From bmanning@ISI.EDU Thu Sep 4 10:56:38 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 02:56:38 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 Message-ID: <200309040956.h849ucM21351@boreas.isi.edu> Something for folks to remember. From: Bill Manning Subject: 2001:478:: as /48 To: 6bone@ISI.EDU Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) this prefix has/is being carved up into /48 and /64 subnets for use at exchange points and other infrastructure support services. Do not expect to see it aggregated. -- bill manning From Jan Oravec Thu Sep 4 12:35:51 2003 From: Jan Oravec (Jan Oravec) Date: Thu, 4 Sep 2003 13:35:51 +0200 Subject: [6bone] ::1 PTR DNS record Message-ID: <20030904113551.GA4109@wsx.ksp.sk> Hello, reverse record for ::1 points to localhost.nic.fr, because there is PTR record for ::1 on ns3.nic.fr, which is NS for ip6.int. Please fix. $ dig 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int ptr @ns3.nic.fr ; <<>> DiG 9.2.3rc1 <<>> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int ptr @ns3.nic.fr ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54315 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int. IN PTR ;; ANSWER SECTION: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int. 691200 IN PTR localhost.nic.fr. ;; AUTHORITY SECTION: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int. 691200 IN NS ns3.nic.fr. ;; ADDITIONAL SECTION: ns3.nic.fr. 345600 IN A 192.134.0.49 ns3.nic.fr. 345600 IN AAAA 2001:660:3006:1::1:1 ;; Query time: 329 msec ;; SERVER: 2001:660:3006:1::1:1#53(ns3.nic.fr) ;; WHEN: Thu Sep 4 13:29:14 2003 ;; MSG SIZE rcvd: 181 Best Regards, Jan -- Jan Oravec XS26 coordinator 6COM s.r.o. 'Access to IPv6' http://www.6com.sk http://www.xs26.net From jeroen@unfix.org Thu Sep 4 14:07:39 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Thu, 4 Sep 2003 15:07:39 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309040956.h849ucM21351@boreas.isi.edu> Message-ID: <000c01c372e5$85bdedc0$050900c1@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Manning wrote: > Something for folks to remember. > > > From: Bill Manning > Subject: 2001:478:: as /48 > To: 6bone@ISI.EDU > Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) > > this prefix has/is being carved up into /48 and /64 subnets for > use at exchange points and other infrastructure support services. IX Prefixes by the RIR's come out of: - 2001:7f8::/32 - 2001:504::/32 - 2001:7fa::/32 Which RFC/draft/... made this prefix so special ? > Do not expect to see it aggregated. I would suggest that if you want it to be routable that one entity announces the /32 that is not going to be filtered. This way the more specific will still allow it to be reachable. Checking GRH (http://www.sixxs.net/tools/grh/lg/?format=raw&find=2001:478::/32) # Space seperated, format: # [prefix] [flags] [nexthop] [pref] [metric] [origin] [aspath] # RAW DUMP START # # Participant: SixXS - GRH Route View http://www.sixxs.net (8298) # # Note: Subnet of 2001:478::/32 2001:478::/45 2001:610:25:5062::62 IGP 1103 11537 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478::/45 2001:470:1fff:3::3 IGP 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478::/45 2001:1418:1:400::1 IGP 12779 3549 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478::/45 2001:610:ff:c::2 IGP 1888 1103 11537 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478:65::/48 2001:610:25:5062::62 IGP 1103 11537 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478:65::/48 2001:470:1fff:3::3 IGP 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478:65::/48 2001:1418:1:400::1 IGP 12779 3549 6939 109 4555 # Note: Subnet of 2001:478::/32 2001:478:65::/48 2001:610:ff:c::2 IGP 1888 1103 11537 6939 109 4555 # RAW DUMP END Hmm they are all sourced from AS4555, one could aggregate those with ease. Especially as only chello/upc (6939) and cisco (109) are the only ones doing the transit. Either there are no other transits or people wisely filter: http://www.space.net/~gert/RIPE/ipv6-filters.html Apparently 3ffe::/24 and 3ffe:800::/24 also are originated from 4555: http://www.sixxs.net/tools/grh/lg/?findtype=origin&find=4555 Btw what is the status of 6bone's ip6.arpa? Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1c5GimqKFIzPnwjEQKLxgCcCW3SqQmuiMcWNggPL5xrI2p5/h8AnieJ Z9hjHnojYYQgP+cn1duzKiol =rpWH -----END PGP SIGNATURE----- From pim@ipng.nl Thu Sep 4 16:11:18 2003 From: pim@ipng.nl (Pim van Pelt) Date: Thu, 4 Sep 2003 17:11:18 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309040956.h849ucM21351@boreas.isi.edu> References: <200309040956.h849ucM21351@boreas.isi.edu> Message-ID: <20030904151118.GC10637@bfib.colo.bit.nl> | From: Bill Manning | Subject: 2001:478:: as /48 | To: 6bone@ISI.EDU | Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) | | this prefix has/is being carved up into /48 and /64 subnets for | use at exchange points and other infrastructure support services. Please, tell me that you are not saying that you will pollute my routing table with /64s now already ? -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From kato@wide.ad.jp Thu Sep 4 16:34:43 2003 From: kato@wide.ad.jp (Akira Kato) Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309040956.h849ucM21351@boreas.isi.edu> References: <200309040956.h849ucM21351@boreas.isi.edu> Message-ID: <20030905.003443.39013416.kato@wide.ad.jp> > this prefix has/is being carved up into /48 and /64 subnets for > use at exchange points and other infrastructure support services. > Do not expect to see it aggregated. I have a question: do we need to make such a prefix assigned to an exchange point reachable globally? Provided if every ISP uses "next-hop-self" to their I-BGP peering, the addresses on an IX is used only for E-BGP peering. What we loose if nobody advertises the IX prefix globally (or even locally)? If the address is not globally reachable, it is impossible to send packets to the routers on the IX and this will be a measure for the remote DoS attack if not perfect. In order to make traceroute happy we may need to establish a DNS zone for reverse lookup. But such a DNS server does not have to be on the IX. Akira Kato, WIDE Project P.S. This discussion is also applicable to IPv4... From rrockell@sprint.net Thu Sep 4 17:48:26 2003 From: rrockell@sprint.net (Robert J. Rockell) Date: Thu, 4 Sep 2003 12:48:26 -0400 (EDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <20030905.003443.39013416.kato@wide.ad.jp> Message-ID: I agree with this. As long as the IP address allocation is used only as next-hop for prefixes exchanges across some fabric, the DMZ prefix does not need to be exported outside of the routing domain of the exchange member. Only time this runs into a problem is when people do something silly like put a root-server ON the exchange fabric, and use the exchange IP space for it's host address... My jab at the root-server is also applicable to IPv4 :) Thanks Rob Rockell SprintLink (+1) 703-689-6322 It's just a little pin prick... ----------------------------------------------------------------------- On Fri, 5 Sep 2003, Akira Kato wrote: -> ->> this prefix has/is being carved up into /48 and /64 subnets for ->> use at exchange points and other infrastructure support services. -> ->> Do not expect to see it aggregated. -> ->I have a question: do we need to make such a prefix assigned to ->an exchange point reachable globally? -> ->Provided if every ISP uses "next-hop-self" to their I-BGP peering, the ->addresses on an IX is used only for E-BGP peering. What we loose if ->nobody advertises the IX prefix globally (or even locally)? -> ->If the address is not globally reachable, it is impossible to send ->packets to the routers on the IX and this will be a measure for the ->remote DoS attack if not perfect. -> ->In order to make traceroute happy we may need to establish a DNS zone ->for reverse lookup. But such a DNS server does not have to be on the ->IX. -> ->Akira Kato, WIDE Project ->P.S. ->This discussion is also applicable to IPv4... -> -> -> ->_______________________________________________ ->6bone mailing list ->6bone@mailman.isi.edu ->http://mailman.isi.edu/mailman/listinfo/6bone -> From tvo@enterzone.net Thu Sep 4 17:44:29 2003 From: tvo@enterzone.net (John Fraizer) Date: Thu, 4 Sep 2003 12:44:29 -0400 (EDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <000c01c372e5$85bdedc0$050900c1@unfix.org> Message-ID: On Thu, 4 Sep 2003, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Bill Manning wrote: > > > Something for folks to remember. > > > > > > From: Bill Manning > > Subject: 2001:478:: as /48 > > To: 6bone@ISI.EDU > > Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) > > > > this prefix has/is being carved up into /48 and /64 subnets for > > use at exchange points and other infrastructure support services. > > IX Prefixes by the RIR's come out of: > - 2001:7f8::/32 > - 2001:504::/32 > - 2001:7fa::/32 > > Which RFC/draft/... made this prefix so special ? > I guess you didn't notice who had sent the message, or his email address, and are not familiar with what Bill does. Take a look at http://www.ep.net/ Bill manages the address space for MANY, MANY, MANY exchange points. [whois.arin.net] OrgName: EP.NET, LLC. OrgID: V6EP Address: PO 12317 City: Marina del Rey StateProv: CA PostalCode: 90295 Country: US NetRange: 2001:0478:0000:0000:0000:0000:0000:0000 - 2001:0478:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF CIDR: 2001:0478:0000:0000:0000:0000:0000:0000/32 NetName: EP-NET NetHandle: EP-NET-NET Parent: ARIN-001 NetType: Direct Allocation NameServer: FLAG.EP.NET NameServer: Z.IP6.INT Comment: RegDate: 2001-05-21 Updated: 2002-08-05 TechHandle: WM110-ARIN TechName: Manning, Bill TechPhone: +1-310-322-8102 TechEmail: bmanning@karoshi.com -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From andrew@2sheds.de Thu Sep 4 18:06:05 2003 From: andrew@2sheds.de (Andrew Miehs) Date: Thu, 4 Sep 2003 19:06:05 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: References: Message-ID: <11B985B0-DEFA-11D7-B9A5-000393758B2E@2sheds.de> I, on the other hand, do not agree with NOT announcing this block. If something is sitting on the Internet, it requires an IP Address, and this address should be reachable from everywhere at every time. ESPECIALLY if it is something as important as a router. I find trying to 'hide' router interfaces for security purposes has nothing to do with security. I don't like it when my traceroutes don't work, and it makes debugging a lot more difficult, and who knows, one day we will end up in a situation, where things do not work 100% because we all used this shortcut. See path MTU discover and security experts dropping all ICMP messages on their firewalls. my 2c worth. Regards Andrew Miehs On Thursday, September 4, 2003, at 18:48PM, Robert J. Rockell wrote: > I agree with this. As long as the IP address allocation is used only > as > next-hop for prefixes exchanges across some fabric, the DMZ prefix > does not > need to be exported outside of the routing domain of the exchange > member. > > On Fri, 5 Sep 2003, Akira Kato wrote: > > -> > ->If the address is not globally reachable, it is impossible to send > ->packets to the routers on the IX and this will be a measure for the > ->remote DoS attack if not perfect. From stuart@tech.org Thu Sep 4 18:45:21 2003 From: stuart@tech.org (Stephen Stuart) Date: Thu, 04 Sep 2003 10:45:21 -0700 Subject: [6bone] 2001:478:: as /48 In-Reply-To: Your message of "Fri, 05 Sep 2003 00:34:43 +0900." <20030905.003443.39013416.kato@wide.ad.jp> Message-ID: <200309041745.h84HjLU1043604@lo.tech.org> > Provided if every ISP uses "next-hop-self" to their I-BGP peering, the > addresses on an IX is used only for E-BGP peering. What we loose if > nobody advertises the IX prefix globally (or even locally)? We lose: - In combination with RPF checking, we would lose the ability to see a traceroute through an exchange point (assuming that the ICMP feedback was sourced using the IX-connected address). - The ability to ping the near and far sides of an exchange point boundary from a distance; this is sometimes useful for determining the character of asymmetric routing (when the RTTs for near and far side vary greatly). I would prefer to keep these as diagnostic tools. Stephen From jeroen@unfix.org Thu Sep 4 19:57:48 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Thu, 4 Sep 2003 20:57:48 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: Message-ID: <000c01c37316$6fb985d0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- John Fraizer wrote: > On Thu, 4 Sep 2003, Jeroen Massar wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Bill Manning wrote: > > > > > Something for folks to remember. > > > > > > > > > From: Bill Manning > > > Subject: 2001:478:: as /48 > > > To: 6bone@ISI.EDU > > > Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) > > > > > > this prefix has/is being carved up into /48 and /64 subnets for > > > use at exchange points and other infrastructure support services. > > > > IX Prefixes by the RIR's come out of: > > - 2001:7f8::/32 > > - 2001:504::/32 > > - 2001:7fa::/32 > > > > Which RFC/draft/... made this prefix so special ? > > > > I guess you didn't notice who had sent the message, or his > email address, > and are not familiar with what Bill does. > > Take a look at http://www.ep.net/ > > Bill manages the address space for MANY, MANY, MANY exchange points. > > [whois.arin.net] > > OrgName: EP.NET, LLC. > OrgID: V6EP I know who Bill is and what he does, but I don't understand why in ARIN space a company uses it's *own* /32 as IX prefixes and then suddenly expects it to be handled like the *dedicated* IX prefixes of which there is one in each RIR. And the fun part is that there is no announcement of the /32 but the whole world suddenly is expected to just allow /48's and other stuff from it. Is everybody suddenly going to do this? Bypassing established policies and thinking up whatever they want? In that case we can just start our own IANA and start giving out IPv6 and making policies. It is a global internet and everybody is equal abiding the policies. If the policy is wrong then we'll have to amend the policy. Check http://www.ripe.net/ipv6/ipv6allocs.html at the bottom: ARIN 10 (including all MAE's and NYIIX and EQUINIX) RIPE 33 APNIC 9 LACNIC 0 AFRINIC 0 Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1eLKymqKFIzPnwjEQJWjwCgsmg4s/fVRH1qhukGaN3eFFLSwcgAoKb+ RK6oLb37K+uvglI7U7R/oaRL =B8vd -----END PGP SIGNATURE----- From jeroen@unfix.org Thu Sep 4 20:06:05 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Thu, 4 Sep 2003 21:06:05 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: <11B985B0-DEFA-11D7-B9A5-000393758B2E@2sheds.de> Message-ID: <000f01c37317$97da6420$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Andrew Miehs wrote: > I, on the other hand, do not agree with NOT announcing this block. So suddenly 2001:478::/32 is handled as an IX Prefix? Thus we got a new so-proclaimed RIR in the US then making up their own policies? 2001:478::/32 is a *normal* TLA and it should be handled as such. The owner could request people to not filter it on more specifics but they CAN'T demand it. As there is no /32 being announced the owner of this TLA can simply expect that they are not reachable globally. The same thing goes for IX prefixes, filter on allocation boundaries. Thus check http://www.space.net/~gert/RIPE/ipv6-filters.html Every ISP has a choice to filter or to not to filter, it's your net. Btw... you peer with 2001:db8::1 from 2001:db8::2, the exchange fabric dies, you still get a route via your transit and suddenly all your traffic is going over your transit link.... go figure. This is something that happened last week on AMS-IX when they migrated from /24 -> /23 and people announced AND some accepted the /24 which is a more specific to the /23 and tada your peers fail odd eh? Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1eNFimqKFIzPnwjEQL1cQCfa9mHDzhq3JGl3Dd8hOpXNIt8WiMAmQHx fziPS0kw0C0EWS/itAfRduQ2 =p16m -----END PGP SIGNATURE----- From michel@arneill-py.sacramento.ca.us Thu Sep 4 20:24:15 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Thu, 4 Sep 2003 12:24:15 -0700 Subject: [6bone] RE: 6bone digest, Vol 1 #386 - 9 msgs Message-ID: > Pim van Pelt wrote: > Please, tell me that you are not saying that you will > pollute my routing table with /64s now already ? We lost that battle already, from where I stand there no point wasting more energy in fighting it. The IPv6 routing table will become the same swamp as the v4 one. What you and Jeroen and Gert are doing is great, but you will eventually be overwhelmed by the dark side. Michel. From pekkas@netcore.fi Thu Sep 4 20:24:18 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Thu, 4 Sep 2003 22:24:18 +0300 (EEST) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309041745.h84HjLU1043604@lo.tech.org> Message-ID: On Thu, 4 Sep 2003, Stephen Stuart wrote: > We lose: > > - In combination with RPF checking, we would lose the ability to see a > traceroute through an exchange point (assuming that the ICMP > feedback was sourced using the IX-connected address). You would be running "strict RPF" checking towards your upstreams? Otherwise I fail to see how RPF checking would get broken here. > - The ability to ping the near and far sides of an exchange point > boundary from a distance; this is sometimes useful for determining > the character of asymmetric routing (when the RTTs for near and far > side vary greatly). Ping a loopback address of a remote router and compare to ping to your local router? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From tvo@enterzone.net Thu Sep 4 20:25:04 2003 From: tvo@enterzone.net (John Fraizer) Date: Thu, 4 Sep 2003 15:25:04 -0400 (EDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <000c01c37316$6fb985d0$210d640a@unfix.org> Message-ID: On Thu, 4 Sep 2003, Jeroen Massar wrote: > I know who Bill is and what he does, but I don't understand > why in ARIN space a company uses it's *own* /32 as IX prefixes > and then suddenly expects it to be handled like the *dedicated* > IX prefixes of which there is one in each RIR. How about because there was at least ONE v6 exchange point in the US running on address space from 2001:478:: BEFORE ARIN decided to to make use of 2001:504:: for this purpose. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From jeroen@unfix.org Thu Sep 4 20:45:25 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Thu, 4 Sep 2003 21:45:25 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: Message-ID: <002b01c3731d$16d43e40$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- John Fraizer [mailto:tvo@enterzone.net] wrote: > On Thu, 4 Sep 2003, Jeroen Massar wrote: > > > I know who Bill is and what he does, but I don't understand > > why in ARIN space a company uses it's *own* /32 as IX prefixes > > and then suddenly expects it to be handled like the *dedicated* > > IX prefixes of which there is one in each RIR. > > How about because there was at least ONE v6 exchange point in the US > running on address space from 2001:478:: BEFORE ARIN decided > to to make use of 2001:504:: for this purpose. That is a plausible reason, but it still doesn't simply allow anyone (okay Bill isn't just the next guy :) to just claim that their *normal* TLA is a special IX prefix let alone that it should be handled completely differently because of that reason. First good step would be if the /32 would be announced if he wanted those blocks to be reachable. I heared some rumors that some ISP's already wanted to start creating filters based on the allocations made by the RIR's thus really squashing anything that is not allocated by them and keeping their tables clean. Yes, they thus can't reach those filtered blocks, but that is primarily the announcers fault as it basically isn't announcing anything. Note that GRH doesn't count these blocks either. Announce your full allocation or get filtered. Maybe currently it is a bit harsh, but in a couple of years... Quite fortunate that IPv6 is easy to renumber. Especially in small networks like IX's ;) (Hmmm I think that IX's where not covered in that last renumbering draft) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1eWVCmqKFIzPnwjEQLfAACgjXpXOO3DeuMhXwXS77AHLFgGzgkAoIcG VRbUkeUCqBXDHwlg9UsK4DVs =csjI -----END PGP SIGNATURE----- From stuart@tech.org Thu Sep 4 20:53:52 2003 From: stuart@tech.org (Stephen Stuart) Date: Thu, 04 Sep 2003 12:53:52 -0700 Subject: [6bone] 2001:478:: as /48 In-Reply-To: Your message of "Thu, 04 Sep 2003 22:24:18 +0300." Message-ID: <200309041953.h84JrqU1045022@lo.tech.org> > On Thu, 4 Sep 2003, Stephen Stuart wrote: > > We lose: > > > > - In combination with RPF checking, we would lose the ability to see a > > traceroute through an exchange point (assuming that the ICMP > > feedback was sourced using the IX-connected address). > > You would be running "strict RPF" checking towards your upstreams? > Otherwise I fail to see how RPF checking would get broken here. If I am not connected to the exchange point, and the exchange point prefix is not in my FIB/RIB (depending on whose implementation of uRPF we're talking about), then ICMP feedback sourced from IX-connected routers will not make it into my network if *loose* uRPF is turned on; from afar, a traceroute will show "* * *" rather than an IX address. > > - The ability to ping the near and far sides of an exchange point > > boundary from a distance; this is sometimes useful for determining > > the character of asymmetric routing (when the RTTs for near and far > > side vary greatly). > > Ping a loopback address of a remote router and compare to ping to your > local router? That may not measure what I am trying to measure (the route to the block containing the loopback may be different from the route to the exchange point prefix). I may not know the loopback of someone else's router. I may be trying to diagnose an issue with my routes at an exchange point to which I am not connected, so I may not have a "local" router. Stephen From Chris Liljenstolpe Fri Sep 5 00:33:24 2003 From: Chris Liljenstolpe (Chris Liljenstolpe) Date: Thu, 04 Sep 2003 19:33:24 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309041905.h84J55N04971@gamma.isi.edu> References: <200309041905.h84J55N04971@gamma.isi.edu> Message-ID: <2147483647.1062704004@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have to disagree here. Having globally routable address space for each hop on a network path is really, really useful for troubleshooting. We've run into issues where folks have used private address space in the v4 world for "private" portions of the public Internet, and it make troubleshooting and operational support very painful. Please do not go down this road in v6. Chris > > Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST) > To: bmanning@ISI.EDU > Cc: 6bone@ISI.EDU > Subject: Re: [6bone] 2001:478:: as /48 > From: Akira Kato > > >> this prefix has/is being carved up into /48 and /64 subnets for >> use at exchange points and other infrastructure support services. > >> Do not expect to see it aggregated. > > I have a question: do we need to make such a prefix assigned to > an exchange point reachable globally? > > Provided if every ISP uses "next-hop-self" to their I-BGP peering, the > addresses on an IX is used only for E-BGP peering. What we loose if > nobody advertises the IX prefix globally (or even locally)? > > If the address is not globally reachable, it is impossible to send > packets to the routers on the IX and this will be a measure for the > remote DoS attack if not perfect. > > In order to make traceroute happy we may need to establish a DNS zone > for reverse lookup. But such a DNS server does not have to be on the > IX. > > Akira Kato, WIDE Project > P.S. > This discussion is also applicable to IPv4... > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE/V8vFS7vf0lGnolIRAvlkAJ9Ny2z+9EZ1AS72kNkCrMuLITHwKgCeIen/ x0drb783a7AHCpEAm4NAwrE= =QxdI -----END PGP SIGNATURE----- From bmanning@ISI.EDU Fri Sep 5 05:52:19 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 21:52:19 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <000c01c372e5$85bdedc0$050900c1@unfix.org> from Jeroen Massar at "Sep 4, 3 03:07:39 pm" Message-ID: <200309050452.h854qJg20944@boreas.isi.edu> % > From: Bill Manning % > Subject: 2001:478:: as /48 % > To: 6bone@ISI.EDU % > Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) % > % > this prefix has/is being carved up into /48 and /64 subnets for % > use at exchange points and other infrastructure support services. % % IX Prefixes by the RIR's come out of: % - 2001:7f8::/32 % - 2001:504::/32 % - 2001:7fa::/32 Yup. and this prefix predates all of them. One could argue that once the RIRs saw the need and that it was being filled elsewhere, that they created polcies so they could also offer that service. % Which RFC/draft/... made this prefix so special ? None. Why is this concept in the perview of the IETF? % > Do not expect to see it aggregated. % % I would suggest that if you want it to be routable that one % entity announces the /32 that is not going to be filtered. % This way the more specific will still allow it to be reachable. Well, since they are spread over a wide area (globally) and there is no single transit provider that touches all the exchanges, such aggregation would be problematic. See the previous post on routability. % Btw what is the status of 6bone's ip6.arpa? One might check in w/ the v6ops WG of the IETF. % % Greets, % Jeroen % % -----BEGIN PGP SIGNATURE----- % Version: Unfix PGP for Outlook Alpha 13 Int. % Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ % % iQA/AwUBP1c5GimqKFIzPnwjEQKLxgCcCW3SqQmuiMcWNggPL5xrI2p5/h8AnieJ % Z9hjHnojYYQgP+cn1duzKiol % =rpWH % -----END PGP SIGNATURE----- % % _______________________________________________ % 6bone mailing list % 6bone@mailman.isi.edu % http://mailman.isi.edu/mailman/listinfo/6bone % [End of raw data] -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 05:55:55 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 21:55:55 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <20030904151118.GC10637@bfib.colo.bit.nl> from Pim van Pelt at "Sep 4, 3 05:11:18 pm" Message-ID: <200309050455.h854tto24341@boreas.isi.edu> % | From: Bill Manning % | Subject: 2001:478:: as /48 % | To: 6bone@ISI.EDU % | Date: Sun, 21 Jul 2002 09:16:40 -0700 (PDT) % | % | this prefix has/is being carved up into /48 and /64 subnets for % | use at exchange points and other infrastructure support services. % Please, tell me that you are not saying that you will pollute my routing % table with /64s now already ? Not me. I (AS 4555) may hand you a couple of /48s tho. ISPs at exchanges where these prefixes are used may send a /48 to you as well. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 05:58:56 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 21:58:56 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <20030905.003443.39013416.kato@wide.ad.jp> from Akira Kato at "Sep 5, 3 00:34:43 am" Message-ID: <200309050458.h854wuk26549@boreas.isi.edu> % % > this prefix has/is being carved up into /48 and /64 subnets for % > use at exchange points and other infrastructure support services. % % > Do not expect to see it aggregated. % % I have a question: do we need to make such a prefix assigned to % an exchange point reachable globally? No, but as Stuart explains later, it can be very useful in diagnosis of transit issues. For the purposes of non-IX use, e.g. infrastructure support, I would like to see the /48s routable. % In order to make traceroute happy we may need to establish a DNS zone % for reverse lookup. But such a DNS server does not have to be on the % IX. True enough. % Akira Kato, WIDE Project % This discussion is also applicable to IPv4... -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 06:00:25 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 22:00:25 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: from John Fraizer at "Sep 4, 3 12:44:29 pm" Message-ID: <200309050500.h8550PY28706@boreas.isi.edu> % John Fraizer Thank you for your kind words --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 06:02:35 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 22:02:35 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <11B985B0-DEFA-11D7-B9A5-000393758B2E@2sheds.de> from Andrew Miehs at "Sep 4, 3 07:06:05 pm" Message-ID: <200309050502.h8552ZA01715@boreas.isi.edu> % I, on the other hand, do not agree with NOT announcing this block. You are entitled to your opinion and can back that opinion in the routers you configure. See the previous post on what I expect for this prefix. If you see it at all, it should be in /48 chunks. Anything smaller is in error. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 06:08:42 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 22:08:42 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <000c01c37316$6fb985d0$210d640a@unfix.org> from Jeroen Massar at "Sep 4, 3 08:57:48 pm" Message-ID: <200309050508.h8558hw05937@boreas.isi.edu> % I know who Bill is and what he does, but I don't understand % why in ARIN space a company uses it's *own* /32 as IX prefixes % and then suddenly expects it to be handled like the *dedicated* % IX prefixes of which there is one in each RIR. well, the EP delegation predates any of the RIR "micro" allocations. And the notice that this was the expected behaviour for this prefix was annoucned in 2001, 2002 and now in 2003 to this list. % And the fun part is that there is no announcement of the /32 % but the whole world suddenly is expected to just allow /48's % and other stuff from it. Is everybody suddenly going to do this? I did not impune that "the whole world" should allow /48s. The expectation is that if you see anything from this prefix at all, it should be as /48s. Anything smaller is either a configuration error or a hijack. % Bypassing established policies and thinking up whatever they % want? In that case we can just start our own IANA and start % giving out IPv6 and making policies. It is a global internet % and everybody is equal abiding the policies. If the policy % is wrong then we'll have to amend the policy. Use of 2001:0478::/32 pre-dates RIR policies. % Greets, % Jeroen --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 06:12:42 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Thu, 4 Sep 2003 22:12:42 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <000f01c37317$97da6420$210d640a@unfix.org> from Jeroen Massar at "Sep 4, 3 09:06:05 pm" Message-ID: <200309050512.h855Cgc08158@boreas.isi.edu> % > I, on the other hand, do not agree with NOT announcing this block. % % So suddenly 2001:478::/32 is handled as an IX Prefix? % Thus we got a new so-proclaimed RIR in the US then making up % their own policies? Er, no. Not suddenly. The delegation was made and justified with the expectation that it would be used for IXes. EP.NET is not an RIR, self-proclaimed or otherwise. % 2001:478::/32 is a *normal* TLA and it should be handled as such. Like all the other TLAs. % The owner could request people to not filter it on more specifics % but they CAN'T demand it. As there is no /32 being announced the % owner of this TLA can simply expect that they are not reachable % globally. The same thing goes for IX prefixes, filter on allocation % boundaries. Thus check http://www.space.net/~gert/RIPE/ipv6-filters.html No expectation of demand. No expectation of "reachability" There is the expectation that intermediate ISPs will not do something stupid and proxy aggregate this prefix. That should not happen. % Every ISP has a choice to filter or to not to filter, it's your net. Amen. % Jeroen --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From pekkas@netcore.fi Fri Sep 5 06:50:19 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Fri, 5 Sep 2003 08:50:19 +0300 (EEST) Subject: [6bone] 2001:478:: as /48 In-Reply-To: Message-ID: On Thu, 4 Sep 2003, John Fraizer wrote: > On Thu, 4 Sep 2003, Jeroen Massar wrote: > > > I know who Bill is and what he does, but I don't understand > > why in ARIN space a company uses it's *own* /32 as IX prefixes > > and then suddenly expects it to be handled like the *dedicated* > > IX prefixes of which there is one in each RIR. > > How about because there was at least ONE v6 exchange point in the US > running on address space from 2001:478:: BEFORE ARIN decided to to make > use of 2001:504:: for this purpose. Renumber. It's trivial to set up identical BGP sessions with the new addresses and retire the old when your peer configures the BGP session in turn. After all have done that, remove the old prefix. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From jeroen@unfix.org Fri Sep 5 08:54:34 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 5 Sep 2003 09:54:34 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <2147483647.1062704004@localhost> Message-ID: <000201c37382$f7cbb0d0$050900c1@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Chris Liljenstolpe wrote: > I have to disagree here. Having globally routable address > space for each hop on a network path is really, really useful for > troubleshooting. We've run into issues where folks have used private > address space in the v4 world for "private" portions of the public Internet, > and it make troubleshooting and operational support very painful. Please > do not go down this road in v6. 2001:478::/32 is *NOT* an IX prefix. It's a normal TLA allocated from ARIN to a LIR. If the "IX's" in that prefix want to be reachable they should announce the /32 and handle all the AS4555 IPv6 traffic themselves. The /32 is not and has never been present in the GRT. Also note that the 3 IX prefixes from the RIR's nicely note that they are quite probably not globaly reachable because they are /48's. Also note that for those 3 IX prefixes the /32 will not be announced and those will quite probably not be reachable because of the /48's. Note that some ISP's drop no-export's and thus simply do reannounce prefixes coming from IX's. See my RIPE46 presentation and GRH. Ofcourse anyone could announce a more specific. It's up to their peers to filter or not. IMHO currently, at least filter anything /48 - /128 and > Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST) > > To: bmanning@ISI.EDU > > Cc: 6bone@ISI.EDU > > Subject: Re: [6bone] 2001:478:: as /48 > > From: Akira Kato > > > > > >> this prefix has/is being carved up into /48 and /64 subnets for > >> use at exchange points and other infrastructure support services. > > > >> Do not expect to see it aggregated. > > > > I have a question: do we need to make such a prefix assigned to > > an exchange point reachable globally? > > > > Provided if every ISP uses "next-hop-self" to their I-BGP > peering, the > > addresses on an IX is used only for E-BGP peering. What we loose if > > nobody advertises the IX prefix globally (or even locally)? > > > > If the address is not globally reachable, it is impossible to send > > packets to the routers on the IX and this will be a measure for the > > remote DoS attack if not perfect. > > > > In order to make traceroute happy we may need to establish a DNS zone > > for reverse lookup. But such a DNS server does not have to be on the > > IX. -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1hBFSmqKFIzPnwjEQJS3ACglwf0bDfxBaMw8qiQZtd0C7kfcNgAni4Z rxCrAjWROrtAZ93vkZOp5cns =51ex -----END PGP SIGNATURE----- From pim@ipng.nl Fri Sep 5 10:45:42 2003 From: pim@ipng.nl (Pim van Pelt) Date: Fri, 5 Sep 2003 11:45:42 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309050452.h854qJg20944@boreas.isi.edu> References: <000c01c372e5$85bdedc0$050900c1@unfix.org> <200309050452.h854qJg20944@boreas.isi.edu> Message-ID: <20030905094542.GB28378@bfib.colo.bit.nl> | % IX Prefixes by the RIR's come out of: | % - 2001:7f8::/32 | % - 2001:504::/32 | % - 2001:7fa::/32 | | Yup. and this prefix predates all of them. So you renumber. Duh. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From Chris Liljenstolpe Fri Sep 5 20:26:42 2003 From: Chris Liljenstolpe (Chris Liljenstolpe) Date: Fri, 05 Sep 2003 15:26:42 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <000201c37382$f7cbb0d0$050900c1@unfix.org> References: <000201c37382$f7cbb0d0$050900c1@unfix.org> Message-ID: <2147483647.1062775602@[204.29.150.22]> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, Thank's Jeroen. That's not what I was specifically referring to, btw. I was referring to a proposal to make IX address non-globally routed, which I think is a bad idea. Chris - --It is whispered that on 2003-09-05 09:54 +0200, jeroen@unfix.org mumbled this regarding RE: [6bone] non-global address space for IXs (was: 2001:478:: as /48) > -----BEGIN PGP SIGNED MESSAGE----- > > Chris Liljenstolpe wrote: > >> I have to disagree here. Having globally routable address >> space for each hop on a network path is really, really useful for >> troubleshooting. We've run into issues where folks have used private >> address space in the v4 world for "private" portions of the public >> Internet, and it make troubleshooting and operational support very >> painful. Please do not go down this road in v6. > > 2001:478::/32 is *NOT* an IX prefix. It's a normal TLA allocated > from ARIN to a LIR. If the "IX's" in that prefix want to be reachable > they should announce the /32 and handle all the AS4555 IPv6 traffic > themselves. The /32 is not and has never been present in the GRT. > > Also note that the 3 IX prefixes from the RIR's nicely note that > they are quite probably not globaly reachable because they are /48's. > Also note that for those 3 IX prefixes the /32 will not be announced > and those will quite probably not be reachable because of the /48's. > > Note that some ISP's drop no-export's and thus simply do reannounce > prefixes coming from IX's. See my RIPE46 presentation and GRH. > > Ofcourse anyone could announce a more specific. It's up to their > peers to filter or not. > > IMHO currently, at least filter anything /48 - /128 and Aka at least use Gert's "relaxed" filter: > http://www.space.net/~gert/RIPE/ipv6-filters.html > > If you are a thinking forward then use the "strict" filter. > > Greets, > Jeroen > >> > Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST) >> > To: bmanning@ISI.EDU >> > Cc: 6bone@ISI.EDU >> > Subject: Re: [6bone] 2001:478:: as /48 >> > From: Akira Kato >> > >> > >> >> this prefix has/is being carved up into /48 and /64 subnets for >> >> use at exchange points and other infrastructure support services. >> > >> >> Do not expect to see it aggregated. >> > >> > I have a question: do we need to make such a prefix assigned to >> > an exchange point reachable globally? >> > >> > Provided if every ISP uses "next-hop-self" to their I-BGP >> peering, the >> > addresses on an IX is used only for E-BGP peering. What we loose if >> > nobody advertises the IX prefix globally (or even locally)? >> > >> > If the address is not globally reachable, it is impossible to send >> > packets to the routers on the IX and this will be a measure for the >> > remote DoS attack if not perfect. >> > >> > In order to make traceroute happy we may need to establish a DNS zone >> > for reverse lookup. But such a DNS server does not have to be on the >> > IX. > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP1hBFSmqKFIzPnwjEQJS3ACglwf0bDfxBaMw8qiQZtd0C7kfcNgAni4Z > rxCrAjWROrtAZ93vkZOp5cns > =51ex > -----END PGP SIGNATURE----- > > - -- Chris Liljenstolpe GPG Keys: http://www.io.com/~cds/cdl-keys.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE/WONzS7vf0lGnolIRAo8ZAKCxc05X9eOVo5PITKNtCytdPxl2XgCggmfD Zh3LpJYeP5K1difR7woElfc= =p+fV -----END PGP SIGNATURE----- From bmanning@ISI.EDU Fri Sep 5 21:11:52 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 5 Sep 2003 13:11:52 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: from Pekka Savola at "Sep 5, 3 08:50:19 am" Message-ID: <200309052011.h85KBrM05592@boreas.isi.edu> % On Thu, 4 Sep 2003, John Fraizer wrote: % > On Thu, 4 Sep 2003, Jeroen Massar wrote: % > % > > I know who Bill is and what he does, but I don't understand % > > why in ARIN space a company uses it's *own* /32 as IX prefixes % > > and then suddenly expects it to be handled like the *dedicated* % > > IX prefixes of which there is one in each RIR. % > % > How about because there was at least ONE v6 exchange point in the US % > running on address space from 2001:478:: BEFORE ARIN decided to to make % > use of 2001:504:: for this purpose. % % Renumber. It's trivial to set up identical BGP sessions with the new % addresses and retire the old when your peer configures the BGP session in % turn. After all have done that, remove the old prefix. % I would, but ARIN does not want to. That being said, Folks who want choice in where to get blocks for exchanges have that choice. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 21:17:26 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 5 Sep 2003 13:17:26 -0700 (PDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <000201c37382$f7cbb0d0$050900c1@unfix.org> from Jeroen Massar at "Sep 5, 3 09:54:34 am" Message-ID: <200309052017.h85KHQA10978@boreas.isi.edu> % 2001:478::/32 is *NOT* an IX prefix. It's a normal TLA allocated % from ARIN to a LIR. If the "IX's" in that prefix want to be reachable % they should announce the /32 and handle all the AS4555 IPv6 traffic % themselves. The /32 is not and has never been present in the GRT. Yes it is. EP.NET is not an LIR. You are suggesting that folk who use RIR space should aggregate those into /32s? e.g. IX's in ARIN space should have attaching ISPs each proxy aggregate 2001:510::/32 ... This is their perogative but its operationally nuts. The same holds true for 2001:478::/32 It was delegated for the purpose of supporting IXes and critical infrastructure. % If you are a thinking forward then use the "strict" filter. forward != pragmatic or practical % Greets, % Jeroen --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Fri Sep 5 21:18:14 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Fri, 5 Sep 2003 13:18:14 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <20030905094542.GB28378@bfib.colo.bit.nl> from Pim van Pelt at "Sep 5, 3 11:45:42 am" Message-ID: <200309052018.h85KIEo12335@boreas.isi.edu> % | % IX Prefixes by the RIR's come out of: % | % - 2001:7f8::/32 % | % - 2001:504::/32 % | % - 2001:7fa::/32 % | % | Yup. and this prefix predates all of them. % So you renumber. Duh. % Why? -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From Q@ping.be Fri Sep 5 22:30:23 2003 From: Q@ping.be (Kurt Roeckx) Date: Fri, 5 Sep 2003 23:30:23 +0200 Subject: [6bone] Ip6.arpa nameserver inconsistencies? Message-ID: <20030905213023.GA18084@ping.be> On IANA's site (http://www.iana.org/arpa-dom/ip6.htm) it says the nameservers for ip6.arpa are: ns1.auth.iana.org. 192.0.34.126 ns.apnic.net. 203.37.255.97 svc00.apnic.net. 202.12.28.131 arrowroot.arin.net. 198.133.199.110 buchu.arin.net. 192.100.59.110 ns.ripe.net. 193.0.0.193 ns.eu.net. 192.16.202.11 Asking *.root-servers.net: ;; ANSWER SECTION: ip6.arpa. 2D IN NS NS.ICANN.ORG. ip6.arpa. 2D IN NS NS.RIPE.NET. ip6.arpa. 2D IN NS SVC00.APNIC.NET. ip6.arpa. 2D IN NS ARROWROOT.ARIN.NET. ip6.arpa. 2D IN NS BUCHU.ARIN.NET. ip6.arpa. 2D IN NS NS.APNIC.NET. ;; ADDITIONAL SECTION: NS.ICANN.ORG. 2D IN A 192.0.34.126 NS.RIPE.NET. 2D IN A 193.0.0.193 NS.APNIC.NET. 2D IN A 203.37.255.97 Asking any of them returns: ;; ANSWER SECTION: ip6.arpa. 2D IN NS tinnie.arin.net. ip6.arpa. 2D IN NS ns.ripe.net. ip6.arpa. 2D IN NS ns.apnic.net. ip6.arpa. 2D IN NS ns.icann.org. With varying additional section's. Can anybody ellaborate on this a little? Kurt From tvo@EnterZone.Net Sat Sep 6 00:03:30 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Fri, 5 Sep 2003 19:03:30 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <000201c37382$f7cbb0d0$050900c1@unfix.org> Message-ID: On Fri, 5 Sep 2003, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Chris Liljenstolpe wrote: > > Note that some ISP's drop no-export's and thus simply do reannounce > prefixes coming from IX's. See my RIPE46 presentation and GRH. > And those ISPs should be flogged and have their peering sessions admin-downed until such time as they gain enough clue to participate again. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 > From jeroen@unfix.org Sat Sep 6 12:24:49 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 6 Sep 2003 13:24:49 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: Message-ID: <007401c37469$7c526ab0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- John Fraizer [mailto:nsp-security@enterzone.net] wrote: > On Fri, 5 Sep 2003, Pekka Savola wrote: > > > On Thu, 4 Sep 2003, John Fraizer wrote: > > > How about because there was at least ONE v6 exchange point in the US > > > running on address space from 2001:478:: BEFORE ARIN decided to to make > > > use of 2001:504:: for this purpose. The AMS-IX was way before you, they already renumbered their IPv6 prefix a couple of times. If they can, so can you. > > Renumber. It's trivial to set up identical BGP sessions with the new > > addresses and retire the old when your peer configures the BGP session in > > turn. After all have done that, remove the old prefix. > > > > > How about this. I (and the other participants at the > exchanges that use 2001:478LL) won't renumber. Ah... american mentality all over again :) But nobody demands that you do, but I do think that you should not be suddenly yelling around the world that your TLA is "special". It's a normal TLA and if you want any parts of it to be reachable for sure then announce the /32. Don't require ISP's to explicitly receive your /48's. The prefix is from EP.NET and they all come from ASN 4555. Let them handle the traffic if you as a user of that network wants to receive traffic back and forth. This is just another feeble attempt to be special, which you are not. If you want the 'status' of an IX, then renumber, you will be an IX and you won't be reachable either as nobody announces the /32, and if somebody does it is plain hijacking. > You can filter the /48's if it makes you > happy. I don't care. You can whine and bitch till the end > of time and it isn't going to convince me that we should do ANYTHING. > As Bill has pointed out, the use of 2001:478:: in IX's _PRE-DATES_ > any of the "micro-allocations" for exchange point use from the RIRs. > > Don't like it? Too bad. You can't change history. But fortunatly we can change the future :) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1nEASmqKFIzPnwjEQIFMgCdHKU7kN+mSXOV9e//K+aqrjvXOZsAn0C9 q9rkwyEMr+eZX2QOT/uLTDOY =eAHF -----END PGP SIGNATURE----- From jeroen@unfix.org Sat Sep 6 13:32:23 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 6 Sep 2003 14:32:23 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <2147483647.1062775602@[204.29.150.22]> Message-ID: <008301c37472$ed0fdf40$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Chris Liljenstolpe [mailto:cds@io.com] wrote: > Greetings, > > Thank's Jeroen. That's not what I was specifically > referring to, btw. > I was referring to a proposal to make IX address non-globally > routed, which I think is a bad idea. Effectively the current 3 IX prefixes are non-globally routable. But because the fact that many people don't filter _at all_ you will find them running around in the wild. Also see: http://www.ripe.net/ripe/docs/ipv6-policy-ixp.html#4 Check the "strict" filters which should be applied IMHO: http://www.space.net/~gert/RIPE/ipv6-filters.html As the EP.NET space is not a RIR IX prefix, but a privately hold one, they are not included there and will never be either. The EP.NET actually has an advantage as they are allowed to announce the /32 making the networks reachable. For the IX prefixes this will never happen. Unless ARIN marks it as an IX prefix too, but then it will have the same effect that they can't announce the /32 ;) But as the IX prefixes are only intended for peering exchanges and not for services this all should not be a problem unless you are at that IX, in which case you have a static route, not in BGP. People should set up loopback interfaces anyways and use that address for their routers, so that the IX prefix never appears on the wire to the outside world. Greets, Jeroen > --It is whispered that on 2003-09-05 09:54 +0200, jeroen@unfix.org > mumbled > this regarding RE: [6bone] non-global address space for IXs (was: > 2001:478:: as /48) > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Chris Liljenstolpe wrote: > > > >> I have to disagree here. Having globally routable address > >> space for each hop on a network path is really, really useful for > >> troubleshooting. We've run into issues where folks have > used private > >> address space in the v4 world for "private" portions of the public > >> Internet, and it make troubleshooting and operational support very > >> painful. Please do not go down this road in v6. > > > > 2001:478::/32 is *NOT* an IX prefix. It's a normal TLA allocated > > from ARIN to a LIR. If the "IX's" in that prefix want to be > reachable > > they should announce the /32 and handle all the AS4555 IPv6 traffic > > themselves. The /32 is not and has never been present in the GRT. > > > > Also note that the 3 IX prefixes from the RIR's nicely note that > > they are quite probably not globaly reachable because they > are /48's. > > Also note that for those 3 IX prefixes the /32 will not be announced > > and those will quite probably not be reachable because of the /48's. > > > > Note that some ISP's drop no-export's and thus simply do reannounce > > prefixes coming from IX's. See my RIPE46 presentation and GRH. > > > > Ofcourse anyone could announce a more specific. It's up to their > > peers to filter or not. > > > > IMHO currently, at least filter anything /48 - /128 and > Aka at least use Gert's "relaxed" filter: > > http://www.space.net/~gert/RIPE/ipv6-filters.html > > > > If you are a thinking forward then use the "strict" filter. > > > > Greets, > > Jeroen > > > >> > Date: Fri, 05 Sep 2003 00:34:43 +0900 (JST) > >> > To: bmanning@ISI.EDU > >> > Cc: 6bone@ISI.EDU > >> > Subject: Re: [6bone] 2001:478:: as /48 > >> > From: Akira Kato > >> > > >> > > >> >> this prefix has/is being carved up into /48 and /64 subnets for > >> >> use at exchange points and other infrastructure support > services. > >> > > >> >> Do not expect to see it aggregated. > >> > > >> > I have a question: do we need to make such a prefix assigned to > >> > an exchange point reachable globally? > >> > > >> > Provided if every ISP uses "next-hop-self" to their I-BGP > >> peering, the > >> > addresses on an IX is used only for E-BGP peering. What > we loose if > >> > nobody advertises the IX prefix globally (or even locally)? > >> > > >> > If the address is not globally reachable, it is > impossible to send > >> > packets to the routers on the IX and this will be a > measure for the > >> > remote DoS attack if not perfect. > >> > > >> > In order to make traceroute happy we may need to > establish a DNS zone > >> > for reverse lookup. But such a DNS server does not have > to be on the > >> > IX. > > > > -----BEGIN PGP SIGNATURE----- > > Version: Unfix PGP for Outlook Alpha 13 Int. > > Comment: Jeroen Massar / jeroen@unfix.org / > http://unfix.org/~jeroen/ > > > > > iQA/AwUBP1hBFSmqKFIzPnwjEQJS3ACglwf0bDfxBaMw8qiQZtd0C7kfcNgAni4Z > > rxCrAjWROrtAZ93vkZOp5cns > > =51ex > > -----END PGP SIGNATURE----- > > > > > > > > -- > Chris Liljenstolpe > GPG Keys: http://www.io.com/~cds/cdl-keys.asc > -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA+AwUBP1nT1ymqKFIzPnwjEQL99wCYgsr0WRG5R5P1K71rqz55iCgctwCdGdYT DZCSyLrWVDQh3qL96yd7+/Q= =Lsje -----END PGP SIGNATURE----- From Robert.Kiessling@de.easynet.net Sat Sep 6 14:42:39 2003 From: Robert.Kiessling@de.easynet.net (Robert Kiessling) Date: Sat, 06 Sep 2003 14:42:39 +0100 Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309050508.h8558hw05937@boreas.isi.edu> (Bill Manning's message of "Thu, 4 Sep 2003 22:08:42 -0700 (PDT)") References: <200309050508.h8558hw05937@boreas.isi.edu> Message-ID: Bill Manning writes: > Use of 2001:0478::/32 pre-dates RIR policies. | IPv6 Assignment and Allocation Policy Document | | APNIC, ARIN, RIPE NCC | Date Published: July 20, 1999 NetRange: 2001:0478:0000:0000:0000:0000:0000:0000 - 2001:0478:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF CIDR: 2001:0478:0000:0000:0000:0000:0000:0000/32 NetName: EP-NET NetHandle: EP-NET-NET Parent: ARIN-001 NetType: Direct Allocation NameServer: FLAG.EP.NET NameServer: Z.IP6.INT Comment: RegDate: 2001-05-21 Updated: 2002-08-05 That's about two years *after* the first RIR policies. Robert From tvo@EnterZone.Net Sat Sep 6 16:45:08 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sat, 6 Sep 2003 11:45:08 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <008301c37472$ed0fdf40$210d640a@unfix.org> Message-ID: On Sat, 6 Sep 2003, Jeroen Massar wrote: > But as the IX prefixes are only intended for peering exchanges > and not for services this all should not be a problem unless you > are at that IX, in which case you have a static route, not in BGP. Um, you mean a connected route, right? > People should set up loopback interfaces anyways and use that > address for their routers, so that the IX prefix never appears > on the wire to the outside world. OK. So in an exchange point situation, where you are connecting to a L2 fabric and using a common network so you can make use of a route-server and not be required to have N^2 BGP sessions to have redundancy, how do you propose this happen? You just added MORE complexity to use a route-server rather than taking it away. Bill never *DEMANDED* that anyone accept 2001:478:: prefixes at all. He simply made the same announcement that he has for the previous two years: Don't expect to see this one as a /32 but rather as /48's, IF you see it at all. If you don't like it, filter it. I could care less, as I'm sure Bill could. If you don't connect to one of the IX's that use EP.NET address space, you never have to see it at all. Deal with it and stop your whining, bitching and moaning. Nobody is making you do anything and you're not going to make US do anything either. As for AMS-IX predating 2001:478::, perhaps it predates the prefix but it does NOT predate EP.NET or the services that Bill has been providing to exchange points in the US. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From jeroen@unfix.org Sat Sep 6 17:53:29 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 6 Sep 2003 18:53:29 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Message-ID: <00cb01c37497$6747ac60$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- John Fraizer [mailto:tvo@EnterZone.Net] wrote: > On Sat, 6 Sep 2003, Jeroen Massar wrote: > > > But as the IX prefixes are only intended for peering exchanges > > and not for services this all should not be a problem unless you > > are at that IX, in which case you have a static route, not in BGP. > > Um, you mean a connected route, right? Ack. > > People should set up loopback interfaces anyways and use that > > address for their routers, so that the IX prefix never appears > > on the wire to the outside world. > > OK. So in an exchange point situation, where you are > connecting to a L2 fabric and using a common network so you can make use of a > route-server and not be required to have N^2 BGP sessions to have > redundancy, how do you propose this happen? You just added MORE > complexity to use a route-server rather than taking it away. The most usual and easiest way is a switch with a prefix (/64). That prefix doesn't need to be seen in any BGP table, only as a static route on the router itself. As you can use a loopback address, from that router's owner own space and which is globally routable as a nexthop and there is also no problem whatsoever with traceroutes etc. This is why we have IX space and why it is possible to give it out per /48, which is the minimum size given out to an endsite. An IX can have multiple links, thus a /64 doesn't suffice -> they get a /48. Afaik, this is the most logical usage case. Great example why you don't want to have IX prefixes in BGP and should actually be actively filtering them and complaining to the people redistributing is a case where the switching fabric goes down, you receive the IX prefix over your transit and suddenly all your bgp sessions go over transit, neat ;) > Bill never *DEMANDED* that anyone accept 2001:478:: prefixes > at all. He didn't demand it, but apparently he does request it between the lines. I never saw anybody else mention anything about the prefixes they where announcing in the IPv6 world. Thus what else would be the intention except for mailinglist filling? > He simply made the same announcement that he has for the previous two > years: Don't expect to see this one as a /32 but rather as > /48's, IF you see it at all. Currently GRH sees the following: 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP 2001:478:65::/48 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP 2001:478:65::/48 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP 2001:478:65::/48 > 2001:470:1fff:3::3 6939 109 4555 IGP 2001:478:65::/48 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP Hmmm a /45 is not a /48 last time I did my math test. So there are aggregates? Why don't make it that nice /32 then if you want it to be visible. If you don't want it to be visible, then why don't you slap on a no-export (okay, which gets dropped by some) or simply don't distribute it to BGP? > If you don't like it, filter it. I could care less, as I'm sure Bill You could care less, so you actually care, I'll take that is a typo ;) > could. If you don't connect to one of the IX's that use > EP.NET address space, you never have to see it at all. > Deal with it and stop your whining, bitching and moaning. Ouch, did somebody step on or cut off, your foot ? If you can't make a valid argument, don't resort to feeble attempts of trying to make it into a flamewar. It just shows that you don't have any argument in your advantage. I don't swear, I hope you can deal with that too. On one hand you say you want it visible, why else does it get announced and on the other hand you don't care, oddness... But I am probably just a whi... bit... and a moa... Personal attacks don't do the content of your message any good. > Nobody is making you do anything and > you're not going to make US do anything either. I never had the intention of making you, apparenty that would require force anyways. My intention was making clear that the prefix you are using is *nothing special*, which apparently you are trying to convince to everybody, but it isn't. Now you are, between the lines, requesting that everybody not filter your prefix, tomorrow some other nitwit comes along and simply invents some /32 from which he/she/it is going to do "multihomed prefixes" and requests that everybody allows it accross the world. If you want to change policy, then bring it to the policy department. I actually also am starting to wonder why this has been brought up on the 6bone mailinglist and not on for example v6ops as it is RIR space we are talking about here. But that is next to the point. > As for AMS-IX predating 2001:478::, perhaps it predates the > prefix but it does NOT predate EP.NET or the services that Bill > has been providing to exchange points in the US. What has IPv4 to do with IPv6? This banana is older than that pear, better watch out if it is rotten. Fortunatly one can renumber, but apparently the EP.NET IX's are not "normal" IX's, they are special and thus they can't play along like the rest of the world even though there are policies in place even way before the allocation was made, without policy no alloc. And even though apparently suddenly you are no LIR. Hmm politics... Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1oRCSmqKFIzPnwjEQIBNQCbBX0TwpKpFcCTWvgCJqEH16xYWhcAnizh h4DxmNiFN4y8x8GrVWMlqsbT =n+3e -----END PGP SIGNATURE----- From gert@space.net Sat Sep 6 18:05:18 2003 From: gert@space.net (Gert Doering) Date: Sat, 6 Sep 2003 19:05:18 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: ; from tvo@EnterZone.Net on Sat, Sep 06, 2003 at 11:45:08AM -0400 References: <008301c37472$ed0fdf40$210d640a@unfix.org> Message-ID: <20030906190518.Y67740@Space.Net> Hi, On Sat, Sep 06, 2003 at 11:45:08AM -0400, John Fraizer wrote: > As for AMS-IX predating 2001:478::, perhaps it predates the prefix but it > does NOT predate EP.NET or the services that Bill has been providing to > exchange points in the US. While this all very nice, I just can't understand why people can't just use the official way: go to your local registry, get a IXP prefix. Seems to work quite well, *even* in ARIN land (ARIN having assigned about 10 IXP prefixes so far, while all the registries in total have assigned 52 IXP prefixes). Are you trying to sabotage the global IPv6 policy? Or trying to prove something? If yes, what is it? Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From bmanning@ISI.EDU Sat Sep 6 19:06:31 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sat, 6 Sep 2003 11:06:31 -0700 (PDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030906190518.Y67740@Space.Net> from Gert Doering at "Sep 6, 3 07:05:18 pm" Message-ID: <200309061806.h86I6Vg17889@boreas.isi.edu> % While this all very nice, I just can't understand why people can't just % use the official way: go to your local registry, get a IXP prefix. % % Seems to work quite well, *even* in ARIN land (ARIN having assigned % about 10 IXP prefixes so far, while all the registries in total have % assigned 52 IXP prefixes). % % Are you trying to sabotage the global IPv6 policy? Or trying to prove % something? If yes, what is it? % % Gert Doering People can go to their RIR. Several do. I think that this is a great idea. It doesn't work for some and for those, EP.NET provides a choice. In either case, neither EP.NET nor the RIRs are "sabotaging" (interesting choice of words) any "global" (now that is even more interesting... I know of a couple of recommedations that are either regional or segment specific, but nothing that remotely resembles a truly global) policy when they each publish a specific list of TLAs that are expected to have different characteristics wrt the routing system. RIRs don't make assertions wrt routablity for any delegations they make. EP.NET does not make assertions wrt routability for any delegations it makes. Each ISP must make those choices for themselves as to which prefixes they will or will not carry. The -ONLY- statement made by EP.NET was that -IF- anyone was to see an entry for 2001:0478 that was smaller than a /48, e.g. a /35 or /32, that such an annoucement was in error. Neither you, nor your other nay-sayers is required to listen to any prefix announcements that you don't like. But I do object to you telling me and everyone else on this list how we are to use the space that was delegated for just this purpose. :) --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From jeroen@unfix.org Sat Sep 6 19:25:47 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 6 Sep 2003 20:25:47 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309061806.h86I6Vg17889@boreas.isi.edu> Message-ID: <00d101c374a4$4b47a170$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Manning [mailto:bmanning@ISI.EDU] wrote: > The -ONLY- statement made by EP.NET was that -IF- anyone was > to see an entry for 2001:0478 that was smaller than a /48, e.g. > a /35 or /32, that such an annoucement was in error. 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP You are in error here then, I guess? Btw 'smaller' is a rather odd wording as one could say that a /32 is smaller as a /35 (smaller amount of network bits) or say that a /35 is smaller as a /32 (smaller amount of host bits). I tend to prefer the host kind of smaller. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1omqymqKFIzPnwjEQIxQQCdEGH9LH30ZNUrPsUA0sj2VfSKXmQAoJjh xBOVVhHKhg/HBLgcc0uoL+fN =/67Q -----END PGP SIGNATURE----- From hank@att.net.il Sat Sep 6 20:36:29 2003 From: hank@att.net.il (Hank Nussbacher) Date: Sat, 06 Sep 2003 21:36:29 +0200 Subject: [6bone] 2001:478:: as /48 In-Reply-To: <200309052011.h85KBrM05592@boreas.isi.edu> References: Message-ID: <5.1.0.14.2.20030906213501.00aa7010@max.att.net.il> At 01:11 PM 05-09-03 -0700, Bill Manning wrote: >% >% Renumber. It's trivial to set up identical BGP sessions with the new >% addresses and retire the old when your peer configures the BGP session in >% turn. After all have done that, remove the old prefix. >% > > I would, but ARIN does not want to. That being said, Can you refer us to the RFC, ARIN policy statement, ARIN discussion thread that states this? Or is this all verbal policy? -Hank >--bill >Opinions expressed may not even be mine by the time you read them, and >certainly don't reflect those of any other entity (legal or otherwise). >_______________________________________________ >6bone mailing list >6bone@mailman.isi.edu >http://mailman.isi.edu/mailman/listinfo/6bone From mcr@sandelman.ottawa.on.ca Sat Sep 6 20:27:19 2003 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Sat, 06 Sep 2003 15:27:19 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Sat, 06 Sep 2003 20:25:47 +0200." <00d101c374a4$4b47a170$210d640a@unfix.org> Message-ID: <26589.1062876439@marajade.sandelman.ottawa.on.ca> >>>>> "Jeroen" == Jeroen Massar writes: Jeroen> -----BEGIN PGP SIGNED MESSAGE----- Jeroen> Bill Manning [mailto:bmanning@ISI.EDU] wrote: Jeroen> >> The -ONLY- statement made by EP.NET was that -IF- anyone was >> to see an entry for 2001:0478 that was smaller than a /48, e.g. >> a /35 or /32, that such an annoucement was in error. Jeroen> 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP Jeroen> 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP Jeroen> 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP Jeroen> 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP Jeroen> You are in error here then, I guess? Jeroen> Btw 'smaller' is a rather odd wording as one could say that Jeroen> a /32 is smaller as a /35 (smaller amount of network bits) or say I like to use the term "more specific" and "less specific". ] Out and about in Ottawa. hmmm... beer. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian/notebook using, kernel hacking, security guy"); [ From haesu@towardex.com Sat Sep 6 20:38:26 2003 From: haesu@towardex.com (Haesu) Date: Sat, 6 Sep 2003 15:38:26 -0400 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: <20030905213023.GA18084@ping.be> References: <20030905213023.GA18084@ping.be> Message-ID: <20030906193826.GA29827@scylla.towardex.com> Hi All, Appologies if you feel this is a little bit of OT post.. But I figured this may be a best place to ask.. Are there any tunnelbrokers in east coast (preferably Northeast/NYC area) who can give BGP4+ view of the ipv6 internet just like HE.net's tunnelbroker? Ive looked in many places and the only tunnel places I can find that have presence in NYC are common ones such as freenet6 who do not generally offer bgp feeds/peering. Thanks, -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 From jeroen@unfix.org Sat Sep 6 22:03:59 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 6 Sep 2003 23:03:59 +0200 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: <20030906193826.GA29827@scylla.towardex.com> Message-ID: <00e001c374ba$64fd8060$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Haesu wrote: > Appologies if you feel this is a little bit of OT post.. But > I figured this may be a best place to ask.. It's the 6bone list, thus it is not offtopic. > Are there any tunnelbrokers in east coast (preferably > Northeast/NYC area) who can give BGP4+ view of the ipv6 > internet just like HE.net's tunnelbroker? Ive looked in many > places and the only tunnel places I can find that have > presence in NYC are common ones such as freenet6 who do not > generally offer bgp feeds/peering. Afaik there is only HE.Net and Freenet6 as wellknown brokers in the US. There might be others though, let them speak up. SixXS doesn't have any POP's there neither private or public. Unfortunatly the deployment rate in the US is a little low. If any ISP wants help, don't be afraid to ask :) I wonder why you want to do BGP over a tunnel. Especially endusers should not be given BGP as they are given transit for the delegated space and the ISP should filter out anything else coming in (ingress filtering) Please read the "Minimal IPv6 Peering" doc by Robert Kießling: http://ip6.de.easynet.net/ipv6-minimum-peering.txt Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1pLtymqKFIzPnwjEQJXMQCeK59kOFmYz0pKSZ4KI/Mk5rWXp5MAoK0A UMONW3PlCib1oylLH1TUw6Ib =+NhG -----END PGP SIGNATURE----- From haesu@towardex.com Sat Sep 6 22:22:20 2003 From: haesu@towardex.com (Haesu) Date: Sat, 6 Sep 2003 17:22:20 -0400 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: <00e001c374ba$64fd8060$210d640a@unfix.org> References: <20030906193826.GA29827@scylla.towardex.com> <00e001c374ba$64fd8060$210d640a@unfix.org> Message-ID: <20030906212220.GA33664@scylla.towardex.com> We run rather a large test/sandbox network where we give out ipv6 transit to users for free (this is a nonprofit network used for education and development purposes). B/c it's all nonprofit, we don't have funding to afford commercial ipv6 connectivity, in which many of of native ipv6 services out there are offered commercially.. We currently receive full bgp4+ feed from he.net's tunnelbroker which is great.. And the latency from our nonprofit net's san francisco POP to he.net's tunnel broker router is only 4miliseconds which is very good connectivity. The problem is, a lot of east coast users get really bad pingtime as everything has to route out via SFO. So we are just looking for anyone who run an ipv6 network in the east who could give us bgp4+ feed over a tunnel. Regards, -hc On Sat, Sep 06, 2003 at 11:03:59PM +0200, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Haesu wrote: > > > Appologies if you feel this is a little bit of OT post.. But > > I figured this may be a best place to ask.. > > It's the 6bone list, thus it is not offtopic. > > > Are there any tunnelbrokers in east coast (preferably > > Northeast/NYC area) who can give BGP4+ view of the ipv6 > > internet just like HE.net's tunnelbroker? Ive looked in many > > places and the only tunnel places I can find that have > > presence in NYC are common ones such as freenet6 who do not > > generally offer bgp feeds/peering. > > Afaik there is only HE.Net and Freenet6 as wellknown brokers > in the US. There might be others though, let them speak up. > SixXS doesn't have any POP's there neither private or public. > Unfortunatly the deployment rate in the US is a little low. > If any ISP wants help, don't be afraid to ask :) > > I wonder why you want to do BGP over a tunnel. > Especially endusers should not be given BGP as they are > given transit for the delegated space and the ISP should > filter out anything else coming in (ingress filtering) > > Please read the "Minimal IPv6 Peering" doc by Robert Kie?ling: > http://ip6.de.easynet.net/ipv6-minimum-peering.txt > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP1pLtymqKFIzPnwjEQJXMQCeK59kOFmYz0pKSZ4KI/Mk5rWXp5MAoK0A > UMONW3PlCib1oylLH1TUw6Ib > =+NhG > -----END PGP SIGNATURE----- -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 From jeroen@unfix.org Sat Sep 6 23:04:23 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 7 Sep 2003 00:04:23 +0200 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: <20030906212220.GA33664@scylla.towardex.com> Message-ID: <00ec01c374c2$d54e6cf0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Haesu [mailto:haesu@towardex.com] wrote: > We run rather a large test/sandbox network where we give out > ipv6 transit to users for free (this is a nonprofit network used for > education and development purposes). #define large aka number of endsites, avg. traffic etc. Afaik any if not all of the TB's give out transit for free btw. > B/c it's all nonprofit, we don't have funding to afford > commercial ipv6 connectivity, in which many of of native > ipv6 services out there are offered commercially.. SixXS is a complete non-profit operation too btw, the ISP's participating make sure they provide commercial grade IPv6 connectivity. It all depends on what you need and where apparently. > We currently receive full bgp4+ feed from he.net's > tunnelbroker which is great.. > And the latency from our nonprofit net's san francisco POP to > he.net's tunnel broker router is only 4miliseconds which is > very good connectivity. > > The problem is, a lot of east coast users get really bad > pingtime as everything has to route out via SFO. So we are > just looking for anyone who run an ipv6 network in the east > who could give us bgp4+ feed over a tunnel. If I where you, I would first get myself a TLA from ARIN. Then go to an IX where IPv6 is present or start doing native peerings with other ISP's. Currently most ISP's will give transit for free, thus that is a nobrainer. Apparently you give out /120's to endusers, how can they experiment correctly with such amount of space? The whole idea of IPv6 was that endsites get a *lot* of address space so that they autoconfigure anything on their network links ranging from their PC to their refridgerator to their PS2's and xboxes. Give your users /48's, that's the policy. But that is my personal opinion :) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1pZ5ymqKFIzPnwjEQKQhQCeIgdpudKiYDzxEiTSSPUMB5lIuHEAnREv iNyyHOBH1EGrNhjQiPDPj7Qj =hQD+ -----END PGP SIGNATURE----- From haesu@towardex.com Sat Sep 6 23:17:15 2003 From: haesu@towardex.com (Haesu) Date: Sat, 6 Sep 2003 18:17:15 -0400 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: <00ec01c374c2$d54e6cf0$210d640a@unfix.org> References: <20030906212220.GA33664@scylla.towardex.com> <00ec01c374c2$d54e6cf0$210d640a@unfix.org> Message-ID: <20030906221715.GA35539@scylla.towardex.com> > > #define large aka number of endsites, avg. traffic etc. > Afaik any if not all of the TB's give out transit for free btw. End sites are about 200 in total spread out throughout the country.. Bandwidth used however are very low as many of them mostly use ipv6 to try out the addressing scheme, etc or what not.. Aggregate bandwidth pushed out to all TB's is total of only 300kbps to 1Mbps.. > > If I where you, I would first get myself a TLA from ARIN. > Then go to an IX where IPv6 is present or start doing native > peerings with other ISP's. Currently most ISP's will give > transit for free, thus that is a nobrainer. This is already in the works, but will take a little bit of time. > > Apparently you give out /120's to endusers, how can they > experiment correctly with such amount of space? The whole > idea of IPv6 was that endsites get a *lot* of address space > so that they autoconfigure anything on their network links > ranging from their PC to their refridgerator to their PS2's > and xboxes. Give your users /48's, that's the policy. Wherever you got that from (I think you got it from our site), it's outdated. We used to do /120 at first when we were just building up ipv6 network. Now that we have enough users, automatic /64 assignment is current policy. -hc > > But that is my personal opinion :) > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP1pZ5ymqKFIzPnwjEQKQhQCeIgdpudKiYDzxEiTSSPUMB5lIuHEAnREv > iNyyHOBH1EGrNhjQiPDPj7Qj > =hQD+ > -----END PGP SIGNATURE----- -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 From tvo@EnterZone.Net Sat Sep 6 23:37:27 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sat, 6 Sep 2003 18:37:27 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <00cb01c37497$6747ac60$210d640a@unfix.org> Message-ID: On Sat, 6 Sep 2003, Jeroen Massar wrote: > > OK. So in an exchange point situation, where you are > > connecting to a L2 fabric and using a common network so you can make use of a > > route-server and not be required to have N^2 BGP sessions to have > > redundancy, how do you propose this happen? You just added MORE > > complexity to use a route-server rather than taking it away. > > The most usual and easiest way is a switch with a prefix (/64). And that /64 (or /48 as it may be) is a connected route. It becomes a *seemless* fusion between ASNs. Nexthops are handed out by the Route Server and no further intervention is required on the part of participants. The nexthop is part of the IX address space, which is a *connected* route. No static routes required. On the other hand, if that address space is not globally routed, it breaks PMTU-Disc, traceroute, etc. > That prefix doesn't need to be seen in any BGP table, only as > a static route on the router itself. As you can use a loopback > address, from that router's owner own space and which is globally > routable as a nexthop and there is also no problem whatsoever > with traceroutes etc. This is why we have IX space and why it Usingt owner address space requires that static routes be added for every peer. Which part of "Peering at an exchange point is *easier* than multiple bilateral peering sessions" did you not understand when the virtues of IX's were explained? Look. If you want to do it in a broken, antiquated way, that is just fine. Don't expect us to do so. If you want to filter the address space used for IX's managed by EP.NET, that is just fine. Stop bitching and moaning though. You quite OBVIOUSLY have much less experience in the arena than myself, let alone Bill and simply want to bitch and moan and see your own emails echoed by the list. Get over yourself. > Great example why you don't want to have IX prefixes in BGP and > should actually be actively filtering them and complaining to > the people redistributing is a case where the switching fabric > goes down, you receive the IX prefix over your transit and > suddenly all your bgp sessions go over transit, neat ;) No. Actually, that is a great example of YOU not understanding how to properly configure your BGP sessions and preferences. Don't expect us to make changes to accomodate your being void of appropriate clue. > > Bill never *DEMANDED* that anyone accept 2001:478:: prefixes > > at all. > > He didn't demand it, but apparently he does request it between > the lines. I never saw anybody else mention anything about the > prefixes they where announcing in the IPv6 world. Thus what > else would be the intention except for mailinglist filling? You, Son, are the one who appears to be interested in Mailing list filling. If you don't want to accept the /48 that's *FINE* but, I *BEG OF YOU!!!* GET OVER YOURSELF! Drop it. I couldn't give a rats ass if you carry the /48 we use at ISI-LAP. I'm serious. Get over yourself and DROP IT! > > He simply made the same announcement that he has for the previous two > > years: Don't expect to see this one as a /32 but rather as > > /48's, IF you see it at all. > > Currently GRH sees the following: > > 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP > 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP > 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP > 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP > 2001:478:65::/48 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP > 2001:478:65::/48 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP > 2001:478:65::/48 > 2001:470:1fff:3::3 6939 109 4555 IGP > 2001:478:65::/48 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP > > Hmmm a /45 is not a /48 last time I did my math test. > So there are aggregates? Why don't make it that nice /32 then > if you want it to be visible. Again, get over yourself. Filter your ass off. I don't care. Just frigging DROP IT! > > If you don't want it to be visible, then why don't you slap on > a no-export (okay, which gets dropped by some) or simply don't > distribute it to BGP? If you don't want to accept it, why don't you filter it? Just recently, someone posted about people not honoring no-export yet, you want us to use it? Sheesh. Make up your mind. > > If you don't like it, filter it. I could care less, as I'm sure Bill > > You could care less, so you actually care, I'll take that is a typo ;) > I *COULD ***NOT*** CARE LESS IF MY TRAFFIC MAKES IT IN AND OUT OF YOUR PO-DUNK, WANNA-BE, WISH I WAS A REAL PROVIDER* network. Does that make it clear enough for you? > attempts of trying to make it into a flamewar. It just shows > that you don't have any argument in your advantage. > I don't swear, I hope you can deal with that too. There is no argument. If you don't want to accept the routes, you don't have to. You're wasting our time, and bandwidth with your constant whining and rehashing of the same bullshit. DROP IT, you CHILD! > On one hand you say you want it visible, why else does it get > announced and on the other hand you don't care, oddness... I don't care if YOU can see it. You see, you, believe it or not, have the power to NOT accept the prefix. If you don't want to, you don't have to accept it. Deal with it. > But I am probably just a whi... bit... and a moa... > Personal attacks don't do the content of your message any good. And whining and bitching and moaning don't do you any good either. If you don't want to accept the prefixes, don't accept them but for GODS SAKE, stop your frigging whining about it! > I never had the intention of making you, apparenty that would > require force anyways. My intention was making clear that the prefix > you are using is *nothing special*, which apparently you are trying to > convince to everybody, but it isn't. Nobody tried to convince anyone that the prefix was special. It is being used in a non-conventional way and that was pointed out so that those who DESIRED to accept the prefix would KNOW that it was LEGIT. > Now you are, between the lines, requesting that everybody not filter > your prefix, tomorrow some other nitwit comes along and simply invents > some /32 from which he/she/it is going to do "multihomed prefixes" and > requests that everybody allows it accross the world. If you want to > change policy, then bring it to the policy department. When did ANYONE request that it not be filtered? Bill simply notified that the prefix would appear as /48's. He didn't say, "Please don't filter this." It was a "For your information" post. DEAL WITH IT! > I actually also am starting to wonder why this has been brought up > on the 6bone mailinglist and not on for example v6ops as it is RIR > space we are talking about here. But that is next to the point. You just want to complain, don't you? Which ASNs do you control? I want to update my "Bitch filters". -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From bmanning@ISI.EDU Sun Sep 7 00:02:33 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sat, 6 Sep 2003 16:02:33 -0700 (PDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <00d101c374a4$4b47a170$210d640a@unfix.org> from Jeroen Massar at "Sep 6, 3 08:25:47 pm" Message-ID: <200309062302.h86N2XM18638@boreas.isi.edu> % > The -ONLY- statement made by EP.NET was that -IF- anyone was % > to see an entry for 2001:0478 that was smaller than a /48, e.g. % > a /35 or /32, that such an annoucement was in error. % % 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP % 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP % 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP % 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 109 4555 IGP % % You are in error here then, I guess? Yup. A typo was made (one of the folks following the "default" of aggregation) and will be removed. % Btw 'smaller' is a rather odd wording as one could say that % a /32 is smaller as a /35 (smaller amount of network bits) or say % that a /35 is smaller as a /32 (smaller amount of host bits). % I tend to prefer the host kind of smaller. normal CIDR notation here. 32 < 35 < 45 < 48 < 64 % Greets, % Jeroen % % -----BEGIN PGP SIGNATURE----- % Version: Unfix PGP for Outlook Alpha 13 Int. % Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ % % iQA/AwUBP1omqymqKFIzPnwjEQIxQQCdEGH9LH30ZNUrPsUA0sj2VfSKXmQAoJjh % xBOVVhHKhg/HBLgcc0uoL+fN % =/67Q % -----END PGP SIGNATURE----- % [End of raw data] -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bmanning@ISI.EDU Sun Sep 7 00:03:37 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sat, 6 Sep 2003 16:03:37 -0700 (PDT) Subject: [6bone] 2001:478:: as /48 In-Reply-To: <5.1.0.14.2.20030906213501.00aa7010@max.att.net.il> from Hank Nussbacher at "Sep 6, 3 09:36:29 pm" Message-ID: <200309062303.h86N3bE19422@boreas.isi.edu> % At 01:11 PM 05-09-03 -0700, Bill Manning wrote: % >% % >% Renumber. It's trivial to set up identical BGP sessions with the new % >% addresses and retire the old when your peer configures the BGP session in % >% turn. After all have done that, remove the old prefix. % >% % > % > I would, but ARIN does not want to. That being said, % % Can you refer us to the RFC, ARIN policy statement, ARIN discussion thread % that states this? Or is this all verbal policy? % % -Hank Private email. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From gert@space.net Sun Sep 7 00:14:40 2003 From: gert@space.net (Gert Doering) Date: Sun, 7 Sep 2003 01:14:40 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: ; from tvo@EnterZone.Net on Sat, Sep 06, 2003 at 06:37:27PM -0400 References: <00cb01c37497$6747ac60$210d640a@unfix.org> Message-ID: <20030907011440.Z67740@Space.Net> Hi, On Sat, Sep 06, 2003 at 06:37:27PM -0400, John Fraizer wrote: > On the other hand, if that > address space is not globally routed, it breaks PMTU-Disc, traceroute, > etc. It does nothing of this, *unless* you're also doing reverse-path filtering on your external links (which is a dangerous thing in most cases anyway). It breaks pinging / tracerouting *to* a specific router on its IXP address, indeed, but not *through* the router, which is by far the most common usage. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tvo@EnterZone.Net Sun Sep 7 00:25:58 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sat, 6 Sep 2003 19:25:58 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) Message-ID: On Sun, 7 Sep 2003, Gert Doering wrote: > Hi, > > On Sat, Sep 06, 2003 at 06:37:27PM -0400, John Fraizer wrote: > > On the other hand, if that > > address space is not globally routed, it breaks PMTU-Disc, traceroute, > > etc. > > It does nothing of this, *unless* you're also doing reverse-path filtering > on your external links (which is a dangerous thing in most cases anyway). > > It breaks pinging / tracerouting *to* a specific router on its IXP > address, indeed, but not *through* the router, which is by far the > most common usage. > > Gert Doering Sorry Gert. You don't router IX space and you wind up with the same issues as are presented by the boneheads who use RFC1918 address space on VISABLE links in V4 space. *EVERY* link in the chain has to be able to participate for PMTU-D to properly function. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From jeroen@unfix.org Sun Sep 7 00:48:39 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 7 Sep 2003 01:48:39 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309062302.h86N2XM18638@boreas.isi.edu> Message-ID: <00fa01c374d1$6619ce60$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Manning [mailto:bmanning@ISI.EDU] wrote: > > % > The -ONLY- statement made by EP.NET was that -IF- anyone was > % > to see an entry for 2001:0478 that was smaller than a /48, e.g. > % > a /35 or /32, that such an annoucement was in error. > % > % 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP > % 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP > % 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP > % 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 > 109 4555 IGP > % > % You are in error here then, I guess? > > Yup. A typo was made (one of the folks following the "default" > of aggregation) and will be removed. Ack. > % Btw 'smaller' is a rather odd wording as one could say that > % a /32 is smaller as a /35 (smaller amount of network bits) or say > % that a /35 is smaller as a /32 (smaller amount of host bits). > % I tend to prefer the host kind of smaller. > > normal CIDR notation here. > > 32 < 35 < 45 < 48 < 64 Confusion all around :) Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1pyVymqKFIzPnwjEQL69QCdEXWEb+qVgWXTq6z5gf3tAXsxu34AnRIZ rYAQikRkDc6bp9pbwyqWB96p =GNPf -----END PGP SIGNATURE----- From jeroen@unfix.org Sun Sep 7 01:10:53 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 7 Sep 2003 02:10:53 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Message-ID: <00ff01c374d4$80e70b60$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- John Fraizer [mailto:tvo@EnterZone.Net] wrote: > On Sat, 6 Sep 2003, Jeroen Massar wrote: > > > > OK. So in an exchange point situation, where you are > > > connecting to a L2 fabric and using a common network so you > > > can make use of a > > > route-server and not be required to have N^2 BGP sessions to have > > > redundancy, how do you propose this happen? You just added MORE > > > complexity to use a route-server rather than taking it away. > > > > The most usual and easiest way is a switch with a prefix (/64). > > And that /64 (or /48 as it may be) is a connected route. It becomes a > *seemless* fusion between ASNs. Nexthops are handed out by the Route > Server and no further intervention is required on the part of > participants. The nexthop is part of the IX address space, which is a > *connected* route. No static routes required. On the other > hand, if that address space is not globally routed, it breaks PMTU-Disc, > traceroute, etc. You are talking about a route server which I never mentioned. Maybe an example makes it clear what I mean in JunOS style from the top of my head, didn't test it as I don't have a bedside juniper : interface lo0 unit 0 family inet6 address 2001:db8:2000::1/64; interface fe-0/1/0 unit 0 family inet6 address 2001:db8::1/64; protocols bgp group MyPeer { type external; family inet6 unicast; peer-as 65535l neighbour 2001:db8::2; next-hop 2001:db8:2000::1; } Tada, BGP peering established, if the other side sets it up too. 2001:db8::/64 == IX prefix 2001:db8:2000::/64 is out of the providers space, should be a seperate TLA but there is only one documentation /32. All traffic going out of this box will have a source IP of 2001:db8:2000::1 which is globally reachable. Only the peers will talk to each other using 2001:db8::/64. This doesn't hurt traceroutes either as they have the ISP's IP and not the IX's IP, no problems with pathmtu etc... Another advantage of this is that "abuse" type reports won't go to the IX, but to the ISP as there is no IX space to be seen anywhere. But you did know that ofcourse, I am the kid here :) Glad to see at least one person not thinking I am not yet another old fart, thanks for the positive comment. Maybe that clears up what I mean? Or maybe you where just to angry to be able to read what I was talking about? Please cool down a bit, stop the caps, drink some cold beer and try again. > > That prefix doesn't need to be seen in any BGP table, only as > > a static route on the router itself. As you can use a loopback > > address, from that router's owner own space and which is globally > > routable as a nexthop and there is also no problem whatsoever > > with traceroutes etc. This is why we have IX space and why it > > Usingt owner address space requires that static routes be > added for every peer. Which part of "Peering at an exchange > point is *easier* than multiple bilateral peering sessions" > did you not understand when the virtues of IX's were explained? According to you everything, then again you didn't understand what I meant, thus this comment is quite futile. > Look. If you want to do it in a broken, antiquated way, that is just > fine. Don't expect us to do so. If you want to filter the > address space used for IX's managed by EP.NET, that is just fine. > Stop bitching and moaning though. You quite OBVIOUSLY have much > less experience in the arena than myself, let alone Bill and simply > want to bitch and moan and see your own emails echoed by the list. > Get over yourself. Wow, another personal attack without content and absolutely not refering to anything I said but only things you made up. > > Great example why you don't want to have IX prefixes in BGP and > > should actually be actively filtering them and complaining to > > the people redistributing is a case where the switching fabric > > goes down, you receive the IX prefix over your transit and > > suddenly all your bgp sessions go over transit, neat ;) > > No. Actually, that is a great example of YOU not understanding how to > properly configure your BGP sessions and preferences. Don't > expect us to make changes to accomodate your being void of appropriate clue. And another one, if I am apparently missing clue, why don't you as the one who apparently does know what you are talking about point me to the clue, any good hints of books I need to read, any URL's? > > > Bill never *DEMANDED* that anyone accept 2001:478:: prefixes > > > at all. > > > > He didn't demand it, but apparently he does request it between > > the lines. I never saw anybody else mention anything about the > > prefixes they where announcing in the IPv6 world. Thus what > > else would be the intention except for mailinglist filling? > > You, Son, are the one who appears to be interested in Mailing list > filling. If you don't want to accept the /48 that's *FINE* > but, I *BEG OF YOU!!!* GET OVER YOURSELF! Drop it. I couldn't > give a rats ass if you carry the /48 we use at ISI-LAP. > I'm serious. Get over yourself and DROP IT! Oeh I have been promoted to "Son". Sorry that I tend to respond to many messages and try to figure out why certain actions are taken which affect many people, who mostly keep silent. If you don't care, why do you even bother to reply? You are still missing the point about _why_ I made the initial comment. Please re-read the messages, but have that cold beer first you seem to be quite flamy at the moment. > > > He simply made the same announcement that he has for the > previous two > > > years: Don't expect to see this one as a /32 but rather as > > > /48's, IF you see it at all. > > > > Currently GRH sees the following: > > > > 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 > 4555 IGP > > 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 > 4555 IGP > > 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP > > 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 > 6939 109 4555 IGP > > 2001:478:65::/48 2001:1418:1:400::1 12779 3549 6939 109 > 4555 IGP > > 2001:478:65::/48 2001:610:25:5062::62 1103 11537 6939 109 > 4555 IGP > > 2001:478:65::/48 > 2001:470:1fff:3::3 6939 109 4555 IGP > > 2001:478:65::/48 2001:610:ff:c::2 1888 1103 11537 > 6939 109 4555 IGP > > > > Hmmm a /45 is not a /48 last time I did my math test. > > So there are aggregates? Why don't make it that nice /32 then > > if you want it to be visible. > > Again, get over yourself. Filter your ass off. I don't care. Just > frigging DROP IT! Why? Because you can't stick to your arguments? Check Bill's message, he did admit that it was a typo. Is it so hard to accept that one time in your lifetime you are not right? I have been wrong quite a number of times, but at least I can admit that if people come with good arguments. And you have absolutely none of those except loads of flames. > > If you don't want it to be visible, then why don't you slap on > > a no-export (okay, which gets dropped by some) or simply don't > > distribute it to BGP? > > If you don't want to accept it, why don't you filter it? > Just recently, someone posted about people not honoring no-export > yet, you want us to use it? Hmm is my english that bad? Let's rephrase the story I also told at RIPE46 during the IPv6 WG: AS1200 (AMS-IX) is announcing 2001:7f8:1::/48 to it's peers with the no-export flag set. Thus one would expect that it will only be visible at their peers, those directly connected to the IX. But apparently the flag gets overruled by some: 2001:7f8:1::/48 2001:8e0:0:ffff::4 8758 25396 25396 25396 25396 6939 3257 1200 IGP 2001:7f8:1::/48 2001:470:1fff:3::3 6939 3257 1200 IGP 2001:7f8:1::/48 2001:780:0:2::6 12337 5539 3257 1200 IGP 2001:7f8:1::/48 2001:1418:1:400::1 12779 3549 1200 IGP And suddenly it is visible all across the world (6939 is HE.net) Which was not the intention of the originator. It could be that this is a software or a configuration bug. Either way, I think it is quite important that it gets fixed. You are probably one of the people best known with most of the problems seen with Zebra, those problems do exist elsewhere too. And I like to point out problems and get them straightend out. > Sheesh. Make up your mind. The one who can't make up his mind would be you in this case. Bill announces that it could be that only /48's and possibly in the future only /64's are to be seen from the EP.net block. Thus in http://mailman.isi.edu/pipermail/6bone/2003-September/007890.html I ask why he doesn't use the RIR IX block's or announce the /32 so that they are globally reachable, which apparently is wanted. And suddenly I am a kid for asking such a sort of thing and pointing out that some policies exist for those things? Bill doesn't have this argument apparently as he doesn't respond to these messages, he made his note and explained why he did that You on the other hand are the flamy one and you definitly care. > > > If you don't like it, filter it. I could care less, as I'm sure Bill > > > > You could care less, so you actually care, I'll take that is a typo ;) > > > > I *COULD ***NOT*** CARE LESS IF MY TRAFFIC MAKES IT IN AND OUT OF YOUR > PO-DUNK, WANNA-BE, WISH I WAS A REAL PROVIDER* network. Does > that make it clear enough for you? The capslock was on apparently, it's at the left of your keyboard. I said I took that as a typo didn't I? I really understand that you don't like me, for some reason or another. > > attempts of trying to make it into a flamewar. It just shows > > that you don't have any argument in your advantage. > > I don't swear, I hope you can deal with that too. > > There is no argument. If you don't want to accept the routes, you don't > have to. You're wasting our time, and bandwidth with your constant > whining and rehashing of the same bullshit. DROP IT, you CHILD! Your real network has problems with messages of ~8kb? If you don't want to reply or want to see my messages, you don't need to, you can filter them very easily, see below. > > On one hand you say you want it visible, why else does it get > > announced and on the other hand you don't care, oddness... > > I don't care if YOU can see it. You see, you, believe it or > not, have the power to NOT accept the prefix. If you don't want > to, you don't have to accept it. Deal with it. Which is exactly what most european operators are doing at the moment. Which is the reason why I simply asked why the /32 wasn't announced if you apparently do require it (yes I am repeating myself, but hey you don't read, so I have to) > > But I am probably just a whi... bit... and a moa... > > Personal attacks don't do the content of your message any good. > > And whining and bitching and moaning don't do you any good > either. If you don't want to accept the prefixes, don't accept > them but for GODS SAKE, stop your frigging whining about it! > > > I never had the intention of making you, apparenty that would > > require force anyways. My intention was making clear that the prefix > > you are using is *nothing special*, which apparently you are trying to > > convince to everybody, but it isn't. > > Nobody tried to convince anyone that the prefix was special. > It is being used in a non-conventional way and that was pointed out so > that those who DESIRED to accept the prefix would KNOW that it was LEGIT. Are you saying that you know of any prefix currently being announced that is not "legit"? Please note them to us here on the list so that we can take action *now*. Hijacking is a bad thing. Currently the only really wrong things being seen in the GRT: 3ffe:1300::/24 Mismatching origin ASN, should be 762 (now: 10318) 3ffe:2f00::/24 Mismatching origin ASN, should be 2547 (now: 1955) 3ffe:8070::/28 Mismatching origin ASN, should be 278 (now: 237) Note that in case of the 3ffe:1300::/24 the single contact that is in the whois database is not reachable, next to that 10318 isn't NORTEL but a rather rogue AS which is not contactable either. 3ffe:2f00::/24 probably just didn't update their whois object. 3ffe:8070::/24 is all of a sudden sourced from MERIT, while 278 which should be announcing it is a Mexican University. Then there are also 6to4 more specifics which simply violate the RFC: 2002:8c6d:106::/48 More specific 6to4 prefix (140.109.1.6/32) 2002:c0e7:d405::/48 More specific 6to4 prefix (192.231.212.5/32) 2002:c2b1:d06e::/48 More specific 6to4 prefix (194.177.208.110/32) 2002:c8a2::/33 More specific 6to4 prefix (200.162.0.0/17) 2002:c8c6:4000::/34 More specific 6to4 prefix (200.198.64.0/18) 2002:c8ca:7000::/36 More specific 6to4 prefix (200.202.112.0/20) And a *lot* of more specifics in all the other spaces. Thus 111 prefixes are currently 'superfluos'. Any other takers? Before you say "filter them then", for GRH I explictly request unfiltered prefixes, so we can see where they are coming from. One can't force anybody, but we can make people aware that sooner or later the routing tables *are* going to explode or just filled with crap. Thinking of Iljitsch talk last thursday mentioning what would happen when 10 million people started announcing their /48 ;) Then again, that's perfect for companies like C and J and not to forget all the memory vendors. > > Now you are, between the lines, requesting that everybody not filter > > your prefix, tomorrow some other nitwit comes along and simply invents > > some /32 from which he/she/it is going to do "multihomed prefixes" and > > requests that everybody allows it accross the world. If you want to > > change policy, then bring it to the policy department. > > When did ANYONE request that it not be filtered? Bill simply notified > that the prefix would appear as /48's. He didn't say, "Please don't > filter this." It was a "For your information" post. DEAL WITH IT! If he really meant what you are saying, but these are your words, then why was that message required? People who apply filters are already applying filters, it's their network and they will filter. (yups, another repeat) I've dealt with it a long time ago and have noted it a couple of times too as you might have noticed. We simply filter. But apparently you don't like it when you 'inform' people that you announce and we inform you that we filter and provide a solution to overcome your problem of still being reachable, which was the thing I read between the lines. You mentioned that when it gets filtered that it breaks a number of things, so what else is there to think? Trying to be a helping hand is not appreciated apparently. I'll remember that next time "when I've grown up" in your wordings. > > I actually also am starting to wonder why this has been brought up > > on the 6bone mailinglist and not on for example v6ops as it is RIR > > space we are talking about here. But that is next to the point. > > You just want to complain, don't you? Which ASNs do you > control? I want to update my "Bitch filters". "whois JRM1-RIPE", use google on my full name, have fun with it. You care enough to do that and have enough time for it too. If you really hate me so much and think I am all that childish maybe you could just stick me in your email filter list or simply ignore me. FYI I only use jeroen@unfix.org for mails sent out by me, not related to a organisation and the procmail rule would be: :0: * ^From: Jeroen Massar /dev/null Thank you for showing you are a real american :) Maybe I'll add you to /dev/null, then again it's quite funny to see someone go ballistic over such a stupid thing that he can't even argue about :) Greets, Jeroen PS: No offense to the other americans, but they probably are not reading this thread any more as it only contains a lot of flames :( -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1p3jCmqKFIzPnwjEQKmOwCdHu/HK77gFvFwBLnhrDYtvhGsXoUAnA++ 26+FLH2zUcrRJUOwfbEv+r2j =hNDh -----END PGP SIGNATURE----- From hansolofalcon@worldnet.att.net Sun Sep 7 01:45:53 2003 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Sat, 6 Sep 2003 20:45:53 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <00fa01c374d1$6619ce60$210d640a@unfix.org> Message-ID: <000001c374d9$65bcc0a0$0100a8c0@who5> Hello (again) from Gregg C Levine Would any of you mind doing me a favor, when this discussion reaches a good resting point? Please reiterate the whole series of things that led up to this discussion. Oh, and on the sub-subject of ISPs, I happen to know from an earlier phone call with their support staff, that even though they provide DSL service for consumer AT&T customers, they haven't plans at the time to make available IPv6 services. I'm still working on that issue. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) > -----Original Message----- > From: 6bone-admin@mailman.isi.edu [mailto:6bone-admin@mailman.isi.edu] On > Behalf Of Jeroen Massar > Sent: Saturday, September 06, 2003 7:49 PM > To: 'Bill Manning' > Cc: 6bone@ISI.EDU > Subject: RE: [6bone] non-global address space for IXs (was: 2001:478:: as /48) > > -----BEGIN PGP SIGNED MESSAGE----- > > Bill Manning [mailto:bmanning@ISI.EDU] wrote: > > > > % > The -ONLY- statement made by EP.NET was that -IF- anyone was > > % > to see an entry for 2001:0478 that was smaller than a /48, e.g. > > % > a /35 or /32, that such an annoucement was in error. > > % > > % 2001:478::/45 2001:1418:1:400::1 12779 3549 6939 109 4555 IGP > > % 2001:478::/45 2001:610:25:5062::62 1103 11537 6939 109 4555 IGP > > % 2001:478::/45 > 2001:470:1fff:3::3 6939 109 4555 IGP > > % 2001:478::/45 2001:610:ff:c::2 1888 1103 11537 6939 > > 109 4555 IGP > > % > > % You are in error here then, I guess? > > > > Yup. A typo was made (one of the folks following the "default" > > of aggregation) and will be removed. > > Ack. > > > % Btw 'smaller' is a rather odd wording as one could say that > > % a /32 is smaller as a /35 (smaller amount of network bits) or say > > % that a /35 is smaller as a /32 (smaller amount of host bits). > > % I tend to prefer the host kind of smaller. > > > > normal CIDR notation here. > > > > 32 < 35 < 45 < 48 < 64 > > Confusion all around :) > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP1pyVymqKFIzPnwjEQL69QCdEXWEb+qVgWXTq6z5gf3tAXsxu34 > AnRIZ > rYAQikRkDc6bp9pbwyqWB96p > =GNPf > -----END PGP SIGNATURE----- > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From tvo@EnterZone.Net Sun Sep 7 01:56:12 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sat, 6 Sep 2003 20:56:12 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <00ff01c374d4$80e70b60$210d640a@unfix.org> Message-ID: On Sun, 7 Sep 2003, Jeroen Massar wrote: > You are talking about a route server which I never mentioned. > Maybe an example makes it clear what I mean in JunOS style > from the top of my head, didn't test it as I don't have a > bedside juniper : > > interface lo0 unit 0 family inet6 address 2001:db8:2000::1/64; > interface fe-0/1/0 unit 0 family inet6 address 2001:db8::1/64; > protocols bgp group MyPeer { > type external; > family inet6 unicast; > peer-as 65535l > neighbour 2001:db8::2; > next-hop 2001:db8:2000::1; > } > > Tada, BGP peering established, if the other side sets it up too. Tell me... How does that happen? How does the peering session come up when the route to 2001:db8::2 is "connected via lo0" and even if it COULD come up, how does 2001:db8::2 know how to get back to your "nexthop" of 2001:db8:2000::1? Static routes on both sides? Ahhh... Every participated at an exchange point with 100 peers? Guess what? This is why route-servers were created to begin with. Who wants to join an exchange point and then have to add 100+ static routes to their peering router to make things work? > 2001:db8::/64 == IX prefix > 2001:db8:2000::/64 is out of the providers space, should be > a seperate TLA but there is only one documentation /32. > All traffic going out of this box will have a source IP of > 2001:db8:2000::1 which is globally reachable. Only the > peers will talk to each other using 2001:db8::/64. > How is it that the peers are going to talk to each other on 2001:db8::/64 when you've got the 2001:db8::/64 bound up on lo0 interfaces and the routers know that to get to any address in 2001:db8::/64 they go via lo0? Again, please understand the technology. Using your example, there is absolutely no reason for the EP to even have its own address space. Then again, using your example, there wouldn't be very many peers at the EP, especially when it becomes more of a pain to maintain peering every time a new member joins the EP. As for why 2001:478:: isn't announced as a /32 to bypass filters, it is because there isn't any one common network at every site using 2001:478:: address space for exchange point addressing. Playing on the 6bone and running a real network are two different things. For the matter, attending policy meetings and running a network are two different things. Don't confuse one with the other. As for a URL or book you can read to learn, check out IP routing for dummies. This is very basic stuff. > Thank you for showing you are a real american :) American is a proper noun and I'll thank you to use the appropriate capitolization. *A*merican. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From tvo@EnterZone.Net Sun Sep 7 02:22:01 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sat, 6 Sep 2003 21:22:01 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <000001c374d9$65bcc0a0$0100a8c0@who5> Message-ID: On Sat, 6 Sep 2003, Gregg C Levine wrote: > Hello (again) from Gregg C Levine > Would any of you mind doing me a favor, when this discussion reaches a > good resting point? Please reiterate the whole series of things that > led up to this discussion. > > Oh, and on the sub-subject of ISPs, I happen to know from an earlier > phone call with their support staff, that even though they provide DSL > service for consumer AT&T customers, they haven't plans at the time to > make available IPv6 services. I'm still working on that issue. > ------------------- > Gregg C Levine hansolofalcon@worldnet.att.net Bill Manning made a general announcement (like he has for the two previous years) that folks *may* see chunks of 2001:478::/32 announced as /48's or possibly /64's since it is divided into /48's and /64's for use at IX's that go to EP.NET for address space management. From there, the v6 police decided that since folks can (now) get address space from the RIRs, that every EP that gets address space from EP.NET should now renumber or that someone should announce 2001:478::/32. Nevermind that no ONE entity currently has connectivity to every part of 2001:478::/32 or that this address space has been in use at EPs since BEFORE the RIRs had made address space available for use at IX's. (I don't care if they had policy for it - they weren't handing out address space for this purpose yet.) >From there, Jeroen demonstrated that he didn't understand how exchange points REALLY work and the reason for having all participants in the exchange point share not only the same L2 fabric but also the same L3 LIS so that routes learned from the route-servers have next-hops that are "connected" routes and do not require any further configuration on the part of exchange point participants other than bringing up peering session(s) with the route-server(s). >From there, Jeroen decided to make anti-American remarks, blah blah blah in reference to my lack of patience with people who want to bitch and moan without being in possession of even a fraction of the clue required to understand the technology involved and an obvious lack of experience operating in the environment that address space carved out of 2001:478::/32 is implemented in. It boils down to this: People took offense (for whatever reason) that a single /32 (2001:478::/32) that was not part of address space carved out by the RIRs for use at IX's was being used for addressing IX's. Nevermind the LONG history (pre IPv6) of EP.NET providing address space and management of that address space for exchange points, nevermind the fact that nobody is FORCING them to accept those /48's, nevermind anything. They simply wanted to get bent out of shape because someone besides the RIRs was making address space (from a SINGLE /32) available for use by folks who operate v6 exchange points. Typical 6bone pissing and moaning if you ask me. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From michel@arneill-py.sacramento.ca.us Sun Sep 7 04:35:27 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 6 Sep 2003 20:35:27 -0700 Subject: [6bone] Eastcoast tunnelbrokers.. Message-ID: > Haesu wrote: > We used to do /120 at first when we were just building up > ipv6 network. Now that we have enough users, automatic /64 > assignment is current policy. This does not register with RIR policies. The current unified RIR policy (see 5.4.1 in http://www.arin.net/policy/ipv6_policy.html) recommends assigning /48 to users in the general case, as recommended by RFC3177 http://www.arin.net/library/rfc/rfc3177.txt This policy is common to ARIN, RIPE and APNIC. Michel. From michel@arneill-py.sacramento.ca.us Sun Sep 7 04:38:33 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 6 Sep 2003 20:38:33 -0700 Subject: [6bone] RE: 6bone digest, Vol 1 #388 - 1 msg Message-ID: > Jeroen Massar wrote: > PS: No offense to the other americans None taken. Michel. From michel@arneill-py.sacramento.ca.us Sun Sep 7 04:40:15 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 6 Sep 2003 20:40:15 -0700 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) Message-ID: > Jeroen Massar wrote: > PS: No offense to the other americans None taken. Michel. From michel@arneill-py.sacramento.ca.us Sun Sep 7 05:10:31 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 6 Sep 2003 21:10:31 -0700 Subject: [6bone] 2001:478:: as /48 Message-ID: Jeroen, Would you stop feeding the troll please? I understand that we have not seen Jim F. for a while and that you might have excess troll food but the season's not open yet. Thanks Michel. From haesu@towardex.com Sun Sep 7 05:27:57 2003 From: haesu@towardex.com (Haesu) Date: Sun, 7 Sep 2003 00:27:57 -0400 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: References: Message-ID: <20030907042757.GA48209@scylla.towardex.com> And yes, let us count how many tunnelbrokers are out there today that gives out only a /64 to endusers. And considering we are getting connections from TB's until we work out in getting our own TLA space, how the heck does anyone expect us to abide to "MINIMUM /48" policy when our current TBs only offer a few /48's?? I am fully aware our current /64 assignment "violates" the extremity; but we are working to come to compliance to the RIR policies. And I bleieve the RIR policies apply directly down the chain to LIRs. Well, we are not a LIR yet. Let's not go over the obvious... -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 On Sat, Sep 06, 2003 at 08:35:27PM -0700, Michel Py wrote: > > Haesu wrote: > > We used to do /120 at first when we were just building up > > ipv6 network. Now that we have enough users, automatic /64 > > assignment is current policy. > > This does not register with RIR policies. The current unified RIR policy > (see 5.4.1 in http://www.arin.net/policy/ipv6_policy.html) recommends > assigning /48 to users in the general case, as recommended by RFC3177 > http://www.arin.net/library/rfc/rfc3177.txt > > This policy is common to ARIN, RIPE and APNIC. > > Michel. > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From michel@arneill-py.sacramento.ca.us Sun Sep 7 05:32:33 2003 From: michel@arneill-py.sacramento.ca.us (Michel Py) Date: Sat, 6 Sep 2003 21:32:33 -0700 Subject: [6bone] Eastcoast tunnelbrokers.. Message-ID: > Haesu wrote: > Well, we are not a LIR yet. If you don't mind my asking, why not? If you already are ARIN an member the IPv6 space is free when you already have IPv4 space (last time I checked); it is not too late to become a 6bone pTLA either. Michel. From hansolofalcon@worldnet.att.net Sun Sep 7 05:45:22 2003 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Sun, 7 Sep 2003 00:45:22 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Message-ID: <000001c374fa$d9d707e0$0100a8c0@who5> Also none taken. (No need for my usual greetings.) ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) > -----Original Message----- > From: 6bone-admin@mailman.isi.edu [mailto:6bone-admin@mailman.isi.edu] On > Behalf Of Michel Py > Sent: Saturday, September 06, 2003 11:40 PM > To: 6bone@mailman.isi.edu; Jeroen Massar > Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) > > > Jeroen Massar wrote: > > PS: No offense to the other americans > > None taken. > > Michel. > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From pekkas@netcore.fi Sun Sep 7 06:08:06 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Sun, 7 Sep 2003 08:08:06 +0300 (EEST) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Message-ID: On Sat, 6 Sep 2003, John Fraizer wrote: > On Sun, 7 Sep 2003, Gert Doering wrote: > > > Hi, > > > > On Sat, Sep 06, 2003 at 06:37:27PM -0400, John Fraizer wrote: > > > On the other hand, if that > > > address space is not globally routed, it breaks PMTU-Disc, traceroute, > > > etc. > > > > It does nothing of this, *unless* you're also doing reverse-path filtering > > on your external links (which is a dangerous thing in most cases anyway). > > > > It breaks pinging / tracerouting *to* a specific router on its IXP > > address, indeed, but not *through* the router, which is by far the > > most common usage. > > > Sorry Gert. You don't router IX space and you wind up with the same > issues as are presented by the boneheads who use RFC1918 address space on > VISABLE links in V4 space. *EVERY* link in the chain has to be able to > participate for PMTU-D to properly function. Every link where PMTU changes, you mean. Every link which doesn't use e.g. loopback addresses to send out these ICMP messages, you mean. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From haesu@towardex.com Sun Sep 7 06:34:12 2003 From: haesu@towardex.com (Haesu) Date: Sun, 7 Sep 2003 01:34:12 -0400 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: References: Message-ID: <20030907053412.GA49773@scylla.towardex.com> We are not an ARIN member unfortunately... We get our v4 space from our upstreams. But, soon we will need to request a direct allocation from ARIN, and when that happens, acquiring ipv6 space loan is also high priority. Sorry for pissy mood in my previous reply btw. Some people have replied to me off-list with offers to get bgp feed, and I surely do appreciate them. If there are anyone else who also would like to offer it too, I'll still take it :) As for Viagenie... We wrote them email a while back requesting that, but it went unanswered. But, perhaps they were very busy at the time. I'll try again :) Thanks , -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 On Sat, Sep 06, 2003 at 09:32:33PM -0700, Michel Py wrote: > > Haesu wrote: > > Well, we are not a LIR yet. > > If you don't mind my asking, why not? If you already are ARIN an member > the IPv6 space is free when you already have IPv4 space (last time I > checked); it is not too late to become a 6bone pTLA either. > > Michel. > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From dan@reeder.name Sun Sep 7 07:26:23 2003 From: dan@reeder.name (Dan Reeder) Date: Sun, 7 Sep 2003 16:26:23 +1000 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) References: Message-ID: <003501c37508$f660e800$0200a8c0@dryad> seeing as I can't resisit adding my AU$0.022 (ing GST), I thought I'd contribute by raising this: Wasn't one of the main features of a v6 internet supposed to be the fantastic implementation of hierarchical design brought on by not only RIR management, but co-ordinated and co-operative address aggregation iteself? Whats to stop other people around the rest of the world from designing their networks in this fashion? Personally i think we could then kiss the word "hierarchy" goodbye if that happens. It'd be a veritable schemozzle. I certainly don't agree with this attitude of "if you dont like it, filter it." Dan Reeder ----- Original Message ----- From: "John Fraizer" To: "Gregg C Levine" Cc: <6bone@ISI.EDU> Sent: Sunday, September 07, 2003 11:22 AM Subject: RE: [6bone] non-global address space for IXs (was: 2001:478:: as /48) > > > On Sat, 6 Sep 2003, Gregg C Levine wrote: > > > Hello (again) from Gregg C Levine > > Would any of you mind doing me a favor, when this discussion reaches a > > good resting point? Please reiterate the whole series of things that > > led up to this discussion. > > > > Oh, and on the sub-subject of ISPs, I happen to know from an earlier > > phone call with their support staff, that even though they provide DSL > > service for consumer AT&T customers, they haven't plans at the time to > > make available IPv6 services. I'm still working on that issue. > > ------------------- > > Gregg C Levine hansolofalcon@worldnet.att.net > > > Bill Manning made a general announcement (like he has for the two previous > years) that folks *may* see chunks of 2001:478::/32 announced as /48's or > possibly /64's since it is divided into /48's and /64's for use at IX's > that go to EP.NET for address space management. From there, the v6 police > decided that since folks can (now) get address space from the RIRs, that > every EP that gets address space from EP.NET should now renumber or that > someone should announce 2001:478::/32. Nevermind that no ONE entity > currently has connectivity to every part of 2001:478::/32 or that this > address space has been in use at EPs since BEFORE the RIRs had made > address space available for use at IX's. (I don't care if they had policy > for it - they weren't handing out address space for this purpose yet.) > > From there, Jeroen demonstrated that he didn't understand how exchange > points REALLY work and the reason for having all participants in the > exchange point share not only the same L2 fabric but also the same L3 LIS > so that routes learned from the route-servers have next-hops that are > "connected" routes and do not require any further configuration on the > part of exchange point participants other than bringing up peering > session(s) with the route-server(s). > > From there, Jeroen decided to make anti-American remarks, blah blah blah > in reference to my lack of patience with people who want to bitch and moan > without being in possession of even a fraction of the clue required to > understand the technology involved and an obvious lack of experience > operating in the environment that address space carved out of > 2001:478::/32 is implemented in. > > It boils down to this: People took offense (for whatever reason) that a > single /32 (2001:478::/32) that was not part of address space carved out > by the RIRs for use at IX's was being used for addressing IX's. Nevermind > the LONG history (pre IPv6) of EP.NET providing address space and > management of that address space for exchange points, nevermind the fact > that nobody is FORCING them to accept those /48's, nevermind > anything. They simply wanted to get bent out of shape because someone > besides the RIRs was making address space (from a SINGLE /32) available > for use by folks who operate v6 exchange points. > > Typical 6bone pissing and moaning if you ask me. > > -- > John Fraizer > EnterZone, Inc > (13944+$|13944+_14813+$|13944+_17266+$) > PGP Key = 6C5903C4 > Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From Robert.Kiessling@de.easynet.net Sun Sep 7 11:33:21 2003 From: Robert.Kiessling@de.easynet.net (Robert Kiessling) Date: Sun, 07 Sep 2003 11:33:21 +0100 Subject: [6bone] non-global address space for IXs In-Reply-To: (John Fraizer's message of "Sat, 6 Sep 2003 19:25:58 -0400 (EDT)") References: Message-ID: John Fraizer writes: > Sorry Gert. You don't router IX space and you wind up with the same > issues as are presented by the boneheads who use RFC1918 address space on > VISABLE links in V4 space. No. The addresses are unique, while RFC1918 addresses are not. They have PTRs while RFC1918 has not. > *EVERY* link in the chain has to be able to > participate for PMTU-D to properly function. You only need to send ICMP mit *source* address in the IXP mesh and this is easily possible. Pity to see that the FUD that IXP addresses have to be routed is still around. Robert From jeroen@unfix.org Sun Sep 7 11:56:17 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 7 Sep 2003 12:56:17 +0200 Subject: [6bone] Eastcoast tunnelbrokers.. In-Reply-To: <20030907042757.GA48209@scylla.towardex.com> Message-ID: <002101c3752e$aa56b360$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Haesu wrote: > And yes, let us count how many tunnelbrokers are out there > today that gives out only a /64 to endusers. > > And considering we are getting connections from TB's until we > work out in getting our own TLA space, how the heck does > anyone expect us to abide to "MINIMUM /48" policy when our > current TBs only offer a few /48's?? HE.Net, Freenet6, SixXS, XS26 and Dolphins do all give out /48's. The only one not doing it is the IPng POP of SixXS which gives out /127's as tunnels and /60's as subnets. Any other takers? I also wonder why you are redistributing tunnelbroker space as now all traffic will be going: enduser ---[ipv6 in ipv4]--> you ---[ipv6 in ipv4]--> he.net Which will also cost a lot of latency for the enduser :( And that user would be off quicker using he.net directly IMHO. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1sO0SmqKFIzPnwjEQIMMACeK0J+k+iDByTEwP7qm6d5VGcV/d0AnR9D jHHeCXkmj22Bv30Aqpb2H5FT =JYFo -----END PGP SIGNATURE----- From bmanning@ISI.EDU Sun Sep 7 13:24:49 2003 From: bmanning@ISI.EDU (Bill Manning) Date: Sun, 7 Sep 2003 05:24:49 -0700 (PDT) Subject: [6bone] non-global address space for IXs In-Reply-To: from Robert Kiessling at "Sep 7, 3 11:33:21 am" Message-ID: <200309071224.h87COnw19391@boreas.isi.edu> % > *EVERY* link in the chain has to be able to % > participate for PMTU-D to properly function. % % You only need to send ICMP mit *source* address in the IXP mesh and % this is easily possible. % % Pity to see that the FUD that IXP addresses have to be routed is still % around. % % Robert This snippet may be useful. Some of us -REALLY- tried to not have non-aggregatable "holes" in the IPv6 space by making use of IPv6 features. Unfortunately, others were unwilling to make the changes in mindset. Link-local use at/over exchanges would have been so much nicer. Reduced need for "special" space and all that. Oh well. http://mailman.isi.edu/pipermail/6bone/2002-June/005605.html --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). From bortzmeyer@gitoyen.net Sun Sep 7 13:57:15 2003 From: bortzmeyer@gitoyen.net (Stephane Bortzmeyer) Date: Sun, 07 Sep 2003 14:57:15 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: (John Fraizer 's message of Fri, 05 Sep 2003 19:03:30 EDT) Message-ID: <200309071257.h87CvFxi008302@ludwigV.sources.org> On Friday 5 September 2003, at 19 h 3, John Fraizer wrote: > > Note that some ISP's drop no-export's ... > And those ISPs should be flogged and have their peering sessions > admin-downed OpenTransit does it (and therefore the local replica of F.ROOT-SERVERS.NET in HonkKong is announced world-wide). You want to sever links with OpenTransit? From bortzmeyer@gitoyen.net Sun Sep 7 14:07:02 2003 From: bortzmeyer@gitoyen.net (Stephane Bortzmeyer) Date: Sun, 07 Sep 2003 15:07:02 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030907011440.Z67740@Space.Net> (Gert Doering 's message of Sun, 07 Sep 2003 01:14:40 +0200) Message-ID: <200309071307.h87D72xi008632@ludwigV.sources.org> On Sunday 7 September 2003, at 1 h 14, Gert Doering wrote: > > address space is not globally routed, it breaks PMTU-Disc, traceroute, > > etc. > > It does nothing of this, *unless* you're also doing reverse-path filtering > on your external links Even if you do not filter incoming unsollicited ICMP, many networks filter incoming RFC 1918 packets and therefore you will lose the PMTU messages. > It breaks pinging / tracerouting *to* a specific router on its IXP > address, indeed, but not *through* the router, which is by far the > most common usage. It does break traceroute through the router. If two routers on the path use the same RFC 1918 address, imagine the difficulty of interpreting that traceroute output? Or of comparing two traceroutes? I agree with Robert Kiessling that non-announced - or announced-but-filtered - addresses are *less* a problem than RFC 1918, until people start filtering incoming packets whose IP source address is not in an announced block... From jeroen@unfix.org Sun Sep 7 14:47:58 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 7 Sep 2003 15:47:58 +0200 Subject: [6bone] non-global address space for IXs In-Reply-To: <200309071224.h87COnw19391@boreas.isi.edu> Message-ID: <003301c37546$a6288620$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Manning wrote: > % > *EVERY* link in the chain has to be able to > % > participate for PMTU-D to properly function. > % > % You only need to send ICMP mit *source* address in the IXP mesh and > % this is easily possible. > % > % Pity to see that the FUD that IXP addresses have to be routed is still > % around. > % > % Robert > > > This snippet may be useful. Some of us -REALLY- tried to > not have non-aggregatable "holes" in the IPv6 space by > making use of IPv6 features. Unfortunately, others were unwilling > to make the changes in mindset. Link-local use at/over > exchanges would have been so much nicer. Reduced need for > "special" space and all that. Oh well. > > http://mailman.isi.edu/pipermail/6bone/2002-June/005605.html Indeed quite interresting to see that more people seem to realize that this approach is workable even though one person with apparently quite a lot of knowledge doesn't seem to see my point :) The fact that some people can't configure (read: forget the next-hop-self) is easily bypassed ofcourse. The link-locals should be on your filter list anyways, which is the case even when using the relaxed filtering which is still the recommended thing for the time being. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1s3DSmqKFIzPnwjEQJ1YgCfTv/w0l6/xEN+yRoMk0Sm+vmfLU4AoJgb 92972JPdS2b2x/xX5k4pMFvT =1jF0 -----END PGP SIGNATURE----- From jeroen@unfix.org Sun Sep 7 14:53:54 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 7 Sep 2003 15:53:54 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309071307.h87D72xi008632@ludwigV.sources.org> Message-ID: <003601c37547$7a780680$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Stephane Bortzmeyer [mailto:bortzmeyer@gitoyen.net] wrote: > On Sunday 7 September 2003, at 1 h 14, > Gert Doering wrote: > > > > address space is not globally routed, it breaks PMTU-Disc, traceroute, > > > etc. > > > > It does nothing of this, *unless* you're also doing reverse-path filtering > > on your external links > > Even if you do not filter incoming unsollicited ICMP, many networks filter > incoming RFC 1918 packets and therefore you will lose the PMTU messages. Fortunatly IX Prefixes are globally unique, so this is not the case. Having RFC1918 or other possibly non-globally unique addresses on the wire is a bad thing(tm). We got rid of site-locals fortunatly :) > I agree with Robert Kiessling that non-announced - or > announced-but-filtered - addresses are *less* a problem than > RFC 1918, until people start filtering incoming packets whose > IP source address is not in an announced block... Fortunatly the IX prefixes are well known and have been established through global policy. Making an exception for it then would not be a huge problem. People who filter should also be aware of the consequences :) >From your other reply: > > > Note that some ISP's drop no-export's > ... > > And those ISPs should be flogged and have their peering sessions > > admin-downed > > OpenTransit does it (and therefore the local replica of F.ROOT-SERVERS.NET > in HonkKong is announced world-wide). You want to sever links with OpenTransit? OpenTransit should be flogged in that case :) glbx and Tiscali drop some no-export's too, they should obey it. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP1s4ZimqKFIzPnwjEQL7pwCfSD5uN8vZEwvLtqCvurofcH1CeLUAoLv5 8R7iehxDV8S5qJgVKA2nj2rr =Qk/o -----END PGP SIGNATURE----- From Robert.Kiessling@de.easynet.net Sun Sep 7 15:55:45 2003 From: Robert.Kiessling@de.easynet.net (Robert Kiessling) Date: Sun, 07 Sep 2003 15:55:45 +0100 Subject: [6bone] non-global address space for IXs In-Reply-To: <200309071224.h87COnw19391@boreas.isi.edu> (Bill Manning's message of "Sun, 7 Sep 2003 05:24:49 -0700 (PDT)") References: <200309071224.h87COnw19391@boreas.isi.edu> Message-ID: Bill Manning writes: > This snippet may be useful. Some of us -REALLY- tried to > not have non-aggregatable "holes" in the IPv6 space by > making use of IPv6 features. Unfortunately, others were unwilling > to make the changes in mindset. Link-local use at/over > exchanges would have been so much nicer. I don't think that hiding IXPs from traceroutes is much nicer. And then there's implementation issues - more complex, so more possibilities for errors (right ICMP source address, etc.). Robert From tvo@EnterZone.Net Sun Sep 7 16:18:15 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sun, 7 Sep 2003 11:18:15 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309071257.h87CvFxi008302@ludwigV.sources.org> Message-ID: On Sun, 7 Sep 2003, Stephane Bortzmeyer wrote: > On Friday 5 September 2003, at 19 h 3, > John Fraizer wrote: > > > > Note that some ISP's drop no-export's > ... > > And those ISPs should be flogged and have their peering sessions > > admin-downed > > OpenTransit does it (and therefore the local replica of > F.ROOT-SERVERS.NET in HonkKong is announced world-wide). You want to > sever links with OpenTransit? If they din't honor my no-export communities, you bet your life I'd sever links with OT. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From gert@space.net Sun Sep 7 16:34:19 2003 From: gert@space.net (Gert Doering) Date: Sun, 7 Sep 2003 17:34:19 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: ; from nsp-security@enterzone.net on Sat, Sep 06, 2003 at 07:19:26PM -0400 References: <20030907011440.Z67740@Space.Net> Message-ID: <20030907173419.E67740@Space.Net> Hi, On Sat, Sep 06, 2003 at 07:19:26PM -0400, John Fraizer wrote: > Sorry Gert. You don't router IX space and you wind up with the same > issues as are presented by the boneheads who use RFC1918 address space on > VISABLE links in V4 space. *EVERY* link in the chain has to be able to > participate for PMTU-D to properly function. Reachability of addresses (because they're visible in the routing table) has NOTHING to do with the function of PMTU-D. PMTU-D has those addresses in the *source* of the packet, not in the destination. Source IP Filtering (as in "dropping packets sourced from there") will break PMTU-D. Route filtering (as in "not knowing where to send answer packets to", which isn't needed here) won't. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From gert@space.net Sun Sep 7 16:35:37 2003 From: gert@space.net (Gert Doering) Date: Sun, 7 Sep 2003 17:35:37 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309071307.h87D72xi008632@ludwigV.sources.org>; from bortzmeyer@gitoyen.net on Sun, Sep 07, 2003 at 03:07:02PM +0200 References: <20030907011440.Z67740@Space.Net> <200309071307.h87D72xi008632@ludwigV.sources.org> Message-ID: <20030907173537.F67740@Space.Net> Hi, On Sun, Sep 07, 2003 at 03:07:02PM +0200, Stephane Bortzmeyer wrote: > > > address space is not globally routed, it breaks PMTU-Disc, traceroute, > > > etc. > > It does nothing of this, *unless* you're also doing reverse-path filtering > > on your external links > > Even if you do not filter incoming unsollicited ICMP, many networks filter > incoming RFC 1918 packets and therefore you will lose the PMTU messages. Uh? Who's talking IPv4 and RFC1918 here? > > It breaks pinging / tracerouting *to* a specific router on its IXP > > address, indeed, but not *through* the router, which is by far the > > most common usage. > > It does break traceroute through the router. If two routers on the path use the same RFC 1918 address, imagine the difficulty of interpreting that traceroute output? Or of comparing two traceroutes? Who's talking RFC1918? Who's talking non-unique addresses? We're talking about IXPs using globally unique address that just happen to be not visible in the routing table everywhere. That's a slight difference. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tvo@EnterZone.Net Sun Sep 7 19:41:25 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Sun, 7 Sep 2003 14:41:25 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030907173419.E67740@Space.Net> Message-ID: On Sun, 7 Sep 2003, Gert Doering wrote: > Hi, > > On Sat, Sep 06, 2003 at 07:19:26PM -0400, John Fraizer wrote: > > Sorry Gert. You don't router IX space and you wind up with the same > > issues as are presented by the boneheads who use RFC1918 address space on > > VISABLE links in V4 space. *EVERY* link in the chain has to be able to > > participate for PMTU-D to properly function. > > Reachability of addresses (because they're visible in the routing > table) has NOTHING to do with the function of PMTU-D. > > PMTU-D has those addresses in the *source* of the packet, not in the > destination. > > Source IP Filtering (as in "dropping packets sourced from there") will > break PMTU-D. Route filtering (as in "not knowing where to send > answer packets to", which isn't needed here) won't. > Gert, If you're not running RPF, I have to ask, Why Not? Do you just want desperately to be the source of spoofed traffic? RPF, combined with IX address space not being in the routing table will break PMTU-D. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From gert@space.net Sun Sep 7 20:26:02 2003 From: gert@space.net (Gert Doering) Date: Sun, 7 Sep 2003 21:26:02 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: ; from tvo@EnterZone.Net on Sun, Sep 07, 2003 at 02:41:25PM -0400 References: <20030907173419.E67740@Space.Net> Message-ID: <20030907212602.I67740@Space.Net> Hi, On Sun, Sep 07, 2003 at 02:41:25PM -0400, John Fraizer wrote: > > Source IP Filtering (as in "dropping packets sourced from there") will > > break PMTU-D. Route filtering (as in "not knowing where to send > > answer packets to", which isn't needed here) won't. > > If you're not running RPF, I have to ask, Why Not? Do you just want > desperately to be the source of spoofed traffic? Running uRPF *towards our customers* will prevent sourcing of spoofed traffic from our network. Which is good, and which we do. Which you know. Running uRPF towards our upstream doesn't help that much (we *do* have access-list based filters that prevent spoofed packets carrying our source addresses from coming in that way) but is much more likely to break things. > RPF, combined with IX address space not being in the routing table will > break PMTU-D. Sure. (Which actually makes the whole discussion turn into a circle - as it *might* break things for some people, it's not overly useful to go for an IXP addressing system that is quite likely to hit default filtering rules full-speed). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From mcr@sandelman.ottawa.on.ca Sun Sep 7 20:57:14 2003 From: mcr@sandelman.ottawa.on.ca (Michael Richardson) Date: Sun, 07 Sep 2003 15:57:14 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Sun, 07 Sep 2003 14:41:25 EDT." Message-ID: <29352.1062964634@marajade.sandelman.ottawa.on.ca> -----BEGIN PGP SIGNED MESSAGE----- >>>>> "John" == John Fraizer writes: John> Gert, John> If you're not running RPF, I have to ask, Why Not? Do you just want John> desperately to be the source of spoofed traffic? If one runs RPF on the customer facing interfaces, that is usually enough. I'm surprised that you are able to run RPF on interfaces that point into a DFZ. Maybe there is magic I don't know about. If one has customers purchasing transit at an IX, then the IX interface becomes a customer facing one, sure. But, in that context, I don't see why you wouldn't take that connected route (to the IX) and distribute it internally. (We certainly find it useful to be able to ping our peers and vendor's interfaces to make sure they are up...) So, the only time that RPF would kill you is if the packet transitted multiple IXs, and had MTU constraints at the "distant" IX. ] Out and about in Ottawa. hmmm... beer. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys - custom hacks make this fully PGP2 compat iQCVAwUBP1uNmYqHRg3pndX9AQHVsQQAqoyeLhBXb7k+myYTFnHru/mol7G/JDdL xzhGnGnG62rqFZr8sxy8jTUPXtWMipU8wiPB58HoHug2qyqe99pNqWqblNUw1ZE1 66QmQJnh0e+bD3sWg3+x5wIY53bqxEgVIrXe5aArpIBiBITb+y8z1Tfi9zlL+DwS bw7hNhxNp/k= =olfk -----END PGP SIGNATURE----- From arien+6bone@ams-ix.net Sun Sep 7 22:30:01 2003 From: arien+6bone@ams-ix.net (Arien Vijn) Date: Sun, 7 Sep 2003 23:30:01 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Message-ID: <6FFCE8CF-E17A-11D7-A8CD-00039364C8C0@ams-ix.net> On zondag, september 7, 2003, at 08:41 PM, John Fraizer wrote: > RPF, combined with IX address space not being in the routing table will > break PMTU-D. That remains to be seen. Typically all interfaces in IX peering LANs have the same MTU. How likely is it that a router takes the peering LAN address as source address for a packet too big message? Has anyone ever investigated the behaviour of the various router implementations? There is a reason why IX space should not be exported, namely to prevent routing issues. Since eBGP learned routes are better than a iBGP learned routes. Arien From haesu@towardex.com Sun Sep 7 23:14:08 2003 From: haesu@towardex.com (Haesu) Date: Sun, 7 Sep 2003 18:14:08 -0400 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030907212602.I67740@Space.Net> References: <20030907173419.E67740@Space.Net> <20030907212602.I67740@Space.Net> Message-ID: <20030907221408.GA85503@scylla.towardex.com> > > Running uRPF towards our upstream doesn't help that much (we *do* have > access-list based filters that prevent spoofed packets carrying our > source addresses from coming in that way) but is much more likely to > break things. I second that;although using loose-check uRPF on upstreams would work fine in general. My consensus is that 'why should I recv a packet if it does not exist in routing table?' -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 From stuart@tech.org Sun Sep 7 23:29:50 2003 From: stuart@tech.org (Stephen Stuart) Date: Sun, 07 Sep 2003 15:29:50 -0700 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Sun, 07 Sep 2003 23:30:01 +0200." <6FFCE8CF-E17A-11D7-A8CD-00039364C8C0@ams-ix.net> Message-ID: <200309072229.h87MToNk001948@lo.tech.org> > There is a reason why IX space should not be exported, namely to > prevent routing issues. Since eBGP learned routes are better than a > iBGP learned routes. Some networks define BGP policy to correct that behavior with respect to IX networks. Some networks put IX connected routes into their IGP, overriding BGP (I occasionally have to remind a network that "passive" is desirable in that regard). Regardless of the specific details, networks have the ability to put mechanisms into place to prevent themselves from learning external paths to what should be connected routes, rather than relying on other networks not to announce them. Stephen From stuart@tech.org Sun Sep 7 23:36:58 2003 From: stuart@tech.org (Stephen Stuart) Date: Sun, 07 Sep 2003 15:36:58 -0700 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Sun, 07 Sep 2003 11:18:15 EDT." Message-ID: <200309072236.h87MawNk001999@lo.tech.org> > > On Sun, 7 Sep 2003, Stephane Bortzmeyer wrote: > > > On Friday 5 September 2003, at 19 h 3, > > John Fraizer wrote: > > > > > > Note that some ISP's drop no-export's > > ... > > > And those ISPs should be flogged and have their peering sessions > > > admin-downed > > > > OpenTransit does it (and therefore the local replica of > > F.ROOT-SERVERS.NET in HonkKong is announced world-wide). You want to > > sever links with OpenTransit? > > If they din't honor my no-export communities, you bet your life I'd sever > links with OT. ISC's policy for satellite f-root route distribution is that no-export may be stripped so that a network peering with a satellite f-root can distribute the route in question to its customers. See http://www.isc.org/peering/#policy for details. Stephen From gert@space.net Mon Sep 8 08:49:25 2003 From: gert@space.net (Gert Doering) Date: Mon, 8 Sep 2003 09:49:25 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030907221408.GA85503@scylla.towardex.com>; from haesu@towardex.com on Sun, Sep 07, 2003 at 06:14:08PM -0400 References: <20030907173419.E67740@Space.Net> <20030907212602.I67740@Space.Net> <20030907221408.GA85503@scylla.towardex.com> Message-ID: <20030908094925.L67740@Space.Net> Hi, On Sun, Sep 07, 2003 at 06:14:08PM -0400, Haesu wrote: > I second that;although using loose-check uRPF on upstreams would work fine in > general. My consensus is that 'why should I recv a packet if it does not > exist in routing table?' Because it will break PMTUD in those cases (and, more frequent, in the case of stupid ISPs that use RFC1918 transit networks and send ICMPs from those source addresses). In a world where everybody knows what he's doing, upstream "loose uRPF" should be fine (but in that world you wouldn't need it either). *sigh*. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From arien+6bone@ams-ix.net Mon Sep 8 09:18:38 2003 From: arien+6bone@ams-ix.net (Arien Vijn) Date: Mon, 8 Sep 2003 10:18:38 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Message-ID: <0C9A1525-E1D5-11D7-9736-00039364C8C0@ams-ix.net> On maandag, september 8, 2003, at 02:14 AM, John Fraizer wrote: > On Sun, 7 Sep 2003, Arien Vijn wrote: > >> There is a reason why IX space should not be exported, namely to >> prevent routing issues. Since eBGP learned routes are better than a >> iBGP learned routes. >> >> Arien > > And IGP routes (IE: Your peering interface is going to be a connected > route to the IX address space) beat EGP routes for a reason. You're > not > running an IGP for what reason? > Happen to work for an IXP and we get complains about this as peering LAN prefixes do leak out from time to time. That is the reason why we announce the peering LAN prefix with the no-export community string. But as Stephen Stuart rightly pointed out: networks should not rely on announcements of others. However nobody seems to have an answer on the question in the first part of my posting. Which I regard as more important then a well known issue like the one above. Arien From koch@tiscali.net Mon Sep 8 09:53:36 2003 From: koch@tiscali.net (Alexander Koch) Date: Mon, 8 Sep 2003 10:53:36 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309072236.h87MawNk001999@lo.tech.org> References: <200309072236.h87MawNk001999@lo.tech.org> Message-ID: <20030908085336.GA8445@shekinah.ip.tiscali.net> On Sun, 7 September 2003 15:36:58 -0700, Stephen Stuart wrote: > > If they din't honor my no-export communities, you bet > > your life I'd sever links with OT. > > ISC's policy for satellite f-root route distribution is that no-export > may be stripped so that a network peering with a satellite f-root can > distribute the route in question to its customers. Sure, but I am not allowed to do v6 transit for the NYIIX node. It's v6, you know... v6. PAIX and v6 is coming soon for us, arguably, but still that policy makes me use the PAIX F sent to me by fine HE which we meet in NYIIX and Equi6IX in Ashburn... Any chances of this being changed? Alexander From koch@tiscali.net Mon Sep 8 09:58:08 2003 From: koch@tiscali.net (Alexander Koch) Date: Mon, 8 Sep 2003 10:58:08 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <003601c37547$7a780680$210d640a@unfix.org> References: <200309071307.h87D72xi008632@ludwigV.sources.org> <003601c37547$7a780680$210d640a@unfix.org> Message-ID: <20030908085808.GB8445@shekinah.ip.tiscali.net> On Sun, 7 September 2003 15:53:54 +0200, Jeroen Massar wrote: > > OpenTransit does it (and therefore the local replica of > > F.ROOT-SERVERS.NET in HonkKong is announced world-wide). > > You want to sever links with OpenTransit? > > OpenTransit should be flogged in that case :) Opentransit has had no community setup yet, so Fabien did not have any other chance than sending full table or nothing. I do not if that has changed by now. > glbx and Tiscali drop some no-export's too, they should obey it. In fact we overwrite every prefix with a set of well- defined community settings according to the countries where it enters our network. Let me know the prefixes in question and I'm happy to work things out! Regards, Alexander From sabri@cluecentral.net Mon Sep 8 10:46:42 2003 From: sabri@cluecentral.net (Sabri Berisha) Date: Mon, 8 Sep 2003 11:46:42 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <6FFCE8CF-E17A-11D7-A8CD-00039364C8C0@ams-ix.net>; from arien+6bone@ams-ix.net on Sun, Sep 07, 2003 at 11:30:01PM +0200 References: <6FFCE8CF-E17A-11D7-A8CD-00039364C8C0@ams-ix.net> Message-ID: <20030908114642.A66213@cluecentral.net> On Sun, Sep 07, 2003 at 11:30:01PM +0200, Arien Vijn wrote: > On zondag, september 7, 2003, at 08:41 PM, John Fraizer wrote: > > > RPF, combined with IX address space not being in the routing table will > > break PMTU-D. > > That remains to be seen. Typically all interfaces in IX peering LANs > have the same MTU. How likely is it that a router takes the peering LAN > address as source address for a packet too big message? Has anyone ever > investigated the behaviour of the various router implementations? AFAIK most routers router use the IP on the interface the outgoing packet is originating from as the source IP for the packet. That means that if a packet is routed through the shared medium, the IXP's prefix will be used in the ICMP packet. This breaks pmtud in 2 ways: less clueful admins filtering the IX's prefix as a bogon, and (if the prefix is not in the global table) on routers which check the source of packets for a route in their routing table. My experience comes from having a tunnel at home with a mtu of 1480 for over 3 years now. Amazing how many networks are improperly configured.. -- Sabri Berisha "I route, therefore you are" "Wij doen niet aan default gateways" - anonymous engineer bij een DSL klant. From tvo@EnterZone.Net Mon Sep 8 13:38:48 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Mon, 8 Sep 2003 08:38:48 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030908094925.L67740@Space.Net> Message-ID: On Mon, 8 Sep 2003, Gert Doering wrote: > Hi, > > On Sun, Sep 07, 2003 at 06:14:08PM -0400, Haesu wrote: > > general. My consensus is that 'why should I recv a packet if it does not > > exist in routing table?' > > Because it will break PMTUD in those cases (and, more frequent, in the > case of stupid ISPs that use RFC1918 transit networks and send ICMPs from > those source addresses). I tend to lean towards preventing spoofed packets from entering my network over keeping PMTU-D alive. RFC1918 address space is dropped - period the end, as are all other known BOGONs. Address space to which we have to return address is also dropped. To not do so presents two problems: (1) It allows "spoofed" attacks to make it into our network. (2) It perpetuates the existance clueless operators. IE; if they can't communicate with RESPONSIBLE networks, they might just find some clue and fix their networks! > > In a world where everybody knows what he's doing, upstream "loose uRPF" > should be fine (but in that world you wouldn't need it either). *sigh*. Gert, I'm not trying to be elitist here but, in THIS world, I'm not going to bend over backwards to allow broken networks to communicate to or through my network. If they're broken, the operative word is "THEY'RE" and it is THEIR problem, not mine. Why should I drop shields because some bonehead decided to use RFC1918 space on WAN links where MTU changes or because some other bonehead "made up" an address range to use "internally" and then misconfigured NAT on his border devices, and is thus spewing packets from invalid (read: hijacked) address space? If they're broken, they're broken and to change common convention to accomodate them will only serve to KEEP them broken. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From tvo@EnterZone.Net Mon Sep 8 13:48:55 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Mon, 8 Sep 2003 08:48:55 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030908085808.GB8445@shekinah.ip.tiscali.net> Message-ID: On Mon, 8 Sep 2003, Alexander Koch wrote: > On Sun, 7 September 2003 15:53:54 +0200, Jeroen Massar wrote: > > > OpenTransit does it (and therefore the local replica of > > > F.ROOT-SERVERS.NET in HonkKong is announced world-wide). > > > You want to sever links with OpenTransit? > > > > OpenTransit should be flogged in that case :) > > Opentransit has had no community setup yet, so Fabien did > not have any other chance than sending full table or nothing. > I do not if that has changed by now. Ther don't need to set up their own community to honor the "well known" community "no-export". Every compliant BGP implementation honors no-export unless you explicitly strip that community from routes on their way in. > > > glbx and Tiscali drop some no-export's too, they should obey it. > > In fact we overwrite every prefix with a set of well- > defined community settings according to the countries where > it enters our network. Let me know the prefixes in question > and I'm happy to work things out! > Perhaps you should look at using "additive" vs overwriting the communities. At the very minimum, you shouldn't strip off the "no-export" community. I realize that it can be a pain to strip SOME communities but not ALL communities. Believe me - I know. I posted a very detailed configuration not too long ago that does just that though. You define the communities that you will be using internally and those communities are stripped on the way in if they're on the prefixes. Again though - "no-export" should not be stripped and should ALWAYS be honored. In the case of opentransit not stripping it so they can "show it" to their customers, they don't need to show it to their customers. If it's an anycast prefix thats being used, and their customer tries to go to that anycast address, once the traffic makes it onto OT's network - they're going to send it to the closest one. They don't need to leak the "no-export" tagged routes to make that work. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From gert@space.net Mon Sep 8 14:33:13 2003 From: gert@space.net (Gert Doering) Date: Mon, 8 Sep 2003 15:33:13 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: ; from tvo@EnterZone.Net on Mon, Sep 08, 2003 at 08:48:55AM -0400 References: <20030908085808.GB8445@shekinah.ip.tiscali.net> Message-ID: <20030908153313.W67740@Space.Net> Hi, On Mon, Sep 08, 2003 at 08:48:55AM -0400, John Fraizer wrote: > In the case of opentransit not stripping it so they can "show it" to their > customers, they don't need to show it to their customers. If it's an > anycast prefix thats being used, and their customer tries to go to that > anycast address, once the traffic makes it onto OT's network - they're > going to send it to the closest one. They don't need to leak the > "no-export" tagged routes to make that work. It's not that easy. In the case of downstream BGP customers that do not have a default-route, you can run into the interesting case of "both upstreams have the anycast prefix in their table, neither is sending it to this customer (due to no-export) and thus the prefix is not visible *at all* by the customer". ISPs with BGP "full table, please" customers shouldn't suppress prefixes unless there's really good reason for it. (Note that I'm not talking about peers, or "partial route" customers, or whatever else might be around) Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 55575 (56535) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From tvo@enterzone.net Mon Sep 8 14:43:01 2003 From: tvo@enterzone.net (John Fraizer) Date: Mon, 8 Sep 2003 09:43:01 -0400 (EDT) Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <20030908153313.W67740@Space.Net> Message-ID: On Mon, 8 Sep 2003, Gert Doering wrote: > Hi, > > On Mon, Sep 08, 2003 at 08:48:55AM -0400, John Fraizer wrote: > > anycast address, once the traffic makes it onto OT's network - they're > > going to send it to the closest one. They don't need to leak the > > "no-export" tagged routes to make that work. > > It's not that easy. In the case of downstream BGP customers that do not > have a default-route, you can run into the interesting case of "both > upstreams have the anycast prefix in their table, neither is sending > it to this customer (due to no-export) and thus the prefix is not > visible *at all* by the customer". > > ISPs with BGP "full table, please" customers shouldn't suppress prefixes > unless there's really good reason for it. > > (Note that I'm not talking about peers, or "partial route" customers, or > whatever else might be around) > In this case, I would recommend that the ISP do something along the lines of: RX the anycast prefix, strip the "no-export" from it, tag it with an internal community that causes it to be announced ONLY to BGP full-routes customers TAGGED no-export. Another "fix" would be to simply have the customer static route for that prefix. It's not as nice but, it would make it work. -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From koch@tiscali.net Mon Sep 8 15:00:42 2003 From: koch@tiscali.net (Alexander Koch) Date: Mon, 8 Sep 2003 16:00:42 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: References: <20030908153313.W67740@Space.Net> Message-ID: <20030908140042.GA10157@shekinah.ip.tiscali.net> John, On Mon, 8 September 2003 09:43:01 -0400, John Fraizer wrote: [..] > In this case, I would recommend that the ISP do something along the lines > of: > > RX the anycast prefix, strip the "no-export" from it, tag it with an > internal community that causes it to be announced ONLY to BGP full-routes > customers TAGGED no-export. that's what I do... ;-) The routes mentioned are routes received at an IX, so only we see it and all customers receiving a full table. As v6 is not yet perfect some ppl in the US see it from us, and they send it further -- just those 'full routes to everyone' ones. Regards, Alexander -- Alexander Koch / ako4-ripe IP Engineering, Tiscali International Network Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany Phone +49 6103 916 480, Fax +49 6103 916 464 From pekkas@netcore.fi Mon Sep 8 16:28:21 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 8 Sep 2003 18:28:21 +0300 (EEST) Subject: ignoring no-export [Re: [6bone] non-global address space for IXs (was: 2001:478:: as /48)] In-Reply-To: Message-ID: On Mon, 8 Sep 2003, John Fraizer wrote: > On Mon, 8 Sep 2003, Alexander Koch wrote: > > > On Sun, 7 September 2003 15:53:54 +0200, Jeroen Massar wrote: > > > > OpenTransit does it (and therefore the local replica of > > > > F.ROOT-SERVERS.NET in HonkKong is announced world-wide). > > > > You want to sever links with OpenTransit? > > > > > > OpenTransit should be flogged in that case :) > > > > Opentransit has had no community setup yet, so Fabien did > > not have any other chance than sending full table or nothing. > > I do not if that has changed by now. > > Ther don't need to set up their own community to honor the "well > known" community "no-export". Every compliant BGP implementation honors > no-export unless you explicitly strip that community from routes on their > way in. [...] Unfortunately, Cisco does not belong to this category. Yes, they're aware of the problem, there's a PR.. and they've given it quite a low priority. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From tvo@EnterZone.Net Mon Sep 8 16:34:13 2003 From: tvo@EnterZone.Net (John Fraizer) Date: Mon, 8 Sep 2003 11:34:13 -0400 (EDT) Subject: ignoring no-export [Re: [6bone] non-global address space for IXs (was: 2001:478:: as /48)] In-Reply-To: Message-ID: On Mon, 8 Sep 2003, Pekka Savola wrote: > On Mon, 8 Sep 2003, John Fraizer wrote: > > known" community "no-export". Every compliant BGP implementation honors > > no-export unless you explicitly strip that community from routes on their > > way in. > [...] > > Unfortunately, Cisco does not belong to this category. Yes, they're aware > of the problem, there's a PR.. and they've given it quite a low priority. > Um, which train? No-export works just fine on our Cisco 7513: Border4>sh ver Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-PV-M), Version 12.1(8a)E2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 04-Aug-01 16:18 by hqluong Image text-base: 0x60010958, data-base: 0x611E4000 ROM: System Bootstrap, Version 12.0(10r)S1, RELEASE SOFTWARE (fc1) BOOTFLASH: RSP Software (RSP-PV-M), Version 12.1(8a)E2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Border4 uptime is 42 weeks, 2 days, 13 hours, 22 minutes System returned to ROM by processor memory parity error at PC 0x6037EC98, address 0x0 at 21:09:31 EST Fri Nov 15 2002 System restarted at 21:10:16 EST Fri Nov 15 2002 System image file is "slot0:rsp-pv-mz_121-8a_E2.bin" cisco RSP8 (R7000) processor with 262144K/8216K bytes of memory. R7000 CPU at 250Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache Last reset from power-on G.703/E1 software, Version 1.0. G.703/JT2 software, Version 1.0. X.25 software, Version 3.0.0. Primary Rate ISDN software, Version 1.1. Chassis Interface. 1 GEIP controller (1 GigabitEthernet). 3 VIP2 controllers (2 FastEthernet)(8 Ethernet)(2 Serial)(8 T1). 7 VIP2 R5K controllers (6 FastEthernet)(3 ATM)(1 POS). 8 Ethernet/IEEE 802.3 interface(s) 8 FastEthernet/IEEE 802.3 interface(s) 1 Gigabit Ethernet/IEEE 802.3 interface(s) 4 Serial network interface(s) 3 ATM network interface(s) 1 Packet over SONET network interface(s) 2043K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 16384K bytes of Flash internal SIMM (Sector size 256K). No slave installed in slot 7. Configuration register is 0x2 -- John Fraizer EnterZone, Inc (13944+$|13944+_14813+$|13944+_17266+$) PGP Key = 6C5903C4 Fingerprint = 2AA6 6614 1B5E EDD2 38AD C417 3E61 F975 6C59 03C4 From pekkas@netcore.fi Mon Sep 8 16:53:40 2003 From: pekkas@netcore.fi (Pekka Savola) Date: Mon, 8 Sep 2003 18:53:40 +0300 (EEST) Subject: ignoring no-export [Re: [6bone] non-global address space for IXs (was: 2001:478:: as /48)] In-Reply-To: Message-ID: On Mon, 8 Sep 2003, John Fraizer wrote: > On Mon, 8 Sep 2003, Pekka Savola wrote: > > > On Mon, 8 Sep 2003, John Fraizer wrote: > > > known" community "no-export". Every compliant BGP implementation honors > > > no-export unless you explicitly strip that community from routes on their > > > way in. > > [...] > > > > Unfortunately, Cisco does not belong to this category. Yes, they're aware > > of the problem, there's a PR.. and they've given it quite a low priority. > > Um, which train? No-export works just fine on our Cisco 7513: All trains AFAIR. To be precise, I meant the problems "when you routinely scrub out communities you receive from peers, no-export is not treated specially and is removed too", and "you must configure send-community towards the peer, otherwise your no-export doesn't get there in the first place" (the latter is probably a smaller problem). It's honored, when it exists, all right. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From stuart@tech.org Mon Sep 8 22:15:00 2003 From: stuart@tech.org (Stephen Stuart) Date: Mon, 08 Sep 2003 14:15:00 -0700 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Mon, 08 Sep 2003 10:53:36 +0200." <20030908085336.GA8445@shekinah.ip.tiscali.net> Message-ID: <200309082115.h88LF0oh010802@lo.tech.org> > On Sun, 7 September 2003 15:36:58 -0700, Stephen Stuart wrote: > > > If they din't honor my no-export communities, you bet > > > your life I'd sever links with OT. > > > > ISC's policy for satellite f-root route distribution is that no-export > > may be stripped so that a network peering with a satellite f-root can > > distribute the route in question to its customers. > > Sure, but I am not allowed to do v6 transit for the NYIIX > node. It's v6, you know... v6. PAIX and v6 is coming soon > for us, arguably, but still that policy makes me use the > PAIX F sent to me by fine HE which we meet in NYIIX and > Equi6IX in Ashburn... > > Any chances of this being changed? If you read the page whose URL you elided from your reply: http://www.isc.org/peering/#policy you'll see a sentence in the "Routing Policy" section with the correct email address for use by "Operators which have a requirement to apply policy which is different to the no-export behaviour ..." (actual address left as an exercise for the reader). Stephen From koch@tiscali.net Mon Sep 8 22:29:24 2003 From: koch@tiscali.net (Alexander Koch) Date: Mon, 8 Sep 2003 23:29:24 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309082115.h88LF0oh010802@lo.tech.org> References: <20030908085336.GA8445@shekinah.ip.tiscali.net> <200309082115.h88LF0oh010802@lo.tech.org> Message-ID: <20030908212924.GB14894@shekinah.ip.tiscali.net> On Mon, 8 September 2003 14:15:00 -0700, Stephen Stuart wrote: > If you read the page whose URL you elided from your reply: I read it and discussed it in all detail with Joe, I know the URL. I was hoping to get a more helpful reply with some hints in it as to why/any reasoning, etc. Your reply spoke for itself so let me say sorry for bothering you at all. Alexander -- Alexander Koch / ako4-ripe IP Engineering, Tiscali International Network Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany Phone +49 6103 916 480, Fax +49 6103 916 464 From stuart@tech.org Mon Sep 8 22:48:37 2003 From: stuart@tech.org (Stephen Stuart) Date: Mon, 08 Sep 2003 14:48:37 -0700 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Mon, 08 Sep 2003 23:29:24 +0200." <20030908212924.GB14894@shekinah.ip.tiscali.net> Message-ID: <200309082148.h88Lmboh011024@lo.tech.org> > On Mon, 8 September 2003 14:15:00 -0700, Stephen Stuart wrote: > > If you read the page whose URL you elided from your reply: > > I read it and discussed it in all detail with Joe, I know > the URL. It might have been helpful to mention that, so as not to appear that you didn't bother to read the page. > I was hoping to get a more helpful reply with some > hints in it as to why/any reasoning, etc. It might have been helpful to mention that, so as not to appear that you didn't bother to read the page. > Your reply spoke > for itself so let me say sorry for bothering you at all. If you've read the page and have questions, I'm happy to try to answer them. If you discussed the page in detail with Joe, though, I don't know that I'd be able to supply much in the way of additional information. If you'd like to try to ask some specific questions, though, I'd be happy to try to supply you with specific answers. I'll leave it up to you whether to continue ccing the list or not. Stephen From koch@tiscali.net Mon Sep 8 23:09:09 2003 From: koch@tiscali.net (Alexander Koch) Date: Tue, 9 Sep 2003 00:09:09 +0200 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: <200309082148.h88Lmboh011024@lo.tech.org> References: <20030908212924.GB14894@shekinah.ip.tiscali.net> <200309082148.h88Lmboh011024@lo.tech.org> Message-ID: <20030908220909.GB15175@shekinah.ip.tiscali.net> On Mon, 8 September 2003 14:48:37 -0700, Stephen Stuart wrote: > If you've read the page and have questions, I'm happy to try to answer Ok, why can ppl only do v6 transit (or rather: allowed to carry it, more or less, as transit is difficult to say as too many ppl distribute routes in v6 regardless) for the node in PAIX? After all we are speaking about IPv6, not much traffic or damage there, I think. > them. If you discussed the page in detail with Joe, though, I don't > know that I'd be able to supply much in the way of additional > information. He just said no and mentioned some internal discussion. I'm merely curious as for the reasoning and implications about the various nodes and what is good or bad. I did not want to step on other ppl toes though which I seem to have done. CPU/ query load can't be the issue, it's IPv6 we speak of... Regards, Alexander -- Alexander Koch / ako4-ripe IP Engineering, Tiscali International Network Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany Phone +49 6103 916 480, Fax +49 6103 916 464 From stuart@tech.org Mon Sep 8 23:25:25 2003 From: stuart@tech.org (Stephen Stuart) Date: Mon, 08 Sep 2003 15:25:25 -0700 Subject: [6bone] non-global address space for IXs (was: 2001:478:: as /48) In-Reply-To: Your message of "Tue, 09 Sep 2003 00:09:09 +0200." <20030908220909.GB15175@shekinah.ip.tiscali.net> Message-ID: <200309082225.h88MPPIE011619@lo.tech.org> > On Mon, 8 September 2003 14:48:37 -0700, Stephen Stuart wrote: > > If you've read the page and have questions, I'm happy to try to answer > > Ok, why can ppl only do v6 transit (or rather: allowed to > carry it, more or less, as transit is difficult to say as > too many ppl distribute routes in v6 regardless) for the > node in PAIX? After all we are speaking about IPv6, not much > traffic or damage there, I think. My position in the internal discussion has been that we don't differentiate between IPv4 and IPv6 with respect to policy. While today it is "just IPv6," treating them differently would leave us with disparate policy to unify when the time comes that it's not "just IPv6." My desire is to start clean and keep clean, with one policy and as few reasons for exceptions as possible. > > them. If you discussed the page in detail with Joe, though, I don't > > know that I'd be able to supply much in the way of additional > > information. > > He just said no and mentioned some internal discussion. I'm > merely curious as for the reasoning and implications about > the various nodes and what is good or bad. I did not want to > step on other ppl toes though which I seem to have done. > CPU/ query load can't be the issue, it's IPv6 we speak of... For normal query load, that's certainly the case. When (not if, when) the IPv6-based attack comes, it is still the case that we want to have the brunt of the attack borne by the PAO1/SFO2 cluster, with sinking toward Local Nodes based on the routing policy that we specify. Dealing with disparate routing policies in that situation does not represent (to me, at least) the best operational practice that we can follow. As you say, people are much less discerning regarding IPv6 transit. To me, that's a strong argument in favor of the no-export behavior to increase the chances that I'll get the behavior that I want. As Joe said, though, the internal discussion is still going on. Stephen From Mohsen.Souissi@nic.fr Tue Sep 9 15:57:00 2003 From: Mohsen.Souissi@nic.fr (Mohsen Souissi) Date: Tue, 9 Sep 2003 16:57:00 +0200 Subject: [6bone] ::1 PTR DNS record In-Reply-To: <20030904125242.461D7199D2@starfruit.itojun.org>; from itojun@itojun.org on Thu, Sep 04, 2003 at 09:52:42PM +0900 References: <20030904113551.GA4109@wsx.ksp.sk> <20030904125242.461D7199D2@starfruit.itojun.org> Message-ID: <20030909165700.C2409@kerkenna.nic.fr> On 04 Sep, Jun-ichiro itojun Hagino wrote: | > Hello, | > reverse record for ::1 points to localhost.nic.fr, because there is PTR | > record for ::1 on ns3.nic.fr, which is NS for ip6.int. Please fix. | | as long as "localhost.nic.fr. AAAA ::1" is present i don't see problem. | (but it does not exist...) ==> Thanks Jan and Itojun! The AAAA was indeed missing on nic.fr zone file. Everything must be OK now. Regards, Mohsen. From haesu@towardex.com Tue Sep 9 18:21:33 2003 From: haesu@towardex.com (Haesu) Date: Tue, 9 Sep 2003 13:21:33 -0400 Subject: [6bone] Merit IRRd vs. IPv6 Message-ID: <20030909172133.GA72178@scylla.towardex.com> Hi, Is anyone using the Merit's IRRd to support IPv6 based RPSL objects? I know that RIPEdb does and 6bone is currently using it.. I'd like to know if merit's irrd supports ipv6 as well :) Thanks, -hc -- Sincerely, Haesu C. TowardEX Technologies, Inc. WWW: http://www.towardex.com E-mail: haesu@towardex.com Cell: (978) 394-2867 From wmaton@ryouko.imsb.nrc.ca Tue Sep 9 18:41:46 2003 From: wmaton@ryouko.imsb.nrc.ca (William F. Maton) Date: Tue, 9 Sep 2003 13:41:46 -0400 (EDT) Subject: [6bone] Merit IRRd vs. IPv6 In-Reply-To: <20030909172133.GA72178@scylla.towardex.com> References: <20030909172133.GA72178@scylla.towardex.com> Message-ID: On Tue, 9 Sep 2003, Haesu wrote: > Is anyone using the Merit's IRRd to support IPv6 based RPSL objects? I >know that RIPEdb does and 6bone is currently using it.. I'd like to know >if merit's irrd supports ipv6 as well :) The OttIX IRR is, but it's a pre-release we obtained from the MERIT folks. Drop them a note. So far, seems to work pretty well for us. wfms From rmk@arm.linux.org.uk Wed Sep 10 10:05:52 2003 From: rmk@arm.linux.org.uk (Russell King) Date: Wed, 10 Sep 2003 10:05:52 +0100 Subject: [6bone] Spammers already using 6bone ipv6 addresses? Message-ID: <20030910100552.B17058@flint.arm.linux.org.uk> Hi, It seems that spammers may have started using IPv6 to spread their wares. I've recently had SMTP connection attempts to one of my internal machines (flint.arm.linux.org.uk) from 3ffe:0bc0:8000:0000:8000:0000:d582:a322. The interesting thing about this is that flint.arm.linux.org.uk has never been used as the source of email, but does appear in BitKeeper repositories as the host ID part of someone who commits. (BitKeeper ids contain an object which looks a lot like an email address.) Maybe someone's running an open relay on 6bone ? I'm also copying the person who seems to be the owner of that IPv6 space. -- Russell King (rmk@arm.linux.org.uk) http://www.arm.linux.org.uk/personal/ Linux kernel maintainer of: 2.6 ARM Linux - http://www.arm.linux.org.uk/ 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ 2.6 Serial core From Daniel Austin" Message-ID: <00af01c37781$a48d5c40$1700a8c0@DANDELL> I frequently get spammed from people scanning the 6bone registry... not too many over ipv6 though :S Daniel. ----- Original Message ----- From: "Russell King" To: <6bone@ISI.EDU>; Sent: Wednesday, September 10, 2003 10:05 AM Subject: [6bone] Spammers already using 6bone ipv6 addresses? > Hi, > > It seems that spammers may have started using IPv6 to spread their wares. > I've recently had SMTP connection attempts to one of my internal machines > (flint.arm.linux.org.uk) from 3ffe:0bc0:8000:0000:8000:0000:d582:a322. > > The interesting thing about this is that flint.arm.linux.org.uk has never > been used as the source of email, but does appear in BitKeeper repositories > as the host ID part of someone who commits. (BitKeeper ids contain an > object which looks a lot like an email address.) > > Maybe someone's running an open relay on 6bone ? > > I'm also copying the person who seems to be the owner of that IPv6 space. > > -- > Russell King (rmk@arm.linux.org.uk) http://www.arm.linux.org.uk/personal/ > Linux kernel maintainer of: > 2.6 ARM Linux - http://www.arm.linux.org.uk/ > 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ > 2.6 Serial core > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From jeroen@unfix.org Wed Sep 10 11:53:39 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Wed, 10 Sep 2003 12:53:39 +0200 Subject: [6bone] Spammers already using 6bone ipv6 addresses? In-Reply-To: <20030910100552.B17058@flint.arm.linux.org.uk> Message-ID: <001c01c37789$cbcf9630$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Russell King wrote: > It seems that spammers may have started using IPv6 to spread their wares. > I've recently had SMTP connection attempts to one of my internal machines > (flint.arm.linux.org.uk) from 3ffe:0bc0:8000:0000:8000:0000:d582:a322. But what did they send to you, was it a valid email or was it spam? Headers svp ;) > The interesting thing about this is that flint.arm.linux.org.uk has never > been used as the source of email, but does appear in BitKeeper repositories > as the host ID part of someone who commits. (BitKeeper ids contain an > object which looks a lot like an email address.) And in DNS, see host -t aaaa -l arm.linux.org.uk :) Eeky, 6to4 addresses, why don't you use a TB? Or is it sufficient for what you use it for? > Maybe someone's running an open relay on 6bone ? Most boxes are dual stacked, so if it comes in over IPv4 it could go out over IPv6 ofcourse, check the headers. > I'm also copying the person who seems to be the owner of that > IPv6 space. You should copy viagenie (CC'd) as everybody can register random data into the 6bone at the moment. I have sent a proposal though to start cleaning the mess up in there even though it's only three years untill it gets shut down... ipv6-site: ARKLEY-V6 origin: AS65535 descr: Experimenting with IPv6 country: JP prefix: 3FFE:BC0:8000::/48 ASN 65535 should not be appearing in there anyways... I also wonder why somebody apparently from Japan needs to have a tunnel from Canada while Japan has enough TB's and even native deployments... Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP18CqimqKFIzPnwjEQIhLgCfcBw/WSAt5MDjZzZn02KAYBMWQ0oAn2vY O9qUsPncFv84cscRg3R8CQgY =9GYE -----END PGP SIGNATURE----- From jeroen@unfix.org Wed Sep 10 12:43:15 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Wed, 10 Sep 2003 13:43:15 +0200 Subject: [6bone] Spammers already using 6bone ipv6 addresses? In-Reply-To: <00af01c37781$a48d5c40$1700a8c0@DANDELL> Message-ID: <003001c37790$b92e96a0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Daniel Austin wrote: > I frequently get spammed from people scanning the 6bone > registry... not too many over ipv6 though :S I guess those are the email addresses which are found on web-whois's http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=6bone+whois will reveal quite a lot of those :) In your case: http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=6bone+whois+kewlio I don't think they have any knowledge about what they spam, they just merely spam. I would actually not have much problems if they spammed me with adverts for, say IPv6 books or something but all the trash they are sending now is totally irrelevant :) Yes, I do the Airmiles thing so the Dutch Albert Heijn can send me targetted adverts :) The SixXS Whois page (http://www.sixxs.net/tools/whois/) generates pictures in place of the email addresses and uses some trick(tm) to allow people to still use them normally. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP18OTymqKFIzPnwjEQKfHwCfVuxWy9ZwtV+ffPcxIl5EXbrzdRsAn1P6 viMPYo+JPZHIz0fM7R4ICxPF =fQ3D -----END PGP SIGNATURE----- From rmk@arm.linux.org.uk Wed Sep 10 12:56:57 2003 From: rmk@arm.linux.org.uk (Russell King) Date: Wed, 10 Sep 2003 12:56:57 +0100 Subject: [6bone] Spammers already using 6bone ipv6 addresses? In-Reply-To: <001c01c37789$cbcf9630$210d640a@unfix.org>; from jeroen@unfix.org on Wed, Sep 10, 2003 at 12:53:39PM +0200 References: <20030910100552.B17058@flint.arm.linux.org.uk> <001c01c37789$cbcf9630$210d640a@unfix.org> Message-ID: <20030910125657.B27576@flint.arm.linux.org.uk> On Wed, Sep 10, 2003 at 12:53:39PM +0200, Jeroen Massar wrote: > Russell King wrote: > > It seems that spammers may have started using IPv6 to spread their wares. > > I've recently had SMTP connection attempts to one of my internal machines > > (flint.arm.linux.org.uk) from 3ffe:0bc0:8000:0000:8000:0000:d582:a322. > > But what did they send to you, was it a valid email or was it spam? > Headers svp ;) I have no idea - flint is firewalled off (since it doesn't accept public SMTP connections), and I spotted a load of activity from that IPv6 address. (If it were just one attempt, I'd have ignored it as just some random noise.) My purpose for sending this mail isn't to complain about it - its to make the site admins aware that their MTA might be in use for purposes which they didn't intend. > And in DNS, see host -t aaaa -l arm.linux.org.uk :) > Eeky, 6to4 addresses, why don't you use a TB? > Or is it sufficient for what you use it for? I used to be part of the compendium pTLA until the pTLA was disconnected, so now I'm relegated to using 6to4. 6to4 gives me a stable set of IPv6 addresses (ones which are likely to persist for years) and restores my IPv6 connectivity. Note that I don't particularly want to get into the politics of 6bone vs 6to4 stuff. All I want is stable IPv6 connectivity, and 6to4 seems to give that to me without relying on the politics of many intermediate individuals. > You should copy viagenie (CC'd) as everybody can register > random data into the 6bone at the moment. Thanks. -- Russell King (rmk@arm.linux.org.uk) http://www.arm.linux.org.uk/personal/ Linux kernel maintainer of: 2.6 ARM Linux - http://www.arm.linux.org.uk/ 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ 2.6 Serial core From kim@tac.nyc.ny.us Wed Sep 10 16:56:19 2003 From: kim@tac.nyc.ny.us (Kimmo Suominen) Date: Wed, 10 Sep 2003 11:56:19 -0400 Subject: [6bone] Spammers already using 6bone ipv6 addresses? In-Reply-To: <20030910100552.B17058@flint.arm.linux.org.uk> from Russell King on Wed, 10 Sep 2003 10:05:52 +0100 References: <20030910100552.B17058@flint.arm.linux.org.uk> Message-ID: <20030910155620.021E77E03@beowulf.gw.com> I frequently see MAILER-DAEMON mail trying to come back to my internal systems, using Message-ID's as the recipient address. In other words, someone is sending out spam/viruses using Message-ID's from harvested messages. Then some systems send back "helpful" virus alerts to the sender, or just regular bounces. If the system is IPv6 enabled, and the DNS entry has an AAAA, then delivery for the bounces will be attempted over IPv6 first. So not necessarily a spammer or even a virus infected machine. Cheers, + Kim | From: Russell King | Date: Wed, 10 Sep 2003 10:05:52 +0100 | | Hi, | | It seems that spammers may have started using IPv6 to spread their wares. | I've recently had SMTP connection attempts to one of my internal machines | (flint.arm.linux.org.uk) from 3ffe:0bc0:8000:0000:8000:0000:d582:a322. | | The interesting thing about this is that flint.arm.linux.org.uk has never | been used as the source of email, but does appear in BitKeeper repositories | as the host ID part of someone who commits. (BitKeeper ids contain an | object which looks a lot like an email address.) | | Maybe someone's running an open relay on 6bone ? | | I'm also copying the person who seems to be the owner of that IPv6 space. | | -- | Russell King (rmk@arm.linux.org.uk) http://www.arm.linux.org.uk/personal/ | Linux kernel maintainer of: | 2.6 ARM Linux - http://www.arm.linux.org.uk/ | 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/ | 2.6 Serial core | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone | From jeroen@unfix.org Fri Sep 12 12:57:06 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 12 Sep 2003 13:57:06 +0200 Subject: [6bone] Awareness of breaking RFC3056 with 6to4 more specifics Message-ID: <003101c37924$fd930480$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Hi, Are the ones in the To line aware that you are breaking RFC3056 by announcing 6to4 more specifics? RFC3056 Section 5.2 point 3: 8<------------ 6to4 prefixes more specific than 2002::/16 must not be propagated in native IPv6 routing, to prevent pollution of the IPv6 routing table by elements of the IPv4 routing table. Therefore, a 6to4 site which also has a native IPv6 connection MUST NOT advertise its 2002::/48 routing prefix on that connection, and all native IPv6 network operators MUST filter out and discard any 2002:: routing prefix advertisements longer than /16. - ------------>8 Currently you are announcing, to the rest of the world: http://www.sixxs.net/tools/grh/lg/?find=2002::/16 2002:8c6d:106::/48 8447 1853 786 5623 6939 11537 9264 2002:8c6d:106::/48 12779 3549 6939 11537 9264 2002:8c6d:106::/48 6939 11537 9264 2002:c058:6301::/48 8447 1853 786 2002:c0e7:d405::/48 8447 1853 6680 1103 11537 7570 2002:c0e7:d405::/48 1103 11537 7570 2002:c0e7:d405::/48 12779 3549 6939 11537 7570 2002:c0e7:d405::/48 6939 11537 7570 2002:c8a2::/33 8447 1853 6680 1103 11537 6939 6939 15180 2002:c8a2::/33 12337 12337 12337 6939 6939 15180 2002:c8a2::/33 1103 11537 6939 6939 15180 2002:c8a2::/33 12779 3549 6939 6939 15180 2002:c8a2::/33 6939 6939 15180 2002:c8c6:4000::/34 8447 1853 6680 1103 11537 6939 6939 15180 2002:c8c6:4000::/34 12337 12337 12337 6939 6939 15180 2002:c8c6:4000::/34 1103 11537 6939 6939 15180 2002:c8c6:4000::/34 12779 3549 6939 6939 15180 2002:c8c6:4000::/34 6939 6939 15180 2002:c8ca:7000::/36 8447 1853 6680 1103 11537 6939 6939 15180 2002:c8ca:7000::/36 1103 11537 6939 6939 15180 2002:c8ca:7000::/36 12779 3549 6939 6939 15180 2002:c8ca:7000::/36 6939 6939 15180 Summing them up: 2002:8c6d:106::/48 140.109.1.6/32 AS9264 2002:c058:6301::/48 192.88.99.1/32 AS786 2002:c0e7:d405::/48 192.231.212.5/32 AS7570 2002:c8a2::/33 200.162.0.0/17 AS15180 2002:c8c6:4000::/34 200.198.64.0/18 AS15180 2002:c8ca:7000::/36 200.202.112.0/20 AS15180 NOTEZ BIEN: % Not assigned. Free in Brazilian block: 200.198.64.0/18 Is LACNIC the RIR or is NIC.BR the one? Seeing that a complete IPv4 /9 has been carved up to them and LACNIC doesn't handle anything else? 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable.... And you don't own it either, please read RFC3068 and stop that foolish announcement. In whois.ripe.net this network is documented: route: 192.88.99.0/24 descr: RFC3068-ECIX origin: AS9033 mnt-by: ECIX-MNT mnt-routes: RFC3068-MNT changed: czmok@gatel.de 20030711 source: RIPE remarks: See RFC 3068 remarks: "An Anycast Prefix for 6to4 Relay Routers" remarks: Christian Huitema remarks: June 2001 Feel free to notify your "upstreams" that they should be filtering anything more specific in 2002::/16 and should probably not be announcing cross-RIR prefixes unaggregated. Please read: IPv6 Filter Recommendations by Gert Döring http://www.space.net/~gert/RIPE/ipv6-filters.html Minimal IPv6 Peering by Robert Kießling http://ip6.de.easynet.net/ipv6-minimum-peering.txt Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2G0kSmqKFIzPnwjEQJi4wCgkfxKSBKl/zzvPBGyFTQp3Bjx9CIAoJAO caSxGRfOBcF0VQ1G15QvNjaP =kO2/ -----END PGP SIGNATURE----- From jeroen@unfix.org Fri Sep 12 15:22:23 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 12 Sep 2003 16:22:23 +0200 Subject: [6bone] Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: <1063375492.30895.44.camel@dixon.fizzypop.org> Message-ID: <005301c37939$497384b0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Duncan Rogerson [mailto:d.rogerson@ukerna.ac.uk] wrote: > Jeroen, > > > Are the ones in the To line aware that you are breaking RFC3056 > > by announcing 6to4 more specifics? > > Thanks for bringing this to our (AS786) attention. We are > aware of the RFCs, however were not aware this route was leaking. > Hopefully it is fixed now. It is indeed gone out of the tables collected by GRT. So is another anomaly I reported in private to which was carrying a private ASN in it's ASPath. And so is the one carried from ACO.Net. Thank you all for the quick responses and fixes. Only 5 prefixes to go sourced from 3 ASN's. > (btw, I don't know if it was intended, or if it was a > non-native English speaker problem, but fyi, the tone of your message was pretty > offensive) That was certainly _not_ my intention. Raising awareness in these kind of 'problems', which are not really destructive, goes much better when you don't offend someone and does solve the problems. The reason for CC'ing the several lists is thus also for raising awareness, not for laughing at people in the To: line. I should have bcc'd them. This is a bigger issue as apparently many ISP's don't filter this prefix, which they should according to the RFC. Excuses if I offended anyone unintended. If you can followup in private which wordings you think where offensive I can alter them next time as indeed I am not a native english speaker, though I do try to do my best. Greets, Jeroen ps: cut off everybody except the ml's and bcc'd them now. Which I should have done in the first place actually... -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2HWnymqKFIzPnwjEQKHqACfUihmEs+SuDBXGjfa3hphxb6AhIsAn0MI TooZRIrc6QR3GCOpyxT3o7+A =GtFq -----END PGP SIGNATURE----- From jeroen@unfix.org Fri Sep 12 16:58:39 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 12 Sep 2003 17:58:39 +0200 Subject: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ contacts wanted! Message-ID: <007701c37946$bba4b0b0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Checking 3ffe:1300::/24: http://www.sixxs.net/tools/grh/lg/?find=3ffe:1300::/24 3ffe:1300::/24 2001:1418:1:400::1 12779 6175 762 IGP 3ffe:1300::/24 2001:6f8:800::24 4589 2497 6175 762 IGP 3ffe:1300::/24 2001:890:600:4f0::11 8447 6830 6175 762 IGP 3ffe:1300::/24 2001:780:0:2::6 12337 6175 762 IGP 3ffe:1300::/24 2001:610:25:5062::62 1103 3425 293 6175 762 IGP 3ffe:1300::/24 2001:610:ff:c::2 1888 1103 11537 145 6175 762 IGP 3ffe:1300::/24 2001:14d0:a001::1 15516 3257 2497 6175 762 IGP 3ffe:1300::/24 2001:960::290:6900:1bb:5000 12634 3265 3549 6175 762 IGP 3ffe:1300::/24 2001:9c0:1:1::2:2 12902 12859 3265 3549 6175 762 IGP 3ffe:1300::/24 2001:470:1fff:3::3 6939 109 6175 762 IGP 3ffe:1300::/24 2001:668:0:1:34:49:6900:40 3257 2497 6175 762 IGP 3ffe:1300::/24 2001:7b8::290:6900:1cc6:d800 12859 3265 3549 6175 762 IGP 3ffe:1300::/24 3ffe:4005:fefe:: 25396 1752 12853 10318 unknown 3ffe:1300::/24 2001:6e0::2 8954 10566 10318 unknown 3ffe:1300::/24 2001:838:0:10::1 12871 8954 10566 10318 unknown 3ffe:1300::/24 3ffe:4013:4:2::1 25358 1752 12853 10318 unknown 3ffe:1300::/24 2001:8e0:0:ffff::4 8758 9044 5424 10318 unknown Who has a _working_ contact for 3ffe:1300::/24, AS 762 and AS 10318 ? This prefix has been doubly announced for the last couple of months. And apparently nobody at the above three items have been able to reply with an explaination or any other notice of being alive. imswift@nortelnetworks.com which is in the 6bone db for 3ffe:1300::/24, as the only contact, bounces and seems to not exist at that domain. swillis@wellfleet.com, which is also the only contact for AS762 doesn't respond. AS10318 has proven to be ignorant of any email sent to emails listed in their whois object and have been the possible cause of many ghost routes and other anomalies in the routing tables. At the very least: - 3ffe:1300::/24 whois object should get working contacts - AS762 should update their whois objects. - AS10318 should stop announcing this network Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2HtLimqKFIzPnwjEQLQFQCfTGeYUCfdvxRhOSdc2hKwOebiBN0AoIhC KlhNNfwRa+DTp396EaOlBkGM =33U0 -----END PGP SIGNATURE----- From 6bone@ISI.EDU Fri Sep 12 18:21:04 2003 From: 6bone@ISI.EDU (Richard Welty) Date: Fri, 12 Sep 2003 13:21:04 -0400 (EDT) Subject: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ contacts wanted! In-Reply-To: <007701c37946$bba4b0b0$210d640a@unfix.org> References: <007701c37946$bba4b0b0$210d640a@unfix.org> Message-ID: i forwarded this to a nortel contact of mine. he's not in external routing, but he knows the folks in external routing and has passed it on an appropriate fashion. this appears to be old wellfleet stuff that got orphaned in borg/downsize sequence that nortel went through. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security From tony@lava.net Fri Sep 12 21:15:06 2003 From: tony@lava.net (Antonio Querubin) Date: Fri, 12 Sep 2003 10:15:06 -1000 (HST) Subject: [6bone] Re: Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: <003101c37924$fd930480$210d640a@unfix.org> Message-ID: On Fri, 12 Sep 2003, Jeroen Massar wrote: > 2002:c058:6301::/48 192.88.99.1/32 AS786 > 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable.... > And you don't own it either, please read RFC3068 and stop that > foolish announcement. In whois.ripe.net this network is documented: Whoa there! Just because a block is anycast doesn't mean it's NOT routable. It just means there may be multiple destinations and multiple routes to those destinations. Otherwise what use is it? The RFC has specific information on restrictions for announcement if you do want to provide the service to those outside your AS. From jeroen@unfix.org Fri Sep 12 21:29:18 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Fri, 12 Sep 2003 22:29:18 +0200 Subject: [6bone] RE: Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: Message-ID: <00d401c3796c$8b83ded0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Antonio Querubin [mailto:tony@lava.net] wrote: [cut off long list of people, except ml's] > On Fri, 12 Sep 2003, Jeroen Massar wrote: > > > 2002:c058:6301::/48 192.88.99.1/32 AS786 > > > 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable.... > > And you don't own it either, please read RFC3068 and stop that > > foolish announcement. In whois.ripe.net this network is documented: > > Whoa there! Just because a block is anycast doesn't mean it's NOT > routable. It just means there may be multiple destinations > and multiple routes to those destinations. Otherwise what use is it? It's for making 2002::/16 reachable, not for making the IPv4 version reachable over IPv6 ;) > The RFC has specific information on restrictions for announcement if you > do want to provide the service to those outside your AS. If you where announcing 192.88.99.1/32 you would be right, though announcing a /32 is really dubieus :) They _where_ (it got fixed directly) announcing 2002:c058:6301::/48 which really doesn't make any sense. Or are you implying that anyone can just announce a block out of 192.88.99.0/24 and use it for 6to4? Announcements of 192.88.99.0/24 should also be backed up by the relevant entry in the RIPE (or ARIN/LACNIC/APNIC) databases. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2IsnSmqKFIzPnwjEQIaIgCcDM4CuLIELIht+9Gw0wsayAwXtGEAnAsQ V7X2DfgVLhXsw1MVlMgFuiIa =jun7 -----END PGP SIGNATURE----- From gert@space.net Fri Sep 12 23:40:12 2003 From: gert@space.net (Gert Doering) Date: Sat, 13 Sep 2003 00:40:12 +0200 Subject: [6bone] Re: Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: ; from tony@lava.net on Fri, Sep 12, 2003 at 10:15:06AM -1000 References: <003101c37924$fd930480$210d640a@unfix.org> Message-ID: <20030913004012.F67740@Space.Net> Hi, On Fri, Sep 12, 2003 at 10:15:06AM -1000, Antonio Querubin wrote: > On Fri, 12 Sep 2003, Jeroen Massar wrote: > > > 2002:c058:6301::/48 192.88.99.1/32 AS786 > > > 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable.... > > And you don't own it either, please read RFC3068 and stop that > > foolish announcement. In whois.ripe.net this network is documented: > > Whoa there! Just because a block is anycast doesn't mean it's NOT > routable. Please the section of the RFC about "announcing more specifics of 2002::/16". The anycast IP address is IPv4 and MUST NOT be visible as 6to4 prefix (and besides that it doesn't make any sense). Of course it's appreciated to announce it *in the IPv4 BGP table*. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 56833 (55575) SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299 From alessio@itapac.net Sat Sep 13 19:12:21 2003 From: alessio@itapac.net (Alessio) Date: Sat, 13 Sep 2003 20:12:21 +0200 Subject: [6bone] Whois server on the web Message-ID: <20030913181221.GA21921@itapac.net> Hi, The issue is not *so* technical, but the interface to the whois database on Hexago seems to be higly desynched with the real whois server: a record modified about 1 month ago hasn't yet been updated. I just think it is pointing to a wrong whois database, but I could be wrong. Bye, Alessio From hank@att.net.il Sat Sep 13 20:30:29 2003 From: hank@att.net.il (Hank Nussbacher) Date: Sat, 13 Sep 2003 21:30:29 +0200 Subject: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ contacts wanted! In-Reply-To: <007701c37946$bba4b0b0$210d640a@unfix.org> Message-ID: <5.1.0.14.2.20030913212805.00ab0220@max.att.net.il> At 05:58 PM 12-09-03 +0200, Jeroen Massar wrote: >AS10318 has proven to be ignorant of any email sent to emails listed >in their whois object and have been the possible cause of many ghost routes >and other anomalies in the routing tables. You've tried all of these?: aut-num: AS10318 as-name: Fibertel descr: Fibertel Argentina admin-c: FV298-ARIN tech-c: FV298-ARIN import: from AS13878 accept any export: to AS13878 announce any notify: fvillanustre@diveo.net.ar mnt-by: DIVEO-MNT changed: fvillanustre@diveo.net.ar 20011005 source: LEVEL3 mntner: DIVEO-MNT descr: diveo maint admin-c: FV298-ARIN tech-c: FV298-ARIN upd-to: fvillanustre@diveo.net.ar mnt-nfy: fvillanustre@diveo.net.ar auth: MAIL-FROM fvillanustre@diveo.net.ar auth: MAIL-FROM adm-level3@ipbusiness.net.ar auth: MAIL-FROM tec-level3@ipbusiness.net.ar auth: MAIL-FROM jtoni@diveo.net.br auth: MAIL-FROM abarbieri@diveo.net.br auth: MAIL-FROM aacarvalho@diveo.net.br notify: fvillanustre@diveo.net.ar mnt-by: DIVEO-MNT changed: jtoni@diveo.net.br 20020705 source: LEVEL3 -Hank >At the very least: > - 3ffe:1300::/24 whois object should get working contacts > - AS762 should update their whois objects. > - AS10318 should stop announcing this network > >Greets, > Jeroen > >-----BEGIN PGP SIGNATURE----- >Version: Unfix PGP for Outlook Alpha 13 Int. >Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > >iQA/AwUBP2HtLimqKFIzPnwjEQLQFQCfTGeYUCfdvxRhOSdc2hKwOebiBN0AoIhC >KlhNNfwRa+DTp396EaOlBkGM >=33U0 >-----END PGP SIGNATURE----- > >_______________________________________________ >6bone mailing list >6bone@mailman.isi.edu >http://mailman.isi.edu/mailman/listinfo/6bone From jeroen@unfix.org Sat Sep 13 20:08:47 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sat, 13 Sep 2003 21:08:47 +0200 Subject: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ contacts wanted! In-Reply-To: <5.1.0.14.2.20030913212805.00ab0220@max.att.net.il> Message-ID: <001301c37a2a$762e8080$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Hank Nussbacher [mailto:hank@att.net.il] wrote: > At 05:58 PM 12-09-03 +0200, Jeroen Massar wrote: > > > >AS10318 has proven to be ignorant of any email sent to emails listed > >in their whois object and have been the possible cause of many ghost routes > >and other anomalies in the routing tables. > > You've tried all of these?: Unfortunatly I did and no response over the last couple of months that I tried it. The mail gets delivered btw, just no response. :( Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2NrPimqKFIzPnwjEQKIaACgufwEnlRCzc8ZATjqEqgwigpzdMYAnj6n hHJtdh9FHSKy5wk6eycPBASI =MLu9 -----END PGP SIGNATURE----- From hansolofalcon@worldnet.att.net Sun Sep 14 01:09:06 2003 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Sat, 13 Sep 2003 20:09:06 -0400 Subject: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ contacts wanted! In-Reply-To: <001301c37a2a$762e8080$210d640a@unfix.org> Message-ID: <000001c37a54$6b13b100$0100a8c0@who5> Hello again from Gregg C Levine Regarding your contact troubles. It could be, that they are aware of the problem, and they just don't care. I have seen that happen, with regards to a collection of issues with spam coming from the Far East, in a variety of languages. The ISPs involved, just don't care. You can write to them to complain, but it just keeps coming. Fortunately I've got aggressive spam filters. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) > -----Original Message----- > From: 6bone-admin@mailman.isi.edu [mailto:6bone-admin@mailman.isi.edu] On > Behalf Of Jeroen Massar > Sent: Saturday, September 13, 2003 3:09 PM > To: 'Hank Nussbacher'; 6bone@ISI.EDU > Subject: RE: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ > contacts wanted! > > -----BEGIN PGP SIGNED MESSAGE----- > > Hank Nussbacher [mailto:hank@att.net.il] wrote: > > > At 05:58 PM 12-09-03 +0200, Jeroen Massar wrote: > > > > > > >AS10318 has proven to be ignorant of any email sent to emails listed > > >in their whois object and have been the possible cause of many ghost routes > > >and other anomalies in the routing tables. > > > > You've tried all of these?: > > Unfortunatly I did and no response over the last > couple of months that I tried it. The mail gets > delivered btw, just no response. :( > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA/AwUBP2NrPimqKFIzPnwjEQKIaACgufwEnlRCzc8ZATjqEqgwigpzdMYAnj > 6n > hHJtdh9FHSKy5wk6eycPBASI > =MLu9 > -----END PGP SIGNATURE----- > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From jeroen@unfix.org Sun Sep 14 01:56:06 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 14 Sep 2003 02:56:06 +0200 Subject: [6bone] Whois server on the web In-Reply-To: <20030913181221.GA21921@itapac.net> Message-ID: <002701c37a5a$fafdfae0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Alessio wrote: > The issue is not *so* technical, but the interface to the whois database on > Hexago seems to be higly desynched with the real whois server: > a record modified about 1 month ago hasn't yet been updated. > I just think it is pointing to a wrong whois database, but > I could be wrong. It might be interresting if you could give an example of what you actually tried to whois. Thus handles + servers you tried. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2O8pimqKFIzPnwjEQJ7sgCeMjcOeBD0OF2wABys8xyX6mah7swAnRCL UPHLvZ0Eq5LWiJe3XE198ugt =Gkj4 -----END PGP SIGNATURE----- From tony@lava.net Sun Sep 14 02:35:32 2003 From: tony@lava.net (Antonio Querubin) Date: Sat, 13 Sep 2003 15:35:32 -1000 (HST) Subject: [6bone] RE: Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: <00d401c3796c$8b83ded0$210d640a@unfix.org> Message-ID: On Fri, 12 Sep 2003, Jeroen Massar wrote: > Antonio Querubin [mailto:tony@lava.net] wrote: > > [cut off long list of people, except ml's] > > > On Fri, 12 Sep 2003, Jeroen Massar wrote: > > > > > 2002:c058:6301::/48 192.88.99.1/32 AS786 > > > > > 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable.... > > > And you don't own it either, please read RFC3068 and stop that > > > foolish announcement. In whois.ripe.net this network is documented: > > > > Whoa there! Just because a block is anycast doesn't mean it's NOT > > routable. It just means there may be multiple destinations > > and multiple routes to those destinations. Otherwise what use is it? > > It's for making 2002::/16 reachable, not for making the IPv4 version > reachable over IPv6 ;) Oops. I thought you were advocating that 192.88.99.0 should never be announced. Sorry for the misunderstanding :) From jeroen@unfix.org Sun Sep 14 02:38:51 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 14 Sep 2003 03:38:51 +0200 Subject: [6bone] 3ffe:1300::/24 sourced by both 762 and 10318, _working_ contacts wanted! In-Reply-To: <000001c37a54$6b13b100$0100a8c0@who5> Message-ID: <002d01c37a60$f3c3a440$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Gregg C Levine wrote: > Hello again from Gregg C Levine > Regarding your contact troubles. It could be, that they are aware of > the problem, and they just don't care. I have seen that happen, with > regards to a collection of issues with spam coming from the Far East, > in a variety of languages. The ISPs involved, just don't care. You can > write to them to complain, but it just keeps coming. Fortunately I've > got aggressive spam filters. IMHO if the owner of an ASN is unresponsive that ASN should be revoked from them. AS10318 also has a pTLA and they are also violating the rules under which they where given the pTLA. One way of taking care of this would be eliminating any announcement from this ASN and asking the RIR in question to kindly contact this entity. Spam is a social problem, routing is a global problem. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2PGqimqKFIzPnwjEQLRGwCfR+xEYK5mUw5RMQBgQVa6XNaaKFQAn3Sa 1FhsQUfil9deMjGjle5vkPoa =ZkzO -----END PGP SIGNATURE----- From rain@bluecherry.net Sun Sep 14 03:02:02 2003 From: rain@bluecherry.net (Ben Winslow) Date: Sat, 13 Sep 2003 22:02:02 -0400 Subject: [6bone] Whois server on the web In-Reply-To: <20030913181221.GA21921@itapac.net> References: <20030913181221.GA21921@itapac.net> Message-ID: <1063504922.1697.4.camel@portal.home> --=-BqVdFePeRDZNGCt14/jv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2003-09-13 at 14:12, Alessio wrote: > Hi,=20 > The issue is not *so* technical, but the interface to the whois databas= e on > Hexago seems to be higly desynched with the real whois server: > a record modified about 1 month ago hasn't yet been updated. > I just think it is pointing to a wrong whois database, but I could be w= rong. > Bye, > Alessio FWIW, I updated my person record on whois.6bone.net about a week ago without any problems. --=20 Ben Winslow --=-BqVdFePeRDZNGCt14/jv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Fingerprint: 17F8 0D02 A7DA 7C7F A661 183D 6E2A 04FD 410A 2DCF iQIVAwUAP2PMGW4qBP1BCi3PAQKQ7g/9H922D9EgSPIeteMqzlUgrPWwFKZYNzN6 uukKsUSY34yWuNUforDmmBP3nh25s0nj5oYkoPRCrlzBPyRalvLPs3EqICv6N29n f00YgznUzQl0M2NByAo/AHClZTkDkm6pQ/+A/b5ghGH7MpTEpkQby2gzwIHu0KWl TIXfvNODlBU5gq3VSviY/NJW4ksCDMUBl++Q9ISrW8JeH6/COpl7Afe4kFia2eWP CgmGe51UtWQICfLCMO49y1PCsj1V1bTAwmwDPEywAOUUgaDU3Hsl/vtPU89OPhen NNlB0HhTASCp0cJHBeZM51HC14jU6tV+/8M5RwtHLogFJqoYuGPDMkoA1NTY7eHz +nX2dhfGe/x0Zq8SZ8/S9u4uy/UIJRryE8o+BzFEqZ0AtdVhx5cN1SD23g7qSHES WcclSYxRvNtBaBQxArDO8BcFxleuhr84IbOkwmJhZ9MiOha9gOHWwm8EmjBMoeY0 Ce67muCl6IQXsAKWXMFdKNPfm2b2UrKn8vwSrGCNzoftmBMym88BhJqimCMn9ed4 aeUYe5Jb6qr0JqMmhDQ7zFXSzQfq7E58gYlLW7SxWcMbZKVIpH4+PyTJ9KOhvro5 s/fCYNWboW0D26j1E8COCunlN+hJwYGGKSdeuBKxRu0WNmCGr1LrLDiyU1vPpwXG 1jEYPhEK+7k= =iTzx -----END PGP SIGNATURE----- --=-BqVdFePeRDZNGCt14/jv-- From jeroen@unfix.org Sun Sep 14 09:43:12 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Sun, 14 Sep 2003 10:43:12 +0200 Subject: [6bone] RE: Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: Message-ID: <002001c37a9c$3bbe4d00$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Antonio Querubin wrote: > On Fri, 12 Sep 2003, Jeroen Massar wrote: > > > Antonio Querubin [mailto:tony@lava.net] wrote: > > > > [cut off long list of people, except ml's] > > > > > On Fri, 12 Sep 2003, Jeroen Massar wrote: > > > > > > > 2002:c058:6301::/48 192.88.99.1/32 AS786 > > > > > > > 192.88.99.1/32 is *THE* anycast address, it is *NOT* routable.... > > > > And you don't own it either, please read RFC3068 and stop that > > > > foolish announcement. In whois.ripe.net this network is documented: > > > > > > Whoa there! Just because a block is anycast doesn't mean it's NOT > > > routable. It just means there may be multiple destinations > > > and multiple routes to those destinations. Otherwise what use is it? > > > > It's for making 2002::/16 reachable, not for making the IPv4 version > > reachable over IPv6 ;) > > Oops. I thought you were advocating that 192.88.99.0 should never be > announced. Sorry for the misunderstanding :) Au contraire mon ami :) I would rather see more and more ISP's deploy anycast capable 6to4 relays. They should then at least put the route into their IGP so that clients employing 6to4 have a fast way out. It would also mean that the ISP itself has some IPv6 deployment and could be looking into native connectivity to the rest of the world, both being a good thing. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP2QqHymqKFIzPnwjEQI4BgCeJqWbLHPX1IcaXUeL5qVP/MeCZlEAn2O3 26bfTL2i4mt5w8HSTx+ImodK =I0+Z -----END PGP SIGNATURE----- From pim@ipng.nl Sun Sep 14 13:03:34 2003 From: pim@ipng.nl (Pim van Pelt) Date: Sun, 14 Sep 2003 14:03:34 +0200 Subject: [6bone] RE: Awareness of breaking RFC3056 with 6to4 more specifics In-Reply-To: <002001c37a9c$3bbe4d00$210d640a@unfix.org> References: <002001c37a9c$3bbe4d00$210d640a@unfix.org> Message-ID: <20030914120334.GA5961@bfib.colo.bit.nl> Hi, | I would rather see more and more ISP's deploy anycast capable 6to4 relays. | They should then at least put the route into their IGP so that clients | employing 6to4 have a fast way out. It would also mean that the ISP | itself has some IPv6 deployment and could be looking into native | connectivity to the rest of the world, both being a good thing. Why would you like to see my ISP announcing either 2002::/16 or 192.99.88/24 at all ? You state that you'd like me to put the /24 into my IGP so my customers 'have a fast way out'. This seems like a good idea, but I'm still seeing problems with the 2002::/16 thing, where my ASn will attract all sorts of IPv6 traffic to the prefix, and then sending it back out in IPv4 over transit links. I do not really want to be handling other ASn's IPv4 traffic so I refrain from advertising it alltogether. It has been a topic of debate at the ISP I work for, but we chose not to get involved with 6to4 at all for the moment. It does not seem to perform all that well, at least not last time I checked. groet, Pim -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim@ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From david@iprg.nokia.com Mon Sep 15 21:50:20 2003 From: david@iprg.nokia.com (David Kessens) Date: Mon, 15 Sep 2003 13:50:20 -0700 Subject: [6bone] Whois server on the web In-Reply-To: <20030913181221.GA21921@itapac.net>; from Alessio on Sat, Sep 13, 2003 at 08:12:21PM +0200 References: <20030913181221.GA21921@itapac.net> Message-ID: <20030915135020.C29255@iprg.nokia.com> Alessio, On Sat, Sep 13, 2003 at 08:12:21PM +0200, Alessio wrote: > > The issue is not *so* technical, but the interface to the whois database on > Hexago seems to be higly desynched with the real whois server: > a record modified about 1 month ago hasn't yet been updated. > I just think it is pointing to a wrong whois database, but I could be wrong. Hexago runs a mirrored database. I will ask them to resync their database and/or investigate whether they have some other problem. David K. 6bone database maintainer --- From hansolofalcon@worldnet.att.net Tue Sep 16 02:20:55 2003 From: hansolofalcon@worldnet.att.net (Gregg C Levine) Date: Mon, 15 Sep 2003 21:20:55 -0400 Subject: [6bone] Bounce notices Message-ID: <000501c37bf0$c785ad60$0100a8c0@who5> Hello from Gregg C Levine Has anyone on this list gotten any bounce notices explaining a user, with the e-mail address of, warlock@jk.homeunix.net , and with the MTA address coming from postmaster@exchange.csuchico.edu ? I received on today, it claimed that the person's system wasn't able to successfully connect to the MTA. And before that, a delayed message from the same outfit. The reason behind this question is that it concerns a discussion regarding one of us wanting working contacts. What's funny is that the message attached to both messages, has my e-mail address on it, but I know it came via the list. I wonder if it was re-written by the MTA? I can state that the host for the list is addressed inside the headers. ------------------- Gregg C Levine hansolofalcon@worldnet.att.net ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."  Obi-Wan Kenobi (This company dedicates this E-Mail to General Obi-Wan Kenobi ) (This company dedicates this E-Mail to Master Yoda ) From akarnik@cs.ucf.edu Thu Sep 18 22:46:48 2003 From: akarnik@cs.ucf.edu (akarnik@cs.ucf.edu) Date: Thu, 18 Sep 2003 17:46:48 -0400 Subject: [6bone] looking for current security problems to work on Message-ID: <1063921608.3f6a27c83010e@mail.cs.ucf.edu> Hi everyone, I recently configured my machine and set up a router to support IPv6. I wanted to work on some security related topics with IPv6. Would someone be able to suggest me some ? Regards, Abhishek Karnik ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From jeroen@unfix.org Mon Sep 29 10:06:37 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 29 Sep 2003 11:06:37 +0200 Subject: [6bone] Unallocated 2001:248::/32 announced by AS 7675 ? Message-ID: <00b901c38668$fd8a35c0$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- inet6num: 2001:0200::/23 netname: APNIC-AP-ALLOCATED-PORTABLES1 descr: Asia Pacific Network Information Center, Pty. Ltd. descr: Regional Internet Registry for the Asia-Pacific Region This block is *NOT* allocated unless APNIC registry is out of sync: 2001:248::/32 3257 2497 2500 7660 9264 2012 7675 IGP 2001:248::/32 4589 2497 2500 7660 9264 2012 7675 IGP 2001:248::/32 15516 3257 2497 2500 7660 9264 2012 7675 IGP 2001:248::/32 25396 1752 6939 6939 9264 2012 7675 IGP 2001:248::/32 8954 4555 5609 9264 2012 7675 IGP 2001:248::/32 12337 3320 5609 9264 2012 7675 IGP 2001:248::/32 > 6939 6939 9264 2012 7675 IGP 2001:248::/32 12779 6175 6435 9264 2012 7675 IGP 2001:248::/32 12902 12859 8954 4555 5609 9264 2012 7675 IGP 2001:248::/32 25358 6175 6435 9264 2012 7675 IGP 2001:248::/32 8758 9044 513 9264 9264 2012 7675 IGP 2001:248::/32 12859 8954 4555 5609 9264 2012 7675 IGP 2001:248::/32 1888 1103 3425 293 6435 9264 2012 7675 IGP 2001:248::/32 8447 6830 4555 5609 9264 2012 7675 IGP 2001:248::/32 12634 3265 3549 6939 6939 9264 2012 7675 IGP 2001:248::/32 12871 8954 4555 5609 9264 2012 7675 IGP 2001:248::/32 1103 3425 293 6435 9264 2012 7675 whois -h whois.nic.ad.jp AS7675 reveals no useful informations though: Autonomous System Information: [ASESC$B>pJsESC(B] a. [ASESC$BHV9fESC(B] 7675 b. [ASESC$BL>ESC(B] ZEBRA f. [ESC$BAH?%L>ESC(B] (unknown) g. [Organization] Digital Magic Labs, Inc. m. [ESC$B1?MQ@UG$ References: <00b901c38668$fd8a35c0$210d640a@unfix.org> Message-ID: <20030929115840.F14054@mignon.ki.iif.hu> Dear All, Forwarded your e-mail to Lajos Vonderviszt, who is the technical leader of ELTENET (AS2012). Regards, Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 On Mon, 29 Sep 2003, Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > inet6num: 2001:0200::/23 > netname: APNIC-AP-ALLOCATED-PORTABLES1 > descr: Asia Pacific Network Information Center, Pty. Ltd. > descr: Regional Internet Registry for the Asia-Pacific Region > > This block is *NOT* allocated unless APNIC registry is out of sync: > > 2001:248::/32 3257 2497 2500 7660 9264 2012 7675 IGP > 2001:248::/32 4589 2497 2500 7660 9264 2012 7675 IGP > 2001:248::/32 15516 3257 2497 2500 7660 9264 2012 7675 IGP > 2001:248::/32 25396 1752 6939 6939 9264 2012 7675 IGP > 2001:248::/32 8954 4555 5609 9264 2012 7675 IGP > 2001:248::/32 12337 3320 5609 9264 2012 7675 IGP > 2001:248::/32 > 6939 6939 9264 2012 7675 IGP > 2001:248::/32 12779 6175 6435 9264 2012 7675 IGP > 2001:248::/32 12902 12859 8954 4555 5609 9264 2012 7675 IGP > 2001:248::/32 25358 6175 6435 9264 2012 7675 IGP > 2001:248::/32 8758 9044 513 9264 9264 2012 7675 IGP > 2001:248::/32 12859 8954 4555 5609 9264 2012 7675 IGP > 2001:248::/32 1888 1103 3425 293 6435 9264 2012 7675 IGP > 2001:248::/32 8447 6830 4555 5609 9264 2012 7675 IGP > 2001:248::/32 12634 3265 3549 6939 6939 9264 2012 7675 IGP > 2001:248::/32 12871 8954 4555 5609 9264 2012 7675 IGP > 2001:248::/32 1103 3425 293 6435 9264 2012 7675 > > whois -h whois.nic.ad.jp AS7675 reveals no useful informations though: > > Autonomous System Information: [ASESC$B>pJsESC(B] > a. [ASESC$BHV9fESC(B] 7675 > b. [ASESC$BL>ESC(B] ZEBRA > f. [ESC$BAH?%L>ESC(B] (unknown) > g. [Organization] Digital Magic Labs, Inc. > m. [ESC$B1?MQ@UG$ n. [ESC$B5;=QO"MmC4Ev o. [AS-IN] from AS4691 100 accept ANY > o. [AS-IN] from AS4682 100 accept ANY > o. [AS-IN] from AS7527 100 accept AS7527 > p. [AS-OUT] to AS4691 announce AS7675 > p. [AS-OUT] to AS4682 announce AS7675 > p. [AS-OUT] to AS7527 announce AS7675 > y. [ESC$BDLCN%"%I%l%9ESC(B] > [ESC$B3dEvG/7nF|ESC(B] 1998/04/27 > [ESC$BJV5QG/7nF|ESC(B] > [ESC$B:G=*99?7ESC(B] 1999/06/10 13:50:55 (JST) > ip-alloc@nic.ad.jp > > Anyone having a working contact for this? > > Sole "Upstream" is as2012 which is odd as that is hungary > which is kinda a far away land from japan. > > aut-num: AS2012 > as-name: UNSPECIFIED > descr: ELTENET > descr: Eotvos Lorand University of Sciences > descr: Budapest, Hungary > descr: HU > > First admin/tech contact (LV166-RIPE) doesn't have an email > address, second one cc'd. > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook Alpha 13 Int. > Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ > > iQA+AwUBP3f2HSmqKFIzPnwjEQKqcACfVudDSrYX0IpqciSXeDCsy5LykQwAliH/ > 6Ebw4ECX4VHi7W7+E/UOVj4= > =R9lS > -----END PGP SIGNATURE----- > > > From jeroen@unfix.org Mon Sep 29 11:07:47 2003 From: jeroen@unfix.org (Jeroen Massar) Date: Mon, 29 Sep 2003 12:07:47 +0200 Subject: [6bone] RE: Unallocated 2001:248::/32 announced by AS 7675 ? In-Reply-To: <20030929115840.F14054@mignon.ki.iif.hu> Message-ID: <010c01c38671$88f7bf30$210d640a@unfix.org> -----BEGIN PGP SIGNED MESSAGE----- Mohacsi Janos [mailto:mohacsi@niif.hu] wrote: > Dear All, > Forwarded your e-mail to Lajos Vonderviszt, who is the technical > leader of ELTENET (AS2012). Who is the one without the email address in the RIPE registry: person: Lajos Vonderviszt address: Eotvos Lorand University of Sciences address: Center of Information Technologies address: Muzeum krt. 4/C address: H-1088 Budapest address: Hungary phone: +36 1 2670820 ext. 2842 phone: +36 30 561312 fax-no: +36 1 2668576 nic-hdl: LV166-RIPE changed: gaga@caesar.elte.hu 19971002 source: RIPE If he could update that it would have saved a forward and searching google etc for his email address. Greets, Jeroen > On Mon, 29 Sep 2003, Jeroen Massar wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > inet6num: 2001:0200::/23 > > netname: APNIC-AP-ALLOCATED-PORTABLES1 > > descr: Asia Pacific Network Information Center, Pty. Ltd. > > descr: Regional Internet Registry for the Asia-Pacific Region > > > > This block is *NOT* allocated unless APNIC registry is out of sync: > > > > 2001:248::/32 3257 2497 2500 7660 9264 2012 7675 IGP > > 2001:248::/32 4589 2497 2500 7660 9264 2012 7675 IGP > > 2001:248::/32 15516 3257 2497 2500 7660 9264 2012 7675 IGP > > 2001:248::/32 25396 1752 6939 6939 9264 2012 7675 IGP > > 2001:248::/32 8954 4555 5609 9264 2012 7675 IGP > > 2001:248::/32 12337 3320 5609 9264 2012 7675 IGP > > 2001:248::/32 > 6939 6939 9264 2012 7675 IGP > > 2001:248::/32 12779 6175 6435 9264 2012 7675 IGP > > 2001:248::/32 12902 12859 8954 4555 5609 9264 2012 7675 IGP > > 2001:248::/32 25358 6175 6435 9264 2012 7675 IGP > > 2001:248::/32 8758 9044 513 9264 9264 2012 7675 IGP > > 2001:248::/32 12859 8954 4555 5609 9264 2012 7675 IGP > > 2001:248::/32 1888 1103 3425 293 6435 9264 2012 7675 IGP > > 2001:248::/32 8447 6830 4555 5609 9264 2012 7675 IGP > > 2001:248::/32 12634 3265 3549 6939 6939 9264 2012 7675 IGP > > 2001:248::/32 12871 8954 4555 5609 9264 2012 7675 IGP > > 2001:248::/32 1103 3425 293 6435 9264 2012 7675 > > > > whois -h whois.nic.ad.jp AS7675 reveals no useful > informations though: > > > > Autonomous System Information: [ASESC$B>pJsESC(B] > > a. [ASESC$BHV9fESC(B] 7675 > > b. [ASESC$BL>ESC(B] ZEBRA > > f. [ESC$BAH?%L>ESC(B] (unknown) > > g. [Organization] Digital Magic Labs, Inc. > > m. [ESC$B1?MQ@UG$ > n. [ESC$B5;=QO"MmC4Ev > o. [AS-IN] from AS4691 100 accept ANY > > o. [AS-IN] from AS4682 100 accept ANY > > o. [AS-IN] from AS7527 100 accept AS7527 > > p. [AS-OUT] to AS4691 announce AS7675 > > p. [AS-OUT] to AS4682 announce AS7675 > > p. [AS-OUT] to AS7527 announce AS7675 > > y. [ESC$BDLCN%"%I%l%9ESC(B] > > [ESC$B3dEvG/7nF|ESC(B] 1998/04/27 > > [ESC$BJV5QG/7nF|ESC(B] > > [ESC$B:G=*99?7ESC(B] 1999/06/10 13:50:55 (JST) > > ip-alloc@nic.ad.jp > > > > Anyone having a working contact for this? > > > > Sole "Upstream" is as2012 which is odd as that is hungary > > which is kinda a far away land from japan. > > > > aut-num: AS2012 > > as-name: UNSPECIFIED > > descr: ELTENET > > descr: Eotvos Lorand University of Sciences > > descr: Budapest, Hungary > > descr: HU > > > > First admin/tech contact (LV166-RIPE) doesn't have an email > > address, second one cc'd. > > > > Greets, > > Jeroen > > > > -----BEGIN PGP SIGNATURE----- > > Version: Unfix PGP for Outlook Alpha 13 Int. > > Comment: Jeroen Massar / jeroen@unfix.org / > http://unfix.org/~jeroen/ > > > > > iQA+AwUBP3f2HSmqKFIzPnwjEQKqcACfVudDSrYX0IpqciSXeDCsy5LykQwAliH/ > > 6Ebw4ECX4VHi7W7+E/UOVj4= > > =R9lS > > -----END PGP SIGNATURE----- > > > > > > > -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP3gEaymqKFIzPnwjEQIb0gCglAu5jg1IUy/5JDanOCJFnm/1vIEAn21E LqFSsWfyzAdhlhHdhdFckUkX =KCPf -----END PGP SIGNATURE----- From rrockell@sprint.net Tue Sep 30 16:43:52 2003 From: rrockell@sprint.net (Robert J. Rockell) Date: Tue, 30 Sep 2003 11:43:52 -0400 (EDT) Subject: [6bone] baltimore/DC maintenance in Sprint's IPV6 network Message-ID: Starting this afternoon. Total outage duration: Approx 1 hour. No other nodes are affected, and this applies only to those tunnelled IPv6 customers who home to sl-bb1v6-rly.sprintlink.net thanks. sorry for spam. Thanks Rob Rockell SprintLink (+1) 703-689-6322 It's just a little pin prick... -----------------------------------------------------------------------