Re: Use of NPTv6 in a mobile service provider network

Thank you. I am not building it yet… still considering it. The functional problems I am considering are in the fields of ALG. What other problems do you anticipate ? Regards Sent from my iPhone On 3 Feb 2025, at 22:21, Ca By wrote: External sender - pay attention On Mon, Feb 3, 2025 at 12:1

Re: Use of NPTv6 in a mobile service provider network

On 2/3/25 15:14, Amos Rosenboim via NANOG wrote: Even with IPv6, many of the operators I know of do not allow internet initiated traffic towards their subscribers. Address translation is not required for this function. A stateless ACL can do a lot to limit it especially combined with assignin

Re: Use of NPTv6 in a mobile service provider network

My CGNat domains for resi bb (dsl, cm, ftth) for IPv4 were created years ago as MPLS-based L3VPN's.  I've tested and proven an architecture where by which, I advertise another BGP RT and allow the IPv6 dual stacked portion to "flow around" the CGNat boundary and naturally route out to the Inter

Re: Use of NPTv6 in a mobile service provider network

I feel like you are conflating two things, stateful firewalls and NPTv6 or any form of NAT, they are often done at the same box together, but they are not inherently linked. I dislike NAT in an IPv6 environment as I've generally not found a use for it not better served by something else, but a

Re: Use of NPTv6 in a mobile service provider network

On Feb 4, 2025, at 03:14, Amos Rosenboim wrote: As much as I love to be a network purist who hates state maintenance in the core of the network, the sad reality is that these devices are there and will remain there for the foreseeable future. Not on reliable, resilient networks of any signifi

Re: Use of NPTv6 in a mobile service provider network

On Mon, Feb 3, 2025 at 12:15 PM Amos Rosenboim via NANOG wrote: > Roland, > > Thanks for your comments. > > As much as I love to be a network purist who hates state maintenance in > the core of the network, the sad reality is that these devices are there > and will remain there for the foreseeabl

Re: Use of NPTv6 in a mobile service provider network

Roland, Thanks for your comments. As much as I love to be a network purist who hates state maintenance in the core of the network, the sad reality is that these devices are there and will remain there for the foreseeable future. Mobile operators need IPv4 address sharing and many of them choos

Re: Reliable GeoIP database

On Mon, 3 Feb 2025, Scott Q. wrote: What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences. For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https

Re: Reliable GeoIP database

100%. We have certain things we do here at ThreatSTOP that isolate some locations based on the upstream provider because all of the GeoIP databases are wrong. If we collectively understand that GeoIP is “best guess” or “best attempt” and not gospel, we’d all be better off. — Joel Esler Vice

Re: Reliable GeoIP database

This is factual. I spend a significant amount of effort ensuring geoip is accurate for our customers and the proliferation of vendors makes this very annoying and time consuming when we are onboarding a new block. RFC9632 at least makes this easier - I definitely recommend doing so if you are not.

Re: Reliable GeoIP database

I don't feel like there is any reliable GeoIP database. The protocol wasn't designed for this and thus there is a lot of false information presented about where IP addresses are located. On Mon, Feb 3, 2025 at 10:28 AM Dmitriy A. wrote: > We've been dealing with geoip issues for quite a while an

NANOG Discord

NANOG Community, I am excited to announce the official NANOG Discord! Everyone can join by visiting https://discord.nanog.org. In the Discord, you will find groups of channels related to the conferences, NANOG committees, technology (#bgp, #hardware, #ix, and more),

Re: Use of NPTv6 in a mobile service provider network

On Feb 3, 2025, at 17:03, Amos Rosenboim via NANOG wrote: The requirement for state full traffic flow is given by the customer. Organizations sometimes state that they’ve requirements in specializesd contexts which are in fact counterproductive; in such cases, they can often benefit from edu

Re: Reliable GeoIP database

We've been dealing with geoip issues for quite a while and this is what we came up with, maybe it would be useful for you https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md But we're also in progress of updating the logic to include latency as an additional parameter. On Mon, Feb 3,

Re: Reliable GeoIP database

>From my experience, ipinfo.io is one of the most reliable GeoIP databases As for 1.2.9.0, it is not present in the DFZ, so I doubt you will find any correct GeoIP data for it anywhere. On Mon, 2025-02-03 at 06:17 -0500, Scott Q. wrote: > What are you guys using as a reliable GeoIP database ? I'v

Re: Reliable GeoIP database

* qm...@top-consulting.net (Scott Q.) [Mon 03 Feb 2025, 12:18 CET]: What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences. For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but other

Re: Reliable GeoIP database

IPInfo would be a solid choice, but MaxMind is also reliable in most cases. However, some IP databases often provide inaccurate results, and I would recommend avoiding IPStack. ARIN WHOIS is updated by the IP owner or user and can often be outdated or inaccurate, as many operators do not update it

Reliable GeoIP database

What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences. For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0  How to handle

Re: Use of NPTv6 in a mobile service provider network

Thank you Joshua for the quick and detailed response. I agree with everything you mentioned below, and this is why we are considering it. To your questions and comments below: The requirement for state full traffic flow is given by the customer. The logic behind it is to avoid unnecessary pagi