From tjc@ecs.soton.ac.uk Thu May 1 09:27:13 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Thu, 1 May 2003 09:27:13 +0100 Subject: [6bone] IPv6 SEAL COMPLIANCE - Adding value at your efforts In-Reply-To: References: Message-ID: <20030501082713.GA30676@login.ecs.soton.ac.uk> Hi Robson, The major testing organisations (ETSI, UNH, TAHI) have already agreed a programme for this purpose, which I believe will be described in more detail at the IPv6 Summit in Madrid on 12-14 May. The programme is "IPv6 Ready". I am sure they would welcome your input. Tim On Wed, Apr 30, 2003 at 07:50:52PM -0300, Robson Oliveira wrote: > Hi all, > > Today, we could increase the value of IPv6 compliance Company. Based on Y2K > example, I suggest we create an "IPv6 Seal Compliance" to add value at the > companies efforts. > > If your company/product is IPv6-enable, there are a lot of reasons to you > join us to describe the rules to create it and promote this initiative. I > believe the market will see this value before purchase any product. Let's > stop the chicken and egg discussion and promote the IPv6 Products. > > Cheers, > Robson Oliveira > CTO - IPv6 do Brasil > Email: > Phone: (55-11) 6693-5968 > Mobile: (55-11) 9866-0414 > > This electronic message and its attachments contain PRIVILEGED AND/OR > CONFIDENTIAL information, which may be subject to a legal privilege and may > constitute inside information. If the reader of this message is not the > intended recipient, you are hereby notified that your use or distribution of > such information, by copying or otherwise, is strictly prohibited. If you > have received this message in error, please notify me immediately by reply > electronic mail and then remove all traces of the electronic mail message > from your system. > From bob@thefinks.com Tue May 6 15:18:29 2003 From: bob@thefinks.com (Bob Fink) Date: Tue, 06 May 2003 07:18:29 -0700 Subject: [6bone] 6bone pTLA 3FFE:4018::/32 allocated to SAMART-TH Message-ID: <5.2.0.9.0.20030506071150.01f34b50@mail.addr.com> SAMART-TH has been allocated pTLA 3FFE:4018::/32 having finished its 2-week review period. Note that it will take a short while for their pTLA inet6num entry to appear in the 6bone registry as they have to create it themselves. However, their registration is listed on: [To create a reverse DNS registration in e.f.f.3.ip6.int for pTLAs, please send the prefix allocated above, and a list of at least two authoritative nameservers, to hostmaster@ep.net.] [Note: The effort to startup e.f.f.3.ip6.arpa is well underway with the draft http://www.ietf.org/internet-drafts/draft-ymbk-6bone-arpa-delegation-01.txt being processed by the IETF/IESG for BCP RFC. There will be an announcement of progress soon.] Thanks, Bob From cfaber@fpsn.net Fri May 9 21:55:19 2003 From: cfaber@fpsn.net (Colin Faber) Date: Fri, 09 May 2003 14:55:19 -0600 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking Message-ID: <3EBC15B7.F247F002@fpsn.net> Recently on the IPv4 internet there have been a small but growing number of cases of BGP hijacking by spammers / spam gangs to get around black lists and filters. Does/Is there anything in place with in the existing BGP+ protocol to prevent such things from happening. The reason I ask is simple. As the roll out of the v6 network continues you can guarantee that spammers will move to the v6 network following the rest of the E?SMTP's out there. -- Colin Faber (303) 859-1491 fpsn.net, Inc. * Black holes are where God divided by zero. * From jeroen@unfix.org Fri May 9 23:32:27 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 10 May 2003 00:32:27 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <3EBC15B7.F247F002@fpsn.net> Message-ID: <003a01c3167a$e0172420$210d640a@unfix.org> Colin Faber wrote: > Recently on the IPv4 internet there have been a small but > growing number of cases > of BGP hijacking by spammers / spam gangs to get around black > lists and filters. Based on the single stupid fact that there are active Ghost Routes (*1) out there and the fact that some 'admins' are very unresponsive (as in: don't reply) this would become dead easy in the future. I therefor sincerely hope that some people wake up and go fix their setups. It's also quite a bad thing that it doesn't really gets noticed by the owner of the affected prefixes. Fortunatly there are people who actually like their work and have a passion for it and they put a lot of time and effort into it and do actively filter bogus routes that are being announced. If and if only that was the common case. > Does/Is there anything in place with in the existing BGP+ > protocol to prevent such things from happening. There is RADB or simply the nice routemaps that are in the whois db's of the RIR's allowing one to easily generate filters based on the information represented there. But then still it's all about who to thrust which was also one of the major points seen on the NANOG list when they where discussing the topic you mentioned. Note that based on the information currently available in GRH, it could generate some very nice bogon maps. Then again, most if not all of the participants filter on at least known boundaries (*2). Thus the only thing that would be visible then would be unallocated spaces. Note that anyone can set a source ASN to match the allocated one and just announce that space, probably noone will notice it unless they filter their peers. But in the big transit-for-free-ipv6-cloud that it is now there is only minimal filtering in most AS's. Therefor I would always like people to read MIPP (*3) Btw: one day GRH might just do bogon listing, so be warned because obvious things will show up then :) Also note that RIS (*4) is also monitoring IPv6. Greets, Jeroen *1 = http://www.sixxs.net/tools/grh/ghosts/what/ *2 = http://www.space.net/~gert/RIPE/ipv6-filters.html *3 = http://ip6.de.easynet.net/ipv6-minimum-peering.txt *4 = http://www.ris.ripe.net From tvo@EnterZone.Net Sat May 10 00:03:39 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Fri, 9 May 2003 19:03:39 -0400 (EDT) Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <3EBC15B7.F247F002@fpsn.net> Message-ID: On Fri, 9 May 2003, Colin Faber wrote: > Recently on the IPv4 internet there have been a small but growing number of cases > of BGP hijacking by spammers / spam gangs to get around black lists and filters. > > Does/Is there anything in place with in the existing BGP+ protocol to prevent such > things from happening. > > The reason I ask is simple. As the roll out of the v6 network continues you can > guarantee that spammers will move to the v6 network following the rest of the > E?SMTP's out there. > > > -- > Colin Faber > (303) 859-1491 > fpsn.net, Inc. > * Black holes are where God divided by zero. * Colin, The measures for V6 are the same as for V4. If the friggin' providers would FILTER their customers responsibly, the hijackings wouldn't be possible! --- John Fraizer | High-Security Datacenter Services | President | Dedicated circuits 64k - 155M OC3 | EnterZone, Inc | Virtual, Dedicated, Colocation | http://www.enterzone.net/ | Network Consulting Services | From hultq@iafrica.com Sat May 10 11:43:38 2003 From: hultq@iafrica.com (Marc Hultquist) Date: Sat, 10 May 2003 12:43:38 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: Message-ID: I have to Agree with John on this Matter. IF the providers would be good enough to Filter the customers responsability, then there would not be a problem now would there? Living in South Africa, IPV6 is still a long way off but then again we dont have to many spamming or hacking attempts..... But as always yes. Sorry this is a rather arb post, I was just sitting here and decided to put in my two cents worth. -Marc Polykarbon SA http://www.polykarbon.co.za marc@polykarbon.co.za +27 82 549-5467 / +27 11 465-6515 From jeroen@unfix.org Sat May 10 14:25:12 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 10 May 2003 15:25:12 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: Message-ID: <004101c316f7$9681d490$210d640a@unfix.org> Marc Hultquist wrote: > I have to Agree with John on this Matter. IF the providers would be > good enough to Filter the customers responsability, then there would > not be a problem now would there? The Lazy Admin Problem(tm) :) > Living in South Africa, IPV6 is still a long way off but then again Why would IPv6 we be a long way off ? Okay let's test my geography >From http://www.sixxs.net/tools/grh/tla/all/?country=africa It appears that there are currently 2001:528::/32 TELKOMSAV6 2001:588::/32 UU-IPV6-1-ZA 2001:8f8::/32 AE-EMIRNET-20020920 2001:970::/32 TN-ATI-20021024 2001:528::/32 & 2001:8f8::/32 have not been detected by GRH though the other 2 are visible. It's not much but it is something. Africa probably needs even more IPv6 advocacy than the US :) Greets, Jeroen From gert@space.net Sat May 10 22:18:41 2003 From: gert@space.net (Gert Doering) Date: Sat, 10 May 2003 23:18:41 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <004101c316f7$9681d490$210d640a@unfix.org>; from jeroen@unfix.org on Sat, May 10, 2003 at 03:25:12PM +0200 References: <004101c316f7$9681d490$210d640a@unfix.org> Message-ID: <20030510231841.D78586@Space.Net> Hi, On Sat, May 10, 2003 at 03:25:12PM +0200, Jeroen Massar wrote: > It appears that there are currently > > 2001:528::/32 TELKOMSAV6 > 2001:588::/32 UU-IPV6-1-ZA > 2001:8f8::/32 AE-EMIRNET-20020920 > 2001:970::/32 TN-ATI-20021024 The last two are arabian emirates, and tunesia - which is quite a way away from south africa. UUnet ZA looks very promising, though. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From hank@att.net.il Sun May 11 10:15:32 2003 From: hank@att.net.il (Hank Nussbacher) Date: Sun, 11 May 2003 11:15:32 +0200 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <20021220103729.C27796@iprg.nokia.com> References: <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <20021220173646.ED4287E3A@beowulf.gw.com> Message-ID: <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> BT and JPNIC/WIDE are both announcing these prefixes: mcast#sho bgp ipv6 inc BGP table version is 479, local router ID is 192.114.99.52 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 2001:200::/35 3FFE:2000:0:41D::22F 0 559 6830 1752 ? *> 2001:798:2020:10DD::1 0 20965 11537 2500 i * 2001:200::/32 3FFE:2000:0:41D::22F 0 559 6830 1752 ? *> 2001:798:2020:10DD::1 0 20965 11537 2500 i It looks like WIDE does "own" this: inet6num: 2001:200::/32 netname: WIDE-JP-19990813 descr: WIDE project country: JP remarks: upgraded from /35 admin-c: JM46-AP tech-c: AK27-AP tech-c: KN9-AP status: ALLOCATED PORTABLE notify: kato@wide.ad.jp notify: kenken@sfc.wide.ad.jp mnt-by: APNIC-HM mnt-lower: MAINT-JP-WIDE changed: hm-changed@apnic.net 20030423 source: APNIC so the question is why is BT announcing this and how come prefix filters aren't stopping this? -Hank From jeroen@unfix.org Sun May 11 12:30:24 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 11 May 2003 13:30:24 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <00a801c31796$d495b4a0$12741ec4@batty> Message-ID: <001201c317b0$b7e0ecc0$210d640a@unfix.org> Marc Hultquist [mailto:hultq@iafrica.com] wrote: > I have to take my comments back on the sa being a long way > off on the IPV6 scene. > It was stupid and as was pointed out to me by someone I was > completly in the wrong in my comments. Well that's not exactly the right way to wing it either. As even though there are allocations this doesn't mean at all that you can get access to it... So go advocate it to your upstreams. IPv6 to the *WHOLE* world! Greets, Jeroen > ----- Original Message ----- > From: "Jeroen Massar" > To: "'Marc Hultquist'" ; "'6Bone'" > <6bone@mailman.isi.edu> > Sent: Saturday, May 10, 2003 3:25 PM > Subject: RE: [6bone] (OT but Relevant) Recent spammer tactics - BGP > Hijacking > > > Marc Hultquist wrote: > > > I have to Agree with John on this Matter. IF the providers would be > > good enough to Filter the customers responsability, then there would > > not be a problem now would there? > > The Lazy Admin Problem(tm) :) > > > Living in South Africa, IPV6 is still a long way off but then again > > Why would IPv6 we be a long way off ? > > Okay let's test my geography > From http://www.sixxs.net/tools/grh/tla/all/?country=africa > > It appears that there are currently > > 2001:528::/32 TELKOMSAV6 > 2001:588::/32 UU-IPV6-1-ZA > 2001:8f8::/32 AE-EMIRNET-20020920 > 2001:970::/32 TN-ATI-20021024 > > 2001:528::/32 & 2001:8f8::/32 have not been detected by GRH though > the other 2 are visible. It's not much but it is something. > Africa probably needs even more IPv6 advocacy than the US :) > > Greets, > Jeroen > > > > > From jeroen@unfix.org Sun May 11 12:44:44 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 11 May 2003 13:44:44 +0200 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> Message-ID: <001a01c317b2$b8491280$210d640a@unfix.org> Hank Nussbacher wrote: > BT and JPNIC/WIDE are both announcing these prefixes: Did you contact them directly? > mcast#sho bgp ipv6 inc Check http://www.sixxs.net/tools/grh/lg/?prefix=2001:200::/32&matchtype=more or http://www.sixxs.net/tools/grh/lg/?prefix=2001:200::/32&matchtype=more&s how=origins to show just the origins of these prefixes (for lazy people like me ;) Which boils down to: 2001:200::/35 1752 BT-CIN-AND-ADASTRAL 2001:200::/35 2500 JPNIC-ASBLOCK-AP 2001:200::/32 1752 BT-CIN-AND-ADASTRAL 2001:200::/32 2500 JPNIC-ASBLOCK-AP 2001:200:126::/48 10017 JPNIC-NET-JP-AS-BLOCK 2001:200:200::/40 4682 AS4682 2001:200:202::/64 10017 JPNIC-NET-JP-AS-BLOCK 2001:200:202::/48 10017 JPNIC-NET-JP-AS-BLOCK 2001:200:202:f::/64 10017 JPNIC-NET-JP-AS-BLOCK 2001:200:203::/48 9377 AS9377 2001:200:340::/48 9377 AS9377 2001:200:500::/40 9612 JPNIC-NET-JP-AS-BLOCK > so the question is why is BT announcing this and how come > prefix filters aren't stopping this? Because not very many ASN's apply filtering *at all*. Let alone filter something that could, even how odd, be legit. The two /64's in the above table should never be seen as 10017 could quite easily aggregate them into the /48 and even then... the /48 should not pop up globally. 2001:200:202::/48 > 3ffe:81d0:ffff:2::28 1000 6939 14277 3549 2915 2713 4682 10017 IGP 2001:200:202::/64 3ffe:81d0:ffff:2::28 1000 6939 6939 3549 2915 2713 4682 10017 unknown 2001:200:202:f::/64 3ffe:81d0:ffff:2::28 1000 6939 6939 3549 2915 2713 4682 10017 unknown This just shows how badly aggregation and filtering is done in the IPv6 world. Also note that the /64's are marked as coming from 'unknown' instead of IGP. So who is to blame here? Nobody, you are allowed to set up your own policies. It's your own network and if you care for it or not, alas... The bad part is that if everybody starts announcing (and not aggregating) their announcements, the routing table will explode. "Admins" should be reading and applying: Minimal IPv6 Peering (*1) by Robert Kießling Moving from 6bone to IPv6 Internet (*2) by Pekka Savola. Also I think that it is much worse that people don't even notice that their own address space is announced doubly/oddly etc or that it is ghosted without their knowledge. Greets, Jeroen *1 = http://ip6.de.easynet.net/ipv6-minimum-peering.txt *2 = http://www.ietf.org/internet-drafts/draft-savola-v6ops-6bone-mess-01.txt From mclin@sinica.edu.tw Mon May 12 04:55:31 2003 From: mclin@sinica.edu.tw (Ethern Lin) Date: Mon, 12 May 2003 11:55:31 +0800 Subject: [6bone] Dualing IPv6 announcements References: <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <20021220173646.ED4287E3A@beowulf.gw.com> <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> Message-ID: <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> This is for upgraded purpose. You can see when sTLA upgrade from /35 to /32, they will announce these two prefix in case lost their IPv6 block during the upgrade period. Ethern ASCC/TW ----- Original Message ----- From: "Hank Nussbacher" To: <6bone@mailman.isi.edu> Sent: Sunday, May 11, 2003 5:15 PM Subject: [6bone] Dualing IPv6 announcements > BT and JPNIC/WIDE are both announcing these prefixes: > > mcast#sho bgp ipv6 inc > BGP table version is 479, local router ID is 192.114.99.52 > Status codes: s suppressed, d damped, h history, * valid, > best, i - internal > Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > * 2001:200::/35 3FFE:2000:0:41D::22F > 0 559 6830 1752 ? > *> 2001:798:2020:10DD::1 > 0 20965 11537 > 2500 i > * 2001:200::/32 3FFE:2000:0:41D::22F > 0 559 6830 1752 ? > *> 2001:798:2020:10DD::1 > 0 20965 11537 > 2500 i > > It looks like WIDE does "own" this: > inet6num: 2001:200::/32 > netname: WIDE-JP-19990813 > descr: WIDE project > country: JP > remarks: upgraded from /35 > admin-c: JM46-AP > tech-c: AK27-AP > tech-c: KN9-AP > status: ALLOCATED PORTABLE > notify: kato@wide.ad.jp > notify: kenken@sfc.wide.ad.jp > mnt-by: APNIC-HM > mnt-lower: MAINT-JP-WIDE > changed: hm-changed@apnic.net 20030423 > source: APNIC > so the question is why is BT announcing this and how come prefix filters > aren't stopping this? > > -Hank > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From andy@ipng.org.uk Mon May 12 07:37:46 2003 From: andy@ipng.org.uk (Andy Furnell) Date: Mon, 12 May 2003 07:37:46 +0100 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: References: Message-ID: <20030512063746.GA20300@penfold.noc.clara.net> On Sat, May 10, 2003 at 12:43:38PM +0200, Marc Hultquist wrote: > > > I have to Agree with John on this Matter. IF the providers would be > good enough to Filter the customers responsability, then there would > not be a problem now would there? > This is a nice idea, but given that there's no IPv6 routing registry, the administrative overhead of manually generating filters can get seriously cumbersome (especially given that IPv6 efforts for most providers still seem to be done on a part-time basis). Granted any AS transiting another should apply suitable filters, but filtering peering routes and/or those heard from transit upstreams with suitable granularity to prevent BGP hijacking is a problem when the infrastructure is not in place do automate the process. Just my 2c :) A -- Andy Furnell andy@ipng.org.uk From gert@space.net Mon May 12 08:56:52 2003 From: gert@space.net (Gert Doering) Date: Mon, 12 May 2003 09:56:52 +0200 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw>; from mclin@sinica.edu.tw on Mon, May 12, 2003 at 11:55:31AM +0800 References: <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <20021220173646.ED4287E3A@beowulf.gw.com> <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> Message-ID: <20030512095652.L78586@Space.Net> hi, On Mon, May 12, 2003 at 11:55:31AM +0800, Ethern Lin wrote: > This is for upgraded purpose. > You can see when sTLA upgrade from /35 to /32, they will > announce these two prefix in case lost their IPv6 block during > the upgrade period. It's understood why there is both the /35 and the /32. *That* part is clear. It's unclear why the two prefixes are announced by two different origin ASes (1752 and 11537). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert@space.net Mon May 12 09:24:48 2003 From: gert@space.net (Gert Doering) Date: Mon, 12 May 2003 10:24:48 +0200 Subject: [6bone] Update on IPv6 filter recommendation Message-ID: <20030512102448.Q78586@Space.Net> Hi, I have just added an update to the "strict" filter list of my IPv6 filter list recommendations on http://www.space.net/~gert/RIPE/ipv6-filters.html The new thing is that inside 2001:500::/29, the "strict" list is now permitting /48s. This is because 2001:500:: is used for ARIN microallocations, and /48s are the "normal" allocation boundary in there. Two networks are already announced from within that block, 2001:500::/48 and 2001:500:1::/48, and some ISPs promtly can't reach them due to too tight filtering. So if you filter very strictly, please adapt your filters for that block. (Thanks to Carlos Friacas for pointing that out to me). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From pekkas@netcore.fi Mon May 12 09:40:30 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 12 May 2003 11:40:30 +0300 (EEST) Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030512102448.Q78586@Space.Net> Message-ID: On Mon, 12 May 2003, Gert Doering wrote: > I have just added an update to the "strict" filter list of my IPv6 filter > list recommendations on http://www.space.net/~gert/RIPE/ipv6-filters.html > > The new thing is that inside 2001:500::/29, the "strict" list is now > permitting /48s. This is because 2001:500:: is used for ARIN > microallocations, and /48s are the "normal" allocation boundary in there. > > Two networks are already announced from within that block, 2001:500::/48 > and 2001:500:1::/48, and some ISPs promtly can't reach them due to > too tight filtering. > > So if you filter very strictly, please adapt your filters for that block. There is a danger that this uncoordinated madness will spread. There has been a proposal to extend the microallocation policy, but luckily enough it has been shot down. IMO, you should only let in 2001:500::/32 upto /48 if you really have to, and not the other blocks in the /29 (especially, don't let through exchange point addresses, under 2001:504::/32). Please refer to: http://www.arin.net/registration/ipv6/micro_alloc.html -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From gert@space.net Mon May 12 11:18:14 2003 From: gert@space.net (Gert Doering) Date: Mon, 12 May 2003 12:18:14 +0200 Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: ; from pekkas@netcore.fi on Mon, May 12, 2003 at 11:40:30AM +0300 References: <20030512102448.Q78586@Space.Net> Message-ID: <20030512121814.R78586@Space.Net> Hi, On Mon, May 12, 2003 at 11:40:30AM +0300, Pekka Savola wrote: > > The new thing is that inside 2001:500::/29, the "strict" list is now > > permitting /48s. This is because 2001:500:: is used for ARIN > > microallocations, and /48s are the "normal" allocation boundary in there. [..] > There is a danger that this uncoordinated madness will spread. I didn't imply that I *like* this microallocation policy - I think it's the wrong way to go. We have a root name server policy, and the individual regions should not do "other" microallocations, especially not for the root. Nevertheless it is happening, and I am just documenting things (right now). > There has > been a proposal to extend the microallocation policy, but luckily enough > it has been shot down. Could you give me some more background on that? What was the proposal, and why was it shot down? > IMO, you should only let in 2001:500::/32 upto /48 if you really have to, > and not the other blocks in the /29 (especially, don't let through > exchange point addresses, under 2001:504::/32). Please refer to: > http://www.arin.net/registration/ipv6/micro_alloc.html Thanks for pointing that out to me. I will update my documentation accordingly. (*done*) Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tjc@ecs.soton.ac.uk Mon May 12 11:28:46 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Mon, 12 May 2003 11:28:46 +0100 Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: References: <20030512102448.Q78586@Space.Net> Message-ID: <20030512102846.GF790@login.ecs.soton.ac.uk> On Mon, May 12, 2003 at 11:40:30AM +0300, Pekka Savola wrote: > > There is a danger that this uncoordinated madness will spread. There has > been a proposal to extend the microallocation policy, but luckily enough > it has been shot down. Indeed. There is a danger that once some exceptions are made, others will follow... Tim From pekkas@netcore.fi Mon May 12 11:35:25 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 12 May 2003 13:35:25 +0300 (EEST) Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030512121814.R78586@Space.Net> Message-ID: On Mon, 12 May 2003, Gert Doering wrote: > > There has > > been a proposal to extend the microallocation policy, but luckily enough > > it has been shot down. > > Could you give me some more background on that? What was the proposal, > and why was it shot down? Proposal: http://www.arin.net/policy/2003_4.html There are numerous problems with the proposal, even though it may have been well-intentioned: 1) waiving 200 /48 assignments could enable any 1-person consulting business with 1 customer to get a /32 2) micro-allocations are useless unless they're routed, and there is no community concensus that they're the right thing to do at the moment. 3) there kinds of policy changes should occur on a different level, like global-v6 mailing list and/or the IETF, not just one RIR. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From hank@att.net.il Mon May 12 16:40:07 2003 From: hank@att.net.il (Hank Nussbacher) Date: Mon, 12 May 2003 17:40:07 +0200 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <20030512095652.L78586@Space.Net> References: <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <20021220173646.ED4287E3A@beowulf.gw.com> <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> Message-ID: <5.1.0.14.2.20030512173942.01036e10@max.att.net.il> At 09:56 AM 12-05-03 +0200, Gert Doering wrote: Being looked into by BT offline. Does the group care to hear the results? -Hank >hi, > >On Mon, May 12, 2003 at 11:55:31AM +0800, Ethern Lin wrote: > > This is for upgraded purpose. > > You can see when sTLA upgrade from /35 to /32, they will > > announce these two prefix in case lost their IPv6 block during > > the upgrade period. > >It's understood why there is both the /35 and the /32. *That* part is clear. > >It's unclear why the two prefixes are announced by two different origin >ASes (1752 and 11537). > >Gert Doering > -- NetMaster >-- >Total number of prefixes smaller than registry allocations: 54495 (54267) > >SpaceNet AG Mail: netmaster@Space.Net >Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 >80807 Muenchen Fax : +49-89-32356-299 From michel@arneill-py.sacramento.ca.us Mon May 12 16:03:40 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Mon, 12 May 2003 08:03:40 -0700 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F7DE@server2000.arneill-py.sacramento.ca.us> > Pekka Savola wrote: > There is a danger that this uncoordinated madness will spread. Indeed it _is_ spreading already. I get a bunch of /64s, /48s, any kind of prefix if you can name it I get it already from some peering in North America when I drop my filters. > There has been a proposal to extend the microallocation policy, > but luckily enough it has been shot down. Fortunately it has although we can expect that there will be more tries. I will stay on the line of filtering anything that has not been approved by all 4 RIRs (LATNIC is live I hear). Michel. From jeroen@unfix.org Mon May 12 18:07:42 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 12 May 2003 19:07:42 +0200 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <5.1.0.14.2.20030512173942.01036e10@max.att.net.il> Message-ID: <001a01c318a9$0149cfa0$210d640a@unfix.org> Hank Nussbacher wrote: > At 09:56 AM 12-05-03 +0200, Gert Doering wrote: > > Being looked into by BT offline. Does the group care to hear > the results? Any insight is always a good thing, maybe they had a very special reason for doing so and maybe we can learn something from it. Greets, Jeroen > >On Mon, May 12, 2003 at 11:55:31AM +0800, Ethern Lin wrote: > > > This is for upgraded purpose. > > > You can see when sTLA upgrade from /35 to /32, they will > > > announce these two prefix in case lost their IPv6 block during > > > the upgrade period. > > > >It's understood why there is both the /35 and the /32. > *That* part is clear. > > > >It's unclear why the two prefixes are announced by two > different origin > >ASes (1752 and 11537). > > > >Gert Doering > > -- NetMaster > >-- > >Total number of prefixes smaller than registry allocations: > 54495 (54267) > > > >SpaceNet AG Mail: netmaster@Space.Net > >Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 > >80807 Muenchen Fax : +49-89-32356-299 > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From gert@space.net Mon May 12 19:12:22 2003 From: gert@space.net (Gert Doering) Date: Mon, 12 May 2003 20:12:22 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F504F7DE@server2000.arneill-py.sacramento.ca.us>; from michel@arneill-py.sacramento.ca.us on Mon, May 12, 2003 at 08:03:40AM -0700 References: <963621801C6D3E4A9CF454A1972AE8F504F7DE@server2000.arneill-py.sacramento.ca.us> Message-ID: <20030512201222.Y78586@Space.Net> Hi, On Mon, May 12, 2003 at 08:03:40AM -0700, Michel Py wrote: > Fortunately it has although we can expect that there will be more tries. > I will stay on the line of filtering anything that has not been approved > by all 4 RIRs (LATNIC is live I hear). LACNIC has allocated to /32s, as far as I can see. One is already visible (2001:1200::/32). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert@space.net Mon May 12 19:23:55 2003 From: gert@space.net (Gert Doering) Date: Mon, 12 May 2003 20:23:55 +0200 Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: ; from pekkas@netcore.fi on Mon, May 12, 2003 at 01:35:25PM +0300 References: <20030512121814.R78586@Space.Net> Message-ID: <20030512202355.Z78586@Space.Net> Hi, On Mon, May 12, 2003 at 01:35:25PM +0300, Pekka Savola wrote: > Proposal: > > http://www.arin.net/policy/2003_4.html Ah, that one. Actually like the first two proposals. Micro-Allocations are genuinely evil, though. > There are numerous problems with the proposal, even though it may have > been well-intentioned: > > 1) waiving 200 /48 assignments could enable any 1-person consulting > business with 1 customer to get a /32 This has come up in the RIPE region a while ago already (1.5 years?) and my response at that time was "so what?". In the RIPE region (which is different from ARIN), being sufficiently determined to wade through the paperwork, sign all the RIPE member contracts and pay the LIR fees could be considered enough prerequisite to get a /32. People didn't like that, though - as far as I remember, the loudest criticism came from the ARIN land. > 2) micro-allocations are useless unless they're routed, and there is no > community concensus that they're the right thing to do at the moment. Micro-Allocations are *bad*. I can see two exceptions that can be clearly defined and are really "exceptionable enough" (and not "just convenient") - that's IXPs, and root name servers. We have policies for those. All other Micro-Allocations boil down to inventing PI in one region only. > 3) there kinds of policy changes should occur on a different level, like > global-v6 mailing list and/or the IETF, not just one RIR. Yep. But still I think that something needs to be done... Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tvo@EnterZone.Net Mon May 12 20:17:36 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Mon, 12 May 2003 15:17:36 -0400 (EDT) Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <20030512063746.GA20300@penfold.noc.clara.net> Message-ID: On Mon, 12 May 2003, Andy Furnell wrote: > On Sat, May 10, 2003 at 12:43:38PM +0200, Marc Hultquist wrote: > > > > > > I have to Agree with John on this Matter. IF the providers would be > > good enough to Filter the customers responsability, then there would > > not be a problem now would there? > > > > This is a nice idea, but given that there's no IPv6 routing registry, > the administrative overhead of manually generating filters can get > seriously cumbersome (especially given that IPv6 efforts for most > providers still seem to be done on a part-time basis). Granted any AS > transiting another should apply suitable filters, but filtering peering > routes and/or those heard from transit upstreams with suitable > granularity to prevent BGP hijacking is a problem when the > infrastructure is not in place do automate the process. > > Just my 2c :) > > A Andy, Filtering on the transitAS<->transitAS side of things will always be painful and for most decent sized networks, it is not something that happens, even in the v4 world. Filtering "customer" or "customer-like" peering sessions is a different story though. If someone "doesn't have time" to implement responsible filtering on their customer sessions, they shouldn't IMNSHO be speaking BGP to begin with. With appropriate "customer" filters in place on the customer-facing edge, border filters on the peering border are something that in most cases are not needed. If someone "leaks" something to us once, we will help them establish appropriate policy to prevent future "leaks." If they do it twice, they face the wrath of "neighbor [x.x.x.x|xx:xx:xx:xx] shutdown" on our side. It tends to get them thinking in a more responsible manner and if NOT, they're not the kind of peer we wish to interact with. --- John Fraizer | High-Security Datacenter Services | President | Dedicated circuits 64k - 155M OC3 | EnterZone, Inc | Virtual, Dedicated, Colocation | http://www.enterzone.net/ | Network Consulting Services | From jeroen@unfix.org Mon May 12 20:27:04 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 12 May 2003 21:27:04 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030512201222.Y78586@Space.Net> Message-ID: <003601c318bc$78b56d20$210d640a@unfix.org> Gert Doering wrote: > On Mon, May 12, 2003 at 08:03:40AM -0700, Michel Py wrote: > > Fortunately it has although we can expect that there will > be more tries. > > I will stay on the line of filtering anything that has not > been approved > > by all 4 RIRs (LATNIC is live I hear). > > LACNIC has allocated to /32s, as far as I can see. One is already > visible (2001:1200::/32). Grmbl, those don't show up in http://www.ripe.net/ipv6/ipv6allocs.html :( Okay going to fix up the bogon filter so I will at least catch them on sight. http://www.sixxs.net/tools/grh/tla/lacnic/ : 2001:1200::/32 - 2002-12-19 - visible 2001:1208::/32 - 2003-02-03 - not visible Btw, we can have a small party I think: http://www.sixxs.net/tools/grh/tla/ now reads: 8<----------------------------- Prefix Length distribution The following prefixlengths are delegated by the above RIR's. 58x /24 56x /28 336x /32 50x /35 Totaling in 500 TLA prefixes. ------------------------------>8 500 TLA's over 54 countries! Also see http://www.sixxs.net/tools/grh/growth/ Graphs based on RIR's and a legend coming up ;) Greets, Jeroen From hultq@iafrica.com Sun May 11 09:24:58 2003 From: hultq@iafrica.com (Marc Hultquist) Date: Sun, 11 May 2003 10:24:58 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking References: <004101c316f7$9681d490$210d640a@unfix.org> Message-ID: <00a801c31796$d495b4a0$12741ec4@batty> I have to take my comments back on the sa being a long way off on the IPV6 scene. It was stupid and as was pointed out to me by someone I was completly in the wrong in my comments. Therefore I would just like to say sorry etc etc about any previous comments or statements I made. -- Marc Hultquist Polykarbon South Africa CEO marc@polykarbon.co.za +27 82 549-5467 / +27 11 465-6515 http://www.polykarbon.co.za General Enquiries: info@polykarbon.co.za ----- Original Message ----- From: "Jeroen Massar" To: "'Marc Hultquist'" ; "'6Bone'" <6bone@mailman.isi.edu> Sent: Saturday, May 10, 2003 3:25 PM Subject: RE: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking Marc Hultquist wrote: > I have to Agree with John on this Matter. IF the providers would be > good enough to Filter the customers responsability, then there would > not be a problem now would there? The Lazy Admin Problem(tm) :) > Living in South Africa, IPV6 is still a long way off but then again Why would IPv6 we be a long way off ? Okay let's test my geography >From http://www.sixxs.net/tools/grh/tla/all/?country=africa It appears that there are currently 2001:528::/32 TELKOMSAV6 2001:588::/32 UU-IPV6-1-ZA 2001:8f8::/32 AE-EMIRNET-20020920 2001:970::/32 TN-ATI-20021024 2001:528::/32 & 2001:8f8::/32 have not been detected by GRH though the other 2 are visible. It's not much but it is something. Africa probably needs even more IPv6 advocacy than the US :) Greets, Jeroen From jorgen-reply@hovland.cx Sun May 11 11:51:18 2003 From: jorgen-reply@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Sun, 11 May 2003 12:51:18 +0200 Subject: [6bone] Dualing IPv6 announcements References: <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <20021220173646.ED4287E3A@beowulf.gw.com> <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> Message-ID: <00d901c317ab$41199d30$1b29b3d5@klimax> Hi Hank Its not very unusal having multiple paths. But, I have no idea of if thats their intention. You can always ask WIDE... joergen ----- Original Message ----- From: "Hank Nussbacher" To: <6bone@mailman.isi.edu> Sent: Sunday, May 11, 2003 11:15 AM Subject: [6bone] Dualing IPv6 announcements > BT and JPNIC/WIDE are both announcing these prefixes: > > mcast#sho bgp ipv6 inc > BGP table version is 479, local router ID is 192.114.99.52 > Status codes: s suppressed, d damped, h history, * valid, > best, i - internal > Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > * 2001:200::/35 3FFE:2000:0:41D::22F > 0 559 6830 1752 ? > *> 2001:798:2020:10DD::1 > 0 20965 11537 > 2500 i > * 2001:200::/32 3FFE:2000:0:41D::22F > 0 559 6830 1752 ? > *> 2001:798:2020:10DD::1 > 0 20965 11537 > 2500 i > > It looks like WIDE does "own" this: > inet6num: 2001:200::/32 > netname: WIDE-JP-19990813 > descr: WIDE project > country: JP > remarks: upgraded from /35 > admin-c: JM46-AP > tech-c: AK27-AP > tech-c: KN9-AP > status: ALLOCATED PORTABLE > notify: kato@wide.ad.jp > notify: kenken@sfc.wide.ad.jp > mnt-by: APNIC-HM > mnt-lower: MAINT-JP-WIDE > changed: hm-changed@apnic.net 20030423 > source: APNIC > so the question is why is BT announcing this and how come prefix filters > aren't stopping this? > > -Hank > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From sekiya@wide.ad.jp Mon May 12 05:53:03 2003 From: sekiya@wide.ad.jp (Yuji Sekiya) Date: Mon, 12 May 2003 13:53:03 +0900 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> References: <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> Message-ID: At Mon, 12 May 2003 11:55:31 +0800, Ethern Lin wrote: Hello, This is Yuji Sekiya, WIDE Project. No, Hank might mean both of 2001:200::/32 and 2001:200::/35 prefixes are advertised from AS1752(BT). The prefixes are ours and AS1752 should not originate the prefixes. I can see there bugos prefixes on the below looking glass. http://nitrous.cmh.ipv6.enterzone.net/ If AS1752 advertises the prefixes, please stop it. BGP routing table entry for 2001:200::/35 25396 25396 25396 1752 3ffe:4005:0:1::26 from 3ffe:4005:0:1::26 (62.24.229.1) Origin incomplete, localpref 100, valid, external Community: 25396:1 25396:20 25396:300 25396:800 25396:1000 25396:8003 25396:8503 Last update: Tue May 6 09:47:43 2003 25396 25396 25396 1752 3ffe:4005:0:3::26 from 3ffe:4005:0:3::26 (195.22.134.2) Origin incomplete, localpref 100, valid, external Community: 25396:1 25396:20 25396:300 25396:800 25396:1000 25396:8003 25396:8503 Last update: Tue May 6 09:47:48 2003 Regards, -- Yuji Sekiya > This is for upgraded purpose. > You can see when sTLA upgrade from /35 to /32, they will > announce these two prefix in case lost their IPv6 block during > the upgrade period. > > Ethern > ASCC/TW > > ----- Original Message ----- > From: "Hank Nussbacher" > To: <6bone@mailman.isi.edu> > Sent: Sunday, May 11, 2003 5:15 PM > Subject: [6bone] Dualing IPv6 announcements > > > > BT and JPNIC/WIDE are both announcing these prefixes: > > > > mcast#sho bgp ipv6 inc > > BGP table version is 479, local router ID is 192.114.99.52 > > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal > > Origin codes: i - IGP, e - EGP, ? - incomplete > > > > Network Next Hop Metric LocPrf Weight Path > > * 2001:200::/35 3FFE:2000:0:41D::22F > > 0 559 6830 > 1752 ? > > *> 2001:798:2020:10DD::1 > > 0 20965 11537 > > 2500 i > > * 2001:200::/32 3FFE:2000:0:41D::22F > > 0 559 6830 > 1752 ? > > *> 2001:798:2020:10DD::1 > > 0 20965 11537 > > 2500 i > > > > It looks like WIDE does "own" this: > > inet6num: 2001:200::/32 > > netname: WIDE-JP-19990813 > > descr: WIDE project > > country: JP > > remarks: upgraded from /35 > > admin-c: JM46-AP > > tech-c: AK27-AP > > tech-c: KN9-AP > > status: ALLOCATED PORTABLE > > notify: kato@wide.ad.jp > > notify: kenken@sfc.wide.ad.jp > > mnt-by: APNIC-HM > > mnt-lower: MAINT-JP-WIDE > > changed: hm-changed@apnic.net 20030423 > > source: APNIC > > so the question is why is BT announcing this and how come prefix filters > > aren't stopping this? > > > > -Hank > > > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From tvo@EnterZone.Net Mon May 12 20:28:13 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Mon, 12 May 2003 15:28:13 -0400 (EDT) Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030512102846.GF790@login.ecs.soton.ac.uk> Message-ID: On Mon, 12 May 2003, Tim Chown wrote: > On Mon, May 12, 2003 at 11:40:30AM +0300, Pekka Savola wrote: > > > > There is a danger that this uncoordinated madness will spread. There has > > been a proposal to extend the microallocation policy, but luckily enough > > it has been shot down. > > Indeed. There is a danger that once some exceptions are made, others will > follow... > > Tim I don't think that an exception should be made for microallocations at all. To paraphrase what ARIN says, there is no guarantee that address space that they assign will be globally routable. --- John Fraizer | High-Security Datacenter Services | President | Dedicated circuits 64k - 155M OC3 | EnterZone, Inc | Virtual, Dedicated, Colocation | http://www.enterzone.net/ | Network Consulting Services | From cmartinez@protel.net.mx Mon May 12 21:27:32 2003 From: cmartinez@protel.net.mx (Carlos Alberto Martinez Arce) Date: Mon, 12 May 2003 14:27:32 -0600 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommen dation Message-ID: <081F7088B15CA74C9460BFBCF4174FBDAD0DC7@excnts0.intranet.protel.com.mx> Right! We Have now Working this 2001:1200::/32 with As 16531 We made the change ::/35 to ::/32 some months ago, __________________________ Operadora Protel S.A. C.V Carlos A. Martínez Arce Transporte IP Tel.- +52 55 53290926 www.protel.net.mx -----Mensaje original----- De: Gert Doering [mailto:gert@space.net] Enviado el: Lunes, 12 de Mayo de 2003 12:12 p.m. Para: Michel Py CC: 6bone@mailman.isi.edu Asunto: Re: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Hi, On Mon, May 12, 2003 at 08:03:40AM -0700, Michel Py wrote: > Fortunately it has although we can expect that there will be more tries. > I will stay on the line of filtering anything that has not been approved > by all 4 RIRs (LATNIC is live I hear). LACNIC has allocated to /32s, as far as I can see. One is already visible (2001:1200::/32). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 _______________________________________________ 6bone mailing list 6bone@mailman.isi.edu http://mailman.isi.edu/mailman/listinfo/6bone From gert@space.net Mon May 12 20:33:14 2003 From: gert@space.net (Gert Doering) Date: Mon, 12 May 2003 21:33:14 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <003601c318bc$78b56d20$210d640a@unfix.org>; from jeroen@unfix.org on Mon, May 12, 2003 at 09:27:04PM +0200 References: <20030512201222.Y78586@Space.Net> <003601c318bc$78b56d20$210d640a@unfix.org> Message-ID: <20030512213313.B78586@Space.Net> Hi, On Mon, May 12, 2003 at 09:27:04PM +0200, Jeroen Massar wrote: > > LACNIC has allocated to /32s, as far as I can see. One is already > > visible (2001:1200::/32). > > Grmbl, those don't show up in http://www.ripe.net/ipv6/ipv6allocs.html > :( No (database mirroring issue). RIPE people know about it and are working on it. > Okay going to fix up the bogon filter so I will at least catch them on > sight. :) > http://www.sixxs.net/tools/grh/tla/lacnic/ : > 2001:1200::/32 - 2002-12-19 - visible > 2001:1208::/32 - 2003-02-03 - not visible Yup :) > http://www.sixxs.net/tools/grh/tla/ now reads: > 8<----------------------------- > Prefix Length distribution > The following prefixlengths are delegated by the above RIR's. > > 58x /24 > 56x /28 > 336x /32 > 50x /35 > Totaling in 500 TLA prefixes. > ------------------------------>8 > > 500 TLA's over 54 countries! Oh, wow. Very impressive, this! Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From bmanning@ISI.EDU Mon May 12 22:23:49 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Mon, 12 May 2003 14:23:49 -0700 (PDT) Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: from Pekka Savola at "May 12, 3 01:35:25 pm" Message-ID: <200305122123.h4CLNnY25600@boreas.isi.edu> % 1) waiving 200 /48 assignments could enable any 1-person consulting % business with 1 customer to get a /32 that might be an issue. % 2) micro-allocations are useless unless they're routed, and there is no % community concensus that they're the right thing to do at the moment. routed to whom? I may have no desire to have you hear my routes % 3) there kinds of policy changes should occur on a different level, like % global-v6 mailing list and/or the IETF, not just one RIR. there is this fundamental logic flaw that there is a single global routing system. there is not and never has been. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From michel@arneill-py.sacramento.ca.us Tue May 13 03:55:40 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Mon, 12 May 2003 19:55:40 -0700 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F7E5@server2000.arneill-py.sacramento.ca.us> > Gert Doering wrote: > Micro-Allocations are *bad*. If they end up in the Global Routing Table, yes they are. > I can see two exceptions that can be clearly defined and are > really "exceptionable enough" (and not "just convenient") - > that's IXPs, and root name servers. We have policies for > those. Root name servers, no doubt. For IXPs, I do understand and support the need for micro-allocations but I am not convinced that they need to be announced in the GRT. > All other Micro-Allocations boil down to inventing PI > in one region only. Thank you. Michel. From hank@att.net.il Tue May 13 06:54:21 2003 From: hank@att.net.il (Hank Nussbacher) Date: Tue, 13 May 2003 07:54:21 +0200 Subject: [6bone] Dualing IPv6 announcements In-Reply-To: <20030512202618.A78586@Space.Net> References: <5.1.0.14.2.20030512173942.01036e10@max.att.net.il> <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> <20021220173646.ED4287E3A@beowulf.gw.com> <003a01c2a849$7b478980$210d640a@unfix.org> <20021220173646.ED4287E3A@beowulf.gw.com> <5.1.0.14.2.20030511110826.0104efb0@max.att.net.il> <018901c3183a$5993bcd0$b8016d8c@sinica.edu.tw> <20030512095652.L78586@Space.Net> <5.1.0.14.2.20030512173942.01036e10@max.att.net.il> Message-ID: <5.1.0.14.2.20030513075224.00fcf7d8@max.att.net.il> Here is BT's response (the problem has now disappeared): >Dear All, > >We are very sorry for causing this problem today. Our router was >miss-configured and resulted in this error, unfortunately I had to >attend a funeral today and only picked up this mail this evening, and >quickly resolved the problem. All should be OK now, but if not please >send a mail to info@uk6x.com where it will be picked up in a more timely >manner. > >Once again we apologise for the error, and problems it caused. > >Regards, >Stuart -Hank >Hi, > >On Mon, May 12, 2003 at 05:40:07PM +0200, Hank Nussbacher wrote: > > Being looked into by BT offline. Does the group care to hear the results? From andy@ipng.org.uk Tue May 13 07:58:31 2003 From: andy@ipng.org.uk (Andy Furnell) Date: Tue, 13 May 2003 07:58:31 +0100 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: References: <20030512063746.GA20300@penfold.noc.clara.net> Message-ID: <20030513065830.GA20717@penfold.noc.clara.net> On Mon, May 12, 2003 at 03:17:36PM -0400, John Fraizer wrote: > > Andy, > > Filtering on the transitAS<->transitAS side of things will always be > painful and for most decent sized networks, it is not something that > happens, even in the v4 world. Maybe not in the states, but RIPE NCC seem to be pushing very hard to have people make full use of the routing registries available. It may be impractical (and unecessary) for Tier 1s peering with each other to filter routes with such granularity, but there are plenty of other ISPs further down the food chain who filter down to individual prefixes/as-paths for their peers as well as their customers; filters which have served them well to protect not only their network but The Internet community at large. > Filtering "customer" or "customer-like" peering sessions is a different > story though. If someone "doesn't have time" to implement responsible > filtering on their customer sessions, they shouldn't IMNSHO be speaking > BGP to begin with. Apologies if my mail came across in the wrong way. I wasn't implying that people shouldn't filter customer routes... totally the opposite. > With appropriate "customer" filters in place on the customer-facing edge, > border filters on the peering border are something that in most cases are > not needed. In a perfect world this would be true. But mistakes do happen, and IME if you don't want these mistakes to affect you, you need to filter everywhere possible. It also encourages your peers to keep their information current in a routing registry, which in turn makes it much easier to verify information you can see from a given AS. > If someone "leaks" something to us once, we will help them establish > appropriate policy to prevent future "leaks." If they do it twice, they > face the wrath of "neighbor [x.x.x.x|xx:xx:xx:xx] shutdown" on our > side. It tends to get them thinking in a more responsible manner and if > NOT, they're not the kind of peer we wish to interact with. Sure, but can we at least agree that a routing registry for IPv6 prefixes would make this job a little easier? :) -- Andy Furnell andy@ipng.org.uk From johann@broadpark.no Tue May 13 12:52:01 2003 From: johann@broadpark.no (/* jsha */) Date: Tue, 13 May 2003 13:52:01 +0200 Subject: [6bone] Basic IPv6 on FreeBSD In-Reply-To: References: <20030225121926.1ba6d6fd.johann@broadpark.no> Message-ID: <20030513135201.1eb80a39.johann@broadpark.no> .:. Hello! I was wondering if anybody could tell me what's wrong with this configuration, and perhaps, if there has come any new documents for FreeBSD explaining a basic IPv6 tunnel setup. - # IPv6 NETWORK CONFIGURATION # gif_interfaces="gif0" gifconfig_gif0="213.187.181.70 192.16.124.2" ipv6_enable="YES" ipv6_gateway_enable="YES" ipv6_defaultrouter="-interface gif0" ipv6_network_interfaces="lnc0 ep0 gif0 lo0" ipv6_ifconfig_lnc0="3ffe:4008:1b::1200 prefixlen 48" ipv6_firewall_enable="YES" ipv6_firewall_type="open" rtadvd_enable="YES" rtadvd_interfaces="ep0" - lnc0 goes from server to ADSL modem, ep0 goes from server to workstation. I also keep getting this error message: cannot forward src fe80:0002::0240:f4ff:fe3d:a742, dst 2001:04f8:0:0002::000e, nxt 6, rcvif ep0, outif gif0 Tools such as ping6 and traceroute6 does not work. .:. Ciao! Regards, ---jsha From gert@space.net Tue May 13 14:18:12 2003 From: gert@space.net (Gert Doering) Date: Tue, 13 May 2003 15:18:12 +0200 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <20030513065830.GA20717@penfold.noc.clara.net>; from andy@ipng.org.uk on Tue, May 13, 2003 at 07:58:31AM +0100 References: <20030512063746.GA20300@penfold.noc.clara.net> <20030513065830.GA20717@penfold.noc.clara.net> Message-ID: <20030513151812.T78586@Space.Net> Hi, On Tue, May 13, 2003 at 07:58:31AM +0100, Andy Furnell wrote: [..] > > If someone "leaks" something to us once, we will help them establish > > appropriate policy to prevent future "leaks." If they do it twice, they > > face the wrath of "neighbor [x.x.x.x|xx:xx:xx:xx] shutdown" on our > > side. It tends to get them thinking in a more responsible manner and if > > NOT, they're not the kind of peer we wish to interact with. > > Sure, but can we at least agree that a routing registry for IPv6 > prefixes would make this job a little easier? :) People are working on RPSLng, and there should be something available "soon". As far as I understand, the RIPE folks already have some test server for that, so you can see how it looks like in whois output (rpslng.ripe.net, port 53001, rpslng-auto@ripe.net). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From jeroen@unfix.org Tue May 13 15:45:40 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 13 May 2003 16:45:40 +0200 Subject: [6bone] Basic IPv6 on FreeBSD In-Reply-To: <20030513135201.1eb80a39.johann@broadpark.no> Message-ID: <001201c3195e$550113a0$210d640a@unfix.org> /* jsha */ wrote: > # IPv6 NETWORK CONFIGURATION > # > gif_interfaces="gif0" > gifconfig_gif0="213.187.181.70 192.16.124.2" > ipv6_enable="YES" > ipv6_gateway_enable="YES" > ipv6_defaultrouter="-interface gif0" > ipv6_network_interfaces="lnc0 ep0 gif0 lo0" > ipv6_ifconfig_lnc0="3ffe:4008:1b::1200 prefixlen 48" A subnet should be a /64 if you want Radvd to work. > ipv6_firewall_enable="YES" > ipv6_firewall_type="open" > rtadvd_enable="YES" > rtadvd_interfaces="ep0" > - > > lnc0 goes from server to ADSL modem, ep0 goes from server to > workstation. I also keep getting this error message: > > cannot forward src fe80:0002::0240:f4ff:fe3d:a742, > dst 2001:04f8:0:0002::000e, > nxt 6, rcvif ep0, outif gif0 Quite clearly you cannot forward link local IP's. Configure a /64 on lnc0 and ep0 and gif0, configure radvd to the correct prefix, restart radvd, and it should work(tm) Though unless you use unnumbered tunnels you will be needing some addresses over the tunnel. You should show more details of your configuration and your network design ;) Greets, Jeroen From jeanthery@olympus-zone.net Tue May 13 16:25:31 2003 From: jeanthery@olympus-zone.net (=?iso-8859-1?Q?Jean_Th=E9ry?=) Date: Tue, 13 May 2003 17:25:31 +0200 Subject: [6bone] Basic IPv6 on FreeBSD References: <001201c3195e$550113a0$210d640a@unfix.org> Message-ID: <012101c31963$e3d83540$0202010a@teraii> Jeroen Massar wrote: > /* jsha */ wrote: > >> # IPv6 NETWORK CONFIGURATION >> # >> gif_interfaces="gif0" >> gifconfig_gif0="213.187.181.70 192.16.124.2" >> ipv6_enable="YES" >> ipv6_gateway_enable="YES" >> ipv6_defaultrouter="-interface gif0" >> ipv6_network_interfaces="lnc0 ep0 gif0 lo0" >> ipv6_ifconfig_lnc0="3ffe:4008:1b::1200 prefixlen 48" > > A subnet should be a /64 if you want Radvd to work. This is the same for rtadvd. >> ipv6_firewall_enable="YES" >> ipv6_firewall_type="open" >> rtadvd_enable="YES" >> rtadvd_interfaces="ep0" >> - >> >> lnc0 goes from server to ADSL modem, ep0 goes from server to >> workstation. I also keep getting this error message: >> >> cannot forward src fe80:0002::0240:f4ff:fe3d:a742, >> dst 2001:04f8:0:0002::000e, >> nxt 6, rcvif ep0, outif gif0 with rtadvd you can use an empty config file, the conf is made by rc.conf in this case for manual way just add : ifconfig [interface1] 3ffe:4008:1b:1:: prefixlen 64 anycast ifconfig [interface2] 3ffe:4008:1b:2:: prefixlen 64 anycast ex : ifconfig xl0 3ffe:4008:1b:1:: prefixlen 64 anycast ifconfig fxp0 3ffe:4008:1b:1:: prefixlen 64 anycast etc and start rtadvd with interface parameter ex : rtadvd fxp0 xl0 PS: don't use rtadvd and radvd at the same time! (are you using 2 dhcp daemon at the same time ?) PS2: if you're using IPF and DENY by default in the kernel, ensure the router advertisment pass the rules. > Quite clearly you cannot forward link local IP's. > Configure a /64 on lnc0 and ep0 and gif0, configure radvd > to the correct prefix, restart radvd, and it should work(tm) > Though unless you use unnumbered tunnels you will be needing > some addresses over the tunnel. You should show more details > of your configuration and your network design ;) > > Greets, > Jeroen > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone Cordialy, Jean Théry Network, Systems & Hosting Administration Olympus-Zone : www.olympus-zone.net From jeroen@unfix.org Tue May 13 16:42:59 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 13 May 2003 17:42:59 +0200 Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: Message-ID: <001c01c31966$566abc20$210d640a@unfix.org> John Fraizer wrote: > I don't think that an exception should be made for microallocations at > all. To paraphrase what ARIN says, there is no guarantee that address > space that they assign will be globally routable. You should note that that also goes for the rest of the allocations. 69/8 in IPv4 anyone ? :) If an ISP decides to filter it's their choice, it is also their network and their money (and isn't that what it is all about?) That's why it's also good that Gert notified us of this change. Let's hope rpslng will come soon and that everybody in IPv6 uses it correctly, that will be a big step forward for changes like these. Greets, Jeroen From tvo@EnterZone.Net Tue May 13 18:36:02 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Tue, 13 May 2003 13:36:02 -0400 (EDT) Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <001c01c31966$566abc20$210d640a@unfix.org> Message-ID: On Tue, 13 May 2003, Jeroen Massar wrote: > John Fraizer wrote: > > > I don't think that an exception should be made for microallocations at > > all. To paraphrase what ARIN says, there is no guarantee that address > > space that they assign will be globally routable. > > You should note that that also goes for the rest of the allocations. > 69/8 in IPv4 anyone ? :) The alloocations I have seen have problems out of 69/8 were not micro-allocations. They were /19's and /18's. I'm sure that there are a few /20's in there with a token /24 perhaps but, the ones I have knowledge of were _real_ allocations and not micro-allocations. The issue of reachability of those allocations was brought on NOT by people being filtered based on prefix length but because so many people were using outdated BOGON filters - filters that would have even blocked 69.0.0.0/8 had it been announced. > > If an ISP decides to filter it's their choice, it is also their > network and their money (and isn't that what it is all about?) How about this: If an ISP sees what a pile of crap the IPv4 tables have become and filters responsibly in v6, despite non-responsible allocations made by ARIN, I would tend to look at it as a responsible community member telling an irresponsible community member that we don't want IPv6 SWAMP space and the routing table bloat that it will lead to. > > That's why it's also good that Gert notified us of this change. > Let's hope rpslng will come soon and that everybody in IPv6 > uses it correctly, that will be a big step forward for changes > like these. > And I agree. It was nice that Gert notified us of the change. I am still not opening up my filters for those prefixes though. --- John Fraizer | High-Security Datacenter Services | President | Dedicated circuits 64k - 155M OC3 | EnterZone, Inc | Virtual, Dedicated, Colocation | http://www.enterzone.net/ | Network Consulting Services | From jeroen@unfix.org Tue May 13 19:09:21 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Tue, 13 May 2003 20:09:21 +0200 Subject: [6bone] Re: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: Message-ID: <000f01c3197a$c79b3cd0$210d640a@unfix.org> John Fraizer [mailto:tvo@EnterZone.Net] wrote: > On Tue, 13 May 2003, Jeroen Massar wrote: > > > John Fraizer wrote: > > > > > I don't think that an exception should be made for > microallocations at > > > all. To paraphrase what ARIN says, there is no guarantee > that address > > > space that they assign will be globally routable. > > > > You should note that that also goes for the rest of the allocations. > > 69/8 in IPv4 anyone ? :) > > The alloocations I have seen have problems out of 69/8 were not > micro-allocations. They were /19's and /18's. I'm sure that > there are a few /20's in there with a token /24 perhaps but, the ones I > have knowledge of were _real_ allocations and not micro-allocations. Yes, but what I meant is the fact that a RIR can't possibly guarantee routability of a prefix. Which was the case seen with 69/8. Even then if a big transit doesn't want to carry your prefix for $reason it won't be reachable either ;) Greets, Jeroen From michel@arneill-py.sacramento.ca.us Wed May 14 05:13:04 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Tue, 13 May 2003 21:13:04 -0700 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F7EE@server2000.arneill-py.sacramento.ca.us> Gert, > Gert Doering wrote: > I have just added an update to the "strict" filter list of > my IPv6 filter list recommendations on > http://www.space.net/~gert/RIPE/ipv6-filters.html Thanks for the heads-up. Some comments: > ipv6 prefix-list ipv6-ebgp-strict permit 3ffe::/18 ge 24 le 24 > ipv6 prefix-list ipv6-ebgp-strict permit 3ffe:4000::/18 ge 32 le 32 > ipv6 prefix-list ipv6-ebgp-strict permit 3ffe:8000::/22 ge 28 le 28 This part is fine. > ipv6 prefix-list ipv6-ebgp-strict permit 2001:500::/32 ge 48 le 48 It would be interesting to have more refinement here. What I mean is that I would be open to allow a /48 that contains a root server but not a /48 that serves an IXP. More details/specifics to what is inside 2001:500::/32 would be appreciated. > ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 35 le 35 I think this could be refined too. The range where /35s were originally allocated from is much smaller than 2001::/16. > ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 24 le 32 This could also be refined. Not all 2001::/16 has been delegated to RIRs. ARIN got a block, RIPE got a block, APNIC got a block, but there still is some undelegated space. The drawback of refining to that level is that it will inevitably induce a situation similar to 69/8 and will require maintenance, but the other side of that coin is that it would prevent people from hijacking prefixes from undelegated space. As an example and please correct me if wrong in the address I picked because it's all from memory, if I hijack and announce 2001:FEED::/32 that would pass your filter but this prefix can't be assigned to anybody now as it is not part of a larger block that has been delegated to a RIR, so it must be a hijack. Michel. From pekkas@netcore.fi Wed May 14 05:39:31 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Wed, 14 May 2003 07:39:31 +0300 (EEST) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F504F7EE@server2000.arneill-py.sacramento.ca.us> Message-ID: On Tue, 13 May 2003, Michel Py wrote: > > ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 24 le 32 > > This could also be refined. Not all 2001::/16 has been delegated to > RIRs. ARIN got a block, RIPE got a block, APNIC got a block, but there > still is some undelegated space. The drawback of refining to that level > is that it will inevitably induce a situation similar to 69/8 and will > require maintenance, but the other side of that coin is that it would > prevent people from hijacking prefixes from undelegated space. > > As an example and please correct me if wrong in the address I picked > because it's all from memory, if I hijack and announce 2001:FEED::/32 > that would pass your filter but this prefix can't be assigned to anybody > now as it is not part of a larger block that has been delegated to a > RIR, so it must be a hijack. RIR's have obtained multiple blocks, as they receive them in the chunks of /23's from IANA. (A thing I've complained about to IANA, btw.). So, they need a new one every 2^6 = 64 allocations. That's way too often, and maintenance would be a pain. With current mechanisms, there's always a way to hijack space (e.g. you could announce a slice of /32 from the /29 everyone has been reserved), we really can't avoid it using bogon filters.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From pekkas@netcore.fi Wed May 14 12:50:25 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Wed, 14 May 2003 14:50:25 +0300 (EEST) Subject: [6bone] 6BONE database entries for non-3FFE space? Message-ID: Hi, I'd like to hear what others have done with regard to this.. Currently, we only have the RIPE 2001:FOO::/32 space anymore. The assignments have been recorded in the RIPE database in the normal fashion, of course. (Of course, the situation is the same with ARIN/APNIC/.. space too, but just to take an example.) Have folks w/ production space kept the 6bone database http://www.viagenie.qc.ca/en/ipv6/registry/ and http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/ up-to-date especially regard to assigned /48 sites? Or is there a rough consensus to let it rot in pieces for non-3FFE address space? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From old_mc_donald@hotmail.com Wed May 14 13:58:09 2003 From: old_mc_donald@hotmail.com (Gav) Date: Wed, 14 May 2003 20:58:09 +0800 Subject: [6bone] IPv6 only Website. References: Message-ID: Hi All, Does anyone here run IPv6 only websites hosted on Apache2 ? I am trying to create a website accessible by v6 only addresses and the documentation from Apache regarding v6 addressing is about nil. Any pointers appreciated. Thanks Gav... --- Checked for Viruses (Viri) , Gav... Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.478 / Virus Database: 275 - Release Date: 6/05/2003 From david@IPRG.nokia.com Wed May 14 14:51:42 2003 From: david@IPRG.nokia.com (David Kessens) Date: Wed, 14 May 2003 06:51:42 -0700 Subject: [6bone] Re: [ipv6-wg@ripe.net] 6BONE database entries for non-3FFE space? In-Reply-To: ; from pekkas@netcore.fi on Wed, May 14, 2003 at 02:50:25PM +0300 References: Message-ID: <20030514065142.B16693@iprg.nokia.com> Pekka, On Wed, May 14, 2003 at 02:50:25PM +0300, ext Pekka Savola wrote: > > I'd like to hear what others have done with regard to this.. > > Currently, we only have the RIPE 2001:FOO::/32 space anymore. The > assignments have been recorded in the RIPE database in the normal fashion, > of course. (Of course, the situation is the same with ARIN/APNIC/.. space > too, but just to take an example.) > > Have folks w/ production space kept the 6bone database > > http://www.viagenie.qc.ca/en/ipv6/registry/ and > http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/ > > up-to-date especially regard to assigned /48 sites? > > Or is there a rough consensus to let it rot in pieces for non-3FFE address > space? I don't see much reason to duplicate data in the 6bone registry. This will only cause inconsistent data and that is not very desirable. However, I have a fairly large disk so I don't mind if people would like to this anyway. 'ipv6-site' objects are a completely different matter though. They describe actual routing information and there is at this point no alternative. In addition, we currently have a single unified registry in contrast to the situation with the ipv4 routing registries and we might want to keep it that way. David K. PS Followup mails should probably only go to the 6bone list since this is about the 6bone registry. --- From david@IPRG.nokia.com Wed May 14 15:00:18 2003 From: david@IPRG.nokia.com (David Kessens) Date: Wed, 14 May 2003 07:00:18 -0700 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <20030512063746.GA20300@penfold.noc.clara.net>; from andy@ipng.org.uk on Mon, May 12, 2003 at 07:37:46AM +0100 References: <20030512063746.GA20300@penfold.noc.clara.net> Message-ID: <20030514070018.A16776@iprg.nokia.com> Andy, On Mon, May 12, 2003 at 07:37:46AM +0100, Andy Furnell wrote: > On Sat, May 10, 2003 at 12:43:38PM +0200, Marc Hultquist wrote: > > > > > > I have to Agree with John on this Matter. IF the providers would be > > good enough to Filter the customers responsability, then there would > > not be a problem now would there? > > > > This is a nice idea, but given that there's no IPv6 routing registry, > the administrative overhead of manually generating filters can get > seriously cumbersome (especially given that IPv6 efforts for most > providers still seem to be done on a part-time basis). This is not entirely true. The 6bone registry does contain routing information. You can build filters using the 'prefix:' and 'origin:' attributes of the 6bone registry (note that multiple prefixes are allowed in the 'prefix:' attribute). However, just as with the ipv4 routing registry, this might not be a good idea to do with peers because of the absence of a netpolice department that enforces (correct) registrations in the registry (you should be able to enforce consistent data for your customers though). David K. --- From Daniel Austin" Message-ID: <033201c31a20$d56138a0$01aea8c0@DanLaptop> Hi Gav, We have our PHP mirror running successfully on both v4 and v6 using Apache 2.0.45 at http://uk.php.net/ Apache2 requires --enable-ipv6 on the configure line, and then the configuration is the same as IPv4 except that v6 addresses must be surrounded by square brackets. for example (from our apache2 config): --cut-- Listen [3ffe:4005:fefe::80:4]:80 NameVirtualHost [3ffe:4005:fefe::80:4]:80 ServerName uk.php.net ServerAdmin daniel@kewlio.net DocumentRoot /usr/home/phpmirror/public_html php_value include_path .:/usr/home/phpmirror/public_html/include ErrorLog /usr/home/phpmirror/error_log CustomLog /usr/home/phpmirror/access_log combined DirectoryIndex index.php ErrorDocument 404 /error/index.php ErrorDocument 403 /error/index.php ErrorDocument 401 /error/index.php AddType application/octet-stream .chm .bz2 .tgz AddType application/x-pilot .prc .pdb SetEnv MIRROR_LANGUAGE "en" SetEnv HTSEARCH_PROG /usr/local/htdig/bin/htphp.sh SetEnv HTSEARCH_EXCLUDE "/print/ /printwn/ /manual/howto/ /cal.php" # next line is only necessary if generating stats (see stats/README.stats) Alias /stats/ /usr/home/phpmirror/public_html/stats/ #SetEnv MIRROR_STATS 1 --cut-- With Thanks, Daniel Austin, Managing Director, Kewlio.net Limited. ----- Original Message ----- From: "Gav" To: <6bone@ISI.EDU> Sent: Wednesday, May 14, 2003 1:58 PM Subject: [6bone] IPv6 only Website. > Hi All, > > Does anyone here run IPv6 only websites hosted on Apache2 ? > > I am trying to create a website accessible by v6 only addresses and > the documentation from Apache regarding v6 addressing is about nil. > > Any pointers appreciated. > > Thanks > > Gav... > > > --- > Checked for Viruses (Viri) , Gav... > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.478 / Virus Database: 275 - Release Date: 6/05/2003 > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From old_mc_donald@hotmail.com Wed May 14 15:55:42 2003 From: old_mc_donald@hotmail.com (Gav) Date: Wed, 14 May 2003 22:55:42 +0800 Subject: [6bone] IPv6 only Website. References: <033201c31a20$d56138a0$01aea8c0@DanLaptop> Message-ID: ----- Original Message ----- From: "Daniel Austin" | Hi Gav, | | We have our PHP mirror running successfully on both v4 and v6 using Apache 2.0.45 at http://uk.php.net/ Almost, I couldnt get on it when I tried. :( | | Apache2 requires --enable-ipv6 on the configure line, Until I get a spare computer with a *nix flavour put on I am using Windows XP , but I found the equivant command and the service is installed, but again comes up with resolver errors to do with my 2002: address (see below) and then the configuration is the same as IPv4 except that v6 addresses must | be surrounded by square brackets. | | for example (from our apache2 config): | | --cut-- | Listen [3ffe:4005:fefe::80:4]:80 | NameVirtualHost [3ffe:4005:fefe::80:4]:80 | | | With Thanks, | | Daniel Austin, | Managing Director, | Kewlio.net Limited. | | Thanks for the reply, Ok so I now need to give you a bit more info as the above did not work for me, neither did Marco's (couger?) thanks for your reply also. At the moment I am using the wildcard catch all for my addresses as I have 4 sites running in VirtualHost containers and I have a dynamic IP, but correct me if I am wrong, I keep the same IPv6 address I have been given don't I ? Otherwise I need a v6 capable dynamic updater. (Or wait until I get a permanent v4 allocation in November). So I have Listen 80 (Apache docs say this will catch v6 addresses also, then mentions using Listen [::]:80 which didn't work either) NameVirtualHost * .. .. .. I have tried adding ip address based lines for Listen, NameVitrualHost and VirtualHost , leaving the others available on *. The Server does not start. The v6 address I am trying to use is 2002:9089:e04a::9089:e04a. Now , if I miss out the Listen directive and leave the rest in, the server will start, but the site does not work, opens the default site instead. The logs are telling me "No host data of that type was found: Cannot resolve host name [0000:0000:9089:e04a] --- ignoring!" I don't think the prognosis is a good one My setup is a bit of a mess at the minute, but I don't know any better how to set up my v6 side of things, you will notice a bridge etc :- Ethernet adapter Local Area Connection 5: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 144.137.224.74 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::4645:53ff:fe54:7777%4 Default Gateway . . . . . . . . . : 144.137.224.74 Ethernet adapter Network Bridge (Network Bridge): Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 2002:c0a8:1:5:3da1:f127:4d8c:bba3 IP Address. . . . . . . . . . . . : 2002:c0a8:1:5:d02a:edf6:49be:edba IP Address. . . . . . . . . . . . : 2002:c0a8:1:5:40:d0ff:fe2a:af71 IP Address. . . . . . . . . . . . : fe80::40:d0ff:fe2a:af71%5 Default Gateway . . . . . . . . . : 192.168.0.1 Tunnel adapter 6to4 Tunnelling Pseudo-Interface: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 2002:9089:e04a::9089:e04a Default Gateway . . . . . . . . . : 2002:c058:6301:: 2002:836b:213c:1:e0:8f08:f020:8 Tunnel adapter Automatic Tunnelling Pseudo-Interface: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : fe80::5efe:144.137.224.74%2 Default Gateway . . . . . . . . . : Tunnel adapter Automatic Tunnelling Pseudo-Interface: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.1%2 Default Gateway . . . . . . . . . : Interface 5: Ethernet: Network Bridge (Network Bridge) {1B48439E-824B-4AFE-B2B8-D8149CF2AEA2} zones: link 5 site 2 uses Neighbor Discovery uses Router Discovery sends Router Advertisements forwards packets link-layer address: 02-40-d0-2a-af-71 preferred global 2002:c0a8:1:5:3da1:f127:4d8c:bba3, life 47h53m52s/23m52s (a nonymous) deprecated global 2002:c0a8:1:5:d02a:edf6:49be:edba, life 47h53m52s/0s (anon ymous) preferred global 2002:c0a8:1:5:40:d0ff:fe2a:af71, life 47h53m52s/23m52s (pub lic) preferred link-local fe80::40:d0ff:fe2a:af71, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:ff2a:af71, 2 refs, last reporter multicast interface-local ff01::2, 1 refs, not reportable multicast link-local ff02::2, 1 refs, last reporter multicast site-local ff05::2, 1 refs, last reporter multicast link-local ff02::1:ffbe:edba, 1 refs, last reporter multicast link-local ff02::1:ff00:0, 1 refs, last reporter anycast global 2002:c0a8:1:5:: multicast link-local ff02::1:ff8c:bba3, 1 refs, last reporter link MTU 1500 (true link MTU 1500) current hop limit 128 reachable time 22000ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 4: Ethernet: Local Area Connection 5 {DD381E0E-7F09-45B7-8539-C531BEAD0731} uses Neighbor Discovery uses Router Discovery link-layer address: 44-45-53-54-77-77 preferred link-local fe80::4645:53ff:fe54:7777, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:ff54:7777, 1 refs, last reporter link MTU 1454 (true link MTU 1454) current hop limit 128 reachable time 28500ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 3: 6to4 Tunneling Pseudo-Interface {A995346E-9F3E-2EDB-47D1-9CC7BA01CD73} does not use Neighbor Discovery does not use Router Discovery forwards packets routing preference 1 preferred global 2002:9089:e04a::9089:e04a, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 30000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Interface 2: Automatic Tunneling Pseudo-Interface {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery does not use Router Discovery forwards packets routing preference 1 EUI-64 embedded IPv4 address: 0.0.0.0 router link-layer address: 0.0.0.0 preferred link-local fe80::5efe:144.137.224.74, life infinite preferred link-local fe80::5efe:192.168.0.1, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 19000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Interface 1: Loopback Pseudo-Interface {6BD113CC-5EC2-7638-B953-0B889DA72014} does not use Neighbor Discovery does not use Router Discovery link-layer address: preferred link-local ::1, life infinite preferred link-local fe80::1, life infinite link MTU 1500 (true link MTU 4294967295) current hop limit 128 reachable time 31000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Can this be improved, I am trying to use the correct v6 address ? Thanks for your help. Gav... --- Checked for Viruses (Viri) , Gav... Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.478 / Virus Database: 275 - Release Date: 6/05/2003 From andree@bos.nl Wed May 14 17:20:05 2003 From: andree@bos.nl (Andree Toonk) Date: Wed, 14 May 2003 18:20:05 +0200 Subject: [6bone] IPv6 only Website. In-Reply-To: References: Message-ID: <20030514162005.GA1903@wnet.bos.nl> On Wed, May 14, 2003 at 08:58:09PM +0800, Gav wrote: > Hi All, > > Does anyone here run IPv6 only websites hosted on Apache2 ? > > I am trying to create a website accessible by v6 only addresses and > the documentation from Apache regarding v6 addressing is about nil. > > Any pointers appreciated. Yes I do and it works fine. (I also use PHP on it). syntax is like this: Listen [2001:your:ipv6:address]:80 Listen [3FFE:your:ipv6:address]:80 NameVirtualHost [2001:your:ipv6:address] NameVirtualHost [3FFE:your:ipv6:address] ServerName www.ams-ix.net and a lot more, equal to the ipv4 config If you use a Linux server, you may have to use the "EnableSendfile Off" option, see http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile. There seems to be a bug in the sendfile call in (some)linux kernels (search for more info on google.com). Goodluck. Andree From jeroen@unfix.org Wed May 14 20:24:58 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Wed, 14 May 2003 21:24:58 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <70076506-85E8-11D7-BDC5-000393520ED8@kurtis.pp.se> Message-ID: <001701c31a4e$8213e8e0$210d640a@unfix.org> Kurt Erik Lindqvist [mailto:kurtis@kurtis.pp.se] wrote: > On måndag, maj 12, 2003, at 21:33 Europe/Stockholm, Gert > Doering wrote: > > >> > >> 500 TLA's over 54 countries! > > > > Oh, wow. Very impressive, this! > > Maybe we actually will hit 1000 rotues! :-) > > Another thing though : > > 4 790 829408 440969 18406 0 0 2w5d 424 > > > I only see 424 of these though. Anyone that have already started > mapping the times of when an allocation is made and when it > first shows up in the routing table? http://www.sixxs.net/tools/grh/tla/ With last seens atm, got to fish the first seens from the archive (show up as empty now). They will pop up later today :) Note that a 'first seen' is not very useful as it could pop up for a couple of minutes (even due to routing troubles) and then fade away again... When you follow the link behind the 'lastseen' you will see all the marks made where the prefix was originating from and over how many ASPaths it was detected. Greets, Jeroen From jeroen@unfix.org Wed May 14 20:36:07 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Wed, 14 May 2003 21:36:07 +0200 Subject: [6bone] IPv6 only Website. In-Reply-To: Message-ID: <001f01c31a50$1096f3e0$210d640a@unfix.org> Gav wrote: > At the moment I am using the wildcard catch all for my > addresses as I have 4 sites running in VirtualHost containers > and I have a dynamic IP, but correct me if I am wrong, I keep > the same IPv6 address I have been given don't I ? > Otherwise I need a v6 capable dynamic updater. (Or wait until I get a > permanent v4 allocation in November). As you have a dynamic IPv4 address your 6to4 address is also dynamic. > The v6 address I am trying to use is 2002:9089:e04a::9089:e04a. > > Now , if I miss out the Listen directive and leave the rest > in, the server > will start, but the site does not work, opens the default > site instead. > The logs are telling me "No host data of that type was found: > Cannot resolve > host name [0000:0000:9089:e04a] --- ignoring!" 9089:e94a translates to your public IPv4 address. Just use a "Listen 80" and a "NameVirtualHost *" > Ethernet adapter Network Bridge (Network Bridge): > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 192.168.0.1 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > IP Address. . . . . . . . . . . . : > 2002:c0a8:1:5:3da1:f127:4d8c:bba3 > IP Address. . . . . . . . . . . . : > 2002:c0a8:1:5:d02a:edf6:49be:edba > IP Address. . . . . . . . . . . . : > 2002:c0a8:1:5:40:d0ff:fe2a:af71 > IP Address. . . . . . . . . . . . : fe80::40:d0ff:fe2a:af71%5 > Default Gateway . . . . . . . . . : 192.168.0.1 Eek, a c0a8 = 192.168/16, 6to4 should not use a RFC1918 address IMHO. > Can this be improved, I am trying to use the correct v6 address ? The 2002:9089:e94a::/48 address is the correct one indeed. But it will change when you have a dynamic IPv4 endpoint. Greets, Jeroen From pekkas@netcore.fi Thu May 15 06:42:18 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Thu, 15 May 2003 08:42:18 +0300 (EEST) Subject: [6bone] Re: [ipv6-wg@ripe.net] 6BONE database entries for non-3FFE space? In-Reply-To: <20030514065142.B16693@iprg.nokia.com> Message-ID: On Wed, 14 May 2003, David Kessens wrote: > On Wed, May 14, 2003 at 02:50:25PM +0300, ext Pekka Savola wrote: > > > > I'd like to hear what others have done with regard to this.. > > > > Currently, we only have the RIPE 2001:FOO::/32 space anymore. The > > assignments have been recorded in the RIPE database in the normal fashion, > > of course. (Of course, the situation is the same with ARIN/APNIC/.. space > > too, but just to take an example.) > > > > Have folks w/ production space kept the 6bone database > > > > http://www.viagenie.qc.ca/en/ipv6/registry/ and > > http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/ > > > > up-to-date especially regard to assigned /48 sites? > > > > Or is there a rough consensus to let it rot in pieces for non-3FFE address > > space? > > I don't see much reason to duplicate data in the 6bone registry. This > will only cause inconsistent data and that is not very desirable. > However, I have a fairly large disk so I don't mind if people would > like to this anyway. Right. > 'ipv6-site' objects are a completely different matter though. They > describe actual routing information and there is at this point no > alternative. In addition, we currently have a single unified registry > in contrast to the situation with the ipv4 routing registries and we > might want to keep it that way. This was the actual point: the 6bone registry includes information that is not otherwise available, and may be useful (or not) to some. For example, some have (erroneuously) used it to measure the number of IPv6 sites in a country. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From hank@att.net.il Thu May 15 07:57:08 2003 From: hank@att.net.il (Hank Nussbacher) Date: Thu, 15 May 2003 08:57:08 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <001701c31a4e$8213e8e0$210d640a@unfix.org> References: <70076506-85E8-11D7-BDC5-000393520ED8@kurtis.pp.se> Message-ID: <5.1.0.14.2.20030515085141.010340b0@max.att.net.il> At 09:24 PM 14-05-03 +0200, Jeroen Massar wrote: >Kurt Erik Lindqvist [mailto:kurtis@kurtis.pp.se] wrote: > > > On måndag, maj 12, 2003, at 21:33 Europe/Stockholm, Gert > > Doering wrote: > > > > >> > > >> 500 TLA's over 54 countries! > > > > > > Oh, wow. Very impressive, this! > > > > Maybe we actually will hit 1000 rotues! :-) > > > > Another thing though : > > > > 4 790 829408 440969 18406 0 0 2w5d 424 > > > > > > I only see 424 of these though. Anyone that have already started > > mapping the times of when an allocation is made and when it > > first shows up in the routing table? > >http://www.sixxs.net/tools/grh/tla/ > >With last seens atm, got to fish the first seens from >the archive (show up as empty now). They will pop up >later today :) Note that a 'first seen' is not very useful >as it could pop up for a couple of minutes (even due to >routing troubles) and then fade away again... >When you follow the link behind the 'lastseen' you will see >all the marks made where the prefix was originating from >and over how many ASPaths it was detected. This keeps turning into an ever more useful page. Kudos to the author! What are the RIRs doing to reclaim all those "red" lines of allocations that have never once appeared in a routing table? I would say all assignments from before Jan 2002 and that have "never" in the "last seen" column are ripe for revocation. Question is, why hasn't this been done before and has this been discussed so far? -Hank >Greets, > Jeroen > >_______________________________________________ >6bone mailing list >6bone@mailman.isi.edu >http://mailman.isi.edu/mailman/listinfo/6bone From bmanning@ISI.EDU Thu May 15 07:29:40 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Wed, 14 May 2003 23:29:40 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <5.1.0.14.2.20030515085141.010340b0@max.att.net.il> from Hank Nussbacher at "May 15, 3 08:57:08 am" Message-ID: <200305150629.h4F6TeY10497@boreas.isi.edu> % >http://www.sixxs.net/tools/grh/tla/ % > % >With last seens atm, got to fish the first seens from % >the archive (show up as empty now). They will pop up % >later today :) Note that a 'first seen' is not very useful % >as it could pop up for a couple of minutes (even due to % >routing troubles) and then fade away again... % >When you follow the link behind the 'lastseen' you will see % >all the marks made where the prefix was originating from % >and over how many ASPaths it was detected. % % This keeps turning into an ever more useful page. Kudos to the author! % % What are the RIRs doing to reclaim all those "red" lines of allocations % that have never once appeared in a routing table? I would say all % assignments from before Jan 2002 and that have "never" in the "last seen" % column are ripe for revocation. Question is, why hasn't this been done % before and has this been discussed so far? % % -Hank Well, in at least one case, 2001:0478, you should never see a /32 or /35 announcement. This prefix is used for exchange points and critical infrastructure and is delegated as /48s --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From andy@ipng.org.uk Thu May 15 09:25:44 2003 From: andy@ipng.org.uk (Andy Furnell) Date: Thu, 15 May 2003 09:25:44 +0100 Subject: [6bone] (OT but Relevant) Recent spammer tactics - BGP Hijacking In-Reply-To: <20030514070018.A16776@iprg.nokia.com> References: <20030512063746.GA20300@penfold.noc.clara.net> <20030514070018.A16776@iprg.nokia.com> Message-ID: <20030515082544.GA15985@penfold.noc.clara.net> On Wed, May 14, 2003 at 07:00:18AM -0700, David Kessens wrote: > > > Andy, > > On Mon, May 12, 2003 at 07:37:46AM +0100, Andy Furnell wrote: > > > > This is a nice idea, but given that there's no IPv6 routing registry, > > the administrative overhead of manually generating filters can get > > seriously cumbersome (especially given that IPv6 efforts for most > > providers still seem to be done on a part-time basis). > > This is not entirely true. The 6bone registry does contain routing > information. > > You can build filters using the 'prefix:' and 'origin:' attributes of > the 6bone registry (note that multiple prefixes are allowed in the > 'prefix:' attribute). > > However, just as with the ipv4 routing registry, this might not be a > good idea to do with peers because of the absence of a netpolice > department that enforces (correct) registrations in the registry (you > should be able to enforce consistent data for your customers though). > > David K. Not just this, but any information in these objects is instantly devalued as I can see no hierarchical authentication system in place (i.e. there's nothing to stop me putting whatever the hell I want in my ipv6site object... if my peers/upstreams are building their filters automagically from this information I've just gained the ability to hijack whatever space I want :) Interesting note about the RPSLng from Gert... Hopefully if the RIRs are able to adopt this quickly, enough pressure can be placed on ISPs to make sure their objects are kept up to date from the very beginning. Andy -- Andy Furnell andy@ipng.org.uk From hank@att.net.il Fri May 16 10:05:23 2003 From: hank@att.net.il (Hank Nussbacher) Date: Fri, 16 May 2003 12:05:23 +0300 (IDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: Message-ID: On Fri, 16 May 2003, leo vegoda wrote: > Hank Nussbacher writes: > > [...] > > >What are the RIRs doing to reclaim all those "red" lines of allocations > >that have never once appeared in a routing table?I would say all > >assignments from before Jan 2002 and that have "never"in the "last > >seen" column are ripe for revocation.Question is, why hasn't this > >been done before and has this been discussed so far? > > Is there a policy requirement that IPv6 prefixes allocated by RIRs must > be routed on The Internet? I've not found it in the current "IPv6 > Address Allocation and Assignment Policy". Is there such a requirement for IPv4 prefixes? If yes (and I would hope so, otherwise why would anyone want RFC1918 addresses when one can get "real" IPs), then I think the same should apply for IPv6 prefixes. > > Regards, > > -- > leo vegoda > RIPE NCC > Registration Services > -Hank From bmanning@ISI.EDU Fri May 16 13:31:45 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 16 May 2003 05:31:45 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: from Hank Nussbacher at "May 16, 3 12:05:23 pm" Message-ID: <200305161231.h4GCVjU19629@boreas.isi.edu> % > Is there a policy requirement that IPv6 prefixes allocated by RIRs must % > be routed on The Internet? I've not found it in the current "IPv6 % > Address Allocation and Assignment Policy". % % Is there such a requirement for IPv4 prefixes? If yes (and I would hope % so, otherwise why would anyone want RFC1918 addresses when one can get % "real" IPs), then I think the same should apply for IPv6 prefixes. % % > leo vegoda % % -Hank there has never been a requirement that a prefix be routed or announced on the "Internet". --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From hank@att.net.il Fri May 16 14:01:42 2003 From: hank@att.net.il (Hank Nussbacher) Date: Fri, 16 May 2003 16:01:42 +0300 (IDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <200305161231.h4GCVjU19629@boreas.isi.edu> Message-ID: On Fri, 16 May 2003, Bill Manning wrote: > % > Is there a policy requirement that IPv6 prefixes allocated by RIRs must > % > be routed on The Internet? I've not found it in the current "IPv6 > % > Address Allocation and Assignment Policy". > % > % Is there such a requirement for IPv4 prefixes?If yes (and I would hope > % so, otherwise why would anyone want RFC1918 addresses when one can get > % "real" IPs), then I think the same should apply for IPv6 prefixes. > % > % > leo vegoda > % > % -Hank > > there has never been a requirement that a prefix berouted or > announced on the "Internet". In that case why does an ISP have to: 5.1.1.d: have a plan for making at least 200 /48 assignments to other organisations within two years. See: http://www.ripe.net/ripe/docs/ipv6policy.html -Hank > > --bill > Opinions expressed may not even be mine by the time you read them, and > certainly don't reflect those of any other entity (legal or otherwise). > Hank Nussbacher From gert@space.net Fri May 16 14:10:48 2003 From: gert@space.net (Gert Doering) Date: Fri, 16 May 2003 15:10:48 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <200305161231.h4GCVjU19629@boreas.isi.edu>; from bmanning@ISI.EDU on Fri, May 16, 2003 at 05:31:45AM -0700 References: <200305161231.h4GCVjU19629@boreas.isi.edu> Message-ID: <20030516151048.X67740@Space.Net> Hi, On Fri, May 16, 2003 at 05:31:45AM -0700, Bill Manning wrote: > there has never been a requirement that a prefix be routed or > announced on the "Internet". Yes, and 32 bits are enough for everybody :-) So maybe now is the time to look upon the way things have been done in the past and consider "is that the way we want to do them in the future"? The IPv6 policy as it stands now (which doesn't say that it's cast in stone or that it's a perfect policy - beware) gives IPv6 address space to entities that claim that they are going to use it to facilitate internet access for (200 and more) 3rd parties. So if that address space isn't visible, the prerequisites are not fulfilled, obviously, and it would be in the boundaries of the policy to take the address space back. As of today, I do not think that's useful. Why? Because people might just be slow in building their IPv6 networks, or have put their projects on hold (due to financial reasons). So being overly restrictive here is just hurting IPv6 deployment, for no gain. Something worth to do for someone with too much time on their hand is to figure out whether those companies that have non-visible address space actually still exist, or whether they went under - in which case it would kind of "automatically" fall back to the registry. But then this is certainly not a high priority job for the *registries* - they have more important forward thinking to do. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert@space.net Fri May 16 14:13:27 2003 From: gert@space.net (Gert Doering) Date: Fri, 16 May 2003 15:13:27 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: ; from hank@att.net.il on Fri, May 16, 2003 at 12:05:23PM +0300 References: Message-ID: <20030516151327.Y67740@Space.Net> Hi, On Fri, May 16, 2003 at 12:05:23PM +0300, Hank Nussbacher wrote: > Is there such a requirement for IPv4 prefixes? If yes (and I would hope > so, otherwise why would anyone want RFC1918 addresses when one can get > "real" IPs), then I think the same should apply for IPv6 prefixes. For IPv4, it's not a requirement. There are certain cases where uniqueness of IP addresses is a MUST (think "VPN connections in large enterprises" - RFC space quite often just leads to collisions and double NAT and more problems), but routeability in the network out there is really not needed, sometimes explicitely not wanted. For IPv4 *PA* space, it's kind of implicit, as the whole purpose of that is to facilitate internet access for an ISP and his customers. Nevertheless the same rule applies: sufficient reason to get address space is "uniquely number machines", not "make them visible outside" (BTDT). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From bmanning@ISI.EDU Fri May 16 14:18:56 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 16 May 2003 06:18:56 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: from Hank Nussbacher at "May 16, 3 04:01:42 pm" Message-ID: <200305161318.h4GDIug18052@boreas.isi.edu> % > % > there has never been a requirement that a prefix berouted or % > announced on the "Internet". % % In that case why does an ISP have to: % % 5.1.1.d: have a plan for making at least 200 /48 assignments to other % organisations within two years. % See: http://www.ripe.net/ripe/docs/ipv6policy.html % % -Hank One might ask Ripe... :) Of course, even if an entity does execute on its plan and makes at least 2002 /48 assignments to other organisations, what requirement is there that they (in toto) route/announce this prefix to anyone else? --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri May 16 14:20:24 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 16 May 2003 06:20:24 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030516151048.X67740@Space.Net> from Gert Doering at "May 16, 3 03:10:48 pm" Message-ID: <200305161320.h4GDKOc20346@boreas.isi.edu> % Hi, % % On Fri, May 16, 2003 at 05:31:45AM -0700, Bill Manning wrote: % > there has never been a requirement that a prefix be routed or % > announced on the "Internet". % % So if that address space isn't visible, the prerequisites are not % fulfilled, obviously, and it would be in the boundaries of the policy % to take the address space back. Visable to whom? --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From gert@space.net Fri May 16 14:35:41 2003 From: gert@space.net (Gert Doering) Date: Fri, 16 May 2003 15:35:41 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <200305161320.h4GDKOc20346@boreas.isi.edu>; from bmanning@ISI.EDU on Fri, May 16, 2003 at 06:20:24AM -0700 References: <20030516151048.X67740@Space.Net> <200305161320.h4GDKOc20346@boreas.isi.edu> Message-ID: <20030516153541.C67740@Space.Net> Hi, On Fri, May 16, 2003 at 06:20:24AM -0700, Bill Manning wrote: > % So if that address space isn't visible, the prerequisites are not > % fulfilled, obviously, and it would be in the boundaries of the policy > % to take the address space back. > Visable to whom? To the majority of the internet users (as you insist on claiming that there is nothing as "the global routing table"). The Internet is an *Inter*network. It's about connecting all of it together, not building small splinter networks that have no connectivity. There is currently no provision in the IPv6 policy for people that just want some local/VPN connectivity and no global routing. Maybe that needs changing as well. (Site-locals had some potential for "local" things, but they are dead, as far as I understand). David, could you put that on your list of things to consider? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tjc@ecs.soton.ac.uk Fri May 16 14:43:46 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Fri, 16 May 2003 14:43:46 +0100 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030516153541.C67740@Space.Net> References: <20030516151048.X67740@Space.Net> <200305161320.h4GDKOc20346@boreas.isi.edu> <20030516153541.C67740@Space.Net> Message-ID: <20030516134346.GD851@login.ecs.soton.ac.uk> On Fri, May 16, 2003 at 03:35:41PM +0200, Gert Doering wrote: > > The Internet is an *Inter*network. It's about connecting all of it > together, not building small splinter networks that have no connectivity. > There is currently no provision in the IPv6 policy for people that just > want some local/VPN connectivity and no global routing. Maybe that needs > changing as well. (Site-locals had some potential for "local" things, > but they are dead, as far as I understand). David, could you put that > on your list of things to consider? Absolutely, indeed if we're deprecating site locals, and its associated /10 prefix, we should probably be able to get /32 size globally unique prefixes that can be used in otherwise disconnected networks? (e.g. a large sensor network used by a utility provider) This seems a natural consequence of such a deprecation. Tim From kim@tac.nyc.ny.us Fri May 16 15:17:11 2003 From: kim@tac.nyc.ny.us (Kimmo Suominen) Date: Fri, 16 May 2003 10:17:11 -0400 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030516153541.C67740@Space.Net> from Gert Doering on Fri, 16 May 2003 15:35:41 +0200 References: <20030516151048.X67740@Space.Net> <200305161320.h4GDKOc20346@boreas.isi.edu> <20030516153541.C67740@Space.Net> Message-ID: <20030516141711.4F7C27E3A@beowulf.gw.com> I've used IPv4 space in the past to connect to extranet providers using unique addresses, without connecting to the Internet. Is such use not allowed in the IPv6 world? One must promise to advertise the addresses to the Internet to get an allocation? End to extranet providers? + Kim | From: Gert Doering | Date: Fri, 16 May 2003 15:35:41 +0200 | | Hi, | | On Fri, May 16, 2003 at 06:20:24AM -0700, Bill Manning wrote: | > % So if that address space isn't visible, the prerequisites are not | > % fulfilled, obviously, and it would be in the boundaries of the policy | > % to take the address space back. | > Visable to whom? | | To the majority of the internet users (as you insist on claiming that | there is nothing as "the global routing table"). | | The Internet is an *Inter*network. It's about connecting all of it | together, not building small splinter networks that have no connectivity. | | There is currently no provision in the IPv6 policy for people that just | want some local/VPN connectivity and no global routing. Maybe that needs | changing as well. (Site-locals had some potential for "local" things, | but they are dead, as far as I understand). David, could you put that | on your list of things to consider? | | Gert Doering | -- NetMaster | -- | Total number of prefixes smaller than registry allocations: 54495 (54267) | | SpaceNet AG Mail: netmaster@Space.Net | Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 | 80807 Muenchen Fax : +49-89-32356-299 | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone | From gert@space.net Fri May 16 15:22:07 2003 From: gert@space.net (Gert Doering) Date: Fri, 16 May 2003 16:22:07 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030516141711.4F7C27E3A@beowulf.gw.com>; from kim@tac.nyc.ny.us on Fri, May 16, 2003 at 10:17:11AM -0400 References: <20030516151048.X67740@Space.Net> <200305161320.h4GDKOc20346@boreas.isi.edu> <20030516153541.C67740@Space.Net> <20030516141711.4F7C27E3A@beowulf.gw.com> Message-ID: <20030516162207.F67740@Space.Net> Hi, On Fri, May 16, 2003 at 10:17:11AM -0400, Kimmo Suominen wrote: > I've used IPv4 space in the past to connect to extranet providers using > unique addresses, without connecting to the Internet. Is such use not > allowed in the IPv6 world? One must promise to advertise the addresses > to the Internet to get an allocation? End to extranet providers? I wouldn't go so far as to say "it's not allowed". What I am saying is that the current IPv6 allocation policy was made with the needs of people in mind that want to connect to "the global Internet", so there is no clear answer how to fulfill those people's needs. When the policy was made, people were still suggesting the use of site-local addresses for "non-global" usage. Site-locals seem to be dead, so there is a hole in the policies right now. Passing on the question from the registry point of view to the IETF people (Michael & co): what are your recommendations how this can be addressed (in the double sense)? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From bmanning@ISI.EDU Fri May 16 16:09:46 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 16 May 2003 08:09:46 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030516153541.C67740@Space.Net> from Gert Doering at "May 16, 3 03:35:41 pm" Message-ID: <200305161509.h4GF9kI23713@boreas.isi.edu> % Hi, % % On Fri, May 16, 2003 at 06:20:24AM -0700, Bill Manning wrote: % > % So if that address space isn't visible, the prerequisites are not % > % fulfilled, obviously, and it would be in the boundaries of the policy % > % to take the address space back. % > Visable to whom? % % To the majority of the internet users (as you insist on claiming that % there is nothing as "the global routing table"). does that majority have to include you or I? and show me the global routing table please? % The Internet is an *Inter*network. It's about connecting all of it % together, not building small splinter networks that have no connectivity. The Internet in one mesh of interconected networks that run the IP protocol suite. There are others. Military networks, Closed commercial networks, Financial networks, Research networks, ... its a long list. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From michel@arneill-py.sacramento.ca.us Fri May 16 16:50:53 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 16 May 2003 08:50:53 -0700 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F7F2@server2000.arneill-py.sacramento.ca.us> > Kimmo Suominen wrote: > I've used IPv4 space in the past to connect to extranet > providers using unique addresses, without connecting to the > Internet. Is such use not allowed in the IPv6 world? One > must promise to advertise the addresses to the Internet to > get an allocation? Although this is blurry (no explicit requirement) we can say that as of today, yes. But the space LIRs get is big enough to provide both Internet and extranet services. I don't see any extranet-only provider getting address space now though, and for multiple reasons. > Gert Doering wrote: > I wouldn't go so far as to say "it's not allowed". Me neither. Actually, I don't see why it should be forbidden, as long as one obtains the address space, which is the issue here. > When the policy was made, people were still suggesting the use > of site-local addresses for "non-global" usage. Site-locals > seem to be dead, so there is a hole in the policies right now. > Passing on the question from the registry point of view to the > IETF people (Michael & co): what are your recommendations how > this can be addressed (in the double sense)? [disclaimer: I do not represent the views of the IETF] This is a complex answer. First, let's not leave site-locals for dead yet. Technically, we do have site-locals using the "full usage" model, as defined by RFC 3513 that was just published. The current situation is that there is a "consensus" to deprecate them, which has pissed so many people that appeals are lined up for the next 2 years already (take-a-number if you want to appeal). There is no actual text to remove site-locals and it is expected that any text that would attempt to do that will be stalled and never go forward. In short: technically speaking we currently do have site-locals with an RFC in the standards track and I don't expect any change any time soon. That being said, the reason we got into this deadlock is that site-locals as currently defined do not please many people. If there is change in leadership within the IETF and work on site-locals is resumed (instead of trying to get "my way or no way") it is expected that site-locals will be restricted to a model that prohibits communication between sites. So, in any case I would not use site-locals for communication between sites. There are ideas floating around to make them globally unique, but this is for the purpose of avoiding renumbering when merging sites and not to provide site-to-site communication. Global addresses are required for that purpose, whether or not they are publicly routed or not. There are several proposals to provide PI-like addresses that are moving forward though. Michel. From Christian Lazo R." This is a multi-part message in MIME format. ------=_NextPart_000_0067_01C31BA5.F28656F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello list. I am working in proyect for install ipv6 in my country (Chile) the questions is=20 What is the best router for IPv6, Cisco or Juniper? say me your experience... In this moment my router is Linux+Zebra and my pTLA is 3ffe:400f::/32 thanx Christian. ************ Hola lista estoy trabajando en un proyecto para instalar ipv6 en Chile la pregunta es=20 cual es el mejos router para IPv6, Cisco o Juniper? cuentenme vustra experiencia.... En este momento mi router es un linux con Zebra y my pTLA es = 3ffe:400f::/32 gracias Christian. ------=_NextPart_000_0067_01C31BA5.F28656F0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello list.
I am working in  proyect for = install ipv6 in=20 my country (Chile)
 
the questions is
 
What is the best router for IPv6, Cisco = or=20 Juniper?
 
say me your experience...
In this moment my router is = Linux+Zebra  and=20 my pTLA is 3ffe:400f::/32
 
thanx
 
Christian.
************
Hola lista
estoy trabajando en un proyecto para = instalar ipv6=20 en Chile
la pregunta es
cual es el mejos router para IPv6, = Cisco o=20 Juniper?
cuentenme vustra = experiencia....
En este momento mi router es un linux = con Zebra y=20 my pTLA es 3ffe:400f::/32
gracias
 
 
Christian.
 
------=_NextPart_000_0067_01C31BA5.F28656F0-- From michel@arneill-py.sacramento.ca.us Fri May 16 22:24:58 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Fri, 16 May 2003 14:24:58 -0700 Subject: [6bone] RE: I-D ACTION:draft-fink-6bone-phaseout-01.txt Message-ID: <963621801C6D3E4A9CF454A1972AE8F5045843@server2000.arneill-py.sacramento.ca.us> Editorial: [ARCH] Hinden, R., S. Deering, "IP Version 6 Addressing Architecture", Internet Draft, , October 2002. Should be replaced with RFC 3513. Substantial: No further comments, should ship as soon as convenient. Michel. From dr@cluenet.de Sat May 17 03:13:44 2003 From: dr@cluenet.de (Daniel Roesen) Date: Sat, 17 May 2003 04:13:44 +0200 Subject: [6bone] Cisco or Juniper? In-Reply-To: <006a01c31bc7$79bfa330$83d85392@clazo>; from clazo@inf.uach.cl on Fri, May 16, 2003 at 12:23:24PM -0400 References: <006a01c31bc7$79bfa330$83d85392@clazo> Message-ID: <20030517041344.A28676@homebase.cluenet.de> On Fri, May 16, 2003 at 12:23:24PM -0400, Christian Lazo R. wrote: > What is the best router for IPv6, Cisco or Juniper? Juniper. You get production-quality software which runs IPv4 and IPv6 nicely along together. With Cisco, you have to run experimental software (although 12.2S is getting in the right direction and gives some hope). Most ISPs which are "doing some" IPv6 with Cisco tend to use seperate routers for IPv4 and IPv6 because they don't want to jeopardize IPv4 stability by using IOS 12.2T or 12.2S. People start to become more confident in IOS 12.2S though and begin to merge IPv4 and IPv6 routing platforms as 12.2S looks not-too-bad. My strong recommendation goes for Vendor J. Regards, Daniel (speaking only for himself) From ytti@teliafi.net Sat May 17 11:32:10 2003 From: ytti@teliafi.net (Saku Ytti) Date: Sat, 17 May 2003 13:32:10 +0300 Subject: [6bone] 6PE+Native Peer Message-ID: <20030517103210.GA26730@song.fi> I have 6PE speakers one of those is also RR, also I have one non 6PE. Also there are 3 native eBGP peers. When 6PE peers and 3 native eBGP peers are up everything works as expected. But when I setup peering with the 6PE RR and my non 6PE router 6PE peers start to go up/down. On 6PE this can be observed: May 17 10:20:13 UTC: %BGP-5-ADJCHANGE: neighbor 6PE-RR Up May 17 10:20:19 UTC: %BGP-5-ADJCHANGE: neighbor 6PE-RR Down BGP Notification sent May 17 10:20:19 UTC: %BGP-3-NOTIFICATION: sent to neighbor 6PE-RR 3/10 (illegal network) 1 bytes 10 FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0066 0200 0000 4F40 0101 0040 0200 8004 0400 0000 0040 0504 0000 0064 800A 0400 0027 1080 0904 3EEC 20CB 800E 2900 0204 1020 0106 E800 00FF FE00 0000 0000 0000 0100 8020 0106 E800 00FF FF00 0000 0000 0000 0210 2002 On 6PE-RR I see that the peering is on as long as there is somethng in the OutQ after it has been drained peering does down and back up. The native IPv6 peer works normally and if I remove it everything else works as expected. Do I need to use confereration to combine 6PE and native clouds in RR? Also has anyone succeeded running IPv6 in cisco 7200 port-channel? -- ++ytti, NOC monkey From ple@graduate.kmitl.ac.th Sun May 18 15:11:36 2003 From: ple@graduate.kmitl.ac.th (Warodom Werapun) Date: Sun, 18 May 2003 21:11:36 +0700 Subject: [6bone] =?TIS-620?Q?=EAIPv6_anycast=2E=2E=2E?= Message-ID: <3EC79498.7010407@graduate.kmitl.ac.th> Hello, I like to test 'anycast' address of IPv6. Could anyone tell me, how could I test it? eg. If I ping the anycast IPv6 address of computer. When that computer was down. Can it discovery new nearest node? Now, my computer is IPv6 ready. [using Redhat 8.0 with patch kernel IPv6] In contrast, I don't know all things about how to configure anycast address. I try to search in WWW, but no any infomation tell me about how to set it up. There are only infomation about how anycast address work. Thank you for your reply, - Warodom Werapun From ytti@teliafi.net Sun May 18 15:55:22 2003 From: ytti@teliafi.net (Saku Ytti) Date: Sun, 18 May 2003 17:55:22 +0300 Subject: [6bone] ?IPv6 anycast... In-Reply-To: <3EC79498.7010407@graduate.kmitl.ac.th> References: <3EC79498.7010407@graduate.kmitl.ac.th> Message-ID: <20030518145522.GA30057@song.fi> On (2003-05-18 21:11 +0700), Warodom Werapun wrote: > I like to test 'anycast' address of IPv6. > Could anyone tell me, how could I test it? On linux: ip link set sit0 up;ip addr add $(printf "2002:%02x%02x:%02x%02x::1" $(ip route get 192.88.99.1|head -n1|sed 's/\./ /g'|sed 's/.*src \([0-9 ]\+\).*/\1/')) dev sit0;ip -6 route add 2000::/3 via ::192.88.99.1 If that is not working you need to specify explicitly the 6to4 router, 6to4.sn.net might work :> Read rfc3068 for good explanation. -- ++ytti, NOC monkey From bob@thefinks.com Sun May 18 18:23:37 2003 From: bob@thefinks.com (Bob Fink) Date: Sun, 18 May 2003 10:23:37 -0700 Subject: [6bone] RE: I-D ACTION:draft-fink-6bone-phaseout-01.txt In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F5045843@server2000.arneill- py.sacramento.ca.us> Message-ID: <5.2.0.9.0.20030518102251.0353b1c0@mail.addr.com> At 02:24 PM 5/16/2003 -0700, Michel Py wrote: >Editorial: >[ARCH] Hinden, R., S. Deering, "IP Version 6 Addressing > Architecture", Internet Draft, arch-v3-11.txt>, October 2002. > >Should be replaced with RFC 3513. Thanks. I'll be getting the final (I hope) version out for forwarding this week. Bob From pim@ipng.nl Sun May 18 20:26:05 2003 From: pim@ipng.nl (Pim van Pelt) Date: Sun, 18 May 2003 21:26:05 +0200 Subject: [6bone] Cisco or Juniper? In-Reply-To: <006a01c31bc7$79bfa330$83d85392@clazo> References: <006a01c31bc7$79bfa330$83d85392@clazo> Message-ID: <20030518192605.GB6225@bfib.colo.bit.nl> On Fri, May 16, 2003 at 12:23:24PM -0400, Christian Lazo R. wrote: | Hello list. | I am working in proyect for install ipv6 in my country (Chile) | | the questions is | | What is the best router for IPv6, Cisco or Juniper? Juniper. The methods in which the IP2 handles incoming l2 frames makes the machine have unparalelled performance with filtering, forwarding, sampling, etc, of IPv6 frames. I have both Cisco 7200/7500 and Juniper based boxes in my network and I'm undoubtedly in favor of Juniper at this point in time. Some of the important (for me at least) features are, that all boxes share the same boot image. Each and every feature is guaranteed to function without performance issues, fully in hardware. The box runs a well documented and extremely lucid CLI which is totally interactable via XML (over ssh, ssl or plain text), even remotely via perl plugins. The box runs BSD as an operating system, which gives you full control over the router if you're used to Linux+Zebra. The cost of ownership as opposed to a ESR/GSR series router from Cisco is reasonable, but still take into account 40-50K USD for a small box. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From ple@graduate.kmitl.ac.th Mon May 19 04:24:13 2003 From: ple@graduate.kmitl.ac.th (Warodom Werapun) Date: Mon, 19 May 2003 10:24:13 +0700 Subject: [6bone] ?IPv6 anycast... In-Reply-To: <20030518145522.GA30057@song.fi> References: <3EC79498.7010407@graduate.kmitl.ac.th> <20030518145522.GA30057@song.fi> Message-ID: <3EC84E5D.8080102@graduate.kmitl.ac.th> Saku Ytti wrote: >> I like to test 'anycast' address of IPv6. >>Could anyone tell me, how could I test it? >> >> >On linux: >ip link set sit0 up;ip addr add $(printf "2002:%02x%02x:%02x%02x::1" $(ip >route get 192.88.99.1|head -n1|sed 's/\./ /g'|sed 's/.*src \([0-9 >]\+\).*/\1/')) dev sit0;ip -6 route add 2000::/3 via ::192.88.99.1 > It does not work yet. There is error message " No route to host". Nomally, I use 3ffe:b80:2:f5df::2 as my IPv6 address. And I already had 2000::/3 in routing table. ------------------------------------------------------ [root@graduate67 root]# ping6 www.kame.net PING www.kame.net(orange.kame.net) 56 data bytes 64 bytes from orange.kame.net: icmp_seq=1 ttl=55 time=625 ms [root@graduate67 root]# ifconfig eth0 |grep inet inet addr:161.246.6.217 Bcast:161.246.6.255 Mask:255.255.255.0 inet6 addr: fe80::260:67ff:fe66:b459/10 Scope:Link inet6 addr: 3ffe:b80:14fe:1::1/64 Scope:Global [root@graduate67 root]# ifconfig sit1 sit1 Link encap:IPv6-in-IPv4 inet6 addr: fe80::a1f6:6d9/10 Scope:Link inet6 addr: 2002::1/128 Scope:Global inet6 addr: 3ffe:b80:2:f5df::2/128 Scope:Global inet6 addr: 2002:a100::1/128 Scope:Global UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:58 errors:0 dropped:0 overruns:0 frame:0 TX packets:66 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:36282 (35.4 Kb) TX bytes:9740 (9.5 Kb) [root@graduate67 root]# more anycast.sh ip link set sit1 up;ip addr add $(printf "2002:%02x%02x:%02x%02x::1" $(ip route get 161.246.6.217 |head -n1|sed 's/\./ /g'|sed 's/.*src \([0-9]\+\).*/\1/')) dev sit1;ip -6 route add 2000::/3 via ::161.246.6.217 echo "ip link set sit1 up;ip addr add $(printf "2002:%02x%02x:%02x%02x::1" $(ip route get 161.246.6.217 |head -n1|sed 's/\./ / g'|sed 's/.*src \([0-9]\+\).*/\1/')) dev sit1;ip -6 route add 2000::/3 via ::161.246.6.217 " [root@graduate67 root]# ./anycast.sh RTNETLINK answers: No route to host ip link set sit1 up;ip addr add 2002:a100:0000::1 dev sit1;ip -6 route add 2000::/3 via ::161.246.6.217 ------------------------------------------------------ Does anycast IPv6 address need to begin with 2002:a100 prefix? Or anycast can be any Unicast addr number, is it? So, Does anycast involve with the routing only? Best Regards, - Warodom Werapun From gert@space.net Mon May 19 12:09:07 2003 From: gert@space.net (Gert Doering) Date: Mon, 19 May 2003 13:09:07 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F504F7EE@server2000.arneill-py.sacramento.ca.us>; from michel@arneill-py.sacramento.ca.us on Tue, May 13, 2003 at 09:13:04PM -0700 References: <963621801C6D3E4A9CF454A1972AE8F504F7EE@server2000.arneill-py.sacramento.ca.us> Message-ID: <20030519130907.T67740@Space.Net> Hi, ok, now to followup on this: On Tue, May 13, 2003 at 09:13:04PM -0700, Michel Py wrote: > > I have just added an update to the "strict" filter list of > > my IPv6 filter list recommendations on > > http://www.space.net/~gert/RIPE/ipv6-filters.html [..] > > ipv6 prefix-list ipv6-ebgp-strict permit 2001:500::/32 ge 48 le 48 > > It would be interesting to have more refinement here. What I mean is > that I would be open to allow a /48 that contains a root server but not > a /48 that serves an IXP. More details/specifics to what is inside > 2001:500::/32 would be appreciated. Unfortunately the ARIN database is too broken to permit queries like "tell me everything inside 2001:500::/32" (the RIPE and APNIC databases do this just fine). So you'll have to check them manually - tedious - or check http://www.arin.net/registration/ipv6/micro_alloc.html. Unfortunately, the URL only lists "those prefixes are allocated to IXPs" (from 2001:504::/32) and "those are for critical infrastructure" (from 2001:500::/32), but without specifying for *what* parts of the infrastructure... Checking the allocations individually with "whois", I find: 2001:500::/48 --> ISC 2001:500:1::/48 --> US Army Research/H-ROOT-NET 2001:500:2::/48 --> "Cogent Communications" 2001:500:3::/48 --> ICANN/L-ROOT-NET The docs on http://www.root-servers.org/ imply that 2001:500::/48 is also used as root name server network (F), and most likely the network for Cogent Communications will be used for (C). > > ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 35 le 35 > > I think this could be refined too. The range where /35s were originally > allocated from is much smaller than 2001::/16. Good point. I will try to figure out what /35s are still out there and adapt the (strict) filter accordingly. > > ipv6 prefix-list ipv6-ebgp-strict permit 2001::/16 ge 24 le 32 > > This could also be refined. Not all 2001::/16 has been delegated to > RIRs. ARIN got a block, RIPE got a block, APNIC got a block, but there > still is some undelegated space. The drawback of refining to that level > is that it will inevitably induce a situation similar to 69/8 and will > require maintenance, but the other side of that coin is that it would > prevent people from hijacking prefixes from undelegated space. Someone else already commented on this. As the address space is pretty sparsely populated, people still would be able to hijack addresses (like "2001:609::/32", which is adjacent to our /32, but right now just unallocated). So I'm not sure whether the drawbacks you mention are not really worth the gains. (Also, the IPv6 address allocation strategy IANA -> RIRs is currently so messy that quite frequent updates would be needed) > As an example and please correct me if wrong in the address I picked > because it's all from memory, if I hijack and announce 2001:FEED::/32 > that would pass your filter but this prefix can't be assigned to anybody > now as it is not part of a larger block that has been delegated to a > RIR, so it must be a hijack. Yes, this is true. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From jeroen@unfix.org Mon May 19 12:26:03 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 19 May 2003 13:26:03 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030519130907.T67740@Space.Net> Message-ID: <000f01c31df9$6f05a910$210d640a@unfix.org> Gert Doering wrote: > > This could also be refined. Not all 2001::/16 has been delegated to > > RIRs. ARIN got a block, RIPE got a block, APNIC got a > block, but there > > still is some undelegated space. The drawback of refining > to that level > > is that it will inevitably induce a situation similar to > 69/8 and will > > require maintenance, but the other side of that coin is > that it would > > prevent people from hijacking prefixes from undelegated space. > > Someone else already commented on this. As the address space > is pretty > sparsely populated, people still would be able to hijack addresses > (like "2001:609::/32", which is adjacent to our /32, but > right now just unallocated). *whisper in ear* not after tonight when the bogon reporting gets active :) Things that it does cover already: - unallocated prefixes - wrong source ASN's Though ofcourse one could bypass that when using the registered source ASN. That could be detected if we knew every 'upstream' for that prefix... Greets, Jeroen From gert@space.net Mon May 19 14:05:32 2003 From: gert@space.net (Gert Doering) Date: Mon, 19 May 2003 15:05:32 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: ; from ginny@arin.net on Mon, May 19, 2003 at 08:51:04AM -0400 References: <20030519130907.T67740@Space.Net> Message-ID: <20030519150532.F67740@Space.Net> Hi, On Mon, May 19, 2003 at 08:51:04AM -0400, ginny@arin.net wrote: > > Unfortunately the ARIN database is too broken to permit queries like > > "tell me everything inside 2001:500::/32" (the RIPE and APNIC databases > > do this just fine). So you'll have to check them manually - tedious - > > or check > > Currently ARIN WHOIS does not support CIDR queries. However, the > information you desire can be obtain. The best way to get this, would be > to query the following: [ query for '2001:0500:*' ] While "*" wildcards are somewhat counterintuitive in IP context, I'm glad to learn that there *is* a way to get the data. Others have pointed out to me that by querying the RIPE database for mirrored ARIN data whois -h whois.ripe.net -s arin -M -r 2001:500::/32 (with or without "-r") the data can be obtained as well. [..] > More information on how to use the ARIN WHOIS can be found in a tutorial > locate at: > http://www.arin.net/library/training/WHOIS_CBT/whois.htm Thanks. (ObNag: I still don't understand why ARIN just needs to do everything differently. Just using the RIPE output and query format would be so much easier than inventing every wheel anew. But then, I don't know all of the political background struggles...) Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From michel@arneill-py.sacramento.ca.us Mon May 19 16:26:11 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Mon, 19 May 2003 08:26:11 -0700 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F804@server2000.arneill-py.sacramento.ca.us> Folks, What is the word about an IPv6 bogon route server? The cymru one has only IPv4 for the time being. Jeroen or Gert, are you planning on something like this? Michel. > Jeroen Massar wrote: > *whisper in ear* not after tonight when the bogon reporting > gets active :) From ginny@arin.net Mon May 19 13:51:04 2003 From: ginny@arin.net (ginny@arin.net) Date: Mon, 19 May 2003 08:51:04 -0400 (EDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030519130907.T67740@Space.Net> Message-ID: On Mon, 19 May 2003, Gert Doering wrote: > > Unfortunately the ARIN database is too broken to permit queries like > "tell me everything inside 2001:500::/32" (the RIPE and APNIC databases > do this just fine). So you'll have to check them manually - tedious - > or check > Currently ARIN WHOIS does not support CIDR queries. However, the information you desire can be obtain. The best way to get this, would be to query the following: 2001:0500* 2001:0504* This would provide the information in list format. If you would like full details of all these allocations, query: +2001:0500* +2001:0504* More information on how to use the ARIN WHOIS can be found in a tutorial locate at: http://www.arin.net/library/training/WHOIS_CBT/whois.htm Ginny Listman Director of Engineering ARIN From ple@graduate.kmitl.ac.th Mon May 19 17:45:42 2003 From: ple@graduate.kmitl.ac.th (Warodom Werapun) Date: Mon, 19 May 2003 23:45:42 +0700 Subject: [6bone] Help: Cannot assign requested address? Message-ID: <3EC90A36.1040805@graduate.kmitl.ac.th> Why I got error message "Cannot assign requested address"? Tested on Linux Redhat 8.0, Kernel 2.4.20. [root@MN sysconfig]# ifconfig eth1 | grep inet6 inet6 addr: 3ffe:b80:1e99:2::2/64 Scope:Global inet6 addr: fe80::2e0:29ff:fe79:ff5/10 Scope:Link [root@MN sysconfig]# ping6 -I eth1 fe80::2e0:29ff:fe79:ff5 ping: bind icmp socket: Cannot assign requested address [root@MN sysconfig]# ping6 3ffe:b80:1e99:2::2 connect: Cannot assign requested address [root@MN sysconfig]# ping6 -I eth1 3ffe:b80:1e99:2::2 connect: Cannot assign requested address Thank you for reply - Warodom Werapun From ck@arch.bellsouth.net Mon May 19 18:25:39 2003 From: ck@arch.bellsouth.net (Christian Kuhtz) Date: Mon, 19 May 2003 13:25:39 -0400 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F504F804@server2000.arneill-py.sacramento.ca.us> References: <963621801C6D3E4A9CF454A1972AE8F504F804@server2000.arneill-py.sacramento.ca.us> Message-ID: <20030519172539.GB2469@ns1.arch.bellsouth.net> Michael, Why not ask Rob Thomas do the same for IPv6? We don't need to reinvent the wheel and have multiple sources for this stuff. Thanks, Christian On Mon, May 19, 2003 at 08:26:11AM -0700, Michel Py wrote: > Folks, > > What is the word about an IPv6 bogon route server? The cymru one has > only IPv4 for the time being. Jeroen or Gert, are you planning on > something like this? > > Michel. > > > Jeroen Massar wrote: > > *whisper in ear* not after tonight when the bogon reporting > > gets active :) > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From michel@arneill-py.sacramento.ca.us Mon May 19 18:58:22 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Mon, 19 May 2003 10:58:22 -0700 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F80B@server2000.arneill-py.sacramento.ca.us> Christian, > Christian Kuhtz wrote: > Why not ask Rob Thomas do the same for IPv6? I did and I know he's working on it. > We don't need to reinvent the wheel and have multiple > sources for this stuff. I'm not sure about that. - I like redundancy. - The IPv6 situation is quite different than the IPv4. In IPv4, the bogon list is constructed by taking out what is not allocated. In IPv6, this would not be enough as there are so many huge holes in allocated space that hijacking applies both to allocated and unallocated. - Therefore, things such as what Jeroen does which is a live analysis of the actual routing table have value. One can argue that the name for this would be a real-time blackholing table and not a bogon list, but nevertheless a route-server for these would be welcomed. Jeroen please correct me if I'm wrong but what you call a bogon is a route that you have actually seen in the GRT and that has no business there? So, I don't see any re-inventing of the wheel here. It is clear that Rob's IPv6 bogon list would include 4000::/4 and FE80::/10 among other things, but a more dynamic blocking such as what Jeroen could do would be welcomed too. Michel. From robt@cymru.com Mon May 19 20:04:50 2003 From: robt@cymru.com (Rob Thomas) Date: Mon, 19 May 2003 14:04:50 -0500 (CDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030519172539.GB2469@ns1.arch.bellsouth.net> Message-ID: Hi, team. ] Why not ask Rob Thomas do the same for IPv6? I'd be up for that, sure. We (Team Cymru) are actually working on an IPv6 bogon list, which will be used to generate the configuration for the IPv6 portion of the bogon route-servers. In related news, we will soon have three more bogon route-servers available. Thanks, Rob, for Team Cymru. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty); From gert@space.net Thu May 22 15:54:25 2003 From: gert@space.net (Gert Doering) Date: Thu, 22 May 2003 16:54:25 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <200305161509.h4GF9kI23713@boreas.isi.edu>; from bmanning@ISI.EDU on Fri, May 16, 2003 at 08:09:46AM -0700 References: <20030516153541.C67740@Space.Net> <200305161509.h4GF9kI23713@boreas.isi.edu> Message-ID: <20030522165425.A67740@Space.Net> Hi, On Fri, May 16, 2003 at 08:09:46AM -0700, Bill Manning wrote: > % On Fri, May 16, 2003 at 06:20:24AM -0700, Bill Manning wrote: > % > % So if that address space isn't visible, the prerequisites are not > % > % fulfilled, obviously, and it would be in the boundaries of the policy > % > % to take the address space back. > % > Visable to whom? > % > % To the majority of the internet users (as you insist on claiming that > % there is nothing as "the global routing table"). > > does that majority have to include you or I? Of course not - if I disconnect my PC, I can't reach anyone. But this side discussion isn't helpful in any way. > and show me the global routing table please? This is kinda difficult, as everybody has a local view of it, of course. > % The Internet is an *Inter*network. It's about connecting all of it > % together, not building small splinter networks that have no connectivity. > > The Internet in one mesh of interconected networks that run > the IP protocol suite. There are others. Military networks, > Closed commercial networks, Financial networks, Research networks, > ... its a long list. So what? If those networks decide to use different rules for IP/IPv6 address allocation and usage, why should we care? If they decide to become part of "The Internet", then they are part of the global routing table/system. Sorry, but I don't get your point. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert@space.net Thu May 22 16:25:25 2003 From: gert@space.net (Gert Doering) Date: Thu, 22 May 2003 17:25:25 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <963621801C6D3E4A9CF454A1972AE8F504F7F2@server2000.arneill-py.sacramento.ca.us>; from michel@arneill-py.sacramento.ca.us on Fri, May 16, 2003 at 08:50:53AM -0700 References: <963621801C6D3E4A9CF454A1972AE8F504F7F2@server2000.arneill-py.sacramento.ca.us> Message-ID: <20030522172525.B67740@Space.Net> Hi, On Fri, May 16, 2003 at 08:50:53AM -0700, Michel Py wrote: > > Passing on the question from the registry point of view to the > > IETF people (Michael & co): what are your recommendations how > > this can be addressed (in the double sense)? > > [disclaimer: I do not represent the views of the IETF] > > This is a complex answer. Thanks for the update. (I won't comment on the issues, as I'm sure most things I could comment have been said already) [..] > There are several proposals to provide PI-like addresses that are moving > forward though. Now that's another interesting sentence :-) - "end users" would *love* that (and it might turn out to be "the" incentive to go to IPv6). Do you have a pointer for me where I can read up on those proposals? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 54495 (54267) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From bmanning@ISI.EDU Thu May 22 18:36:21 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 22 May 2003 10:36:21 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <20030522165425.A67740@Space.Net> from Gert Doering at "May 22, 3 04:54:25 pm" Message-ID: <200305221736.h4MHaLs15424@boreas.isi.edu> % > and show me the global routing table please? % % This is kinda difficult, as everybody has a local view of it, of course. er, not really. my view is "global" in the sense that it represents my total scope of reachability. e.g. I can send a packet to anywhere in my table view. Not in my view, not in the "global" system. Anything outside that view is in private space as far as I can tell. Should I insist that if I can't see it, then folks should renumber into private space? % % > % The Internet is an *Inter*network. It's about connecting all of it % > % together, not building small splinter networks that have no connectivity. % > % > The Internet in one mesh of interconected networks that run % > the IP protocol suite. There are others. Military networks, % > Closed commercial networks, Financial networks, Research networks, % > ... its a long list. % % So what? % % If those networks decide to use different rules for IP/IPv6 address % allocation and usage, why should we care? % % If they decide to become part of "The Internet", then they are part of % the global routing table/system. Hum... where to begin. First off, it seems that you are making the assertion that entities will make the unconnected/connected transition -once- which emperical evidence suggests is not always true. In the past decade, there is a significant body of evidence that networks and nodes are gaining mobility. part of that mobility is that they "disconnect" from all or part of the net for periods of time, sometimes for milliseconds, sometimes for months/years. recognising this as a basic feature of internetworking, one would hope that a consistant suite of addressing guidelines would be applicable, regardless of the state of "connectedness". anyway, thats why I care. % Sorry, but I don't get your point. you are not alone. :) % Gert Doering % -- NetMaster % -- % Total number of prefixes smaller than registry allocations: 54495 (54267) % % SpaceNet AG Mail: netmaster@Space.Net % Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 % 80807 Muenchen Fax : +49-89-32356-299 % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From pekkas@netcore.fi Thu May 22 20:22:07 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Thu, 22 May 2003 22:22:07 +0300 (EEST) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <200305221736.h4MHaLs15424@boreas.isi.edu> Message-ID: On Thu, 22 May 2003, Bill Manning wrote: > % So what? > % > % If those networks decide to use different rules for IP/IPv6 address > % allocation and usage, why should we care? > % > % If they decide to become part of "The Internet", then they are part of > % the global routing table/system. > > Hum... where to begin. First off, it seems that you are making the > assertion that entities will make the unconnected/connected transition > -once- which emperical evidence suggests is not always true. In the > past decade, there is a significant body of evidence that networks > and nodes are gaining mobility. part of that mobility is that > they "disconnect" from all or part of the net for periods of time, > sometimes for milliseconds, sometimes for months/years. > > recognising this as a basic feature of internetworking, one would > hope that a consistant suite of addressing guidelines would be > applicable, regardless of the state of "connectedness". It's fine to request address space for private networks. It's fine to connect such private networks to some other networks, even one sometimes referred to as the Internet, frequently or infrequently. However, it is not fine to assume you could any form of addressing at all and expect it to be reachable. If you connect to the Internet, you play by its rules, not by the rules of your private networks. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From bmanning@ISI.EDU Thu May 22 21:03:40 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 22 May 2003 13:03:40 -0700 (PDT) Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: from Pekka Savola at "May 22, 3 10:22:07 pm" Message-ID: <200305222003.h4MK3eQ06106@boreas.isi.edu> % > recognising this as a basic feature of internetworking, one would % > hope that a consistant suite of addressing guidelines would be % > applicable, regardless of the state of "connectedness". % % It's fine to request address space for private networks. I will try once more. All networks are inherently both public and private. And the addressing for such networks should follow a plan so that when when they are "connected" the prefixes can be routed w/o excessive pain. No network in my experience is always connected, always public. And the ability to have a prefix routed is always dependant on the agreements betwen peering parties, which agreements are bilateral. % If you connect to the Internet, you play by its rules, not by the rules of % your private networks. if you connect to (ISP), you play by their rules. when I connect to an ISP, I play by their rules. when ISPs connect to me, they play by my rules. I don't connect to "the Internet", I connect to other entities using IP protocols. Sometimes the agreements entered into allow each of us to transit information about the connection (prefixes etc.) to our other clients or peers, with hints about how such information is expected to be shared with others. % -- % Pekka Savola "You each name yourselves king, yet the % Netcore Oy kingdom bleeds." % Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From hank@att.net.il Fri May 23 07:29:58 2003 From: hank@att.net.il (Hank Nussbacher) Date: Fri, 23 May 2003 08:29:58 +0200 Subject: [6bone] 6bone.net down? In-Reply-To: <004101c2aa1c$5ee6b7a0$210d640a@unfix.org> References: Message-ID: <5.1.0.14.2.20030523082858.01026220@max.att.net.il> http://www.6bone.net keeps giving http 500 error. Anyone? -Hank From bob@thefinks.com Fri May 23 07:07:22 2003 From: bob@thefinks.com (Bob Fink) Date: Thu, 22 May 2003 23:07:22 -0700 Subject: [6bone] 6bone.net down? In-Reply-To: <5.1.0.14.2.20030523082858.01026220@max.att.net.il> References: <004101c2aa1c$5ee6b7a0$210d640a@unfix.org> Message-ID: <5.2.0.9.0.20030522230607.0254ddc8@mail.addr.com> At 08:29 AM 5/23/2003 +0200, Hank Nussbacher wrote: > http://www.6bone.net keeps giving http 500 error. Anyone? It's down for me too. I'll see if I can find out what's going on. Thanks, Bob From pim@ipng.nl Fri May 23 08:50:54 2003 From: pim@ipng.nl (Pim van Pelt) Date: Fri, 23 May 2003 09:50:54 +0200 Subject: [6bone] RE: [ipv6-wg@ripe.net] Update on IPv6 filter recommendation In-Reply-To: <200305221736.h4MHaLs15424@boreas.isi.edu> References: <20030522165425.A67740@Space.Net> <200305221736.h4MHaLs15424@boreas.isi.edu> Message-ID: <20030523075054.GA23049@bfib.colo.bit.nl> | recognising this as a basic feature of internetworking, one would | hope that a consistant suite of addressing guidelines would be | applicable, regardless of the state of "connectedness". This is an important point in my opinion. IPv{46} addresses are a global resource that should be distributed as such. IPv4 adresses are allocated to private networks all the time. Having a connection to the rest is of no concern (and is nowhere stated in any policy to be of any concern). IPv6 addresses will be used for much more than 'just the Internet'. It can be argued that the 2001::/16 prefix SHOULD be used for 'just the Internet', but then still I do not see the point in forcing any kind of connection to one or all other Internet citizens. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From gustavo.paredes@internet-solutions.com.co Tue May 27 16:11:58 2003 From: gustavo.paredes@internet-solutions.com.co (Gustavo Paredes) Date: Tue, 27 May 2003 10:11:58 -0500 Subject: [6bone] 6bone.net down? References: <5.1.0.14.2.20030523082858.01026220@max.att.net.il> Message-ID: <006201c32462$518d5e40$fd64a8c0@mad> Hi, every buddy, i am new about ipv6, i use OpenBSD 3.1, and have conectivity with the 6bone, the problem is that like appears after some minuts the connection with the ipv6 is broken, when i try a ping... bash-2.05a# ping6 6bone.net PING6(56=40+8+8 bytes) 3ffe:400a:ffff::1e --> 3ffe:b00:c18:1::10 16 bytes from 3ffe:b00:c18:1::10, icmp_seq=0 hlim=60 time=573.555 ms 16 bytes from 3ffe:b00:c18:1::10, icmp_seq=1 hlim=60 time=585.248 ms 16 bytes from 3ffe:b00:c18:1::10, icmp_seq=2 hlim=60 time=582.98 ms but some minuts later.... bash-2.05a# ping6 6bone.net PING6(56=40+8+8 bytes) 3ffe:400a:ffff::1e --> 3ffe:b00:c18:1::10 and only work when i reboot the machine, thanks for all the help that us can give me , and excuseme for my poor english Gustavo From Q@ping.be Fri May 30 18:35:22 2003 From: Q@ping.be (Kurt Roeckx) Date: Fri, 30 May 2003 19:35:22 +0200 Subject: [6bone] Fwd: Protocol Action: Delegation of E.F.F.3.IP6.ARPA to BCP Message-ID: <20030530173522.GA23085@ping.be> --AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline FYI. --AhhlLboLdkugWU4S Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Delivered-To: kurt.roeckx@pandora.be Received: from pop.pandora.be [195.130.132.36] by localhost with POP3 (fetchmail-5.9.4) for kurt@localhost (single-drop); Fri, 30 May 2003 19:11:31 +0200 (CEST) Received: (qmail 19390 invoked from network); 30 May 2003 17:05:08 -0000 Received: from unknown (HELO sirios.telenet-ops.be) ([195.130.132.52]) (envelope-sender ) by thanatos.telenet-ops.be (qmail-ldap-1.03) with SMTP for ; 30 May 2003 17:05:08 -0000 Received: from 127.0.0.1 (LOCALHOST [127.0.0.1]) by sirios.telenet-ops.be (Postfix) with SMTP id C0D973BE28 for ; Fri, 30 May 2003 19:05:08 +0200 (MEST) Received: from asgard.ietf.org (asgard.ietf.org [132.151.6.40]) by pan.telenet-ops.be (Postfix) with ESMTP id 4CA8C47DFA; Fri, 30 May 2003 19:05:08 +0200 (MEST) Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 19LnD3-00007O-KN for ietf-announce-list@asgard.ietf.org; Fri, 30 May 2003 12:58:29 -0400 Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 19LmuO-0006R5-RH for all-ietf@asgard.ietf.org; Fri, 30 May 2003 12:39:12 -0400 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA15679; Fri, 30 May 2003 12:39:10 -0400 (EDT) Message-Id: <200305301639.MAA15679@ietf.org> To: IETF-Announce: ; Cc: RFC Editor , Internet Architecture Board From: The IESG Subject: Protocol Action: Delegation of E.F.F.3.IP6.ARPA to BCP Date: Fri, 30 May 2003 12:39:09 -0400 Sender: owner-ietf-announce@ietf.org Precedence: bulk MIME-Version: 1.0 The IESG has approved the Internet-Draft 'Delegation of E.F.F.3.IP6.ARPA' as a BCP. This has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact persons are Thomas Narten and Erik Nordmark. Technical Summary The 6bone, whose address space was allocated by RFC 2471, has provided a network for IPv6 experimentation for numerous purposes for seven years. Up to the present time, reverse lookups for 6bone addresses in the DNS have been accomplished through IP6.INT. It is now important that the thousands of 6bone users be able to update their IPv6 software to use IP6.ARPA as defined in RFC 3152. Although the 6bone has a limited life, and a phaseout plan is being discussed at the IETF at this time, there is likely to be 2.5 to 3.5 more years of operation. During this remaining 6bone lifetime IP6.ARPA reverse lookup services for the 3ffe::/16 address space are required. This document requests that the IANA delegate the E.F.F.3.IP6.ARPA domain to the 6bone as will be described in instructions to be provided by the IAB. Working Group Summary This was not a WG document, but has been discussed on various mailing lists (e.g., 6bone, v6ops, dnsops). No issues were raised during the IETF Last Call. Protocol Quality This document has been reviewed for the IESG by Thomas Narten. --AhhlLboLdkugWU4S-- From bob@thefinks.com Sat May 31 03:46:34 2003 From: bob@thefinks.com (Bob Fink) Date: Fri, 30 May 2003 19:46:34 -0700 Subject: [6bone] Fwd: Protocol Action: Delegation of E.F.F.3.IP6.ARPA to BCP In-Reply-To: <20030530173522.GA23085@ping.be> Message-ID: <5.2.0.9.0.20030530194203.027f58c0@mail.addr.com> 6bone Folk, As you can see from the IESG announcement just circulated to the list, the draft delegating the reverse path for E.F.F.3.IP6.ARPA to the 6bone has been approved as a BCP. Now we (Randy Bush, myself and the folks that will set up the reverse path servers) are working to implement the decision approved in the BCP. So, please stay tuned for announcement of plans, but appreciate it may be a bit of delay to get details worked out. I would like to thank Randy for all his help in this effort... it has been invaluable! Thanks, Bob === >The IESG has approved the Internet-Draft 'Delegation of >E.F.F.3.IP6.ARPA' as a BCP. > >This has been reviewed in the IETF but is not the product of an IETF >Working Group. The IESG contact persons are Thomas Narten and Erik >Nordmark. > > >Technical Summary > >The 6bone, whose address space was allocated by RFC 2471, has >provided a network for IPv6 experimentation for numerous purposes >for seven years. Up to the present time, reverse lookups for 6bone >addresses in the DNS have been accomplished through IP6.INT. It is >now important that the thousands of 6bone users be able to update >their IPv6 software to use IP6.ARPA as defined in RFC 3152. > >Although the 6bone has a limited life, and a phaseout plan is being >discussed at the IETF at this time, there is likely to be 2.5 to >3.5 more years of operation. During this remaining 6bone lifetime >IP6.ARPA reverse lookup services for the 3ffe::/16 address space >are required. This document requests that the IANA delegate the >E.F.F.3.IP6.ARPA domain to the 6bone as will be described in >instructions to be provided by the IAB. > >Working Group Summary > >This was not a WG document, but has been discussed on various >mailing lists (e.g., 6bone, v6ops, dnsops). No issues were raised >during the IETF Last Call. > >Protocol Quality > >This document has been reviewed for the IESG by Thomas Narten. -end From jeroen@unfix.org Sat May 31 10:13:08 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 31 May 2003 11:13:08 +0200 Subject: [6bone] Fwd: Protocol Action: Delegation of E.F.F.3.IP6.ARPA to BCP In-Reply-To: <5.2.0.9.0.20030530194203.027f58c0@mail.addr.com> Message-ID: <000801c32754$db8553b0$210d640a@unfix.org> Bob Fink wrote: > 6bone Folk, > > As you can see from the IESG announcement just circulated to > the list, the > draft delegating the reverse path for E.F.F.3.IP6.ARPA to the > 6bone has been approved as a BCP. > > Now we (Randy Bush, myself and the folks that will set up the > reverse path servers) are working to implement the decision approved in the BCP. > > So, please stay tuned for announcement of plans, but > appreciate it may be a bit of delay to get details worked out. Could you include in the details what happens to ip6.int delegations? I know a number of 'current' platforms that solely use ip6.int and I'd rather see these platforms fail miserably when reversing and thus semi forcing them to update their code to finally use ip6.arpa. glibc (Linux) nicely first tries ip6.arpa and after that tries ip6.int. I hope this all gets sorted out quickly, an approval by the IESG is a big step in the right direction fortunatly. Greets, Jeroen From pim@ipng.nl Sat May 31 13:36:24 2003 From: pim@ipng.nl (Pim van Pelt) Date: Sat, 31 May 2003 14:36:24 +0200 Subject: [6bone] Fwd: Protocol Action: Delegation of E.F.F.3.IP6.ARPA to BCP In-Reply-To: <5.2.0.9.0.20030530194203.027f58c0@mail.addr.com> References: <20030530173522.GA23085@ping.be> <5.2.0.9.0.20030530194203.027f58c0@mail.addr.com> Message-ID: <20030531123624.GA23433@bfib.colo.bit.nl> Hoi, | Now we (Randy Bush, myself and the folks that will set up the reverse path | servers) are working to implement the decision approved in the BCP. I would actually think that the abbreviation for BCP insinuates that there is actually already something designed or even in place to solve the delegation quickly. Nevertheless, well done and good luck in the implementation. | So, please stay tuned for announcement of plans, but appreciate it may be a | bit of delay to get details worked out. Please hurry up! If there is anything I or the community can do to speed up the deployment of the 6bone .arpa space, please don't hesitate to ask. And as for Jeroen's comments -- I agree that the .int version of the tree should not be queried as soon as the pTLA holders have their .arpa tree active. Seeing as the 6BONE is the only place lagging behind in this area, can we try to be strict on when entities convert their zonefiles to the .arpa tree ? We need this to really make things work[tm]. Can we also make sure to circulate to the software engineers that the ip6.int tree will not be needed as soon as (some fixed percentage of) the pTLA holders have their DNS updated ? Can we try to kick non-responsive pTLA holders ? They'd be in violation of the RFC2772, after all. How long is a lenient, but not too long, grace period for pTLA holders to procede ? 6 months seems reasonable to me. I'd be willing to help out with the paperwork, if that's required. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From bob@thefinks.com Sat May 31 16:09:10 2003 From: bob@thefinks.com (Bob Fink) Date: Sat, 31 May 2003 08:09:10 -0700 Subject: [6bone] pTLA request by CBR-TPSA - review closes 11 June 2003 In-Reply-To: <20030529141902.GB9286@deadbeef.racing.pl> Message-ID: <5.2.0.9.0.20030531080330.027c0ea8@mail.addr.com> 6bone Folk, CBR-TPSA has requested a pTLA allocation and I find their request fully compliant with RFC2772. The open review period for this will close 11 June 2003 (earlier than usual... see below). Please send your comments to me or the list. I am doing a shorter time period on this pTLA request as I will be leaving on a 2 week vacation on the 12th of June and won't be in email contact until 1 July. Also, I won't process any more pTLA requests (there aren't many :-) until after I return from vacation. Thanks, Bob === At 04:19 PM 5/29/2003 +0200, Grzegorz.Banasiak@ipv6.cbr.tpsa.pl wrote: >Hello. > >I would like to request for pTLA 6Bone address pool. Below you may find points >from RFC 2772 addressed by us. > >=== begin === > >7. Guidelines for 6Bone pTLA sites > > The following rules apply to qualify for a 6Bone pTLA allocation. It > should be recognized that holders of 6Bone pTLA allocations are > expected to provide production quality backbone network services for > the 6Bone. > > 1. The pTLA Applicant must have a minimum of three (3) months > qualifying experience as a 6Bone end-site or pNLA transit. During > the entire qualifying period the Applicant must be operationally > providing the following: > >*** >We have been connected to the 6bone network since FEB 2003 as a leaf site. >*** > > a. Fully maintained, up to date, 6Bone Registry entries for their > ipv6-site inet6num, mntner, and person objects, including each > tunnel that the Applicant has. > >*** >ipv6-site: CBR-TPSA >origin: AS5617 >descr: Polish Telecom Research and Development Department > ul. Obrzezna 7 > 02-691 Warszawa > Poland >country: PL >prefix: 3FFE:8320:16::/48 >application: ping gw.ipv6.cbr.tpsa.pl >tunnel: IPv6 in IPv4 gw.ipv6.cbr.tpsa.pl -> ipv6-gw.man.poznan.pl >POZMAN BGP4+ >contact: GB3-6BONE >contact: AS24-6BONE >url: http://www.ipv6.cbr.tpsa.pl >notify: netadmin@ipv6.cbr.tpsa.pl >mnt-by: CBR-TPSA-MNT >changed: Grzegorz.Banasiak@telekomunikacja.pl 20030203 >changed: Grzegorz.Banasiak@telekomunikacja.pl 20030513 >changed: Grzegorz.Banasiak@telekomunikacja.pl 20030526 >source: 6BONE >*** > > b. Fully maintained, and reliable, BGP4+ peering and connectivity > between the Applicant's boundary router and the appropriate > connection point into the 6Bone. This router must be IPv6 > pingable. This criteria is judged by members of the 6Bone > Operations Group at the time of the Applicant's pTLA request. > >*** >pimpek7500#sh ipv6 int >Tunnel0 is up, line protocol is up > IPv6 is enabled, link-local address is FE80::D960:46C6 > Global unicast address(es): > 3FFE:8320:1::89, subnet is 3FFE:8320:1::88/127 >[..] >pimpek7500#sh bgp ipv6 sum >BGP router identifier 217.96.70.198, local AS number 5617 >BGP table version is 59022, main routing table version 59022 >307 network entries and 307 paths using 60479 bytes of memory >268 BGP path attribute entries using 16080 bytes of memory >262 BGP AS-PATH entries using 6660 bytes of memory >1 BGP community entries using 24 bytes of memory >0 BGP route-map cache entries using 0 bytes of memory >0 BGP filter-list cache entries using 0 bytes of memory >BGP activity 18969/24163 prefixes, 22691/22384 paths, scan interval 60 secs > >Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down >State/PfxRcd >3FFE:8320:1::88 4 9112 132605 65806 59022 0 0 13:24:25 306 >*** > > c. Fully maintained DNS forward (AAAA) and reverse (ip6.int) > entries for the Applicant's router(s) and at least one host > system. > >*** >Primary NS for domain ipv6.cbr.tpsa.pl has been configured on 217.96.70.197 >(dns.ipv6.cbr.tpsa.pl): > >@ IN SOA dns.ipv6.cbr.tpsa.pl. root.dns.ipv6.cbr.tpsa.pl. ( >[..] > IN AAAA 3ffe:8320:16:: >dns IN AAAA 3ffe:8320:16:dead::2 >www IN AAAA 3ffe:8320:16:dead::2 >inferno IN AAAA 3ffe:8320:16:abba::2 >gw IN AAAA 3ffe:8320:16:: >gw IN AAAA 3ffe:8320:16::1 >gw IN AAAA 3ffe:8320:16:dead::1 > >Primary NS for reverse domain 6.1.0.0.0.2.3.8.e.f.f.3.ip6.int has also been >configured on dns.ipv6.cbr.tpsa.pl: > >1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.a.e.d IN PTR gw.ipv6.cbr.tpsa.pl. >2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.a.e.d IN PTR dns.ipv6.cbr.tpsa.pl. >2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.b.a IN PTR inferno.ipv6.cbr.tpsa.pl. >*** > > d. A fully maintained, and reliable, IPv6-accessible system > providing, at a mimimum, one or more web pages, describing the > Applicant's IPv6 services. This server must be IPv6 pingable. > >*** >www.ipv6.cbr.tpsa.pl (both IPv4 and IPv6) >*** > > 2. The pTLA Applicant MUST have the ability and intent to provide > "production-quality" 6Bone backbone service. Applicants must > provide a statement and information in support of this claim. > This MUST include the following: > > a. A support staff of two persons minimum, three preferable, with > person attributes registered for each in the ipv6-site object > for the pTLA applicant. > >*** >2 members of IPv6 project staff: >- Grzegorz Banasiak, GB3-6BONE, Grzegorz.Banasiak@ipv6.cbr.tpsa.pl >- Adam Szymajda, AS24-6BONE, Adam.Szymajda@ipv6.cbr.tpsa.pl >*** > > b. A common mailbox for support contact purposes that all support > staff have acess to, pointed to with a notify attribute in the > ipv6-site object for the pTLA Applicant. > >*** >notify: netadmin@ipv6.cbr.tpsa.pl >*** > > 3. The pTLA Applicant MUST have a potential "user community" that > would be served by its becoming a pTLA, e.g., the Applicant is a > major provider of Internet service in a region, country, or focus > of interest. Applicant must provide a statement and information in > support this claim. > >*** >Adequate statement has been put on our webpage: > >[..] >Polish Telecom (polish acronym TP - Telekomunikacja Polska) is the national >operator carrying the majority of both voice and data traffic in Poland. >PSTN network serves the needs of over 10 mln subscribers (of 40 mln of the >overall population) and TP group member PTK Centertel - over 4 mln of >mobile users. TP data network (POLPAK) includes a modern IP backbone >consisting of MPLS-capable routers located at all major cities and >connected with 2.5Gbps optical links. >[..] > >We are the leading ISP in Poland with a considerable "user community". At >some point in the future we will definately introduce IPv6 protocol for our >wired or wireless customers. >*** > > 4. The pTLA Applicant MUST commit to abide by the current 6Bone > operational rules and policies as they exist at time of its > application, and agree to abide by future 6Bone backbone > operational rules and policies as they evolve by consensus of the > 6Bone backbone and user community. > >*** >We agree to abide with the current and the future 6Bone operational rules >and policies. >*** > > When an Applicant seeks to receive a pTLA allocation, it will apply > to the 6Bone Operations Group (see section 8 below) by providing to > the Group information in support of its claims that it meets the > criteria above. > >8. 6Bone Operations Group > > The 6Bone Operations Group is the group in charge of monitoring and > policing adherence to the current rules. Membership in the 6Bone > Operations Group is mandatory for, and restricted to, sites connected > to the 6Bone. > > The 6Bone Operations Group is currently defined by those members of > the existing 6Bone mailing list who represent sites participating in > the 6Bone. Therefore it is incumbent on relevant site contacts to > join the 6Bone mailing list. Instructions on how to join the list are > maintained on the 6Bone web site at < http://www.6bone.net>. > >=== end === > >-- >Grzegorz Banasiak