Re: quietly....

> > Of course, I'm a tiny bit of a skeptic, as I really can't see how a stateful > firewall can know which other connections / packets are related without a > lot of the same dodgy shenanigans that goes on now, but at least if you've > gotten rid of the 1-to-N address mangling a fundamental stumbl

Re: quietly....

On Feb 2, 2011, at 8:45 PM, Jay Ashworth wrote: > - Original Message - >> From: "Blake Dunlap" > >> On Wed, Feb 2, 2011 at 22:34, Jay Ashworth wrote: >> >>> I won't run an edge-network that *isn't* NATted; my internal machines >>> have no business having publicly routable addresses. N

Re: quietly....

On Thu, Feb 3, 2011 at 12:18 AM, Jay Ashworth wrote: > Complexity of the configuration vastly increases the size of the > attack surface: in a NATted edge network, *no packets can come in > unless I explicitly configure for them*; there are any number of > reasons why an equivalently simply asser

Re: quietly....

On Thu, Feb 3, 2011 at 12:18 AM, Jay Ashworth wrote: > Complexity of the configuration vastly increases the size of the > attack surface: in a NATted edge network, *no packets can come in > unless I explicitly configure for them*; there are any number of > reasons why an equivalently simply asser

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

On 26/01/2011 09:44 p.m., Karl Auer wrote: > So let's get rid of the limitation in our minds. IPv6 provides > *effectively* unlimited address space, even if it's only "for now". So > let's USE it that way. Let's unlearn our limited thinking patterns. > Let's go colonise infinity. And if we need to

Re: quietly....

On Feb 2, 2011, at 5:22 PM, Randy Carpenter wrote: One of the things I find frustrating about this is the cost of the space. We're a very small shop and to add IPv6 addresses for testing now we're looking at paying another $2,200 a year ($1,700 in the first >>> >>> Ooof. I di

Re: quietly....

On 2/2/2011 5:42 PM, Brian Johnson wrote: I must have missed something. Why would u do NAT in IPv6? 1) To allow yourself to change or maintain multiple upstreams without renumbering. 2) To allow your IPv6-only hosts to reach IPv4 addresses, or vice versa. 3) To give all your outbound session

Re: quietly....

On Thu, Feb 03, 2011 at 12:23:54AM -0500, Jay Ashworth wrote: > - Original Message - > > From: "Matthew Palmer" > > Now, if you decide that none of those applications are important to > > you, > > sure, you can firewall them off as appropriate. But the pervasive > > deployment of NAT means

Re: quietly....

On Wed, Feb 2, 2011 at 11:18 PM, Jay Ashworth wrote: > Justify, yourself in turn, "small number".  My personal estimate of the > number of NATted edge networks is well north of 75%, on a network count You don't get to count all NAT'ed IPv4 edge networks the same. Only the number of NAT'ed edge n

Re: quietly....

- Original Message - > From: "Matthew Palmer" > You're thinking too small -- it's not that individual TCP connections > have > problems, it's that the ability to solve a given problem using > connections > and UDP packets is badly constrained by a lack of end-to-end > connectivity. > The p

Re: quietly....

- Original Message - > From: "Jimmy Hess" > There's no reason for the internet community to re-design every > protocol to allow and > try to function in a NAT environment, for the benefit of a small > number of edge networks, > who want a private castle with hosts on their network not con

Re: quietly....

- Original Message - > From: "Mark Andrews" > > You'll have to document "everyone has to work harder to provide me > > services"; > > this is not my first rodeo, and TTBOMK, it's *transparent* to the > > other end > > of any connection out of my edge network that it's NATted at my end. >

Re: quietly....

On Wed, Feb 02, 2011 at 11:45:49PM -0500, Jay Ashworth wrote: > - Original Message - > > From: "Blake Dunlap" > > > On Wed, Feb 2, 2011 at 22:34, Jay Ashworth wrote: > > > > > I won't run an edge-network that *isn't* NATted; my internal machines > > > have no business having publicly ro

Re: quietly....

On Wed, Feb 2, 2011 at 10:34 PM, Jay Ashworth wrote: [snip] > I won't run an edge-network that *isn't* NATted; my internal machines > have no business having publicly routable addresses.  No one has *ever* > provided me with a serviceable explanation as to why that's an invalid > view. If you wan

Re: quietly....

In message <10058800.4297.1296708348990.javamail.r...@benjamin.baylink.com>, Jay Ashwor th writes: > - Original Message - > > From: "Blake Dunlap" > > > On Wed, Feb 2, 2011 at 22:34, Jay Ashworth wrote: > > > > > I won't run an edge-network that *isn't* NATted; my internal machines >

Re: quietly....

On Wed, Feb 2, 2011 at 7:10 PM, Brandon Butterworth wrote: > > Just need to add default route in there and make dhcpd do RA > then the user can turn off RA on their routers and not care > that DHCPv6 doesn't include default router. > Having a DHCP server generate RA messages kind of defeats the po

Re: quietly....

- Original Message - > From: "Blake Dunlap" > On Wed, Feb 2, 2011 at 22:34, Jay Ashworth wrote: > > > I won't run an edge-network that *isn't* NATted; my internal machines > > have no business having publicly routable addresses. No one has *ever* > > provided me with a serviceable expla

Re: quietly....

On Wed, Feb 2, 2011 at 22:34, Jay Ashworth wrote: > - Original Message - > > From: "Owen DeLong" > > > If you're determined to destroy IPv6 by bringing the problems of NAT > > forward with you, then, I'm fine with you remaining in your IPv4 > > island. I'm willing to bet that most organi

Re: quietly....

- Original Message - > From: "Owen DeLong" > If you're determined to destroy IPv6 by bringing the problems of NAT > forward with you, then, I'm fine with you remaining in your IPv4 > island. I'm willing to bet that most organizations will embrace an > internet unencumbered by the brokenne

Re: quietly....

- Original Message - > From: "david raistrick" > On Tue, 1 Feb 2011, Dave Israel wrote: > > > responsibility. If they want to use DHCPv6, or NAT, or Packet over > > Avian > > Carrier to achieve that, let them. If using them causes them > > problems, then > > they should not use them. It

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

On Wed, Feb 2, 2011 at 5:07 PM, Carlos Martinez-Cagnazzo wrote: > Disconnected networks have a bothersome tendency to get connected at > some point ( I have been severely bitten by this in the past ), so > while I agree that there is no need to coordinate anything globally, > then a RFC 1918-like

Re: quietly....

On Feb 2, 2011, at 8:38 PM, Randy Carpenter wrote: > From the main section on https://www.arin.net/fees/fee_schedule.html: > > "... ISPs with both IPv4 resources and IPv6 resources pay the larger of the > two fees." > > It is not mentioned anywhere in the waiver stuff. Actually it is in the w

Re: quietly....

>From the main section on https://www.arin.net/fees/fee_schedule.html: "... ISPs with both IPv4 resources and IPv6 resources pay the larger of the two fees." It is not mentioned anywhere in the waiver stuff. -Randy -- | Randy Carpenter | Vice President - IT Services | Red Hat Certified Engi

Re: quietly....

On Feb 2, 2011, at 7:22 PM, Randy Carpenter wrote: > And, even if you are an ISP, you only pay the larger of the two fees if you > have both v4 and v6. I'm not sure if that is permanent or not, though. I thought that was part of the "waiver" stuff that expires this year. Chris -- -

Re: quietly....

> >> One of the things I find frustrating about this is the cost of the > >> space. We're a very small shop and to add IPv6 addresses for > >> testing now we're looking at paying another $2,200 a year ($1,700 > >> in the first > > > > Ooof. I didn't get that far - and hadn't realized the waiver was

Re: quietly....

On Wed, Feb 2, 2011 at 5:03 PM, david raistrick wrote: > On Wed, 2 Feb 2011, Chris Owen wrote: > >> On Feb 2, 2011, at 3:09 PM, david raistrick wrote: >> >>> At least in ARIN territory, if you're multihomed, and you can show >>> in-1-year use of 50% of a (v4) /24, you qualify for a PI v6 /48. > >>

Re: quietly....

In message , "Ricky Beam" writes: > On Wed, 02 Feb 2011 17:18:25 -0500, Mark Andrews wrote: > > Or you just filter them out in the laptop. With the proper tools you > > just ignore and RA's containing 2002:. Done that for years now. > > Get back to me when you control every network device i

Re: quietly....

On Feb 2, 2011, at 5:03 PM, david raistrick wrote: > On Wed, 2 Feb 2011, Chris Owen wrote: > >> On Feb 2, 2011, at 3:09 PM, david raistrick wrote: >> >>> At least in ARIN territory, if you're multihomed, and you can show >>> in-1-year use of 50% of a (v4) /24, you qualify for a PI v6 /48. > >

Re: quietly....

> > You can do that today. For instance, this is what I have in a test = > > setup. (However, the ISC dhcpd can only do either v4 or v6, not both at = > > the same time.) > > Which is a limitation that we intend to address. It was more time > sensitive to get a DHCPv6 server out there than a inte

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

Disconnected networks have a bothersome tendency to get connected at some point ( I have been severely bitten by this in the past ), so while I agree that there is no need to coordinate anything globally, then a RFC 1918-like definition would be nice (if we are not going to use ULAs, that is) chee

Re: quietly....

On Wed, 2 Feb 2011, Chris Owen wrote: On Feb 2, 2011, at 3:09 PM, david raistrick wrote: At least in ARIN territory, if you're multihomed, and you can show in-1-year use of 50% of a (v4) /24, you qualify for a PI v6 /48. One of the things I find frustrating about this is the cost of the spa

Re: quietly....

On Feb 2, 2011, at 3:09 PM, david raistrick wrote: > At least in ARIN territory, if you're multihomed, and you can show in-1-year > use of 50% of a (v4) /24, you qualify for a PI v6 /48. One of the things I find frustrating about this is the cost of the space. We're a very small shop and to

Re: quietly....

In message <1397b616-f7f5-4212-b055-c0dfe1a99...@muada.com>, Iljitsch van Beijnum write s: > On 2 feb 2011, at 21:36, Lamar Owen wrote: > > > > > What I want is to add an IPv6 subnet or subnets to my already tuned = > DHCP server config, add IPv6 addresses to the addresses handed out (in = > th

Re: quietly....

In message <09c9d1b8-f003-4932-abc1-7299f81f1...@sackheads.org>, John Payne writes: > > On Feb 2, 2011, at 3:15 PM, George Herbert wrote: > > > On Wed, Feb 2, 2011 at 8:55 AM, Iljitsch van Beijnum = > wrote: > >> On 2 feb 2011, at 17:14, Dave Israel wrote: > >>=20 > I understand people us

Re: quietly....

In message <3cd3a697-8d3c-4ede-8e4e-53c0e103e...@sackheads.org>, John Payne writes: > > On Feb 2, 2011, at 2:54 PM, Owen DeLong wrote: > > >=20 > > On Feb 2, 2011, at 11:40 AM, John Payne wrote: > >=20 > >>=20 > >> On Feb 2, 2011, at 6:18 AM, Owen DeLong wrote: > >>=20 > >>> NAT66 is different.

Re: quietly....

On Feb 2, 2011, at 2:18 PM, Mark Andrews wrote: > > In message <25915.1296675743@localhost>, valdis.kletni...@vt.edu writes: >> --==_Exmh_1296675743_5545P >> Content-Type: text/plain; charset=us-ascii >> >> On Wed, 02 Feb 2011 14:30:23 EST, John Payne said: >>> On Feb 2, 2011, at 3:16 AM, Iljit

Re: quietly....

On Wednesday, February 02, 2011 05:04:33 pm Mark Andrews wrote: > They didn't fail. They were designed to complement each other. It > just that somewhere along the way people forgot that. My engineer brain looks at it this way: "The better is the enemy of the good." (Voltaire: "Le mieux est l'en

Re: quietly....

On Wed, 02 Feb 2011 17:18:25 -0500, Mark Andrews wrote: Or you just filter them out in the laptop. With the proper tools you just ignore and RA's containing 2002:. Done that for years now. Get back to me when you control every network device in the world. That may work for you. In your n

Re: quietly....

On Wed, 02 Feb 2011 17:04:33 -0500, Mark Andrews wrote: They didn't fail. They were designed to complement each other. It just that somewhere along the way people forgot that. No. They failed. In all respects. The political agendas within IPng were anti-NAT and anti-DHCP. So they desig

Re: quietly....

I must have missed something. Why would u do NAT in IPv6? John Payne wrote: On Feb 2, 2011, at 2:54 PM, Owen DeLong wrote: > > On Feb 2, 2011, at 11:40 AM, John Payne wrote: > >> >> On Feb 2, 2011, at 6:18 AM, Owen DeLong wrote: >> >>> NAT66 is different. NAT66 breaks things in ways that impa

Re: quietly....

On Wednesday, February 02, 2011 03:55:30 pm Iljitsch van Beijnum wrote: > You can do that today. For instance, this is what I have in a test setup. > (However, the ISC dhcpd can only do either v4 or v6, not both at the same > time.) First, thanks for taking the time to reply. That is appreciate

Re: quietly....

In message , John Payne wri tes: > > On Feb 1, 2011, at 6:15 PM, Owen DeLong wrote: > > >=20 > > On Feb 1, 2011, at 2:56 PM, John Payne wrote: > >=20 > >>=20 > >>=20 > >> On Feb 1, 2011, at 4:38 PM, Owen DeLong wrote: > >>=20 > >>> NAT solves exactly one problem. It provides a way to reduce add

Re: quietly....

On 02/02/2011 21:26, Matt Addison wrote: RA Guard has been described in RFC 6105 (still draft, but standards track), so that particular problem should be taken care of once vendors start shipping code. It doesn't even require SeND- although it does accomodate it. wonderful. In the interim, it

Re: quietly....

In message <25915.1296675743@localhost>, valdis.kletni...@vt.edu writes: > --==_Exmh_1296675743_5545P > Content-Type: text/plain; charset=us-ascii > > On Wed, 02 Feb 2011 14:30:23 EST, John Payne said: > > On Feb 2, 2011, at 3:16 AM, Iljitsch van Beijnum wrote: > > > Example: if you give administ

Re: quietly....

In message <9271a508-9b5e-4919-ac14-487b8c8e8...@delong.com>, Owen DeLong write s: > > On Feb 2, 2011, at 6:17 AM, Iljitsch van Beijnum wrote: > > > On 2 feb 2011, at 14:10, Owen DeLong wrote: > >=20 > >>> I didn't say they were necessarily good routers. > >=20 > >> No, you said the router alway

Re: quietly....

> It's a bit of a shame that people who've gotten into networking in the > last 10 to 15 years haven't studied or worked with anything more than > IPv4. They've missed out on seeing a variety of different ways to solve > the same types of problems and therefore been exposed to the various > benefit

Re: Verizon acquiring Terremark

On Wed, Feb 2, 2011 at 9:54 AM, Jason LeBlanc wrote: > I wonder if the price point will change.  Having been in PAIX/S&D/Equinix > facilities for several years things have certainly changed with regard to > contract negotiations and pricing.  Equinix is not very flexible.  The > shuffle of techs h

Re: quietly....

On Feb 2, 2011, at 1:37 PM, Roland Perry wrote: > In article , John Payne > writes > >> NAT provides a solution to, lets call it, enterprise multihoming. >> Remote office with a local Internet connection, but failover through >> the corporate network. > > And for home (/homeworker) networks .

Re: quietly....

In message , Tony Fi nch writes: > On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: > > > > But there's so much wrong with DHCPv6 that trying to fix it is pretty > > much useless, we need to abandon DHCP and start from scratch. Good thing > > IPv6 works just fine without DHCPv6. > > Yeah, no-one n

Re: quietly....

On Wed, Feb 2, 2011 at 1:13 PM, Leo Bicknell wrote: > In a message written on Wed, Feb 02, 2011 at 09:55:30PM +0100, Iljitsch van > Beijnum wrote: >> Can you explain what exactly the problems with DHCPv6 are that you're >> running into that are inherent to DHCP and/or IPv6 host configuration and

Re: quietly....

In article , John Payne writes NAT provides a solution to, lets call it, enterprise multihoming. Remote office with a local Internet connection, but failover through the corporate network. And for home (/homeworker) networks ... eg I have a NAT box with a default connection to my ADSL provi

Re: quietly....

>> Why do we need mommy-IETF telling us no for default routes in DHCP but >> letting RAs run wild? >> Why does the mere mention of NAT cause daddy-IETF to round up the troops and >> insist that everyone is wrong? > > Because IPv4-style DHCP often breaks because the DHCP server points to the > w

Re: quietly....

On Wed, Feb 2, 2011 at 16:13, Leo Bicknell wrote: > I love this question, because it basically admits the protocol is > broken. To make RA's even remotely palitable, you need "RA Guard" on > the switches. This feature does not exist, but if we bring features > like DHCP guard forward into the I

Re: quietly....

On Wed, 2 Feb 2011 07:04:13 -0800 Owen DeLong wrote: > > On Feb 2, 2011, at 6:43 AM, Jack Bates wrote: > > > > > > > On 2/2/2011 8:22 AM, Tony Finch wrote: > >> Counterexample: rogue RAs from Windows boxes running 6to4 or Teredo and > >> Internet Connection Sharing. This is a lot harder to fi

Re: quietly....

On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: IPv6 is what it is. There will be more tinkering but if you think there's enough and yet it still isn't ready and standardly supported by OSes, routers, switches, software seems to me it's in the same mode it always has been. Because IP

Re: quietly....

In a message written on Wed, Feb 02, 2011 at 09:55:30PM +0100, Iljitsch van Beijnum wrote: > On 2 feb 2011, at 21:18, John Payne wrote: > > Having machines listen to any RA they receive is _today_ a cause of a lot > > of operational problems. > > You should have come to the IETF 10 or even 5 yea

Re: quietly....

On Wed, 2 Feb 2011 15:18:55 -0500 John Payne wrote: > > On Feb 2, 2011, at 3:12 PM, Iljitsch van Beijnum wrote: > > > On 2 feb 2011, at 20:37, John Payne wrote: > > > DHCP fails because you can't get a default router out of it. > > > >>> If you consider that wrong, I don't want to be rig

Re: quietly....

On 2 feb 2011, at 21:18, John Payne wrote: > Having machines listen to any RA they receive is _today_ a cause of a lot of > operational problems. You should have come to the IETF 10 or even 5 years ago. It's too late now, one day before the global pool of IPv4 addresses runs out. IPv6 is what i

Re: quietly....

On Wednesday, February 02, 2011 03:16:59 am Iljitsch van Beijnum wrote: > A clear win. Of course it does mean that people have to learn > something new when adopting IPv6. Ever hear of intellectual inertia? The more that has to be learned to go a new path, the less likely that path will be cho

Re: quietly....

On Feb 2, 2011, at 3:15 PM, George Herbert wrote: > On Wed, Feb 2, 2011 at 8:55 AM, Iljitsch van Beijnum > wrote: >> On 2 feb 2011, at 17:14, Dave Israel wrote: >> I understand people use DHCP for lots of stuff today. But that's mainly because DHCP is there, not because it's the bes

Re: quietly....

On Feb 2, 2011, at 11:42 AM, valdis.kletni...@vt.edu wrote: > On Wed, 02 Feb 2011 07:45:46 -1000, Antonio Querubin said: >> On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: >> >>> different networks, things don't always work so well. I may want to use >>> the DHCP-provided NTP servers at work, b

Re: 2011.02.02 NANOG51 day 3 morning session notes

Josh ++ Geek Circus sets the bar. On Feb 2, 2011, at 1:34 PM, Mehmet Akcin wrote: > > On Feb 2, 2011, at 11:52 AM, Matthew Petach wrote: > >> Thanks again to Josh and Terremark for hosting another >> successful conference; would have loved to be able to >> join the party, but alas, lack of

Re: quietly....

On Feb 2, 2011, at 3:12 PM, Iljitsch van Beijnum wrote: > On 2 feb 2011, at 20:37, John Payne wrote: > DHCP fails because you can't get a default router out of it. > >>> If you consider that wrong, I don't want to be right. > >> Hey, I thought you wanted ops input... Here you are getting

Re: quietly....

On Wed, Feb 2, 2011 at 8:55 AM, Iljitsch van Beijnum wrote: > On 2 feb 2011, at 17:14, Dave Israel wrote: > >>> I understand people use DHCP for lots of stuff today. But that's mainly >>> because DHCP is there, not because it's the best possible way to get that >>> particular job done. > >> So w

Re: quietly....

On Feb 2, 2011, at 2:54 PM, Owen DeLong wrote: > > On Feb 2, 2011, at 11:40 AM, John Payne wrote: > >> >> On Feb 2, 2011, at 6:18 AM, Owen DeLong wrote: >> >>> NAT66 is different. NAT66 breaks things in ways that impact sites outside >>> of the site choosing to deploy NAT. >> >> Examples? >

Re: quietly....

On 2 feb 2011, at 20:37, John Payne wrote: >>> DHCP fails because you can't get a default router out of it. >> If you consider that wrong, I don't want to be right. > Hey, I thought you wanted ops input... Here you are getting it, and look, > here all you are doing is saying that its wrong. I

Primus Canada AS 6407 Contact needed

Hi, I'm seeking a contact at AS6407 to help troubleshoot a huge spike in latency I'm seeing to them. Thanks, Jared

Re: quietly....

On Feb 2, 2011, at 11:40 AM, John Payne wrote: > > On Feb 2, 2011, at 6:18 AM, Owen DeLong wrote: > >> NAT66 is different. NAT66 breaks things in ways that impact sites outside of >> the site choosing to deploy NAT. > > Examples? SIP Network enabled Video Games Peer to Peer services of vario

Re: quietly....

On 2/2/2011 2:42 PM, valdis.kletni...@vt.edu wrote: > The only other charitable conclusion I can draw is "Somebody hasn't spent time > chasing down people with misconfigured laptops on the wireless who are > squawking > RA's for 2002:" > > There's a *big* operational difference between "all author

Re: quietly....

On Feb 1, 2011, at 6:15 PM, Owen DeLong wrote: > > On Feb 1, 2011, at 2:56 PM, John Payne wrote: > >> >> >> On Feb 1, 2011, at 4:38 PM, Owen DeLong wrote: >> >>> NAT solves exactly one problem. It provides a way to reduce address >>> consumption to work around a shortage of addresses. >>>

Re: quietly....

On Wed, 02 Feb 2011 14:30:23 EST, John Payne said: > On Feb 2, 2011, at 3:16 AM, Iljitsch van Beijnum wrote: > > Example: if you give administrators the option of putting a router > > address in a DHCP option, they will do so and some fraction of the time, > > this will be the wrong address and thi

Re: quietly....

On Wed, 02 Feb 2011 07:45:46 -1000, Antonio Querubin said: > On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: > > > different networks, things don't always work so well. I may want to use > > the DHCP-provided NTP servers at work, but syncing with a random NTP > > server when I connect to a wifi

Re: quietly....

On Feb 2, 2011, at 6:18 AM, Owen DeLong wrote: > NAT66 is different. NAT66 breaks things in ways that impact sites outside of > the site choosing to deploy NAT. Examples?

Re: quietly....

On Feb 2, 2011, at 10:23 AM, Iljitsch van Beijnum wrote: > On 2 feb 2011, at 16:00, Owen DeLong wrote: > >> SLAAC fails because you can't get information about DNS, NTP, or anything >> other than a list of prefixes and a router that MIGHT actually be able to >> default-route your packets. > >

Re: quietly....

On Feb 2, 2011, at 3:16 AM, Iljitsch van Beijnum wrote: > On 2 feb 2011, at 4:51, Dave Israel wrote: > >> They were features dreamed up by academics, theoreticians, and purists, and >> opposed by operators. > > Contrary to popular belief, the IETF listens to operators and wants them to > part

Re: ipv4's last graph

Currently there is no policy in ARIN that would do that short of the last /10, so, the line should change at 1/4 of the last /8. Owen On Feb 2, 2011, at 10:43 AM, Richard Barnes wrote: > Note that the ARIN, APNIC, and RIPE lines should all basically level > out to asymptotes after they hit 1 /8

Re: quietly....

the problem is not whether RA is worth a damn, produces more erronious results, is harder to filter bad guys/gals, ... the problem is folk have *large* dhcp deployments. they look at going to ipv6 and say "wtf? i have to revamp my operation because of some religious nuts. rfc1918 is my friend.

RE: ipv4's last graph

> -Original Message- > From: Richard Barnes [mailto:richard.bar...@gmail.com] > Sent: Wednesday, February 02, 2011 10:44 AM > To: Tony Hain > Cc: Vincent Hoffman; nanog@nanog.org > Subject: Re: ipv4's last graph > > Note that the ARIN, APNIC, and RIPE lines should all basically level > out

Re: ipv4's last graph

Note that the ARIN, APNIC, and RIPE lines should all basically level out to asymptotes after they hit 1 /8 left, due to the "soft run out" policies in place [1][2][3]. Either that, or just consider arriving at 1 /8 left as depletion. Geoff: How are your graphs dealing with these policies? [1]

Re: ipv4's last graph

On Wed, Feb 02, 2011 at 10:11:48AM -0800, Tony Hain said: >For some reason that viewer didn't work here, so I added jpg's to the site. >http://www.tndh.net/~tony/ietf/IPv4-rir-pools.jpg >http://www.tndh.net/~tony/ietf/IPv4-rir-pools-zoom.jpg 13:13 < dec0de> africa is where it's at 13:15 < mo

Re: 2011.02.02 NANOG51 day 3 morning session notes

On Feb 2, 2011, at 11:52 AM, Matthew Petach wrote: > Thanks again to Josh and Terremark for hosting another > successful conference; would have loved to be able to > join the party, but alas, lack of budget ruled that out > this time around. +1 Josh / Bill , amazing job with hosting nanog. Meh

Re: AS numbers and multiple site best practices

It seems to me that the issues (in terms of causing failures) are all related to how the prefixes are announced, and not what ASN they are announced from. However if there ARE issues caused by how the prefixes are announced, it may (or may not) be easier to troubleshoot the problem if the announce

RE: ipv4's last graph

> -Original Message- > From: Vincent Hoffman [mailto:jh...@unsane.co.uk] > Sent: Wednesday, February 02, 2011 9:44 AM > To: nanog@nanog.org > Subject: Re: ipv4's last graph > > On 02/02/2011 17:22, Matthew Petach wrote: > > On Wed, Feb 2, 2011 at 9:01 AM, Tony Hain wrote: > >> So in the i

Re: quietly....

On 02/02/2011 17:43, Matt Addison wrote: Why do they have to be mutually exclusive? What's wrong with having default well known (potentially anycasted) resolver addresses, which can then be overridden by RA/DHCP/static configuration? because that increases the complexity of the system, and comp

Re: quietly....

On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: different networks, things don't always work so well. I may want to use the DHCP-provided NTP servers at work, but syncing with a random NTP server when I connect to a wifi hotspot is not such a great idea. It's not "random" if the network opera

Re: ipv4's last graph

On 02/02/2011 17:22, Matthew Petach wrote: > On Wed, Feb 2, 2011 at 9:01 AM, Tony Hain wrote: >> So in the interest of 'second opinions never hurt', and I just can't get my >> head around "APnic sitting at 3 /8's, burning 2.3 /8's in the last 2 months >> and the idea of a 50% probability that thei

Re: quietly....

On Wed, Feb 2, 2011 at 12:28, david raistrick wrote: > On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: > > No, the point is that DNS resolvers in different places all use the same >> addresses. So at the cyber cafe 3003::3003 is the cyber cafe DNS but at the >> airport 3003::3003 is the airport

Re: quietly....

On Wed, 2 Feb 2011, Iljitsch van Beijnum wrote: No, the point is that DNS resolvers in different places all use the same addresses. So at the cyber cafe 3003::3003 is the cyber cafe DNS but at the airport 3003::3003 is the airport DNS. (Or in both cases, if they don't run a DNS server, one ope

RE: AS numbers and multiple site best practices

> > I've had trouble finding any technical reason not to use it. > > What is important to you about having QA and Corporate use separate AS > numbers? Does using the same AS number result in a reduction of > separation? For my part it's mostly a desire to make sure that changes to QA or Corp BG

Re: ipv4's last graph

On Wed, Feb 2, 2011 at 9:01 AM, Tony Hain wrote: > So in the interest of 'second opinions never hurt', and I just can't get my > head around "APnic sitting at 3 /8's, burning 2.3 /8's in the last 2 months > and the idea of a 50% probability that their exhaustion event occurs Aug. > 2011", here are

Re: quietly....

On Tue, 1 Feb 2011, Cameron Byrne wrote: Telling people "I'm right, you're wrong" over and over again leads to them going away and ignoring IPv6. +1 Somebody should probably get a blog instead of sending, *39 and counting*, emails to this list in one day. It's a discussion list. We're hav

RE: ipv4's last graph

So in the interest of 'second opinions never hurt', and I just can't get my head around "APnic sitting at 3 /8's, burning 2.3 /8's in the last 2 months and the idea of a 50% probability that their exhaustion event occurs Aug. 2011", here are a couple other graphs to consider. http://www.tndh.net/~t

OT: References for i/o Phoenix Datacenter

My company is considering taking space in the i/o "Phoenix One" datacenter in Arizona. If anyone has any feedback of this facility in general or any of i/o's facilities, good or bad, I would certainly appreciate an off-list reply. As you would expect, the company you're intending to do business w

Re: quietly....

On Wednesday, February 02, 2011 10:23:28 am Iljitsch van Beijnum wrote: > Who ever puts NTP addresses in DHCP? That doesn't make any sense. I'd rather > use a known NTP server that keeps correct time. We do, for multiple reasons. And we have some stringent timing requirements.

Re: quietly....

On 2 feb 2011, at 17:14, Dave Israel wrote: >> I understand people use DHCP for lots of stuff today. But that's mainly >> because DHCP is there, not because it's the best possible way to get that >> particular job done. > So what if I want to assign different people to different resolvers by po

2011.02.02 NANOG51 day 3 morning session notes

Final set of notes for NANOG51 have been posted up at http://kestrel3.netflight.com/2011.02.02-NANOG51-morning-notes.txt (not that many people will see them, as everyone is clearing out of the room and heading for flights at this point. ^_^; ) Thanks again to Josh and Terremark for hosting ano

Re: quietly....

On Wednesday, February 02, 2011 10:52:46 am Iljitsch van Beijnum wrote: > No, the point is that DNS resolvers in different places all use the same > addresses. So at the cyber cafe 3003::3003 is the cyber cafe DNS but at the > airport 3003::3003 is the airport DNS. (Or in both cases, if they don'

Re: Connectivity to Brazil

Very simply. :) We chose to stop accepting prefixes from and announcing prefixes to them. You could attempt this in more elaborate and less forceful ways if you're in the right position, but we encounter issues like this too much and it affects critical clients that cannot afford any downtime, and

Egypt

Hi again from Network World... We're now looking into a story on how Egypt may have restored service -- did they bring up all routes at once? Stagger the re-introduction of routes so as not to overwhelm routers? Any specific ISPs brought up before others and why? ie, Noor and the stock exchange

Re: quietly....

Matt Addison writes: > I'll admit right now that I don't know nearly enough about the IETF process, > but it looks like there have been 2 separate attempts at this: > draft-lee-dnsop-resolver-wellknown-ipv6addr - ID, expired > draft-ohta-preconfigured-dns - ID, expired > > Until one of those is

  1   2   >