On Jun 14, 2011, at 2:42 PM, Seth Mos wrote:
>
> Op 14 jun 2011, om 19:04 heeft Ray Soucy het volgende geschreven:
>
>> My guess is within the next year we'll see something pop up that does this.
>
> Ehm, It's already here, you searched google right?
>
> I finished it 4 months ago. And a numb
On Jun 14, 2011, at 2:57 PM, Scott Helms wrote:
>
>> Yes... The key word there is perception. The question is whether it makes
>> more sense to put effort into correcting mis-perceptions or to put the effort
>> into providing workarounds which provide a sub-par networking experience
>> to the en
On Jun 14, 2011, at 11:00 AM, Ray Soucy wrote:
> I think that's a market problem rather than a routing problem. In the
> long term, If we had separation of L2 and L3 service providers there
> would be very, very few who need L3 redundancy; and that amount would
> be fine using BGP.
>
ROFLMAO...
Yes... The key word there is perception. The question is whether it makes
more sense to put effort into correcting mis-perceptions or to put the effort
into providing workarounds which provide a sub-par networking experience
to the end user.
IMNSHO, it is better to put effort into education. I'
On Jun 14, 2011, at 10:52 AM, Ray Soucy wrote:
> It's a security and operational issue.
>
> The perception is that it's easier to monitor, manage, and filter one
> address per host instead of 3. For most in the enterprise world it's
> a non-starter to have that setup; even if that perception is
Op 14 jun 2011, om 19:04 heeft Ray Soucy het volgende geschreven:
> My guess is within the next year we'll see something pop up that does this.
Ehm, It's already here, you searched google right?
I finished it 4 months ago. And a number of commercial platforms already
support it. Although Owen
On Jun 14, 2011, at 10:38 AM, valdis.kletni...@vt.edu wrote:
> On Tue, 14 Jun 2011 13:04:11 EDT, Ray Soucy said:
>
>> A better solution; and the one I think that will be adopted in the
>> long term as soon as vendors come into the fold, is to swap out
>> RFC1918 with ULA addressing, and swap out
I think that's a market problem rather than a routing problem. In the
long term, If we had separation of L2 and L3 service providers there
would be very, very few who need L3 redundancy; and that amount would
be fine using BGP.
Metro Ethernet services are making it a bit easier to accomplish this
On Jun 14, 2011, at 10:28 AM, William Herrin wrote:
> On Tue, Jun 14, 2011 at 1:04 PM, Ray Soucy wrote:
>> I think in the long term telling everyone to jump into the BGP table
>> is not sustainable; and not operationally consistent with the majority
>> of SMB networks.
>>
>> A better solution;
It's a security and operational issue.
The perception is that it's easier to monitor, manage, and filter one
address per host instead of 3. For most in the enterprise world it's
a non-starter to have that setup; even if that perception is a false
one.
Not sure I have the energy to re-hash the ti
Actually, a vastly inferior solution, but, it does have the attraction of
being able to continue to ignore the need for scalable routing for several
more years.
In reality, we need to solve the scalable routing problem at some point
and having everyone jump into the IPv6 BGP world for multihoming
> Why do people insist on creating solutions where each host has
> exactly one IPv6
> address, instead of letting each host have *three* (in this case) - a
> ULA and
> two provider-prefixed addresses?
>
How does the upstream router control which address/path the client host use to
route?
-Rand
> Hi Ray,
>
> There's a nuance here you've missed.
>
> There are two main reasons for ULA inside the network:
>
> 1. Address stability (simplifies network management)
> 2. Source obfuscation (improves the depth of the security plan)
>
> Option 1: Obfuscation desired.
>
> ULA inside. NAT/PAT a
On Tue, 14 Jun 2011 13:04:11 EDT, Ray Soucy said:
> A better solution; and the one I think that will be adopted in the
> long term as soon as vendors come into the fold, is to swap out
> RFC1918 with ULA addressing, and swap out PAT with NPT; then use
> policy routing to handle load balancing and
I try to avoid the Obfuscation argument when I can.
I've seen people try to be smart by telling Law Enforcement that they
don't keep logs and can't point to which host was a problem behind a
NAT box, only to see Law Enforcement take all the PCs instead of the
one in question. So it's always made
On Tue, Jun 14, 2011 at 1:04 PM, Ray Soucy wrote:
> I think in the long term telling everyone to jump into the BGP table
> is not sustainable; and not operationally consistent with the majority
> of SMB networks.
>
> A better solution; and the one I think that will be adopted in the
> long term as
Today you're probably correct. If you want to have more than one
provider reliably you pretty much need to be doing BGP; or have some
sort of primary-backup setup to fail over from one to the other; or
give each host a global address from each provider (really not
desirable in the majority of netw
On Jun 13, 2011, at 9:28 PM, William Herrin wrote:
> On Mon, Jun 13, 2011 at 8:48 PM, Owen DeLong wrote:
>> The vastly better option is to obtain a prefix and ASN from ARIN and merely
>> trade BGP with your
>> upstream providers.
>
> My "(cheap) cable modem for general browsing" provider would
On Mon, Jun 13, 2011 at 8:48 PM, Owen DeLong wrote:
> The vastly better option is to obtain a prefix and ASN from ARIN and merely
> trade BGP with your
> upstream providers.
My "(cheap) cable modem for general browsing" provider wouldn't even
delegate RDNS; they'd only put PTRs in *their* server
On Mon, Jun 13, 2011 at 6:59 PM, Randy Carpenter wrote:
This is precisely what we are doing on the main network. We just want to
> keep the general browsing traffic separated.
>
If you're worried about browsing traffic and not worried about occasional
other things slipping through, set up Squid
- Original Message -
> The vastly better option is to obtain a prefix and ASN from ARIN and
> merely trade BGP with your
> upstream providers.
This is precisely what we are doing on the main network. We just want to keep
the general browsing traffic separated.
> Prefix translation comes
The vastly better option is to obtain a prefix and ASN from ARIN and merely
trade BGP with your
upstream providers.
Prefix translation comes with all the same disabilities that are present when
you do this in IPv4.
In IPv4, everyone's software expects you to have a broken network (NAT) and
the
Prefix translation looks to be exactly what we need to do here. Thanks for all
of the replies.
-Randy
On Jun 12, 2011, at 2:42, Seth Mos wrote:
>
> Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven:
>
>>
>> I have an interesting situation at a business that I am workin
Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven:
>
> I have an interesting situation at a business that I am working on. We
> currently have the office set up with redundant connections for their mission
> critical servers and such, and also have a (cheap) cable modem fo
For a fuller discussion of this scenario, you can read this draft:
http://wiki.tools.ietf.org/id/draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-00.txt
Frank
-Original Message-
From: Randy Carpenter [mailto:rcar...@network1.net]
Sent: Saturday, June 11, 2011 8:50 PM
To: nanog@nanog.org
> I guess I'm a little confused on the setup. You have a firewall with
> a
> connection to a local LAN, another connection to customer network(s),
> and
> a third connection to the Internet via cable modem?
>
> You have NAT setup to NAT your Local LAN out to the Internet and to
> the
> customer n
>> -Original Message-
>> From: Matthew Reath [mailto:m...@mattreath.com]
>> Sent: June-11-11 11:22 PM
>> To: Randy Carpenter
>> Cc: nanog@nanog.org
>> Subject: Re: Question about migrating to IPv6 with multiple upstreams.
>>
>> Standard IP
>> -Original Message-
>> From: Matthew Reath [mailto:m...@mattreath.com]
>> Sent: June-11-11 11:22 PM
>> To: Randy Carpenter
>> Cc: nanog@nanog.org
>> Subject: Re: Question about migrating to IPv6 with multiple upstreams.
>>
>> Standard IP
> -Original Message-
> From: Matthew Reath [mailto:m...@mattreath.com]
> Sent: June-11-11 11:22 PM
> To: Randy Carpenter
> Cc: nanog@nanog.org
> Subject: Re: Question about migrating to IPv6 with multiple upstreams.
>
> Standard IP routing, the default gateway o
>
> I have an interesting situation at a business that I am working on. We
> currently have the office set up with redundant connections for their
> mission critical servers and such, and also have a (cheap) cable modem for
> general browsing on client machines.
>
> The interesting part is that the
On Sat, Jun 11, 2011 at 6:50 PM, Randy Carpenter wrote:
> With IPv6, we are having some trouble coming up with a way to do this.
> Since there is no NAT, does anyone have any ideas as to how this could be
> accomplished?
>
Juniper, *BSD (including pfsense) and Linux all do NAT66 in some form or
o
> *LAUGH*
>
> really interesting and funny.
>
> my only idea is to have a 2nd ip and 2nd gateway at all "users"
> workstations with explicit routes. (scales very very well, perhaps
> run some routing
> protocol? ospf? :)
I've thought of that, but that is a management nightmare, particularly on
I have an interesting situation at a business that I am working on. We
currently have the office set up with redundant connections for their mission
critical servers and such, and also have a (cheap) cable modem for general
browsing on client machines.
The interesting part is that the client m
33 matches
Mail list logo
