From todd@fries.net Tue Jul 1 14:05:15 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 1 Jul 2003 08:05:15 -0500 Subject: [6bone] core ns registry database Message-ID: <20030701130515.GB3347@fries.net> I called Network Solutions yesterday. I have made an annual event out of calling them and seeing how far I can prod them about how far they are with supporting the registration of IPv6 dns servers. This time, I am actually surprised. They have been playing with it, their famed web management tool (ick, can we get the email templates back please?) has an experimental feature 'not turned on yet' to allow registration of IPv6 dns servers. I was told to call 866-345-0330 and I had a pleasant conversation with someone who told me the above, but also that they didn't dare 'enable' this feature as the database for the core ns regististry (perhaps I'm using the wrong terms here) .. is not capable of taking an IPv6 address. I write here to ask if anyone knows anyone who knows anyone .. well you get the picture .. if anyone can find out what is being done to correct the current roadblock for this to happen? I was told to try to find an email contact at http://www.verisign-grs.com which redirects me to http://www.verisign.com/nds/naming/ And provides not alot of insight as to who to contact. Am I barking up the right tree? Thanks, -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From todd@fries.net Tue Jul 1 19:24:37 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 1 Jul 2003 13:24:37 -0500 Subject: [6bone] moving fast Message-ID: <20030701182437.GF18908@fries.net> Yesterday I said I got off the phone with Networks Soltuions and thought this was another year I could not register an IPv6 dns server. Now, I'm on hold, on and off infact, with their advanced dns team, at the US number of 1-866-345-0330. They are capable of putting in an IPv6 address for a dns server that has an existing IPv4 address. For example (as sent to the 6bone mailing list): whois -h whois.internic.net dot.ep.net Is most definately registered as a v4 and v6 dns server. If any of you out there are wanting to register an IPv6 address with your dns server for your domain, call the above number. You may not get the same person I did, so you may need some patience while you explain to them the above information proves they can do it. I have raised the bar one notch, however, and requested not only ns0.fries.net and ns1.fries.net get an additional ip that happens to be IPv6, but I've also requested that ns6.fries.net get registered as a host with an IPv6 record _only_. This last bit may not be everyone's desire just yet, but I like to be forward thinking, and would like to push to have things ready when more and more do not need to register an IPv4 address to have a dns server. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From tcpdumb@it-bytes.org Tue Jul 1 20:32:40 2003 From: tcpdumb@it-bytes.org (tcpdumb) Date: Tue, 1 Jul 2003 21:32:40 +0200 Subject: [6bone] IPv6 6 to 4 Reverse lookup. Message-ID: <20030701213240.384223a4.tcpdumb@it-bytes.org> Hi there! Some days ago while talking to other 6to4-Users the question came up, on how to get reverse lookup on 6to4-addresses. A "dig -x 2002::" showed up the following result: ##### snip tcpdumb@beast:~$ dig -x 2002:: ; <<>> DiG 9.2.1 <<>> -x 2002:: ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30249 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;\[x20020000000000000000000000000000/128].ip6.arpa. IN PTR ;; AUTHORITY SECTION: ip6.arpa. 10800 IN SOA dns1.icann.org. hostmaster.icann.org. 2003062400 3600 1800 604800 10800 ;; Query time: 92 msec ;; SERVER: 192.168.23.3#53(192.168.23.3) ;; WHEN: Tue Jul 1 21:18:48 2003 ;; MSG SIZE rcvd: 113 tcpdumb@beast:~$ ##### snap which would lead me to the thought that there is only one DNS where the SOA lies (not very redundant). An eMail asking the hostmaster whether it is possible or not to get the SOA for the own 6to4 address space (IPv4 registered at ripe, three Nameservers available) was left unanswered. Question: Are there any international laws on my side? Sorry guys but this is annoying! Regards, Lukas Th. Hey From Q@ping.be Tue Jul 1 21:20:11 2003 From: Q@ping.be (Kurt Roeckx) Date: Tue, 1 Jul 2003 22:20:11 +0200 Subject: [6bone] IPv6 6 to 4 Reverse lookup. In-Reply-To: <20030701213240.384223a4.tcpdumb@it-bytes.org> References: <20030701213240.384223a4.tcpdumb@it-bytes.org> Message-ID: <20030701202011.GA30547@ping.be> On Tue, Jul 01, 2003 at 09:32:40PM +0200, tcpdumb wrote: > Hi there! > > Some days ago while talking to other 6to4-Users the question came up, on how to get reverse lookup on 6to4-addresses. A "dig -x 2002::" showed up the following result: 2.0.0.2.ip6.int. 1D IN SOA dot.ep.net. hostmaster.ep.net. ( 2002091605 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1d12h ) ; minimum 2.0.0.2.ip6.int. 1D IN NS dot.ep.net. 2.0.0.2.ip6.int. 1D IN NS flag.ep.net. 2.0.0.2.ip6.int. 1D IN NS z.ip6.int. 2.0.0.2.ip6.arpa doesn't seem to be delegated however. Kurt From bmanning@ISI.EDU Tue Jul 1 21:12:34 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Tue, 1 Jul 2003 13:12:34 -0700 (PDT) Subject: [6bone] IPv6 6 to 4 Reverse lookup. In-Reply-To: <20030701213240.384223a4.tcpdumb@it-bytes.org> from tcpdumb at "Jul 1, 3 09:32:40 pm" Message-ID: <200307012012.h61KCYE27819@boreas.isi.edu> see the longstanding thread on ip6.int vs ip6.arpa to register in 2.0.0.2.ip6.int, send your request to hostmaster@ep.net % Hi there! % % Some days ago while talking to other 6to4-Users the question came up, on how to get reverse lookup on 6to4-addresses. A "dig -x 2002::" showed up the following result: % % ##### snip % % tcpdumb@beast:~$ dig -x 2002:: % % ; <<>> DiG 9.2.1 <<>> -x 2002:: % ;; global options: printcmd % ;; Got answer: % ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30249 % ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 % % ;; QUESTION SECTION: % ;\[x20020000000000000000000000000000/128].ip6.arpa. IN PTR % % ;; AUTHORITY SECTION: % ip6.arpa. 10800 IN SOA dns1.icann.org. hostmaster.icann.org. 2003062400 3600 1800 604800 10800 % % ;; Query time: 92 msec % ;; SERVER: 192.168.23.3#53(192.168.23.3) % ;; WHEN: Tue Jul 1 21:18:48 2003 % ;; MSG SIZE rcvd: 113 % % tcpdumb@beast:~$ % % ##### snap % % which would lead me to the thought that there is only one DNS where the SOA lies (not very redundant). An eMail asking the hostmaster whether it is possible or not to get the SOA for the own 6to4 address space (IPv4 registered at ripe, three Nameservers available) was left unanswered. % % Question: Are there any international laws on my side? % % Sorry guys but this is annoying! % Regards, % % Lukas Th. Hey % _______________________________________________ % 6bone mailing list % 6bone@mailman.isi.edu % http://mailman.isi.edu/mailman/listinfo/6bone % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bob@thefinks.com Tue Jul 1 17:26:37 2003 From: bob@thefinks.com (Bob Fink) Date: Tue, 01 Jul 2003 09:26:37 -0700 Subject: [6bone] 6bone pTLA 3FFE:401B::/32 allocated to PL-CDP6 Message-ID: <5.2.0.9.0.20030701091656.01bcc910@mail.addr.com> PL-CDP6 has been allocated pTLA 3FFE:401B::/32 having finished its review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration in e.f.f.3.ip6.int for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] [Note: The effort to startup e.f.f.3.ip6.arpa is well underway with the draft http://www.ietf.org/internet-drafts/draft-ymbk-6bone-arpa-delegation-01.txt now approved by the IETF/IESG as a BCP RFC. We are in the process of getting IANA to do the actual delegation to the 6bone ip6.arpa servers. There will be an announcement of progress soon.] Thanks, Bob From bob@thefinks.com Tue Jul 1 17:26:29 2003 From: bob@thefinks.com (Bob Fink) Date: Tue, 01 Jul 2003 09:26:29 -0700 Subject: [6bone] 6bone pTLA 3FFE:401A::/32 allocated to RETINA Message-ID: <5.2.0.9.0.20030701091700.028d59e8@mail.addr.com> RETINA has been allocated pTLA 3FFE:401A::/32 having finished its review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration in e.f.f.3.ip6.int for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] [Note: The effort to startup e.f.f.3.ip6.arpa is well underway with the draft http://www.ietf.org/internet-drafts/draft-ymbk-6bone-arpa-delegation-01.txt now approved by the IETF/IESG as a BCP RFC. We are in the process of getting IANA to do the actual delegation to the 6bone ip6.arpa servers. There will be an announcement of progress soon.] Thanks, Bob From jeroen@unfix.org Tue Jul 1 18:23:21 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 1 Jul 2003 19:23:21 +0200 Subject: [6bone] core ns registry database In-Reply-To: <20030701130515.GB3347@fries.net> Message-ID: <000701c33ff5$799dd4b0$210d640a@unfix.org> Todd T. Fries wrote: > I called Network Solutions yesterday. I have made an annual > event out of calling them and seeing how far I can prod them > about how far they are with supporting the registration of > IPv6 dns servers. It is apparently possible, see below, but none of the registries apparently want to cooperate in doing it. With the below in hand I mailed around but just got told 'no it doesn't work' or even 'what is IPv6'... Note that if can complain hard enough it is possible, some times: whois -h whois.internic.net dot.ep.net Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Server Name: DOT.EP.NET IP Address: 198.32.2.10 IP Address: 2001:478:6:0:230:48FF:FE22:6A29 Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com And what we all want (dig +trace dot.ep.net aaaa | tail): dot.ep.net. 172800 IN AAAA 2001:478:6:0:230:48ff:fe22:6a29 ep.net. 172800 IN NS dot.ep.net. ep.net. 172800 IN NS flag.ep.net. ;; Received 149 bytes from 192.5.6.30#53(A.GTLD-SERVERS.net) in 4 ms Greets, Jeroen ------------ From: Matt Larson To: Jeroen Massar Cc: "'Geo.'" , nanog@merit.edu Subject: Re: Root server error Message-ID: <20030306181511.GW16021@chinook.rgy.netsol.com> References: <20030227203321.GB31684@chinook.rgy.netsol.com> <008f01c2dea5$40d0a1a0$210d640a@unfix.org> Hi, Jeroen. On Thu, 27 Feb 2003, Jeroen Massar wrote: > Is it _finally_ possible then, to get a AAAA record as glue into > the com/net/org zones? Yes, since RRP 2.0 (the protocol used by ICANN-accredited registrars to register com/net domains with VeriSign Global Registry Services) was deployed in mid-May, 2002. Since the registrars are the customers of VeriSign GRS, we communicated this new feature to them directly and not to the general public. (Although researching this topic has made it clear to me that we've got to get something about it on our web site, which I'm working on.) It appears that the registrars have not widely publicized the availability of this feature. Also, not all registrars support registration of AAAA records. For example, the Network Solutions registrar does not, but PSI Japan and eNom do. That's definitely not a complete list: those are the only registrars that I have definitive information on. The only way to know for sure about your registrar is to ask them. Please let me know if I can be answer any other questions or otherwise help you out. Kind regards, Matt -- Matt Larson VeriSign Global Registry Services From todd@fries.net Tue Jul 1 19:27:30 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 1 Jul 2003 13:27:30 -0500 Subject: [6bone] Re: moving fast In-Reply-To: <20030701182437.GF18908@fries.net> References: <20030701182437.GF18908@fries.net> Message-ID: <20030701182730.GA12611@fries.net> Just wanted to clarify. This will only work for certain if you have network solutions as your registrar for the dns host registration in question. However, you may be able to talk your respective registrars into the same, as apparently it is possible. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Todd T. Fries on Tue, Jul 01, 2003 at 01:24:37PM -0500, we have: | Yesterday I said I got off the phone with Networks Soltuions and thought this | was another year I could not register an IPv6 dns server. | | Now, I'm on hold, on and off infact, with their advanced dns team, at | the US number of 1-866-345-0330. | | They are capable of putting in an IPv6 address for a dns server that | has an existing IPv4 address. For example (as sent to the 6bone mailing | list): | | whois -h whois.internic.net dot.ep.net | | Is most definately registered as a v4 and v6 dns server. | | If any of you out there are wanting to register an IPv6 address with | your dns server for your domain, call the above number. You may not | get the same person I did, so you may need some patience while you | explain to them the above information proves they can do it. | | I have raised the bar one notch, however, and requested not only | ns0.fries.net and ns1.fries.net get an additional ip that happens to | be IPv6, but I've also requested that ns6.fries.net get registered | as a host with an IPv6 record _only_. | | This last bit may not be everyone's desire just yet, but I like to be | forward thinking, and would like to push to have things ready when | more and more do not need to register an IPv4 address to have a | dns server. | -- | Todd Fries .. todd@fries.net | | | Free Daemon Consulting, LLC Land: 405-748-4596 | http://FreeDaemonConsulting.com Mobile: 405-203-6124 | "..in support of free software solutions." | | Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A | Key: http://todd.fries.net/pgp.txt | | (last updated 2003/03/13 07:14:10) | From jeroen@unfix.org Tue Jul 1 22:58:18 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 1 Jul 2003 23:58:18 +0200 Subject: [6bone] Re: moving fast In-Reply-To: <20030701182730.GA12611@fries.net> Message-ID: <001c01c3401b$e21de310$210d640a@unfix.org> Todd T. Fries wrote: > Just wanted to clarify. This will only work for certain if you have > network solutions as your registrar for the dns host registration in > question. > > However, you may be able to talk your respective registrars into the > same, as apparently it is possible. Do they have an email address over there? As I don't like too call US numbers for a uncertain (read: prolly quite long) amount of time from an dutch line. (No, we don't have those ultra cheap telco's over here :) Greets, Jeroen From kim@tac.nyc.ny.us Wed Jul 2 02:18:37 2003 From: kim@tac.nyc.ny.us (Kimmo Suominen) Date: Tue, 01 Jul 2003 21:18:37 -0400 Subject: [6bone] core ns registry database In-Reply-To: <000701c33ff5$799dd4b0$210d640a@unfix.org> from "Jeroen Massar" on Tue, 01 Jul 2003 19:23:21 +0200 References: <000701c33ff5$799dd4b0$210d640a@unfix.org> Message-ID: <20030702011837.BB5547E06@beowulf.gw.com> Not having much luck yet with directNIC.com... Their name server settings have the following "improvement" announced: Due to improvements at directNIC you are no longer required to enter the IP address for nameservers. We only require the Server Name or FQDN. So apparently they retrieve the information from my name server, but are ignoring the AAAA records. I tried to explain this in more words to them, so we'll see what happens. If they could find someone who knows what glue records are... I just really don't want to go back to Network Solutions... + Kim | From: directNIC Trouble Ticket System | Date: 01 Jul 2003 22:38:53 -0000 | | Thank you for using the directNIC.com Trouble Ticket System. The | following response is from a qualified directNIC customer support | team member: | | Date: 07/01/03 05:25pm | From: jim | | I am not certain exactly what you are asking. Please explain | what you mean when you say "The improved nameserver handling" All | your domains are working properly and digs on them show the AAAA | records for your nameservers. If you have any further questions, | please give us specific problems you need resolved so we can | better assist you. From P.Zurawski@crowley.pl Wed Jul 2 07:45:07 2003 From: P.Zurawski@crowley.pl (Piotr Zurawski) Date: Wed, 2 Jul 2003 08:45:07 +0200 Subject: [6bone] Re: moving fast References: <001c01c3401b$e21de310$210d640a@unfix.org> Message-ID: <00f301c34065$92355870$8ddca8c0@zurawputer> I think calling the helpdesk isn't the way to solve the problem. We should rather look for someone being responsible for procedures, designing the services etc. . In most cases posting such issues to helpdesk is just being ignored by organization. Best Regards, Piotr ----- Original Message ----- From: "Jeroen Massar" To: ; <6bone@ISI.EDU> Sent: Tuesday, July 01, 2003 11:58 PM Subject: RE: [6bone] Re: moving fast > Todd T. Fries wrote: > > > Just wanted to clarify. This will only work for certain if you have > > network solutions as your registrar for the dns host registration in > > question. > > > > However, you may be able to talk your respective registrars into the > > same, as apparently it is possible. > > Do they have an email address over there? > As I don't like too call US numbers for a uncertain > (read: prolly quite long) amount of time from an dutch line. > (No, we don't have those ultra cheap telco's over here :) > > Greets, > Jeroen > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From todd@fries.net Wed Jul 2 14:14:49 2003 From: todd@fries.net (Todd T. Fries) Date: Wed, 2 Jul 2003 08:14:49 -0500 Subject: [6bone] email for 'advanced dns team' Message-ID: <20030702131449.GU18908@fries.net> Initially, I asked `how should I point the masses to you guys?' I received the response `the phone number will work just fine'. Since then I have been informed that overseas customers would find an email address much less costly. Repeating the question again has resulted in the following email address: dnssupport@networksolutions.com Happy IPv6'ing! -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From todd@fries.net Wed Jul 2 14:55:11 2003 From: todd@fries.net (Todd T. Fries) Date: Wed, 2 Jul 2003 08:55:11 -0500 Subject: [6bone] Re: moving fast In-Reply-To: <00f301c34065$92355870$8ddca8c0@zurawputer> References: <001c01c3401b$e21de310$210d640a@unfix.org> <00f301c34065$92355870$8ddca8c0@zurawputer> Message-ID: <20030702135511.GA9400@fries.net> Perhaps my understanding with the individual I spoke to in the 'advanced dns team' was not the correct way of doing things, but I mentioned something to the effect of `if you keep getting calls to do this type of thing manually, you will have an incentive to automate the process, and perhaps make it available on the web domain management tool, eh?' to which the reply was affirmative. I consider `getting it to work' first order of business, and `getting it to work well' 2nd order of business. Hopefully the powers that be will recognize that the time and energy they will invest in 'putting out fires' by manually inserting IPv6 records into the gtld database and/or updating them would be spent more wisely by developing the web frontend to just allow the customer to manage this themselves. Being one who understands a thing or two about web frontends, I would expect this change to not happen overnight. True, I've not been told `it will happen', but what is desired is a process to put an IPv6 address into the gtld servers for a nameserver. This has been mapped out now for one registrar. Refining the process is left as an exercise for the respective registrars and their customers to hash out, no? -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Piotr Zurawski on Wed, Jul 02, 2003 at 08:45:07AM +0200, we have: | I think calling the helpdesk isn't the way to solve the problem. We | should rather look for someone being responsible for procedures, | designing the services etc. . In most cases posting such issues to | helpdesk is just being ignored by organization. | | Best Regards, | | Piotr | ----- Original Message ----- | From: "Jeroen Massar" | To: ; <6bone@ISI.EDU> | Sent: Tuesday, July 01, 2003 11:58 PM | Subject: RE: [6bone] Re: moving fast | | | > Todd T. Fries wrote: | > | > > Just wanted to clarify. This will only work for certain if you have | > > network solutions as your registrar for the dns host registration in | > > question. | > > | > > However, you may be able to talk your respective registrars into the | > > same, as apparently it is possible. | > | > Do they have an email address over there? | > As I don't like too call US numbers for a uncertain | > (read: prolly quite long) amount of time from an dutch line. | > (No, we don't have those ultra cheap telco's over here :) | > | > Greets, | > Jeroen | > | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | > From uriah_pollock@mentorg.com Wed Jul 2 15:08:03 2003 From: uriah_pollock@mentorg.com (Pollock, Uriah) Date: Wed, 2 Jul 2003 09:08:03 -0500 Subject: [6bone] Re: moving fast Message-ID: FYI: www.zoneedit.com allows you to register IPv6 addresses. They have a web front end, maybe the only front end, and give you up to 5 domains for free. They may not be one of the big guys out there but they do have support. Uriah -----Original Message----- From: Todd T. Fries [mailto:todd@fries.net] Sent: Wednesday, July 02, 2003 8:55 AM To: Piotr Zurawski Cc: Jeroen Massar; 6bone@ISI.EDU Subject: Re: [6bone] Re: moving fast Perhaps my understanding with the individual I spoke to in the 'advanced dns team' was not the correct way of doing things, but I mentioned something to the effect of `if you keep getting calls to do this type of thing manually, you will have an incentive to automate the process, and perhaps make it available on the web domain management tool, eh?' to which the reply was affirmative. I consider `getting it to work' first order of business, and `getting it to work well' 2nd order of business. Hopefully the powers that be will recognize that the time and energy they will invest in 'putting out fires' by manually inserting IPv6 records into the gtld database and/or updating them would be spent more wisely by developing the web frontend to just allow the customer to manage this themselves. Being one who understands a thing or two about web frontends, I would expect this change to not happen overnight. True, I've not been told `it will happen', but what is desired is a process to put an IPv6 address into the gtld servers for a nameserver. This has been mapped out now for one registrar. Refining the process is left as an exercise for the respective registrars and their customers to hash out, no? -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Piotr Zurawski on Wed, Jul 02, 2003 at 08:45:07AM +0200, we have: | I think calling the helpdesk isn't the way to solve the problem. We | should rather look for someone being responsible for procedures, | designing the services etc. . In most cases posting such issues to | helpdesk is just being ignored by organization. | | Best Regards, | | Piotr | ----- Original Message ----- | From: "Jeroen Massar" | To: ; <6bone@ISI.EDU> | Sent: Tuesday, July 01, 2003 11:58 PM | Subject: RE: [6bone] Re: moving fast | | | > Todd T. Fries wrote: | > | > > Just wanted to clarify. This will only work for certain if you have | > > network solutions as your registrar for the dns host registration in | > > question. | > > | > > However, you may be able to talk your respective registrars into the | > > same, as apparently it is possible. | > | > Do they have an email address over there? | > As I don't like too call US numbers for a uncertain | > (read: prolly quite long) amount of time from an dutch line. | > (No, we don't have those ultra cheap telco's over here :) | > | > Greets, | > Jeroen | > | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | > _______________________________________________ 6bone mailing list 6bone@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/6bone From cfaber@fpsn.net Wed Jul 2 22:19:17 2003 From: cfaber@fpsn.net (Colin Faber) Date: Wed, 02 Jul 2003 15:19:17 -0600 Subject: [6bone] email for 'advanced dns team' In-Reply-To: <20030702131449.GU18908@fries.net> References: <20030702131449.GU18908@fries.net> Message-ID: <3F034C55.8060201@fpsn.net> Which reminds me, Is Network solutions, or any other registrar accepting IPv6 DNS entries now? Todd T. Fries wrote: > Initially, I asked `how should I point the masses to you guys?' I received > the response `the phone number will work just fine'. Since then I have been > informed that overseas customers would find an email address much less > costly. Repeating the question again has resulted in the following > email address: > > dnssupport@networksolutions.com > > Happy IPv6'ing! -- Colin Faber (303) 859-1491 fpsn.net, Inc. * Black holes are where God divided by zero. * From todd@fries.net Wed Jul 2 23:00:58 2003 From: todd@fries.net (Todd T. Fries) Date: Wed, 2 Jul 2003 17:00:58 -0500 Subject: [6bone] email for 'advanced dns team' In-Reply-To: <3F034C55.8060201@fpsn.net> References: <20030702131449.GU18908@fries.net> <3F034C55.8060201@fpsn.net> Message-ID: <20030702220058.GB9400@fries.net> Either read the older threads in this newsgroup at: http://mailman.isi.edu/pipermail/6bone/2003-July/thread.html via the 'core ns registry' and 'moving fast' threads, or checkout the more concise verbage I wrote at: http://deadly.org/article.php3?sid=20030702084202 In snort, it depends, they can, if they chose to. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Colin Faber on Wed, Jul 02, 2003 at 03:19:17PM -0600, we have: | Which reminds me, | | Is Network solutions, or any other registrar accepting IPv6 DNS entries now? | | | Todd T. Fries wrote: | | >Initially, I asked `how should I point the masses to you guys?' I received | >the response `the phone number will work just fine'. Since then I have | >been | >informed that overseas customers would find an email address much less | >costly. Repeating the question again has resulted in the following | >email address: | > | > dnssupport@networksolutions.com | > | >Happy IPv6'ing! | | -- | Colin Faber | (303) 859-1491 | fpsn.net, Inc. | * Black holes are where God divided by zero. * | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From jorgen@hovland.cx Thu Jul 3 01:49:33 2003 From: jorgen@hovland.cx (=?ISO-8859-1?Q?J=F8rgen?= Hovland) Date: 03 Jul 2003 02:49:33 +0200 Subject: [6bone] moving fast In-Reply-To: <20030701182437.GF18908@fries.net> References: <20030701182437.GF18908@fries.net> Message-ID: <1057193372.401.5.camel@localhost> On Tue, 2003-07-01 at 20:24, Todd T. Fries wrote: > Yesterday I said I got off the phone with Networks Soltuions and thought this > was another year I could not register an IPv6 dns server. > > Now, I'm on hold, on and off infact, with their advanced dns team, at > the US number of 1-866-345-0330. > > They are capable of putting in an IPv6 address for a dns server that > has an existing IPv4 address. For example (as sent to the 6bone mailing > list): > > whois -h whois.internic.net dot.ep.net > > Is most definately registered as a v4 and v6 dns server. > > If any of you out there are wanting to register an IPv6 address with > your dns server for your domain, call the above number. You may not > get the same person I did, so you may need some patience while you > explain to them the above information proves they can do it. > > I have raised the bar one notch, however, and requested not only > ns0.fries.net and ns1.fries.net get an additional ip that happens to > be IPv6, but I've also requested that ns6.fries.net get registered > as a host with an IPv6 record _only_. > > This last bit may not be everyone's desire just yet, but I like to be > forward thinking, and would like to push to have things ready when > more and more do not need to register an IPv4 address to have a > dns server. Hi Todd Have Networksolutions added your AAAA record ? I remember Afrinic brought this up at ripe 44, but I guess thats not quite the same. Last year we emailed our registrar (it was not Network Solutions) a couple of times about it, but they didnt understand what we asked for so we just gave up. This year we use Network Solutions, and we have emailed them a couple of times too. First email recieved from them; > Received: 04/09/2003 05:21pm Central Standard Time (GMT - 5:00 ) > To: customerservice@networksolutions.com > Subject: REG1HST How do I switch ISPs or update my name servers? They too didnt understand what we asked for. They actually told us to contact our service provider to fix it (hey thats us). After they tried offering us their "Advanced DNS Management" service, the last response from them was >Date: Tue, 24 Jun 2003 22:47:06 GMT > >Thank you for contacting Network Solutions. > >Upon review of our recent communications, it has become apparent that >we may not be able to resolve this situation via e-mail. > >So that we may resolve this issue in an expedited manner, please call >us 24 hours a day, at 1-888-642-9675 and a representative will be happy >to help you. If you are calling from outside of the U.S. dial >1-703-742-0914. > >Thank you for your patience. Now, I have called Network Solutions before. It took me over 1 hour to get my question through (it was non-ipv6 related), and I had to pay them money to get a person that understood what I was talking about (vip-support or something). Asking them for aaaa-records would probably take thrice the time, and I will probably have to pay them again. I am not going to do this if the answer is "no we cant add your v6 glue record". I just mailed the dnssupport@-mail you gave. I hope the people answering is not the same as customerservice@ :-) Please tell me when they add your v6 record. Then I know that calling them will work. Joergen Hovland From kim@tac.nyc.ny.us Fri Jul 4 04:25:11 2003 From: kim@tac.nyc.ny.us (Kimmo Suominen) Date: Thu, 03 Jul 2003 23:25:11 -0400 Subject: [6bone] core ns registry database In-Reply-To: <20030702011837.BB5547E06@beowulf.gw.com> from Kimmo Suominen on Tue, 01 Jul 2003 21:18:37 -0400 References: <000701c33ff5$799dd4b0$210d640a@unfix.org> <20030702011837.BB5547E06@beowulf.gw.com> Message-ID: <20030704032511.271517E03@beowulf.gw.com> I'm happy to report that directNIC.com can manually enter IPv6 addresses. A Product Development Manager responded to my support ticket: "I understand the need to the ability to create IPv6 nameservers. [...] "Currently it does not allow IPv6 to be associated with a nameserver, but I have added it to the list of things that will be added shortly. If you need an IPv6 nameserver created before it's added, please let me know all of the information and I will get it created." >From past experience, when they say they'll implement a feature, it does not take long for it to appear on the production website. They have also always been very responsive in their support. Now if only the root and gtld servers had IPv6 addresses... :-) Regards, + Kim Server Name: GRENDEL.GW.COM IP Address: 2001:240:584:1:260:8FF:FEC6:332C IP Address: 204.80.150.1 Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM Whois Server: whois.directnic.com Referral URL: http://www.directnic.com From guangxm@ctbri.com.cn Fri Jul 4 07:57:08 2003 From: guangxm@ctbri.com.cn (guang xiaoming) Date: Fri, 4 Jul 2003 14:57:08 +0800 Subject: [6bone] ASpath trouble References: <001c01c3401b$e21de310$210d640a@unfix.org> Message-ID: <002301c341f9$7c4896e0$0e35090a@gxm> hello recently i just build ASpath in our ipv6 testbed. sixbone ---- BII(AS10109) --v6v4 tunnel--- Cisco GSR(AS4134) ---v6-- CIsco 7600(AS64610) --v6v4 tunnel--- LINUX/ZEBRA0.93b(AS64610). after run update-rtree, we got empty bgp tree only with SITENAME there. BTW we add corresponding enties in as.table/ipv6-prefix.table/force.as.table with our sitename and its AS. anyway thanks alot for your help on this issue. anthony ----- Original Message ----- From: <6bone-admin@mailman.isi.edu> To: ; <6bone@ISI.EDU> Sent: Wednesday, July 02, 2003 5:58 AM Subject: RE: [6bone] Re: moving fast > > > Todd T. Fries wrote: > > > Just wanted to clarify. This will only work for certain if you have > > network solutions as your registrar for the dns host registration in > > question. > > > > However, you may be able to talk your respective registrars into the > > same, as apparently it is possible. > > Do they have an email address over there? > As I don't like too call US numbers for a uncertain > (read: prolly quite long) amount of time from an dutch line. > (No, we don't have those ultra cheap telco's over here :) > > Greets, > Jeroen > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > > From mohacsi@niif.hu Fri Jul 4 08:49:29 2003 From: mohacsi@niif.hu (Janos Mohacsi) Date: Fri, 4 Jul 2003 09:49:29 +0200 (CEST) Subject: [6bone] ASpath trouble In-Reply-To: <002301c341f9$7c4896e0$0e35090a@gxm> References: <001c01c3401b$e21de310$210d640a@unfix.org> <002301c341f9$7c4896e0$0e35090a@gxm> Message-ID: <20030704094139.I98553@evil.ki.iif.hu> Hello, On Fri, 4 Jul 2003, guang xiaoming wrote: > hello recently i just build ASpath in our ipv6 testbed. > > sixbone ---- BII(AS10109) --v6v4 tunnel--- Cisco GSR(AS4134) ---v6-- CIsco > 7600(AS64610) --v6v4 tunnel--- LINUX/ZEBRA0.93b(AS64610). > > after run update-rtree, we got empty bgp tree only with SITENAME there. BTW > we add corresponding enties in as.table/ipv6-prefix.table/force.as.table > with our sitename and its AS. > > anyway thanks alot for your help on this issue. > anthony > The update-rtree usually part of the ASpath-tree tool developed by TILAB, Italy. Accroding to the documentation you should use -u to update registry informations and -r to recover to the previously used local information bases. As I recognize you are using private AS numbers internally (see http://www.iana.org/assignments/as-numbers) and therefore no registry entry for them. I hope this helped. Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 From old_mc_donald@hotmail.com Fri Jul 4 13:35:00 2003 From: old_mc_donald@hotmail.com (Gav) Date: Fri, 4 Jul 2003 20:35:00 +0800 Subject: [6bone] Freenet6 Message-ID: Hi All, I don't know if I missed any news, but Freenet6 site is down, are they still providing tunnels or have they gone by the wayside? I recommended them for a friend in the UK and now I have to recommend someone else. He is asking for a permanent test address, any ideas? thanks Gav... --- Checked for Viruses (Viri) , Gav... Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.493 / Virus Database: 292 - Release Date: 25/06/2003 From tjc@ecs.soton.ac.uk Fri Jul 4 15:36:21 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Fri, 4 Jul 2003 15:36:21 +0100 Subject: [6bone] Freenet6 In-Reply-To: References: Message-ID: <20030704143621.GB5991@login.ecs.soton.ac.uk> I doubt freenet6 is gone. Why not recommend a UK tunnel broker to a UK user? Tim On Fri, Jul 04, 2003 at 08:35:00PM +0800, Gav wrote: > Hi All, > > I don't know if I missed any news, but Freenet6 site is down, > > are they still providing tunnels or have they gone by the wayside? > > I recommended them for a friend in the UK and now I have to recommend > someone else. > He is asking for a permanent test address, any ideas? > thanks > > Gav... > > > --- > Checked for Viruses (Viri) , Gav... > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.493 / Virus Database: 292 - Release Date: 25/06/2003 > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From Florent.Parent@viagenie.qc.ca Fri Jul 4 16:09:23 2003 From: Florent.Parent@viagenie.qc.ca (Florent Parent) Date: Fri, 04 Jul 2003 11:09:23 -0400 Subject: [6bone] Freenet6 In-Reply-To: References: Message-ID: <23890000.1057331363@blues.hexago.com> Service is still up. Check http://www.freenet6.net In summary, get the new TSP client and use tsps2.freenet6.net (new server). The previous server tsps1.freenet2.net is still up but we are currently working on solving some problems. If you still experience problems, please send us an email support@freenet6.net Regards, Florent -- Florent Parent Hexago http://www.hexago.com +1-418-266-5533, +1-418-266-5539 (fax) --On Friday, July 04, 2003 20:35:00 +0800 Gav wrote: > Hi All, > > I don't know if I missed any news, but Freenet6 site is down, > > are they still providing tunnels or have they gone by the wayside? > > I recommended them for a friend in the UK and now I have to recommend > someone else. > He is asking for a permanent test address, any ideas? > thanks > > Gav... > > > --- > Checked for Viruses (Viri) , Gav... > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.493 / Virus Database: 292 - Release Date: 25/06/2003 > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From bmanning@ISI.EDU Fri Jul 4 20:03:45 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 4 Jul 2003 12:03:45 -0700 (PDT) Subject: [6bone] core ns registry database In-Reply-To: <20030704032511.271517E03@beowulf.gw.com> from Kimmo Suominen at "Jul 3, 3 11:25:11 pm" Message-ID: <200307041903.h64J3jU03834@boreas.isi.edu> for those who wish, there is a testbed that has native IPv6 root and many tld servers visable/available for those who wish to trial native IPv6 services. www.rs.net for details % I'm happy to report that directNIC.com can manually enter IPv6 addresses. % A Product Development Manager responded to my support ticket: % % "I understand the need to the ability to create IPv6 nameservers. % [...] % % "Currently it does not allow IPv6 to be associated with a nameserver, % but I have added it to the list of things that will be added shortly. % If you need an IPv6 nameserver created before it's added, please let % me know all of the information and I will get it created." % % >From past experience, when they say they'll implement a feature, it does % not take long for it to appear on the production website. They have also % always been very responsive in their support. % % Now if only the root and gtld servers had IPv6 addresses... :-) % % Regards, % + Kim % % % Server Name: GRENDEL.GW.COM % IP Address: 2001:240:584:1:260:8FF:FEC6:332C % IP Address: 204.80.150.1 % Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM % Whois Server: whois.directnic.com % Referral URL: http://www.directnic.com % _______________________________________________ % 6bone mailing list % 6bone@mailman.isi.edu % http://mailman.isi.edu/mailman/listinfo/6bone % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From wildfire@progsoc.uts.edu.au Sun Jul 6 07:38:27 2003 From: wildfire@progsoc.uts.edu.au (Anand Kumria) Date: Sun, 6 Jul 2003 16:38:27 +1000 Subject: Root server testbed was: [6bone] core ns registry database In-Reply-To: <200307041903.h64J3jU03834@boreas.isi.edu> References: <20030704032511.271517E03@beowulf.gw.com> <200307041903.h64J3jU03834@boreas.isi.edu> Message-ID: <20030706063826.GG7269@yeenoghu.progsoc.uts.edu.au> On Fri, Jul 04, 2003 at 12:03:45PM -0700, Bill Manning wrote: > > for those who wish, there is a testbed that has native IPv6 > root and many tld servers visable/available for those who > wish to trial native IPv6 services. > > www.rs.net for details > Hi Bill, Thanks for the pointer, I wasn't aware of rs.net (or otdr or rssac.org either for that matter); I was somewhat interested in reading about the outcome of your IPv6 testbed . Unfortunately that link results in a 404 not found; do you know if there is a local/alternative copy? Thanks, Anand -- `` We are shaped by our thoughts, we become what we think. When the mind is pure, joy follows like a shadow that never leaves. '' -- Buddha, The Dhammapada From hultq@iafrica.com Sun Jul 6 23:15:25 2003 From: hultq@iafrica.com (Marc Hultquist) Date: 07 Jul 2003 00:15:25 +0200 Subject: [6bone] ipv6 New Person Helpo Message-ID: <1057529725.1188.6.camel@Galileo> I Have just finished tinkering with the Freenet6 client and installing it and putting in all the configuration options into my tspc.conf file, such as the username etc. I just wanted to check After doing a apt-get install freenet6 and putting in the username= and password= options, I then did a /etc/init.d/freenet6 restart and fine it all works. Galileo:/etc/freenet6# /etc/init.d/freenet6 restart Resetting freenet IPv6 tunnel (sit1): SIOGIFINDEX: No such device Error while executing /sbin/ifconfig Command: /sbin/ifconfig inet6 del 3ffe:bc0:8000::427/128 3ffe:bc0:8000::427/128 Galileo:/etc/freenet6# Now, what I really wanted to ask, is when I do a ifconfig it comes up with the following. sit1 Link encap:IPv6-in-IPv4 inet6 addr: 3ffe:bc0:8000::427/128 Scope:Global inet6 addr: fe80::c41e:7eea/10 Scope:Link inet6 addr: fe80::a00:6/10 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Does this mean that I have the tunnel working and functional ? I.E is this Desktop pc of mine now ipv6 enabled ? Or is there something I am missing here. ? I know I put in all the correct information into the conf files etc. Is there anything else I should do now ? Sorry to sound like such a fool on the issue, but I am completly new to ipv6(IPng) and I only really started tinkering with it tonight....... Could someone maybe tell me if there is anything else I need to do ? I installed pin6 and traceroute6 and all that, and I can ping and tracert to ipv6 enabled hosts ? So should I or do i need to do anything else? Just for arbs sake, I am running a Debian Linux 3.0 System.... Regards -- Marc Hultquist The Hultquist Family From gall@switch.ch Thu Jul 10 10:43:42 2003 From: gall@switch.ch (Alexander Gall) Date: Thu, 10 Jul 2003 11:43:42 +0200 Subject: [6bone] DoS attacks through 6to4 anycast relay Message-ID: <16141.13646.546257.420062@switch.ch> We (SWITCH) are running one of the (still few) 6to4 anycast relays. Normally, traffic rates are very low (last month's average input was a little over 200kbps) but there were some spikes of several Mbps in the past week. On Tuesday and Wednesday, the traffic was enough to severely disrupt our 7206VXR that serves as relay and terminates some 6bone tunnels as well. We are currently testing an IOS image with IPv6 netflow support on that router, so I was able to see what was going on yesterday evening (17:00 - 18:30 UTC+2). The number of active flows climbed to almost 3000 (from a normal 100-300). This was due to short UDP flows with random source and destination ports from 2002:3ED3:10C:: to 3FFE:8171:61::11 like these SrcAddress InpIf DstAddress OutIf Prot SrcPrt DstPrt Packets 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0x203D 0x8032 150 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0x043D 0x9432 180 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0xAA89 0x8A8E 60 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0xCE89 0xDE8E 160 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0xF289 0x328E 160 Netflow made this easy to spot but the large number of flows is probably also the main reason why the router performed very badly during the event :-( Traffic peaked at 18Mbps before I blocked packets from 62.211.1.12 to 192.88.99.1 at the upstream router. The source points to inetnum: 62.211.1.0 - 62.211.1.255 netname: TIN descr: Telecom Italia S.p.A descr: E@sy.ip ADSL service OSPF Area 1 descr: Wholesale service for ISP country: IT admin-c: BS104-RIPE tech-c: BS104-RIPE status: ASSIGNED PA remarks: Please send abuse notification to abuse@telecomitalia.it notify: ripe-staff@telecomitalia.it mnt-by: TIWS-MNT changed: net_ti@telecomitalia.it 20020801 source: RIPE but that may well be spoofed. The destination resloves to an interesting name (with only a AAAA RR): rootk.it :-) I take this as a good sign that IPv6 is finally catching on ;-) -- Alex SWITCH-NOC From jeroen@unfix.org Thu Jul 10 12:10:39 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Thu, 10 Jul 2003 13:10:39 +0200 Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: <16141.13646.546257.420062@switch.ch> Message-ID: <002401c346d3$e55829f0$210d640a@unfix.org> Alexander Gall wrote: > The destination resloves to an interesting name (with only a AAAA RR): > rootk.it :-) > > I take this as a good sign that IPv6 is finally catching on ;-) I take it that IPv6 is still only used by most people for having a cool reverse dns on IRC. And that some other annoying persons still need to disrupt the working of IPv6 by (d)dossing the POPs of various access providers to get rid of those people. This has been the same for the last 5 years or so, though I must say that I've seen a lot less going to our POPs. But that's quite possibly also because of our strict policies to whom we give service to. Also I must note that .it is usually a source for problems. Which is too bad for them as it really puts them on the blacklist so even people from .it who really are sincere are affected by the few who try to spoil it. But that is usually the case. I hope ISP's mature and start fixing their networks so these stupid and irritating effects stop happening. Greets, Jeroen From dan@reeder.name Thu Jul 10 12:26:12 2003 From: dan@reeder.name (Dan Reeder) Date: Thu, 10 Jul 2003 21:26:12 +1000 Subject: [6bone] DoS attacks through 6to4 anycast relay References: <16141.13646.546257.420062@switch.ch> Message-ID: <000c01c346d6$1509b810$0200a8c0@dryad> > I take this as a good sign that IPv6 is finally catching on ;-) Well yes, but only good as far as using an infrastructure the equivilant of the late 80s internet combined with all the lusers the new millennium brings. I dont understand why some people assumed that using ipv6 would mean no ddos attacks. I just hope the v6 internet will survive over the coming years without too many 'global catastrophes'. As it is I doubt it would take too much effort at all to bring things to a standstill. Dan ----- Original Message ----- From: "Alexander Gall" To: <6bone@ISI.EDU> Sent: Thursday, July 10, 2003 7:43 PM Subject: [6bone] DoS attacks through 6to4 anycast relay > We (SWITCH) are running one of the (still few) 6to4 anycast relays. > Normally, traffic rates are very low (last month's average input was a > little over 200kbps) but there were some spikes of several Mbps in the > past week. On Tuesday and Wednesday, the traffic was enough to > severely disrupt our 7206VXR that serves as relay and terminates some > 6bone tunnels as well. > > We are currently testing an IOS image with IPv6 netflow support on > that router, so I was able to see what was going on yesterday evening > (17:00 - 18:30 UTC+2). The number of active flows climbed to almost > 3000 (from a normal 100-300). This was due to short UDP flows with > random source and destination ports from 2002:3ED3:10C:: to > 3FFE:8171:61::11 like these > > SrcAddress InpIf DstAddress OutIf Prot SrcPrt DstPrt Packets > 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0x203D 0x8032 150 > 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0x043D 0x9432 180 > 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0xAA89 0x8A8E 60 > 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0xCE89 0xDE8E 160 > 2002:3ED3:10C:: Tu2 3FFE:8171:61::11 Gi4/0 0x11 0xF289 0x328E 160 > > Netflow made this easy to spot but the large number of flows is > probably also the main reason why the router performed very badly > during the event :-( > > Traffic peaked at 18Mbps before I blocked packets from 62.211.1.12 to > 192.88.99.1 at the upstream router. > > The source points to > > inetnum: 62.211.1.0 - 62.211.1.255 > netname: TIN > descr: Telecom Italia S.p.A > descr: E@sy.ip ADSL service OSPF Area 1 > descr: Wholesale service for ISP > country: IT > admin-c: BS104-RIPE > tech-c: BS104-RIPE > status: ASSIGNED PA > remarks: Please send abuse notification to abuse@telecomitalia.it > notify: ripe-staff@telecomitalia.it > mnt-by: TIWS-MNT > changed: net_ti@telecomitalia.it 20020801 > source: RIPE > > but that may well be spoofed. > > The destination resloves to an interesting name (with only a AAAA RR): > rootk.it :-) > > I take this as a good sign that IPv6 is finally catching on ;-) > > -- > Alex > SWITCH-NOC > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From gall@switch.ch Thu Jul 10 12:57:15 2003 From: gall@switch.ch (Alexander Gall) Date: 10 Jul 2003 13:57:15 +0200 Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: <002401c346d3$e55829f0$210d640a@unfix.org> References: <002401c346d3$e55829f0$210d640a@unfix.org> Message-ID: <9pllv6r3vo.fsf@switch.ch> On Thu, 10 Jul 2003 13:10:39 +0200, "Jeroen Massar" said: > Alexander Gall wrote: >> The destination resloves to an interesting name (with only a AAAA RR): >> rootk.it :-) >> >> I take this as a good sign that IPv6 is finally catching on ;-) > I take it that IPv6 is still only used by most people for having > a cool reverse dns on IRC. And that some other annoying persons > still need to disrupt the working of IPv6 by (d)dossing the POPs > of various access providers to get rid of those people. Note the ;-) above. However, so far these have been singular events at our 6to4 relay (that's why I thought it's worth mentioning). AFAICS, nobody is really using the anycast relay for *anything* (the 100-300 flows I reported before include all traffic flowing through our IPv6 backbone; actual 6to4 traffic is just a fraction, mostly pings and some DNS queries). -- Alex From pim@ipng.nl Thu Jul 10 16:20:54 2003 From: pim@ipng.nl (Pim van Pelt) Date: Thu, 10 Jul 2003 17:20:54 +0200 Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: <16141.13646.546257.420062@switch.ch> References: <16141.13646.546257.420062@switch.ch> Message-ID: <20030710152054.GA15755@bfib.colo.bit.nl> Alex, | We (SWITCH) are running one of the (still few) 6to4 anycast relays. | Normally, traffic rates are very low (last month's average input was a | little over 200kbps) but there were some spikes of several Mbps in the | past week. I'd like to react to the 'still few' comment above. At AS12859, I've been playing with the idea to start announcing the IPv4 anycast and 2002::/16, but I'm not entirely sure I'm willing to provide IPv4 transit to and from foreign networks. On the other hand, < 1 Mbps traffic is nothing to really worry about. The administration and 'looking after the box' is something I'm more worried about. The IPv6 side is fine by me -- we do not pay for transit at the moment. The IPv4 side worries me in a particular way: If I announce 192.88.99.0/24 to everybody (peers and IP uplinks), I attract everybody's traffic. In order to control this, I can announce it only to peers. This way, incoming 6to4 traffic will be relayed from IPv4 peers into IPv6 peers. Does not cost anything -> good idea :-) If I announce 2002::/16 however, I attract other peoples 2002::: traffic, which I would then have to forward back via IPv4, possibly using an IP uplink. I cannot filter this traffic, because people can not stear which 2002::/16 announcer their traffic will go to that easily. I cannot announce a more specific into the IPv6 DFZ, allthough I'd REALLY like to announce '2002:213.136.0.0::/35'. I am aware of the problems in doing so however. Bottom line: I have not persued this any further. If the community is interrested, I can easily be persuaded to proceed with a relay deployment from AS12859 (nl.bit). -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From gert@space.net Thu Jul 10 17:47:10 2003 From: gert@space.net (Gert Doering) Date: Thu, 10 Jul 2003 18:47:10 +0200 Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: <20030710152054.GA15755@bfib.colo.bit.nl>; from pim@ipng.nl on Thu, Jul 10, 2003 at 05:20:54PM +0200 References: <16141.13646.546257.420062@switch.ch> <20030710152054.GA15755@bfib.colo.bit.nl> Message-ID: <20030710184710.W67740@Space.Net> Hi, On Thu, Jul 10, 2003 at 05:20:54PM +0200, Pim van Pelt wrote: > Bottom line: I have not persued this any further. If the community is > interrested, I can easily be persuaded to proceed with a relay > deployment from AS12859 (nl.bit). I think it will already be helpful if you (and everybody else) run an 6to4 relay just for yourself and your customers. That is: run it, but don't announce the IPv4 anycast address or the 2002:: address to any non-customers. (You have to give it to the customers, otherwise you'll take away the connectivity for them). That way your customers can get quick 6to4 access (both ways, either using 6to4 addresses internally, or talking from native v6 to 6to4 users elsewhere), and you don't have to pay for non-customer traffic. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55442 (55636) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gall@switch.ch Thu Jul 10 18:49:57 2003 From: gall@switch.ch (Alexander Gall) Date: 10 Jul 2003 19:49:57 +0200 Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: <20030710152054.GA15755@bfib.colo.bit.nl> References: <16141.13646.546257.420062@switch.ch> <20030710152054.GA15755@bfib.colo.bit.nl> Message-ID: <9pd6giqnju.fsf@switch.ch> On Thu, 10 Jul 2003 17:20:54 +0200, Pim van Pelt said: > If I announce 2002::/16 however, I attract other peoples > 2002::: traffic, which I would then have to forward back via > IPv4, possibly using an IP uplink. I cannot filter this traffic, because > people can not stear which 2002::/16 announcer their traffic will go to > that easily. I cannot announce a more specific into the IPv6 DFZ, > allthough I'd REALLY like to announce '2002:213.136.0.0::/35'. I am > aware of the problems in doing so however. All networks with global IPv6 connectivity should simply provide a 6to4 router that handles all traffic to 2002::/16 from their customers. In the best case, 2002::/16 would not need to be in the global routing table at all. I don't know how widespread this pratice already is, but at least the amount of traffic we attract with our own anounncement of 2002::/16 is just a small fraction of that coming in on the anycast address, i.e. a few kbps. > Bottom line: I have not persued this any further. If the community is > interrested, I can easily be persuaded to proceed with a relay > deployment from AS12859 (nl.bit). It is clear that this kind of transit will not work forever. I believe that it will no longer be necessary by the time when things start to cost real money. -- Alex From todd@fries.net Fri Jul 11 03:55:16 2003 From: todd@fries.net (Todd T. Fries) Date: Thu, 10 Jul 2003 21:55:16 -0500 Subject: [6bone] v6 dns done! Message-ID: <20030711025515.GC29817@fries.net> I've had a few people email me as 'disbelievers until this actually went through'. I just checked, and it has. You too can see me with a v6 dns server via 'whois -h whois.internic.net ns0.fries.net', ns1.fries.net, and ns6.fries.net. The above whois command can show that ns6.fries.net exists, but it is not yet tied to my domain (ns6.fries.net is the IPv6 _only_ dns server, with no IPv4). If you do 'host -v -t any fries.net a.gtld-servers.net' you will note the absence of ns6.fries.net. But at least we're getting somewhere ;-) Now the bad news. Username and password are required (at this time) for this to take place. I seriously hope in the future their web form allows people to set this information for themselves and not require such information. One final note. I hope you guys don't mind me mentioning this, but I've been made aware of an opportunity for some prize money for those of you active in the IPv6 community. See http://www.v6pc.jp/apc/en/concept.html for further details. They sent me an email and after abit of correspondence it is evident that they have received so few submissions that they have basically been pushing back the deadlines several times. Anyway, hope it is useful information for IPv6'ers out there. Thanks, -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From riel@imladris.surriel.com Sat Jul 12 12:47:35 2003 From: riel@imladris.surriel.com (Rik van Riel) Date: Sat, 12 Jul 2003 11:47:35 +0000 (UTC) Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: <9pd6giqnju.fsf@switch.ch> References: <16141.13646.546257.420062@switch.ch> <20030710152054.GA15755@bfib.colo.bit.nl> <9pd6giqnju.fsf@switch.ch> Message-ID: On Thu, 10 Jul 2003, Alexander Gall wrote: > All networks with global IPv6 connectivity should simply provide a > 6to4 router that handles all traffic to 2002::/16 from their > customers. In the best case, 2002::/16 would not need to be in the > global routing table at all. Does anybody know whether Linux could be set up to have packets to 2002::/16 sent out over ipv4 ? I would like to avoid using 6to4 relays for 2002::/16, admittedly mostly for efficiency reasons. It would be nice if my packets to 2002::/16 didn't need to travel around the world and incur half second latencies... Rik -- Engineers don't grow up, they grow sideways. http://www.surriel.com/ http://kernelnewbies.org/ From pekkas@netcore.fi Sat Jul 12 15:37:13 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Sat, 12 Jul 2003 17:37:13 +0300 (EEST) Subject: [6bone] DoS attacks through 6to4 anycast relay In-Reply-To: Message-ID: On Sat, 12 Jul 2003, Rik van Riel wrote: > On Thu, 10 Jul 2003, Alexander Gall wrote: > > > All networks with global IPv6 connectivity should simply provide a > > 6to4 router that handles all traffic to 2002::/16 from their > > customers. In the best case, 2002::/16 would not need to be in the > > global routing table at all. > > Does anybody know whether Linux could be set up to have packets > to 2002::/16 sent out over ipv4 ? > > I would like to avoid using 6to4 relays for 2002::/16, admittedly > mostly for efficiency reasons. It would be nice if my packets to > 2002::/16 didn't need to travel around the world and incur half > second latencies... Just enable 6to4 on your router like your would enable it on a host, and that should be it. (E.g. on Red Hat Linux, see /usr/share/doc/initscripts-*/ipv6-6to4.howto.) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From hank@att.net.il Tue Jul 15 08:09:20 2003 From: hank@att.net.il (Hank Nussbacher) Date: Tue, 15 Jul 2003 09:09:20 +0200 Subject: [6bone] [article]: NetScreen among firms adding IPv6 to firewalls In-Reply-To: <12696084522.20030630031450@chabrowa.net> Message-ID: <5.1.0.14.2.20030715090604.05876e50@max.att.net.il> http://www.nwfusion.com/news/2003/0714netscreen.html -hank From hank@att.net.il Tue Jul 15 09:04:45 2003 From: hank@att.net.il (Hank Nussbacher) Date: Tue, 15 Jul 2003 10:04:45 +0200 Subject: [6bone] Headsup: Block messaging over IPv6 options Message-ID: <5.1.0.14.2.20030715100210.00abf0e0@max.att.net.il> http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html -Hank From jeroen@unfix.org Tue Jul 15 09:31:02 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 15 Jul 2003 10:31:02 +0200 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: <5.1.0.14.2.20030715100210.00abf0e0@max.att.net.il> Message-ID: <000d01c34aab$6dccb0a0$210d640a@unfix.org> Hank Nussbacher wrote: > http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html Better start checking the IP addresses too, because I could easily: <--- 128 bit IPv6 address ---> <--- subnet ---><--- EUI-64 ---> 3ffe:8114:2000:0240:0290:27ff:fe24:c19f What if I use the EUI-64 part for 8x8 bits: 8 chars of text ? Route the /64 through one box and use some tcpdump trickery. Currently, with especially the 6bone it is not too uncommon to have a complete /48 directed to one box, let's see how 'covert' we can play there. I could even put the chars in the EUI-64 form, looking like EUI-64 but not being it. Have fun filtering oh mighty firewall people. IMHO think that 'inspecting' is useless. As long as two(+) endpoints are in control of a user he can send any kind of packets between them. We are not talking about distributing or crypting stuff yet... Think of the nice DNS tunnels :) Using a HTTP proxy could be a good start though. But then we simply would use POST on a external server to get a nice tunnel. So have fun filtering. And why do IPv6 if you are denying users their end to end experience ? IMHO stick to your "ipv4 nat" security then. If you really want to firewall your users: disconnect them. Greets, Jeroen From Francis.Dupont@enst-bretagne.fr Tue Jul 15 12:57:53 2003 From: Francis.Dupont@enst-bretagne.fr (Francis Dupont) Date: Tue, 15 Jul 2003 13:57:53 +0200 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: Your message of Tue, 15 Jul 2003 10:04:45 +0200. <5.1.0.14.2.20030715100210.00abf0e0@max.att.net.il> Message-ID: <200307151157.h6FBvrof041728@givry.rennes.enst-bretagne.fr> In your previous mail you wrote: http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html => Oh! If we need another bigger covert channel I can propose the transport payload... Is the advisory a joke or someone announced the IPv6 support when he was at the bottom of the learning curve? Francis.Dupont@enst-bretagne.fr From rocheml@httrack.com Tue Jul 15 13:24:25 2003 From: rocheml@httrack.com (Xavier Roche) Date: Tue, 15 Jul 2003 14:24:25 +0200 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: <200307151157.h6FBvrof041728@givry.rennes.enst-bretagne.fr> References: <5.1.0.14.2.20030715100210.00abf0e0@max.att.net.il> <200307151157.h6FBvrof041728@givry.rennes.enst-bretagne.fr> Message-ID: <20030715122425.GA4374@linux.localnet.loc> On Tue, Jul 15, 2003 at 01:57:53PM +0200, Francis Dupont wrote: > http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html > => Oh! If we need another bigger covert channel I can propose the > transport payload... Is the advisory a joke or someone announced > the IPv6 support when he was at the bottom of the learning curve? There is also a great security threat in IPv4 regarding the TOS byte which can be used to transmit data. It is possible to use this header fragment "as a covert channel to pass data between peers, without being inspected". Spooky! From hansolofalcon@worldnet.att.net Tue Jul 15 13:44:49 2003 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Tue, 15 Jul 2003 08:44:49 -0400 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: <200307151157.h6FBvrof041728@givry.rennes.enst-bretagne.fr> Message-ID: <001301c34ace$e17ba100$239efea9@who5> Hello from Gregg C Levine I think I am lost. Would one of you, or any of you, please elaborate? I looked at the website. It seems to be an almost professional outfit, which seems to think they need a registration to allow the interested party to view what they are intending to do regarding the concepts. I don't follow their line of reasoning. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) > -----Original Message----- > From: 6bone-admin@mailman.isi.edu [mailto:6bone-admin@mailman.isi.edu] On > Behalf Of Francis Dupont > Sent: Tuesday, July 15, 2003 7:58 AM > To: Hank Nussbacher > Cc: first-teams@first.org; 6bone@ISI.EDU > Subject: Re: [6bone] Headsup: Block messaging over IPv6 options > > In your previous mail you wrote: > > http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22. html > > => Oh! If we need another bigger covert channel I can propose the > transport payload... Is the advisory a joke or someone announced > the IPv6 support when he was at the bottom of the learning curve? > > Francis.Dupont@enst-bretagne.fr > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From todd@fries.net Tue Jul 15 13:45:37 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 15 Jul 2003 07:45:37 -0500 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: <20030715122425.GA4374@linux.localnet.loc> References: <5.1.0.14.2.20030715100210.00abf0e0@max.att.net.il> <200307151157.h6FBvrof041728@givry.rennes.enst-bretagne.fr> <20030715122425.GA4374@linux.localnet.loc> Message-ID: <20030715124537.GA27276@fries.net> Even worse, the icmp data is uninspected. And this bug effects both protocol families! What were people thinking when they wrote internet rfc's, that people might actually try to transmit data? Oh no! -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Xavier Roche on Tue, Jul 15, 2003 at 02:24:25PM +0200, we have: | On Tue, Jul 15, 2003 at 01:57:53PM +0200, Francis Dupont wrote: | > http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html | > => Oh! If we need another bigger covert channel I can propose the | > transport payload... Is the advisory a joke or someone announced | > the IPv6 support when he was at the bottom of the learning curve? | | There is also a great security threat in IPv4 regarding the TOS byte which can be used to transmit data. It is possible to use this header fragment "as a covert channel to pass data between peers, without being inspected". Spooky! | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From todd@fries.net Tue Jul 15 16:12:41 2003 From: todd@fries.net (Todd T. Fries) Date: Tue, 15 Jul 2003 10:12:41 -0500 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: <001301c34ace$e17ba100$239efea9@who5> References: <200307151157.h6FBvrof041728@givry.rennes.enst-bretagne.fr> <001301c34ace$e17ba100$239efea9@who5> Message-ID: <20030715151241.GB27276@fries.net> The `security alert' in question comes from putting data in a packet, transmitting it, and receiving that data. The floor rolling is being done by those of us who understand that to be the basic tennent of those who use the internet. In all seriousness, I guess they're actually concerned about the 'do not inspect' flag and thinking firewalls will actually obey this incase someone uses that data to put something they wish to bypass the firewall with. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Gregg C Levine on Tue, Jul 15, 2003 at 08:44:49AM -0400, we have: | Hello from Gregg C Levine | I think I am lost. Would one of you, or any of you, please elaborate? | I looked at the website. It seems to be an almost professional outfit, | which seems to think they need a registration to allow the interested | party to view what they are intending to do regarding the concepts. I | don't follow their line of reasoning. | ------------------- | Gregg C Levine hansolofalcon@worldnet.att.net | ------------------------------------------------------------ | "The Force will be with you...Always." Obi-Wan Kenobi | "Use the Force, Luke."  Obi-Wan Kenobi | (This company dedicates this E-Mail to General Obi-Wan Kenobi ) | (This company dedicates this E-Mail to Master Yoda ) | | | | > -----Original Message----- | > From: 6bone-admin@mailman.isi.edu | [mailto:6bone-admin@mailman.isi.edu] On | > Behalf Of Francis Dupont | > Sent: Tuesday, July 15, 2003 7:58 AM | > To: Hank Nussbacher | > Cc: first-teams@first.org; 6bone@ISI.EDU | > Subject: Re: [6bone] Headsup: Block messaging over IPv6 options | > | > In your previous mail you wrote: | > | > | http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22. | html | > | > => Oh! If we need another bigger covert channel I can propose the | > transport payload... Is the advisory a joke or someone announced | > the IPv6 support when he was at the bottom of the learning curve? | > | > Francis.Dupont@enst-bretagne.fr | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From rocheml@httrack.com Tue Jul 15 21:35:53 2003 From: rocheml@httrack.com (Xavier Roche) Date: Tue, 15 Jul 2003 22:35:53 +0200 Subject: [6bone] Headsup: Block messaging over IPv6 options In-Reply-To: <000d01c34aab$6dccb0a0$210d640a@unfix.org> References: <000d01c34aab$6dccb0a0$210d640a@unfix.org> Message-ID: <3F1465A9.1050109@httrack.com> Jeroen Massar wrote: > Better start checking the IP addresses too, because I could easily: Do you assume that we should filter /64 suffixes such as 3ffe:8114:2000:0240:cafe:babe:dead:beef to avoid java hackers ? :) > Think of the nice DNS tunnels :) Or even encoding data using latency between regular IP packets (>Nms = 1, If you really want to firewall your users: disconnect them. Agree - there is IMHO a confusion between security and the control of what kind of data can be transmitted - playing with IP packets and hiding data on them has nothing to do with security --- Xavier Roche roche at httrack dot com From Toomas.Soome@microlink.ee Wed Jul 16 16:07:28 2003 From: Toomas.Soome@microlink.ee (Toomas Soome) Date: Wed, 16 Jul 2003 18:07:28 +0300 Subject: [6bone] FW-1 & IPv6 gw with 6to4 tunnel Message-ID: <3F156A30.7010805@microlink.ee> hi! we are playing with latest fw-1 in solaris 8 box. we did manage to set up ip.tun interface for outgoing link, but now there appears 2 problems: 1. fw-1 seems to be unable to filter packets from ip.tun interface. I know fw-1 is currently unable to "see" inside of 6to4 tunnel, but this host is endpoint for this tunnel. ok. I can use ipfilter to filter this interface for workaround. 2. outgoing traffic is broken if initiated outside of this gateway. tcp session will be established but I will not get [almost] any data, but then again, session will be closed okay. we did test this with telnetting to remote host port 22 and 80, connection was established, I was able to see from remote host, it did send data, but local host didn't get any data, but it did get RST. outgoing connections initiated from fw host did behave ok, incoming connections from remote hosts were ok as well (from remote to fw and from remote to internal). any comments/ideas? anyone tested fw-1 in similar kind of solution? probably the workaround for second (and first) problem would be to terminate tunnel before fw-1 host and let fw-1 to handle only real interfaces, but this is not best solution in our case:( toomas From dan@reeder.name Wed Jul 23 03:19:26 2003 From: dan@reeder.name (Dan Reeder) Date: Wed, 23 Jul 2003 12:19:26 +1000 Subject: [6bone] v6 and ADSL Message-ID: <000c01c350c0$d7c63560$0200a8c0@dryad> This is a multi-part message in MIME format. ------=_NextPart_000_0009_01C35114.A86B83C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi guys Has anyone here offered native ipv6 connectivity over ADSL tails before? = If so, what kind of CPE equipment needs to be used? Understandably it = needs to support v6 native, but I have no idea what brands/models exist. Alternatively, if native v6 support is a bit of a hinderance, would 6in4 = tunnels be viable? If so, what would the client setup look like? thanks! Dan Reeder ------=_NextPart_000_0009_01C35114.A86B83C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi guys
 
Has anyone here offered native ipv6 = connectivity=20 over ADSL tails before? If so, what kind of CPE equipment needs to be = used?=20 Understandably it needs to support v6 native, but I have no idea what=20 brands/models exist.
 
Alternatively, if native v6 support is = a bit of a=20 hinderance, would 6in4 tunnels be viable? If so, what would the client = setup=20 look like?
 
thanks!
Dan=20 Reeder
------=_NextPart_000_0009_01C35114.A86B83C0-- From tcpdumb@it-bytes.org Wed Jul 23 04:55:46 2003 From: tcpdumb@it-bytes.org (tcpdumb) Date: Wed, 23 Jul 2003 05:55:46 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <000c01c350c0$d7c63560$0200a8c0@dryad> References: <000c01c350c0$d7c63560$0200a8c0@dryad> Message-ID: <20030723055546.11ae227a.tcpdumb@it-bytes.org> Hi there! I'm currently working on a "dialup6to4"-script which automatically assigns a 6to4 IPv6-Address to the tunnel-interface "sit1" and sets up a tunnel (sit0) to a gateway tunnel and will - in its beta-version - automatically update the /etc/radvd.conf if ist exists. The alpha is already working well but is still considered alpha, due to it's ugly code. As soon as I have rewritten it, I will publicise it. Regards, Lukas Th. Hey aka tcpdumb On Wed, 23 Jul 2003 12:19:26 +1000 "Dan Reeder" wrote: > Hi guys > > Has anyone here offered native ipv6 connectivity over ADSL tails before? If so, what kind of CPE equipment needs to be used? Understandably it needs to support v6 native, but I have no idea what brands/models exist. > > Alternatively, if native v6 support is a bit of a hinderance, would 6in4 tunnels be viable? If so, what would the client setup look like? > > thanks! > Dan Reeder From itojun@iijlab.net Wed Jul 23 05:02:44 2003 From: itojun@iijlab.net (itojun@iijlab.net) Date: Wed, 23 Jul 2003 13:02:44 +0900 Subject: [6bone] v6 and ADSL In-Reply-To: dan's message of Wed, 23 Jul 2003 12:19:26 +1000. <000c01c350c0$d7c63560$0200a8c0@dryad> Message-ID: <20030723040244.C07E613@coconut.itojun.org> >Has anyone here offered native ipv6 connectivity over ADSL tails before? >If so, what kind of CPE equipment needs to be used? Understandably it >needs to support v6 native, but I have no idea what brands/models exist. in japan there are multiple ISPs doing it (NTT.com and some others) dunno which equipment they are using. itojun From matt@mattb.net.nz Wed Jul 23 05:11:19 2003 From: matt@mattb.net.nz (Matt Brown) Date: Wed, 23 Jul 2003 16:11:19 +1200 (NZST) Subject: [6bone] v6 and ADSL In-Reply-To: <20030723055546.11ae227a.tcpdumb@it-bytes.org> Message-ID: You may want to look at http://www.wlug.org.nz/6to4 There are currently a few of us playing with 6to4 as there is no native v6 offering available in NZ yet. The page above contains instructions on how to setup 6to4 on a linux box and also some scripts to do what you were metioning below. Regards On Wed, 23 Jul 2003, tcpdumb wrote: > Hi there! > > I'm currently working on a "dialup6to4"-script which automatically assigns a 6to4 IPv6-Address to the tunnel-interface "sit1" and sets up a tunnel (sit0) to a gateway tunnel and will - in its beta-version - automatically update the /etc/radvd.conf if ist exists. The alpha is already working well but is still considered alpha, due to it's ugly code. As soon as I have rewritten it, I will publicise it. > Regards, > > Lukas Th. Hey aka tcpdumb > > On Wed, 23 Jul 2003 12:19:26 +1000 > "Dan Reeder" wrote: > > > Hi guys > > > > Has anyone here offered native ipv6 connectivity over ADSL tails before? If so, what kind of CPE equipment needs to be used? Understandably it needs to support v6 native, but I have no idea what brands/models exist. > > > > Alternatively, if native v6 support is a bit of a hinderance, would 6in4 tunnels be viable? If so, what would the client setup look like? > > > > thanks! > > Dan Reeder > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > > -- Matt Brown matt@mattb.net.nz From pekkas@netcore.fi Wed Jul 23 06:52:40 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Wed, 23 Jul 2003 08:52:40 +0300 (EEST) Subject: [6bone] v6 and ADSL In-Reply-To: <20030723055546.11ae227a.tcpdumb@it-bytes.org> Message-ID: On Wed, 23 Jul 2003, tcpdumb wrote: > I'm currently working on a "dialup6to4"-script which automatically > assigns a 6to4 IPv6-Address to the tunnel-interface "sit1" and sets up a > tunnel (sit0) to a gateway tunnel and will - in its beta-version - > automatically update the /etc/radvd.conf if ist exists. The alpha is > already working well but is still considered alpha, due to it's ugly > code. As soon as I have rewritten it, I will publicise it. Regards, Have you looked at Red Hat Linux initscripts? They have already been able to do this for at least a year now. > On Wed, 23 Jul 2003 12:19:26 +1000 > "Dan Reeder" wrote: > > > Hi guys > > > > Has anyone here offered native ipv6 connectivity over ADSL tails before? If so, what kind of CPE equipment needs to be used? Understandably it needs to support v6 native, but I have no idea what brands/models exist. > > > > Alternatively, if native v6 support is a bit of a hinderance, would 6in4 tunnels be viable? If so, what would the client setup look like? > > > > thanks! > > Dan Reeder > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From pekkas@netcore.fi Wed Jul 23 06:53:32 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Wed, 23 Jul 2003 08:53:32 +0300 (EEST) Subject: [6bone] v6 and ADSL In-Reply-To: <000c01c350c0$d7c63560$0200a8c0@dryad> Message-ID: On Wed, 23 Jul 2003, Dan Reeder wrote: > Has anyone here offered native ipv6 connectivity over ADSL tails before? > If so, what kind of CPE equipment needs to be used? Understandably it > needs to support v6 native, but I have no idea what brands/models exist. Bridged DSL requires nothing of CPE equipment. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From ipng@uni-muenster.de Wed Jul 23 07:42:18 2003 From: ipng@uni-muenster.de (Christian Strauf (JOIN)) Date: 23 Jul 2003 08:42:18 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <000c01c350c0$d7c63560$0200a8c0@dryad> References: <000c01c350c0$d7c63560$0200a8c0@dryad> Message-ID: <1058942538.7392.17.camel@kummerog.uni-muenster.de> Hi Dan, Am Mit, 2003-07-23 um 04.19 schrieb Dan Reeder: > Has anyone here offered native ipv6 connectivity over ADSL tails > before? If so, what kind of CPE equipment needs to be used? As for the CPE: there is no need for other equipment (different layer). > Alternatively, if native v6 support is a bit of a hinderance, would > 6in4 tunnels be viable? If so, what would the client setup look like? Another very good solution for your would be ISATAP but as with 6to4 you will need a server at the other end (though there should be some 6to4 servers available globally if I remember correctly). If you want to read more about ISATAP, have a look here: http://www.join.uni-muenster.de/Dokumente/Howtos/Howto_ISATAP.php?lang=en HTH, Christian -- JOIN - IP Version 6 in the WiN Christian Strauf A DFN project Westfälische Wilhelms-Universität Münster http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung Team: join@uni-muenster.de Röntgenstrasse 9-13 Priv: strauf@uni-muenster.de D-48149 Münster / Germany GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 From gert@space.net Wed Jul 23 08:56:12 2003 From: gert@space.net (Gert Doering) Date: Wed, 23 Jul 2003 09:56:12 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <000c01c350c0$d7c63560$0200a8c0@dryad>; from dan@reeder.name on Wed, Jul 23, 2003 at 12:19:26PM +1000 References: <000c01c350c0$d7c63560$0200a8c0@dryad> Message-ID: <20030723095612.C67740@Space.Net> hi, On Wed, Jul 23, 2003 at 12:19:26PM +1000, Dan Reeder wrote: > Has anyone here offered native ipv6 connectivity over ADSL tails before? Yes, we do that. > If so, what kind of CPE equipment needs to be used? Understandably it > needs to support v6 native, but I have no idea what brands/models exist. For "boxed products", all we have seen so far is Cisco. If you don't want that, you can use a ADSL-to-Ethernet modem (like the ones Deutsche Telekom is shipping) and use Linux or *BSD with their PPPoE client, which is fully IPv6 capable. A number of our customers use that. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55442 (55636) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From nir.arad@il.marvell.com Wed Jul 23 10:06:43 2003 From: nir.arad@il.marvell.com (Nir Arad) Date: Wed, 23 Jul 2003 11:06:43 +0200 Subject: [6bone] v6 and ADSL References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> Message-ID: <009c01c350f9$bc5ebcf0$5801040a@lt38> Hi Christian, If I understand ISATAP correctly, you need a globally unique /64 prefix. I assume Dan does not have one, and would want to rely on his (globally unique, dynamically assigned) IPv4 address. This IPv4 address can be used to form a 6to4 address, and connect to a 6to4 relay. Now, assuming again, that Dan does not have a home network with private addresses behind his ADSL modem (but only one host), and since he needs 6to4 anyway, what would be the reasoning in using ISATAP in such configuration? Of course, if those assumptions don't hold, I do see the point in ISATAP, but I am curious if there is a scenario I'm missing under the above assumptions. Regards, -- Nir Arad ----- Original Message ----- From: "Christian Strauf (JOIN)" To: "Dan Reeder" Cc: <6bone@ISI.EDU> Sent: Wednesday, July 23, 2003 8:42 AM Subject: Re: [6bone] v6 and ADSL > Hi Dan, > > Am Mit, 2003-07-23 um 04.19 schrieb Dan Reeder: > > Has anyone here offered native ipv6 connectivity over ADSL tails > > before? If so, what kind of CPE equipment needs to be used? > As for the CPE: there is no need for other equipment (different layer). > > > Alternatively, if native v6 support is a bit of a hinderance, would > > 6in4 tunnels be viable? If so, what would the client setup look like? > Another very good solution for your would be ISATAP but as with 6to4 you > will need a server at the other end (though there should be some 6to4 > servers available globally if I remember correctly). If you want to read > more about ISATAP, have a look here: > > http://www.join.uni-muenster.de/Dokumente/Howtos/Howto_ISATAP.php?lang=en > > HTH, > Christian > > -- > JOIN - IP Version 6 in the WiN Christian Strauf > A DFN project Westfälische Wilhelms-Universität Münster > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung > Team: join@uni-muenster.de Röntgenstrasse 9-13 > Priv: strauf@uni-muenster.de D-48149 Münster / Germany > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > > > From ipng@uni-muenster.de Wed Jul 23 10:11:26 2003 From: ipng@uni-muenster.de (Christian Strauf (JOIN)) Date: 23 Jul 2003 11:11:26 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <009c01c350f9$bc5ebcf0$5801040a@lt38> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> Message-ID: <1058951486.7391.56.camel@kummerog.uni-muenster.de> Hi Nir, Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > If I understand ISATAP correctly, you need a globally unique /64 prefix. > I assume Dan does not have one, and would want to rely on his (globally unique, dynamically assigned) IPv4 address. > This IPv4 address can be used to form a 6to4 address, and connect to a 6to4 relay. You need this /64 prefix for the server (not for the client) which then assigns IP-addresses to ISATAP clients within this prefix. So in a way, if Dan has access to an ISATAP-server, this would solve his problem. It's probably not as easy a solution as 6to4 but I wanted to point out this option. But it's incorrect that Dan himself needs his own /64 prefix. A provider or other entity that runs the ISATAP-server needs a prefix. > Now, assuming again, that Dan does not have a home network with private addresses behind his ADSL modem (but only one > host), and since he needs 6to4 anyway, what would be the reasoning in using ISATAP in such configuration? See above: the primary function of ISATAP is to connect one client, not a whole net. Basically: ISATAP integrates single clients into a site that has a certain prefix and advertises this prefix to connected clients. Cheers, Christian -- JOIN - IP Version 6 in the WiN Christian Strauf A DFN project Westfälische Wilhelms-Universität Münster http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung Team: join@uni-muenster.de Röntgenstrasse 9-13 Priv: strauf@uni-muenster.de D-48149 Münster / Germany GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 From nir.arad@il.marvell.com Wed Jul 23 11:50:01 2003 From: nir.arad@il.marvell.com (Nir Arad) Date: Wed, 23 Jul 2003 12:50:01 +0200 Subject: [6bone] v6 and ADSL References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> Message-ID: <00dc01c35108$2ad116c0$5801040a@lt38> Thanks for the clarification! -- Nir Arad ----- Original Message ----- From: "Christian Strauf (JOIN)" To: "Nir Arad" Cc: <6bone@ISI.EDU> Sent: Wednesday, July 23, 2003 11:11 AM Subject: Re: [6bone] v6 and ADSL > Hi Nir, > > Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > > If I understand ISATAP correctly, you need a globally unique /64 prefix. > > I assume Dan does not have one, and would want to rely on his (globally unique, dynamically assigned) IPv4 address. > > This IPv4 address can be used to form a 6to4 address, and connect to a 6to4 relay. > You need this /64 prefix for the server (not for the client) which then > assigns IP-addresses to ISATAP clients within this prefix. So in a way, > if Dan has access to an ISATAP-server, this would solve his problem. > It's probably not as easy a solution as 6to4 but I wanted to point out > this option. But it's incorrect that Dan himself needs his own /64 > prefix. A provider or other entity that runs the ISATAP-server needs a > prefix. > > > Now, assuming again, that Dan does not have a home network with private addresses behind his ADSL modem (but only one > > host), and since he needs 6to4 anyway, what would be the reasoning in using ISATAP in such configuration? > See above: the primary function of ISATAP is to connect one client, not > a whole net. Basically: ISATAP integrates single clients into a site > that has a certain prefix and advertises this prefix to connected > clients. > > Cheers, > Christian > > -- > JOIN - IP Version 6 in the WiN Christian Strauf > A DFN project Westfälische Wilhelms-Universität Münster > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung > Team: join@uni-muenster.de Röntgenstrasse 9-13 > Priv: strauf@uni-muenster.de D-48149 Münster / Germany > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 > > From dan@reeder.name Wed Jul 23 14:30:00 2003 From: dan@reeder.name (Dan Reeder) Date: Wed, 23 Jul 2003 23:30:00 +1000 Subject: [6bone] v6 and ADSL References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> Message-ID: <003401c3511e$88848200$0200a8c0@dryad> Firstly, thanks to everyone for your speedy comments. I guess I should clarify what I'm wanting to do. I'm planning on obtaining a /48 from a Tier1 isp here in Australia, then divde that both into point to point links for our client's dsl tails, and /64 or /80 allocations for the clients own internal use. I know the cisco 827 would be fairly ideal to use as far as native connectivity goes, but it is fairly expensive when compared with other broadband routers on the market that small to medium sized businesses would use. Also, I'm not too sure what IOS it would need, and if thats commercially available. Anyone know of more affordable equivilants? The alternative is to run some sort of 6-in-4 tunnelling... again, having a supportable CPE solution would be best... I've even tossed up the idea of setting cheap/small intel box running linux of some sort... :-\ but the more professional the better. any thoughts? Dan ----- Original Message ----- From: "Christian Strauf (JOIN)" To: "Nir Arad" Cc: <6bone@ISI.EDU> Sent: Wednesday, July 23, 2003 7:11 PM Subject: Re: [6bone] v6 and ADSL > Hi Nir, > > Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > > If I understand ISATAP correctly, you need a globally unique /64 prefix. > > I assume Dan does not have one, and would want to rely on his (globally unique, dynamically assigned) IPv4 address. > > This IPv4 address can be used to form a 6to4 address, and connect to a 6to4 relay. > You need this /64 prefix for the server (not for the client) which then > assigns IP-addresses to ISATAP clients within this prefix. So in a way, > if Dan has access to an ISATAP-server, this would solve his problem. > It's probably not as easy a solution as 6to4 but I wanted to point out > this option. But it's incorrect that Dan himself needs his own /64 > prefix. A provider or other entity that runs the ISATAP-server needs a > prefix. > > > Now, assuming again, that Dan does not have a home network with private addresses behind his ADSL modem (but only one > > host), and since he needs 6to4 anyway, what would be the reasoning in using ISATAP in such configuration? > See above: the primary function of ISATAP is to connect one client, not > a whole net. Basically: ISATAP integrates single clients into a site > that has a certain prefix and advertises this prefix to connected > clients. > > Cheers, > Christian > > -- > JOIN - IP Version 6 in the WiN Christian Strauf > A DFN project Westfälische Wilhelms-Universität Münster > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung > Team: join@uni-muenster.de Röntgenstrasse 9-13 > Priv: strauf@uni-muenster.de D-48149 Münster / Germany > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From jeanthery@olympus-zone.net Wed Jul 23 14:30:41 2003 From: jeanthery@olympus-zone.net (=?Windows-1252?Q?Jean_Th=E9ry?=) Date: Wed, 23 Jul 2003 15:30:41 +0200 Subject: [6bone] v6 and ADSL References: <20030723040244.C07E613@coconut.itojun.org> Message-ID: <001b01c3511e$9d3dfd20$0202010a@teraii> Wednesday, July 23, 2003 6:02 AM [GMT+1=CET], itojun@iijlab.net à écrit : >> Has anyone here offered native ipv6 connectivity over ADSL tails >> before? If so, what kind of CPE equipment needs to be used? >> Understandably it needs to support v6 native, but I have no idea >> what brands/models exist. > > in japan there are multiple ISPs doing it (NTT.com and some others) > dunno which equipment they are using. > > itojun In france Nerim doing it with cisco (IOS 12.2(t) and higher) Cordialy, Jean Théry From JORDI PALET MARTINEZ" <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <003401c3511e$88848200$0200a8c0@dryad> Message-ID: <007b01c35120$6425d470$870a0a0a@consulintel.es> /80 ???? The minimum allocation is /64, I believe. Regards, Jordi ----- Original Message ----- From: "Dan Reeder" To: "Christian Strauf (JOIN)" ; "Nir Arad" Cc: <6bone@ISI.EDU> Sent: Wednesday, July 23, 2003 3:30 PM Subject: Re: [6bone] v6 and ADSL > Firstly, thanks to everyone for your speedy comments. > > I guess I should clarify what I'm wanting to do. I'm planning on obtaining a > /48 from a Tier1 isp here in Australia, then divde that both into point to > point links for our client's dsl tails, and /64 or /80 allocations for the > clients own internal use. > I know the cisco 827 would be fairly ideal to use as far as native > connectivity goes, but it is fairly expensive when compared with other > broadband routers on the market that small to medium sized businesses would > use. Also, I'm not too sure what IOS it would need, and if thats > commercially available. Anyone know of more affordable equivilants? > > The alternative is to run some sort of 6-in-4 tunnelling... again, having a > supportable CPE solution would be best... I've even tossed up the idea of > setting cheap/small intel box running linux of some sort... :-\ but the more > professional the better. > > any thoughts? > Dan > > ----- Original Message ----- > From: "Christian Strauf (JOIN)" > To: "Nir Arad" > Cc: <6bone@ISI.EDU> > Sent: Wednesday, July 23, 2003 7:11 PM > Subject: Re: [6bone] v6 and ADSL > > > > Hi Nir, > > > > Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > > > If I understand ISATAP correctly, you need a globally unique /64 prefix. > > > I assume Dan does not have one, and would want to rely on his (globally > unique, dynamically assigned) IPv4 address. > > > This IPv4 address can be used to form a 6to4 address, and connect to a > 6to4 relay. > > You need this /64 prefix for the server (not for the client) which then > > assigns IP-addresses to ISATAP clients within this prefix. So in a way, > > if Dan has access to an ISATAP-server, this would solve his problem. > > It's probably not as easy a solution as 6to4 but I wanted to point out > > this option. But it's incorrect that Dan himself needs his own /64 > > prefix. A provider or other entity that runs the ISATAP-server needs a > > prefix. > > > > > Now, assuming again, that Dan does not have a home network with private > addresses behind his ADSL modem (but only one > > > host), and since he needs 6to4 anyway, what would be the reasoning in > using ISATAP in such configuration? > > See above: the primary function of ISATAP is to connect one client, not > > a whole net. Basically: ISATAP integrates single clients into a site > > that has a certain prefix and advertises this prefix to connected > > clients. > > > > Cheers, > > Christian > > > > -- > > JOIN - IP Version 6 in the WiN Christian Strauf > > A DFN project Westfälische Wilhelms-Universität Münster > > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung > > Team: join@uni-muenster.de Röntgenstrasse 9-13 > > Priv: strauf@uni-muenster.de D-48149 Münster / Germany > > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 > 31653 > > > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > ***************************** Madrid 2003 Global IPv6 Summit Presentations and videos on-line at: http://www.ipv6-es.com From todd@fries.net Wed Jul 23 14:44:57 2003 From: todd@fries.net (Todd T. Fries) Date: Wed, 23 Jul 2003 08:44:57 -0500 Subject: [6bone] v6 and ADSL In-Reply-To: <003401c3511e$88848200$0200a8c0@dryad> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <003401c3511e$88848200$0200a8c0@dryad> Message-ID: <20030723134457.GA1612@fries.net> Are you an isp like entity? Sounds like it. Do you have 200 customers (or plan on having such in 2 years?) possibly. You should consider getting your own allocation of a /48. Allocating /80's to clients is _not_ recommended. It breaks the spirit of IPv6 allocation. Using point-to-point IP's is not strictly necessary with most IPv6 implementations, so long as there is a global ip on either end. But you can easily do the point-to-ponit IP's in one /64 and then allocate /48's to each customer if you have your own /32. Again, allocating /80's is not what I would recommend. I'm prep'ing to upgrade a cisco to v6 capable ios, at which time I'll be able to serve myself and others native v6 over adsl, no 6to4 involved. In the future, there will be a /32 allocated, and assigning /48's to customers will be easy. Getting them to use them is the hard part *grin* but I expect a few will want to use them, including myself. I'll help my provider be the only isp in the city that will provide native IPv6, which I hope will benifit them more than I or they realize *grin*. Anybody in the OKC area ready for native IPv6 over adsl in the next 6 months? -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) Penned by Dan Reeder on Wed, Jul 23, 2003 at 11:30:00PM +1000, we have: | Firstly, thanks to everyone for your speedy comments. | | I guess I should clarify what I'm wanting to do. I'm planning on obtaining a | /48 from a Tier1 isp here in Australia, then divde that both into point to | point links for our client's dsl tails, and /64 or /80 allocations for the | clients own internal use. | I know the cisco 827 would be fairly ideal to use as far as native | connectivity goes, but it is fairly expensive when compared with other | broadband routers on the market that small to medium sized businesses would | use. Also, I'm not too sure what IOS it would need, and if thats | commercially available. Anyone know of more affordable equivilants? | | The alternative is to run some sort of 6-in-4 tunnelling... again, having a | supportable CPE solution would be best... I've even tossed up the idea of | setting cheap/small intel box running linux of some sort... :-\ but the more | professional the better. | | any thoughts? | Dan | | ----- Original Message ----- | From: "Christian Strauf (JOIN)" | To: "Nir Arad" | Cc: <6bone@ISI.EDU> | Sent: Wednesday, July 23, 2003 7:11 PM | Subject: Re: [6bone] v6 and ADSL | | | > Hi Nir, | > | > Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: | > > If I understand ISATAP correctly, you need a globally unique /64 prefix. | > > I assume Dan does not have one, and would want to rely on his (globally | unique, dynamically assigned) IPv4 address. | > > This IPv4 address can be used to form a 6to4 address, and connect to a | 6to4 relay. | > You need this /64 prefix for the server (not for the client) which then | > assigns IP-addresses to ISATAP clients within this prefix. So in a way, | > if Dan has access to an ISATAP-server, this would solve his problem. | > It's probably not as easy a solution as 6to4 but I wanted to point out | > this option. But it's incorrect that Dan himself needs his own /64 | > prefix. A provider or other entity that runs the ISATAP-server needs a | > prefix. | > | > > Now, assuming again, that Dan does not have a home network with private | addresses behind his ADSL modem (but only one | > > host), and since he needs 6to4 anyway, what would be the reasoning in | using ISATAP in such configuration? | > See above: the primary function of ISATAP is to connect one client, not | > a whole net. Basically: ISATAP integrates single clients into a site | > that has a certain prefix and advertises this prefix to connected | > clients. | > | > Cheers, | > Christian | > | > -- | > JOIN - IP Version 6 in the WiN Christian Strauf | > A DFN project Westfälische Wilhelms-Universität Münster | > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung | > Team: join@uni-muenster.de Röntgenstrasse 9-13 | > Priv: strauf@uni-muenster.de D-48149 Münster / Germany | > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 | 31653 | > | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | > | | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone From robson.oliveira@ipv6dobrasil.com.br Wed Jul 23 14:44:03 2003 From: robson.oliveira@ipv6dobrasil.com.br (Robson Oliveira) Date: Wed, 23 Jul 2003 10:44:03 -0300 Subject: [6bone] v6 and ADSL In-Reply-To: <00dc01c35108$2ad116c0$5801040a@lt38> Message-ID: Hi Nir, the TSP mechanism can help you to get an IPv6 address. http://www.freenet6.net cheers, Robson -----Original Message----- From: 6bone-admin@mailman.isi.edu [mailto:6bone-admin@mailman.isi.edu]On Behalf Of Nir Arad Sent: Wednesday, July 23, 2003 7:50 AM To: Christian Strauf (JOIN) Cc: 6bone@ISI.EDU Subject: Re: [6bone] v6 and ADSL Thanks for the clarification! -- Nir Arad ----- Original Message ----- From: "Christian Strauf (JOIN)" To: "Nir Arad" Cc: <6bone@ISI.EDU> Sent: Wednesday, July 23, 2003 11:11 AM Subject: Re: [6bone] v6 and ADSL > Hi Nir, > > Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > > If I understand ISATAP correctly, you need a globally unique /64 prefix. > > I assume Dan does not have one, and would want to rely on his (globally unique, dynamically assigned) IPv4 address. > > This IPv4 address can be used to form a 6to4 address, and connect to a 6to4 relay. > You need this /64 prefix for the server (not for the client) which then > assigns IP-addresses to ISATAP clients within this prefix. So in a way, > if Dan has access to an ISATAP-server, this would solve his problem. > It's probably not as easy a solution as 6to4 but I wanted to point out > this option. But it's incorrect that Dan himself needs his own /64 > prefix. A provider or other entity that runs the ISATAP-server needs a > prefix. > > > Now, assuming again, that Dan does not have a home network with private addresses behind his ADSL modem (but only one > > host), and since he needs 6to4 anyway, what would be the reasoning in using ISATAP in such configuration? > See above: the primary function of ISATAP is to connect one client, not > a whole net. Basically: ISATAP integrates single clients into a site > that has a certain prefix and advertises this prefix to connected > clients. > > Cheers, > Christian > > -- > JOIN - IP Version 6 in the WiN Christian Strauf > A DFN project Westfälische Wilhelms-Universität Münster > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung > Team: join@uni-muenster.de Röntgenstrasse 9-13 > Priv: strauf@uni-muenster.de D-48149 Münster / Germany > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 > > _______________________________________________ 6bone mailing list 6bone@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/6bone From ipng@uni-muenster.de Wed Jul 23 14:53:14 2003 From: ipng@uni-muenster.de (Christian Strauf (JOIN)) Date: 23 Jul 2003 15:53:14 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <003401c3511e$88848200$0200a8c0@dryad> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <003401c3511e$88848200$0200a8c0@dryad> Message-ID: <1058968394.7391.108.camel@kummerog.uni-muenster.de> Hi Dan, Am Mit, 2003-07-23 um 15.30 schrieb Dan Reeder: > I guess I should clarify what I'm wanting to do. I'm planning on obtaining a > /48 from a Tier1 isp here in Australia, then divde that both into point to > point links for our client's dsl tails, and /64 or /80 allocations for the > clients own internal use. Ok. > The alternative is to run some sort of 6-in-4 tunnelling... again, having a > supportable CPE solution would be best... I've even tossed up the idea of > setting cheap/small intel box running linux of some sort... :-\ but the more > professional the better. What you should definitely go for is the 6in4-solution in my eyes, assuming that your customers get fixed IPv4-addresses (or are you striving for an IPv6-only solution?). This would be easiest. Unfortunately I'm not aware of any cheap solutions for your problems apart from a Linux box. Christian -- JOIN - IP Version 6 in the WiN Christian Strauf A DFN project Westfälische Wilhelms-Universität Münster http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung Team: join@uni-muenster.de Röntgenstrasse 9-13 Priv: strauf@uni-muenster.de D-48149 Münster / Germany GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 31653 From todd@fries.net Wed Jul 23 15:12:53 2003 From: todd@fries.net (Todd T. Fries) Date: Wed, 23 Jul 2003 09:12:53 -0500 Subject: [6bone] v6 and ADSL In-Reply-To: <20030723134457.GA1612@fries.net> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <003401c3511e$88848200$0200a8c0@dryad> <20030723134457.GA1612@fries.net> Message-ID: <20030723141252.GB1612@fries.net> Erm, I meant /32 here: Penned by Todd T. Fries on Wed, Jul 23, 2003 at 08:44:57AM -0500, we have: [..] | You should consider getting your own allocation of a /48. [..] -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From jochen@scram.de Wed Jul 23 15:42:04 2003 From: jochen@scram.de (Jochen Friedrich) Date: Wed, 23 Jul 2003 16:42:04 +0200 (CEST) Subject: [6bone] v6 and ADSL In-Reply-To: <003401c3511e$88848200$0200a8c0@dryad> Message-ID: Hi Dan, > I guess I should clarify what I'm wanting to do. I'm planning on obtaining a > /48 from a Tier1 isp here in Australia, then divde that both into point to > point links for our client's dsl tails, and /64 or /80 allocations for the > clients own internal use. That's what we currently do here at scram (with the exception that we assign one or more /64 to our members, which are the "clients" in our case) ;-). This is currently running on a Linux box with sitX interfaces. The clients with dynamic IPv4 addresses have a script similar to a DynDNS script which updates the tunnel endpoint with the new IPv4 address. One thing to take care about is to set the correct MTU for the tunnel interface. Most DSL providers just drop big packets without replying with an ICMP error message, so if you use the standard MTU, the tunnel will turn into a black hole for your DSL customers. --jochen From matthew.ford@bt.com Wed Jul 23 16:11:37 2003 From: matthew.ford@bt.com (matthew.ford@bt.com) Date: Wed, 23 Jul 2003 16:11:37 +0100 Subject: [6bone] v6 and ADSL Message-ID: > -----Original Message----- > From: Todd T. Fries [mailto:todd@fries.net] > Sent: 23 July 2003 14:45 > Are you an isp like entity? Sounds like it. Do you have 200 > customers (or > plan on having such in 2 years?) possibly. > > You should consider getting your own allocation of a /48. You mean /32. Mat. From tjc@ecs.soton.ac.uk Wed Jul 23 16:37:10 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Wed, 23 Jul 2003 16:37:10 +0100 Subject: [6bone] v6 and ADSL In-Reply-To: <20030723134457.GA1612@fries.net> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <003401c3511e$88848200$0200a8c0@dryad> <20030723134457.GA1612@fries.net> Message-ID: <20030723153710.GM19588@login.ecs.soton.ac.uk> On Wed, Jul 23, 2003 at 08:44:57AM -0500, Todd T. Fries wrote: > Are you an isp like entity? Sounds like it. Do you have 200 customers (or > plan on having such in 2 years?) possibly. > > You should consider getting your own allocation of a /48. I guess you mean a /32 :) > Allocating /80's to clients is _not_ recommended. It breaks the spirit of > IPv6 allocation. Using point-to-point IP's is not strictly necessary with And breaks stateless autoconfiguration completely. > most IPv6 implementations, so long as there is a global ip on either end. > But you can easily do the point-to-ponit IP's in one /64 and then allocate > /48's to each customer if you have your own /32. > > Again, allocating /80's is not what I would recommend. > > I'm prep'ing to upgrade a cisco to v6 capable ios, at which time I'll be able > to serve myself and others native v6 over adsl, no 6to4 involved. In the > future, there will be a /32 allocated, and assigning /48's to customers will > be easy. Getting them to use them is the hard part *grin* but I expect a few > will want to use them, including myself. I'll help my provider be the only > isp in the city that will provide native IPv6, which I hope will benifit them > more than I or they realize *grin*. > > Anybody in the OKC area ready for native IPv6 over adsl in the next 6 months? I guess OKC isn't in England? ;-) > -- > Todd Fries .. todd@fries.net > > > Free Daemon Consulting, LLC Land: 405-748-4596 > http://FreeDaemonConsulting.com Mobile: 405-203-6124 > "..in support of free software solutions." > > Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A > Key: http://todd.fries.net/pgp.txt > > (last updated 2003/03/13 07:14:10) > > Penned by Dan Reeder on Wed, Jul 23, 2003 at 11:30:00PM +1000, we have: > | Firstly, thanks to everyone for your speedy comments. > | > | I guess I should clarify what I'm wanting to do. I'm planning on obtaining a > | /48 from a Tier1 isp here in Australia, then divde that both into point to > | point links for our client's dsl tails, and /64 or /80 allocations for the > | clients own internal use. > | I know the cisco 827 would be fairly ideal to use as far as native > | connectivity goes, but it is fairly expensive when compared with other > | broadband routers on the market that small to medium sized businesses would > | use. Also, I'm not too sure what IOS it would need, and if thats > | commercially available. Anyone know of more affordable equivilants? > | > | The alternative is to run some sort of 6-in-4 tunnelling... again, having a > | supportable CPE solution would be best... I've even tossed up the idea of > | setting cheap/small intel box running linux of some sort... :-\ but the more > | professional the better. > | > | any thoughts? > | Dan > | > | ----- Original Message ----- > | From: "Christian Strauf (JOIN)" > | To: "Nir Arad" > | Cc: <6bone@ISI.EDU> > | Sent: Wednesday, July 23, 2003 7:11 PM > | Subject: Re: [6bone] v6 and ADSL > | > | > | > Hi Nir, > | > > | > Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > | > > If I understand ISATAP correctly, you need a globally unique /64 prefix. > | > > I assume Dan does not have one, and would want to rely on his (globally > | unique, dynamically assigned) IPv4 address. > | > > This IPv4 address can be used to form a 6to4 address, and connect to a > | 6to4 relay. > | > You need this /64 prefix for the server (not for the client) which then > | > assigns IP-addresses to ISATAP clients within this prefix. So in a way, > | > if Dan has access to an ISATAP-server, this would solve his problem. > | > It's probably not as easy a solution as 6to4 but I wanted to point out > | > this option. But it's incorrect that Dan himself needs his own /64 > | > prefix. A provider or other entity that runs the ISATAP-server needs a > | > prefix. > | > > | > > Now, assuming again, that Dan does not have a home network with private > | addresses behind his ADSL modem (but only one > | > > host), and since he needs 6to4 anyway, what would be the reasoning in > | using ISATAP in such configuration? > | > See above: the primary function of ISATAP is to connect one client, not > | > a whole net. Basically: ISATAP integrates single clients into a site > | > that has a certain prefix and advertises this prefix to connected > | > clients. > | > > | > Cheers, > | > Christian > | > > | > -- > | > JOIN - IP Version 6 in the WiN Christian Strauf > | > A DFN project Westfälische Wilhelms-Universität Münster > | > http://www.join.uni-muenster.de Zentrum für Informationsverarbeitung > | > Team: join@uni-muenster.de Röntgenstrasse 9-13 > | > Priv: strauf@uni-muenster.de D-48149 Münster / Germany > | > GPG-/PGP-Key-ID: 1DFAAA9A Fon: +49 251 83 31639, Fax: +49 251 83 > | 31653 > | > > | > _______________________________________________ > | > 6bone mailing list > | > 6bone@mailman.isi.edu > | > http://mailman.isi.edu/mailman/listinfo/6bone > | > > | > | > | _______________________________________________ > | 6bone mailing list > | 6bone@mailman.isi.edu > | http://mailman.isi.edu/mailman/listinfo/6bone > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From todd@fries.net Wed Jul 23 16:37:30 2003 From: todd@fries.net (Todd T. Fries) Date: Wed, 23 Jul 2003 10:37:30 -0500 Subject: [6bone] v6 and ADSL In-Reply-To: <20030723153710.GM19588@login.ecs.soton.ac.uk> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <003401c3511e$88848200$0200a8c0@dryad> <20030723134457.GA1612@fries.net> <20030723153710.GM19588@login.ecs.soton.ac.uk> Message-ID: <20030723153730.GG25748@fries.net> Penned by Tim Chown on Wed, Jul 23, 2003 at 04:37:10PM +0100, we have: | On Wed, Jul 23, 2003 at 08:44:57AM -0500, Todd T. Fries wrote: [..] | > Anybody in the OKC area ready for native IPv6 over adsl in the next 6 months? | | I guess OKC isn't in England? ;-) [..] I get onto my wife for doing the above and there I go doing it... OKC is Oklahoma City, Oklahoma, USA. Sorry for any confusion. -- Todd Fries .. todd@fries.net Free Daemon Consulting, LLC Land: 405-748-4596 http://FreeDaemonConsulting.com Mobile: 405-203-6124 "..in support of free software solutions." Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A Key: http://todd.fries.net/pgp.txt (last updated 2003/03/13 07:14:10) From ftemplin@IPRG.nokia.com Wed Jul 23 18:16:13 2003 From: ftemplin@IPRG.nokia.com (Fred Templin) Date: Wed, 23 Jul 2003 10:16:13 -0700 Subject: [6bone] v6 and ADSL References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> Message-ID: <3F1EC2DD.5070404@iprg.nokia.com> I've been trying to get the word out on this, but perhaps it needs to be mentioned again. ISATAP can be used to connect a whole net; not just a single client as claimed below. For example, a residential gateway can configure an ISATAP client interface on it's link to the ISP and an ISATAP routing interface (and/or a native IPv6 routing interface) on it's link to the home network. The home network can have arbitrarily many clients; not just a single client. The only other requirement in this case is that the residential gateway procure a prefix delegation for advertisement on the home network. The delegation could come from the ISP (e.g., through DHCPv6 prefix delegation) or through some fictitious provider-independent addressing scheme. Fred Templin ftemplin@iprg.nokia.com Christian Strauf (JOIN) wrote: >Hi Nir, > >Am Mit, 2003-07-23 um 11.06 schrieb Nir Arad: > > >>If I understand ISATAP correctly, you need a globally unique /64 prefix. >>I assume Dan does not have one, and would want to rely on his (globally unique, dynamically assigned) IPv4 address. >>This IPv4 address can be used to form a 6to4 address, and connect to a 6to4 relay. >> >> >You need this /64 prefix for the server (not for the client) which then >assigns IP-addresses to ISATAP clients within this prefix. So in a way, >if Dan has access to an ISATAP-server, this would solve his problem. >It's probably not as easy a solution as 6to4 but I wanted to point out >this option. But it's incorrect that Dan himself needs his own /64 >prefix. A provider or other entity that runs the ISATAP-server needs a >prefix. > > > >>Now, assuming again, that Dan does not have a home network with private addresses behind his ADSL modem (but only one >>host), and since he needs 6to4 anyway, what would be the reasoning in using ISATAP in such configuration? >> >> >See above: the primary function of ISATAP is to connect one client, not >a whole net. Basically: ISATAP integrates single clients into a site >that has a certain prefix and advertises this prefix to connected >clients. > >Cheers, >Christian > > > From join@uni-muenster.de Thu Jul 24 07:59:53 2003 From: join@uni-muenster.de (Tina Strauf (JOIN Projekt Team)) Date: 24 Jul 2003 08:59:53 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <3F1EC2DD.5070404@iprg.nokia.com> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <3F1EC2DD.5070404@iprg.nokia.com> Message-ID: <1059029992.28374.27.camel@thora.uni-muenster.de> Of course, what you say is true. Once you have an IPv6 connection to one client whithin your net either natively, by ISATAP, normal configured IPv6-in-IPv4-tunnel or 6to4 you can do with that whatever you want and even get (another) prefix routed through it for addressing the rest of the machines in the network. The original ISATAP client would then have to be configured as IPv6 default gateway for the rest of the hosts etc. But afaik ISATAP was not especially designed for that purpose or otherwise it would have included a (global) prefix being delegated/assigned to the client as is the case with 6to4. Your idea might also a bit hard to do or at least requires some additional scripting, at least if the client on the dialed-in part of the net obtains a different IPv4-address every time. You might have to set up the static route for the prefix on each dial-up anew. Cheers, Tina Strauf Am Mit, 2003-07-23 um 19.16 schrieb Fred Templin: > I've been trying to get the word out on this, but perhaps it needs to be > mentioned again. ISATAP can be used to connect a whole net; not just > a single client as claimed below. For example, a residential gateway > can configure an ISATAP client interface on it's link to the ISP and an > ISATAP routing interface (and/or a native IPv6 routing interface) on > it's link to the home network. The home network can have arbitrarily > many clients; not just a single client. > > The only other requirement in this case is that the residential gateway > procure a prefix delegation for advertisement on the home network. > The delegation could come from the ISP (e.g., through DHCPv6 > prefix delegation) or through some fictitious provider-independent > addressing scheme. -- ---------------------------------------------------------------------------- JOIN - IP Version 6 in the WiN Tina Strauf A DFN project Westfaelische Wilhelms-Universitaet Muenster http://www.join.uni-muenster.de Zentrum fuer Informationsverarbeitung Team: join@uni-muenster.de Roentgenstrasse 9-13 Priv: tstrauf@uni-muenster.de D-48149 Muenster / Germany GPG-/PGP-Key-ID: 923F61D0 Fon: +49 251 83 31833, Fax: +49 251 83 31653 From ipng@uni-muenster.de Thu Jul 24 08:59:18 2003 From: ipng@uni-muenster.de (Christian Schild) Date: 24 Jul 2003 09:59:18 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <3F1EC2DD.5070404@iprg.nokia.com> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <3F1EC2DD.5070404@iprg.nokia.com> Message-ID: <1059033558.3052.74.camel@lemy.ipv6.uni-muenster.de> Hi Fred, Am Mit, 2003-07-23 um 19.16 schrieb Fred Templin: > I've been trying to get the word out on this, but perhaps it needs to be > mentioned again. ISATAP can be used to connect a whole net; not just > a single client as claimed below. For example, a residential gateway > can configure an ISATAP client interface on it's link to the ISP and an > ISATAP routing interface (and/or a native IPv6 routing interface) on > it's link to the home network. The home network can have arbitrarily > many clients; not just a single client. I am not sure, if I understood your scenario correctly, because the way you described it here, it may not be possible to configure a residential site. If the residential gateway is configured as a ISATAP client, with a connection to an ISATAP server in the ISPs environment, the residential gateway will only receive a single /128 IP. In the absence of a global aggregatable /64 prefix it can not act as an ISATAP server for internal connectivity. > The only other requirement in this case is that the residential gateway > procure a prefix delegation for advertisement on the home network. Thats the point, so it's kind of conflictive to what you said above. > The delegation could come from the ISP (e.g., through DHCPv6 > prefix delegation) Right. You need such a delegation. > or through some fictitious provider-independent addressing scheme. This will not work resp. be pretty useless, as this fictitious prefix will not be routed outside your residential site, and the internal hosts couldn't reach anything external. So long, Christian -- JOIN - IP Version 6 in the WiN Christian Schild A DFN project Westfaelische Wilhelms-Universitaet Muenster http://www.join.uni-muenster.de Zentrum fuer Informationsverarbeitung Team: join@uni-muenster.de Roentgenstrasse 9-13 Priv: schild@uni-muenster.de D-48149 Muenster / Germany GPG-/PGP-Key-ID: 6EBFA081 Fon: +49 251 83 31638, fax: +49 251 83 31653 From ipng@uni-muenster.de Thu Jul 24 09:44:51 2003 From: ipng@uni-muenster.de (Christian Schild) Date: 24 Jul 2003 10:44:51 +0200 Subject: [6bone] v6 and ADSL In-Reply-To: <1059033558.3052.74.camel@lemy.ipv6.uni-muenster.de> References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <3F1EC2DD.5070404@iprg.nokia.com> <1059033558.3052.74.camel@lemy.ipv6.uni-muenster.de> Message-ID: <1059036291.3052.86.camel@lemy.ipv6.uni-muenster.de> Am Don, 2003-07-24 um 09.59 schrieb Christian Schild: > Hi Fred, > > Am Mit, 2003-07-23 um 19.16 schrieb Fred Templin: > > I've been trying to get the word out on this, but perhaps it needs to be > > mentioned again. ISATAP can be used to connect a whole net; not just > > a single client as claimed below. For example, a residential gateway > > can configure an ISATAP client interface on it's link to the ISP and an > > ISATAP routing interface (and/or a native IPv6 routing interface) on > > it's link to the home network. The home network can have arbitrarily > > many clients; not just a single client. > > I am not sure, if I understood your scenario correctly, because the way > you described it here, it may not be possible to configure a residential > site. Well, I should check back with my collegues sitting next to me more often :-). I understand now, you want to advertise and route an additional prefix over the already established ISATAP connection. But I share Tinas thoughts that doing so one has to do much more additional configuration and I think 6to4 is the more natural solution in this scenario. So long, Christian -- JOIN - IP Version 6 in the WiN Christian Schild A DFN project Westfaelische Wilhelms-Universitaet Muenster http://www.join.uni-muenster.de Zentrum fuer Informationsverarbeitung Team: join@uni-muenster.de Roentgenstrasse 9-13 Priv: schild@uni-muenster.de D-48149 Muenster / Germany GPG-/PGP-Key-ID: 6EBFA081 Fon: +49 251 83 31638, fax: +49 251 83 31653 From wildfire@progsoc.uts.edu.au Thu Jul 24 14:12:13 2003 From: wildfire@progsoc.uts.edu.au (Anand Kumria) Date: Thu, 24 Jul 2003 23:12:13 +1000 Subject: [6bone] registrars supporting IPv6 AAAA Message-ID: <20030724131212.GF4797@yeenoghu.progsoc.uts.edu.au> All, It appears that MelbourneIT also support AAAA glue records for .com and .net. The process is manual, unfortunately. If you go via their website you need to select '.com, .net, .org Domains/Delegation/Redelgation: How do I register a name server to host Generic Top Level domain names?' As one of the support questions and enter it there. Or you may have luck emailing help@melbourneit.com.au directly. HTH, Anand -- `` We are shaped by our thoughts, we become what we think. When the mind is pure, joy follows like a shadow that never leaves. '' -- Buddha, The Dhammapada From cloos@jhcloos.com Thu Jul 24 18:58:24 2003 From: cloos@jhcloos.com (James H. Cloos Jr.) Date: 24 Jul 2003 13:58:24 -0400 Subject: [6bone] registrars supporting IPv6 AAAA In-Reply-To: <20030724131212.GF4797@yeenoghu.progsoc.uts.edu.au> References: <20030724131212.GF4797@yeenoghu.progsoc.uts.edu.au> Message-ID: >>>>> "Anand" == Anand Kumria writes: Anand> All, It appears that MelbourneIT also support AAAA glue records Anand> for .com and .net. The process is manual, unfortunately. While we are discussing this... I sucessfully had my registrar, gkg.net, add aaaa glue rrs for my .com a and .net domains. They are also doing it manually right now, but promise the next revision of their web interface will support it directly. -JimC From hank@att.net.il Mon Jul 28 15:58:21 2003 From: hank@att.net.il (Hank Nussbacher) Date: Mon, 28 Jul 2003 16:58:21 +0200 Subject: [6bone] [Article] U.S. shrugs off world's address shortage In-Reply-To: <16141.13646.546257.420062@switch.ch> Message-ID: <5.1.0.14.2.20030728165730.05951b80@max.att.net.il> http://news.com.com/2100-1033_3-5055803.html?tag=fd_lede1_hed -hank From ftemplin@IPRG.nokia.com Mon Jul 28 21:04:16 2003 From: ftemplin@IPRG.nokia.com (Fred Templin) Date: Mon, 28 Jul 2003 13:04:16 -0700 Subject: [6bone] v6 and ADSL References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <3F1EC2DD.5070404@iprg.nokia.com> <1059029992.28374.27.cam Message-ID: <3F2581C0.40909@iprg.nokia.com> Sorry for the late reply, due to being out of the office. See points for clarification below: Tina Strauf (JOIN Projekt Team) wrote: >Of course, what you say is true. Once you have an IPv6 connection to one >client whithin your net either natively, by ISATAP, normal configured >IPv6-in-IPv4-tunnel or 6to4 you can do with that whatever you want and >even get (another) prefix routed through it for addressing the rest of >the machines in the network. The original ISATAP client would then have >to be configured as IPv6 default gateway for the rest of the hosts etc. > What you say above is correct. >But afaik ISATAP was not especially designed for that purpose or >otherwise it would have included a (global) prefix being >delegated/assigned to the client as is the case with 6to4. > 6to4 uses a special prefix that embeds a global IPv4 address to be used for tunneling; 6to4 can be used if and only if the provider assigns the residential gateway a global IPv4 address. You are correct that ISATAP does not use such a special prefix, but ISATAP does not use any information in the prefix for tunneling purposes. ISATAP can in fact use any type of prefix, including native IPv6 and 6to4. >Your idea >might also a bit hard to do or at least requires some additional >scripting, at least if the client on the dialed-in part of the net >obtains a different IPv4-address every time. You might have to set up >the static route for the prefix on each dial-up anew. > Not sure where you mean about the static route being needed. The prefix is assigned to the ISATAP client on the residential gateway, e.g. via DHCPv6 prefix delegation from the service provider. Then, hosts that are using the ISATAP client as the IPv6 default gateway can configure addresses as specified in RFC 2462. Fred ftemplin@iprg.nokia.com > >Cheers, > >Tina Strauf > >Am Mit, 2003-07-23 um 19.16 schrieb Fred Templin: > > >>I've been trying to get the word out on this, but perhaps it needs to be >>mentioned again. ISATAP can be used to connect a whole net; not just >>a single client as claimed below. For example, a residential gateway >>can configure an ISATAP client interface on it's link to the ISP and an >>ISATAP routing interface (and/or a native IPv6 routing interface) on >>it's link to the home network. The home network can have arbitrarily >>many clients; not just a single client. >> >>The only other requirement in this case is that the residential gateway >>procure a prefix delegation for advertisement on the home network. >>The delegation could come from the ISP (e.g., through DHCPv6 >>prefix delegation) or through some fictitious provider-independent >>addressing scheme. >> >> From ftemplin@IPRG.nokia.com Mon Jul 28 21:07:28 2003 From: ftemplin@IPRG.nokia.com (Fred Templin) Date: Mon, 28 Jul 2003 13:07:28 -0700 Subject: [6bone] v6 and ADSL References: <000c01c350c0$d7c63560$0200a8c0@dryad> <1058942538.7392.17.camel@kummerog.uni-muenster.de> <009c01c350f9$bc5ebcf0$5801040a@lt38> <1058951486.7391.56.camel@kummerog.uni-muenster.de> <3F1EC2DD.5070404@iprg.nokia.com> <1059033558.3052.74.cam Message-ID: <3F258280.40103@iprg.nokia.com> Christian, As I mentioned in my reply to to Tina, 6to4 can only be used when the residential gateway is assigned a globally routeable IPv4 address and I agree is the more natural solution in that case. When a globally routeable IPv4 address is not available, alternative mechanisms (e.g., ISATAP) are needed. Fred ftemplin@iprg.nokia.com Christian Schild wrote: >Am Don, 2003-07-24 um 09.59 schrieb Christian Schild: > > >>Hi Fred, >> >>Am Mit, 2003-07-23 um 19.16 schrieb Fred Templin: >> >> >>>I've been trying to get the word out on this, but perhaps it needs to be >>>mentioned again. ISATAP can be used to connect a whole net; not just >>>a single client as claimed below. For example, a residential gateway >>>can configure an ISATAP client interface on it's link to the ISP and an >>>ISATAP routing interface (and/or a native IPv6 routing interface) on >>>it's link to the home network. The home network can have arbitrarily >>>many clients; not just a single client. >>> >>> >>I am not sure, if I understood your scenario correctly, because the way >>you described it here, it may not be possible to configure a residential >>site. >> >> > >Well, I should check back with my collegues sitting next to me more often :-). >I understand now, you want to advertise and route an additional prefix over >the already established ISATAP connection. > >But I share Tinas thoughts that doing so one has to do much more additional >configuration and I think 6to4 is the more natural solution in this scenario. > >So long, > Christian > > >