Re: IPv6 Unique Local Addresses

At 02:02 AM 3/3/2018, Owen DeLong wrote: > On Mar 2, 2018, at 10:38 PM, Matt Harris wrote: > > On Sat, Mar 3, 2018 at 12:33 AM, Owen DeLong mailto:o...@delong.com>> wrote: > Sure… You have to maintain the tunnel or they may reassign/reallocate the address. Here’s the reality of that, howev

Re: IPv6 Unique Local Addresses

On 03/02/2018 02:40 PM, Matthew Kaufman wrote: Exactly what Matt Harris says here... ULA is free. Space obtained from ARIN is not. You want to discourage someone from doing the right thing, charge a lot for that. The ARIN fee schedule for an ASN and a /40 has an amortized annual cost approxim

Re: IPv6 Unique Local Addresses

> On Mar 2, 2018, at 10:38 PM, Matt Harris wrote: > > On Sat, Mar 3, 2018 at 12:33 AM, Owen DeLong > wrote: > Sure… You have to maintain the tunnel or they may reassign/reallocate the > address. Here’s the reality of that, however: > > 1.Unless you care about reach

Re: IPv6 Unique Local Addresses

On Sat, Mar 03, 2018 at 12:38:58AM -0600, Matt Harris wrote: > I'm not sure where you're getting the $100 figure from, ARIN's minimum fee > for an allocation is $250/year [...] End Users have a different fee structure: Annual maintenance fees are $100 for each IPv4 address block, $100 for eac

Re: IPv6 Unique Local Addresses

Sure… You have to maintain the tunnel or they may reassign/reallocate the address. Here’s the reality of that, however: 1. Unless you care about reaching the customer they reassigned it to from your network, you don’t care. 2. Using it for ULA in addition to the tunnel isn’t really pro

Re: IPv6 Unique Local Addresses

> On Mar 2, 2018, at 1:06 PM, Matt Harris wrote: > > On Fri, Mar 2, 2018 at 2:45 PM, Owen DeLong > wrote: > Space from tunnel brokers is also free. > > Owen > > For myriad reasons (added latency, reliability concerns related to relying on > traffic over a connection w

Re: IPv6 Unique Local Addresses

On Sat, Mar 3, 2018 at 12:33 AM, Owen DeLong wrote: > Sure… You have to maintain the tunnel or they may reassign/reallocate the > address. Here’s the reality of that, however: > > 1. Unless you care about reaching the customer they reassigned it to from > your network, you don’t care. > 2. Using

Re: IPv6 Unique Local Addresses

Once again, you’re talking about usability of the addresses for internet connectivity. I don’t understand the relevance since we’re talking about a GUA based substitute for ULA. What am I missing? Owen > On Mar 2, 2018, at 1:29 PM, Bryan Holloway wrote: > > Another problem with tunnel broke

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

In article you write: >What can you do with ULA that GUA isn’t suitable for? I have a home network with two segments, one wired and one wireless. It has IPv6 addresses assigned by my ISP, Spectrum nee TWC, which probably won't change but who knows, they make no promises. I have some servers on m

Re: IPv6 Unique Local Addresses

Section 3 of https://tunnelbroker.net/tos.php It isn't "free". It may be included with a service that is currently available for free, but they aren't providing free address space for an unlimited period. Matthew Kaufman On Fri, Mar 2, 2018 at 12:45 PM Owen DeLong wrote: > Space from tunnel br

Re: IPv6 Unique Local Addresses

Another problem with tunnel brokers is that they are sometimes flagged by content providers as being some sort of "proxy", and consequently won't send you traffic. Notably, Netflix. On 3/2/18 3:06 PM, Matt Harris wrote: On Fri, Mar 2, 2018 at 2:45 PM, Owen DeLong wrote: Space from tunnel b

Re: IPv6 Unique Local Addresses

On Fri, Mar 2, 2018 at 2:45 PM, Owen DeLong wrote: > Space from tunnel brokers is also free. > > Owen > For myriad reasons (added latency, reliability concerns related to relying on traffic over a connection which doesn't offer an SLA or recourse for downtime, lack of support on ISP-provided CPE

Re: IPv6 Unique Local Addresses

Space from tunnel brokers is also free. Owen > On Mar 2, 2018, at 12:40 PM, Matthew Kaufman wrote: > > Exactly what Matt Harris says here... ULA is free. Space obtained from ARIN > is not. You want to discourage someone from doing the right thing, charge a > lot for that. > > Matthew Kaufman

Re: IPv6 Unique Local Addresses

Exactly what Matt Harris says here... ULA is free. Space obtained from ARIN is not. You want to discourage someone from doing the right thing, charge a lot for that. Matthew Kaufman On Fri, Mar 2, 2018 at 11:30 AM Matt Harris wrote: > On Fri, Mar 2, 2018 at 11:08 AM, Owen DeLong wrote: > > > >

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Not sure if this is the common thought, but if anyone has a network which requires static IP assignments, they can probably justify a request for a /48 from an RIR. After all, ARIN's requirement for an end-user IPv6 block is, at minimum: "Justify why IPv6 addresses from an ISP or other LIR are uns

Re: IPv6 Unique Local Addresses

On Fri, Mar 2, 2018 at 11:08 AM, Owen DeLong wrote: > > I doubt anyone is taking it away, pointless and useless as it is. > > Owen > I'm not sure I'd say it's pointless and useless. It's free, which gives it at least some point/use case, versus IPv6 space obtained from an RIR where, at least in

Re: IPv6 Unique Local Addresses

> On Mar 2, 2018, at 7:55 AM, Nicholas Warren wrote: > > Please don't take away ULA. > >>> You really think that doing ULA according to the RFCs (collision >>> avoidance algorithm and all) is easier than filling out a form at HE? >>> REALLY? >> >> Yes. > > It's hard enough to sell ipv6 for L

RE: IPv6 Unique Local Addresses

Please don't take away ULA. >> You really think that doing ULA according to the RFCs (collision >> avoidance algorithm and all) is easier than filling out a form at HE? >> REALLY? > > Yes. It's hard enough to sell ipv6 for LAN without adding having to get a tunnel, register with a RIR, whateve

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On Mar 2, 2018, at 19:25, Bjørn Mork wrote: > > Owen DeLong writes: > >>> On Mar 2, 2018, at 3:17 AM, Bjørn Mork wrote: >>> >>> Owen DeLong writes: >>> What can you do with ULA that GUA isn’t suitable for? >>> >>> 1) get >>> 2) keep >>> 3) move >> >> Wrong. >> >> 1) get >>Ea

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Owen DeLong writes: >> On Mar 2, 2018, at 3:17 AM, Bjørn Mork wrote: >> >> Owen DeLong writes: >> >>> What can you do with ULA that GUA isn’t suitable for? >> >> 1) get >> 2) keep >> 3) move > > Wrong. > > 1) get > Easy as going to http://tunnelbroker.net and

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On Mar 2, 2018, at 3:17 AM, Bjørn Mork wrote: > > Owen DeLong writes: > >> What can you do with ULA that GUA isn’t suitable for? > > 1) get > 2) keep > 3) move Wrong. 1) get Easy as going to http://tunnelbroker.net and filling out a form. Remember to ch

Re: IPv6 Unique Local Addresses

> On Mar 2, 2018, at 3:50 AM, sth...@nethelp.no wrote: > >>> ULA at inside and 1:1 to operator address in the edge is what I've >>> been recommending to my enterprise customers since we started to offer >>> IPv6 commercially. Fits their existing processes and protects me from >>> creating tainted

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

For that matter, if we can kill IPv4, we have plenty of headroom for a LOT of IPv6 PI space. Owen > On Mar 1, 2018, at 4:48 PM, Matt Erculiani wrote: > > Not sure if this is the common thought, but if anyone has a network > which requires static IP assignments, they can probably justify a > re

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On Mar 1, 2018, at 5:30 PM, Mark Andrews wrote: > > >> On 2 Mar 2018, at 11:48 am, Matt Erculiani wrote: >> >> Not sure if this is the common thought, but if anyone has a network >> which requires static IP assignments, they can probably justify a >> request for a /48 from an RIR. After al

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On Mar 1, 2018, at 6:30 PM, Harald Koch wrote: > > On 1 March 2018 at 18:48, Mark Andrews wrote: > >> ULA provide stable internal addresses which survive changing ISP >> for the average home user. > > > Yeah this is pretty much what I'm doing. ULA for stable, internal addresses > that I ca

Re: IPv6 Unique Local Addresses

> > ULA at inside and 1:1 to operator address in the edge is what I've > > been recommending to my enterprise customers since we started to offer > > IPv6 commercially. Fits their existing processes and protects me from > > creating tainted unusable addresses. > > Oh, please. NAT all over again? T

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On Mar 2, 2018, at 1:50 AM, Saku Ytti wrote: > > Enno et al ULA fans > > I could not agree more. > > Either you provide your enterprise customers transportable address or > ULA. If you assign and promote them to use your 'PA' address, they > will take your PA address with them when they chan

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Owen DeLong writes: > What can you do with ULA that GUA isn’t suitable for? 1) get 2) keep 3) move Granted, many of us can do that with GUAs too. But with ULA those features are avaible to everyone everywhere. Which is useful for a number of applications where you care mostly about the local

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Enno et al ULA fans I could not agree more. Either you provide your enterprise customers transportable address or ULA. If you assign and promote them to use your 'PA' address, they will take your PA address with them when they change operator 10 years from now, and if you reuse it, these two cust

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Hi, On Thu, Mar 01, 2018 at 09:30:32PM -0500, Harald Koch wrote: > On 1 March 2018 at 18:48, Mark Andrews wrote: > > > ULA provide stable internal addresses which survive changing ISP > > for the average home user. > > > Yeah this is pretty much what I'm doing. ULA for stable, internal address

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

On 1 March 2018 at 18:48, Mark Andrews wrote: > ULA provide stable internal addresses which survive changing ISP > for the average home user. Yeah this is pretty much what I'm doing. ULA for stable, internal addresses that I can put into the (internal) DNS: ISP prefixes for global routing. Renu

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On 2 Mar 2018, at 11:48 am, Matt Erculiani wrote: > > Not sure if this is the common thought, but if anyone has a network > which requires static IP assignments, they can probably justify a > request for a /48 from an RIR. After all, ARIN's requirement for an > end-user IPv6 block is, at mini

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On 2 Mar 2018, at 9:28 am, Owen DeLong wrote: > > >> On Mar 1, 2018, at 1:20 PM, Harald Koch wrote: >> >> On 1 March 2018 at 15:18, Owen DeLong > > wrote: >> Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly >> anyone >> uses ULA (the IPv6 anal

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

> On Mar 1, 2018, at 1:20 PM, Harald Koch wrote: > > On 1 March 2018 at 15:18, Owen DeLong > wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly anyone > uses ULA (the IPv6 analogue to RFC-1918). > > Wait. What's the objection to ULA? Is it

IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

On 1 March 2018 at 15:18, Owen DeLong wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly > anyone > uses ULA (the IPv6 analogue to RFC-1918). > Wait. What's the objection to ULA? Is it just that NAT is bad, or is there something new? -- Harald