSr5gqVdx3XORNwhNJk58KtF3aZ IuJg5T7PW2cay+S+q0Uj/MLK8QwZwG3VfnaFx7MKnXvrXhgQlEzSPo99fd8Lyes6 xDz8/68OHpgvw1SVn24Cht1OSxA3q3GZj/CGqF/MMHXC425EjiDLhTJOdPwm7aID V5i8/8wDNmDoW2927DYTGSdo0b3YHyZxE4zxTnA5ZtimDXqsRZ9wkGu55Nk+mMei mYbcSrFQGU8= =q836 -----END PGP SIGNATURE----- --=-GIRoSoGjGbhMUYiEkStS-- From haesu@towardex.com Fri Aug 1 06:51:37 2003 From: haesu@towardex.com (Haesu) Date: Fri, 1 Aug 2003 01:51:37 -0400 Subject: [6bone] Nothing is sacred... In-Reply-To: <1059715446.3176.126.camel@portal.home> References: <1059715446.3176.126.camel@portal.home> Message-ID: <20030801055137.GA61051@scylla.towardex.com> Heh... Looks like spammers figured out that by sending IPv6 version of spam, they'll get less abuse reports :) -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 On Fri, Aug 01, 2003 at 01:24:06AM -0400, Ben Winslow wrote: > I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of > a spammer with the audacity to operate over IPv6! > > I've posted the spammer's payload at > http://themuffin.net/ipv6-spam/ipv6-spam-2001:0638:0500 and reported it > to Uni-Muenster, who'll hopefully bludgeon those responsible. The > source IP didn't change for any of the message attempts. > > I have to say, though, that this sits somewhere on the fine line between > 'sad' and 'ridiculous...' > > -- > Ben Winslow From john@sixgirls.org Fri Aug 1 07:44:27 2003 From: john@sixgirls.org (John Klos) Date: Fri, 1 Aug 2003 02:44:27 -0400 (EDT) Subject: [6bone] Nothing is sacred... In-Reply-To: <1059715446.3176.126.camel@portal.home> References: <1059715446.3176.126.camel@portal.home> Message-ID: Hi, > I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of > a spammer with the audacity to operate over IPv6! IPv6 open relay? We all knew it was a matter of time before we started seeing SPAM on IPv6... > I have to say, though, that this sits somewhere on the fine line between > 'sad' and 'ridiculous...' I agree. It's depressing. John Klos Sixgirls Computing Labs From tjc@ecs.soton.ac.uk Fri Aug 1 09:51:50 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Fri, 1 Aug 2003 09:51:50 +0100 Subject: [6bone] Nothing is sacred... In-Reply-To: <20030801055137.GA61051@scylla.towardex.com> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> Message-ID: <20030801085150.GF19355@login.ecs.soton.ac.uk> Well, no RBLs available over native v6 yet ;) On Fri, Aug 01, 2003 at 01:51:37AM -0400, Haesu wrote: > Heh... Looks like spammers figured out that by sending IPv6 version of spam, > they'll get less abuse reports :) > > -hc > > -- > Sincerely, > Haesu C. > TowardEX Technologies, Inc. > WWW: http://www.towardex.com > E-mail: haesu@towardex.com > Cell: (978) 394-2867 > > On Fri, Aug 01, 2003 at 01:24:06AM -0400, Ben Winslow wrote: > > I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of > > a spammer with the audacity to operate over IPv6! > > > > I've posted the spammer's payload at > > http://themuffin.net/ipv6-spam/ipv6-spam-2001:0638:0500 and reported it > > to Uni-Muenster, who'll hopefully bludgeon those responsible. The > > source IP didn't change for any of the message attempts. > > > > I have to say, though, that this sits somewhere on the fine line between > > 'sad' and 'ridiculous...' > > > > -- > > Ben Winslow > > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From bmanning@ISI.EDU Fri Aug 1 11:32:22 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 1 Aug 2003 03:32:22 -0700 (PDT) Subject: [6bone] Nothing is sacred... In-Reply-To: <20030801085150.GF19355@login.ecs.soton.ac.uk> from Tim Chown at "Aug 1, 3 09:51:50 am" Message-ID: <200308011032.h71AWMo28838@boreas.isi.edu> I've been getting crap for just over a year, generally from addresses of the form: ::ffff:xxx -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From jeroen@unfix.org Fri Aug 1 11:41:28 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 1 Aug 2003 12:41:28 +0200 Subject: [6bone] Nothing is sacred... In-Reply-To: <1059715446.3176.126.camel@portal.home> Message-ID: <001001c35819$77cee3e0$210d640a@unfix.org> Ben Winslow wrote: > I fixed IPv6 SMTP yesterday, only to discover the wonderful > droppings of a spammer with the audacity to operate over IPv6! > > I've posted the spammer's payload at > http://themuffin.net/ipv6-spam/ipv6-spam-2001:0638:0500 and > reported it to Uni-Muenster, who'll hopefully bludgeon those > responsible. The > source IP didn't change for any of the message attempts. > > I have to say, though, that this sits somewhere on the fine > line between 'sad' and 'ridiculous...' No it's actually a good thing for IPv6. If spammers think they can earn money with IPv6 then apparently they think there is a market place for it. Unfortunatly this wasn't just a IPv6 spam. It's just a stupid open relay which was IPv6 enabled and found out that your destination could talk IPv6 too. If your box wasn't IPv6 enabled the spam would arrived there by means of IPv4. Note the fake "NNFMP" line ;) Greets, Jeroen From pim@ipng.nl Fri Aug 1 14:35:20 2003 From: pim@ipng.nl (Pim van Pelt) Date: Fri, 1 Aug 2003 15:35:20 +0200 Subject: [6bone] Nothing is sacred... In-Reply-To: <20030801085150.GF19355@login.ecs.soton.ac.uk> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> Message-ID: <20030801133520.GA23406@bfib.colo.bit.nl> On Fri, Aug 01, 2003 at 09:51:50AM +0100, Tim Chown wrote: | Well, no RBLs available over native v6 yet ;) Yes there are :) And I've written a program to function as middleman between all sorts of DNSBL programs and an MTA... it can look up IPv6 addresses and map them to ASN/country too if you wish. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From rwelty@averillpark.net Fri Aug 1 16:13:54 2003 From: rwelty@averillpark.net (Richard Welty) Date: Fri, 1 Aug 2003 11:13:54 -0400 (EDT) Subject: [6bone] how to hook up? Message-ID: warning: this is going to be a fairly naive posting... i've some interest in getting ipv6 running in my home network. i'm sitting on a road runner cable modem, and the folks at the road runner noc told me "try again in 6 months" when i inquired about any potential ipv6 trials on their network. so i'd like some advice on how to find someone to tunnel to. i am currently running an OpenBSD 3.3 firewall gatewaying between road runner and my home network and gather that it should make for a perfectly adequate terminus for an IPv6 tunnel. i've found a very nice document already explaining how to set up the pf firewall rules on the ipv6 side, and on setting up the endpoint of the tunnel, i just need to find someone to connect to. thanks in advance, richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security From uriah_pollock@mentorg.com Fri Aug 1 16:27:29 2003 From: uriah_pollock@mentorg.com (Pollock, Uriah) Date: Fri, 1 Aug 2003 10:27:29 -0500 Subject: [6bone] how to hook up? Message-ID: Richard, Check out www.freenet6.net . I recently setup a NetBSD box using their script and it went very smoothly. They have all the directions and info. you need to do it. Have fun! U -----Original Message----- From: Richard Welty [mailto:rwelty@averillpark.net] Sent: Friday, August 01, 2003 10:14 AM To: 6bone@ISI.EDU Subject: [6bone] how to hook up? warning: this is going to be a fairly naive posting... i've some interest in getting ipv6 running in my home network. i'm sitting on a road runner cable modem, and the folks at the road runner noc told me "try again in 6 months" when i inquired about any potential ipv6 trials on their network. so i'd like some advice on how to find someone to tunnel to. i am currently running an OpenBSD 3.3 firewall gatewaying between road runner and my home network and gather that it should make for a perfectly adequate terminus for an IPv6 tunnel. i've found a very nice document already explaining how to set up the pf firewall rules on the ipv6 side, and on setting up the endpoint of the tunnel, i just need to find someone to connect to. thanks in advance, richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security _______________________________________________ 6bone mailing list 6bone@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/6bone From jeroen@unfix.org Fri Aug 1 17:06:55 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 1 Aug 2003 18:06:55 +0200 Subject: [6bone] how to hook up? In-Reply-To: Message-ID: <002101c35846$eebaf250$210d640a@unfix.org> Richard Welty wrote: > warning: this is going to be a fairly naive posting... > > i've some interest in getting ipv6 running in my home > network. i'm sitting on a road runner cable modem, and the folks at the road > runner noc told me "try again in 6 months" when i inquired about any potential > ipv6 trials on their network. Keep calling them every month, maybe that will help ;) > so i'd like some advice on how to find someone to tunnel to. > i am currently running an OpenBSD 3.3 firewall gatewaying between road > runner and my home network and gather that it should make for a perfectly > adequate terminus for an IPv6 tunnel. i've found a very nice document already > explaining how to set up the pf firewall rules on the ipv6 side, and on > setting up the endpoint of the tunnel, i just need to find someone to connect to. Probably your best bet in the US would be Hurricane Electric, http://ipv6.he.net An alternative could be FreeNet6, http://www.freenet6.net In any way you should choose the nearest connectivity point possible. It would be great if the roadrunner people started doing IPv6 even on a tunneled basis so the termination point is closest to their customers... And nopes, no SixXS pops in the US :( Greets, Jeroen From rwelty@averillpark.net Fri Aug 1 17:58:16 2003 From: rwelty@averillpark.net (Richard Welty) Date: Fri, 1 Aug 2003 12:58:16 -0400 (EDT) Subject: Re[2]: [6bone] how to hook up? In-Reply-To: <002101c35846$eebaf250$210d640a@unfix.org> References: <002101c35846$eebaf250$210d640a@unfix.org> Message-ID: On Fri, 1 Aug 2003 18:06:55 +0200 Jeroen Massar wrote: > Probably your best bet in the US would be Hurricane Electric, > http://ipv6.he.net > An alternative could be FreeNet6, http://www.freenet6.net thanks for the advice, everyone. the hurricane electric tunnelbroker turned out to be very easy to cope with. > In any way you should choose the nearest connectivity point possible. it turns out that i'm less than 20ms away across the aol-time warner network from he's NYC peering with with them, which will probably be hard to beat until roadrunner starts their own service. > It would be great if the roadrunner people started doing IPv6 even > on a tunneled basis so the termination point is closest to their > customers... yes, that was what i was hoping for when i originally started prodding the road runner folks. for what it's worth, i was able to prod a lead network engineer there w/o dealing with sales. i think the once-a-month pokes should be aimed at sales, the engineers know they need to deal with this. i happen to know some marketing wonks at road runner, i'll have to start making their lives miserable. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security From jeroen@unfix.org Fri Aug 1 21:53:44 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 1 Aug 2003 22:53:44 +0200 Subject: Re[2]: [6bone] how to hook up? In-Reply-To: Message-ID: <002d01c3586f$00c41350$210d640a@unfix.org> Richard Welty wrote: > yes, that was what i was hoping for when i originally started > prodding the road runner folks. for what it's worth, i was able to prod a > lead network engineer there w/o dealing with sales. i think the once-a-month pokes > should be aimed at sales, the engineers know they need to > deal with this. i happen to know some marketing wonks at road runner, > i'll have to start making their lives miserable. Now THAT is the spirit :) (And quite possibly the only way to get them to innovate over there :( /me passes out some cluebats... have fun Or that LART that the AMS-IX guys took along to Megabit could do wonders too I guess, at least those dworfs flew quite far :) Greets, Jeroen From todd@fries.net Sat Aug 2 13:56:28 2003 From: todd@fries.net (Todd T. Fries) Date: Sat, 2 Aug 2003 07:56:28 -0500 Subject: [6bone] Re: how to hook up? In-Reply-To: <002d01c3586f$00c41350$210d640a@unfix.org> References: <002d01c3586f$00c41350$210d640a@unfix.org> Message-ID: <20030802125628.GA8941@fries.net> Sortof in line with this thread, in preparing for `upstream peering' of an ARIN delegated IPv6 allocation of /32 (haven't contacted ARIN yet, when would be the best timeframe if the target allocation is to be billed 1yr from November/December timeframe?) .. how does one get a list of `upstream' providers willing to tunnel to an ISP receiving such a delegation? I understand locating the closest one (hopcount/ping time) wise is fruitful, with all the `tunnel brokers' out there I didn't know if there was a list for /32 allocations to use as upstream or are they the same? Along these same lines, is an isp allowed to select multiple upstream tunnels and use BGP with them? (cox.net is the upstream for the isp in quesiton, and it does not do native IPv6). Thanks, -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From gert@space.net Sat Aug 2 19:25:24 2003 From: gert@space.net (Gert Doering) Date: Sat, 2 Aug 2003 20:25:24 +0200 Subject: [6bone] Re: how to hook up? In-Reply-To: <20030802125628.GA8941@fries.net>; from todd@fries.net on Sat, Aug 02, 2003 at 07:56:28AM -0500 References: <002d01c3586f$00c41350$210d640a@unfix.org> <20030802125628.GA8941@fries.net> Message-ID: <20030802202524.Z67740@Space.Net> Hi, On Sat, Aug 02, 2003 at 07:56:28AM -0500, Todd T. Fries wrote: > Along these same lines, is an isp allowed to select multiple upstream tunnels > and use BGP with them? That's a quite typical way how it's done these days. Try to find one (or more) native upstreams, and if none are available, use (short!) tunnels, and then tell your IPv4-only upstreams that you're not going to prolong your contract unless they add IPv6 connectivity... The main thing about tunnels: don't announce stuff over them that you wouldn't announce over a "native upstream connection" - so don't try to do people "a favour" by sending their routes out over all your tunnel BGP peerings (unless they ask you to do that). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55442 (55636) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tjc@ecs.soton.ac.uk Mon Aug 4 14:10:13 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Mon, 4 Aug 2003 14:10:13 +0100 Subject: [6bone] Nothing is sacred... In-Reply-To: <20030801133520.GA23406@bfib.colo.bit.nl> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> Message-ID: <20030804131013.GK13730@login.ecs.soton.ac.uk> On Fri, Aug 01, 2003 at 03:35:20PM +0200, Pim van Pelt wrote: > On Fri, Aug 01, 2003 at 09:51:50AM +0100, Tim Chown wrote: > | Well, no RBLs available over native v6 yet ;) > Yes there are :) Well, which? :) > And I've written a program to function as middleman between all sorts > of DNSBL programs and an MTA... it can look up IPv6 addresses and map > them to ASN/country too if you wish. OK, agreed proxies can fill a short-term need. Tim From Matt.Carpenter@alticor.com Mon Aug 4 19:14:07 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Mon, 4 Aug 2003 14:14:07 -0400 Subject: [6bone] Re: how to hook up? Message-ID: This is a multipart message in MIME format. --=_alternative 00647A2585256D78_= Content-Type: text/plain; charset="us-ascii" Thank you all for the last thread, it has helped me quite far along the lines of getting connected. If anyone is alergic to newbies, please skip reading the rest of this note. I know that there is so much that I have not figured out yet about v6 that I'm bound to provide some entertainment to those who are still reading. Please be patient. Thanks. I am attempting to get connected to 6bone from my v6-test-network. Everything seems to connect correctly (many thanks to this thread and the Freenet6), except I am getting some radvd startup errors. NOTE: I DO NOT HAVE A /48 ADDRESS RANGE CURRENTLY CONFIGURED ON THIS GATEWAY OR NETWORK. I am, however, asking for a /48 network from Freenet6. The problem with configuring an IP range is that I have to know which range to use, right? I'm a little lost in this arena. On the Freenet6's site there is documentation on "How to request a /48 IPv6 prefix" but it only really covers signing up for an account and configuring TSP appropriately... Meanwhile, radvd is giving me absolutely NO help (output is nonexistent, even with -d 99). Do I need to have an IP range configured on the network prior to starting the tunnel and requesting routing? Is there some other hocus pocus I need to do to be assigned a range? I'm about out of goats and completely out of rams, and I'm still not working. Is there a third Thursday with a full moon coming up? Thanks in advance for your help! dot1q --=_alternative 00647A2585256D78_= Content-Type: text/html; charset="us-ascii"
Thank you all for the last thread, it has helped me quite far along the lines of getting connected.

If anyone is alergic to newbies, please skip reading the rest of this note.  I know that there is so much that I have not figured out yet about v6 that I'm bound to provide some entertainment to those who are still reading.  Please be patient.  Thanks.

I am attempting to get connected to 6bone from my v6-test-network.  Everything seems to connect correctly (many thanks to this thread and the Freenet6), except I am getting some radvd startup errors.  NOTE: I DO NOT HAVE A /48 ADDRESS RANGE CURRENTLY CONFIGURED ON THIS GATEWAY OR NETWORK.  I am, however, asking for a /48 network from Freenet6.
The problem with configuring an IP range is that I have to know which range to use, right?  I'm a little lost in this arena.  On the Freenet6's site there is documentation on "How to request a /48 IPv6 prefix"  but it only really covers signing up for an account and configuring TSP appropriately...  Meanwhile, radvd is giving me absolutely NO help (output is nonexistent, even with -d 99).  Do I need to have an IP range configured on the network prior to starting the tunnel and requesting routing?  Is there some other hocus pocus I need to do to be assigned a range?  I'm about out of goats and completely out of rams, and I'm still not working.  Is there a third Thursday with a full moon coming up?  

Thanks in advance for your help!
dot1q --=_alternative 00647A2585256D78_=-- From Matt.Carpenter@alticor.com Mon Aug 4 20:34:18 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Mon, 4 Aug 2003 15:34:18 -0400 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet Message-ID: This is a multipart message in MIME format. --=_alternative 006BD18C85256D78_= Content-Type: text/plain; charset="us-ascii" Again, here is my disclaimer: "The parties herein do not assume to know anything whatsoever that is important and will rely on your patience and knowledge to determine any disconnects in logic or knowledge of IPv6. The individuals responsible will and do actively RTFM when available and will not shudder at the response 'RTFM', so long as sending party includes a link or a way to FTFM... etcetera" Thank you. I am working with my company to determine how to get involved with a production IPv6 Internet, as one develops. I am aware that the 6bone is apparently scheduled for decommisioning as of Internet Draft 6Bone PhaseOut (http://www.ietf.org/internet-drafts/draft-fink-6bone-phaseout-04.txt), and am left to assume that there is something else that is taking it's place. I also am aware of the need in many countries for address-space which will be pushing IPv6 Internet to fruition. What options are available for a Production IPv6 Internet and how does it relate to the IPv4 Internet? Are there tunnel options for that network as well? Or does it require a "ISP-Provided" connection? Does one even exist currently? Does it touch the v4 Internet or is it a separate entity? Thank you all in advance! Matt --=_alternative 006BD18C85256D78_= Content-Type: text/html; charset="us-ascii"
Again, here is my disclaimer:
        "The parties herein do not assume to know anything whatsoever that is important and will rely on your patience and knowledge to determine any disconnects in logic or knowledge of IPv6.  The individuals responsible will and do actively RTFM when available and will not shudder at the response 'RTFM', so long as sending party includes a link or a way to FTFM... etcetera"
Thank you.

<MEAT>
I am working with my company to determine how to get involved with a production IPv6 Internet, as one develops.  I am aware that the 6bone is apparently scheduled for decommisioning as of Internet Draft 6Bone PhaseOut (http://www.ietf.org/internet-drafts/draft-fink-6bone-phaseout-04.txt), and am left to assume that there is something else that is taking it's place.  I also am aware of the need in many countries for address-space which will be pushing IPv6 Internet to fruition.  

What options are available for a Production IPv6 Internet and how does it relate to the IPv4 Internet?
        Are there tunnel options for that network as well?
        Or does it require a "ISP-Provided" connection?
        Does one even exist currently?
        Does it touch the v4 Internet or is it a separate entity?

</MEAT>

Thank you all in advance!
Matt --=_alternative 006BD18C85256D78_=-- From gert@space.net Mon Aug 4 21:30:11 2003 From: gert@space.net (Gert Doering) Date: Mon, 4 Aug 2003 22:30:11 +0200 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet In-Reply-To: ; from Matt.Carpenter@alticor.com on Mon, Aug 04, 2003 at 03:34:18PM -0400 References: Message-ID: <20030804223011.I67740@Space.Net> Hi, On Mon, Aug 04, 2003 at 03:34:18PM -0400, Matt.Carpenter@alticor.com wrote: > What options are available for a Production IPv6 Internet and how does it > relate to the IPv4 Internet? > Are there tunnel options for that network as well? To get started, and to collect experience, this is a frequently practiced method. > Or does it require a "ISP-Provided" connection? Anything native would be better. > Does one even exist currently? This is very hard to answer. Some ISPs, especially in the AP and EU region, already run production quality IPv6 networks. Others are connected to that, and run IPv6 on older and slower routers, connected via tunnels, which isn't really production ready yet. > Does it touch the v4 Internet or is it a separate entity? For some ISPs, it's dual-stacked on the same routers and leased lines. For others, it's a separate network with a different set of routers. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 56318 (55442) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From Matt.Carpenter@alticor.com Mon Aug 4 21:38:33 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Mon, 4 Aug 2003 16:38:33 -0400 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet Message-ID: This is a multipart message in MIME format. --=_alternative 0071B33585256D78_= Content-Type: text/plain; charset="us-ascii" Thanks, Kurt! We have not asked our ISPs about the service yet. I'm trying to gather information before even pushing my boss to consider it, and he would end up being involved in the ISP conversation. I'm attempting to have all my ducks in a row before chatting with the decisionmakers, including cost/value relationships for the various options of connectivity. We aren't even looking to rollow out V6 internally until there is a "customer need" that arises. I'm trying to stay ahead of the curve and bring up the important questions before crunch time, as well as possibly get our network playing on the V6net beforehand. But if I go to my boss and ask him about paying our ISP for a service that our customers haven't requested, he won't even consider what I'm trying to say. If I go to him with my ducks in a row, offering possibly free/cheap tunnelling to get our feet wet, and the option to pay to secure our place on the new network, he'll have something to chew on, at least long enough to delay the "no" into a "not yet, but perhaps ....". If the IPv4 and v6 networks touch, is each ISP a little v6 bubble or is there one cohesive v6 network which is just invisible to the v4 world? We are considered an ISP in the v4 world, although our customers are typically affiliated with us in some way, and one of them is a major B2C ecommerce site. While we are interested in being a part of the new network space, availability from the v4 Internet is key until it's death. This may mean dual-address-spaces, I realize, but when you're selling stuff you want to be available to as many pocketbooks as possible. Thus, if IPv4 is accessible from all and v6 is not, the impetus is to either stick with v4 or do both. Thank you for your fast response. I look forward to hearing more, as well as getting connected to the 6bone from my test net. Matthew Carpenter Alticor Network Services Kurt Jaeger 08/04/2003 04:06 PM Please respond to pi To: Matt.Carpenter@alticor.com cc: Subject: Re: [6bone] Corporation wishing to get connected to the new v6 Internet Hi! > > I am working with my company to determine how to get involved with a > production IPv6 Internet, as one develops. First step: Have you asked Your ISP for v6 connectivity ? Have you asked ISPs in your neigbourhood if they can provide v6 ? > Are there tunnel options for that network as well? Yes, probably. > Or does it require a "ISP-Provided" connection? This is preferred. > Does one even exist currently? Depends on your ISP. > Does it touch the v4 Internet or is it a separate entity? It touches the v4 net. -- MfG/Best regards, Kurt Jaeger 17 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 --=_alternative 0071B33585256D78_= Content-Type: text/html; charset="us-ascii"
Thanks, Kurt!

We have not asked our ISPs about the service yet.  I'm trying to gather information before even pushing my boss to consider it, and he would end up being involved in the ISP conversation.  I'm attempting to have all my ducks in a row before chatting with the decisionmakers, including cost/value relationships for the various options of connectivity.
We aren't even looking to rollow out V6 internally until there is a "customer need" that arises.  I'm trying to stay ahead of the curve and bring up the important questions before crunch time, as well as possibly get our network playing on the V6net beforehand.  But if I go to my boss and ask him about paying our ISP for a service that our customers haven't requested, he won't even consider what I'm trying to say.  If I go to him with my ducks in a row, offering possibly free/cheap tunnelling to get our feet wet, and the option to pay to secure our place on the new network, he'll have something to chew on, at least long enough to delay the "no" into a "not yet, but perhaps <something>....".

If the IPv4 and v6 networks touch, is each ISP a little v6 bubble or is there one cohesive v6 network which is just invisible to the v4 world?
We are considered an ISP in the v4 world, although our customers are typically affiliated with us in some way, and one of them is a major B2C ecommerce site.  While we are interested in being a part of the new network space, availability from the v4 Internet is key until it's death.  This may mean dual-address-spaces, I realize, but when you're selling stuff you want to be available to as many pocketbooks as possible.  Thus, if IPv4 is accessible from all and v6 is not, the impetus is to either stick with v4 or do both.

Thank you for your fast response.  I look forward to hearing more, as well as getting connected to the 6bone from my test net.

Matthew Carpenter
Alticor Network Services



Kurt Jaeger <lists@complx.LF.net>

08/04/2003 04:06 PM
Please respond to pi

       
        To:        Matt.Carpenter@alticor.com
        cc:        
        Subject:        Re: [6bone] Corporation wishing to get connected to the new v6 Internet



Hi!

> <MEAT>
> I am working with my company to determine how to get involved with a
> production IPv6 Internet, as one develops.

First step: Have you asked Your ISP for v6 connectivity ?

Have you asked ISPs in your neigbourhood if they can provide v6 ?

>         Are there tunnel options for that network as well?

Yes, probably.

>         Or does it require a "ISP-Provided" connection?

This is preferred.

>         Does one even exist currently?

Depends on your ISP.

>         Does it touch the v4 Internet or is it a separate entity?

It touches the v4 net.

--
MfG/Best regards, Kurt Jaeger                                  17 years to go !
LF.net GmbH        fon +49 711 90074-23  pi@LF.net  
Ruppmannstr. 27    fax +49 711 90074-33
D-70565 Stuttgart  mob +49 171 3101372


--=_alternative 0071B33585256D78_=-- From Matt.Carpenter@alticor.com Mon Aug 4 21:40:23 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Mon, 4 Aug 2003 16:40:23 -0400 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet Message-ID: This is a multipart message in MIME format. --=_alternative 0071DE8285256D78_= Content-Type: text/plain; charset="us-ascii" Thanks Gert! --=_alternative 0071DE8285256D78_= Content-Type: text/html; charset="us-ascii"
Thanks Gert!


--=_alternative 0071DE8285256D78_=-- From Matt.Carpenter@alticor.com Mon Aug 4 22:24:32 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Mon, 4 Aug 2003 17:24:32 -0400 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet Message-ID: This is a multipart message in MIME format. --=_alternative 0075E8F685256D78_= Content-Type: text/plain; charset="us-ascii" Thanks, Todd, for both emails. I am looking at the he.net site right now and am considering scrapping the freenet6 for a while as the he.net tunnel uses standard sit-tunnelling and the freenet6 uses tsp. he.net's documentation, while less complete, is a little more friendly (like stating that the tunnel will not be available for a couple days so I don't run myself in loops trying to connect :) But they are both using the 6bone in some fashion, which I was under the impression was going away... freenet6 IS on the 6bone, and it looks like he.net is mentioning being connected to the 6bone network, even though the address space is 2001: (which, if I'm not mistaken, is NOT part of the 6bone address-space, correct?). I still have yet to see what IPv6 network I should use locally for either network, so I'm still sitting here with my arms crossed (which can make typing difficult) twiddling my thumbs waiting... It is appearing that production IPv6 networks are currently mostly disparate, funnels to the IPv4 Internet. Is that correct? And are there a few that are big enough that would warrant creating tunnels to them specifically so as to bring them together (eg. if I'm connected to the he.net's network, also connecting to an IPv6 network in Asia (or someplace) with a huge presence)? Or are they pretty much their own little world? Thank you for the direction. This is the type of information I was hoping for. DOH! I take it back. I've been allocated a prefix! Well, that's for the test network. Still so many unknowns, though :) We'll see what fun that brings... and then possibly propose something to the boss. Thanks again, Matt "Todd T. Fries" 08/04/2003 04:58 PM Please respond to todd To: Matt.Carpenter@alticor.com cc: Subject: Re: [6bone] Corporation wishing to get connected to the new v6 Internet IPv6 and IPv4 can co-exist on the same physical ethernet. Typically, you can get a free tunnel (as my prior email suggested) via http://he.net, and other providers, that use a public IPv4 address to tunnel the IPv6 connectivity to, and from there you can route natively via ethernet and/or routers. ISP's, as has been explained already in this discussion, can implement things in a way that uses their existing infrastructure, or they can build an additional infrastructure that routes IPv6 separately. When I do the conversion at my ISP, I am going to do native to the adsl customers, but provide tunnels for dialup and others (like ISDN). Hope this helps. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Matt.Carpenter@alticor.com on Mon, Aug 04, 2003 at 04:38:33PM -0400, we have: | Thanks, Kurt! | | We have not asked our ISPs about the service yet. I'm trying to gather | information before even pushing my boss to consider it, and he would end | up being involved in the ISP conversation. I'm attempting to have all my | ducks in a row before chatting with the decisionmakers, including | cost/value relationships for the various options of connectivity. | We aren't even looking to rollow out V6 internally until there is a | "customer need" that arises. I'm trying to stay ahead of the curve and | bring up the important questions before crunch time, as well as possibly | get our network playing on the V6net beforehand. But if I go to my boss | and ask him about paying our ISP for a service that our customers haven't | requested, he won't even consider what I'm trying to say. If I go to him | with my ducks in a row, offering possibly free/cheap tunnelling to get our | feet wet, and the option to pay to secure our place on the new network, | he'll have something to chew on, at least long enough to delay the "no" | into a "not yet, but perhaps ....". | | If the IPv4 and v6 networks touch, is each ISP a little v6 bubble or is | there one cohesive v6 network which is just invisible to the v4 world? | We are considered an ISP in the v4 world, although our customers are | typically affiliated with us in some way, and one of them is a major B2C | ecommerce site. While we are interested in being a part of the new | network space, availability from the v4 Internet is key until it's death. | This may mean dual-address-spaces, I realize, but when you're selling | stuff you want to be available to as many pocketbooks as possible. Thus, | if IPv4 is accessible from all and v6 is not, the impetus is to either | stick with v4 or do both. | | Thank you for your fast response. I look forward to hearing more, as well | as getting connected to the 6bone from my test net. | | Matthew Carpenter | Alticor Network Services | | | | | | Kurt Jaeger | 08/04/2003 04:06 PM | Please respond to pi | | | To: Matt.Carpenter@alticor.com | cc: | Subject: Re: [6bone] Corporation wishing to get connected to the new v6 Internet | | | Hi! | | > | > I am working with my company to determine how to get involved with a | > production IPv6 Internet, as one develops. | | First step: Have you asked Your ISP for v6 connectivity ? | | Have you asked ISPs in your neigbourhood if they can provide v6 ? | | > Are there tunnel options for that network as well? | | Yes, probably. | | > Or does it require a "ISP-Provided" connection? | | This is preferred. | | > Does one even exist currently? | | Depends on your ISP. | | > Does it touch the v4 Internet or is it a separate entity? | | It touches the v4 net. | | -- | MfG/Best regards, Kurt Jaeger 17 years to | go ! | LF.net GmbH fon +49 711 90074-23 pi@LF.net | Ruppmannstr. 27 fax +49 711 90074-33 | D-70565 Stuttgart mob +49 171 3101372 | | --=_alternative 0075E8F685256D78_= Content-Type: text/html; charset="us-ascii"
Thanks, Todd, for both emails.
I am looking at the he.net site right now and am considering scrapping the freenet6 for a while as the he.net tunnel uses standard sit-tunnelling and the freenet6 uses tsp.  he.net's documentation, while less complete, is a little more friendly (like stating that the tunnel will not be available for a couple days so I don't run myself in loops trying to connect :)

But they are both using the 6bone in some fashion, which I was under the impression was going away...  freenet6 IS on the 6bone, and it looks like he.net is mentioning being connected to the 6bone network, even though the address space is 2001: (which, if I'm not mistaken, is NOT part of the 6bone address-space, correct?).  I still have yet to see what IPv6 network I should use locally for either network, so I'm still sitting here with my arms crossed (which can make typing difficult) twiddling my thumbs waiting...

It is appearing that production IPv6 networks are currently mostly disparate, funnels to the IPv4 Internet.  Is that correct?  And are there a few that are big enough that would warrant creating tunnels to them specifically so as to bring them together (eg. if I'm connected to the he.net's network, also connecting to an IPv6 network in Asia (or someplace) with a huge presence)?  Or are they pretty much their own little world?

Thank you for the direction.  This is the type of information I was hoping for.

DOH!  I take it back.  I've been allocated a prefix! <contented smile>
Well, that's for the test network.  Still so many unknowns, though :)  We'll see what fun that brings... and then possibly propose something to the boss.

Thanks again,

Matt



"Todd T. Fries" <todd@fries.net>

08/04/2003 04:58 PM
Please respond to todd

       
        To:        Matt.Carpenter@alticor.com
        cc:        
        Subject:        Re: [6bone] Corporation wishing to get connected to the new v6 Internet



IPv6 and IPv4 can co-exist on the same physical ethernet.  Typically,
you can get a free tunnel (as my prior email suggested) via http://he.net,
and other providers, that use a public IPv4 address to tunnel the IPv6
connectivity to, and from there you can route natively via ethernet
and/or routers.

ISP's, as has been explained already in this discussion, can implement
things in a way that uses their existing infrastructure, or they can build
an additional infrastructure that routes IPv6 separately.

When I do the conversion at my ISP, I am going to do native to the adsl
customers, but provide tunnels for dialup and others (like ISDN).

Hope this helps.
--
Todd Fries .. todd@fries.net


Free Daemon Consulting, LLC                    Land: 405-748-4596
http://FreeDaemonConsulting.com              Mobile: 405-203-6124
"..in support of free software solutions."

Key fingerprint: 37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
           Key: http://todd.fries.net/pgp.txt

(last updated 2003/03/13 07:14:10)

Penned by Matt.Carpenter@alticor.com on Mon, Aug 04, 2003 at 04:38:33PM -0400, we have:
| Thanks, Kurt!
|
| We have not asked our ISPs about the service yet.  I'm trying to gather
| information before even pushing my boss to consider it, and he would end
| up being involved in the ISP conversation.  I'm attempting to have all my
| ducks in a row before chatting with the decisionmakers, including
| cost/value relationships for the various options of connectivity.
| We aren't even looking to rollow out V6 internally until there is a
| "customer need" that arises.  I'm trying to stay ahead of the curve and
| bring up the important questions before crunch time, as well as possibly
| get our network playing on the V6net beforehand.  But if I go to my boss
| and ask him about paying our ISP for a service that our customers haven't
| requested, he won't even consider what I'm trying to say.  If I go to him
| with my ducks in a row, offering possibly free/cheap tunnelling to get our
| feet wet, and the option to pay to secure our place on the new network,
| he'll have something to chew on, at least long enough to delay the "no"
| into a "not yet, but perhaps <something>....".
|
| If the IPv4 and v6 networks touch, is each ISP a little v6 bubble or is
| there one cohesive v6 network which is just invisible to the v4 world?
| We are considered an ISP in the v4 world, although our customers are
| typically affiliated with us in some way, and one of them is a major B2C
| ecommerce site.  While we are interested in being a part of the new
| network space, availability from the v4 Internet is key until it's death.
| This may mean dual-address-spaces, I realize, but when you're selling
| stuff you want to be available to as many pocketbooks as possible.  Thus,
| if IPv4 is accessible from all and v6 is not, the impetus is to either
| stick with v4 or do both.
|
| Thank you for your fast response.  I look forward to hearing more, as well
| as getting connected to the 6bone from my test net.
|
| Matthew Carpenter
| Alticor Network Services
|
|
|
|
|
| Kurt Jaeger <lists@complx.LF.net>
| 08/04/2003 04:06 PM
| Please respond to pi
|
|  
|         To:     Matt.Carpenter@alticor.com
|         cc:
|         Subject:        Re: [6bone] Corporation wishing to get connected to the new v6 Internet
|
|
| Hi!
|
| > <MEAT>
| > I am working with my company to determine how to get involved with a
| > production IPv6 Internet, as one develops.
|
| First step: Have you asked Your ISP for v6 connectivity ?
|
| Have you asked ISPs in your neigbourhood if they can provide v6 ?
|
| >         Are there tunnel options for that network as well?
|
| Yes, probably.
|
| >         Or does it require a "ISP-Provided" connection?
|

| This is preferred.
|
| >         Does one even exist currently?
|
| Depends on your ISP.
|
| >         Does it touch the v4 Internet or is it a separate entity?
|
| It touches the v4 net.
|
| --
| MfG/Best regards, Kurt Jaeger                                  17 years to
| go !
| LF.net GmbH        fon +49 711 90074-23  pi@LF.net
| Ruppmannstr. 27    fax +49 711 90074-33
| D-70565 Stuttgart  mob +49 171 3101372
|
|


--=_alternative 0075E8F685256D78_=-- From cloos@jhcloos.com Tue Aug 5 00:12:09 2003 From: cloos@jhcloos.com (James H. Cloos Jr.) Date: 04 Aug 2003 19:12:09 -0400 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet In-Reply-To: References: Message-ID: >>>>> "Matt" == Matt Carpenter writes: Matt> ... it looks like he.net is mentioning being connected to Matt> the 6bone network, even though the address space is 2001: HE is connected to the 6bone simply to ensure connectivity to everyone. Once everyone w/ 6bone space has stopped advertising their routes, one presumes HE’s connection to it will evaporate as well. That it won’t until then is a Good Thing. -JimC From gcap@visi.com Tue Aug 5 04:49:32 2003 From: gcap@visi.com (Greg Blakely) Date: Mon, 4 Aug 2003 22:49:32 -0500 Subject: [6bone] Nothing is sacred... References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> Message-ID: <000901c35b04$94bb1030$cc2f62d1@vyger.net> Pim, Would you be willing to share the program you wrote? ----- Original Message ----- From: "Tim Chown" To: <6bone@ISI.EDU> Sent: Monday, August 04, 2003 8:10 AM Subject: Re: [6bone] Nothing is sacred... > On Fri, Aug 01, 2003 at 03:35:20PM +0200, Pim van Pelt wrote: > > On Fri, Aug 01, 2003 at 09:51:50AM +0100, Tim Chown wrote: > > | Well, no RBLs available over native v6 yet ;) > > Yes there are :) > > Well, which? :) > > > And I've written a program to function as middleman between all sorts > > of DNSBL programs and an MTA... it can look up IPv6 addresses and map > > them to ASN/country too if you wish. > > OK, agreed proxies can fill a short-term need. > > Tim > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From gert@space.net Tue Aug 5 07:06:01 2003 From: gert@space.net (Gert Doering) Date: Tue, 5 Aug 2003 08:06:01 +0200 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet In-Reply-To: ; from Matt.Carpenter@alticor.com on Mon, Aug 04, 2003 at 05:24:32PM -0400 References: Message-ID: <20030805080601.N67740@Space.Net> Hi, On Mon, Aug 04, 2003 at 05:24:32PM -0400, Matt.Carpenter@alticor.com wrote: > It is appearing that production IPv6 networks are currently mostly > disparate, funnels to the IPv4 Internet. Is that correct? Partly, but this is improving. > And are there > a few that are big enough that would warrant creating tunnels to them > specifically so as to bring them together (eg. if I'm connected to the > he.net's network, also connecting to an IPv6 network in Asia (or > someplace) with a huge presence)? Or are they pretty much their own > little world? Don't put up tunnels to other continents. Find someone who has good connectivity there, and put up a tunnel to them (if tunnels are unavoidable). Much of the current IPv6 routing problems come from tunnels that are just *much* too long (networkwise). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 56318 (55442) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From pim@ipng.nl Tue Aug 5 10:17:37 2003 From: pim@ipng.nl (Pim van Pelt) Date: Tue, 5 Aug 2003 11:17:37 +0200 Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) In-Reply-To: <000901c35b04$94bb1030$cc2f62d1@vyger.net> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> Message-ID: <20030805091737.GB1417@bfib.colo.bit.nl> Hi, .. and thanks for the interest. Let me expand a little on the program I was talking about. It's a client server combination that embodies a blacklist system for MTAs, written by Sabri Berisha and myself. First some background: I am not entirely happy with using DNS for looking up blacklists. Especially users with large amounts (10+) of DNSBL's will end up taking considerable amounts of resources per email. The idea is to abstract the blacklisting so that the MTA persistantly logs in to a RBL check daemon (IANA port registration tcp/3768). For each mail it receives, it asks the daemon permission to accept the mail, based on four attributes: (connecting IPv46, mail-from, rcpt-to, md5-hmac-secret) The md5-hmac-secret is used for authentication, as we do not want arbitrary MTAs (ie, ones we don't know of) to make use of our service. Sending rcpt-to/mail-from allows the rblcheckd to facilitate user based blacklisting, eg if the rcpt-to has specific wishes, it can read which RBLs to run for this user. The daemon responds with one of PASS, BLOCK or ENOACCESS within a set timelimit. ENOACCESS occurs if the client does not have access to the server (meaning it did not whisper the correct shared secret). PASS means that all of the user-defined RBLs say its okay to pass the mail and BLOCK means that at least one of them told us to block it. On any type of error (socket, IO, file, timeout), PASS is returned. The RBLs can be either plain DNS or CDB file, with possible other extensions to be implemented without having to touch the MTA. The MTA ---------- The MTA is then patched to query the rblcheckd for each RCPT-TO it receives. For Sendmail, we have written a simple milter program. For Qmail, we have patched DJB's source. For other MTAs, I do not expect the patching to be very difficult. All you need is two (clientside) C files, called rbl.h and rbl.c, which are re-entrant and threadsafe (exporting only what they need to export to the calling program). An Example ------------ Here's our running setup at AS12859. For convenience, I've also included a standalone binary (./rbl) which compiles rbl.[ch] together into a binary. We type: $ ./rbl -h crow -p 3768 -s mypasswd \ -f eu-registry@internetdrive.com \ -t alarm@bit.nl \ -i 62.150.9.42 It replies: *** main: crow told us to block this mail And rblcheckd logs: Aug 5 11:00:40 crow rblcheck[80515]: info: white: (42.9.150.62.as12859.rbl.cluecentral.net) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:00:40 crow rblcheck[80515]: info: black: (42.9.150.62.sbl.spamhaus.org) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:00:40 crow rblcheck[80515]: listed: black: (42.9.150.62.list.dsbl.org) (eu-registry@internetdrive.com/alarm@bit.nl) Looking at these lines, we deduct that there are 'whitelists' and 'blacklists'. If an entry hits a whitelist, it is passed. If it hits a blacklist, it is blocked. If it hits both, it is passed. * Line 1 queries if the IP is a member of AS12859. In that case, it is an nl.bit IP so we whitelist it. It is logged as informational. * Line 2 queries spamhaus.org, which does not know the IP. It is logged as informational. * Line 3 queries list.dsbl.org, which knows the IP. It is logged 'listed' and results in the above BLOCK statement. As we now have a definitive answer, we do not persue any other blacklists. Notes ----------- This software is IPv6 compliant, in that it can do lookups between MTA and rblcheckd using IPv6 transport, as well as looking up IPv6 addresses: $ ./rbl -h crow -p 3768 -s mypasswd \ -f eu-registry@internetdrive.com \ -t alarm@bit.nl \ -i 3ffe:8110::1 *** main: crow told us to pass this mail Checking the log, we now see more lines (sorry for the ugly paste): Aug 5 11:08:55 crow rblcheck[82259]: info: white: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.as12859.rbl.cluecentral.net) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.sbl.spamhaus.org) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.list.dsbl.org) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.proxies.blackholes.easynet.nl) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.proxies.relays.monkeys.com) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.blackholes.easynet.nl) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.dnsbl.njabl.org) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.spam.dnsrbl.net) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.opm.blitzed.org) (eu-registry@internetdrive.com/alarm@bit.nl) Aug 5 11:08:55 crow rblcheck[82259]: info: black: (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.8.E.F.F.3.relays.ordb.org) (eu-registry@internetdrive.com/alarm@bit.nl) All available blacklists for alarm@bit.nl are checked and none matches. This is of course due to no DNSBL operator having IPv6 addresses in their servers (except for rbl.cluecentral.net, operated by Sabri Berisha at BIT). Does this spark some interest ? The program is a bit rough around the edges, and we're just about ready to open it up to the public (it's been running production at AS12859 under qmail and sendmail for a couple of months now (doing 100K smtp transactions per day). I could be easily convinced to persuade the co-author to put it up on sourceforge. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From Matt.Carpenter@alticor.com Tue Aug 5 14:02:52 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Tue, 5 Aug 2003 09:02:52 -0400 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet Message-ID: This is a multipart message in MIME format. --=_alternative 0047FB5985256D79_= Content-Type: text/plain; charset="us-ascii" Thank you all for this education. I think I'm getting the picture to come in a little clearer now. So v6 is running over the same physical network as v4. I knew this was possible but wasn't sure how it was implemented. The 6bone, although sounding like "backbone" is really the v6 version of the ARPA-net 10.x.x.x address-space which is no longer in public use. The 6bone address-space is made up of some large and many small "pockets", which are currently interconnected largely through 6to4 tunnels through the v4-Internet. The 6bone is NOT, to clear one of my myths, a "v6 Internet" which is all v6 throughout the world, with all of its own links and interconnections (ie. it's not like another Internet2 which has separate layers 1 and 2, but only lives at layer 3+). There is also new address-space available (specifically in the 2001:: network as offered by he.net), which operates very much like the "6bone network", but is simply different addressing. Routing between 6bone (3ffe::/16) and this new address-space works as if they were not different at all. The only difference is that the 6bone address space will be phased out over the next several years, a clerical difference. How's that sound to everyone? Now how do we obtain AS numbers for the new v6 Internet? Thanks again! Matt --=_alternative 0047FB5985256D79_= Content-Type: text/html; charset="us-ascii"
Thank you all for this education.

I think I'm getting the picture to come in a little clearer now.  So v6 is running over the same physical network as v4.  I knew this was possible but wasn't sure how it was implemented.  The 6bone, although sounding like "backbone" is really the v6 version of the ARPA-net 10.x.x.x address-space which is no longer in public use.  The 6bone address-space is made up of some large and many small "pockets", which are currently interconnected largely through 6to4 tunnels through the v4-Internet.  The 6bone is NOT, to clear one of my myths, a "v6 Internet" which is all v6 throughout the world, with all of its own links and interconnections (ie. it's not like another Internet2 which has separate layers 1 and 2, but only lives at layer 3+).

There is also new address-space available (specifically in the 2001:: network as offered by he.net), which operates very much like the "6bone network", but is simply different addressing.  Routing between 6bone (3ffe::/16) and this new address-space works as if they were not different at all.  The only difference is that the 6bone address space will be phased out over the next several years, a clerical difference.

How's that sound to everyone?

Now how do we obtain AS numbers for the new v6 Internet?

Thanks again!
Matt

--=_alternative 0047FB5985256D79_=-- From gert@space.net Tue Aug 5 14:24:35 2003 From: gert@space.net (Gert Doering) Date: Tue, 5 Aug 2003 15:24:35 +0200 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet In-Reply-To: ; from Matt.Carpenter@alticor.com on Tue, Aug 05, 2003 at 09:02:52AM -0400 References: Message-ID: <20030805152435.F67740@Space.Net> Hi, On Tue, Aug 05, 2003 at 09:02:52AM -0400, Matt.Carpenter@alticor.com wrote: > I think I'm getting the picture to come in a little clearer now. So v6 is > running over the same physical network as v4. It can be done, yes. (The same way you can run IPX and IP over the same wire). > I knew this was possible > but wasn't sure how it was implemented. In the IP header, the first field is a version number - 4 or 6, and the receiving machine knows how to handle the remainder of the packet. > The 6bone, although sounding like > "backbone" is really the v6 version of the ARPA-net 10.x.x.x address-space > which is no longer in public use. Not exactly like 10.x.x.x, but similar, as it is phased out. > The 6bone address-space is made up of > some large and many small "pockets", which are currently interconnected > largely through 6to4 tunnels through the v4-Internet. Not "6to4" (that's a specific tunnel variant) but a mixture of 6to4, ipv6ip, and GRE tunneling. Plus native connections. > The 6bone is NOT, > to clear one of my myths, a "v6 Internet" which is all v6 throughout the > world, with all of its own links and interconnections (ie. it's not like > another Internet2 which has separate layers 1 and 2, but only lives at > layer 3+). Yep. > There is also new address-space available (specifically in the 2001:: > network as offered by he.net), which operates very much like the "6bone > network", but is simply different addressing. Routing between 6bone > (3ffe::/16) and this new address-space works as if they were not different > at all. The only difference is that the 6bone address space will be > phased out over the next several years, a clerical difference. The addresses are different, but not more different than IPv4 addresses 192.* vs. 195.* - some of them are handed out under one set of rules, and the "newer ones" follow a different set of allocation rules. Technically, there is no difference. > How's that sound to everyone? > > Now how do we obtain AS numbers for the new v6 Internet? You use the existing AS number that you have for v4 (or apply for a new one, as for v4). BGP is the same, you just have to choose whether you want to announce v4 or v6 addresses, or both. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 56318 (55442) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From arien+6bone@ams-ix.net Tue Aug 5 14:54:16 2003 From: arien+6bone@ams-ix.net (Arien Vijn) Date: Tue, 5 Aug 2003 15:54:16 +0200 Subject: [6bone] Corporation wishing to get connected to the new v6 Internet In-Reply-To: Message-ID: <4DB86B8B-C74C-11D7-9DBE-00039364C8C0@ams-ix.net> On dinsdag, augustus 5, 2003, at 03:02 PM, Matt.Carpenter@alticor.com wrote: > Now how do we obtain AS numbers for the new v6 Internet? > You can use you existing AS-number(s). BGP routing is not fundamentally different from v4. Most IPv6 capable ISPs use the same AS-numbers as they use with IPv4. I know only one that uses a different AS for its v6 services. Arien From gcap@visi.com Tue Aug 5 16:38:17 2003 From: gcap@visi.com (Greg Blakely) Date: Tue, 05 Aug 2003 10:38:17 -0500 Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> <20030805091737.GB1417@bfib.colo.bit.nl> Message-ID: <000701c35b67$982ab280$ec5c24a6@wcomnet.com> Pim, I can't speak for anyone else, but I would definitely be interested in it. I use postfix as my MTA, and didn't see you mention it, but I suspect that it would probably be fairly easy to integrate. > > Does this spark some interest ? The program is a bit rough around the > edges, and we're just about ready to open it up to the public (it's been > running production at AS12859 under qmail and sendmail for a couple of > months now (doing 100K smtp transactions per day). I could be easily > convinced to persuade the co-author to put it up on sourceforge. > Thanks, Greg From pim@ipng.nl Tue Aug 5 17:50:05 2003 From: pim@ipng.nl (Pim van Pelt) Date: Tue, 5 Aug 2003 18:50:05 +0200 Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) In-Reply-To: <000701c35b67$982ab280$ec5c24a6@wcomnet.com> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> <20030805091737.GB1417@bfib.colo.bit.nl> <000701c35b67$982ab280$ec5c24a6@wcomnet.com> Message-ID: <20030805165005.GA22595@bfib.colo.bit.nl> Hi Greg, John, Cory, Dean, others, Greg wrote: | I can't speak for anyone else, but I would definitely be interested in it. | I use postfix as my MTA, and didn't see you mention it, but I suspect that | it would probably be fairly easy to integrate. Sabri has opened a sourceforge project (it was approved swiftly) and we're now organizing things in that environment. I had some feedback from Dean Strik who maintains the unofficial (or?) IPv6 patches to postfix. He promised to look into patching the rbl client into that MTA. We already have a working patch for Qmail and a Sendmail milter program, as I said. They'll be packaged and delivered seperately in a seperate tarball/CVS module. I'm highly enthusiastic wrt the amount of positive feedback I received on this! It definately motivates Sabri and me to push things further :-) Let me gete back to you on the status at end of this week/somewhere next week. Thanks and groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From todd@fries.net Tue Aug 5 18:54:44 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 5 Aug 2003 12:54:44 -0500 Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) In-Reply-To: <20030805165005.GA22595@bfib.colo.bit.nl> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> <20030805091737.GB1417@bfib.colo.bit.nl> <000701c35b67$982ab280$ec5c24a6@wcomnet.com> <20030805165005.GA22595@bfib.colo.bit.nl> Message-ID: <20030805175444.GA24624@fries.net> Everyone has a different peg and a different shaped hole to fit it when it comes to MTA's and anti spam solutions. Here's mine: http://FreeDaemonConsulting/tech/spam.php In short, relaydb gets fed headers (being told this is a good message or spam) and ends up with a list of good and bad relays. More info about relaydb is available at: http://www.benzedrine.cx/relaydb.html Feed this to the list fed into 'spamd(8)' on OpenBSD and you can block addresses via pf. I've a local diff set to update, but those interested I'll mail you with it to enable 'spamd' in OpenBSD to deal with IPv6. More info about spamd is available at: http://www.openbsd.org/cgi-bin/man.cgi?query=spamd While I applaud any efforts to develop a list of IPv6 known spam hosts and/or networks, I would want the ability to over-ride any settings as pertained to my local settings. So long as there exists an automated way to retrieve any such lists, I can format them appropriately locally, and use spamd to block them. For anyone who wishes to get a demonstration of spamd in action, feel free to telnet to 66.210.106.28 port 25. It's not one of my mx hosts, therefore it gets redirected to spamd automagically ;-) Thanks, -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Pim van Pelt on Tue, Aug 05, 2003 at 06:50:05PM +0200, we have: | Hi Greg, John, Cory, Dean, others, | | Greg wrote: | | I can't speak for anyone else, but I would definitely be interested in it. | | I use postfix as my MTA, and didn't see you mention it, but I suspect that | | it would probably be fairly easy to integrate. | | Sabri has opened a sourceforge project (it was approved swiftly) and we're | now organizing things in that environment. I had some feedback from Dean | Strik who maintains the unofficial (or?) IPv6 patches to postfix. He | promised to look into patching the rbl client into that MTA. We already | have a working patch for Qmail and a Sendmail milter program, as I said. | They'll be packaged and delivered seperately in a seperate tarball/CVS | module. | | I'm highly enthusiastic wrt the amount of positive feedback I received | on this! It definately motivates Sabri and me to push things further :-) | | Let me gete back to you on the status at end of this week/somewhere next | week. | | Thanks and groet, | Pim | -- | ---------- - - - - -+- - - - - ---------- | Pim van Pelt Email: pim@ipng.nl | http://www.ipng.nl/ IPv6 Deployment | ----------------------------------------------- | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From tjc@ecs.soton.ac.uk Tue Aug 5 19:55:30 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Tue, 5 Aug 2003 19:55:30 +0100 Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) In-Reply-To: <20030805175444.GA24624@fries.net> References: <1059715446.3176.126.camel@portal.home> <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> <20030805091737.GB1417@bfib.colo.bit.nl> <000701c35b67$982ab280$ec5c24a6@wcomnet.com> <20030805165005.GA22595@bfib.colo.bit.nl> <20030805175444.GA24624@fries.net> Message-ID: <20030805185530.GG29779@login.ecs.soton.ac.uk> We've developed MailScanner here (www.mailscanner.info). It's very popular, and allows SpamAssassin and other tools to be bolted in. The question is how best to handle RBLs/etc in a dual-stack environment. We'll have a think - proxying seems appropriate. Tim On Tue, Aug 05, 2003 at 12:54:44PM -0500, Todd T. Fries wrote: > Everyone has a different peg and a different shaped hole to fit it when it > comes to MTA's and anti spam solutions. > > Here's mine: > > http://FreeDaemonConsulting/tech/spam.php > > In short, relaydb gets fed headers (being told this is a good message or spam) > and ends up with a list of good and bad relays. > > More info about relaydb is available at: > > http://www.benzedrine.cx/relaydb.html > > Feed this to the list fed into 'spamd(8)' on OpenBSD and you can block > addresses via pf. > > I've a local diff set to update, but those interested I'll mail you with it > to enable 'spamd' in OpenBSD to deal with IPv6. > > More info about spamd is available at: > > http://www.openbsd.org/cgi-bin/man.cgi?query=spamd > > While I applaud any efforts to develop a list of IPv6 known spam hosts and/or > networks, I would want the ability to over-ride any settings as pertained to > my local settings. So long as there exists an automated way to retrieve any > such lists, I can format them appropriately locally, and use spamd to block > them. > > For anyone who wishes to get a demonstration of spamd in action, feel free to > telnet to 66.210.106.28 port 25. It's not one of my mx hosts, therefore it > gets redirected to spamd automagically ;-) > > Thanks, > -- > Todd Fries .. todd@fries.net > > > Free Daemon Consulting, LLC Land: 405-748-4596 > http://FreeDaemonConsulting.com Mobile: 405-203-6124 > "..in support of free software solutions." > > Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A > Key: http://todd.fries.net/pgp.txt > > (last updated 2003/03/13 07:14:10) > > Penned by Pim van Pelt on Tue, Aug 05, 2003 at 06:50:05PM +0200, we have: > | Hi Greg, John, Cory, Dean, others, > | > | Greg wrote: > | | I can't speak for anyone else, but I would definitely be interested in it. > | | I use postfix as my MTA, and didn't see you mention it, but I suspect that > | | it would probably be fairly easy to integrate. > | > | Sabri has opened a sourceforge project (it was approved swiftly) and we're > | now organizing things in that environment. I had some feedback from Dean > | Strik who maintains the unofficial (or?) IPv6 patches to postfix. He > | promised to look into patching the rbl client into that MTA. We already > | have a working patch for Qmail and a Sendmail milter program, as I said. > | They'll be packaged and delivered seperately in a seperate tarball/CVS > | module. > | > | I'm highly enthusiastic wrt the amount of positive feedback I received > | on this! It definately motivates Sabri and me to push things further :-) > | > | Let me gete back to you on the status at end of this week/somewhere next > | week. > | > | Thanks and groet, > | Pim > | -- > | ---------- - - - - -+- - - - - ---------- > | Pim van Pelt Email: pim@ipng.nl > | http://www.ipng.nl/ IPv6 Deployment > | ----------------------------------------------- > | _______________________________________________ > | 6bone mailing list > | 6bone@mailman.isi.edu > | http://mailman.isi.edu/mailman/listinfo/6bone > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From todd@fries.net Tue Aug 5 20:01:04 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 5 Aug 2003 14:01:04 -0500 Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) In-Reply-To: <20030805185530.GG29779@login.ecs.soton.ac.uk> References: <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> <20030805091737.GB1417@bfib.colo.bit.nl> <000701c35b67$982ab280$ec5c24a6@wcomnet.com> <20030805165005.GA22595@bfib.colo.bit.nl> <20030805175444.GA24624@fries.net> <20030805185530.GG29779@login.ecs.soton.ac.uk> Message-ID: <20030805190104.GB24624@fries.net> I'm not sure I follow your question "How do we handle RBL's in a dual stack environment" .. the `table' of addresses to block gets loaded into pf on my machine, and it includes both IPv4 and IPv6 addresses. I simply 'rdr' (redirect) an IPv4 connection with a matching source address to spamd in the same way that I redirect an IPv6 connection with a matching source address. relaydb handles both IPv4 and IPv6 addresses in headers. I'm already handling this on a multistack machine. It handles quite seamlessly. Please explain your question. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Tim Chown on Tue, Aug 05, 2003 at 07:55:30PM +0100, we have: | We've developed MailScanner here (www.mailscanner.info). It's very | popular, and allows SpamAssassin and other tools to be bolted in. | | The question is how best to handle RBLs/etc in a dual-stack environment. | | We'll have a think - proxying seems appropriate. | | Tim | | On Tue, Aug 05, 2003 at 12:54:44PM -0500, Todd T. Fries wrote: | > Everyone has a different peg and a different shaped hole to fit it when it | > comes to MTA's and anti spam solutions. | > | > Here's mine: | > | > http://FreeDaemonConsulting/tech/spam.php | > | > In short, relaydb gets fed headers (being told this is a good message or spam) | > and ends up with a list of good and bad relays. | > | > More info about relaydb is available at: | > | > http://www.benzedrine.cx/relaydb.html | > | > Feed this to the list fed into 'spamd(8)' on OpenBSD and you can block | > addresses via pf. | > | > I've a local diff set to update, but those interested I'll mail you with it | > to enable 'spamd' in OpenBSD to deal with IPv6. | > | > More info about spamd is available at: | > | > http://www.openbsd.org/cgi-bin/man.cgi?query=spamd | > | > While I applaud any efforts to develop a list of IPv6 known spam hosts and/or | > networks, I would want the ability to over-ride any settings as pertained to | > my local settings. So long as there exists an automated way to retrieve any | > such lists, I can format them appropriately locally, and use spamd to block | > them. | > | > For anyone who wishes to get a demonstration of spamd in action, feel free to | > telnet to 66.210.106.28 port 25. It's not one of my mx hosts, therefore it | > gets redirected to spamd automagically ;-) | > | > Thanks, | > -- | > Todd Fries .. todd@fries.net | > | > | > Free Daemon Consulting, LLC Land: 405-748-4596 | > http://FreeDaemonConsulting.com Mobile: 405-203-6124 | > "..in support of free software solutions." | > | > Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A | > Key: http://todd.fries.net/pgp.txt | > | > (last updated 2003/03/13 07:14:10) | > | > Penned by Pim van Pelt on Tue, Aug 05, 2003 at 06:50:05PM +0200, we have: | > | Hi Greg, John, Cory, Dean, others, | > | | > | Greg wrote: | > | | I can't speak for anyone else, but I would definitely be interested in it. | > | | I use postfix as my MTA, and didn't see you mention it, but I suspect that | > | | it would probably be fairly easy to integrate. | > | | > | Sabri has opened a sourceforge project (it was approved swiftly) and we're | > | now organizing things in that environment. I had some feedback from Dean | > | Strik who maintains the unofficial (or?) IPv6 patches to postfix. He | > | promised to look into patching the rbl client into that MTA. We already | > | have a working patch for Qmail and a Sendmail milter program, as I said. | > | They'll be packaged and delivered seperately in a seperate tarball/CVS | > | module. | > | | > | I'm highly enthusiastic wrt the amount of positive feedback I received | > | on this! It definately motivates Sabri and me to push things further :-) | > | | > | Let me gete back to you on the status at end of this week/somewhere next | > | week. | > | | > | Thanks and groet, | > | Pim | > | -- | > | ---------- - - - - -+- - - - - ---------- | > | Pim van Pelt Email: pim@ipng.nl | > | http://www.ipng.nl/ IPv6 Deployment | > | ----------------------------------------------- | > | _______________________________________________ | > | 6bone mailing list | > | 6bone@mailman.isi.edu | > | http://mailman.isi.edu/mailman/listinfo/6bone | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From john@sixgirls.org Tue Aug 5 21:03:43 2003 From: john@sixgirls.org (John Klos) Date: Tue, 5 Aug 2003 16:03:43 -0400 (EDT) Subject: [6bone] RBLcheckd (was Re: Nothing is sacred...) In-Reply-To: <20030805190104.GB24624@fries.net> References: <20030801055137.GA61051@scylla.towardex.com> <20030801085150.GF19355@login.ecs.soton.ac.uk> <20030801133520.GA23406@bfib.colo.bit.nl> <20030804131013.GK13730@login.ecs.soton.ac.uk> <000901c35b04$94bb1030$cc2f62d1@vyger.net> <20030805091737.GB1417@bfib.colo.bit.nl> <000701c35b67$982ab280$ec5c24a6@wcomnet.com> <20030805165005.GA22595@bfib.colo.bit.nl> <20030805175444.GA24624@fries.net> <20030805185530.GG29779@login.ecs.soton.ac.uk> <20030805190104.GB24624@fries.net> Message-ID: Hello, > I'm not sure I follow your question "How do we handle RBL's in a dual > stack environment" .. the `table' of addresses to block gets loaded into > pf on my machine, and it includes both IPv4 and IPv6 addresses. I simply > 'rdr' (redirect) an IPv4 connection with a matching source address to > spamd in the same way that I redirect an IPv6 connection with a matching > source address. But this does introduce a new problem. Just like the spammers that send to backup MX even when the primary returns a permanent error, we'll still see spammers which try to send to the IPv6 address(es) in the MX, then try the IPv4 addresses (or the other way around). Because there's generally no way to correlate IPv6 addresses with IPv4 addresses (6in4 excepted), dual stacked spammers will need to be blocked twice. Does anyone have an idea for this? John Klos Sixgirls Computing Labs From alec.waters@dataline.co.uk Wed Aug 13 15:49:23 2003 From: alec.waters@dataline.co.uk (Alec Waters) Date: Wed, 13 Aug 2003 15:49:23 +0100 Subject: [6bone] Nothing is sacred... In-Reply-To: <1059715446.3176.126.camel@portal.home> References: <1059715446.3176.126.camel@portal.home> Message-ID: <3F3A4FF3.8070806@dataline.co.uk> Ben Winslow wrote: > I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of > a spammer with the audacity to operate over IPv6! More IPv6 blackhat activity here: http://project.honeynet.org/scans/scan28/ The writeups are very interesting. alec -- Alec Waters Dataline Software Ltd Clarence House, 30-31 North Street, Brighton, BN1 1EB, UK Tel: +44 (0)1273 324939 Fax: +44 (0)1273 205576 www: http://www.dataline.co.uk IPv6: http://www.ipv6.dataline.co.uk From jeroen@unfix.org Wed Aug 13 18:36:11 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Wed, 13 Aug 2003 19:36:11 +0200 Subject: [6bone] Nothing is sacred... In-Reply-To: <3F3A4FF3.8070806@dataline.co.uk> Message-ID: <001801c361c1$6335abb0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Alec Waters wrote: > Ben Winslow wrote: > > I fixed IPv6 SMTP yesterday, only to discover the wonderful > droppings of > > a spammer with the audacity to operate over IPv6! > > More IPv6 blackhat activity here: > > http://project.honeynet.org/scans/scan28/ > > The writeups are very interesting. And not very strange as italians are already doing much damage in the IPv4 world and they have also been noted for trying to do so in the IPv6 world for some time now. I quote: 8<------------ The attacker uses 2001:6b8:0:400::5d0e as IPv6 address. This address is part of 2001:6b8::/48, which is assigned to Telecom Italia for the 'ngnet initiative'. - --------------->8 Fortunatly they learned from it: 8<----------------- This service is avaiable only accessing using IP addresses assigned to the Telecom Italia group. if you are using one of these addresses and you read this message please send an email containing your IP address to tbadmin@ngnet.it - -------------------->8 No more abusing italians through there at least. Which did explain why we saw a jump in italian requests at SixXS, of which most had dubieus addresses and mostly one intention: irc. And thus where nicely declined on those grounds. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBPzp3CimqKFIzPnwjEQJWdQCeLV0C7Ua1W8sTDKKvHWxbjEJWsOAAnjPZ SpqJWDnoa7ualUuzuWjCBpse =u1i9 -----END PGP SIGNATURE----- From hari@UDel.Edu Fri Aug 15 06:08:02 2003 From: hari@UDel.Edu (Harish Nair) Date: Fri, 15 Aug 2003 01:08:02 -0400 (EDT) Subject: [6bone] IPv6 NTP testing In-Reply-To: <200308131905.h7DJ5DJ27112@gamma.isi.edu> References: <200308131905.h7DJ5DJ27112@gamma.isi.edu> Message-ID: Hi All, We have set up an IPv6 NTP server "hepzibah-ip6.udel.edu" for public use over the 6bone network. We would welcome any volunteers to test it out. The server runs in "NTP SERVER" mode and serves requests from machines running in "NTP CLIENT" mode. Please do get back to me at hari@udel.edu in case you encounter any problems. You can also visit www.ntp.org for any questions about NTP. The NTP mailing lists can be found at http://mailman.ntp.org/mailman/listinfo. Thanks, Harish From riel@imladris.surriel.com Sat Aug 16 04:15:16 2003 From: riel@imladris.surriel.com (Rik van Riel) Date: Fri, 15 Aug 2003 23:15:16 -0400 (EDT) Subject: [6bone] Nothing is sacred... In-Reply-To: <200308011032.h71AWMo28838@boreas.isi.edu> References: <200308011032.h71AWMo28838@boreas.isi.edu> Message-ID: On Fri, 1 Aug 2003, Bill Manning wrote: > I've been getting crap for just over a year, generally from addresses > of the form: > > ::ffff:xxx Those are just ipv4 connections coming in to ipv6 sockets. Zmailer knows what to do with these and queries for the ipv4 address in ipv4 dnsbls. I suspect other MTAs will learn this trick soon... Rik -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan From riel@imladris.surriel.com Sat Aug 16 04:23:37 2003 From: riel@imladris.surriel.com (Rik van Riel) Date: Fri, 15 Aug 2003 23:23:37 -0400 (EDT) Subject: [6bone] Nothing is sacred... In-Reply-To: References: <1059715446.3176.126.camel@portal.home> Message-ID: On Fri, 1 Aug 2003, John Klos wrote: > > I fixed IPv6 SMTP yesterday, only to discover the wonderful droppings of > > a spammer with the audacity to operate over IPv6! > > IPv6 open relay? We all knew it was a matter of time before we started > seeing SPAM on IPv6... OK, time to start enhancing spamikaze to have ipv6 functionality ;) http://spamikaze.nl.linux.org/ has the source and some basic info. Unfortunately we have a problem. Different MTAs do their ipv6 DNSBL queries differently. Lets take the address 2001:4321::1 as an example, since it doesn't seem to exist and it's really short when typed forwards. Exim would query: 1.(many zeros).1.2.3.4.1.0.0.2.dnsbl.example.org Zmailer would query: 1.(many zeros).1.2.3.4.1.0.0.2.ip6.dnsbl.example.org I have no idea what the other MTAs would query. I think we should standardise on one way to do lookups, so the ipv6 DNSBLs would actually work... Personally I prefer the zmailer version, since it allows one dnsbl setting in the MTA configuration to catch both ipv4 and ipv6 dnsbl content without any ambiguity. Yes, I know 2.0.0.0/8 is currently reserved, but I'm not comfortable relying on that. Also, we should have a dnsbl test address like the ipv4 dnsbls have; for ipv4 this is 127.0.0.2: $ host -t any 2.0.0.127.psbl.surriel.com 2.0.0.127.psbl.surriel.com has address 127.0.0.2 2.0.0.127.psbl.surriel.com text "psbl.surriel.com test entry" $ host -t any 2.0.0.127.list.dsbl.org 2.0.0.127.list.dsbl.org text "http://dsbl.org/listing?ip=127.0.0.2" 2.0.0.127.list.dsbl.org has address 127.0.0.2 What would be a suitable test address for ipv6 ? kind regards, Rik -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan From john@sixgirls.org Sat Aug 16 05:05:01 2003 From: john@sixgirls.org (John Klos) Date: Sat, 16 Aug 2003 00:05:01 -0400 (EDT) Subject: [6bone] IPv6 NTP testing In-Reply-To: References: <200308131905.h7DJ5DJ27112@gamma.isi.edu> Message-ID: Hello, > We have set up an IPv6 NTP server "hepzibah-ip6.udel.edu" for public use > over the 6bone network. We would welcome any volunteers to test it out. > The server runs in "NTP SERVER" mode and serves requests from machines > running in "NTP CLIENT" mode. I also am testing ntp via IPv6. I have two test machines acting as stratum 3 time servers running ntp version 4.1.80 (and maybe 4.2.something sometime soon). We're looking to test the code for inclusion in NetBSD 2.0. Perhaps we could use hepzibah-ip6.udel.edu as an ntp peer? Relating to IPv6, does anyone have any suggestions for testing (aside from long term use)? The machines, in case anyone would like to test, are: lilith.sixgirls.org (NetBSD 1.6.1-release, m68k) gaia.sixgirls.org (NetBSD 1.6.1-release, VAX) Note that gaia is expected to be up tomorrow, but is not currently up because of the power outages in the US. Any ideas / suggestions are welcome. Thanks, John Klos Sixgirls Computing Labs From dean@ipnet6.org Sat Aug 16 22:57:11 2003 From: dean@ipnet6.org (Dean Strik) Date: Sat, 16 Aug 2003 23:57:11 +0200 Subject: [6bone] Nothing is sacred... In-Reply-To: References: <200308011032.h71AWMo28838@boreas.isi.edu> Message-ID: <20030816215711.GB66135@dragon.stack.nl> Rik van Riel wrote: > Those are just ipv4 connections coming in to ipv6 sockets. > > Zmailer knows what to do with these and queries for the > ipv4 address in ipv4 dnsbls. I suspect other MTAs will > learn this trick soon... Postfix (with my IPv6 patch) does this too. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From bmanning@ISI.EDU Sat Aug 16 23:01:00 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sat, 16 Aug 2003 15:01:00 -0700 (PDT) Subject: [6bone] IPv6 NTP testing In-Reply-To: from John Klos at "Aug 16, 3 00:05:01 am" Message-ID: <200308162201.h7GM10I07478@boreas.isi.edu> a number of v6-stack NTP servers should already be running. I've collected this list over the past year, most are s2-3 and one has been s-1 w/ a PPS source. List of v6 capable NTP servers: ntp.ipv6.viagenie.qc.ca. ntp.immanent.net. ntp1.bit.nl. ntp2.bit.nl. ntp6.space.net. bong.karoshi.com. % Hello, % % > We have set up an IPv6 NTP server "hepzibah-ip6.udel.edu" for public use % > over the 6bone network. We would welcome any volunteers to test it out. % > The server runs in "NTP SERVER" mode and serves requests from machines % > running in "NTP CLIENT" mode. % % I also am testing ntp via IPv6. I have two test machines acting as stratum % 3 time servers running ntp version 4.1.80 (and maybe 4.2.something % sometime soon). We're looking to test the code for inclusion in NetBSD % 2.0. % % Perhaps we could use hepzibah-ip6.udel.edu as an ntp peer? % % Relating to IPv6, does anyone have any suggestions for testing (aside from % long term use)? % % The machines, in case anyone would like to test, are: % lilith.sixgirls.org (NetBSD 1.6.1-release, m68k) % gaia.sixgirls.org (NetBSD 1.6.1-release, VAX) % % Note that gaia is expected to be up tomorrow, but is not currently up % because of the power outages in the US. % % Any ideas / suggestions are welcome. % % Thanks, % John Klos % Sixgirls Computing Labs % _______________________________________________ % 6bone mailing list % 6bone@mailman.isi.edu % http://mailman.isi.edu/mailman/listinfo/6bone % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From dean@ipnet6.org Sat Aug 16 23:11:44 2003 From: dean@ipnet6.org (Dean Strik) Date: Sun, 17 Aug 2003 00:11:44 +0200 Subject: [6bone] Nothing is sacred... In-Reply-To: References: <1059715446.3176.126.camel@portal.home> Message-ID: <20030816221144.GC66135@dragon.stack.nl> Rik van Riel wrote: > Unfortunately we have a problem. Different MTAs do their ipv6 > DNSBL queries differently. > > Lets take the address 2001:4321::1 as an example, since it doesn't > seem to exist and it's really short when typed forwards. > > Exim would query: > 1.(many zeros).1.2.3.4.1.0.0.2.dnsbl.example.org > Zmailer would query: > 1.(many zeros).1.2.3.4.1.0.0.2.ip6.dnsbl.example.org > > I have no idea what the other MTAs would query. I think we > should standardise on one way to do lookups, so the ipv6 > DNSBLs would actually work... Agreed. > Personally I prefer the zmailer version, since it allows one > dnsbl setting in the MTA configuration to catch both ipv4 and > ipv6 dnsbl content without any ambiguity. Yes, I know 2.0.0.0/8 > is currently reserved, but I'm not comfortable relying on that. Agreed. It is my intention to add support for DNSBL queries for IPv6 clients to Postfix soon. I hope something will come out of this before that. Otherwise I'll probably use the .ip6. subdomain. I'm very interested in what other MTAs use. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From dean@ipnet6.org Sat Aug 16 23:39:15 2003 From: dean@ipnet6.org (Dean Strik) Date: Sun, 17 Aug 2003 00:39:15 +0200 Subject: [6bone] IPv6 NTP testing In-Reply-To: <200308162201.h7GM10I07478@boreas.isi.edu> References: <200308162201.h7GM10I07478@boreas.isi.edu> Message-ID: <20030816223915.GD66135@dragon.stack.nl> Bill Manning wrote: > a number of v6-stack NTP servers should already be running. > I've collected this list over the past year, most are s2-3 > and one has been s-1 w/ a PPS source. > > List of v6 capable NTP servers: > > ntp.ipv6.viagenie.qc.ca. > ntp.immanent.net. > ntp1.bit.nl. > ntp2.bit.nl. > ntp6.space.net. > bong.karoshi.com. chime3.ipv6.surfnet.nl, stratum 1. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From dragon@tdoi.org Sat Aug 16 23:59:46 2003 From: dragon@tdoi.org (Christian Nickel) Date: Sun, 17 Aug 2003 00:59:46 +0200 Subject: [6bone] IPv6 NTP testing References: <200308162201.h7GM10I07478@boreas.isi.edu> Message-ID: <000d01c3644a$16d52210$152ea8c0@alpha> Hi, > a number of v6-stack NTP servers should already be running. > I've collected this list over the past year, most are s2-3 > and one has been s-1 w/ a PPS source. > > List of v6 capable NTP servers: > > ntp.ipv6.viagenie.qc.ca. > ntp.immanent.net. > ntp1.bit.nl. > ntp2.bit.nl. > ntp6.space.net. > bong.karoshi.com. > here is a list with verified working NTP servers: ntp6.space.net time6.ipv6.uni-muenster.de ntp.rhrk.uni-kl.de ntp.ipv6.viagenie.qc.ca ntp.ipv6.linux.ee noc.sixxs.net nlams01.sixxs.net nlams02.sixxs.net ntp1.bit.nl ntp2.bit.nl greets Christian From frederick.lefebvre@hexago.com Mon Aug 18 20:30:49 2003 From: frederick.lefebvre@hexago.com (Frederick Lefebvre) Date: Mon, 18 Aug 2003 15:30:49 -0400 Subject: [6bone] IPv6 NTP testing In-Reply-To: <200308162201.h7GM10I07478@boreas.isi.edu> References: <200308162201.h7GM10I07478@boreas.isi.edu> Message-ID: <1167630000.1061235049@hades.hexago.com> I've setup a web page with a list of known and verified ipv6 ntp servers: http://eng.hexago.com/services/ntp.shtml Regards, Frederick Lefebvre -- System and Network administrator Hexago Inc. / Viagenie (418)266-5533 #226 ------------------------------------------------ http://www.freenet6.net : Free IPv6 Connectivity ------------------------------------------------ --On Saturday, August 16, 2003 15:01:00 -0700 Bill Manning wrote: > a number of v6-stack NTP servers should already be running. > I've collected this list over the past year, most are s2-3 > and one has been s-1 w/ a PPS source. > > List of v6 capable NTP servers: > > ntp.ipv6.viagenie.qc.ca. > ntp.immanent.net. > ntp1.bit.nl. > ntp2.bit.nl. > ntp6.space.net. > bong.karoshi.com. > > > > % Hello, > % > % > We have set up an IPv6 NTP server "hepzibah-ip6.udel.edu" for public > use % > over the 6bone network. We would welcome any volunteers to test > it out. % > The server runs in "NTP SERVER" mode and serves requests from > machines % > running in "NTP CLIENT" mode. > % > % I also am testing ntp via IPv6. I have two test machines acting as > stratum % 3 time servers running ntp version 4.1.80 (and maybe > 4.2.something % sometime soon). We're looking to test the code for > inclusion in NetBSD % 2.0. > % > % Perhaps we could use hepzibah-ip6.udel.edu as an ntp peer? > % > % Relating to IPv6, does anyone have any suggestions for testing (aside > from % long term use)? > % > % The machines, in case anyone would like to test, are: > % lilith.sixgirls.org (NetBSD 1.6.1-release, m68k) > % gaia.sixgirls.org (NetBSD 1.6.1-release, VAX) > % > % Note that gaia is expected to be up tomorrow, but is not currently up > % because of the power outages in the US. > % > % Any ideas / suggestions are welcome. > % > % Thanks, > % John Klos > % Sixgirls Computing Labs > % _______________________________________________ > % 6bone mailing list > % 6bone@mailman.isi.edu > % http://mailman.isi.edu/mailman/listinfo/6bone > % > > > -- > --bill > > Opinions expressed may not even be mine by the time you read them, and > certainly don't reflect those of any other entity (legal or otherwise). > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From leo@ubiobio.cl Mon Aug 18 21:55:58 2003 From: leo@ubiobio.cl (Leonardo Saavedra Henriquez) Date: Mon, 18 Aug 2003 16:55:58 -0400 (CLT) Subject: [6bone] I2 tunnel. Message-ID: Hello We are a research group from a chilean University and we would like to improve our conection to 6bone. Actually we have a link with "tunnelbroker"[1] a they've assigned us a /64[2]. But we would like to take adventage of our link to Internet2 so, is there someone who could provide this kind of conection via Internet2 link (hopefully a University). [1]http://www.tunnelbroker.com [2] 2001:470:1F00:339::/64 My best Regards. -- Leonardo Saavedra mailto:leo@ubiobio.cl From sandeep@matrixinfosystems.com Wed Aug 13 07:29:03 2003 From: sandeep@matrixinfosystems.com (Sandeep Bera) Date: Wed, 13 Aug 2003 11:59:03 +0530 Subject: [6bone] Basic Help Message-ID: <008901c36164$45a45f90$2d64a8c0@Sandeep> This is a multi-part message in MIME format. ------=_NextPart_000_0082_01C36192.4A4DAD70 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello=20 I am very new in 6bone. Can anybody tell me do router requires to = process router advertisement from the neighboring router? If yes what = kind of processing? only adding the on-link prefixes in its prefix list = or anything else. RFC2461didnot specify anything regarding this clearly. = Can anybody guide me or give me any link regarding the same. Also anybody can tell ! in this scenario = 1(host)-----2(router)-----3(router)----4(host) (connected with links) if = node 1, wants to send 4 any packet then is IPv6 is enough to send the = packet (provided I have not added any static route in 1 2 3), or there = need to run RIPng in 2, 3 for the same to route the packet. Please tell = me in details above the same. Thanks Sandeep Bera Matrix Infosystems India ------=_NextPart_000_0082_01C36192.4A4DAD70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello
I am very new in 6bone. Can anybody = tell me do=20 router requires to process router advertisement from the neighboring = router?=20 If yes what kind of processing? only = adding the=20 on-link prefixes in its prefix list or anything else. RFC2461didnot = specify=20 anything regarding this clearly. Can anybody guide me or give me = any link=20 regarding the same.
Also anybody can tell ! in this = scenario=20 1(host)-----2(router)-----3(router)----4(host) (connected with = links) if node 1, wants to send 4 any packet then = is IPv6 is=20 enough to send the packet (provided I have not added any static = route in 1=20 2 3), or  there need to run RIPng in 2, 3 for the same to route = the=20 packet. Please tell me in details above the same.
Thanks
Sandeep Bera
Matrix Infosystems
India
------=_NextPart_000_0082_01C36192.4A4DAD70-- From pim@ipng.nl Wed Aug 20 11:31:17 2003 From: pim@ipng.nl (Pim van Pelt) Date: Wed, 20 Aug 2003 12:31:17 +0200 Subject: [6bone] IPv6 NTP testing In-Reply-To: <1167630000.1061235049@hades.hexago.com> References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> Message-ID: <20030820103117.GA13169@bfib.colo.bit.nl> Hi, | I've setup a web page with a list of known and verified ipv6 ntp servers: Thanks for the list! I was looking at ntp1.bit.nl a bit and see that it's binding UDP sockets on any IP address it can find: udp4 0 0 127.0.0.1.123 *.* udp6 0 0 fe80:4::1.123 *.* udp6 0 0 ::1.123 *.* udp6 0 0 2001:7b8:3:2c::5.123 *.* udp6 0 0 2001:7b8:3:2c::1.123 *.* udp6 0 0 2001:7b8:3:2c:20.123 *.* udp4 0 0 213.136.12.53.123 *.* udp4 0 0 213.136.12.52.123 *.* udp6 0 0 fe80:1::202:b3ff.123 *.* udp4 0 0 213.136.12.51.123 *.* AND on the UDP unspecified address in both protocol families: udp6 0 0 *.123 *.* udp4 0 0 *.123 *.* Is there anybody who can explain this behavior, and perhaps have the server bind either to 'the unspecified, thus any' or to a specific IPv4 IPv6 address ? -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From kim@tac.nyc.ny.us Wed Aug 20 15:28:59 2003 From: kim@tac.nyc.ny.us (Kimmo Suominen) Date: Wed, 20 Aug 2003 10:28:59 -0400 Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030820103117.GA13169@bfib.colo.bit.nl> from Pim van Pelt on Wed, 20 Aug 2003 12:31:17 +0200 References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> Message-ID: <20030820142859.64CF57E43@beowulf.gw.com> Let's see if I understood this correctly way back... ntpd needs to send responses back using the same IP address that it received the original request on. To track the addresses, it uses separate file descriptors. Cheers, + Kim | From: Pim van Pelt | Date: Wed, 20 Aug 2003 12:31:17 +0200 | | Hi, | | | I've setup a web page with a list of known and verified ipv6 ntp servers: | Thanks for the list! | | I was looking at ntp1.bit.nl a bit and see that it's binding UDP sockets | on any IP address it can find: | udp4 0 0 127.0.0.1.123 *.* | udp6 0 0 fe80:4::1.123 *.* | udp6 0 0 ::1.123 *.* | udp6 0 0 2001:7b8:3:2c::5.123 *.* | udp6 0 0 2001:7b8:3:2c::1.123 *.* | udp6 0 0 2001:7b8:3:2c:20.123 *.* | udp4 0 0 213.136.12.53.123 *.* | udp4 0 0 213.136.12.52.123 *.* | udp6 0 0 fe80:1::202:b3ff.123 *.* | udp4 0 0 213.136.12.51.123 *.* | | AND on the UDP unspecified address in both protocol families: | udp6 0 0 *.123 *.* | udp4 0 0 *.123 *.* | | Is there anybody who can explain this behavior, and perhaps have the | server bind either to 'the unspecified, thus any' or to a specific IPv4 | IPv6 address ? From Jan Oravec Wed Aug 20 16:17:13 2003 From: Jan Oravec (Jan Oravec) Date: Wed, 20 Aug 2003 17:17:13 +0200 Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030820142859.64CF57E43@beowulf.gw.com> References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> <20030820142859.64CF57E43@beowulf.gw.com> Message-ID: <20030820151713.GA3397@wsx.ksp.sk> Hello, > ntpd needs to send responses back using the same IP address that it > received the original request on. To track the addresses, it uses > separate file descriptors. setsockopt IP_PKTINFO,IPV6_PKTINFO + sendmsg/recvmsg + controlmsg is better way to do this, you need only single FD. Regards, -- Jan Oravec XS26 coordinator 6COM s.r.o. 'Access to IPv6' http://www.6com.sk http://www.xs26.net From frederick.lefebvre@hexago.com Wed Aug 20 16:30:39 2003 From: frederick.lefebvre@hexago.com (Frederick Lefebvre) Date: Wed, 20 Aug 2003 11:30:39 -0400 Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030820103117.GA13169@bfib.colo.bit.nl> References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> Message-ID: <10970000.1061393439@hades.hexago.com> --On Wednesday, August 20, 2003 12:31:17 +0200 Pim van Pelt wrote: > > Is there anybody who can explain this behavior, and perhaps have the > server bind either to 'the unspecified, thus any' or to a specific IPv4 > IPv6 address ? > >From my experience, ntpd seems to bind on all available addresses and there is no way to change that behaviour. I had the same problem when I tried to run ntpd from a host with over 200 tunnels... This was a few months ago and at that time, that behavior was hard coded into the sources. Frederick Lefebvre -- System and Network administrator Hexago Inc. / Viagenie (418)266-5533 #226 ------------------------------------------------ http://www.freenet6.net : Free IPv6 Connectivity ------------------------------------------------ From sunday@csh.rit.edu Wed Aug 20 21:07:47 2003 From: sunday@csh.rit.edu (Joe Sunday) Date: Wed, 20 Aug 2003 16:07:47 -0400 Subject: [6bone] Tunnel configuration on IOS 12.3 Message-ID: <20030820200746.GA19968@csh.rit.edu> I've got a 7507 terminating a couple of test IPv6 tunnels.. But, I just changed one of the clients from a cable modem to DSL over PPPoE link, which changes IP whenever the machine resets. I know quite a few of you that run tunnel brokers have automated scripts and/or web forms to update your tunnel configurations, for those of you that terminate tunnels into Cisco routers, how do you script configuration changes, and does anyone have any example code I can look at? I figure either Chat/Expect or snmp, but I was wondering what everyone here uses and if anyone has any pointers. --Joe -- Joe Sunday http://www.csh.rit.edu/~sunday/ Computer Science House, Rochester Inst. Of Technology From pim@ipng.nl Wed Aug 20 21:29:39 2003 From: pim@ipng.nl (Pim van Pelt) Date: Wed, 20 Aug 2003 22:29:39 +0200 Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030820142859.64CF57E43@beowulf.gw.com> References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> <20030820142859.64CF57E43@beowulf.gw.com> Message-ID: <20030820202939.GA1749@bfib.colo.bit.nl> On Wed, Aug 20, 2003 at 10:28:59AM -0400, Kimmo Suominen wrote: | Let's see if I understood this correctly way back... | | ntpd needs to send responses back using the same IP address that it | received the original request on. To track the addresses, it uses | separate file descriptors. I understand this, thanks for the explanation. It sounds like a good approach, but I do not really want ntpd to bind (and service requests) from just any IP address. Looking at my list: | | udp4 0 0 127.0.0.1.123 *.* | | udp6 0 0 ::1.123 *.* localhost is not needed. | | udp6 0 0 fe80:4::1.123 *.* | | udp6 0 0 fe80:1::202:b3ff.123 *.* linklocal is not needed. | | udp6 0 0 2001:7b8:3:2c::5.123 *.* This is actually 2001:7b8:3:2c::53 , an authoritative nameserver | | udp6 0 0 2001:7b8:3:2c::1.123 *.* This is actually 2001:7b8:3:2c::123 (ntp1.bit.nl), the one I'd like ntpd to use | | udp6 0 0 2001:7b8:3:2c:20.123 *.* This is the EUI64 address of the machine. | | udp4 0 0 213.136.12.53.123 *.* This is the IPv4 address for ntp1.bit.nl. | | udp4 0 0 213.136.12.52.123 *.* Caching nameserver .. no ntpd here! | | udp4 0 0 213.136.12.51.123 *.* Authoritative nameserver, .. no ntpd here! | | | | AND on the UDP unspecified address in both protocol families: | | udp6 0 0 *.123 *.* | | udp4 0 0 *.123 *.* What good do these do if we already listen to specific IPs ? What I'd like is some syntax on the command prompt to force binding of IPs, such as ntpd -B [2001:7b8:3:2c::123] -B 213.136.12.53, making the daemon keep its hands off of IPs it should not be touching. Anyone care to look into this .. ? -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From fredb@immanent.net Thu Aug 21 00:24:41 2003 From: fredb@immanent.net (Frederick Bruckman) Date: Wed, 20 Aug 2003 18:24:41 -0500 (CDT) Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030820202939.GA1749@bfib.colo.bit.nl> References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> <20030820142859.64CF57E43@beowulf.gw.com> <20030820202939.GA1749@bfib.colo.bit.nl> Message-ID: On Wed, 20 Aug 2003, Pim van Pelt wrote: > On Wed, Aug 20, 2003 at 10:28:59AM -0400, Kimmo Suominen wrote: > | Let's see if I understood this correctly way back... > | > | ntpd needs to send responses back using the same IP address that it > | received the original request on. To track the addresses, it uses > | separate file descriptors. > I understand this, thanks for the explanation. It sounds like a good > approach, but I do not really want ntpd to bind (and service requests) > from just any IP address. Looking at my list: > | | AND on the UDP unspecified address in both protocol families: > | | udp6 0 0 *.123 *.* > | | udp4 0 0 *.123 *.* > What good do these do if we already listen to specific IPs ? I believe that's to catch IP addresses that were configured after the daemon was started. There are obvious problems with the entire plan. Consider the case of symetric peers, where neither node is responding to a packet from the other, but rather, both try to time it to send packets at roughly the send time. > What I'd like is some syntax on the command prompt to force binding of > IPs, such as ntpd -B [2001:7b8:3:2c::123] -B 213.136.12.53, making > the daemon keep its hands off of IPs it should not be touching. You're not the first person to ask for this on a newsgroup or public list. HOWEVER, there doesn't seem to be a single request for it in the list of open bugs on bugzilla.ntp.org (hint). By the way, there is an "-L" option not to listen to virtual IP's, but it's a hack that only works on Linux, as the distinction doesn't even make sense on other OS's. It's not as if you'd necessarily want the "real" IP, whatever that means, to handle the ntpd traffic anyhow. For what it's worth, I do like the idea of a "-B" option, but I would also like an "interface" keyword. Frederick From kim@tac.nyc.ny.us Thu Aug 21 01:42:18 2003 From: kim@tac.nyc.ny.us (Kimmo Suominen) Date: Wed, 20 Aug 2003 20:42:18 -0400 Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030820202939.GA1749@bfib.colo.bit.nl> from Pim van Pelt on Wed, 20 Aug 2003 22:29:39 +0200 References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> <20030820142859.64CF57E43@beowulf.gw.com> <20030820202939.GA1749@bfib.colo.bit.nl> Message-ID: <20030821004218.5D5357E09@beowulf.gw.com> I also think more modern versions of ntpd (4.x?) do this all differently. I was recently tinkering with the code on NetBSD, and when I offered my changes to one of the ntpd developers, I learned that that section of the code is being rewritten from scratch. Hopefully there are directives in the new code to restrict the selection of IPs to listen to. I could have a look, but someone like John Klos might already know the answer (wasn't he just writing to this list on this thread earlier...). Regards, + Kim | From: Pim van Pelt | Date: Wed, 20 Aug 2003 22:29:39 +0200 | | On Wed, Aug 20, 2003 at 10:28:59AM -0400, Kimmo Suominen wrote: | | Let's see if I understood this correctly way back... | | | | ntpd needs to send responses back using the same IP address that it | | received the original request on. To track the addresses, it uses | | separate file descriptors. | I understand this, thanks for the explanation. It sounds like a good | approach, but I do not really want ntpd to bind (and service requests) | from just any IP address. Looking at my list: | | | | udp4 0 0 127.0.0.1.123 *.* | | | udp6 0 0 ::1.123 *.* | localhost is not needed. | | | udp6 0 0 fe80:4::1.123 *.* | | | udp6 0 0 fe80:1::202:b3ff.123 *.* | linklocal is not needed. | | | udp6 0 0 2001:7b8:3:2c::5.123 *.* | This is actually 2001:7b8:3:2c::53 , an authoritative nameserver | | | udp6 0 0 2001:7b8:3:2c::1.123 *.* | This is actually 2001:7b8:3:2c::123 (ntp1.bit.nl), the one I'd like ntpd to u | se | | | udp6 0 0 2001:7b8:3:2c:20.123 *.* | This is the EUI64 address of the machine. | | | udp4 0 0 213.136.12.53.123 *.* | This is the IPv4 address for ntp1.bit.nl. | | | udp4 0 0 213.136.12.52.123 *.* | Caching nameserver .. no ntpd here! | | | udp4 0 0 213.136.12.51.123 *.* | Authoritative nameserver, .. no ntpd here! | | | | | | AND on the UDP unspecified address in both protocol families: | | | udp6 0 0 *.123 *.* | | | udp4 0 0 *.123 *.* | What good do these do if we already listen to specific IPs ? | | What I'd like is some syntax on the command prompt to force binding of | IPs, such as ntpd -B [2001:7b8:3:2c::123] -B 213.136.12.53, making | the daemon keep its hands off of IPs it should not be touching. | | Anyone care to look into this .. ? From fredb@immanent.net Thu Aug 21 04:49:25 2003 From: fredb@immanent.net (Frederick Bruckman) Date: Wed, 20 Aug 2003 22:49:25 -0500 (CDT) Subject: [6bone] IPv6 NTP testing In-Reply-To: <20030821004218.5D5357E09@beowulf.gw.com> References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> <20030820142859.64CF57E43@beowulf.gw.com> <20030820202939.GA1749@bfib.colo.bit.nl> <20030821004218.5D5357E09@beowulf.gw.com> Message-ID: On Wed, 20 Aug 2003, Kimmo Suominen wrote: > I also think more modern versions of ntpd (4.x?) do this all differently. > I was recently tinkering with the code on NetBSD, and when I offered my > changes to one of the ntpd developers, I learned that that section of > the code is being rewritten from scratch. > > Hopefully there are directives in the new code to restrict the selection > of IPs to listen to. I could have a look, but someone like John Klos > might already know the answer (wasn't he just writing to this list on > this thread earlier...). Yes, that part of the code has changed since NetBSD's last import -- for one thing, it now supports IPv6 -- but no, it still binds all the IP addresses. I predict it will take nothing short of a proper bug report on http://bugzilla.ntp.org to get that fixed. Frederick From jhay@icomtek.csir.co.za Thu Aug 21 05:07:28 2003 From: jhay@icomtek.csir.co.za (John Hay) Date: Thu, 21 Aug 2003 06:07:28 +0200 Subject: [6bone] IPv6 NTP testing In-Reply-To: References: <200308162201.h7GM10I07478@boreas.isi.edu> <1167630000.1061235049@hades.hexago.com> <20030820103117.GA13169@bfib.colo.bit.nl> <20030820142859.64CF57E43@beowulf.gw.com> <20030820202939.GA1749@bfib.colo.bit.nl> Message-ID: <20030821040728.GA79178@zibbi.icomtek.csir.co.za> On Wed, Aug 20, 2003 at 06:24:41PM -0500, Frederick Bruckman wrote: > On Wed, 20 Aug 2003, Pim van Pelt wrote: > > > On Wed, Aug 20, 2003 at 10:28:59AM -0400, Kimmo Suominen wrote: > > | Let's see if I understood this correctly way back... > > | > > | ntpd needs to send responses back using the same IP address that it > > | received the original request on. To track the addresses, it uses > > | separate file descriptors. > > I understand this, thanks for the explanation. It sounds like a good > > approach, but I do not really want ntpd to bind (and service requests) > > from just any IP address. Looking at my list: > > > | | AND on the UDP unspecified address in both protocol families: > > | | udp6 0 0 *.123 *.* > > | | udp4 0 0 *.123 *.* > > What good do these do if we already listen to specific IPs ? > > I believe that's to catch IP addresses that were configured after the > daemon was started. There are obvious problems with the entire plan. > Consider the case of symetric peers, where neither node is responding > to a packet from the other, but rather, both try to time it to send > packets at roughly the send time. > > > What I'd like is some syntax on the command prompt to force binding of > > IPs, such as ntpd -B [2001:7b8:3:2c::123] -B 213.136.12.53, making > > the daemon keep its hands off of IPs it should not be touching. > > You're not the first person to ask for this on a newsgroup or public > list. HOWEVER, there doesn't seem to be a single request for it in the > list of open bugs on bugzilla.ntp.org (hint). > > By the way, there is an "-L" option not to listen to virtual IP's, but > it's a hack that only works on Linux, as the distinction doesn't even > make sense on other OS's. It's not as if you'd necessarily want the > "real" IP, whatever that means, to handle the ntpd traffic anyhow. > For what it's worth, I do like the idea of a "-B" option, but I would > also like an "interface" keyword. Guys, if you are really serious about this feature, get the latest ntp-dev code from bitkeeper, implement it and send it as a patch to bugzilla.ntp.org. :-) Really. I don't think any of us are against the idea, it is just the people working on ntp are mostly volunteers with other targets on their agendas. Oh, and test it for the different kinds of ntp setups, especially autokey because that is one of the reasons that ntpd needs to know the addresses. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org