From ple at graduate.kmitl.ac.th Wed Jun 1 20:08:57 2005 From: ple at graduate.kmitl.ac.th (Warodom Werapun) Date: Wed Jun 1 20:10:13 2005 Subject: [6bone] unscribe Message-ID: <429E7849.5030804@graduate.kmitl.ac.th> unscribe -- Warodom From hansolofalcon at worldnet.att.net Wed Jun 1 20:36:06 2005 From: hansolofalcon at worldnet.att.net (Gregg C Levine) Date: Wed Jun 1 20:36:04 2005 Subject: [6bone] unscribe In-Reply-To: <429E7849.5030804@graduate.kmitl.ac.th> Message-ID: <000701c56724$36ccc440$6401a8c0@who7> Hello from Gregg C Levine Hmm? You actually want to leave us? Please examine the signature supplied by the list for doing that. -------- Gregg C Levine hansolofalcon@worldnet.att.net --- "Remember the Force will be with you... Always." Obi-Wan Kenobi > -----Original Message----- > From: 6bone-bounces@mailman.isi.edu [mailto:6bone-bounces@mailman.isi.edu] > On Behalf Of Warodom Werapun > Sent: Wednesday, June 01, 2005 11:09 PM > To: 6Bone > Subject: [6bone] unscribe > > unscribe > > -- > Warodom > > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From old_mc_donald at hotmail.com Thu Jun 2 04:46:58 2005 From: old_mc_donald at hotmail.com (Gav) Date: Thu Jun 2 04:48:04 2005 Subject: [6bone] unscribe References: <000701c56724$36ccc440$6401a8c0@who7> Message-ID: Well , I guess the list has been a bit quiet of late. Why do you think this is, has the list fulfilled it's usefulness now that there are no new allocations to be given out? It was (is) a very useful list in terms of help required for the setting up of new allocations, now that this is no longer the case, is there another reason why the 6bone list still exists? Can this list be transformed into another list more useful? Gav... | Hello from Gregg C Levine | Hmm? You actually want to leave us? Please examine the signature | supplied by the list for doing that. | -------- | Gregg C Levine hansolofalcon@worldnet.att.net | --- | "Remember the Force will be with you... Always." Obi-Wan Kenobi | | > -----Original Message----- | > From: 6bone-bounces@mailman.isi.edu | [mailto:6bone-bounces@mailman.isi.edu] | > On Behalf Of Warodom Werapun | > Sent: Wednesday, June 01, 2005 11:09 PM | > To: 6Bone | > Subject: [6bone] unscribe | > | > unscribe | > | > -- | > Warodom | > | > | > _______________________________________________ | > 6bone mailing list | > 6bone@mailman.isi.edu | > http://mailman.isi.edu/mailman/listinfo/6bone | | _______________________________________________ | 6bone mailing list | 6bone@mailman.isi.edu | http://mailman.isi.edu/mailman/listinfo/6bone | From mohacsi at niif.hu Thu Jun 2 06:07:16 2005 From: mohacsi at niif.hu (Mohacsi Janos) Date: Thu Jun 2 06:08:18 2005 Subject: [6bone] unscribe In-Reply-To: References: <000701c56724$36ccc440$6401a8c0@who7> Message-ID: <20050602145859.J96010@mignon.ki.iif.hu> On Thu, 2 Jun 2005, Gav wrote: > Well , I guess the list has been a bit quiet of late. > > Why do you think this is, has the list fulfilled it's usefulness > now that there are no new allocations to be given out? > > It was (is) a very useful list in terms of help required for > the setting up of new allocations, now that this is no longer > the case, is there another reason why the 6bone list still > exists? > > Can this list be transformed into another list more useful? I think there can be some issues of 6bone allocations (hijack of address space, ghost routes or other operational issues) that can be discussed on the 6bone mailing lists. I think if you are interested in some other mailing lists exists: IPv6 users: http://www.ipv6.org/mailing-lists.html Forum of IPv6 network operators: http://lists.cluenet.de/mailman/listinfo/ipv6-ops Regards, Janos Mohacsi > > Gav... > > > | Hello from Gregg C Levine > | Hmm? You actually want to leave us? Please examine the signature > | supplied by the list for doing that. > | -------- > | Gregg C Levine hansolofalcon@worldnet.att.net > | --- > | "Remember the Force will be with you... Always." Obi-Wan Kenobi > | > | > -----Original Message----- > | > From: 6bone-bounces@mailman.isi.edu > | [mailto:6bone-bounces@mailman.isi.edu] > | > On Behalf Of Warodom Werapun > | > Sent: Wednesday, June 01, 2005 11:09 PM > | > To: 6Bone > | > Subject: [6bone] unscribe > | > > | > unscribe > | > > | > -- > | > Warodom > | > > | > > | > _______________________________________________ > | > 6bone mailing list > | > 6bone@mailman.isi.edu > | > http://mailman.isi.edu/mailman/listinfo/6bone > | > | _______________________________________________ > | 6bone mailing list > | 6bone@mailman.isi.edu > | http://mailman.isi.edu/mailman/listinfo/6bone > | > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone > From join at uni-muenster.de Tue Jun 7 00:10:16 2005 From: join at uni-muenster.de (Christian Schild) Date: Tue Jun 7 00:11:18 2005 Subject: [6bone] AS1275 / 3ffe:400::/24 going offline Message-ID: <1118128216.31317.380.camel@lemy.ipv6.uni-muenster.de> Dear all, today on 07.06.05, after nearly ten years of service, we disabled the 6bone POP in Germany. The JOIN project will fall apart in a few weeks and we decided to stop this service in time and way before the final end of 6bone. While we still had about >60 users at the end, we believe that there is little need for a 6bone POP. Luckily, todays production network is quite sophisticated and much much more reliable than 6bone. The 6bone is rather harmful for the acceptance of IPv6. as it _is_ a test network and global IPv6 routing often happens in the production _and_ the 6bone network at the same time. So we believe it is a good thing to remove 6bone as fast as possible to make IPv6 routing more robust and to give IPv6 a more positive perception. All, if you still peer with AS1275, please de-configure that peering. All, prefix 3ffe:400::/24 should vanish from the global routing table. If not, feel free to filter it. So long, Christian -- JOIN - IPv6 reference center Christian Schild A WWU project Westfaelische Wilhelms-Universitaet Muenster http://www.join.uni-muenster.de Zentrum fuer Informationsverarbeitung Team: join@uni-muenster.de Roentgenstrasse 9-13 Priv: schild@uni-muenster.de D-48149 Muenster / Germany GPG-/PGP-Key-ID: 6EBFA081 Fon: +49 251 83 31638, fax: +49 251 83 31653 From Michael.Sturtz at PACCAR.com Fri Jun 10 18:40:39 2005 From: Michael.Sturtz at PACCAR.com (Michael Sturtz) Date: Fri Jun 10 18:41:32 2005 Subject: [6bone] Network Address translation question Message-ID: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> I understand that the RFC 1918 address equivalent IPv6 addresses are called "Site-local" addresses and are FEC0::/48. I do not see any provision in the IPV6 standards for the equivalent of NAT. Is it safe to assume that if you only have a FEC0::/48 address space you cannot address other IPv6 hosts on the general internet? With IPv4 you can use NAT / PAT to translate a single valid IPv4 address into an entire internal network space. I don't see this as an option in IPv6 is this correct? Thanks, Michael Sturtz From raeburn at MIT.EDU Fri Jun 10 19:16:19 2005 From: raeburn at MIT.EDU (Ken Raeburn) Date: Fri Jun 10 19:17:28 2005 Subject: [6bone] Network Address translation question In-Reply-To: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> Message-ID: On Jun 10, 2005, at 21:40, Michael Sturtz wrote: > I understand that the RFC 1918 address equivalent IPv6 addresses are > called "Site-local" addresses and are FEC0::/48. That was the original plan. After various objections to them, site-local addresses are on their way out, though I think a better solution to the problem is in the works. > I do not see any > provision in the IPV6 standards for the equivalent of NAT. Is it safe > to assume that if you only have a FEC0::/48 address space you cannot > address other IPv6 hosts on the general internet? With IPv4 you can > use > NAT / PAT to translate a single valid IPv4 address into an entire > internal network space. I don't see this as an option in IPv6 is this > correct? Thanks, > Michael Sturtz I think the general plan was that if you're giving out addresses, usually you should give out at least a /64, which will let the customer connect a bunch of devices (and/or use the autoconfiguration privacy extensions, etc). Will the ISPs do it that way for cable/dialup customers? I don't know. No ISP near me is doing IPv6 now, you could probably find out in archives of other lists I don't read... If you do have an IPv4 address handy to use, though, you might look into the 6to4 transition mechanism. Given an IPv4 address 1.2.3.4, you get 2002:0102:0304::/48 to play around with. Some sites may not be able to route back to you, though. Ken From raeburn at MIT.EDU Fri Jun 10 22:24:29 2005 From: raeburn at MIT.EDU (Ken Raeburn) Date: Fri Jun 10 22:26:26 2005 Subject: [6bone] Network Address translation question In-Reply-To: References: Message-ID: On Jun 10, 2005, at 23:06, Antonio Querubin wrote: > On Fri, 10 Jun 2005, Ken Raeburn wrote: > >> I think the general plan was that if you're giving out addresses, >> usually you should give out at least a /64, which will let the >> customer > > Actually the IAB/IESG general recommendation is to give out a /48. See > RFC 3177. Doesn't make sense to give out anything smaller since you > can > get at least that much using 6to4. Was it? I must've remembered wrong, I thought cable providers etc were likely to give the /64s. Thanks for the correction. Ken From jordi.palet at consulintel.es Fri Jun 10 23:31:41 2005 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Fri Jun 10 23:32:29 2005 Subject: [6bone] Network Address translation question In-Reply-To: Message-ID: This may be useful for the /48 thing: http://www.ipv6tf.org/news/newsroom.php?id=604 For the NAT with IPv6: ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-v6ops-nap-00.tx t Regards, Jordi > De: Ken Raeburn > Responder a: <6bone-bounces@mailman.isi.edu> > Fecha: Sat, 11 Jun 2005 01:24:29 -0400 > Para: Antonio Querubin > CC: Michael Sturtz , "6bone@mailman.isi.edu" > <6bone@mailman.isi.edu> > Asunto: Re: [6bone] Network Address translation question > > On Jun 10, 2005, at 23:06, Antonio Querubin wrote: >> On Fri, 10 Jun 2005, Ken Raeburn wrote: >> >>> I think the general plan was that if you're giving out addresses, >>> usually you should give out at least a /64, which will let the >>> customer >> >> Actually the IAB/IESG general recommendation is to give out a /48. See >> RFC 3177. Doesn't make sense to give out anything smaller since you >> can >> get at least that much using 6to4. > > Was it? I must've remembered wrong, I thought cable providers etc were > likely to give the /64s. Thanks for the correction. > > Ken > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone ************************************ Barcelona 2005 Global IPv6 Summit Registration open. Information available at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. From mohacsi at niif.hu Mon Jun 13 01:08:37 2005 From: mohacsi at niif.hu (Mohacsi Janos) Date: Mon Jun 13 01:09:32 2005 Subject: [6bone] Network Address translation question In-Reply-To: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> Message-ID: <20050613095939.X22895@mignon.ki.iif.hu> On Fri, 10 Jun 2005, Michael Sturtz wrote: > I understand that the RFC 1918 address equivalent IPv6 addresses are > called "Site-local" addresses and are FEC0::/48. The site-local address was deprecated because of unclear notion of what is site. A new type local address can be used: ULA - Unique Local Addresses - http://www.ietf.org/internet-drafts/draft-ietf-ipv6-unique-local-addr-09.txt > I do not see any > provision in the IPV6 standards for the equivalent of NAT. Is it safe > to assume that if you only have a FEC0::/48 address space you cannot > address other IPv6 hosts on the general internet? With IPv4 you can use > NAT / PAT to translate a single valid IPv4 address into an entire > internal network space. I don't see this as an option in IPv6 is this > correct? Why do you need this? What purpose? Take a look at the Network Architecture protection draft at: http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-00.txt Regards, Janos Mohacsi Network Engineer NIIF/HUNGARNET From tjc at ecs.soton.ac.uk Mon Jun 13 02:09:37 2005 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Mon Jun 13 02:10:34 2005 Subject: [6bone] Network Address translation question In-Reply-To: <20050613095939.X22895@mignon.ki.iif.hu> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> Message-ID: <20050613090937.GF945@login.ecs.soton.ac.uk> On Mon, Jun 13, 2005 at 10:08:37AM +0200, Mohacsi Janos wrote: > > The site-local address was deprecated because of unclear notion of what is > site. A new type local address can be used: ULA - > Unique Local Addresses - > http://www.ietf.org/internet-drafts/draft-ietf-ipv6-unique-local-addr-09.txt Well, more to do with the ambiguity of the addresses (non-uniqueness). The two new ULA drafts offer menthods to guarantee or near guarantee that property. They don't resolve the address leakage issue though. > Why do you need this? What purpose? Take a look at the Network > Architecture protection draft at: > http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-00.txt With IPv6, you can run ULAs and globals side by side, if you wish, though this hasn't exactly been widely tested as yet, as far as I'm aware. -- Tim/::1 From iljitsch at muada.com Mon Jun 13 02:47:24 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Mon Jun 13 02:48:32 2005 Subject: [6bone] Network Address translation question In-Reply-To: <20050613090937.GF945@login.ecs.soton.ac.uk> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> Message-ID: <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> On 13-jun-2005, at 11:09, Tim Chown wrote: > With IPv6, you can run ULAs and globals side by side, if you wish, > though > this hasn't exactly been widely tested as yet, as far as I'm aware. The trouble is that there is no clear way to force the use of internal addresses for internal stuff and external addresses for external stuff. From tjc at ecs.soton.ac.uk Mon Jun 13 03:29:11 2005 From: tjc at ecs.soton.ac.uk (Tim Chown) Date: Mon Jun 13 03:30:35 2005 Subject: [6bone] Network Address translation question In-Reply-To: <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> Message-ID: <20050613102911.GK945@login.ecs.soton.ac.uk> On Mon, Jun 13, 2005 at 11:47:24AM +0200, Iljitsch van Beijnum wrote: > On 13-jun-2005, at 11:09, Tim Chown wrote: > > >With IPv6, you can run ULAs and globals side by side, if you wish, > >though > >this hasn't exactly been widely tested as yet, as far as I'm aware. > > The trouble is that there is no clear way to force the use of > internal addresses for internal stuff and external addresses for > external stuff. Well, unless you trust address selection to use ULAs for internal comms and globals for external comms. But it can't be forced, I agree, and the two-faced DNS isn't pleasant. -- Tim/::1 From mohacsi at niif.hu Mon Jun 13 05:18:27 2005 From: mohacsi at niif.hu (Mohacsi Janos) Date: Mon Jun 13 05:19:35 2005 Subject: [6bone] Network Address translation question In-Reply-To: <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> Message-ID: <20050613141604.O22895@mignon.ki.iif.hu> On Mon, 13 Jun 2005, Iljitsch van Beijnum wrote: > On 13-jun-2005, at 11:09, Tim Chown wrote: > >> With IPv6, you can run ULAs and globals side by side, if you wish, though >> this hasn't exactly been widely tested as yet, as far as I'm aware. > > The trouble is that there is no clear way to force the use of internal > addresses for internal stuff and external addresses for external stuff. This is easier, if you setup RFC3484 style address selection. You give higher priority to your local addresses. Regards, Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 From frlinux at frlinux.net Wed Jun 15 05:46:35 2005 From: frlinux at frlinux.net (FRLinux) Date: Wed Jun 15 05:47:37 2005 Subject: [6bone] cisco ipv6 slow perfs In-Reply-To: <1117438659.31317.85.camel@lemy.ipv6.uni-muenster.de> References: <45423.134.226.32.57.1117034145.squirrel@webmail.frlinux.net> <20050526175113.GD73687@scylla.towardex.com> <4297D55E.2050806@mrp.net> <1117438659.31317.85.camel@lemy.ipv6.uni-muenster.de> Message-ID: <63566.160.6.1.47.1118839595.squirrel@webmail.frlinux.net> On Mon, May 30, 2005 8:37 am, Christian Schild said: > Actually, my IPv6 traceroute is faster than IPv4. Hello, Just to close on the subject, i applied today a new IOS image and it fixed the ipv6 issues. Faulty image : 12.3(12b) New image : 12.3(15) This is again on a 7204VXR box. Thanks to all the people who helped me out on this, Steph -- Mail sent under Debian GNU/Linux http://frlinux.net - Site d'aide a Linux en Francais http://frlinux.net/files/frlinux_public_key.asc From Stig.Venaas at uninett.no Wed Jun 22 05:36:02 2005 From: Stig.Venaas at uninett.no (Stig Venaas) Date: Wed Jun 22 05:37:14 2005 Subject: [6bone] Network Address translation question In-Reply-To: <20050613141604.O22895@mignon.ki.iif.hu> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> <20050613141604.O22895@mignon.ki.iif.hu> Message-ID: <20050622123602.GG11867@storhaugen.uninett.no> On Mon, Jun 13, 2005 at 02:18:27PM +0200, Mohacsi Janos wrote: > > > > > On Mon, 13 Jun 2005, Iljitsch van Beijnum wrote: > > >On 13-jun-2005, at 11:09, Tim Chown wrote: > > > >>With IPv6, you can run ULAs and globals side by side, if you wish, though > >>this hasn't exactly been widely tested as yet, as far as I'm aware. > > > >The trouble is that there is no clear way to force the use of internal > >addresses for internal stuff and external addresses for external stuff. > > > This is easier, if you setup RFC3484 style address selection. You give > higher priority to your local addresses. I also think that for multicast you would by default end up using longest matching prefix (rule 8 in 3484) which leads to ULA being preferred to other global addresses. And due to RPF the multicast packets would never leave the site. One should probably also define labels so that ULA is used as source for multicast scope <= 5 or <= 8 while global for others. Or simply never use ULA as source for multicast. I'm wondering a bit how many systems support full 3484 allowing you to modify the policy table. Another issue is how a manager can configure this on hosts. One option is DHCP as proposed in draft-fujisaki-dhc-addr-select-opt-00.txt Stig > > Regards, > > Janos Mohacsi > Network Engineer, Research Associate > NIIF/HUNGARNET, HUNGARY > Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 > > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From mohacsi at niif.hu Wed Jun 22 05:51:57 2005 From: mohacsi at niif.hu (Mohacsi Janos) Date: Wed Jun 22 05:52:57 2005 Subject: [6bone] Network Address translation question In-Reply-To: <20050622123602.GG11867@storhaugen.uninett.no> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> <20050613141604.O22895@mignon.ki.iif.hu> <20050622123602.GG11867@storhaugen.uninett.no> Message-ID: <20050622143830.W54112@mignon.ki.iif.hu> On Wed, 22 Jun 2005, Stig Venaas wrote: > On Mon, Jun 13, 2005 at 02:18:27PM +0200, Mohacsi Janos wrote: >> >> >> >> >> On Mon, 13 Jun 2005, Iljitsch van Beijnum wrote: >> >>> On 13-jun-2005, at 11:09, Tim Chown wrote: >>> >>>> With IPv6, you can run ULAs and globals side by side, if you wish, though >>>> this hasn't exactly been widely tested as yet, as far as I'm aware. >>> >>> The trouble is that there is no clear way to force the use of internal >>> addresses for internal stuff and external addresses for external stuff. >> >> >> This is easier, if you setup RFC3484 style address selection. You give >> higher priority to your local addresses. > > I also think that for multicast you would by default end up using > longest matching prefix (rule 8 in 3484) which leads to ULA being > preferred to other global addresses. And due to RPF the multicast > packets would never leave the site. > Ooops this can be a problem. > One should probably also define labels so that ULA is used as > source for multicast scope <= 5 or <= 8 while global for others. Or > simply never use ULA as source for multicast. The 5 or 8 seems to be artifical... More general solutions would be nice... > > I'm wondering a bit how many systems support full 3484 allowing you > to modify the policy table. Another issue is how a manager can > configure this on hosts. One option is DHCP as proposed in > draft-fujisaki-dhc-addr-select-opt-00.txt I think pretty large number of hosts potentially can support RFC3484. Windows XP/2003 fully supports it. All *BSD systems also fully supports it. There is some kind of preliminary support in Linux.... I was thinking of having something similar - I will look at the draft of fujisaki. Regards, Janos Mohacsi From iljitsch at muada.com Thu Jun 23 05:43:57 2005 From: iljitsch at muada.com (Iljitsch van Beijnum) Date: Thu Jun 23 05:45:02 2005 Subject: [6bone] Network Address translation question In-Reply-To: <20050622143830.W54112@mignon.ki.iif.hu> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> <20050613141604.O22895@mignon.ki.iif.hu> <20050622123602.GG11867@storhaugen.uninett.no> <20050622143830.W54112@mignon.ki.iif.hu> Message-ID: <1168A274-575A-44CC-B612-793CAF57D479@muada.com> On 22-jun-2005, at 14:51, Mohacsi Janos wrote: >>>> The trouble is that there is no clear way to force the use of >>>> internal >>>> addresses for internal stuff and external addresses for external >>>> stuff. >>> This is easier, if you setup RFC3484 style address selection. You >>> give >>> higher priority to your local addresses. I'm not sure how you envision this. My understanding was that the address with the longest matching prefix would be used. So when I connect to my server which has both a 2001:: and a 3ffe:: address (sequoia.muada.com for those of you who want to try) my system at home with a 2001:: address would use the 2001:: address. However, that's not what happens. MacOS 10.4: % telnet sequoia Trying 3ffe:2500:310:2::1... FreeBSD 4.9: # telnet sequoia Trying 3ffe:2500:310:2::1... Red Hat 9 Linux: # telnet sequoia Trying 3ffe:2500:310:2::1... (Well, acutally they pick an address non-deterministically.) Windows XP was the only one that used the 2001:: address each time. (But this could be because of DNS caching, no way to tell except for rebooting more times than I care to do right now.) But that's not the real problem. The real problem is that always choosing the same address is a bad thing: that way, applications that don't cycle the address list themselves can easily get stuck retrying a non-working address and ignoring a working alternative. (And this would also require two-faced DNS all over the place as you'd try to connect to other people's unique site locals otherwise.) The bottom line is that there is no way to do the right thing with only a priori information. You need at least _some_ measurement info to make reasonable decisions. > I think pretty large number of hosts potentially can support RFC3484. > Windows XP/2003 fully supports it. All *BSD systems also fully > supports it. So how do I install a policy? From Stig.Venaas at uninett.no Thu Jun 23 06:42:51 2005 From: Stig.Venaas at uninett.no (Stig Venaas) Date: Thu Jun 23 06:43:00 2005 Subject: [6bone] Network Address translation question In-Reply-To: <1168A274-575A-44CC-B612-793CAF57D479@muada.com> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> <20050613141604.O22895@mignon.ki.iif.hu> <20050622123602.GG11867@storhaugen.uninett.no> <20050622143830.W54112@mignon.ki.iif.hu> <1168A274-575A-44CC-B612-793CAF57D479@muada.com> Message-ID: <20050623134251.GB17928@storhaugen.uninett.no> On Thu, Jun 23, 2005 at 02:43:57PM +0200, Iljitsch van Beijnum wrote: > On 22-jun-2005, at 14:51, Mohacsi Janos wrote: > > >>>>The trouble is that there is no clear way to force the use of > >>>>internal > >>>>addresses for internal stuff and external addresses for external > >>>>stuff. > > >>>This is easier, if you setup RFC3484 style address selection. You > >>>give > >>>higher priority to your local addresses. > > I'm not sure how you envision this. My understanding was that the > address with the longest matching prefix would be used. So when I Yes, as I understand dest. addr. sel. rule 9 it should have prefered 2001. More below > connect to my server which has both a 2001:: and a 3ffe:: address > (sequoia.muada.com for those of you who want to try) my system at > home with a 2001:: address would use the 2001:: address. However, > that's not what happens. > > MacOS 10.4: > > % telnet sequoia > Trying 3ffe:2500:310:2::1... > > FreeBSD 4.9: > > # telnet sequoia > Trying 3ffe:2500:310:2::1... > > Red Hat 9 Linux: > > # telnet sequoia > Trying 3ffe:2500:310:2::1... > > (Well, acutally they pick an address non-deterministically.) > > Windows XP was the only one that used the 2001:: address each time. > (But this could be because of DNS caching, no way to tell except for > rebooting more times than I care to do right now.) I think XP might be the only with the complete implementation of 3484. I've heard that others have source address selection according to 3484, but not so sure they have implemented destination address selection which of course requires changes in getaddrinfo() implementation. > But that's not the real problem. The real problem is that always > choosing the same address is a bad thing: that way, applications that > don't cycle the address list themselves can easily get stuck retrying > a non-working address and ignoring a working alternative. Well, I would say it's another reason why applications should, or even must, cycle addresses. > (And this would also require two-faced DNS all over the place as > you'd try to connect to other people's unique site locals otherwise.) But you can make it work by installing some policy. I believe 3484 may need to be updated with a different standard policy to cope with ULAs properly. This is one example. The other I mentioned is with multicast. > The bottom line is that there is no way to do the right thing with > only a priori information. You need at least _some_ measurement info > to make reasonable decisions. > > >I think pretty large number of hosts potentially can support RFC3484. > >Windows XP/2003 fully supports it. All *BSD systems also fully > >supports it. > > So how do I install a policy? No idea. Don't know if any implementations allow it, and how is implementation dependent. Would be quite interesting to know how much of 3484 is implemented in different systems, and also how to change policy if possible. The most likely to have a way of installing policy is perhaps XP. Stig > _______________________________________________ > 6bone mailing list > 6bone@mailman.isi.edu > http://mailman.isi.edu/mailman/listinfo/6bone From mohacsi at niif.hu Thu Jun 23 07:15:35 2005 From: mohacsi at niif.hu (Mohacsi Janos) Date: Thu Jun 23 07:16:09 2005 Subject: [6bone] Network Address translation question In-Reply-To: <1168A274-575A-44CC-B612-793CAF57D479@muada.com> References: <9E312C89A3CDA944A16F181F5635B1E8035425D6@ITDRENMXM1.na.paccar.com> <20050613095939.X22895@mignon.ki.iif.hu> <20050613090937.GF945@login.ecs.soton.ac.uk> <0123B5C2-5FEB-4F6B-9764-D748E8108C70@muada.com> <20050613141604.O22895@mignon.ki.iif.hu> <20050622123602.GG11867@storhaugen.uninett.no> <20050622143830.W54112@mignon.ki.iif.hu> <1168A274-575A-44CC-B612-793CAF57D479@muada.com> Message-ID: <20050623150125.G54112@mignon.ki.iif.hu> Hi, On Thu, 23 Jun 2005, Iljitsch van Beijnum wrote: > On 22-jun-2005, at 14:51, Mohacsi Janos wrote: > >>>>> The trouble is that there is no clear way to force the use of internal >>>>> addresses for internal stuff and external addresses for external stuff. > >>>> This is easier, if you setup RFC3484 style address selection. You give >>>> higher priority to your local addresses. > > I'm not sure how you envision this. My understanding was that the address > with the longest matching prefix would be used. So when I connect to my > server which has both a 2001:: and a 3ffe:: address (sequoia.muada.com for > those of you who want to try) my system at home with a 2001:: address would > use the 2001:: address. However, that's not what happens. > > MacOS 10.4: > > % telnet sequoia > Trying 3ffe:2500:310:2::1... > > FreeBSD 4.9: > > # telnet sequoia > Trying 3ffe:2500:310:2::1... > > Red Hat 9 Linux: > > # telnet sequoia > Trying 3ffe:2500:310:2::1... > > (Well, acutally they pick an address non-deterministically.) > > Windows XP was the only one that used the 2001:: address each time. (But this > could be because of DNS caching, no way to tell except for rebooting more > times than I care to do right now.) > > But that's not the real problem. The real problem is that always choosing the > same address is a bad thing: that way, applications that don't cycle the > address list themselves can easily get stuck retrying a non-working address > and ignoring a working alternative. > > (And this would also require two-faced DNS all over the place as you'd try to > connect to other people's unique site locals otherwise.) > > The bottom line is that there is no way to do the right thing with only a > priori information. You need at least _some_ measurement info to make > reasonable decisions. You are mixing things. The DNS is remaining in place. If a host has more then one DNS entry the DNS query will return all of them. RFC 3484 just do some kind of sorting on the entries. You can select locally your preferences. Here is sample transcript what you can do with RFC3484: 1. Setting up IPv6 preference: mohacsi@scone> sudo ./prefer6 Prefix Prec Label Use ::1/128 50 0 0 ::/0 40 1 0 2002::/16 30 2 0 ::/96 20 3 0 ::ffff:0.0.0.0/96 10 4 0 mohacsi@scone> telnet sequoia.muada.com Trying 2001:1af8:2:5::2... ^C 2. Setting up IPv4 preference: mohacsi@scone> sudo ./prefer4 Prefix Prec Label Use ::ffff:0.0.0.0/96 50 0 0 ::1/128 40 1 0 ::/0 30 2 0 2002::/16 20 3 0 ::/96 10 4 0 mohacsi@scone>telnet sequoia.muada.com Trying 83.149.65.1... telnet: connect to address 83.149.65.1: Connection refused Trying 2001:1af8:2:5::2... ^C IPv4 address tried first (probably refused by firewall, switching right to IPv6.... 3. Prefer 3ffe:: addresses mohacsi@scone> sudo ./prefer63 Prefix Prec Label Use ::1/128 50 0 0 3ffe::/16 45 5 0 ::/0 40 1 0 2002::/16 30 2 0 ::/96 20 3 0 ::ffff:0.0.0.0/96 10 4 0 mohacsi@scone> telnet sequoia.muada.com Trying 3ffe:2500:310:2::1... ^C 3ffe:2500:310:2::1 tried first 4. Prefer 2001:: style addresses mohacsi@scone> sudo ./prefer62 Prefix Prec Label Use ::1/128 50 0 0 2001::/16 45 5 0 ::/0 40 1 0 2002::/16 30 2 0 ::/96 20 3 0 ::ffff:0.0.0.0/96 10 4 0 mohacsi@scone> telnet sequoia.muada.com Trying 2001:1af8:2:5::2... ^C mohacsi@scone> So you RFC3484 is very powerful You can prefer IPv4 address or prefer 2001:: address if you want. You can prefer ULA address if you want. But to be consistent in a site, you should implement a site wide policy some other methods e.g. DHCPv6. > >> I think pretty large number of hosts potentially can support RFC3484. >> Windows XP/2003 fully supports it. All *BSD systems also fully supports it. > > So how do I install a policy? Sample scripts I used on FreeBSD attached (You need FreeBSD 5.2 or later ) For Windows XP/2003 the syntax are very similar to ip6addrctl. Adding policy rule: FreeBSD: ip6addrctl add