From jeroen@unfix.org Sat Oct 11 01:16:06 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 11 Oct 2003 02:16:06 +0200 Subject: [6bone] Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no working contacts... Message-ID: <032e01c38f8c$de1c5ce0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Checking http://www.sixxs.net/tools/grh/lg/?show=bogons&find=::/0 People might want to filter on private ASN's also when that ASN is being used as "transit"... 2001:a40::/32 AS64702 is reserved (path: 15516 3257 2497 4697 2914 10109 4538 4787 64702 20646 8763 5539 1930 9186) Ghost Route (14/12) 3ffe:3500::/24 3ffe:4005:fefe:: 25396 1752 10109 4538 4787 64702 20646 8319 We still have these 6to4 specifics btw: 2002:c2b1:d06e::/48 More specific 6to4 prefix (194.177.208.110/32) from AS5408 2002:c8a2::/33 More specific 6to4 prefix (200.162.0.0/17) from AS15180 2002:c8c6:4000::/34 More specific 6to4 prefix (200.198.64.0/18) from AS15180 2002:c8ca:7000::/36 More specific 6to4 prefix (200.202.112.0/20) from AS15180 And nopes, no contact has been made yet, apparently having your email address listed in the registry frees you of any obligations... Another funny one: 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN, should be 4555 (now: 29216) While there also is an announcement for: 2001:7fe::/32 I-rootserver-net-20030916 The ghosts of this month: 3ffe:1f00::/24 3ffe:2400::/24 Both with "10318 5623" common in their paths, obvious isn't it ? Oh and yes, still no contact from anybody at nortel, apparently that company doesn't know what IPv6 is. AS10318 (check above also) is still announcing *their* block and still haven't made any comment or reply back whatsoever. AS10318 have their own pTLA but apparently are not contactable for that pTLA either. If anybody knows someone alive for 3ffe:1300::/24 or AS762 or AS10318 please notify them. Maybe posting to nanog raises some people from sleep. Mailing the whois contacts directly doesn't help apparently. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP4dLximqKFIzPnwjEQKluACglQJ+2QtJZ6O2fJZShwxLe0Z6Fz8AnRym p0Clq/HyC9EoC/RsaYudqZey =XBo4 -----END PGP SIGNATURE----- From bmanning@ISI.EDU Sat Oct 11 04:08:12 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 10 Oct 2003 20:08:12 -0700 (PDT) Subject: [6bone] Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no working contacts... In-Reply-To: <032e01c38f8c$de1c5ce0$210d640a@unfix.org> from Jeroen Massar at "Oct 11, 3 02:16:06 am" Message-ID: <200310110308.h9B38CY13623@boreas.isi.edu> % Another funny one: % 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN, % should be 4555 (now: 29216) welcome to more root server testing w/ IPv6. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From jeroen@unfix.org Sat Oct 11 11:50:06 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 11 Oct 2003 12:50:06 +0200 Subject: [6bone] Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no working contacts... In-Reply-To: <200310110308.h9B38CY13623@boreas.isi.edu> Message-ID: <00c301c38fe5$6f9d7a20$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Manning [mailto:bmanning@ISI.EDU] wrote: > % Another funny one: > % 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN, > % should be 4555 (now: 29216) > > welcome to more root server testing w/ IPv6. I don't mind that at all, I'd rather see them sticking AAAA's into the glue :), but I do wonder why they are not using the RIPE space they got assigned and which is being announced. 2001:7fe::/32 is for I-rootserver-net-20030916 got assigned on 2003-09-16 and was to be seen since 2003-09-17 02:51:14. This "new" 6bone can be seen since yesterday, thus there is to wonder for what purpose. There is no difference between 6bone and RIR space, unless they want to make a sign that the '6bone is not production'... Also these are the current paths: 3ffe:3::/32 8447 1853 786 109 109 4555 29216 IGP 3ffe:3::/32 1213 3549 6939 109 4555 29216 IGP 3ffe:3::/32 12779 3549 6939 109 4555 29216 IGP 3ffe:3::/32 > 6939 109 4555 29216 IGP 2001:7fe::/32 has the same "issue": 2001:7fe::/32 8954 4555 29216 2001:7fe::/32 12779 6175 4555 29216 2001:7fe::/32 15516 3257 2497 6939 109 4555 29216 As Cisco (109) and EP.Net are US based I wonder if Stockholm suddenly moved to the US :) That last one as from "Stockholm" -> US -> Japan -> Denmark... If they really want to test then use some native european connectivity, there is a *lot* of that over here. And if they can't get native, please tunnel to a *local* ISP and not to something in the US, see "Minimal IPv6 Peering": http://ip6.de.easynet.net/ipv6-minimum-peering.txt K has a RIPE delegation too, but that has not been seen (yet :) But I heared good stories about work being done on that. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP4fgXimqKFIzPnwjEQJl1ACcD2aK8TGQU/YD04sZsFuMQoMSex8AoLcH 7aO9jplhb76T11d5hALTf6BD =gyub -----END PGP SIGNATURE----- From Daniel Austin" Message-ID: <04bb01c38ff2$d1462a80$1700a8c0@DANDELL> Hi, > > welcome to more root server testing w/ IPv6. > > 2001:7fe::/32 has the same "issue": > 2001:7fe::/32 8954 4555 29216 > 2001:7fe::/32 12779 6175 4555 29216 > 2001:7fe::/32 15516 3257 2497 6939 109 4555 29216 > > As Cisco (109) and EP.Net are US based I wonder if > Stockholm suddenly moved to the US :) > That last one as from "Stockholm" -> US -> Japan -> Denmark... > If they really want to test then use some native european > connectivity, there is a *lot* of that over here. > And if they can't get native, please tunnel to a *local* > ISP and not to something in the US, see "Minimal IPv6 Peering": > http://ip6.de.easynet.net/ipv6-minimum-peering.txt If they're reading this, we're happy to setup a tunnel from our London NOC. We've got some good native connectivity in london (including native over to amsterdam) - ipv6@kewlio.net if they require it. Hopefully they'll be able to find some native link closer to home though. With Thanks, Daniel Austin, Managing Director, Kewlio.net Limited. From bmanning@ISI.EDU Sat Oct 11 15:30:56 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sat, 11 Oct 2003 07:30:56 -0700 (PDT) Subject: [6bone] Reserved ASN 64702, 6to4, 2 ghosts, other oddities and still no working contacts... In-Reply-To: <00c301c38fe5$6f9d7a20$210d640a@unfix.org> from Jeroen Massar at "Oct 11, 3 12:50:06 pm" Message-ID: <200310111430.h9BEUuK03264@boreas.isi.edu> [Internal error while calling pgp, raw data follows] % -----BEGIN PGP SIGNED MESSAGE----- % % Bill Manning [mailto:bmanning@ISI.EDU] wrote: % % > % Another funny one: % > % 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN, % > % should be 4555 (now: 29216) % > % > welcome to more root server testing w/ IPv6. % % I don't mind that at all, I'd rather see them sticking AAAA's % into the glue :), but I do wonder why they are not using the % RIPE space they got assigned and which is being announced. they are, for the production service. this is for experimental activities. % % 2001:7fe::/32 is for I-rootserver-net-20030916 got assigned on % 2003-09-16 and was to be seen since 2003-09-17 02:51:14. % This "new" 6bone can be seen since yesterday, thus there is to % wonder for what purpose. There is no difference between 6bone % and RIR space, unless they want to make a sign that the % '6bone is not production'... bing! the 3ffe:: entries are for experimental services -only- while the 2001:: will eventually be production services. and the test are -not- primarly about connectivity. % % Also these are the current paths: % % 3ffe:3::/32 8447 1853 786 109 109 4555 29216 IGP % 3ffe:3::/32 1213 3549 6939 109 4555 29216 IGP % 3ffe:3::/32 12779 3549 6939 109 4555 29216 IGP % 3ffe:3::/32 > 6939 109 4555 29216 IGP % % 2001:7fe::/32 has the same "issue": % 2001:7fe::/32 8954 4555 29216 % 2001:7fe::/32 12779 6175 4555 29216 % 2001:7fe::/32 15516 3257 2497 6939 109 4555 29216 % % As Cisco (109) and EP.Net are US based I wonder if % Stockholm suddenly moved to the US :) % That last one as from "Stockholm" -> US -> Japan -> Denmark... % If they really want to test then use some native european % connectivity, there is a *lot* of that over here. % And if they can't get native, please tunnel to a *local* % ISP and not to something in the US, see "Minimal IPv6 Peering": % http://ip6.de.easynet.net/ipv6-minimum-peering.txt % % K has a RIPE delegation too, but that has not been seen (yet :) % But I heared good stories about work being done on that. % % Greets, % Jeroen % % -----BEGIN PGP SIGNATURE----- % Version: Unfix PGP for Outlook Alpha 13 Int. % Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ % % iQA/AwUBP4fgXimqKFIzPnwjEQJl1ACcD2aK8TGQU/YD04sZsFuMQoMSex8AoLcH % 7aO9jplhb76T11d5hALTf6BD % =gyub % -----END PGP SIGNATURE----- % [End of raw data] -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From jeroen@unfix.org Mon Oct 13 22:36:28 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 13 Oct 2003 23:36:28 +0200 Subject: [6bone] Reserved ASN 64702, 6to4, 2 ghosts, other oddities andstill no working contacts... In-Reply-To: <1066072815.31395.155.camel@wisepoint.hpcf.upr.edu> Message-ID: <003001c391d2$0fe71cf0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- William Caban [mailto:william@hpcf.upr.edu] wrote: > On Sat, 2003-10-11 at 10:30, Bill Manning wrote: > > bing! the 3ffe:: entries are for experimental services -only- > > while the 2001:: will eventually be production services. > > and the test are -not- primarly about connectivity. > > Last time I checked on this 3ffe:: was not "tagged" as for "experimental > services only". I have asked this to people working with IPv6 and > haven't received any reply confirming it, only replies > staying that it hasn't been decided. > > Is it now? Please let me know. > > (I will hate to do a deployment of 3ffe:: and 2001:: networks and then > after some time tell the users sorry we are not routing 3ffe:: anymore > since it was experimental only. I prefer telling them from the very > first time.) 6bone is "IPv6 Testing"*, so it can be production quality, but it can also break. But I think that mostly depends on the people using the space and what they are using the space for, some use it to run 'production'. Also see the following, as 6bone *will* go away per 2006/6/6 :) http://www.ietf.org/internet-drafts/draft-fink-6bone-phaseout-04.txt So, yes, you will have to tell the users that you are not routing 3ffe::/16 anymore. But nothing prohibits one to use RIR space as experimental btw which is why I wondered why 2 prefixes are being used by the I root. Greets, Jeroen * = http://www.6bone.net/about_6bone.html "The 6bone is an IPv6 Testbed that is an outgrowth of the IETF IPng project that created the IPv6 protocols intended to eventually replace the current Internet network layer protocols known as IPv4." "The 6bone operates under the IPv6 Testing Address Allocation (see RFC 2471)." -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP4sa2ymqKFIzPnwjEQKsLgCdEJFBZnj8Xu6YrV6bYFl5+ay7+gUAn3IW fFN5GkHoepjVqpHUhP7wi0TI =JM9f -----END PGP SIGNATURE----- From jeroen@unfix.org Mon Oct 13 22:53:10 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 13 Oct 2003 23:53:10 +0200 Subject: [6bone] Reserved ASN 64702, 6to4, 2 ghosts, other oddities and In-Reply-To: <200310132120.h9DLKpv01127@karoshi.com> Message-ID: <001601c391d4$65339740$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- bmanning@karoshi.com [mailto:bmanning@karoshi.com] wrote: > Your choice. Note carefully that the 6bone database is prone > to corruption. The nice folks @ online.org.ua did this: > inet6num: 3FFE::/24 > netname: ONLINE > descr: IPv6 Network of online.org.ua > country: UA > admin-c: EAG-6BONE > tech-c: EAG-6BONE > notify: admin@online.org.ua > mnt-by: ONLINE-MNT > changed: admin@online.org.ua 20030628 > source: 6BONE And that and many other such thing have still not been cleansed unfortunatly. If wanted it can be done, it would require modifications in the server software for sporting mnt-by and mnt-lower for convienience though. And next to that a lot of cleaning... I still volunteer for helping out there btw. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP4seximqKFIzPnwjEQKCJgCfSzwFaUFhRHU4CNLhzDphuPm5vusAoJoJ bvdCczFh2bWRfJT5vlEInEb5 =ZadJ -----END PGP SIGNATURE----- From robson.oliveira@ipv6dobrasil.com.br Tue Oct 21 19:40:58 2003 From: robson.oliveira@ipv6dobrasil.com.br (Robson Oliveira) Date: Tue, 21 Oct 2003 16:40:58 -0200 Subject: [6bone] IPv6 DNS ready with A6 and IP6.ARPA Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_003F_01C397F2.1AC00EE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi all, Please, are there any DNS server running/using the IPv6 records A6 and IP6.ARPA connected at 6BONE network? I'd like to know if are there any tool to manager the DNS sections? Could we prevent some mistakes with this scenery? QCLASS=IN, RFC2874 SECTION 5.1.1 $ORIGIN X.EXAMPLE N A6 64 ::1234:5678:9ABC:DEF0 SUBNET-1.IP6... Should be there in this example the IN class or not? Cheers, Robson Oliveira *********************** Brazil Global IPv6 Summit 2004 1st Latin American IPv6 event ------=_NextPart_000_003F_01C397F2.1AC00EE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi=20 all,
 
Please, are there=20 any DNS server running/using the IPv6 records A6 and IP6.ARPA connected = at 6BONE=20 network?
I'd = like to know=20 if are there any tool to manager the DNS sections? Could we prevent = some=20 mistakes with this scenery?
 
QCLASS=3DIN,=20
 
RFC2874 SECTION=20 5.1.1
 
$ORIGIN=20 X.EXAMPLE
N     <IN>=20       A6  64   =20 ::1234:5678:9ABC:DEF0    = SUBNET-1.IP6...
 
 
Should be there in this example the = IN class or=20 not?
 
Cheers,
Robson=20 Oliveira
***********************
Brazil Global IPv6=20 Summit 2004
1st Latin=20 American IPv6 event
------=_NextPart_000_003F_01C397F2.1AC00EE0-- From bmanning@ISI.EDU Tue Oct 21 19:56:33 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Tue, 21 Oct 2003 11:56:33 -0700 (PDT) Subject: [6bone] IPv6 DNS ready with A6 and IP6.ARPA In-Reply-To: from Robson Oliveira at "Oct 21, 3 04:40:58 pm" Message-ID: <200310211856.h9LIuXC24217@boreas.isi.edu> the A6 record type has been moved from standards track to experimental, with the latest BIND versions removing support for this RR type. that said, the IP6.ARPA tree nearly replicates the ip6.int tree. for native IPv6 resolution, you may wish to consult/use the servers found in the IPv6/DNSsec testbed, www.rs.net % Hi all, % % Please, are there any DNS server running/using the IPv6 records A6 and % IP6.ARPA connected at 6BONE network? % I'd like to know if are there any tool to manager the DNS sections? Could we % prevent some mistakes with this scenery? % % QCLASS=IN, % % RFC2874 SECTION 5.1.1 % % $ORIGIN X.EXAMPLE % N A6 64 ::1234:5678:9ABC:DEF0 SUBNET-1.IP6... % % % Should be there in this example the IN class or not? % % Cheers, % Robson Oliveira % *********************** % Brazil Global IPv6 Summit 2004 % 1st Latin American IPv6 event -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From robson.oliveira@ipv6dobrasil.com.br Tue Oct 21 20:43:57 2003 From: robson.oliveira@ipv6dobrasil.com.br (Robson Oliveira) Date: Tue, 21 Oct 2003 17:43:57 -0200 Subject: [6bone] IPv6 DNS ready with A6 and IP6.ARPA In-Reply-To: <200310211856.h9LIuXC24217@boreas.isi.edu> Message-ID: Bill, Thank you for your support. Cheers, Robson -----Original Message----- From: Bill Manning [mailto:bmanning@ISI.EDU] Sent: Tuesday, October 21, 2003 4:57 PM To: Robson Oliveira Cc: 6bone@ISI.EDU Subject: Re: [6bone] IPv6 DNS ready with A6 and IP6.ARPA the A6 record type has been moved from standards track to experimental, with the latest BIND versions removing support for this RR type. that said, the IP6.ARPA tree nearly replicates the ip6.int tree. for native IPv6 resolution, you may wish to consult/use the servers found in the IPv6/DNSsec testbed, www.rs.net % Hi all, % % Please, are there any DNS server running/using the IPv6 records A6 and % IP6.ARPA connected at 6BONE network? % I'd like to know if are there any tool to manager the DNS sections? Could we % prevent some mistakes with this scenery? % % QCLASS=IN, % % RFC2874 SECTION 5.1.1 % % $ORIGIN X.EXAMPLE % N A6 64 ::1234:5678:9ABC:DEF0 SUBNET-1.IP6... % % % Should be there in this example the IN class or not? % % Cheers, % Robson Oliveira % *********************** % Brazil Global IPv6 Summit 2004 % 1st Latin American IPv6 event -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From ktso@cuhk.edu.hk Thu Oct 23 10:50:32 2003 From: ktso@cuhk.edu.hk (ktso@cuhk.edu.hk) Date: Thu, 23 Oct 2003 17:50:32 +0800 Subject: [6bone] Is minimum allocation /64 now? Message-ID: <20031023175032.A18200@saga.itsc.cuhk.edu.hk> Dear all, I am sorry that I am a little bit outdated. I notice that min allocation of address space is /48 instead of /64 in the past for IXes. I have also read some old messages that /64 is used because of automatic configuration. But then how about P2P? Is there a practice to use a /64 or /127 for P2P link? Will it break something if I use prefix longer than /64? Thanks for your advice. Regards, So K T, CUHK From ktso@cuhk.edu.hk Thu Oct 23 11:21:29 2003 From: ktso@cuhk.edu.hk (ktso@cuhk.edu.hk) Date: Thu, 23 Oct 2003 18:21:29 +0800 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031023175032.A18200@saga.itsc.cuhk.edu.hk>; from ipv6@cuhk.edu.hk on Thu, Oct 23, 2003 at 05:50:32PM +0800 References: <20031023175032.A18200@saga.itsc.cuhk.edu.hk> Message-ID: <20031023182129.B18200@saga.itsc.cuhk.edu.hk> I am sorry that I should describe my question more clearly. Current min allocation for IX is /48, so it is assuming that each P2P use one /64. Previous min allocation for IX is /64, so it is assuming that each P2P may use /127 or something longer than /64. So, that mean the min allocation for a subnet is now /64. Then, back to the question. > I have > also read some old messages that /64 is used because of automatic > configuration. But then how about P2P? Is there a practice to use a > /64 or /127 for P2P link? Will it break something if I use prefix > longer than /64? Thanks for your advice. Regards, So K T, CUHK On Thu, Oct 23, 2003 at 05:50:32PM +0800, ipv6@cuhk.edu.hk wrote: > Dear all, > > I am sorry that I am a little bit outdated. I notice that min allocation > of address space is /48 instead of /64 in the past for IXes. I have > also read some old messages that /64 is used because of automatic > configuration. But then how about P2P? Is there a practice to use a > /64 or /127 for P2P link? Will it break something if I use prefix > longer than /64? Thanks for your advice. > > Regards, > So K T, CUHK > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From jeroen@unfix.org Thu Oct 23 12:36:55 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Thu, 23 Oct 2003 13:36:55 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031023175032.A18200@saga.itsc.cuhk.edu.hk> Message-ID: <005501c39959$f68adaa0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- ipv6@cuhk.edu.hk wrote: > I am sorry that I am a little bit outdated. I notice that > min allocation > of address space is /48 instead of /64 in the past for IXes. I have > also read some old messages that /64 is used because of automatic > configuration. A /48 is per site, if this site is an IX or an end-user or a big university. /48's are the minimum for every place where there is a possibility that there is more than one subnet, now or in the future. Note that bigger entities can ofcourse request more than a /48, I'd suggest to pass out a /40 in those cases. If you are absolutely sure that there will only be one subnet on a certain place you could ofcourse allocate a /64. But why bother? There is enough space and it would only cost you more verifications. What if there suddenly is a second, then they have to renumber, now they won't ever unless they swap ISP's where to also will get a /48. > But then how about P2P? Is there a practice to use a > /64 or /127 for P2P link? Will it break something if I use prefix > longer than /64? Thanks for your advice. Use a /64 for a P2P link it is, as it implies in the name a link. You could for example use 1 /48 and allocate 65535 P2P links from that single /48. Keeping it a nice and clean design. And that is only 1 /48 from the /32 you receive by default, if you need more then request more. /127's are bad and go wrong with the anycast address. We noticed that quite well when Linux 2.4.21 came out and people started complaining that their endpoints didn't ping ;) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5e9VymqKFIzPnwjEQLpmgCghsdpp4VToIo7D2L3EDNYrWuA10EAoKGg vcivOmtSqT3qfLh6N1H3j/ex =hUT/ -----END PGP SIGNATURE----- From pekkas@netcore.fi Thu Oct 23 13:20:57 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Thu, 23 Oct 2003 15:20:57 +0300 (EEST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031023175032.A18200@saga.itsc.cuhk.edu.hk> Message-ID: On Thu, 23 Oct 2003 ipv6@cuhk.edu.hk wrote: > I am sorry that I am a little bit outdated. I notice that min allocation > of address space is /48 instead of /64 in the past for IXes. I have > also read some old messages that /64 is used because of automatic > configuration. But then how about P2P? Is there a practice to use a > /64 or /127 for P2P link? Will it break something if I use prefix > longer than /64? Thanks for your advice. As for P2P links (between routers, I take you mean).. Don't use /127, but anything between that and /64 is operationally fine. Architecturally one should use /64. We use /112's ourselves. Read RFC 3627 for more. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jonathan@ntg.com Thu Oct 23 14:15:35 2003 From: jonathan@ntg.com (Jonathan Upperman) Date: Thu, 23 Oct 2003 08:15:35 -0500 Subject: [6bone] RE: 6bone digest, Vol 1 #408 - 2 msgs Message-ID: <2B707530E07B7C4CBAB092C32BCBB52204EE0A@ntg28.ntgnt.ntg.com> This is a multi-part message in MIME format. ------_=_NextPart_001_01C39967.E7B59A8D Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSByZW1lbWJlcmVkIHRoYXQgeW91IG1lbnRpb25lZCBJUHY2IGF0IGx1bmNoLi4uICBJIGFtIG9u IHRoZSA2Ym9uZSdzIG1haWxpbmcgbGlzdCBhbmQgaWYgeW91J3JlIGludGVyZXN0ZWQgaW4gSVB2 NiB5b3UgbWF5IHdhbnQgdG8gY2hlY2sgaXQgb3V0Li4uDQoNCkpvbmF0aGFuIFVwcGVybWFuDQpO ZXR3b3JrIEVuZ2luZWVyDQpOVEcgLSBOZXR3b3JrIFRlY2hub2xvZ3kgR3JvdXANCg0KDQoNCg0K LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IDZib25lLWFkbWluQG1haWxtYW4uaXNp LmVkdSBvbiBiZWhhbGYgb2YgNmJvbmUtcmVxdWVzdEBtYWlsbWFuLmlzaS5lZHUNClNlbnQ6IFdl ZCAxMC8yMi8yMDAzIDI6MDUgUE0NClRvOiA2Ym9uZUBtYWlsbWFuLmlzaS5lZHUNClN1YmplY3Q6 IDZib25lIGRpZ2VzdCwgVm9sIDEgIzQwOCAtIDIgbXNncw0KIA0KU2VuZCA2Ym9uZSBtYWlsaW5n IGxpc3Qgc3VibWlzc2lvbnMgdG8NCgk2Ym9uZUBtYWlsbWFuLmlzaS5lZHUNCg0KVG8gc3Vic2Ny aWJlIG9yIHVuc3Vic2NyaWJlIHZpYSB0aGUgV29ybGQgV2lkZSBXZWIsIHZpc2l0DQoJaHR0cDov L21haWxtYW4uaXNpLmVkdS9tYWlsbWFuL2xpc3RpbmZvLzZib25lDQpvciwgdmlhIGVtYWlsLCBz ZW5kIGEgbWVzc2FnZSB3aXRoIHN1YmplY3Qgb3IgYm9keSAnaGVscCcgdG8NCgk2Ym9uZS1yZXF1 ZXN0QG1haWxtYW4uaXNpLmVkdQ0KDQpZb3UgY2FuIHJlYWNoIHRoZSBwZXJzb24gbWFuYWdpbmcg dGhlIGxpc3QgYXQNCgk2Ym9uZS1hZG1pbkBtYWlsbWFuLmlzaS5lZHUNCg0KV2hlbiByZXBseWlu ZywgcGxlYXNlIGVkaXQgeW91ciBTdWJqZWN0IGxpbmUgc28gaXQgaXMgbW9yZSBzcGVjaWZpYw0K dGhhbiAiUmU6IENvbnRlbnRzIG9mIDZib25lIGRpZ2VzdC4uLiINCg0KDQpUb2RheSdzIFRvcGlj czoNCg0KICAgMS4gUmU6IElQdjYgRE5TIHJlYWR5IHdpdGggQTYgYW5kIElQNi5BUlBBIChCaWxs IE1hbm5pbmcpDQogICAyLiBSRTogSVB2NiBETlMgcmVhZHkgd2l0aCBBNiBhbmQgSVA2LkFSUEEg KFJvYnNvbiBPbGl2ZWlyYSkNCg0KLS1fXy0tX18tLQ0KDQpNZXNzYWdlOiAxDQpGcm9tOiBCaWxs IE1hbm5pbmcgPGJtYW5uaW5nQElTSS5FRFU+DQpTdWJqZWN0OiBSZTogWzZib25lXSBJUHY2IERO UyByZWFkeSB3aXRoIEE2IGFuZCBJUDYuQVJQQQ0KVG86IHJvYnNvbi5vbGl2ZWlyYUBpcHY2ZG9i cmFzaWwuY29tLmJyIChSb2Jzb24gT2xpdmVpcmEpDQpEYXRlOiBUdWUsIDIxIE9jdCAyMDAzIDEx OjU2OjMzIC0wNzAwIChQRFQpDQpDYzogNmJvbmVASVNJLkVEVQ0KDQogdGhlIEE2IHJlY29yZCB0 eXBlIGhhcyBiZWVuIG1vdmVkIGZyb20gc3RhbmRhcmRzIHRyYWNrIHRvIGV4cGVyaW1lbnRhbCwN CiB3aXRoIHRoZSBsYXRlc3QgQklORCB2ZXJzaW9ucyByZW1vdmluZyBzdXBwb3J0IGZvciB0aGlz IFJSIHR5cGUuDQoNCiB0aGF0IHNhaWQsIHRoZSBJUDYuQVJQQSB0cmVlIG5lYXJseSByZXBsaWNh dGVzIHRoZSBpcDYuaW50IHRyZWUuDQoNCiBmb3IgbmF0aXZlIElQdjYgcmVzb2x1dGlvbiwgeW91 IG1heSB3aXNoIHRvIGNvbnN1bHQvdXNlIHRoZSANCiBzZXJ2ZXJzIGZvdW5kIGluIHRoZSBJUHY2 L0ROU3NlYyB0ZXN0YmVkLCAgIHd3dy5ycy5uZXQNCg0KDQoNCg0KJSBIaSBhbGwsDQolIA0KJSBQ bGVhc2UsIGFyZSB0aGVyZSBhbnkgRE5TIHNlcnZlciBydW5uaW5nL3VzaW5nIHRoZSBJUHY2IHJl Y29yZHMgQTYgYW5kDQolIElQNi5BUlBBIGNvbm5lY3RlZCBhdCA2Qk9ORSBuZXR3b3JrPw0KJSBJ J2QgbGlrZSB0byBrbm93IGlmIGFyZSB0aGVyZSBhbnkgdG9vbCB0byBtYW5hZ2VyIHRoZSBETlMg c2VjdGlvbnM/IENvdWxkIHdlDQolIHByZXZlbnQgc29tZSBtaXN0YWtlcyB3aXRoIHRoaXMgc2Nl bmVyeT8NCiUgDQolIFFDTEFTUz1JTiwNCiUgDQolIFJGQzI4NzQgU0VDVElPTiA1LjEuMQ0KJSAN CiUgJE9SSUdJTiBYLkVYQU1QTEUNCiUgTiAgICAgPElOPiAgICAgICBBNiAgNjQgICAgOjoxMjM0 OjU2Nzg6OUFCQzpERUYwICAgIFNVQk5FVC0xLklQNi4uLg0KJSANCiUgDQolIFNob3VsZCBiZSB0 aGVyZSBpbiB0aGlzIGV4YW1wbGUgdGhlIElOIGNsYXNzIG9yIG5vdD8NCiUgDQolIENoZWVycywN CiUgUm9ic29uIE9saXZlaXJhDQolICoqKioqKioqKioqKioqKioqKioqKioqDQolIEJyYXppbCBH bG9iYWwgSVB2NiBTdW1taXQgMjAwNA0KJSAxc3QgTGF0aW4gQW1lcmljYW4gSVB2NiBldmVudA0K DQoNCi0tIA0KLS1iaWxsDQoNCk9waW5pb25zIGV4cHJlc3NlZCBtYXkgbm90IGV2ZW4gYmUgbWlu ZSBieSB0aGUgdGltZSB5b3UgcmVhZCB0aGVtLCBhbmQNCmNlcnRhaW5seSBkb24ndCByZWZsZWN0 IHRob3NlIG9mIGFueSBvdGhlciBlbnRpdHkgKGxlZ2FsIG9yIG90aGVyd2lzZSkuDQoNCg0KLS1f Xy0tX18tLQ0KDQpNZXNzYWdlOiAyDQpGcm9tOiAiUm9ic29uIE9saXZlaXJhIiA8cm9ic29uLm9s aXZlaXJhQGlwdjZkb2JyYXNpbC5jb20uYnI+DQpUbzogIkJpbGwgTWFubmluZyIgPGJtYW5uaW5n QElTSS5FRFU+DQpDYzogPDZib25lQElTSS5FRFU+DQpTdWJqZWN0OiBSRTogWzZib25lXSBJUHY2 IEROUyByZWFkeSB3aXRoIEE2IGFuZCBJUDYuQVJQQQ0KRGF0ZTogVHVlLCAyMSBPY3QgMjAwMyAx Nzo0Mzo1NyAtMDIwMA0KDQpCaWxsLA0KDQpUaGFuayB5b3UgZm9yIHlvdXIgc3VwcG9ydC4NCg0K Q2hlZXJzLA0KUm9ic29uDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBCaWxs IE1hbm5pbmcgW21haWx0bzpibWFubmluZ0BJU0kuRURVXQ0KU2VudDogVHVlc2RheSwgT2N0b2Jl ciAyMSwgMjAwMyA0OjU3IFBNDQpUbzogUm9ic29uIE9saXZlaXJhDQpDYzogNmJvbmVASVNJLkVE VQ0KU3ViamVjdDogUmU6IFs2Ym9uZV0gSVB2NiBETlMgcmVhZHkgd2l0aCBBNiBhbmQgSVA2LkFS UEENCg0KDQogdGhlIEE2IHJlY29yZCB0eXBlIGhhcyBiZWVuIG1vdmVkIGZyb20gc3RhbmRhcmRz IHRyYWNrIHRvIGV4cGVyaW1lbnRhbCwNCiB3aXRoIHRoZSBsYXRlc3QgQklORCB2ZXJzaW9ucyBy ZW1vdmluZyBzdXBwb3J0IGZvciB0aGlzIFJSIHR5cGUuDQoNCiB0aGF0IHNhaWQsIHRoZSBJUDYu QVJQQSB0cmVlIG5lYXJseSByZXBsaWNhdGVzIHRoZSBpcDYuaW50IHRyZWUuDQoNCiBmb3IgbmF0 aXZlIElQdjYgcmVzb2x1dGlvbiwgeW91IG1heSB3aXNoIHRvIGNvbnN1bHQvdXNlIHRoZQ0KIHNl cnZlcnMgZm91bmQgaW4gdGhlIElQdjYvRE5Tc2VjIHRlc3RiZWQsICAgd3d3LnJzLm5ldA0KDQoN Cg0KDQolIEhpIGFsbCwNCiUNCiUgUGxlYXNlLCBhcmUgdGhlcmUgYW55IEROUyBzZXJ2ZXIgcnVu bmluZy91c2luZyB0aGUgSVB2NiByZWNvcmRzIEE2IGFuZA0KJSBJUDYuQVJQQSBjb25uZWN0ZWQg YXQgNkJPTkUgbmV0d29yaz8NCiUgSSdkIGxpa2UgdG8ga25vdyBpZiBhcmUgdGhlcmUgYW55IHRv b2wgdG8gbWFuYWdlciB0aGUgRE5TIHNlY3Rpb25zPyBDb3VsZA0Kd2UNCiUgcHJldmVudCBzb21l IG1pc3Rha2VzIHdpdGggdGhpcyBzY2VuZXJ5Pw0KJQ0KJSBRQ0xBU1M9SU4sDQolDQolIFJGQzI4 NzQgU0VDVElPTiA1LjEuMQ0KJQ0KJSAkT1JJR0lOIFguRVhBTVBMRQ0KJSBOICAgICA8SU4+ICAg ICAgIEE2ICA2NCAgICA6OjEyMzQ6NTY3ODo5QUJDOkRFRjAgICAgU1VCTkVULTEuSVA2Li4uDQol DQolDQolIFNob3VsZCBiZSB0aGVyZSBpbiB0aGlzIGV4YW1wbGUgdGhlIElOIGNsYXNzIG9yIG5v dD8NCiUNCiUgQ2hlZXJzLA0KJSBSb2Jzb24gT2xpdmVpcmENCiUgKioqKioqKioqKioqKioqKioq KioqKioNCiUgQnJhemlsIEdsb2JhbCBJUHY2IFN1bW1pdCAyMDA0DQolIDFzdCBMYXRpbiBBbWVy aWNhbiBJUHY2IGV2ZW50DQoNCg0KLS0NCi0tYmlsbA0KDQpPcGluaW9ucyBleHByZXNzZWQgbWF5 IG5vdCBldmVuIGJlIG1pbmUgYnkgdGhlIHRpbWUgeW91IHJlYWQgdGhlbSwgYW5kDQpjZXJ0YWlu bHkgZG9uJ3QgcmVmbGVjdCB0aG9zZSBvZiBhbnkgb3RoZXIgZW50aXR5IChsZWdhbCBvciBvdGhl cndpc2UpLg0KDQoNCg0KDQotLV9fLS1fXy0tDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fDQo2Ym9uZSBtYWlsaW5nIGxpc3QNCjZib25lQG1haWxtYW4u aXNpLmVkdQ0KaHR0cDovL21haWxtYW4uaXNpLmVkdS9tYWlsbWFuL2xpc3RpbmZvLzZib25lDQoN Cg0KRW5kIG9mIDZib25lIERpZ2VzdA0KDQoNCg0K ------_=_NextPart_001_01C39967.E7B59A8D Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+Ii0NAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAENgAQAAgAAAAIAAgABBYAD AA4AAADTBwoAFwAIAA8AIwAEADkBASCAAwAOAAAA0wcKABcACAAQACwABABDAQEJgAEAIQAAADE5 ODJFMTU3NDQ4RDQzNDFCQzM4NkFEOUEyOUMwRjUyABYHAQOQBgDoEQAAOgAAAB8AGgABAAAAEgAA AEkAUABNAC4ATgBvAHQAZQAAAAAAAwAmAAAAAAADADYAAAAAAB8ANwABAAAATAAAAFIARQA6ACAA NgBiAG8AbgBlACAAZABpAGcAZQBzAHQALAAgAFYAbwBsACAAMQAgACMANAAwADgAIAAtACAAMgAg AG0AcwBnAHMAAABAADkAwnBsvmeZwwEfAD0AAQAAAAoAAABSAEUAOgAgAAAAAAACAUcAAQAAACoA AABjPXVzO2E9IDtwPU5URztsPU5URzI4LTAzMTAyMzEzMTY0NFotMTA5NAAAAB8ASQABAAAARAAA ADYAYgBvAG4AZQAgAGQAaQBnAGUAcwB0ACwAIABWAG8AbAAgADEAIAAjADQAMAA4ACAALQAgADIA IABtAHMAZwBzAAAAQABOAIABVW/PmMMBHwBaAAEAAAA4AAAANgBiAG8AbgBlAC0AYQBkAG0AaQBu AEAAbQBhAGkAbABtAGEAbgAuAGkAcwBpAC4AZQBkAHUAAAACAVsAAQAAAFUAAAAAAAAAgSsfpL6j EBmdbgDdAQ9UAgAAAAA2Ym9uZS1hZG1pbkBtYWlsbWFuLmlzaS5lZHUAU01UUAA2Ym9uZS1hZG1p bkBtYWlsbWFuLmlzaS5lZHUAAAAAAgFcAAEAAAAhAAAAU01UUDo2Qk9ORS1BRE1JTkBNQUlMTUFO LklTSS5FRFUAAAAAHwBdAAEAAAA8AAAANgBiAG8AbgBlAC0AcgBlAHEAdQBlAHMAdABAAG0AYQBp AGwAbQBhAG4ALgBpAHMAaQAuAGUAZAB1AAAAAgFeAAEAAABZAAAAAAAAAIErH6S+oxAZnW4A3QEP VAIAAAAANmJvbmUtcmVxdWVzdEBtYWlsbWFuLmlzaS5lZHUAU01UUAA2Ym9uZS1yZXF1ZXN0QG1h aWxtYW4uaXNpLmVkdQAAAAACAV8AAQAAACMAAABTTVRQOjZCT05FLVJFUVVFU1RATUFJTE1BTi5J U0kuRURVAAAfAGYAAQAAAAoAAABTAE0AVABQAAAAAAAfAGcAAQAAADgAAAA2AGIAbwBuAGUALQBh AGQAbQBpAG4AQABtAGEAaQBsAG0AYQBuAC4AaQBzAGkALgBlAGQAdQAAAB8AaAABAAAACgAAAFMA TQBUAFAAAAAAAB8AaQABAAAAPAAAADYAYgBvAG4AZQAtAHIAZQBxAHUAZQBzAHQAQABtAGEAaQBs AG0AYQBuAC4AaQBzAGkALgBlAGQAdQAAAB8AcAABAAAARAAAADYAYgBvAG4AZQAgAGQAaQBnAGUA cwB0ACwAIABWAG8AbAAgADEAIAAjADQAMAA4ACAALQAgADIAIABtAHMAZwBzAAAAAgFxAAEAAAAb AAAAAcOY0jrZmZYgLAicRaWH0GcGNHNfsAAlYOTOAB8AdAABAAAALAAAADYAYgBvAG4AZQBAAG0A YQBpAGwAbQBhAG4ALgBpAHMAaQAuAGUAZAB1AAAAHwAaDAEAAAAkAAAASgBvAG4AYQB0AGgAYQBu ACAAVQBwAHAAZQByAG0AYQBuAAAAHwAdDgEAAABEAAAANgBiAG8AbgBlACAAZABpAGcAZQBzAHQA LAAgAFYAbwBsACAAMQAgACMANAAwADgAIAAtACAAMgAgAG0AcwBnAHMAAAACAQkQAQAAAIYIAACC CAAABhQAAExaRnXtXpTtAwAKAHJjcGcxMjXiMgNDdGV4BUEBAwH3/wqAAqQD5AcTAoAP8wBQBFY/ CFUHshElDlEDAQIAY2jhCsBzZXQyBgAGwxEl9jMERhO3MBIsETMI7wn3tjsYHw4wNREiDGBjAFAz CwkBZDM2FlALpiBJPiAYIAeABtAEkAmAIHRrE+AFQHkIYCAHgAIwaYMCIB2RSVB2NiAd4VUKQG4T 0C4fwCAc4WGMbSACIB2xZSA2BuC9HrAnBCAAwAMQC4BnH2C/BAAFQABwHaAGkB4CJxgg/yJQAjAd cSHwHZELgB7kHhMwYXkgdwBwBUB0b3YgE9AFkGsiUAVACGB07x/BCqIKhAqASgIgHeAT4PEDoFVw cASQA4EmJAfA7HR3BbAlcEUhoAuACeDCcif1VEcgLQexKHRSVAWQaG4XoWckkEeZA2B1cCYqK/8K LS1yPk8FECjxB0AF0AeQc2GsZ2UtcyYkRgNhOiDE0C1hZG0LgEAhUgOB8i4EAGkuCYAeMCBhHWB1 E+BsInBvInAv1BggcX8KUCHwMI4mJAZgAjAvsFdBHZExMC8yMjVQMAAwMyAyOjA1IORQTSYkVG8v tTM/NEQ4dWJqBZA0wSDTIGRjLeAjUSwgVgbwNSAgMCM0MDgp4RRAbXP8Z3MmJArjNHMdoDk0IVv+ cziwMFAEEB6RBCAlACYl/wGRNu8z6TZWPYIE8h1gIFC3BcAfgEFodgcwIINXBbCybB2gV2kBADTh YjnwK0LwAJB0PnloAkBwOuwvLzCdRdYvIdILgAIQ/i8g0yYkBbBEUkMQHSAhYf858BQQIjFDEAeB LoIkoCWQXmg9gjjSQfIG4GQkkCfxIKBscCc+TzKfP+8mQvpZHiFjA5EYIADQSrAgkv0nkXMgYQOB LpAhkiCSIdTvRLov305PJjNXIKBQAgtQ/nkhkTnwC1BQMBQQSRA5kP8d8wXAOKUhwTlhUPAlggQA 7x5ABbBYQSeQYwaQDeAmJPEnIyJSZS+wCFAjEQIwbwQgMjY5hR/BIixfNqFklySAISE2sHAN4HM6 JiqfH/A1IB/gWoIe80ROBfB3UCFLoUqDQR8hIjEe8DYALkFSUEEgKEJfAxAuMQBwAwAhoCle9zL9 X5FFX99g72HzCABBgCBhgk8hgHZlaXJhYwX5LRZfX2gkJiouVS+wGvMzL1ZiSiA8PbBipEBJgFNJ LkVEVT44TfVaglsg011kD2UfYgA2WNsDYGaCLgbwZvRABSAfEE5kZnBnMACQbC4FoG1uLnKwZk9j BUQd4FqRVGsKUDnwMjpQT0shNZMxQDE6NTY6MzXALYwwNzWgYiBQRFRjBfxDYzbWbFVemyCSZVEY IPsFoR2heSeQRWBWsDGxVbH/BGBnAB2gA1I9gAGQIjALEf8+MWcwJWElAQ7AJ5EHcQIwfQdALDtF SoNRw3URIfFC+ElORELgUNE+Ax0Re8D/IZI9kCeAF8F8AAWxHcBYwfxSUnrDJhsdtC6AQ+A58O8g kmGnfQAJ4CAesArAVhD/VdMN4H9yIIMFIGHAIwGFE/+CzIHCJwFm8R7kI0EG8CXQfx6ROfAkNwQA UGElET4RdfBsdC91VsEgkjtFFBB+coAigbEfgCOThFQfEC/7btEUEGMdsCNRHWCEIR/w6nePYC4U AC4esES2kB/hJiQlIEhpHzBiYH5V+5HgkYZQVpM58ArAi9Mi0f8AcCSQbtKMpB0AH4Biwouh/1GG iSV6ghCxYUORhmGnizEPHrA48B2RHeE2Qk9O1kWFYShzP5fXJx2gIYD2a4vRJRBrKtAH4CJhk/z/ JQA6ISUBUTMSgSCSlNQ48G0+Aj8SIkOhd0g1keBwfxggZwAk0VDwB4AeQCHhYX+bcAQgftVYwQTw CfAEkHkDmoeRhlFDTEFTUwY9f+CSb1JGQzI4hDc0BgBFQ1RJmdA4IDUuX4BqFZLYJE9IUklHf+Ag WGyAWOBBTVBMRZGGplCpYvo8f+A+qWMf8GVRIMCl0ElfUTo6DiAzNHaRNwA4OjlBQkM6RIxFRhZQ X1FTVUKZ4HxULV+AYaImBpLYkYZT/mifY0HRlDSNg1jBDsAgMHdWgYREplBjC2AEEYiCb/p0os9D IKBQ0aRnc62Rhq4qta+2A5GGQmcwegMRukcXsGIuIR7zOKBtU6DVdgM0kYYxIfFMiMEDoP5BB4AF EE/iHvOgc5DPLWHbO6UtcGJiUSYqT15AAwD/PhJ9kSNBFBAdoCRysgG7Y/evYlOhILBinREgoR6A oPH3HhJvEiCCbZPRl7aiYAAgZwtxhbFykG4nBUAYIGb3VpBLIR3Ab1bBMjGUkrIQv5RBSRAecXrQ YiBWkGcuIecFscWjA/FlKSYbZ89o399akQ5QLylacHO8ImugcV/tcm9ybMU2siJiSsyha8/9d7g8 eFtsz2Phbg9vH3AtQ3UPdhU3OjQzdpA3/3bxNZEmKmJCflU2VScxJXD/HhKBwldDgUUmG7NLc6Qs v7ctzy7eautbIVIlADrQvvZdNDrX8XNdwTnwdeFzsP8SgXWwdZE1oqtR2XA2OrQ//3ffeOhtP9TP 1d9waXkvej//e098X31vfn9/j4Cfga+Cv/+Dz4Tfhe+G/4gPiR+KL4s9/4w/jU+OX49vBc+RjwdT kv//lA+VH5Yvlz+YT5lfmm+bf/+cj52fnq5e9J+/oM+h3wg8/6PfpP+mDwh4p8+o36nvqv//rA+t HAgtrw+wH7EvGL6zT//ob7Vvtn+3j7ifua+6vwZ//+ABvR++L78/wE/BX8Jvw3//xI/Fn8avx7/I D8kfUrA/QP9An0GvQmle9FuESTL2wlICB0N5U9/Jk2h0dHA67C8vRb1HZi9SAi/w/jBmL1MjPg8K RWFxW1dEE1vzSd8KfU1QAAAfADUQAQAAAHoAAAA8ADIAQgA3ADAANwA1ADMAMABFADAANwBCADcA QwA0AEMAQgBBAEIAMAA5ADIAQwAzADIAQgBDAEIAQgA1ADIAMgAwADQARQBFADAAQQBAAG4AdABn ADIAOAAuAG4AdABnAG4AdAAuAG4AdABnAC4AYwBvAG0APgAAAAAAHwBHEAEAAAAeAAAAbQBlAHMA cwBhAGcAZQAvAHIAZgBjADgAMgAyAAAAAAALAPIQAQAAAB8A8xABAAAAXAAAAFIARQAlADMAQQAg ADYAYgBvAG4AZQAgAGQAaQBnAGUAcwB0ACwAIABWAG8AbAAgADEAIAAlADIAMwA0ADAAOAAgAC0A IAAyACAAbQBzAGcAcwAuAEUATQBMAAAACwD2EAAAAABAAAcwDKxnvmeZwwFAAAgwr+jD52eZwwED AN4/6f0AAAMA8T8AAAAAHwD4PwEAAAAkAAAASgBvAG4AYQB0AGgAYQBuACAAVQBwAHAAZQByAG0A YQBuAAAAAgH5PwEAAABbAAAAAAAAANynQMjAQhAatLkIACsv4YIBAAAAAAAAAC9PPU5URy9PVT1G SVJTVCBBRE1JTklTVFJBVElWRSBHUk9VUC9DTj1SRUNJUElFTlRTL0NOPUpPTkFUSEFOAAAfAPo/ AQAAACoAAABTAHkAcwB0AGUAbQAgAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAAAAAAAIB+z8B AAAAHgAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAAAAMA GkAAAAAAAwAdQAAAAAADAB5AAAAAAB8AMEABAAAAEgAAAEoATwBOAEEAVABIAEEATgAAAAAAHwAx QAEAAAASAAAASgBPAE4AQQBUAEgAQQBOAAAAAAAfADJAAQAAADgAAAA2AGIAbwBuAGUALQBhAGQA bQBpAG4AQABtAGEAaQBsAG0AYQBuAC4AaQBzAGkALgBlAGQAdQAAAB8AM0ABAAAAPAAAADYAYgBv AG4AZQAtAHIAZQBxAHUAZQBzAHQAQABtAGEAaQBsAG0AYQBuAC4AaQBzAGkALgBlAGQAdQAAAB8A OEABAAAAEgAAAEoATwBOAEEAVABIAEEATgAAAAAAHwA5QAEAAAAEAAAALgAAAAMAdkD/////CwAp AAAAAAALACMAAAAAAAMABhCyraaIAwAHEEIMAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAA SVJFTUVNQkVSRURUSEFUWU9VTUVOVElPTkVESVBWNkFUTFVOQ0hJQU1PTlRIRTZCT05FU01BSUxJ TkdMSVNUQU5ESUZZT1VSRUlOVEVSRVNURURJTklQVjZZT1VNQVlXQU5UVAAAAAACAX8AAQAAAD0A AAA8MkI3MDc1MzBFMDdCN0M0Q0JBQjA5MkMzMkJDQkI1MjIwNEVFMEFAbnRnMjgubnRnbnQubnRn LmNvbT4AAAAA5Ns= ------_=_NextPart_001_01C39967.E7B59A8D-- From dan@reeder.name Fri Oct 24 01:00:26 2003 From: dan@reeder.name (Dan Reeder) Date: Fri, 24 Oct 2003 10:00:26 +1000 Subject: [6bone] Is minimum allocation /64 now? References: Message-ID: <004601c399c1$d4d2f9c0$0200a8c0@dryad> Having read that rfc, howcome you suggest /112 or /64 rather than a /126 to get around the anycast problem? The section 4.3 clearly states that the /126 will work fine - what is the point of suggesting a shorter prefix? To me thats just wasteful addressing. Also, could you please clarify when a linux system would be deemed to be a router rather than a host? Or perhaps I misinterpreted the rfc and it only applies to routers such as ciscos? We use /127s for the "point to point" tunnels and as far as I'm aware i've not seen any problems (other than redhat 9 always applying PREFIX::0/128 in the routing table to its loopback for some reason) cheers Dan Reeder tb.ipv6.net.au ----- Original Message ----- From: "Pekka Savola" To: Cc: <6bone@ISI.EDU> Sent: Thursday, October 23, 2003 10:20 PM Subject: Re: [6bone] Is minimum allocation /64 now? > On Thu, 23 Oct 2003 ipv6@cuhk.edu.hk wrote: > > I am sorry that I am a little bit outdated. I notice that min allocation > > of address space is /48 instead of /64 in the past for IXes. I have > > also read some old messages that /64 is used because of automatic > > configuration. But then how about P2P? Is there a practice to use a > > /64 or /127 for P2P link? Will it break something if I use prefix > > longer than /64? Thanks for your advice. > > As for P2P links (between routers, I take you mean).. > > Don't use /127, but anything between that and /64 is operationally fine. > Architecturally one should use /64. We use /112's ourselves. > > Read RFC 3627 for more. > > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From pekkas@netcore.fi Fri Oct 24 07:12:48 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 24 Oct 2003 09:12:48 +0300 (EEST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <004601c399c1$d4d2f9c0$0200a8c0@dryad> Message-ID: On Fri, 24 Oct 2003, Dan Reeder wrote: > Having read that rfc, howcome you suggest /112 or /64 rather than a /126 to > get around the anycast problem? The section 4.3 clearly states that the /126 > will work fine - what is the point of suggesting a shorter prefix? To me > thats just wasteful addressing. Uhh, please stop to think about it. Even if we use /112's, we can have 2^48 of them, assigned from a single /64. No ISP should need ever more point-to-point addresses than that :-). Remember that "wasteful addressing" has entirely different meanings in IPv6 than IPv4. Once you have an IPv6 /64, you can put as many nodes in that as you want, compared to e.g. an IPv4 /24. /112 is a great simplification over /126 from the user's perfective. This is because with /126 you should use something like: 3ffe:ffff:ffff::f00:{1,2}/126 3ffe:ffff:ffff::f00:{4,5}/126 3ffe:ffff:ffff::f00:{7,8}/126 3ffe:ffff:ffff::f00:{a,b}/126 3ffe:ffff:ffff::f00:{d,e}/126 3ffe:ffff:ffff::f01:{1,2}/126 .... We just dedided that we want to end the address with either "1" or "2" (we also have a methodology to determine which end of the link is given which number), /112 gives the last 16 bits to a subnet, so this is possible, like: 3ffe:ffff:ffff::f00:{1,2}/112 3ffe:ffff:ffff::f01:{1,2}/112 ... If this model was used towards the customers, /112 would add more flexibilty for future changes (e.g., the customer adds a firewall, /126 can given an additional address which is mostly fine). Seems simpler to me, and there's plenty of address to play with. We assign all point-to-point addresses from a single /64. > Also, could you please clarify when a linux system would be deemed to be a > router rather than a host? Or perhaps I misinterpreted the rfc and it only > applies to routers such as ciscos? It applies to all the nodes which act as a router. This happens with Linux, for example, if you have toggled on net.ipv6.conf.all.forwarding sysctl (or done something that accomplishes that, like set up IPV6FORWARDING=yes). > We use /127s for the "point to point" tunnels and as far as I'm aware i've > not seen any problems (other than redhat 9 always applying PREFIX::0/128 in > the routing table to its loopback for some reason) That's exactly the reason why /127 are not to be used between the routers! Between a router and a host, it _should_ be OK as long as the router is given the PREFIX::0/127 address. But who can say when the other end will not be connecting a router or not? Hence, /127 should not be used. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From gert@space.net Fri Oct 24 10:51:33 2003 From: gert@space.net (Gert Doering) Date: Fri, 24 Oct 2003 11:51:33 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: ; from pekkas@netcore.fi on Fri, Oct 24, 2003 at 09:12:48AM +0300 References: <004601c399c1$d4d2f9c0$0200a8c0@dryad> Message-ID: <20031024115133.C67740@Space.Net> Hi, On Fri, Oct 24, 2003 at 09:12:48AM +0300, Pekka Savola wrote: > We just dedided that we want to end the address with either "1" or "2" > (we also have a methodology to determine which end of the link is given > which number), /112 gives the last 16 bits to a subnet, so this is > possible, like: > > 3ffe:ffff:ffff::f00:{1,2}/112 > 3ffe:ffff:ffff::f01:{1,2}/112 > ... This is why I use /124s - so all my transit networks end in "...:xxx1/124" "...:xxx2/124" - just convenience, and no fundamental difference to the /112. Nevertheless I want to point out that there seems to be concepts in the works (IPSEC with encryption based on the lower /64 bits of the IPv6 address) that might result in the need to renumber ptp links done with /126s, /124s, /112s or whatever. There was a big and heated discussion on the 6bone list a year ago or so, so for those interested in this matter, read it up in the archive! Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 57785 (56883) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From jesper@skriver.dk Fri Oct 24 11:18:08 2003 From: jesper@skriver.dk (Jesper Skriver) Date: Fri, 24 Oct 2003 12:18:08 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: References: <004601c399c1$d4d2f9c0$0200a8c0@dryad> Message-ID: <20031024101808.GA1329@skriver.dk> On Fri, Oct 24, 2003 at 09:12:48AM +0300, Pekka Savola wrote: > On Fri, 24 Oct 2003, Dan Reeder wrote: > > Having read that rfc, howcome you suggest /112 or /64 rather than a /126 to > > get around the anycast problem? The section 4.3 clearly states that the /126 > > will work fine - what is the point of suggesting a shorter prefix? To me > > thats just wasteful addressing. > > Uhh, please stop to think about it. Even if we use /112's, we can have > 2^48 of them, assigned from a single /64. No ISP should need ever more > point-to-point addresses than that :-). > > Remember that "wasteful addressing" has entirely different meanings in > IPv6 than IPv4. Once you have an IPv6 /64, you can put as many nodes in > that as you want, compared to e.g. an IPv4 /24. > > /112 is a great simplification over /126 from the user's perfective. This > is because with /126 you should use something like: > > 3ffe:ffff:ffff::f00:{1,2}/126 > 3ffe:ffff:ffff::f00:{4,5}/126 > 3ffe:ffff:ffff::f00:{7,8}/126 > 3ffe:ffff:ffff::f00:{a,b}/126 > 3ffe:ffff:ffff::f00:{d,e}/126 > 3ffe:ffff:ffff::f01:{1,2}/126 > .... But using a non /126 or /127 on a p2p link can result in a forwarding loop, assume the the 2 routers have :1 and :2, and someone sends traffic to :3, if the netmask is larger than /126, the routers will do a longest match lookup, will find the interface prefix, and send the packet on the p2p interface - unless they have a specific check to drop these packets. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. From gert@space.net Fri Oct 24 12:11:58 2003 From: gert@space.net (Gert Doering) Date: Fri, 24 Oct 2003 13:11:58 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031024101808.GA1329@skriver.dk>; from jesper@skriver.dk on Fri, Oct 24, 2003 at 12:18:08PM +0200 References: <004601c399c1$d4d2f9c0$0200a8c0@dryad> <20031024101808.GA1329@skriver.dk> Message-ID: <20031024131158.G67740@Space.Net> Hi, On Fri, Oct 24, 2003 at 12:18:08PM +0200, Jesper Skriver wrote: > But using a non /126 or /127 on a p2p link can result in a forwarding > loop, assume the the 2 routers have :1 and :2, and someone sends traffic > to :3, if the netmask is larger than /126, the routers will do a longest > match lookup, will find the interface prefix, and send the packet on the > p2p interface - unless they have a specific check to drop these packets. Actually the routers seem to have that check. I can't tell you off-hand where this is documented/recommended, but it works. Look at this example. Two Cisco 12.2S boxes, one end is :101, the other one is :102, tunnel configured as /124: local end: traceroute6 to 2001:608:0:3::15a3:101, 30 hops max, 12 byte packets 1 2001:608:0:1::1 0.964 ms 0.764 ms 1.956 ms 2 2001:608:0:11::115 1.852 ms 1.262 ms 1.036 ms remote end: traceroute6 to 2001:608:0:3::15a3:102, 30 hops max, 12 byte packets 1 2001:608:0:1::1 0.952 ms 0.945 ms 0.832 ms 2 2001:608:0:11::115 1.289 ms 1.215 ms 1.261 ms 3 2001:608:0:3::15a3:102 9.043 ms 9.592 ms 8.197 ms "address that would be expected to loop": traceroute6 to 2001:608:0:3::15a3:103, 30 hops max, 12 byte packets 1 2001:608:0:1::1 1.038 ms 1.054 ms 0.725 ms 2 2001:608:0:11::115 1.377 ms 1.274 ms 1.245 ms 3 2001:608:0:3::15a3:102 28.013 ms 8.708 ms 9.439 ms 4 2001:608:0:3::15a3:102 8.604 ms !A 9.168 ms !A 8.119 ms !A Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 57785 (56883) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From jesper@skriver.dk Fri Oct 24 12:41:31 2003 From: jesper@skriver.dk (Jesper Skriver) Date: Fri, 24 Oct 2003 13:41:31 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031024131158.G67740@Space.Net> References: <004601c399c1$d4d2f9c0$0200a8c0@dryad> <20031024101808.GA1329@skriver.dk> <20031024131158.G67740@Space.Net> Message-ID: <20031024114131.GB1329@skriver.dk> On Fri, Oct 24, 2003 at 01:11:58PM +0200, Gert Doering wrote: > Hi, > > On Fri, Oct 24, 2003 at 12:18:08PM +0200, Jesper Skriver wrote: > > But using a non /126 or /127 on a p2p link can result in a forwarding > > loop, assume the the 2 routers have :1 and :2, and someone sends traffic > > to :3, if the netmask is larger than /126, the routers will do a longest > > match lookup, will find the interface prefix, and send the packet on the > > p2p interface - unless they have a specific check to drop these packets. > > Actually the routers seem to have that check. I can't tell you off-hand > where this is documented/recommended, but it works. > > Look at this example. Two Cisco 12.2S boxes, one end is :101, the other > one is :102, tunnel configured as /124: Good - but does all IPv6 implementations have this check ? (which likely have a performance impact), it it wise to have a recommendation that assume this check exist ? /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. From gert@space.net Fri Oct 24 12:43:12 2003 From: gert@space.net (Gert Doering) Date: Fri, 24 Oct 2003 13:43:12 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031024114131.GB1329@skriver.dk>; from jesper@skriver.dk on Fri, Oct 24, 2003 at 01:41:31PM +0200 References: <004601c399c1$d4d2f9c0$0200a8c0@dryad> <20031024101808.GA1329@skriver.dk> <20031024131158.G67740@Space.Net> <20031024114131.GB1329@skriver.dk> Message-ID: <20031024134312.J67740@Space.Net> Hi, On Fri, Oct 24, 2003 at 01:41:31PM +0200, Jesper Skriver wrote: > > Actually the routers seem to have that check. I can't tell you off-hand > > where this is documented/recommended, but it works. [..] > > Good - but does all IPv6 implementations have this check ? (which likely > have a performance impact), it it wise to have a recommendation that > assume this check exist ? As the addressing architecture mandates /64s, I hope there is a RFC somewhere that mandates this check :-) And no, I have no idea whether all implementations get this right (I'm sure they don't...). On the other hand, with a /126, you have also one address that has the potential for looping... Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 57785 (56883) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From pekkas@netcore.fi Fri Oct 24 14:15:29 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 24 Oct 2003 16:15:29 +0300 (EEST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031024101808.GA1329@skriver.dk> Message-ID: On Fri, 24 Oct 2003, Jesper Skriver wrote: > > 3ffe:ffff:ffff::f01:{1,2}/126 > > But using a non /126 or /127 on a p2p link can result in a forwarding > loop, assume the the 2 routers have :1 and :2, and someone sends traffic > to :3, if the netmask is larger than /126, the routers will do a longest > match lookup, will find the interface prefix, and send the packet on the > p2p interface - unless they have a specific check to drop these packets. This can only be _theoretically_ avoided by the use of a /127 or two /128's (or just leaving out the address altogether). /126 is equally affected, as IPv6 does not have the broadcast address; /126 is not a equivalent to IPv4 /30. Whether the implementations check these things is another matter.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jorgen@hovland.cx Fri Oct 24 15:54:40 2003 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Fri, 24 Oct 2003 15:54:40 +0100 Subject: [6bone] Is minimum allocation /64 now? References: Message-ID: <001801c39a3e$c17b9ee0$010aa8c0@oxlap> > On Fri, 24 Oct 2003, Jesper Skriver wrote: > > > 3ffe:ffff:ffff::f01:{1,2}/126 > > > > But using a non /126 or /127 on a p2p link can result in a forwarding > > loop, assume the the 2 routers have :1 and :2, and someone sends traffic > > to :3, if the netmask is larger than /126, the routers will do a longest > > match lookup, will find the interface prefix, and send the packet on the > > p2p interface - unless they have a specific check to drop these packets. > > This can only be _theoretically_ avoided by the use of a /127 or two > /128's (or just leaving out the address altogether). /126 is equally > affected, as IPv6 does not have the broadcast address; /126 is not a > equivalent to IPv4 /30. > > Whether the implementations check these things is another matter.. > In some scenarios, we use /127 or /128 on p2p-links (the transport layer/protocol is irrelevant) because we do not want other third parties to communicate by grabbing an availible IP, or we do not want the other second party to be able to use more than 1 IP. This is a security concern we consider important. Does this mean that we have to use IP-filters in the future to setup p2p-links if the standard becomes /64 ? Joergen Hovland ENK From pekkas@netcore.fi Fri Oct 24 17:13:11 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 24 Oct 2003 19:13:11 +0300 (EEST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <001801c39a3e$c17b9ee0$010aa8c0@oxlap> Message-ID: On Fri, 24 Oct 2003, Jørgen Hovland wrote: > In some scenarios, we use /127 or /128 on p2p-links (the transport > layer/protocol is irrelevant) because we do not want other third parties to > communicate by grabbing an availible IP, or we do not want the other second > party to be able to use more than 1 IP. This is a security concern we > consider important. Does this mean that we have to use IP-filters in the > future to setup p2p-links if the standard becomes /64 ? First, I'm not sure if I see the threat you raise? Could you describe the threat model a bit? Are you deploying a p2p link towards an untrusted medium or a customer, and you'd be worried that someone from that link or the customer itself would use more than one IP? Use of /128 should not have issues I think.. nor the use of filters, which would probably always be the safest choice when in doubt. Second, the _standard_ is _already_ /64. Has been for about ten years now. Some folks just ignore it :-) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From gert@space.net Fri Oct 24 17:20:46 2003 From: gert@space.net (Gert Doering) Date: Fri, 24 Oct 2003 18:20:46 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <001801c39a3e$c17b9ee0$010aa8c0@oxlap> References: <001801c39a3e$c17b9ee0$010aa8c0@oxlap> Message-ID: <20031024162045.GD30954@Space.Net> Hi, On Fri, Oct 24, 2003 at 03:54:40PM +0100, Jørgen Hovland wrote: > In some scenarios, we use /127 or /128 on p2p-links (the transport > layer/protocol is irrelevant) because we do not want other third parties to > communicate by grabbing an availible IP, or we do not want the other second > party to be able to use more than 1 IP. This is a security concern we > consider important. Does this mean that we have to use IP-filters in the > future to setup p2p-links if the standard becomes /64 ? The standard *is* /64 (the RFC says so). Just to clarify. But that's not my point. It's more curiousity: why are you doing this, that is, "restrict that line to a single IP address"? I mean, the whole point of v6 is "the amount of addresses available is HUGE". Is this some sort of "customer must hook only a single device to your service" product (which can be circumvented by application proxies, of course)? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 57785 (56883) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From jorgen@hovland.cx Fri Oct 24 22:03:21 2003 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Fri, 24 Oct 2003 22:03:21 +0100 Subject: [6bone] Is minimum allocation /64 now? References: Message-ID: <001501c39a72$43f9cee0$010aa8c0@oxlap> ----- Original Message ----- From: "Pekka Savola" From: "Gert Doering" Cc: <6bone@ISI.EDU> Sent: Friday, October 24, 2003 5:13 PM Subject: Re: [6bone] Is minimum allocation /64 now? ... >Is this some sort of "customer must hook only a single device to your >service" product (which can be circumvented by application proxies, >of course)? ... >First, I'm not sure if I see the threat you raise? Could you describe the >threat model a bit? ... I'll give it a try. "Anonymous P2P-connections" If you use a /64 and give the peer an ip address, you have no guarantee it will be using that address, or only that address, because you allocated the whole /64. Single-user products are the most obviously ones. When our product descriptions says "one person only", and you give them a billion ip addresses instead of the one they only needed, something tells me that abuse will increase. Sure you can hook up several other devices through a proxy. Thats what people do today, but we are trying to atleast shut the door instead of leaving it wide open. You can sell internet to the whole world with just one /64, and everybody will get their own ip address. Many services today are filtered per ip address. We are one of many who do just that: Limit webcast connections by 1 per ip address. Prevent a person from registering a million new emailaccounts. Prevent a person from sending more than 1 free mms daily and so on. Ip address filtering is a part of the whole solution to limit abuse on many services: Web-, mail-,chat- and smsservers... With ipv6 we have to skip the whole thing. On a local area network, a /64 is shared by everyone. On a P2P-link it is only used by one person. How do you know if that particular /64 is being used by a single person or 5000 persons? When you give each client/link so many ip addresses its impossible to set any restrictions/filters based on ip address because it could hurt innocent people. >The standard *is* /64 (the RFC says so). Just to clarify. RFC's are voidable when the majority says so. Joergen Hovland ENK From jeroen@unfix.org Fri Oct 24 23:12:26 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 00:12:26 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <001501c39a72$43f9cee0$010aa8c0@oxlap> Message-ID: <008201c39a7b$e91fb4d0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Jørgen Hovland wrote: > I'll give it a try. > "Anonymous P2P-connections" > If you use a /64 and give the peer an ip address, you have no > guarantee it will be using that address, or only that address, because you > allocated the whole /64. I suggest you stick to IPv4 and NAT. And no I don't mean that sarcastic. If you want to sell 'single-user' products then count their bandwidth usage. Or are you getting your IP's from your transit provider? Transit providers charge you for bandwidth consumption. So should you. If you have no intention of selling them internet access then why call yourself an ISP at all ? "single-user products" as you call it are the biggest reasons why we have those awfull NAT's today. And how many users are behind that NAT even though you just gave them 1 IPv4 address? LOTS. > >The standard *is* /64 (the RFC says so). Just to clarify. > > RFC's are voidable when the majority says so. I suggest you stay away from IPv6 as you don't have any intention of using it for the biggest reason: End to End connectivity. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5mjyimqKFIzPnwjEQJh0ACgqwnnDvq7+GNXUJrD+YF09+hRZ3MAn3J3 SradMGIvvzzigNYLni4vF04n =2WmW -----END PGP SIGNATURE----- From jorgen@hovland.cx Sat Oct 25 00:56:34 2003 From: jorgen@hovland.cx (=?ISO-8859-1?Q?J=F8rgen_Hovland?=) Date: Sat, 25 Oct 2003 01:56:34 +0200 (CEST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <008201c39a7b$e91fb4d0$210d640a@unfix.org> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> Message-ID: On Sat, 25 Oct 2003, Jeroen Massar wrote: > If you want to sell 'single-user' products then count their > bandwidth usage. Or are you getting your IP's from your transit provider? > Transit providers charge you for bandwidth consumption. There are ISP's already doing that and there are ISP's totally against it. > So should you. If you have no intention of selling them internet access > then why call yourself an ISP at all ? There are people who do not feel charging by capacity is the proper way to do it, but by the ammount of users. There are infact ISP's who do this today. > "single-user products" as you call it are the biggest reasons why > we have those awfull NAT's today. And how many users are behind > that NAT even though you just gave them 1 IPv4 address? LOTS. There's a difference between denying a person extra ip addresses and giving out a billion without asking if the person needs it. Many ISP's charge for extra ip addresses, and they dont do it just because they have to type in 3 commands on their router. NAT gives a certain ammount of security for end-users. Joergen Hovland ENK From dan@reeder.name Sat Oct 25 02:30:45 2003 From: dan@reeder.name (Dan Reeder) Date: Sat, 25 Oct 2003 11:30:45 +1000 Subject: [6bone] Is minimum allocation /64 now? References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> Message-ID: <005401c39a97$9d2a2530$0200a8c0@dryad> I think you've misinterpreted his comments Jeroen To me it merely meant a /126 ("single user endpoint") as a means to reach a customer's /48 or /64 prefix. That seems perfectly acceptable for standard single-homed subnets. There's no intention of things becomming like NAT... its just intended to be the equivilant of ipv4 /30s Of course you'd increase it to perhaps /112 if the customer wanted their subnet to be multihomed, or perhaps use the existing /126 with a new /126. It's not that we dont get the subject, indeed I think we do - its just that goign to extremes such as saying /64s MUST be used for ptp links because an RFC says so seems a little excessive. Certianly from a tunnel broker's perspective we'd prefer to assign something quite small (/127s as we've been doing - that may change to /126s or /112s after this thread) for the ptp tunnelling, and then a larger block eg /64 or /48 for their own LAN routing. But what happens when you do have a single user without a LAN of their own wanting ipv6 access? Assigning a /64 would not be of any more benefit to them over assigning a /128. Or do you reckon every user in the world (eg dialup, home dsl) should be assigned a /64 via something like PPP in the off chance they do want to some subnetting? Dan Reeder tb.ipv6.net.au ----- Original Message ----- From: "Jeroen Massar" To: "'Jørgen Hovland'" ; "'Pekka Savola'" ; "'Gert Doering'" Cc: <6bone@ISI.EDU> Sent: Saturday, October 25, 2003 8:12 AM Subject: RE: [6bone] Is minimum allocation /64 now? > -----BEGIN PGP SIGNED MESSAGE----- > > Jørgen Hovland wrote: > > > I'll give it a try. > > "Anonymous P2P-connections" > > If you use a /64 and give the peer an ip address, you have no > > guarantee it will be using that address, or only that address, because you > > allocated the whole /64. > > I suggest you stick to IPv4 and NAT. And no I don't mean that sarcastic. > > If you want to sell 'single-user' products then count their > bandwidth usage. Or are you getting your IP's from your transit provider? > Transit providers charge you for bandwidth consumption. > So should you. If you have no intention of selling them internet access > then why call yourself an ISP at all ? > > "single-user products" as you call it are the biggest reasons why > we have those awfull NAT's today. And how many users are behind > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > >The standard *is* /64 (the RFC says so). Just to clarify. > > > > RFC's are voidable when the majority says so. > > I suggest you stay away from IPv6 as you don't have any intention > of using it for the biggest reason: End to End connectivity. > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP5mjyimqKFIzPnwjEQJh0ACgqwnnDvq7+GNXUJrD+YF09+hRZ3MAn3J3 > SradMGIvvzzigNYLni4vF04n > =2WmW > -----END PGP SIGNATURE----- > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From old_mc_donald@hotmail.com Sat Oct 25 04:34:46 2003 From: old_mc_donald@hotmail.com (Gav) Date: Sat, 25 Oct 2003 11:34:46 +0800 Subject: [6bone] Is minimum allocation /64 now? References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> Message-ID: ----- Original Message ----- From: "Dan Reeder" Or do you reckon every user in the world (eg | dialup, home dsl) should be assigned a /64 via something like PPP in the off | chance they do want to some subnetting? I don't pretend to understand all of this, but we are (as we always do) thinking in terms of just computers when talking about allocating IP addresses. Are we not also to assume the same for emerging technologies that ordinary users will need an allocation of a range of addresses for things such as 'the internet fridge by LG' , things like remote access from their phones to turn the oven on, to adjust the air-con, to record a TV program. And hundreds of other household uses I can't think of right now.Or will these also be done by proxy. As I see it, the average household will undoubtedly have more than one 'computer' . Gav... --- Checked for Viruses (Viri) , Gav... Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.525 / Virus Database: 322 - Release Date: 9/10/2003 From tjc@ecs.soton.ac.uk Sat Oct 25 09:14:37 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Sat, 25 Oct 2003 09:14:37 +0100 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <005401c39a97$9d2a2530$0200a8c0@dryad> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> Message-ID: <20031025081437.GA15310@login.ecs.soton.ac.uk> As an ISP you can allocate whatever you like. There will be enough ISPs offering homes /48's and certainly /64's that those that offer a /126 will simply lose business to the more forward looking suppliers. Customers who think NAT=security can continue to use IPv4. Noone is forcing them to use IPv6. Yes I do think every home LAN should get a /48, and a static one. That means the ISP needs a lot more than a /32 though. Tim On Sat, Oct 25, 2003 at 11:30:45AM +1000, Dan Reeder wrote: > I think you've misinterpreted his comments Jeroen > To me it merely meant a /126 ("single user endpoint") as a means to reach a > customer's /48 or /64 prefix. That seems perfectly acceptable for standard > single-homed subnets. There's no intention of things becomming like NAT... > its just intended to be the equivilant of ipv4 /30s > Of course you'd increase it to perhaps /112 if the customer wanted their > subnet to be multihomed, or perhaps use the existing /126 with a new /126. > > It's not that we dont get the subject, indeed I think we do - its just that > goign to extremes such as saying /64s MUST be used for ptp links because an > RFC says so seems a little excessive. Certianly from a tunnel broker's > perspective we'd prefer to assign something quite small (/127s as we've been > doing - that may change to /126s or /112s after this thread) for the ptp > tunnelling, and then a larger block eg /64 or /48 for their own LAN routing. > > But what happens when you do have a single user without a LAN of their own > wanting ipv6 access? Assigning a /64 would not be of any more benefit to > them over assigning a /128. Or do you reckon every user in the world (eg > dialup, home dsl) should be assigned a /64 via something like PPP in the off > chance they do want to some subnetting? > > Dan Reeder > tb.ipv6.net.au > > ----- Original Message ----- > From: "Jeroen Massar" > To: "'Jørgen Hovland'" ; "'Pekka Savola'" > ; "'Gert Doering'" > Cc: <6bone@ISI.EDU> > Sent: Saturday, October 25, 2003 8:12 AM > Subject: RE: [6bone] Is minimum allocation /64 now? > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Jørgen Hovland wrote: > > > > > I'll give it a try. > > > "Anonymous P2P-connections" > > > If you use a /64 and give the peer an ip address, you have no > > > guarantee it will be using that address, or only that address, because > you > > > allocated the whole /64. > > > > I suggest you stick to IPv4 and NAT. And no I don't mean that sarcastic. > > > > If you want to sell 'single-user' products then count their > > bandwidth usage. Or are you getting your IP's from your transit provider? > > Transit providers charge you for bandwidth consumption. > > So should you. If you have no intention of selling them internet access > > then why call yourself an ISP at all ? > > > > "single-user products" as you call it are the biggest reasons why > > we have those awfull NAT's today. And how many users are behind > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > > > >The standard *is* /64 (the RFC says so). Just to clarify. > > > > > > RFC's are voidable when the majority says so. > > > > I suggest you stay away from IPv6 as you don't have any intention > > of using it for the biggest reason: End to End connectivity. > > > > Greets, > > Jeroen > > > > -----BEGIN PGP SIGNATURE----- > > Version: Unfix PGP for Outlook Alpha 13 Int. > > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > > > iQA/AwUBP5mjyimqKFIzPnwjEQJh0ACgqwnnDvq7+GNXUJrD+YF09+hRZ3MAn3J3 > > SradMGIvvzzigNYLni4vF04n > > =2WmW > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From haesu@towardex.com Sat Oct 25 10:21:43 2003 From: haesu@towardex.com (Haesu) Date: Sat, 25 Oct 2003 05:21:43 -0400 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025081437.GA15310@login.ecs.soton.ac.uk> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> <20031025081437.GA15310@login.ecs.soton.ac.uk> Message-ID: <20031025092143.GA71215@scylla.towardex.com> I understand the need to promote IPv6, and I understand the whole point of IPv6 is to provide fullblown end-to-end connectivity by having more than enough addresses everywhere.. But a /48 for a home network?.. i dunno.. I think /64 for a home network is far more than enough and reasonable. Likewise, we hand off /64's to endusers, for those who want more, may be /60 or if requested, /48... Feel free to correct me if my math is wrong but I believe /64 offs 18446744073709551616 addresses which is far more than the entire space IPv4 technology itself can offer. I wanna see a single home user who will actually *use* even 50% of 18446744073709551616 addresses. Start assigning IP's to every object in your house... i.e. fridge, watch, clock, cell phone, 3g, TV, playstation, computers, lights, microwave, coffeemaker, toilet, etc etc, etc et al. and I doubt even with all that, it comes close to half of 18446744073709551616. Isn't assigning /48 to end users a bit over excessive you think? Or is the whole point of IPv6 "Let's waste address space until we run out it and panic later on.."? -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN On Sat, Oct 25, 2003 at 09:14:37AM +0100, Tim Chown wrote: > As an ISP you can allocate whatever you like. > > There will be enough ISPs offering homes /48's and certainly /64's that > those that offer a /126 will simply lose business to the more forward > looking suppliers. > > Customers who think NAT=security can continue to use IPv4. Noone is forcing > them to use IPv6. > > Yes I do think every home LAN should get a /48, and a static one. That > means the ISP needs a lot more than a /32 though. > > Tim > > On Sat, Oct 25, 2003 at 11:30:45AM +1000, Dan Reeder wrote: > > I think you've misinterpreted his comments Jeroen > > To me it merely meant a /126 ("single user endpoint") as a means to reach a > > customer's /48 or /64 prefix. That seems perfectly acceptable for standard > > single-homed subnets. There's no intention of things becomming like NAT... > > its just intended to be the equivilant of ipv4 /30s > > Of course you'd increase it to perhaps /112 if the customer wanted their > > subnet to be multihomed, or perhaps use the existing /126 with a new /126. > > > > It's not that we dont get the subject, indeed I think we do - its just that > > goign to extremes such as saying /64s MUST be used for ptp links because an > > RFC says so seems a little excessive. Certianly from a tunnel broker's > > perspective we'd prefer to assign something quite small (/127s as we've been > > doing - that may change to /126s or /112s after this thread) for the ptp > > tunnelling, and then a larger block eg /64 or /48 for their own LAN routing. > > > > But what happens when you do have a single user without a LAN of their own > > wanting ipv6 access? Assigning a /64 would not be of any more benefit to > > them over assigning a /128. Or do you reckon every user in the world (eg > > dialup, home dsl) should be assigned a /64 via something like PPP in the off > > chance they do want to some subnetting? > > > > Dan Reeder > > tb.ipv6.net.au > > > > ----- Original Message ----- > > From: "Jeroen Massar" > > To: "'J?rgen Hovland'" ; "'Pekka Savola'" > > ; "'Gert Doering'" > > Cc: <6bone@ISI.EDU> > > Sent: Saturday, October 25, 2003 8:12 AM > > Subject: RE: [6bone] Is minimum allocation /64 now? > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > J?rgen Hovland wrote: > > > > > > > I'll give it a try. > > > > "Anonymous P2P-connections" > > > > If you use a /64 and give the peer an ip address, you have no > > > > guarantee it will be using that address, or only that address, because > > you > > > > allocated the whole /64. > > > > > > I suggest you stick to IPv4 and NAT. And no I don't mean that sarcastic. > > > > > > If you want to sell 'single-user' products then count their > > > bandwidth usage. Or are you getting your IP's from your transit provider? > > > Transit providers charge you for bandwidth consumption. > > > So should you. If you have no intention of selling them internet access > > > then why call yourself an ISP at all ? > > > > > > "single-user products" as you call it are the biggest reasons why > > > we have those awfull NAT's today. And how many users are behind > > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > > > > > >The standard *is* /64 (the RFC says so). Just to clarify. > > > > > > > > RFC's are voidable when the majority says so. > > > > > > I suggest you stay away from IPv6 as you don't have any intention > > > of using it for the biggest reason: End to End connectivity. > > > > > > Greets, > > > Jeroen > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: Unfix PGP for Outlook Alpha 13 Int. > > > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > > > > > iQA/AwUBP5mjyimqKFIzPnwjEQJh0ACgqwnnDvq7+GNXUJrD+YF09+hRZ3MAn3J3 > > > SradMGIvvzzigNYLni4vF04n > > > =2WmW > > > -----END PGP SIGNATURE----- > > > > > > _______________________________________________ > > > 6bone mailing list > > > 6bone@mailman.isi.edu > > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From tjc@ecs.soton.ac.uk Sat Oct 25 10:30:34 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Sat, 25 Oct 2003 10:30:34 +0100 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025092143.GA71215@scylla.towardex.com> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> <20031025081437.GA15310@login.ecs.soton.ac.uk> <20031025092143.GA71215@scylla.towardex.com> Message-ID: <20031025093033.GB15910@login.ecs.soton.ac.uk> Yes, but a home user will want multiple subnets, so the number of addresses per subnet isn't the issue. The common RIR policy recommends a /48 per site. http://www.ripe.net/ripe/docs/ipv6policy.html also RFC3177. If your ISP wishes to apply IPv4 thinking to IPv6 services, I suspect there will be enough IPv6 ISPs that do give recommended allocations such that noone will come to you for an IPv6 service when the alternative is better elsewhere? Noone will force you to allocate more than a /64. The market will decide in due course what is the norm. Tim On Sat, Oct 25, 2003 at 05:21:43AM -0400, Haesu wrote: > I understand the need to promote IPv6, and I understand the whole point of IPv6 is to provide fullblown end-to-end connectivity by having more than enough addresses everywhere.. > > But a /48 for a home network?.. i dunno.. > > I think /64 for a home network is far more than enough and reasonable. > Likewise, we hand off /64's to endusers, for those who want more, may be /60 or if requested, /48... > > Feel free to correct me if my math is wrong but I believe /64 offs 18446744073709551616 addresses which is far more than the entire space IPv4 technology itself can offer. > > I wanna see a single home user who will actually *use* even 50% of 18446744073709551616 addresses. > Start assigning IP's to every object in your house... i.e. fridge, watch, clock, cell phone, 3g, TV, playstation, computers, lights, microwave, coffeemaker, toilet, etc etc, etc et al. and I doubt even with all that, it comes close to half of 18446744073709551616. > > Isn't assigning /48 to end users a bit over excessive you think? Or is the whole point of IPv6 "Let's waste address space until we run out it and panic later on.."? > > -hc > > -- > Haesu C. > TowardEX Technologies, Inc. > Consulting, colocation, web hosting, network design and implementation > http://www.towardex.com | haesu@towardex.com > Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 > Fax: (978)263-0033 | POC: HAESU-ARIN > > On Sat, Oct 25, 2003 at 09:14:37AM +0100, Tim Chown wrote: > > As an ISP you can allocate whatever you like. > > > > There will be enough ISPs offering homes /48's and certainly /64's that > > those that offer a /126 will simply lose business to the more forward > > looking suppliers. > > > > Customers who think NAT=security can continue to use IPv4. Noone is forcing > > them to use IPv6. > > > > Yes I do think every home LAN should get a /48, and a static one. That > > means the ISP needs a lot more than a /32 though. > > > > Tim > > > > On Sat, Oct 25, 2003 at 11:30:45AM +1000, Dan Reeder wrote: > > > I think you've misinterpreted his comments Jeroen > > > To me it merely meant a /126 ("single user endpoint") as a means to reach a > > > customer's /48 or /64 prefix. That seems perfectly acceptable for standard > > > single-homed subnets. There's no intention of things becomming like NAT... > > > its just intended to be the equivilant of ipv4 /30s > > > Of course you'd increase it to perhaps /112 if the customer wanted their > > > subnet to be multihomed, or perhaps use the existing /126 with a new /126. > > > > > > It's not that we dont get the subject, indeed I think we do - its just that > > > goign to extremes such as saying /64s MUST be used for ptp links because an > > > RFC says so seems a little excessive. Certianly from a tunnel broker's > > > perspective we'd prefer to assign something quite small (/127s as we've been > > > doing - that may change to /126s or /112s after this thread) for the ptp > > > tunnelling, and then a larger block eg /64 or /48 for their own LAN routing. > > > > > > But what happens when you do have a single user without a LAN of their own > > > wanting ipv6 access? Assigning a /64 would not be of any more benefit to > > > them over assigning a /128. Or do you reckon every user in the world (eg > > > dialup, home dsl) should be assigned a /64 via something like PPP in the off > > > chance they do want to some subnetting? > > > > > > Dan Reeder > > > tb.ipv6.net.au > > > > > > ----- Original Message ----- > > > From: "Jeroen Massar" > > > To: "'J?rgen Hovland'" ; "'Pekka Savola'" > > > ; "'Gert Doering'" > > > Cc: <6bone@ISI.EDU> > > > Sent: Saturday, October 25, 2003 8:12 AM > > > Subject: RE: [6bone] Is minimum allocation /64 now? > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > J?rgen Hovland wrote: > > > > > > > > > I'll give it a try. > > > > > "Anonymous P2P-connections" > > > > > If you use a /64 and give the peer an ip address, you have no > > > > > guarantee it will be using that address, or only that address, because > > > you > > > > > allocated the whole /64. > > > > > > > > I suggest you stick to IPv4 and NAT. And no I don't mean that sarcastic. > > > > > > > > If you want to sell 'single-user' products then count their > > > > bandwidth usage. Or are you getting your IP's from your transit provider? > > > > Transit providers charge you for bandwidth consumption. > > > > So should you. If you have no intention of selling them internet access > > > > then why call yourself an ISP at all ? > > > > > > > > "single-user products" as you call it are the biggest reasons why > > > > we have those awfull NAT's today. And how many users are behind > > > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > > > > > > > >The standard *is* /64 (the RFC says so). Just to clarify. > > > > > > > > > > RFC's are voidable when the majority says so. > > > > > > > > I suggest you stay away from IPv6 as you don't have any intention > > > > of using it for the biggest reason: End to End connectivity. > > > > > > > > Greets, > > > > Jeroen > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: Unfix PGP for Outlook Alpha 13 Int. > > > > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > > > > > > > iQA/AwUBP5mjyimqKFIzPnwjEQJh0ACgqwnnDvq7+GNXUJrD+YF09+hRZ3MAn3J3 > > > > SradMGIvvzzigNYLni4vF04n > > > > =2WmW > > > > -----END PGP SIGNATURE----- > > > > > > > > _______________________________________________ > > > > 6bone mailing list > > > > 6bone@mailman.isi.edu > > > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > > > > > _______________________________________________ > > > 6bone mailing list > > > 6bone@mailman.isi.edu > > > http://mailman.isi.edu/mailman/listinfo/6bone > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone From haesu@towardex.com Sat Oct 25 10:50:03 2003 From: haesu@towardex.com (Haesu) Date: Sat, 25 Oct 2003 05:50:03 -0400 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025093033.GB15910@login.ecs.soton.ac.uk> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> <20031025081437.GA15310@login.ecs.soton.ac.uk> <20031025092143.GA71215@scylla.towardex.com> <20031025093033.GB15910@login.ecs.soton.ac.uk> Message-ID: <20031025095003.GA72229@scylla.towardex.com> On Sat, Oct 25, 2003 at 10:30:34AM +0100, Tim Chown wrote: > Yes, but a home user will want multiple subnets, so the number of addresses > per subnet isn't the issue. Yes that's true. Although /64 shoudl allow them to allocate /80 but that's rather against the standard, and would be just wrong :) as /64 is smallest one should give out due to it being the local site prefix. > The common RIR policy recommends a /48 per site. > http://www.ripe.net/ripe/docs/ipv6policy.html > also RFC3177. > > If your ISP wishes to apply IPv4 thinking to IPv6 services, I suspect there > will be enough IPv6 ISPs that do give recommended allocations such that > noone will come to you for an IPv6 service when the alternative is better > elsewhere? > > Noone will force you to allocate more than a /64. The market will decide > in due course what is the norm. I'll have to agree.. We are just not sure yet as to how things will turn out in the market, so I guess for now we should go with what RFC recommends. -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN > > Tim > > On Sat, Oct 25, 2003 at 05:21:43AM -0400, Haesu wrote: > > I understand the need to promote IPv6, and I understand the whole point of IPv6 is to provide fullblown end-to-end connectivity by having more than enough addresses everywhere.. > > > > But a /48 for a home network?.. i dunno.. > > > > I think /64 for a home network is far more than enough and reasonable. > > Likewise, we hand off /64's to endusers, for those who want more, may be /60 or if requested, /48... > > > > Feel free to correct me if my math is wrong but I believe /64 offs 18446744073709551616 addresses which is far more than the entire space IPv4 technology itself can offer. > > > > I wanna see a single home user who will actually *use* even 50% of 18446744073709551616 addresses. > > Start assigning IP's to every object in your house... i.e. fridge, watch, clock, cell phone, 3g, TV, playstation, computers, lights, microwave, coffeemaker, toilet, etc etc, etc et al. and I doubt even with all that, it comes close to half of 18446744073709551616. > > > > Isn't assigning /48 to end users a bit over excessive you think? Or is the whole point of IPv6 "Let's waste address space until we run out it and panic later on.."? > > > > -hc > > > > -- > > Haesu C. > > TowardEX Technologies, Inc. > > Consulting, colocation, web hosting, network design and implementation > > http://www.towardex.com | haesu@towardex.com > > Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 > > Fax: (978)263-0033 | POC: HAESU-ARIN > > > > On Sat, Oct 25, 2003 at 09:14:37AM +0100, Tim Chown wrote: > > > As an ISP you can allocate whatever you like. > > > > > > There will be enough ISPs offering homes /48's and certainly /64's that > > > those that offer a /126 will simply lose business to the more forward > > > looking suppliers. > > > > > > Customers who think NAT=security can continue to use IPv4. Noone is forcing > > > them to use IPv6. > > > > > > Yes I do think every home LAN should get a /48, and a static one. That > > > means the ISP needs a lot more than a /32 though. > > > > > > Tim > > > > > > On Sat, Oct 25, 2003 at 11:30:45AM +1000, Dan Reeder wrote: > > > > I think you've misinterpreted his comments Jeroen > > > > To me it merely meant a /126 ("single user endpoint") as a means to reach a > > > > customer's /48 or /64 prefix. That seems perfectly acceptable for standard > > > > single-homed subnets. There's no intention of things becomming like NAT... > > > > its just intended to be the equivilant of ipv4 /30s > > > > Of course you'd increase it to perhaps /112 if the customer wanted their > > > > subnet to be multihomed, or perhaps use the existing /126 with a new /126. > > > > > > > > It's not that we dont get the subject, indeed I think we do - its just that > > > > goign to extremes such as saying /64s MUST be used for ptp links because an > > > > RFC says so seems a little excessive. Certianly from a tunnel broker's > > > > perspective we'd prefer to assign something quite small (/127s as we've been > > > > doing - that may change to /126s or /112s after this thread) for the ptp > > > > tunnelling, and then a larger block eg /64 or /48 for their own LAN routing. > > > > > > > > But what happens when you do have a single user without a LAN of their own > > > > wanting ipv6 access? Assigning a /64 would not be of any more benefit to > > > > them over assigning a /128. Or do you reckon every user in the world (eg > > > > dialup, home dsl) should be assigned a /64 via something like PPP in the off > > > > chance they do want to some subnetting? > > > > > > > > Dan Reeder > > > > tb.ipv6.net.au > > > > > > > > ----- Original Message ----- > > > > From: "Jeroen Massar" > > > > To: "'J?rgen Hovland'" ; "'Pekka Savola'" > > > > ; "'Gert Doering'" > > > > Cc: <6bone@ISI.EDU> > > > > Sent: Saturday, October 25, 2003 8:12 AM > > > > Subject: RE: [6bone] Is minimum allocation /64 now? > > > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > > > J?rgen Hovland wrote: > > > > > > > > > > > I'll give it a try. > > > > > > "Anonymous P2P-connections" > > > > > > If you use a /64 and give the peer an ip address, you have no > > > > > > guarantee it will be using that address, or only that address, because > > > > you > > > > > > allocated the whole /64. > > > > > > > > > > I suggest you stick to IPv4 and NAT. And no I don't mean that sarcastic. > > > > > > > > > > If you want to sell 'single-user' products then count their > > > > > bandwidth usage. Or are you getting your IP's from your transit provider? > > > > > Transit providers charge you for bandwidth consumption. > > > > > So should you. If you have no intention of selling them internet access > > > > > then why call yourself an ISP at all ? > > > > > > > > > > "single-user products" as you call it are the biggest reasons why > > > > > we have those awfull NAT's today. And how many users are behind > > > > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > > > > > > > > > >The standard *is* /64 (the RFC says so). Just to clarify. > > > > > > > > > > > > RFC's are voidable when the majority says so. > > > > > > > > > > I suggest you stay away from IPv6 as you don't have any intention > > > > > of using it for the biggest reason: End to End connectivity. > > > > > > > > > > Greets, > > > > > Jeroen > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > > Version: Unfix PGP for Outlook Alpha 13 Int. > > > > > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > > > > > > > > > iQA/AwUBP5mjyimqKFIzPnwjEQJh0ACgqwnnDvq7+GNXUJrD+YF09+hRZ3MAn3J3 > > > > > SradMGIvvzzigNYLni4vF04n > > > > > =2WmW > > > > > -----END PGP SIGNATURE----- > > > > > > > > > > _______________________________________________ > > > > > 6bone mailing list > > > > > 6bone@mailman.isi.edu > > > > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > > > > > > > > _______________________________________________ > > > > 6bone mailing list > > > > 6bone@mailman.isi.edu > > > > http://mailman.isi.edu/mailman/listinfo/6bone > > > _______________________________________________ > > > 6bone mailing list > > > 6bone@mailman.isi.edu > > > http://mailman.isi.edu/mailman/listinfo/6bone > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From rmk@arm.linux.org.uk Sat Oct 25 10:50:55 2003 From: rmk@arm.linux.org.uk (Russell King) Date: Sat, 25 Oct 2003 10:50:55 +0100 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025092143.GA71215@scylla.towardex.com>; from haesu@towardex.com on Sat, Oct 25, 2003 at 05:21:43AM -0400 References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> <20031025081437.GA15310@login.ecs.soton.ac.uk> <20031025092143.GA71215@scylla.towardex.com> Message-ID: <20031025105055.A8467@flint.arm.linux.org.uk> Please wrap your messages before character 70 - it makes both reading _and_ quoting extremely painful unless you do. On Sat, Oct 25, 2003 at 05:21:43AM -0400, Haesu wrote: > I understand the need to promote IPv6, and I understand the whole point of IPv6 is to provide fullblown end-to-end connectivity by having more than enough addresses everywhere.. > > But a /48 for a home network?.. i dunno.. > > I think /64 for a home network is far more than enough and reasonable. > Likewise, we hand off /64's to endusers, for those who want more, may be /60 or if requested, /48... > > Feel free to correct me if my math is wrong but I believe /64 offs 18446744073709551616 addresses which is far more than the entire space IPv4 technology itself can offer. > > I wanna see a single home user who will actually *use* even 50% of 18446744073709551616 addresses. > Start assigning IP's to every object in your house... i.e. fridge, watch, clock, cell phone, 3g, TV, playstation, computers, lights, microwave, coffeemaker, toilet, etc etc, etc et al. and I doubt even with all that, it comes close to half of 18446744073709551616. > > Isn't assigning /48 to end users a bit over excessive you think? Or is the whole point of IPv6 "Let's waste address space until we run out it and panic later on.."? Somewhere in the above message you mentioned that you think /64 is excessive. Have you taken the time to look at why /64 is recommended, and how addresses get allocated inside a /64 ? It's all to do with automatic configuration rather than manual setup of IP addresses. With a /64 you can just connect an IPv6 enabled machine to the network and it will automatically configure its IPv6 address and routing to suit that network. How many people, who still have difficulty setting their video recorders, are going to be able to work out how to correctly configure their network addresses and correct routing? -- Russell King Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/ maintainer of: 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ 2.6 Serial core From haesu@towardex.com Sat Oct 25 10:56:11 2003 From: haesu@towardex.com (Haesu) Date: Sat, 25 Oct 2003 05:56:11 -0400 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025105055.A8467@flint.arm.linux.org.uk> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> <20031025081437.GA15310@login.ecs.soton.ac.uk> <20031025092143.GA71215@scylla.towardex.com> <20031025105055.A8467@flint.arm.linux.org.uk> Message-ID: <20031025095611.GB72229@scylla.towardex.com> > > Somewhere in the above message you mentioned that you think /64 is > excessive. I never said /64 is excessive. I said /48 might be. > Have you taken the time to look at why /64 is recommended, > and how addresses get allocated inside a /64 ? You think I don't know? I've read the standards. And I said assigning smaller than /64 would be *wrong* didn't I? May be that gives you a hint that I do understand and in fact *use* rtadv. > > It's all to do with automatic configuration rather than manual setup > of IP addresses. With a /64 you can just connect an IPv6 enabled > machine to the network and it will automatically configure its IPv6 > address and routing to suit that network. Read above. > > How many people, who still have difficulty setting their video recorders, > are going to be able to work out how to correctly configure their network > addresses and correct routing? This is not the context of my post. I am saying /48 may be a little excessive to a home user. I never said /64 is. -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN > > -- > Russell King > Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/ > maintainer of: 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ > 2.6 Serial core From jeroen@unfix.org Sat Oct 25 11:23:33 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 12:23:33 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <005401c39a97$9d2a2530$0200a8c0@dryad> Message-ID: <002801c39ae2$0c8ab850$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Dan Reeder [mailto:dan@reeder.name] wrote: > I think you've misinterpreted his comments Jeroen I quote: "Single-user products are the most obviously ones." "Many ISP's charge for extra ip addresses, and they dont do it just because they have to type in 3 commands on their router. NAT gives a certain ammount of security for end-users." 1 user, not 1 endsite, not 1 ptp tunnel. If it where a "enduser product" there would be going a /48 to that enduser. That simply is requiring the user to NAT and not giving them full internet access. NAT as 'security' is bullshit If you want to give them 'security' then offer a standard firewalling service like many ISP's do. And of course if you do offer it also offer the option to turn it off for the clued people. > To me it merely meant a /126 ("single user endpoint") as a > means to reach a customer's /48 or /64 prefix. He never said no such thing. Though others are talking about it. Remember "single user" product, not "multi appliance product". Next to that he waived the idea for counting bandwidth. > That seems perfectly acceptable for standard > single-homed subnets. I would not mind seeing that happen and it is something that IPng has beeing doing using /127's. All the other POPs in SixXS are using /64's though. Basically every POP has a /40 and there come 254 subnets (/48's) and one /48 is carved up into /64's for endusers. When the first /40 runs out we just use the next one... and the next one... Ofcourse one could easily plan that much bigger. > There's no intention of things becomming like NAT... > its just intended to be the equivilant of ipv4 /30s > Of course you'd increase it to perhaps /112 if the customer > wanted their subnet to be multihomed, or perhaps use > the existing /126 with a new /126. Why would 'multihoming' change your allocation length? > It's not that we dont get the subject, indeed I think we do - > its just that goign to extremes such as saying /64s MUST be used for ptp > links because an RFC says so seems a little excessive. Nobody requires one to do that, but it is insane when one is limitting endusers to one IPv6 address and that was what the above was about. If he would say 'we give them a /126 and if they ask for it we route a /48 to it' then that would be fine. But they are limitting users to 1 IP address for the sole purpose of asking more money for multiple IP addresses. They should charge bandwidth, IP's are *not* the scarce resource in IPv6. Also they are paying their upstream for bandwidth not for IP addresses like I mentioned before. > Certianly from a tunnel broker's perspective we'd prefer > to assign something quite small (/127s as we've been > doing - that may change to /126s or /112s after this thread) > for the ptp tunnelling, and then a larger block eg /64 or /48 > for their own LAN routing. One should really stay away from /127's, when people started upgrading to Linux 2.4.21+ they suddenly had anycast and suddenly they where offline as they routed the POP endpoint to localhost, well they didn't, the kernel did. Using two /128's solves that problem, check our forums for the long discussions and confusions :) But indeed, a /126 or /112 or everything not /127 and then routing a subnet to that enduser is perfect, you give them the connectivity they expect and they can plug in and go. >From the mouth of Timothy Lowe (RIPE NCC): "if you suspect that there will be more than one subnet at the endsite, give them a /48" As wireless networks next to the ethernet LAN's common in most homes make most endsites multi-netted give them a /48. It also saves on administrative hassles: "what should we give to that user a /64 or a /48" "they have a /64 but are getting wireless, now need to renumber" "..." Ofcourse a TB is something different, but why shouldn't you. Charge them if they use a lot of bandwidth. Those are IP's are basically free for you too... > But what happens when you do have a single user without a LAN > of their own wanting ipv6 access? > Assigning a /64 would not be of any more benefit to > them over assigning a /128. You are talking Point To Point links here, not the subnet that is, seperatly, routed to that enduser. > Or do you reckon every user in > the world (eg dialup, home dsl) should be assigned a /64 via > something like PPP in the off chance they do want to some subnetting? One should *not* use any other IP's in a PtP link ofcourse. Route them a *seperate* subnet. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5pPJCmqKFIzPnwjEQJVqgCeOQ3+toQdAfL5szZSwKjR7CBMoHYAniV3 ER7fYdPkp1WzLZ897wgxc41D =Edhr -----END PGP SIGNATURE----- From jeroen@unfix.org Sat Oct 25 12:07:58 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 13:07:58 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025092143.GA71215@scylla.towardex.com> Message-ID: <002b01c39ae8$4005d4c0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Haesu wrote: > I understand the need to promote IPv6, and I understand the > whole point of IPv6 is to provide fullblown end-to-end > connectivity by having more than enough addresses everywhere.. > > But a /48 for a home network?.. i dunno.. > > I think /64 for a home network is far more than enough and reasonable. > Likewise, we hand off /64's to endusers, for those who want > more, may be /60 or if requested, /48... Funny administrativia you are going to do. Also if they move from another ISP to yours they suddenly are getting a much smaller block? The global TLA allocation is done on the assumption that you have 200 endsites under your TLA. If you get a standard /32, you have 2^16 = 65535 /48's If you need more, aka you run out, just request a bigger TLA. > Feel free to correct me if my math is wrong but I believe /64 > offs 18446744073709551616 addresses which is far more than > the entire space IPv4 technology itself can offer. But you are calculating the wrong thing. A link gets a /64, thus there is a possiblity that a endsite (I am not talking users/homes here, these could be companies) put up 64-48 -> 2^16 = 65535 subnets. And in that subnet you can plug basically anything you like. Indeed there are going to be a lot of IP's being unused. > I wanna see a single home user who will actually *use* even > 50% of 18446744073709551616 addresses. I do, as I got two subnets here: 2 * (2^64) = 36893488147419103232 IP's in use. And I can plugin *any* apparatus in both my wired and my wireless network and tadaaaaaa it WORKS, global connectivity!!!!!! :) > Start assigning IP's to every object in your house... i.e. > fridge, watch, clock, cell phone, 3g, TV, playstation, > computers, lights, microwave, coffeemaker, toilet, etc etc, > etc et al. and I doubt even with all that, it comes close to > half of 18446744073709551616. You are assuming IPv4 style addressing, don't think like that. There are 65535 subnets per endsite. You have to realize that in the future it might be that a house gets totally routed, eg subnets for: - the kitchen - the living room - the first floor - the second floor - the toilet - the molly's room - the johnny's room - ... Don't think in IPv4 style, preservative, allocation, please... > Isn't assigning /48 to end users a bit over excessive you > think? Or is the whole point of IPv6 "Let's waste address > space until we run out it and panic later on.."? Please read: http://www.faqs.org/rfcs/rfc3194.html If you feel the pain already... wow :) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5pZjSmqKFIzPnwjEQLXUgCdGFYcKdPHMu6oL5I8wFfVRnNOCdIAoK3/ ishme8g0fB8FKMjcK/1KYLRa =c/zd -----END PGP SIGNATURE----- From jorgen@hovland.cx Sat Oct 25 12:11:35 2003 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Sat, 25 Oct 2003 12:11:35 +0100 Subject: [6bone] Is minimum allocation /64 now? References: <002801c39ae2$0c8ab850$210d640a@unfix.org> Message-ID: <002101c39ae8$c221efc0$010aa8c0@oxlap> >From: "Jeroen Massar" > Dan Reeder [mailto:dan@reeder.name] wrote: > > > I think you've misinterpreted his comments Jeroen > > 1 user, not 1 endsite, not 1 ptp tunnel. > If it where a "enduser product" there would be going > a /48 to that enduser. > > > To me it merely meant a /126 ("single user endpoint") as a > > means to reach a customer's /48 or /64 prefix. Yes. P2P/Single user: A media used by only 1 machine (+ the remote). My intentions are not to restrict the customer from recieving a /64 for the LAN behind the P2P link, but to hand out a /64 per machine or device that should never have more than 1 machine. That's why I asked if we need to use ip filter in the future. > That simply is requiring the user to NAT and not giving > them full internet access. NAT as 'security' is bullshit > If you want to give them 'security' then offer a standard > firewalling service like many ISP's do. And of course if > you do offer it also offer the option to turn it off for > the clued people. You got to be joking? NAT adds security. We do not even need to discuss that. "Standard firewalling" means NAT for very many. In almost all cases when a customer of ours ask for firewall, thats what they get from us because thats what they meant. I'm not saying that NAT is good, but thats what the majority use where I come from. Joergen Hovland ENK From haesu@towardex.com Sat Oct 25 12:14:58 2003 From: haesu@towardex.com (Haesu) Date: Sat, 25 Oct 2003 07:14:58 -0400 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <002b01c39ae8$4005d4c0$210d640a@unfix.org> References: <20031025092143.GA71215@scylla.towardex.com> <002b01c39ae8$4005d4c0$210d640a@unfix.org> Message-ID: <20031025111458.GA75213@scylla.towardex.com> Yea, more subnets do make sense.. I agree with you on that :) I can just imagine people having a core router in the basement of their house to route subnets all over their house hhehe -hc -- Haesu C. TowardEX Technologies, Inc. Consulting, colocation, web hosting, network design and implementation http://www.towardex.com | haesu@towardex.com Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170 Fax: (978)263-0033 | POC: HAESU-ARIN On Sat, Oct 25, 2003 at 01:07:58PM +0200, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Haesu wrote: > > > I understand the need to promote IPv6, and I understand the > > whole point of IPv6 is to provide fullblown end-to-end > > connectivity by having more than enough addresses everywhere.. > > > > But a /48 for a home network?.. i dunno.. > > > > I think /64 for a home network is far more than enough and reasonable. > > Likewise, we hand off /64's to endusers, for those who want > > more, may be /60 or if requested, /48... > > Funny administrativia you are going to do. > Also if they move from another ISP to yours they suddenly > are getting a much smaller block? > > The global TLA allocation is done on the assumption that > you have 200 endsites under your TLA. > > If you get a standard /32, you have 2^16 = 65535 /48's > If you need more, aka you run out, just request a bigger TLA. > > > Feel free to correct me if my math is wrong but I believe /64 > > offs 18446744073709551616 addresses which is far more than > > the entire space IPv4 technology itself can offer. > > But you are calculating the wrong thing. > A link gets a /64, thus there is a possiblity that a endsite > (I am not talking users/homes here, these could be companies) > put up 64-48 -> 2^16 = 65535 subnets. > > And in that subnet you can plug basically anything you like. > Indeed there are going to be a lot of IP's being unused. > > > I wanna see a single home user who will actually *use* even > > 50% of 18446744073709551616 addresses. > > I do, as I got two subnets here: > 2 * (2^64) = 36893488147419103232 IP's in use. > > And I can plugin *any* apparatus in both my wired and > my wireless network and tadaaaaaa it WORKS, global connectivity!!!!!! :) > > > Start assigning IP's to every object in your house... i.e. > > fridge, watch, clock, cell phone, 3g, TV, playstation, > > computers, lights, microwave, coffeemaker, toilet, etc etc, > > etc et al. and I doubt even with all that, it comes close to > > half of 18446744073709551616. > > You are assuming IPv4 style addressing, don't think like that. > There are 65535 subnets per endsite. > > You have to realize that in the future it might be that a > house gets totally routed, eg subnets for: > - the kitchen > - the living room > - the first floor > - the second floor > - the toilet > - the molly's room > - the johnny's room > - ... > > Don't think in IPv4 style, preservative, allocation, please... > > > Isn't assigning /48 to end users a bit over excessive you > > think? Or is the whole point of IPv6 "Let's waste address > > space until we run out it and panic later on.."? > > Please read: http://www.faqs.org/rfcs/rfc3194.html > > If you feel the pain already... wow :) > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP5pZjSmqKFIzPnwjEQLXUgCdGFYcKdPHMu6oL5I8wFfVRnNOCdIAoK3/ > ishme8g0fB8FKMjcK/1KYLRa > =c/zd > -----END PGP SIGNATURE----- From tjc@ecs.soton.ac.uk Sat Oct 25 12:22:18 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Sat, 25 Oct 2003 12:22:18 +0100 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025095003.GA72229@scylla.towardex.com> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <005401c39a97$9d2a2530$0200a8c0@dryad> <20031025081437.GA15310@login.ecs.soton.ac.uk> <20031025092143.GA71215@scylla.towardex.com> <20031025093033.GB15910@login.ecs.soton.ac.uk> <20031025095003.GA72229@scylla.towardex.com> Message-ID: <20031025112218.GE15910@login.ecs.soton.ac.uk> On Sat, Oct 25, 2003 at 05:50:03AM -0400, Haesu wrote: > On Sat, Oct 25, 2003 at 10:30:34AM +0100, Tim Chown wrote: > > Yes, but a home user will want multiple subnets, so the number of addresses > > per subnet isn't the issue. > > Yes that's true. Although /64 shoudl allow them to allocate /80 but that's rather against the standard, and would be just wrong :) as /64 is smallest one should give out due to it being the local site prefix. It is the smallest mainly because of stateless autoconif requiring /64 (see RFC2462). Stateless autoconf requires this. > I'll have to agree.. We are just not sure yet as to how things will turn out in the market, so I guess for now we should go with what RFC recommends. Sure, maybe /64 will become a norm (it is at least a lot better than the IPv4 situation, especially given the "1 user" stipulation of many DSL providers). I hope /56 or better /48 wins though :) Tim From jeroen@unfix.org Sat Oct 25 12:29:13 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 13:29:13 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025111458.GA75213@scylla.towardex.com> Message-ID: <003001c39aeb$384c1c50$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Haesu [mailto:haesu@towardex.com] wrote: > Yea, more subnets do make sense.. I agree with you on that :) > > I can just imagine people having a core router in the > basement of their house to route subnets all over their house hhehe No, I don't either, at least not soon. But did we expect the spanish inquisition... ehhmmm Did we expect to have such a global internet in the 1970's ? Did we expect computers to become so popular? Did we expect ... Unless someone gets us a real fortuneteller we can't expect anything. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA+AwUBP5peiSmqKFIzPnwjEQJ0iwCWNsgjfLXQSiHVyp79QytUDNkcHQCgs4w7 ikPPidRUEfc2DM2416XjVU8= =rFu7 -----END PGP SIGNATURE----- From jeroen@unfix.org Sat Oct 25 12:34:14 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 13:34:14 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <002101c39ae8$c221efc0$010aa8c0@oxlap> Message-ID: <003301c39aeb$eba13ab0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Jørgen Hovland [mailto:jorgen@hovland.cx] wrote: > >From: "Jeroen Massar" > > Dan Reeder [mailto:dan@reeder.name] wrote: > > > > > I think you've misinterpreted his comments Jeroen > > > > 1 user, not 1 endsite, not 1 ptp tunnel. > > If it where a "enduser product" there would be going > > a /48 to that enduser. > > > > > To me it merely meant a /126 ("single user endpoint") as a > > > means to reach a customer's /48 or /64 prefix. > > Yes. P2P/Single user: A media used by only 1 machine (+ the remote). Thus users will do NAT as it is cheaper for most of them than buying a 'premium' service with "more IP's". Still they will be using more bandwidth than the one single user and thus they will cost you more money while paying the "single user" price. Economics 101 :) > My intentions are not to restrict the customer from recieving > a /64 for the LAN behind the P2P link, but to hand out a /64 per > machine or device that should never have more than 1 machine. > That's why I asked if we need to use ip filter in the future. That changes the idea, as it is a normal PtP link, thus either: - 2x /128 - something between 64 and 126 - 1x /64, but: - only route the /128 to the otherside - filter out the rest of the IP's. For SixXS setup we do the route /128 trick btw... > > That simply is requiring the user to NAT and not giving > > them full internet access. NAT as 'security' is bullshit > > If you want to give them 'security' then offer a standard > > firewalling service like many ISP's do. And of course if > > you do offer it also offer the option to turn it off for > > the clued people. > > You got to be joking? NAT adds security. Thank you for entering the hall of shame. NAT adds obscurity, nothing to do with security. > We do not even need to discuss that. > "Standard firewalling" means NAT for very many. That could be that normal people think that, tech folks should not. Last time I checked 6bone@isi.edu was a technical kind of list... > In almost all cases when a customer of ours ask for firewall, > thats what they get from us because thats what they meant. Then educate your customers, the same thing saying that a NAT box is a router, it is, kinda, but it really isn't when using the correct terminology. Or are you going to sell them a IPv6 NAT service when what they really want is a firewall ? (aka a port and content blocker) > I'm not saying that NAT is good, but thats what the majority > use where I come from. That's unfortunatly where most people come from indeed. And it has to stop. Not educating and/or correcting people keeps them thinking that it is just that. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5pftimqKFIzPnwjEQJ0XwCfarrqFkPS8WRxI2Vfua34oyD4GPwAn3Pr FURIgLtDUQGzLWyyidlp0Zbn =MrUG -----END PGP SIGNATURE----- From JORDI PALET MARTINEZ" Message-ID: <0a2b01c39aec$e4f3d410$9402a8c0@consulintel.es> Clearly those ISPs that charge for every address, will need to switch the business model, if they want to win new customers, or even keep the existing users ! Charging for every IPv6 address, must be forbidden, hopefully soon by the RIRs policy. ----- Original Message ----- From: "Jørgen Hovland" To: "Jeroen Massar" Cc: <6bone@ISI.EDU> Sent: Saturday, October 25, 2003 1:56 AM Subject: RE: [6bone] Is minimum allocation /64 now? > On Sat, 25 Oct 2003, Jeroen Massar wrote: > > > If you want to sell 'single-user' products then count their > > bandwidth usage. Or are you getting your IP's from your transit provider? > > Transit providers charge you for bandwidth consumption. > > There are ISP's already doing that and there are ISP's totally against > it. > > > So should you. If you have no intention of selling them internet access > > then why call yourself an ISP at all ? > > There are people who do not feel charging by capacity is the proper way to > do it, but by the ammount of users. There are infact ISP's who do this > today. > > > "single-user products" as you call it are the biggest reasons why > > we have those awfull NAT's today. And how many users are behind > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > There's a difference between denying a person extra ip addresses and > giving out a billion without asking if the person needs it. > > Many ISP's charge for extra ip addresses, and they dont do it just because > they have to type in 3 commands on their router. NAT gives a certain ammount > of security for end-users. > > Joergen Hovland ENK > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. From dan@reeder.name Sat Oct 25 15:12:53 2003 From: dan@reeder.name (Dan Reeder) Date: Sun, 26 Oct 2003 00:12:53 +1000 Subject: [6bone] Is minimum allocation /64 now? References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <0a2b01c39aec$e4f3d410$9402a8c0@consulintel.es> Message-ID: <003901c39b02$15602c10$0200a8c0@dryad> I'm not sure where things went awry but i've got this feeling that I've been included in this "charge per ip" lameness. The problem is that, perhaps because some of us have had to live under the strong arm of apnic, that the tendency to want to conserve addressing is a bit of a habit. Personally whenever I see things like /48s being given to users left right and center I get reminded of the consequences of Stanford being given a v4 /8 way back in the early days. It just reeks of wastefulness. Just because we can, and just because some (antiquated?) documents say so, does that mean we should? yes most of us will agree that a /48 being given to a 17 year old for use on his 3-pc lan, but then why is a /64 acceptable? Is the ammount of addresses included in a /64 really different to a /48 when it comes to practical operational use? To me, the whole problem is a bit of a "chicken and egg" cycle. The rfcs and powers that be say /64 is the minimum primarily because other rfcs have dictated addressing schemes, and that the autoconfiguration software doesn't support network prefixes in greater length than /64. But then the autoconfiguration software developers say they only support up to /64 beacuse of rfcs! Why can't someone bite the bullet and just develop a daemon like radvd that will simply use pretty much any prefix length thrown at it? I've got a /64 on my lan here. If the advertisement software supported it operationally speaking it would make absolutely ZERO difference if I changed it to /80... or /112 or even a /120. And I bet it would make almost zero difference to the majority of the readers on this list (i'm not really talking about ISP network operations/addressing here though) I can't help but cringe at the thought of some geek in a few hundred years time thinking what clowns we all were by greedily taking /64s and /48s for our kitchens and bedrooms and living rooms and bathrooms.... and I can't help but think that there will be an IP shortage somewhere in our solar system similar to what asia pacific is currently suffering under v4. But ooooh its 128 bits... it'll never run out, especially with properly monitored and allocated addressing, right fellas? Oh wait. *grumbles something about /48s assigned to children* Dan Reeder ----- Original Message ----- From: "JORDI PALET MARTINEZ" To: <6bone@ISI.EDU> Sent: Saturday, October 25, 2003 9:41 PM Subject: Re: [6bone] Is minimum allocation /64 now? > Clearly those ISPs that charge for every address, will need to switch the business model, if they want to win new customers, or even > keep the existing users ! > > Charging for every IPv6 address, must be forbidden, hopefully soon by the RIRs policy. > > ----- Original Message ----- > From: "Jørgen Hovland" > To: "Jeroen Massar" > Cc: <6bone@ISI.EDU> > Sent: Saturday, October 25, 2003 1:56 AM > Subject: RE: [6bone] Is minimum allocation /64 now? > > > > On Sat, 25 Oct 2003, Jeroen Massar wrote: > > > > > If you want to sell 'single-user' products then count their > > > bandwidth usage. Or are you getting your IP's from your transit provider? > > > Transit providers charge you for bandwidth consumption. > > > > There are ISP's already doing that and there are ISP's totally against > > it. > > > > > So should you. If you have no intention of selling them internet access > > > then why call yourself an ISP at all ? > > > > There are people who do not feel charging by capacity is the proper way to > > do it, but by the ammount of users. There are infact ISP's who do this > > today. > > > > > "single-user products" as you call it are the biggest reasons why > > > we have those awfull NAT's today. And how many users are behind > > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > > There's a difference between denying a person extra ip addresses and > > giving out a billion without asking if the person needs it. > > > > Many ISP's charge for extra ip addresses, and they dont do it just because > > they have to type in 3 commands on their router. NAT gives a certain ammount > > of security for end-users. > > > > Joergen Hovland ENK > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > ********************************** > Madrid 2003 Global IPv6 Summit > Presentations and videos on line at: > http://www.ipv6-es.com > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From jeroen@unfix.org Sat Oct 25 16:02:08 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 17:02:08 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <003901c39b02$15602c10$0200a8c0@dryad> Message-ID: <004501c39b08$f684ae40$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Dan Reeder wrote: > I'm not sure where things went awry but i've got this feeling > that I've been included in this "charge per ip" lameness. > > The problem is that, perhaps because some of us have had to > live under the strong arm of apnic, that the tendency to want to conserve > addressing is a bit of a habit. APNIC is conservative because the APNIC members mandated that policy. For IPv6 they are *NOT* conservative though, check the number of TLA's that for instance NTT have received, yes a lot :) > Personally whenever I see things like /48s being given to > users left right and center I get reminded of the consequences of Stanford > being given a v4 /8 way back in the early days. Read the HD Ratio RFC and understand that statistically we are doing the good thing. If it isn't the good thing then we only wasted 3% (!!!!!) of the IPv6 space. Where is this problem now? > yes most of us will agree that a /48 being given to a 17 year > old for use on his 3-pc lan, but then why is a /64 acceptable? A /64 is for a link, if a site has a possiblity of more than 1 link give them a /48. How difficult is that? Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5qQcCmqKFIzPnwjEQKsdACeKNi+Hxn5G4JRRZ3iCyN7ZHziX64An3fZ 3EyetkjCTZB3dYz4vgnRzVL4 =g7KY -----END PGP SIGNATURE----- From jorgen@hovland.cx Sat Oct 25 16:56:09 2003 From: jorgen@hovland.cx (=?utf-8?Q?J=C3=B8rgen_Hovland?=) Date: Sat, 25 Oct 2003 16:56:09 +0100 Subject: [6bone] Is minimum allocation /64 now? References: <002b01c39ae8$4005d4c0$210d640a@unfix.org> Message-ID: <004a01c39b10$82e518a0$010aa8c0@oxlap> > Haesu wrote: > > > I wanna see a single home user who will actually *use* even > > 50% of 18446744073709551616 addresses. > > I do, as I got two subnets here: > 2 * (2^64) = 36893488147419103232 IP's in use. I'm sure he meant ip addresses in use, not putting a /64 net on your interface. > And I can plugin *any* apparatus in both my wired and > my wireless network and tadaaaaaa it WORKS, global connectivity!!!!!! :) > %> Tim Chown wrote: %>It is the smallest mainly because of stateless autoconif requiring /64 (see %>RFC2462). Stateless autoconf requires this. Not trying to start a huge discussion, but: DHCP does the same thing with a smaller prefix, and also gives you the correct dns-settings and/or bootp-options ++. Since you obviously think you can get 2^64 devices on a single lan, dhcp can reject new devices an ip address if there are none availible. > > Start assigning IP's to every object in your house... i.e. > > fridge, watch, clock, cell phone, 3g, TV, playstation, > > computers, lights, microwave, coffeemaker, toilet, etc etc, > > etc et al. and I doubt even with all that, it comes close to > > half of 18446744073709551616. > > You are assuming IPv4 style addressing, don't think like that. > There are 65535 subnets per endsite. > > > You have to realize that in the future it might be that a > house gets totally routed, eg subnets for: > - the kitchen > - the living room > - the first floor > - the second floor > - the toilet > - the molly's room > - the johnny's room > - ... I know by now how much you love saving bandwidth, Jeroen. I have been thinking a bit about that: IPv6 is 128 bits and IPv4 32. If we used an "ipv4-stylish" allocation plan for ipv6, and dropped the extra bits we saved by not wasting excessive space, how much money would your company save ? Lets say we save 64 bits: Thats 8 bytes per packet. 256000 pps gives 2048kb per second ~ 20mbit = 800-5000++€ month > > Don't think in IPv4 style, preservative, allocation, please... If we did, you could get 20mbit free. But we aren't, so just ignore this. Joergen Hovland ENK From jorgen@hovland.cx Sat Oct 25 16:58:23 2003 From: jorgen@hovland.cx (=?iso-8859-1?Q?J=F8rgen_Hovland?=) Date: Sat, 25 Oct 2003 16:58:23 +0100 Subject: [6bone] Is minimum allocation /64 now? References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <0a2b01c39aec$e4f3d410$9402a8c0@consulintel.es> Message-ID: <005001c39b10$d2b81fd0$010aa8c0@oxlap> >From: "JORDI PALET MARTINEZ" > Clearly those ISPs that charge for every address, will need to switch the business model, if they want >to win new customers, or even > keep the existing users ! > > Charging for every IPv6 address, must be forbidden, hopefully soon by the RIRs policy. > Well they could charge for every /64 instead :-) Joergen Hovland ENK From fredb@immanent.net Sat Oct 25 17:20:33 2003 From: fredb@immanent.net (Frederick Bruckman) Date: Sat, 25 Oct 2003 11:20:33 -0500 (CDT) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <003901c39b02$15602c10$0200a8c0@dryad> References: <008201c39a7b$e91fb4d0$210d640a@unfix.org> <0a2b01c39aec$e4f3d410$9402a8c0@consulintel.es> <003901c39b02$15602c10$0200a8c0@dryad> Message-ID: On Sun, 26 Oct 2003, Dan Reeder wrote: > The problem is that, perhaps because some of us have had to live under the > strong arm of apnic, that the tendency to want to conserve addressing is a > bit of a habit. Personally whenever I see things like /48s being given to > users left right and center I get reminded of the consequences of Stanford > being given a v4 /8 way back in the early days. It just reeks of > wastefulness. Just because we can, and just because some (antiquated?) > documents say so, does that mean we should? The problem was, that there turned out not to be enough addresses for the Internet as it came to be, period. CIDR, and use of formerly reserved address spaces, are consequences of that simple fact. Making the orignal allocations denser would not have prevented the problem. > To me, the whole problem is a bit of a "chicken and egg" cycle. The rfcs and > powers that be say /64 is the minimum primarily because other rfcs have > dictated addressing schemes, and that the autoconfiguration software doesn't > support network prefixes in greater length than /64. But then the > autoconfiguration software developers say they only support up to /64 > beacuse of rfcs! > Why can't someone bite the bullet and just develop a daemon like radvd that > will simply use pretty much any prefix length thrown at it? I've got a /64 > on my lan here. If the advertisement software supported it operationally > speaking it would make absolutely ZERO difference if I changed it to /80... > or /112 or even a /120. And I bet it would make almost zero difference to > the majority of the readers on this list (i'm not really talking about ISP > network operations/addressing here though) Uh, no. You don't get it. The lower 64-bits are for your globally unique host address. Allowing as many bits for the host addresses as for the network addresses obviously means that IPv4 CIDR will never be repeated for IPv6, and that therefore router manufacturers are free to bake that assumption into the hardware. I think what the Powers That Be need to do, to stop this topic from coming up endlessly, is to change the marketing language from "IPv6 gives you network addresses," to, "IPv6 gives you 2^64 == 16 quintillion networks (American usage), and an unlimited number of hosts on each network". It would be smart policy to give each physical location a 48. Most of the 65,536 networks will be "wasted", if you will, but consider where the room for expansion is likely to be needed. Will some users want more than 16 or 256 networks? (Yes.) Or will there be more than 64 trillion locations? (Not likely.) Points of presence that need *more* that 65,536 networks can simply use the same equipment and methodology that an ISP uses, so no problem there either. Frederick From jeroen@unfix.org Sat Oct 25 17:27:20 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 25 Oct 2003 18:27:20 +0200 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <004a01c39b10$82e518a0$010aa8c0@oxlap> Message-ID: <004b01c39b14$dd5544f0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Jørgen Hovland [mailto:jorgen@hovland.cx] wrote: > > Haesu wrote: > > > > > I wanna see a single home user who will actually *use* even > > > 50% of 18446744073709551616 addresses. > > > > I do, as I got two subnets here: > > 2 * (2^64) = 36893488147419103232 IP's in use. > > I'm sure he meant ip addresses in use, not putting a /64 net on your > interface. As the RFC's uses a /64 per link that is the usage. If there is one device or 10000. If there is 1 user using 1000 devices or 1000 users using 1 device each. > > And I can plugin *any* apparatus in both my wired and > > my wireless network and tadaaaaaa it WORKS, global > connectivity!!!!!! :) > > > %> Tim Chown wrote: > %>It is the smallest mainly because of stateless autoconif requiring /64 (see > %>RFC2462). Stateless autoconf requires this. > > Not trying to start a huge discussion, but: > DHCP does the same thing with a smaller prefix, and also gives you the > correct dns-settings and/or bootp-options ++. Ofcourse you could do that, but when you allocate say 10 IP's to your kitchen, and suddenly that new toaster also becomes IPv6 enabled, are you going to call your ISP because you need 1 extra IP? Ofcourse it could all be more conservative, 255 IP's per link _could_ be enough but what if you run out? Renumber??? And yes you want to control your toaster from that system next to your bed to make sure your bread is done when you get downstairs. Think into the future, not what happened in the 80's. > Since you obviously think you can get 2^64 devices on a > single lan, dhcp can reject new devices an ip > address if there are none availible. Apparently you assume that I think of that, but if you read correctly what I noted below on giving every room in a house a seperate subnet you should realize that is absolutely not what I meant. > > > Start assigning IP's to every object in your house... i.e. > > > fridge, watch, clock, cell phone, 3g, TV, playstation, > > > computers, lights, microwave, coffeemaker, toilet, etc etc, > > > etc et al. and I doubt even with all that, it comes close to > > > half of 18446744073709551616. > > > > You are assuming IPv4 style addressing, don't think like that. > > There are 65535 subnets per endsite. > > > > > > You have to realize that in the future it might be that a > > house gets totally routed, eg subnets for: > > - the kitchen > > - the living room > > - the first floor > > - the second floor > > - the toilet > > - the molly's room > > - the johnny's room > > - ... > > I know by now how much you love saving bandwidth, Jeroen. Do I love to save bandwidth? Cool where did you get that assumption? I said *PAY* for bandwidth, which is what every ISP is doing too. Grossly use the IP's, there is enough in IPv6. And grossly use the bandwidth, the user is paying. > I have been > thinking a bit about that: > IPv6 is 128 bits and IPv4 32. > If we used an "ipv4-stylish" allocation plan for ipv6, and > dropped the extra bits we saved by not wasting excessive space, > how much money would your company save ? Why would they want to save money? They want connectivity, if they want to save money then they should get into a deal for cheaper transit/upstreams. > Lets say we save 64 bits: > Thats 8 bytes per packet. > 256000 pps gives 2048kb per second ~ 20mbit = 800-5000++€ month Which is perfectly accountable and thus payable by the users. Why do you care how much traffic they send and receive? More traffic means more money for the ISP, being you. In the Netherlands ISP's have a "download cap", most other ISP's in the world have that too I heared. This "cap" is in place as that is the border at which the ISP *earns* money. If you do more traffic... those users *pay* more, perfect! :) If they are able to hook up more equipment they will start using it more and more and more... getting you more and more money because they are using more bandwidth. Again Economics 101. > > Don't think in IPv4 style, preservative, allocation, please... > > If we did, you could get 20mbit free. > But we aren't, so just ignore this. Ignore your idea of 'saving bandwidth' or your odd perception of why IPv6 exists? Before anyone thinks.. nothing personal... Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP5qkaCmqKFIzPnwjEQKAKQCeJDrtXm4s6m3Pas63ZwiX7BVfL08AoKVB aD7qfe4fBdGgAJCPtFOUvhKk =qw+Q -----END PGP SIGNATURE----- From JORDI PALET MARTINEZ" <0a2b01c39aec$e4f3d410$9402a8c0@consulintel.es> <005001c39b10$d2b81fd0$010aa8c0@oxlap> Message-ID: <102f01c39b15$d40cc110$9402a8c0@consulintel.es> No, even charging for every /64 must be forbidden. The ISPs are "service providers", they should provide intelligent services ! The addressing space is a good of the human race, not belonging to ISPs. I agree that the ISPs manage that prefix for us, and thus they must receive a compensation just to cover the ADMINISTRATIVE cost of that service, but they must get their profits because they provide intelligent services. Otherwise, we can appoint non-profit organizations to manage the prefix allocation for all the users. Internet is now a public service, and consequently must not mean extra cost for Internet itself. Regards, Jordi ----- Original Message ----- From: "Jørgen Hovland" To: "JORDI PALET MARTINEZ" ; <6bone@ISI.EDU> Sent: Saturday, October 25, 2003 5:58 PM Subject: Re: [6bone] Is minimum allocation /64 now? > >From: "JORDI PALET MARTINEZ" > > Clearly those ISPs that charge for every address, will need to switch the > business model, if they want >to win new customers, or even > > keep the existing users ! > > > > Charging for every IPv6 address, must be forbidden, hopefully soon by the > RIRs policy. > > > > Well they could charge for every /64 instead :-) > > Joergen Hovland ENK > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. From jorgen@hovland.cx Sat Oct 25 17:52:19 2003 From: jorgen@hovland.cx (=?windows-1258?Q?J=F8rgen_Hovland?=) Date: Sat, 25 Oct 2003 17:52:19 +0100 Subject: [6bone] Is minimum allocation /64 now? References: <004b01c39b14$dd5544f0$210d640a@unfix.org> Message-ID: <009501c39b18$5bbefef0$010aa8c0@oxlap> > > Not trying to start a huge discussion, but: > > DHCP does the same thing with a smaller prefix, and also gives you the > > correct dns-settings and/or bootp-options ++. > > Ofcourse you could do that, but when you allocate say 10 IP's > to your kitchen, and suddenly that new toaster also becomes IPv6 > enabled, are you going to call your ISP because you need 1 extra IP? > How about allocating a /112 as Dan Reeder suggested, and not 10 ip addresses. I am not suggesting a fixed size to put in a RFC and force everybody to use it. People have different networks. > Ofcourse it could all be more conservative, 255 IP's per link > _could_ be enough but what if you run out? Renumber??? > Or you add another range to your dhcpd config. > Ignore your idea of 'saving bandwidth' or your odd perception > of why IPv6 exists? Im pretty sure we all know why IPv6 exists, but maybe not how we should use it. > > Before anyone thinks.. nothing personal... Ofcourse. Joergen Hovland ENK From tjc@ecs.soton.ac.uk Sat Oct 25 17:57:03 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Sat, 25 Oct 2003 17:57:03 +0100 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <004a01c39b10$82e518a0$010aa8c0@oxlap> References: <002b01c39ae8$4005d4c0$210d640a@unfix.org> <004a01c39b10$82e518a0$010aa8c0@oxlap> Message-ID: <20031025165703.GE19671@login.ecs.soton.ac.uk> On Sat, Oct 25, 2003 at 04:56:09PM +0100, Jørgen Hovland wrote: > > Not trying to start a huge discussion, but: > DHCP does the same thing with a smaller prefix, and also gives you the > correct dns-settings and/or bootp-options ++. Since you obviously think you > can get 2^64 devices on a single lan, dhcp can reject new devices an ip > address if there are none availible. I'm not sure I understand the point here? (And at the moment, DHCPv6 is still needed for DNS resolver discovery even for statelessly autoconfiguring hosts) I agree you can do what you like inside your own network - but for interop outside you should use the standards, love them or not :) > IPv6 is 128 bits and IPv4 32. > If we used an "ipv4-stylish" allocation plan for ipv6, and dropped the extra > bits we saved by not wasting excessive space, how much money would your > company save ? > > Lets say we save 64 bits: > Thats 8 bytes per packet. > 256000 pps gives 2048kb per second ~ 20mbit = 800-5000++??? month You would then be more open to port scanning attacks that otherwise are far less feasible in IPv6? It's nice to use a random 64-bit host address for some addition warm fuzzy feeling ;) Tim From jholmblad@aol.com Sat Oct 25 18:05:44 2003 From: jholmblad@aol.com (John Holmblad) Date: Sat, 25 Oct 2003 13:05:44 -0400 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <002801c39ae2$0c8ab850$210d640a@unfix.org> References: <002801c39ae2$0c8ab850$210d640a@unfix.org> Message-ID: <3F9AAD68.3080807@aol.com> --------------060907030302080200070500 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit All, I'd like to share the following thoughts with the group on this discussion on IP V6 address space. 1. Re NAT Of course, relying on security through obscurity is bad as a stand alone practice, but, as a part of a defense in depth strategy that includes fire walling it does help. Most SOHO router products include, pit of practical necessity, NAT but also a rudimentary firewall and no one can argue that having those devices in place has somehow increased the collective security of the Internet as we know it today. For an ISP to sell pure NAT as a rock solid security product however, would represent a negligent sales practice. 2. Re /48 vs /64 for the single network port or home It occurs to me that the more address space that is allocated to a given access point to the Internet, the easier it is for a scanner to find it, for obvious reasons. In that sense, generosity of address space allocation runs against the grain of trying to make the Internet more secure. In fact it would seem desirable to take advantage of the huge 128 bit address space enabled by IPv6 to raise the cost for attackers to find "points of interest" on the Internet. -- Best Regards, John Holmblad Televerage International (H) 703 620 0672 (M) 703 407 2278 (F) 703 620 5388 www page: www.vtext.com/users/jholmblad primary email address: jholmblad@aol.com backup email address: jholmblad@verizon.net text email address: jholmblad@vtext.com --------------060907030302080200070500 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit All,

I'd like to share the following thoughts with the group on this discussion on IP V6 address space.

1. Re NAT

Of course, relying on security through obscurity is bad as a stand alone practice, but, as a part of a defense in depth strategy that includes fire walling  it does help. Most SOHO router products include, pit of practical necessity, NAT but also a rudimentary firewall and no one can argue that having those devices in place has somehow increased the collective security of the Internet as we know it today. For an ISP to sell pure NAT as a rock solid security product however, would represent a negligent sales practice.

2. Re /48 vs /64 for the single network port or home

It occurs to me that the more address space that is allocated to a given access point to the Internet, the easier it is for a scanner to find it, for obvious reasons. In that sense, generosity of address space allocation runs against the grain of trying to make the Internet more secure.  In fact it  would seem desirable to take advantage of the huge 128 bit address space enabled by IPv6 to raise the cost for attackers to find "points of interest" on the Internet.
--
Best Regards,

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad@aol.com

backup email address:  jholmblad@verizon.net

 

text email address:         jholmblad@vtext.com

--------------060907030302080200070500-- From jorgen@hovland.cx Sat Oct 25 18:40:27 2003 From: jorgen@hovland.cx (=?ISO-8859-1?Q?J=F8rgen_Hovland?=) Date: Sat, 25 Oct 2003 19:40:27 +0200 (CEST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <3F9AAD68.3080807@aol.com> References: <002801c39ae2$0c8ab850$210d640a@unfix.org> <3F9AAD68.3080807@aol.com> Message-ID: On Sat, 25 Oct 2003, John Holmblad wrote: > 1. Re NAT > > Of course, relying on security through obscurity is bad as a stand alone > practice, but, as a part of a defense in depth strategy that includes > fire walling it does help. Most SOHO router products include, pit of > practical necessity, NAT but also a rudimentary firewall and no one can > argue that having those devices in place has somehow increased the > collective security of the Internet as we know it today. For an ISP to > sell pure NAT as a rock solid security product however, would represent > a negligent sales practice. > > > > > 2. Re /48 vs /64 for the single network port or home > > It occurs to me that the more address space that is allocated to a given > access point to the Internet, the easier it is for a scanner to find it, > for obvious reasons. In that sense, generosity of address space > allocation runs against the grain of trying to make the Internet more > secure. In fact it would seem desirable to take advantage of the huge > 128 bit address space enabled by IPv6 to raise the cost for attackers to > find "points of interest" on the Internet. > -- > Hi I don't see NAT purely as a "security through obscurity" product, but I do agree. However, your second comment seems to me as a solution purely based on a security through obscurity model. By hiding the "real" ip addresses in a scope of billions you are trying to gain better security. Do you think this is better than NAT ? Joergen Hovland ENK From fredb@immanent.net Sat Oct 25 19:25:27 2003 From: fredb@immanent.net (Frederick Bruckman) Date: Sat, 25 Oct 2003 13:25:27 -0500 (CDT) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <3F9AAD68.3080807@aol.com> References: <002801c39ae2$0c8ab850$210d640a@unfix.org> <3F9AAD68.3080807@aol.com> Message-ID: On Sat, 25 Oct 2003, John Holmblad wrote: > 2. Re /48 vs /64 for the single network port or home > > It occurs to me that the more address space that is allocated to a given > access point to the Internet, the easier it is for a scanner to find it, > for obvious reasons. In that sense, generosity of address space > allocation runs against the grain of trying to make the Internet more > secure. In fact it would seem desirable to take advantage of the huge > 128 bit address space enabled by IPv6 to raise the cost for attackers to > find "points of interest" on the Internet. Sorry, but it's not obvious to me at all. Given that I know an ISP's /32, which is public knowledge, how do I find the unique host/network addresses with valid hosts? Even assuming that a lot of folks will use the ::1 host part for misguided security considerations, I've still potentially got a lot of guessing to do to find the valid networks. Now, supposing that the structure of the ISP's networks is either apparent from a few stray hits, or published, it would still seem to make the attacker's job harder if the networks are sparsely allocated. Frederick From tjc@ecs.soton.ac.uk Sat Oct 25 20:05:12 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Sat, 25 Oct 2003 20:05:12 +0100 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: References: <002801c39ae2$0c8ab850$210d640a@unfix.org> <3F9AAD68.3080807@aol.com> Message-ID: <20031025190512.GA20756@login.ecs.soton.ac.uk> On Sat, Oct 25, 2003 at 07:40:27PM +0200, Jørgen Hovland wrote: > > 2. Re /48 vs /64 for the single network port or home > > > > It occurs to me that the more address space that is allocated to a given > > access point to the Internet, the easier it is for a scanner to find it, > > for obvious reasons. In that sense, generosity of address space > > allocation runs against the grain of trying to make the Internet more > > secure. In fact it would seem desirable to take advantage of the huge > > 128 bit address space enabled by IPv6 to raise the cost for attackers to > > find "points of interest" on the Internet. Actually the more address space allocated, the harder it is to be found in that address range. > I don't see NAT purely as a "security through obscurity" product, but I do > agree. > However, your second comment seems to me as a solution purely based on a > security through obscurity model. By hiding the "real" ip addresses in a > scope of billions you are trying to gain better security. Do you think > this is better than NAT ? Not at all, but if it takes an attacker 500 billion years to scan a /64 at one IP per second, I' happier than it taking 4 minutes for an IPv4 /24. Defense in depth. If you choose to number your hosts ::1 and up, that's your choice of course... Tim From JORDI PALET MARTINEZ" <3F9AAD68.3080807@aol.com> Message-ID: <158101c39b4e$9934baf0$9402a8c0@consulintel.es> This is a multi-part message in MIME format. ------=_NextPart_000_157E_01C39B5F.5B9FBEE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Regarding 1, that's why most of the ISP networks with NAT devices can be = attacked so easily, because the false security of the NAT boxes, and I = can give you a lot of examples, even from big ISPs ... 2, on the contrary ... see = http://www.ietf.org/internet-drafts/draft-chown-v6ops-port-scanning-impli= cations-00.txt ----- Original Message -----=20 From: John Holmblad=20 To: Jeroen Massar=20 Cc: 'Dan Reeder' ; 'J=F8rgen Hovland' ; 'Pekka Savola' ; 'Gert = Doering' ; 6bone@ISI.EDU=20 Sent: Saturday, October 25, 2003 7:05 PM Subject: Re: [6bone] Is minimum allocation /64 now? All,=20 I'd like to share the following thoughts with the group on this = discussion on IP V6 address space. 1. Re NAT Of course, relying on security through obscurity is bad as a stand = alone practice, but, as a part of a defense in depth strategy that = includes fire walling it does help. Most SOHO router products include, = pit of practical necessity, NAT but also a rudimentary firewall and no = one can argue that having those devices in place has somehow increased = the collective security of the Internet as we know it today. For an ISP = to sell pure NAT as a rock solid security product however, would = represent a negligent sales practice.=20 2. Re /48 vs /64 for the single network port or home It occurs to me that the more address space that is allocated to a = given access point to the Internet, the easier it is for a scanner to = find it, for obvious reasons. In that sense, generosity of address space = allocation runs against the grain of trying to make the Internet more = secure. In fact it would seem desirable to take advantage of the huge = 128 bit address space enabled by IPv6 to raise the cost for attackers to = find "points of interest" on the Internet. --=20 Best Regards, John Holmblad Televerage International (H) 703 620 0672 (M) 703 407 2278 (F) 703 620 5388 www page: www.vtext.com/users/jholmblad primary email address: jholmblad@aol.com backup email address: jholmblad@verizon.net text email address: jholmblad@vtext.com ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. ------=_NextPart_000_157E_01C39B5F.5B9FBEE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Regarding 1, that's why most of the ISP = networks=20 with NAT devices can be attacked so easily, because the false security = of the=20 NAT boxes, and I can give you a lot of examples, even from big ISPs=20 ...
 
2, on the contrary ... see http://www.ietf.org/internet-drafts/draft-chown-v6ops-port-scann= ing-implications-00.txt
----- Original Message -----
From:=20 John = Holmblad=20
Cc: 'Dan Reeder' ; 'J=F8rgen Hovland' ; 'Pekka = Savola' ;=20 'Gert = Doering' ; 6bone@ISI.EDU =
Sent: Saturday, October 25, = 2003 7:05=20 PM
Subject: Re: [6bone] Is minimum = allocation /64 now?

All,

I'd like to share the following thoughts = with the=20 group on this discussion on IP V6 address space.

1. Re = NAT

Of=20 course, relying on security through obscurity is bad as a stand alone=20 practice, but, as a part of a defense in depth strategy that includes = fire=20 walling  it does help. Most SOHO router products include, pit of=20 practical necessity, NAT but also a rudimentary firewall and no one = can argue=20 that having those devices in place has somehow increased the = collective=20 security of the Internet as we know it today. For an ISP to sell pure = NAT as a=20 rock solid security product however, would represent a negligent sales = practice.

2. Re /48 vs /64 for the single network port or=20 home

It occurs to me that the more address space that is = allocated to a=20 given access point to the Internet, the easier it is for a scanner to = find it,=20 for obvious reasons. In that sense, generosity of address space = allocation=20 runs against the grain of trying to make the Internet more = secure.  In=20 fact it  would seem desirable to take advantage of the huge 128 = bit=20 address space enabled by IPv6 to raise the cost for attackers to find = "points=20 of interest" on the Internet.
--

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620=20 0672

(M) 703 407=20 2278

(F) 703 620=20 5388

 

www=20 = page:           &n= bsp;         =20 www.vtext.com/users/jholmbl= ad

primary email address: = jholmblad@aol.com

backup email address:  jholmblad@verizon.net

 

text email=20 address:         jholmblad@vtext.com


**********************************
Madrid 2003 Global IPv6 Summit
Presentations and videos on line at:
http://www.ipv6-es.com

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. ------=_NextPart_000_157E_01C39B5F.5B9FBEE0-- From jholmblad@aol.com Sun Oct 26 01:35:49 2003 From: jholmblad@aol.com (John Holmblad) Date: Sat, 25 Oct 2003 21:35:49 -0400 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <158101c39b4e$9934baf0$9402a8c0@consulintel.es> References: <002801c39ae2$0c8ab850$210d640a@unfix.org> <3F9AAD68.3080807@aol.com> <158101c39b4e$9934baf0$9402a8c0@consulintel.es> Message-ID: <3F9B24F5.6080005@aol.com> --------------060909090901020906050604 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Jordi, thanks for the reference to the recent IETF doc on the subject. The intro of that document kind of underpins what I asserted/implied , i.e. defense in depth is a good thing and that security through obscurity helps to raise the bar for the wily attacker but does not stand on its own two legs: "It must be remembered that the defense of a network must not rely on the obscurity of the hosts on that network. Such a feature or property is only one measure in a set of measures that may be applied." Regarding the second point, the idea I am trying to get across applies equally to either IPv4 or IPv6 and is really a generic argument against too much generosity in the allocation of address space. My working assumption, perhaps invalid, is that the attacker is interested in knowing whether or not there is a network behind a particular network address and that scanning a for /n+m's will take longer than scanning for /n's where n and m are positive integers thus increasing the attack "cost" in time and bandwidth consumption for the attacker. A key part of my assumption is that the edge router servicing the /n or /n+m subnet will provide some kind of informational response to the attacker on the first "hit" so that they can make the inference that something is in fact behind that network address that is worth attacking. Of course, having found that, they still have to find out what is behind the /n or /n+m. The information provided may, of course, depend upon the router and how it is configured. I can and do set my edge router to "deep six" echo requests but the very fact that this is configurable suggests that some of the routers of the cybersphere may be set the other way. -- Best Regards, John Holmblad Televerage International (H) 703 620 0672 (M) 703 407 2278 (F) 703 620 5388 www page: www.vtext.com/users/jholmblad primary email address: jholmblad@aol.com backup email address: jholmblad@verizon.net text email address: jholmblad@vtext.com --------------060909090901020906050604 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Jordi,

thanks for the reference to the recent IETF  doc on the subject. The intro of that document kind of underpins what I asserted/implied , i.e. defense in depth is a good thing and that security through obscurity helps to raise the bar for the wily attacker but does not stand on its own two legs:

   "It must be remembered that the defense of a network must not rely on
   the obscurity of the hosts on that network.   Such a feature or
   property is only one measure in a set of measures that may be
   applied."

Regarding the second point, the idea I am trying to get across applies equally to either IPv4 or IPv6 and is really a generic argument against too much generosity in the allocation of address space. My working assumption, perhaps invalid, is that  the attacker is interested in   knowing whether or not there is a network behind a particular network address and that scanning a  for /n+m's will take longer than scanning for /n's where n and m are positive integers thus increasing the attack "cost" in time and bandwidth consumption for the attacker. A key part of my assumption is that the edge router  servicing the /n or /n+m subnet will provide some kind of informational response to the attacker on the first "hit" so that they can make the inference that something is in fact behind that network address that is worth attacking. Of course, having found that, they still have to find out what is behind the /n or /n+m.  The information provided may, of course, depend upon the router and how it is configured. I can and do set my edge router to "deep six" echo requests but the very fact that this is configurable suggests that some of the routers of the cybersphere may be set the other way.
--
Best Regards,

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad@aol.com

backup email address:  jholmblad@verizon.net

 

text email address:         jholmblad@vtext.com

--------------060909090901020906050604-- From tony@lava.net Sun Oct 26 06:50:14 2003 From: tony@lava.net (Antonio Querubin) Date: Sat, 25 Oct 2003 20:50:14 -1000 (HST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <3F9AAD68.3080807@aol.com> References: <002801c39ae2$0c8ab850$210d640a@unfix.org> <3F9AAD68.3080807@aol.com> Message-ID: On Sat, 25 Oct 2003, John Holmblad wrote: > 2. Re /48 vs /64 for the single network port or home > > It occurs to me that the more address space that is allocated to a given > access point to the Internet, the easier it is for a scanner to find it, > for obvious reasons. In that sense, generosity of address space > allocation runs against the grain of trying to make the Internet more > secure. In fact it would seem desirable to take advantage of the huge > 128 bit address space enabled by IPv6 to raise the cost for attackers to > find "points of interest" on the Internet. Though a scanner may find the subnet, to mount a real attack that might actually accomplish something would require scanning the entire prefix for actual targets. That takes time. If you were a cracker, would you spend time scanning a densely populated small network or a sparsely populated large network? I'd suspect that with IPv6, the dispersion of targets into a much larger address space makes things a little more difficult for crackers. The theoretical bottom line is that you'll have a harder time targeting what you haven't yet found. From bmanning@ISI.EDU Sun Oct 26 12:06:56 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sun, 26 Oct 2003 04:06:56 -0800 (PST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031025190512.GA20756@login.ecs.soton.ac.uk> from Tim Chown at "Oct 25, 3 08:05:12 pm" Message-ID: <200310261206.h9QC6u923572@boreas.isi.edu> % > > 128 bit address space enabled by IPv6 to raise the cost for attackers to % > > find "points of interest" on the Internet. % % Actually the more address space allocated, the harder it is to be found in % that address range. % % Not at all, but if it takes an attacker 500 billion years to scan a /64 % at one IP per second, I' happier than it taking 4 minutes for an IPv4 /24. % % Defense in depth. % % If you choose to number your hosts ::1 and up, that's your choice % of course... % % Tim from this side of the fence, since there are so many discrete IPs in a /64 that you are being announced, that looks like a target rich environment for forged source addresses for spam. but, as you point out, YMMV. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From tjc@ecs.soton.ac.uk Sun Oct 26 12:37:10 2003 From: tjc@ecs.soton.ac.uk (Tim Chown) Date: Sun, 26 Oct 2003 12:37:10 +0000 Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <200310261206.h9QC6u923572@boreas.isi.edu> References: <20031025190512.GA20756@login.ecs.soton.ac.uk> <200310261206.h9QC6u923572@boreas.isi.edu> Message-ID: <20031026123710.GA1061@login.ecs.soton.ac.uk> On Sun, Oct 26, 2003 at 04:06:56AM -0800, Bill Manning wrote: > > from this side of the fence, since there are so many discrete > IPs in a /64 that you are being announced, that looks like > a target rich environment for forged source addresses for spam. > but, as you point out, YMMV. Agreed, you can't relying on blacklisting specific IP's; you should instead blacklist whatever the customer allocation is. But that from discussion here could be anything from a single IP to a /48, and you don't know :) Given the RFC3041 privacy addresses will be commonly used, a sender on a subnet can come from any potential host address anyway. Tim From dan@reeder.name Sun Oct 26 12:49:56 2003 From: dan@reeder.name (Dan Reeder) Date: Sun, 26 Oct 2003 22:49:56 +1000 Subject: [6bone] link local for tunnel endpoints Message-ID: <000901c39bbf$a90c24b0$0200a8c0@dryad> Hey guys in light of the recent spirited discussions regarding ptp subnets, I was wondering whether anyone has used or is using the link local addressing for the endpoints. (I'm not too sure whether it is still called link local in this case, as it is quite different from typical MAC-based addressing) here's an example of my tunnel: ip tunnel add sixbone mode sit remote 203.149.69.35 local 202.173.147.67 ip link set sixbone up ip tunnel change sixbone ttl 255 ip link set mtu 1472 dev sixbone route add -A inet6 ::/0 gw fe80::cb95:4523 dev sixbone fe80::cb95:4523 is just the remote ip converted to hex and set with a link local prefix. Now because my local router and the remote router also have valid 2001:: global addressing (on mine for the /64 on another interface, on the remote for other purposes), so traceroutes back and forth are going through just fine. I realise that every device needs a globally reachable ip set on it somewhere, even on a loopback interface, to be reachable. But are there any operational down sides or gotchas that would prove this type of addressing to be unsafe or impractical for use? thanks Dan Reeder From bmanning@ISI.EDU Sun Oct 26 14:34:30 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sun, 26 Oct 2003 06:34:30 -0800 (PST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <20031026123710.GA1061@login.ecs.soton.ac.uk> from Tim Chown at "Oct 26, 3 12:37:10 pm" Message-ID: <200310261434.h9QEYU224092@boreas.isi.edu> % > from this side of the fence, since there are so many discrete % > IPs in a /64 that you are being announced, that looks like % > a target rich environment for forged source addresses for spam. % > but, as you point out, YMMV. % % Agreed, you can't relying on blacklisting specific IP's; you should instead % blacklist whatever the customer allocation is. But that from discussion % here could be anything from a single IP to a /48, and you don't know :) % % Given the RFC3041 privacy addresses will be commonly used, a sender on a % subnet can come from any potential host address anyway. % % Tim whoops! that tells me that whitelisting of specific IP addresses (/128s) will become common by ISPs and endusers as a spam prevention measure. In that case, thr routing problem disappears, no? :) --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From gnu@wraith.sf.ca.us Sun Oct 26 15:49:16 2003 From: gnu@wraith.sf.ca.us (gnu not unix) Date: Sun, 26 Oct 2003 07:49:16 -0800 Subject: [6bone] v6 usage, a personal view Message-ID: <200310261549.h9QFnGah028496@ring.wraith.sf.ca.us> Hi folks-- I've been connected to 6bone via tunnels for a couple years, and have run a v6 web server, and more recently, email and ntp services, via v6 transport, in usa (California). I have not seen very much use of v6 during this time. There is one list that I receive via v6 (bind9, oddly not this 6bone list). There has been occasional access of the web server via v6--I have some "how-to" info of a technical nature there. My own use of v6 is negligible as far as daily web browsing is concerned. Partly this is due to using a squid cache which is not v6 aware, partly due to my workstation being linux, and not using the usagi kernel (I run the PPSKit patch instead, for ntp). I've several times asked my isp about v6, but there is a negative incentive for them to offer v6--they make too much money from the v4 address space "shortage" and thus don't want to disturb this revenue stream. I'm curious how folks are moving their own usage to v6, and also wondering a bit why 6bone list uses v4. In the american jargon in the silicon valley, using your own product is referred to as "eating your own dog food." ../Steven From cfaber@fpsn.net Sun Oct 26 21:32:22 2003 From: cfaber@fpsn.net (Colin Faber) Date: Sun, 26 Oct 2003 14:32:22 -0700 Subject: [6bone] Is minimum allocation /64 now? (+ my 2 cents) In-Reply-To: <002801c39ae2$0c8ab850$210d640a@unfix.org> References: <002801c39ae2$0c8ab850$210d640a@unfix.org> Message-ID: <3F9C3D66.1030005@fpsn.net> Hi, Jeroen Massar wrote: > "Many ISP's charge for extra ip addresses, and they dont do it just because > they have to type in 3 commands on their router. NAT gives a certain ammount > of security for end-users." > > 1 user, not 1 endsite, not 1 ptp tunnel. > If it where a "enduser product" there would be going > a /48 to that enduser. > > That simply is requiring the user to NAT and not giving > them full internet access. NAT as 'security' is bullshit > If you want to give them 'security' then offer a standard > firewalling service like many ISP's do. And of course if > you do offer it also offer the option to turn it off for > the clued people. > Interjecting some comments here. As a real world example I'm limited to a single /30 from Qwest Internet services, Limiting me to that TINY allocation has nothing to do with security and everything to do with the bottom line ($$). A lot of ISP's I've dealt with are the same way. They do not like the fact that IPv6 will "solve" the IPv4 IP shortage problem because a major source of their revenue is based off of so called "business class" connections which provide single or VERY tiny blocks of static space to the end site. Others feel that they can stop people from hosting services on "personal class" connections which may violate the ISP's AUP by forcing the users to use a horrific DHCP based system or even worse yet NAT. From anne@apnic.net Mon Oct 27 02:16:50 2003 From: anne@apnic.net (Anne Lord) Date: Mon, 27 Oct 2003 12:16:50 +1000 (EST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <003901c39b02$15602c10$0200a8c0@dryad> Message-ID: hi Dan, > The problem is that, perhaps because some of us have had to live under the > strong arm of apnic, that the tendency to want to conserve addressing is a As pointed out by a subsequent posting, the policies of APNIC are, like those of the other RIRs, set by the community: conservation is regarded as an important goal. [snip] >help but think that there will be an IP shortage somewhere in our solar >system similar to what asia pacific is currently suffering under v4. ^^^^^^^^^ The current allocation rates for the Asia Pacific region _exceed_ those of all other RIR regions as you can see in the presentation below, slide 3: 'IPv4 allocations from RIRs to LIRs/ISPs, yearly comparison - Jun 30, 2003': http://www.apnic.net/meetings/16/programme/docs/amm-pres-joint-rir-stats-jun031.ppt This is part of a coordinated 'Internet Number Resource Statistics' presentation which is updated twice a year by the RIRs. The daily data in raw format is available from: http://www.apnic.net/info/reports/index.html Check the heading 'IP and AS number allocation reports'. Hope this helps, regards, Anne _____________________________________________________________________ Anne Lord, Manager, Policy Liaison Asia Pacific Network Information Centre phone: +61 7 3858 3100 http://www.apnic.net fax: +61 7 3858 3199 ---------------------------------------------------------------------- > Dan Reeder > > ----- Original Message ----- > From: "JORDI PALET MARTINEZ" > To: <6bone@ISI.EDU> > Sent: Saturday, October 25, 2003 9:41 PM > Subject: Re: [6bone] Is minimum allocation /64 now? > > > > Clearly those ISPs that charge for every address, will need to switch the > business model, if they want to win new customers, or even > > keep the existing users ! > > > > Charging for every IPv6 address, must be forbidden, hopefully soon by the > RIRs policy. > > > > ----- Original Message ----- > > From: "Jørgen Hovland" > > To: "Jeroen Massar" > > Cc: <6bone@ISI.EDU> > > Sent: Saturday, October 25, 2003 1:56 AM > > Subject: RE: [6bone] Is minimum allocation /64 now? > > > > > > > On Sat, 25 Oct 2003, Jeroen Massar wrote: > > > > > > > If you want to sell 'single-user' products then count their > > > > bandwidth usage. Or are you getting your IP's from your transit > provider? > > > > Transit providers charge you for bandwidth consumption. > > > > > > There are ISP's already doing that and there are ISP's totally against > > > it. > > > > > > > So should you. If you have no intention of selling them internet > access > > > > then why call yourself an ISP at all ? > > > > > > There are people who do not feel charging by capacity is the proper way > to > > > do it, but by the ammount of users. There are infact ISP's who do this > > > today. > > > > > > > "single-user products" as you call it are the biggest reasons why > > > > we have those awfull NAT's today. And how many users are behind > > > > that NAT even though you just gave them 1 IPv4 address? LOTS. > > > > > > There's a difference between denying a person extra ip addresses and > > > giving out a billion without asking if the person needs it. > > > > > > Many ISP's charge for extra ip addresses, and they dont do it just > because > > > they have to type in 3 commands on their router. NAT gives a certain > ammount > > > of security for end-users. > > > > > > Joergen Hovland ENK > > > _______________________________________________ > > > 6bone mailing list > > > 6bone@mailman.isi.edu > > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > > > ********************************** > > Madrid 2003 Global IPv6 Summit > > Presentations and videos on line at: > > http://www.ipv6-es.com > > > > This electronic message contains information which may be privileged or > confidential. The information is intended to be for the use of the > individual(s) named above. If you are not the intended recipient be aware > that any disclosure, copying, distribution or use of the contents of this > information, including attached files, is prohibited. > > > > > > _______________________________________________ > > 6bone mailing list > > 6bone@mailman.isi.edu > > http://mailman.isi.edu/mailman/listinfo/6bone > > > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From dan@reeder.name Mon Oct 27 04:16:20 2003 From: dan@reeder.name (Dan Reeder) Date: Mon, 27 Oct 2003 14:16:20 +1000 Subject: [6bone] Is minimum allocation /64 now? References: Message-ID: <000d01c39c41$14985240$0200a8c0@dryad> > >help but think that there will be an IP shortage somewhere in our solar > >system similar to what asia pacific is currently suffering under v4. > ^^^^^^^^^ > The current allocation rates for the Asia Pacific region > _exceed_ those of all other RIR regions as you can see in the > presentation below, slide 3: 'IPv4 allocations from RIRs to LIRs/ISPs, > yearly comparison - Jun 30, 2003': Ok my mistake... substitute the phrase "is currently" for "has traditionally been" Does this mean that things are finally starting to improve? I certainly hope so! Half the sixbone movement has been based upon the trends of asiapac and europe having far fewer v4 IPs to work with than north america for example. But still, that doesnt excuse the fact that we've been waiting *weeks* now for a v6 /32 allocation from you guys. Dan Reeder From anne@apnic.net Mon Oct 27 05:46:36 2003 From: anne@apnic.net (Anne Lord) Date: Mon, 27 Oct 2003 15:46:36 +1000 (EST) Subject: [6bone] Is minimum allocation /64 now? In-Reply-To: <000d01c39c41$14985240$0200a8c0@dryad> Message-ID: hi Dan, > Ok my mistake... substitute the phrase "is currently" for "has traditionally > been" > > Does this mean that things are finally starting to improve? I certainly hope > so! Half the sixbone movement has been based upon the trends of asiapac and > europe having far fewer v4 IPs to work with than north america for example. The trends started changing in 2000/2001. APNIC allocated more IP addresses than the other RIRs in 2002 and in 2001 APNIC allocated more addresses than the RIPE NCC. > But still, that doesnt excuse the fact that we've been waiting *weeks* now > for a v6 /32 allocation from you guys. Strange. With the one-day turnaround time, IPv6 requests are usually processed very quickly. If you can supply me with a ticket number I would be happy to follow this up with you off-line. cheers, Anne -- > > Dan Reeder > > From pekkas@netcore.fi Mon Oct 27 06:47:14 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 27 Oct 2003 08:47:14 +0200 (EET) Subject: [6bone] link local for tunnel endpoints In-Reply-To: <000901c39bbf$a90c24b0$0200a8c0@dryad> Message-ID: On Sun, 26 Oct 2003, Dan Reeder wrote: [...] > Now because my local router and the remote router also have valid 2001:: > global addressing (on mine for the /64 on another interface, on the remote > for other purposes), so traceroutes back and forth are going through just > fine. I realise that every device needs a globally reachable ip set on it > somewhere, even on a loopback interface, to be reachable. > But are there any operational down sides or gotchas that would prove this > type of addressing to be unsafe or impractical for use? A few minor points I'm aware of -- should not be show-stoppers: - when doing a traceroute, you can see which nodes the packets go through, not which interfaces (the latter may be interesting e.g. with backbone routers and their multiple interfaces). - you can't ping the point-to-point address remotely, meaning, if the other end-point has hosed its static route towards you, you can't isolate the problem except from your border router, pinging the link-local address. But as said, these are pretty minor. In many cases, the link locals should be enough.. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From mclin@sinica.edu.tw Mon Oct 27 15:21:12 2003 From: mclin@sinica.edu.tw (Ethern Lin) Date: Mon, 27 Oct 2003 23:21:12 +0800 Subject: [6bone] Is minimum allocation /64 now? References: <000d01c39c41$14985240$0200a8c0@dryad> Message-ID: <00bb01c39c9e$70417650$3ce26d8c@sinica.edu.tw> IMHO, you can get the IPv6 block is easier and faster than one year ago, and the the application conditions are more easy to archeive. So I think you could need more patients and just give them some remind in proper time, everything will work out. regards, Ethern ============================= Ethern Lin Network Division Computing Centre, Academia Sinica Email: ethern@ascc.net Phone: +886-2-2789-9953 Fax : +886-2-2783-6444 ============================= ----- Original Message ----- From: "Dan Reeder" To: "Anne Lord" ; <6bone@ISI.EDU> Sent: Monday, October 27, 2003 12:16 PM Subject: Re: [6bone] Is minimum allocation /64 now? > > >help but think that there will be an IP shortage somewhere in our solar > > >system similar to what asia pacific is currently suffering under v4. > > ^^^^^^^^^ > > The current allocation rates for the Asia Pacific region > > _exceed_ those of all other RIR regions as you can see in the > > presentation below, slide 3: 'IPv4 allocations from RIRs to LIRs/ISPs, > > yearly comparison - Jun 30, 2003': > > Ok my mistake... substitute the phrase "is currently" for "has traditionally > been" > > Does this mean that things are finally starting to improve? I certainly hope > so! Half the sixbone movement has been based upon the trends of asiapac and > europe having far fewer v4 IPs to work with than north america for example. > > But still, that doesnt excuse the fact that we've been waiting *weeks* now > for a v6 /32 allocation from you guys. > > Dan Reeder > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From Matt.Carpenter@alticor.com Tue Oct 28 15:19:20 2003 From: Matt.Carpenter@alticor.com (Matt.Carpenter@alticor.com) Date: Tue, 28 Oct 2003 10:19:20 -0500 Subject: [6bone] Re: Is minimum allocation /64 now? In-Reply-To: <200310272005.h9RK5Hf02897@gamma.isi.edu> Message-ID: I concede that there is some security in NAT, simply because it helps to protect those endusers who don't do anything to secure themselves. However, there is no security in NAT beyond that which a firewall provides. Simple firewall rulesets are amazingly simple and can be "defaulted" to provide out-of-the-box protection as seen in NAT routers today. ISP's charge for extra IP Addresses because they can. It is valuable, almost like real-estate. One key purpose of IPv6 is to lessen the cost of IP addresses through making them plentiful commodities. Thinking of a single IP with NAT as an added value over many IP's has some serious repercussions on other aspects of the Internet where logic reigns. > "Many ISP's charge for extra ip addresses, and they dont do it just because > they have to type in 3 commands on their router. NAT gives a certain ammount > of security for end-users." > > 1 user, not 1 endsite, not 1 ptp tunnel. > If it where a "enduser product" there would be going > a /48 to that enduser. > > That simply is requiring the user to NAT and not giving > them full internet access. NAT as 'security' is bullshit > If you want to give them 'security' then offer a standard > firewalling service like many ISP's do. And of course if > you do offer it also offer the option to turn it off for > the clued people. > From yasuhiro@nttv6.jp Wed Oct 29 02:53:37 2003 From: yasuhiro@nttv6.jp (SHIRASAKI Yasuhiro) Date: Wed, 29 Oct 2003 11:53:37 +0900 (JST) Subject: [6bone] link local for tunnel endpoints In-Reply-To: References: <000901c39bbf$a90c24b0$0200a8c0@dryad> Message-ID: <20031029.115337.74722724.yasuhiro@nttv6.jp> On Mon, 27 Oct 2003 08:47:14 +0200 (EET), Pekka Savola wrote: > On Sun, 26 Oct 2003, Dan Reeder wrote: > [...] > > Now because my local router and the remote router also have valid 2001:: > > global addressing (on mine for the /64 on another interface, on the remote > > for other purposes), so traceroutes back and forth are going through just > > fine. I realise that every device needs a globally reachable ip set on it > > somewhere, even on a loopback interface, to be reachable. > > But are there any operational down sides or gotchas that would prove this > > type of addressing to be unsafe or impractical for use? > > A few minor points I'm aware of -- should not be show-stoppers: > - when doing a traceroute, you can see which nodes the packets go > through, not which interfaces (the latter may be interesting e.g. with > backbone routers and their multiple interfaces). > - you can't ping the point-to-point address remotely, meaning, if the > other end-point has hosed its static route towards you, you can't isolate > the problem except from your border router, pinging the link-local > address. Some old bgp4+ implementations couldn't work with link-local address. Though peers over tunnel link seemed unstable and should be avoided, yet we can see many bgp4+ peers over tunnel link. -- SHIRASAKI Yasuhiro @ NTT Communications t: +81-3-6800-3262, f: +81-3-5365-2990 From Trond.Skjesol@uninett.no Thu Oct 30 14:57:27 2003 From: Trond.Skjesol@uninett.no (Trond Skjesol) Date: Thu, 30 Oct 2003 15:57:27 +0100 Subject: [6bone] We have stoped using the 3ffe:2a00::/24 prefix Message-ID: <200310301457.h9UEvRL24468@storhaugen.uninett.no> As far as I know I've deleted all the stuff in the 6bone registry. From now on only our prefix 2001:700::/32 from RIPE will be used. -Trond From aanak@eudoramail.com Thu Oct 30 21:22:31 2003 From: aanak@eudoramail.com (aanak gaurang patwa) Date: Fri, 31 Oct 2003 02:52:31 +0530 Subject: [6bone] Regarding FTPd daemon Message-ID: I have been trying to configure vsftpd on Redhat9.0 for IPV6.However it gives an error of could not bind for IPv6 socket and the service would not start. Does anyone know the solution for this... Aanak Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com From andreas@naund.org Thu Oct 30 22:14:48 2003 From: andreas@naund.org (Andreas Ott) Date: Thu, 30 Oct 2003 14:14:48 -0800 Subject: [6bone] Regarding FTPd daemon In-Reply-To: ; from aanak@eudoramail.com on Fri, Oct 31, 2003 at 02:52:31AM +0530 References: Message-ID: <20031030141448.N2276@naund.org> On Fri, Oct 31, 2003 at 02:52:31AM +0530, aanak gaurang patwa wrote: > I have been trying to configure vsftpd on Redhat9.0 for IPV6.However > it gives an error of could not bind for IPv6 socket and the service > would not start. Does anyone know the solution for this... look at the file /usr/share/doc/vsftpd-1.1.3/TODO: NOT SO CRITICAL =============== [...] - IPv6 support For me that reads 'not yet implemented'. There are other ftpd implementations around that already speak IPv6, c.f. http://www.deepspace6.net/docs/ar01s05.html . -andreas From rmk@arm.linux.org.uk Thu Oct 30 22:36:38 2003 From: rmk@arm.linux.org.uk (Russell King) Date: Thu, 30 Oct 2003 22:36:38 +0000 Subject: [6bone] Regarding FTPd daemon In-Reply-To: <20031030141448.N2276@naund.org>; from andreas@naund.org on Thu, Oct 30, 2003 at 02:14:48PM -0800 References: <20031030141448.N2276@naund.org> Message-ID: <20031030223638.D1513@flint.arm.linux.org.uk> On Thu, Oct 30, 2003 at 02:14:48PM -0800, Andreas Ott wrote: > On Fri, Oct 31, 2003 at 02:52:31AM +0530, aanak gaurang patwa wrote: > > I have been trying to configure vsftpd on Redhat9.0 for IPV6.However > > it gives an error of could not bind for IPv6 socket and the service > > would not start. Does anyone know the solution for this... > > look at the file /usr/share/doc/vsftpd-1.1.3/TODO: However, vsftpd 1.2.0 supports IPv6. -- Russell King Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/ maintainer of: 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ 2.6 Serial core From pekkas@netcore.fi Thu Oct 30 22:36:43 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 31 Oct 2003 00:36:43 +0200 (EET) Subject: [6bone] Regarding FTPd daemon In-Reply-To: Message-ID: On Fri, 31 Oct 2003, aanak gaurang patwa wrote: > I have been trying to configure vsftpd on Redhat9.0 for IPV6.However it > gives an error of could not bind for IPv6 socket and the service would > not start. Does anyone know the solution for this... That would be pretty difficult as vsftpd does not support IPv6 (darn!). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From rmk@arm.linux.org.uk Thu Oct 30 22:49:53 2003 From: rmk@arm.linux.org.uk (Russell King) Date: Thu, 30 Oct 2003 22:49:53 +0000 Subject: [6bone] Regarding FTPd daemon In-Reply-To: ; from pekkas@netcore.fi on Fri, Oct 31, 2003 at 12:36:43AM +0200 References: Message-ID: <20031030224953.E1513@flint.arm.linux.org.uk> On Fri, Oct 31, 2003 at 12:36:43AM +0200, Pekka Savola wrote: > On Fri, 31 Oct 2003, aanak gaurang patwa wrote: > > I have been trying to configure vsftpd on Redhat9.0 for IPV6.However it > > gives an error of could not bind for IPv6 socket and the service would > > not start. Does anyone know the solution for this... > > That would be pretty difficult as vsftpd does not support IPv6 (darn!). Take another look at vsftpd 1.2 and I think you'll be pleasantly surprised. $ ftp xxxx Trying xxxx:xxxx:xxxx:xxxx:201:2ff:fe14:8fad... Connected to flint (xxxx:xxxx:xxxx:xxxx:201:2ff:fe14:8fad). 220 (vsFTPd 1.2.0) Name (xxxx:xxxx): 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 229 Entering Extended Passive Mode (|||46841|) 150 Here comes the directory listing. ... 226 Directory send OK. ftp> -- Russell King Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/ maintainer of: 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ 2.6 Serial core From bob@thefinks.com Thu Oct 30 23:58:03 2003 From: bob@thefinks.com (Bob Fink) Date: Thu, 30 Oct 2003 15:58:03 -0800 Subject: [6bone] We have stoped using the 3ffe:2a00::/24 prefix In-Reply-To: <200310301457.h9UEvRL24468@storhaugen.uninett.no> Message-ID: <5.2.0.9.0.20031030155237.02986008@mail.addr.com> Trond, At 03:57 PM 10/30/2003 +0100, Trond Skjesol wrote: >As far as I know I've deleted all the stuff in the 6bone registry. From >now on >only our prefix 2001:700::/32 from RIPE will be used. Thanks for letting me know. I've changed the allocation to show that it is returned. Bob From jeroen@unfix.org Fri Oct 31 02:03:36 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 31 Oct 2003 03:03:36 +0100 Subject: [6bone] We have stoped using the 3ffe:2a00::/24 prefix In-Reply-To: <200310301457.h9UEvRL24468@storhaugen.uninett.no> Message-ID: <002601c39f53$328f2610$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Trond Skjesol wrote: > As far as I know I've deleted all the stuff in the 6bone > registry. From now on > only our prefix 2001:700::/32 from RIPE will be used. According to GRH (https://noc.sixxs.net/tools/grh/tla/6bone/) Prefix: 3ffe:2a00::/24 Allocated: 1997-11-21 Last seen: 2003-10-24 20:00:54 That was almost 6 years :) There are a 13 TLA's that don't have a routing entry btw. And some others who are originating from different ASN's than documented in the 6bone registry... Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP6HC+CmqKFIzPnwjEQIMBgCgiVJ7Udy0wEem5B7Du+23jbRq7FAAmwfR KH17W7JWx/izM40btTBPdrI/ =deqk -----END PGP SIGNATURE-----