On Jan 6, 2014, at 13:22 , Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 1/6/2014 1:08 PM, Owen DeLong wrote:
>
>> The port isn't particularly trusted, but it is allowed to send RAs
>> which are forwarded to the network by default. Obviously a sane
>> switch w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/6/2014 1:08 PM, Owen DeLong wrote:
> The port isn't particularly trusted, but it is allowed to send RAs
> which are forwarded to the network by default. Obviously a sane
> switch would allow this configuration to be changed. We're not
> talking
On Jan 6, 2014, at 12:57 , Ricky Beam wrote:
> On Sat, 04 Jan 2014 14:03:21 -0500, Owen DeLong wrote:
>> A router, yes. THE router, not unless the network is very stupidly put
>> together.
>
> Like every win7 and win8 machine on the planet? (IPv6 is installed and
> enabled by default. Few p
On Sat, 04 Jan 2014 14:03:21 -0500, Owen DeLong wrote:
A router, yes. THE router, not unless the network is very stupidly put
together.
Like every win7 and win8 machine on the planet? (IPv6 is installed and
enabled by default. Few places have IPv6 enabled on their LAN, so a single
RA wou
On Jan 6, 2014, at 10:37 , Doug Barton wrote:
> On 01/04/2014 05:42 AM, Baldur Norddahl wrote:
>> On Sat, Jan 4, 2014 at 2:12 AM, Doug Barton wrote:
>>
>>>
If you did add default route to DHCPv6, what is then supposed to happen to
the other routes, that the client might discover?
>>
On 01/04/2014 05:42 AM, Baldur Norddahl wrote:
On Sat, Jan 4, 2014 at 2:12 AM, Doug Barton wrote:
If you did add default route to DHCPv6, what is then supposed to happen to
the other routes, that the client might discover?
You would configure the client not to do RS, and to ignore any RAs
On Mon, 06 Jan 2014 09:44:32 -0600, Leo Bicknell said:
> "mandate" isn't the right description.
>
> http://tools.ietf.org/html/rfc6059
>
> There is a ~3 year old _proposed standard_ for the behavior you describe.
I'll make the case that if a "router" becomes unable to forward packets
because it h
On Jan 5, 2014, at 11:44 PM, valdis.kletni...@vt.edu wrote:
> If Joe Home User has a rogue device spewing RA's, he probably has a bigger
> problem than just not having RA Guard enabled. He either has a badly
> misconfigured router (and one that's disobeying the mandate to not RA
> if you don't h
On 4 January 2014 06:06, Ricky Beam wrote:
> It'll **NEVER** be a default because it breaks too many clueless people's
> networks. Just like, surprise, DHCP "guard" isn't on by default in any
> gear I'm aware of.
>
>
Spanning-tree portfast isn't on by default, and that breaks plenty of
clueless
On Sat, 04 Jan 2014 10:10:24 -0600, Leo Bicknell said:
> What happens when Joe Home User buys a new Linksys and wants to plug it in to
> get a firmware update before installing it? Are we really supposed to expect
> that every Joe Homeowner understands RA Guard and configures it for their home
>
> For IPv6, you can become a/the router for a segment with the origination of a
> single packet. Instantly. That’s something you can never do with DHCPv4.
>
A router, yes. THE router, not unless the network is very stupidly put together.
>> Well… Sure, 15 years after DHCP attacks first starte
On Jan 3, 2014, at 7:52 PM, Owen DeLong wrote:
> Well… Sure, 15 years after DHCP attacks first started being a serious
> problem… I doubt it will take anywhere near 15 years for RA guard on by
> default to be the norm in switches, etc.
I count over a dozen ethernet switches in my home that do
On Sat, Jan 4, 2014 at 2:12 AM, Doug Barton wrote:
>
>> If you did add default route to DHCPv6, what is then supposed to happen to
>> the other routes, that the client might discover?
>>
>
> You would configure the client not to do RS, and to ignore any RAs that it
> receives. Simple.
>
>
If you
On Fri, 03 Jan 2014 20:52:25 -0500, Owen DeLong wrote:
Not entirely true, actually… If you’re willing to work hard enough at
it, most hosts can be “encouraged” to renew early.
Short of commandline access, no there isn't. (crashing or otherwise
triggering a reboot, isn't a "renew"; that's a
> >> There is simply no good reason not to include default route in the
> configuration for DHCPv6, and it's long overdue.
> >
> > As I've said before, if we're going to bother doing it, we should just
include
> RIO options, but otherwise, I agree with you.
> >
Are DHCPv6 and/or NDP extendible for
What DHCP attacks?
Humor me... What DHCP "attacks"?
- ferg
On 1/3/2014 5:52 PM, Owen DeLong wrote:
On Jan 3, 2014, at 12:40 AM, Doug Barton wrote:
On 01/02/2014 10:30 PM, TJ wrote:
I'd argue that while the timing may be different, RA and DHCP attacks
are largely the same and are simply
On Jan 3, 2014, at 12:40 AM, Doug Barton wrote:
> On 01/02/2014 10:30 PM, TJ wrote:
>> I'd argue that while the timing may be different, RA and DHCP attacks
>> are largely the same and are simply variations on a theme.
>
> Utter nonsense. The ability to nearly-instantly switch traffic for nearl
On 01/03/2014 04:01 AM, Baldur Norddahl wrote:
On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton wrote:
And you still haven't provided an argument about why the default route
should not be added to DHCPv6.
I was not arguing that it didn't. Just that the perceived problem is not
real.
Your opin
On Fri, Jan 3, 2014 at 4:09 PM, Leo Bicknell wrote:
> Rogue RA's can take down statically IPv6'ed boxes.
>
> Rogue DHCP servers will never affect a statically configured IPv4 box.
I believe that that would depend on whether your configuration
of a static IPv6 address on your box also disable
On Jan 3, 2014, at 12:30 AM, TJ wrote:
> I'd argue that while the timing may be different, RA and DHCP attacks are
> largely the same and are simply variations on a theme.
Rogue RA's can take down statically IPv6'ed boxes.
Rogue DHCP servers will never affect a statically configured IPv4 box.
On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton wrote:
> ... and yet most IPv4 networks are not "completely unprotected."
>
We are apparently talking about "completely unprotected" networks here.
Otherwise there is simply no problem. You would be filtering RA and many
other things, because that is
On Fri, Jan 03, 2014 at 12:40:42AM -0800, Doug Barton wrote:
> Further, by far the common case is for network gear to _already_ be
> configured to avoid permitting hosts to act as DHCP servers unless
> they are supposed to be. It's rare to even find a network device
> that has RA Guard capabilities
On 01/03/2014 01:15 AM, Baldur Norddahl wrote:
On Fri, Jan 3, 2014 at 9:40 AM, Doug Barton wrote:
On 01/02/2014 10:30 PM, TJ wrote:
I'd argue that while the timing may be different, RA and DHCP attacks
are largely the same and are simply variations on a theme.
Utter nonsense. The ability
On Fri, Jan 3, 2014 at 9:40 AM, Doug Barton wrote:
> On 01/02/2014 10:30 PM, TJ wrote:
>
>> I'd argue that while the timing may be different, RA and DHCP attacks
>> are largely the same and are simply variations on a theme.
>>
>
> Utter nonsense. The ability to nearly-instantly switch traffic for
On 01/02/2014 10:30 PM, TJ wrote:
I'd argue that while the timing may be different, RA and DHCP attacks
are largely the same and are simply variations on a theme.
Utter nonsense. The ability to nearly-instantly switch traffic for
nearly-all nodes on the network is a very different thing than w
Hi,
On Thu, Jan 02, 2014 at 08:57:14PM -0800, Matthew Kaufman wrote:
> On 12/30/2013 4:56 PM, Owen DeLong wrote:
> > You can accomplish the same thing in IPv4?.
> >
> >
> > Plug in Sally?s PC with Internet Connection Sharing turned on and watch as
> > her
> > DHCP server takes over your network.
I'd argue that while the timing may be different, RA and DHCP attacks are
largely the same and are simply variations on a theme.
And, regardless of the protocol in question, represent attacks which should
be defended against.
As is often (always?) the case, there are tradeoffs - and the pros and
On 12/30/2013 4:56 PM, Owen DeLong wrote:
You can accomplish the same thing in IPv4….
Plug in Sally’s PC with Internet Connection Sharing turned on and watch as her
DHCP server takes over your network.
Not nearly as fast as bad RAs do (as others have pointed out).
Yes, you have to pay atte
>
> Please note that Ryan’s “manage their IPv6 systems” really means “run their
> business”. In many organizations the routing network is managed by a
> different group with different business goals and procedures than end
> systems. Allowing flexibility for this, if it is not overwhelmingly
On Dec 31, 2013, at 12:11 PM, Ryan Harden wrote:
> On Dec 31, 2013, at 1:10 AM, Timothy Morizot wrote:
>
>> I've been in the process of rolling out IPv6 (again this night) across a
>> very large, highly conservative, and very bureaucratic enterprise. (Roughly
>> 100K employees. More than 600 di
On Dec 31, 2013, at 2:16 PM, Tony Hain wrote:
> Ryan Harden wrote:
> ...
>>
>> IMO, being able to hand out gateway information based on $criteria via
>> DHCPv6 is a logical feature to ask for. Anyone asking for that isn't
> trying to tell
>> you that RA is broken, that you're doing things wrong
Ryan Harden wrote:
...
>
> IMO, being able to hand out gateway information based on $criteria via
> DHCPv6 is a logical feature to ask for. Anyone asking for that isn't
trying to tell
> you that RA is broken, that you're doing things wrong, or that their way
of
> thinking is more important that yo
On Dec 31, 2013, at 12:36 PM, Tony Hain wrote:
> likely pointless. Do you really believe that dhcp messages picked up by the
> rogue router wouldn't end up answering with the wrong values and breaking
> both IPv4 & IPv6? Next, do you really believe that DHCP Guard for an IPv4
> aware switch will
nough consistent
scenarios to get an RI option passed.
Tony
> -Original Message-
> From: Leo Bicknell [mailto:bickn...@ufp.org]
> Sent: Monday, December 30, 2013 3:25 PM
> To: Lee Howard
> Cc: Jamie Bowden; North American Network Operators' Group
> Subject: Re: turning on com
On Dec 31, 2013, at 1:10 AM, Timothy Morizot wrote:
> I've been in the process of rolling out IPv6 (again this night) across a
> very large, highly conservative, and very bureaucratic enterprise. (Roughly
> 100K employees. More than 600 distinct site. Yada. Yada.) I've had no
> issues whatsoever
> Now, boss man comes in and has a new office opening up. Go grab the r1 box
> out of the closet, you need to upgrade the code and reconfigure it. Cable
> it up to your PC with a serial port, open some some sort of terminal program
> so you can catch the boot and password recover it. Plug it's e
On Tue, Dec 31, 2013 at 12:24 AM, Leo Bicknell wrote:
> Here's what you will soon find:
>
> 1) The IPv6 pings on both machines cease to work.
>
That will not actually happen. An IPv6 router is only allowed to announce a
prefix by RA if it has a working uplink.
Nonetheless you are required to se
The reason RIP isn't used to hand out routes is not based on age, or
protocol design. It's based on the fact that we don't want host segment
routes (usually only default) to be announcement based, because that leads
to problems and uncomfortable meetings with VPs. DHCP will happily give out
a corre
I've been in the process of rolling out IPv6 (again this night) across a
very large, highly conservative, and very bureaucratic enterprise. (Roughly
100K employees. More than 600 distinct site. Yada. Yada.) I've had no
issues whatsoever implementing the IPv6 RA+DHCPv6 model alongside the IPv4
model
On Dec 30, 2013, at 9:29 PM, Victor Kuarsingh wrote:
> I think a new initiative to revive this concept will need to address the
> [negative] points from those previous experiences and contrast them to the
> operational benefits of having it available. I am willing to help out
> here, but we need
Leo,
On Mon, Dec 30, 2013 at 6:24 PM, Leo Bicknell wrote:
>
> On Dec 30, 2013, at 2:49 PM, Lee Howard wrote:
>
> > I'm not really an advocate for or against DHCP or RAs. I really just
> want
> > to understand what feature is missing.
>
> I encourage you to try this simple experiment in your l
On Mon, Dec 30, 2013 at 6:31 PM, Leo Bicknell wrote:
>
> On Dec 30, 2013, at 4:37 PM, Victor Kuarsingh wrote:
>
> > On Mon, Dec 30, 2013 at 3:49 PM, Lee Howard wrote:
> >>> The better question is are you using RIP or ICMP to set gateways in
> your
> >>> network now?
> >>
> >> I disagree that th
On 12/30/2013 8:16 PM, Leo Bicknell wrote:
> There's a reason why there's huge efforts to put RA guard in switches, and do
> cryptographic RA's.
These are two admissions that the status quo does not work for many
folks, but for some reason these two solutions get pushed over a simple
DHCP router a
On Dec 30, 2013, at 6:56 PM, Owen DeLong wrote:
> You can accomplish the same thing in IPv4….
>
> Plug in Sally’s PC with Internet Connection Sharing turned on and watch as her
> DHCP server takes over your network.
No, the failure mode is still different.
With IPv6 RA's, the rouge router bre
On Dec 30, 2013, at 7:51 PM, Owen DeLong wrote:
> I have yet to see a use case from enterprise that actually requires RIO or
> default route in DHCPv6, and I have seen many many use cases.
>
> Most of them are, actually, better solved through education, so I tend to
> focus my efforts in that
You can accomplish the same thing in IPv4….
Plug in Sally’s PC with Internet Connection Sharing turned on and watch as her
DHCP server takes over your network.
Yes, you have to pay attention when you plug in a router just like you’d have
to pay attention if you plugged in a DHCP server you were
> What the enterprise folks need is IPv6 champions, like yourself, like Lee, to
> user stand their use case that even if you don't end up deploying it on your
> own network you will show up at the IETF, or at least participate on the IETF
> mailing lists and help them get what they need, so IPv6
On Dec 30, 2013, at 4:37 PM, Victor Kuarsingh wrote:
> On Mon, Dec 30, 2013 at 3:49 PM, Lee Howard wrote:
>>> The better question is are you using RIP or ICMP to set gateways in your
>>> network now?
>>
>> I disagree that that's a better question.
>> I'm not using RIP because my hosts don't su
On Dec 30, 2013, at 2:49 PM, Lee Howard wrote:
> I'm not really an advocate for or against DHCP or RAs. I really just want
> to understand what feature is missing.
I encourage you to try this simple experiment in your lab, because this
happens all day long on corporate networks around the worl
On Dec 30, 2013, at 3:43 PM, Owen DeLong wrote:
> The current situation isn’t attributable to “the current IPv6 crowd” (whoever
> that is), it’s the current IETF consensus position. Changing that IETF
> consensus position is a matter of going through the IETF process and getting
> a new conse
Lee Howard , Jamie Bowden ,
> "nanog@nanog.org"
> Subject: Re: turning on comcast v6
>
> > The better question is are you using RIP or ICMP to set gateways in your
> > network now?
>
> I disagree that that's a better question.
> I'm not using RIP because
On Dec 30, 2013, at 10:04 AM, Ryan Harden wrote:
> On Dec 24, 2013, at 8:15 AM, Lee Howard wrote:
>
>>> default route information via DHCPv6. That's what I'm still waiting for.
>>
>> Why?
>> You say, "The protocol suite doesn't meet my needs; I need default gateway
>> in DHCPv6." So the IET
On Dec 30, 2013, at 8:19 AM, Leo Bicknell wrote:
>
> On Dec 24, 2013, at 8:15 AM, Lee Howard wrote:
>
>> Why?
>> You say, "The protocol suite doesn't meet my needs; I need default gateway
>> in DHCPv6." So the IETF WG must change for you to deploy IPv6. Why?
>
> Why must the people who wan
I'm not really an advocate for or against DHCP or RAs. I really just want
to understand what feature is missing.
From: Blake Dunlap
Date: Monday, December 30, 2013 3:19 PM
To: Ryan Harden
Cc: Lee Howard , Jamie Bowden ,
"nanog@nanog.org"
Subject: Re: turning on comcast v
On 12/30/13 2:20 PM, "Ryan Harden" wrote:
>On Dec 30, 2013, at 12:58 PM, Lee Howard wrote:
>
>>>
>>>
>>> 'Rewrite all of your tools and change your long standing business
>>> practices¹ is a very large barrier to entry to IPv6. If adding gateway
>>>as
>>> an optional field will help people g
The better question is are you using RIP or ICMP to set gateways in your
network now?
If you don't use those now, why is RA a better solution in ipv6?
-Blake
On Mon, Dec 30, 2013 at 1:20 PM, Ryan Harden wrote:
> On Dec 30, 2013, at 12:58 PM, Lee Howard wrote:
>
> >>
> >>
> >> 'Rewrite all of
On Dec 30, 2013, at 12:58 PM, Lee Howard wrote:
>>
>>
>> 'Rewrite all of your tools and change your long standing business
>> practices¹ is a very large barrier to entry to IPv6. If adding gateway as
>> an optional field will help people get over that barrier, why not add it?
>> Sure it doesn¹t
On 12/30/13 1:04 PM, "Ryan Harden" wrote:
>On Dec 24, 2013, at 8:15 AM, Lee Howard wrote:
>
>>> default route information via DHCPv6. That's what I'm still waiting
>>>for.
>>
>> Why?
>> You say, "The protocol suite doesn't meet my needs; I need default
>>gateway
>> in DHCPv6." So the IETF W
On 12/30/13 11:19 AM, "Leo Bicknell" wrote:
>
>On Dec 24, 2013, at 8:15 AM, Lee Howard wrote:
>
>> Why?
>> You say, "The protocol suite doesn't meet my needs; I need default
>>gateway
>> in DHCPv6." So the IETF WG must change for you to deploy IPv6. Why?
>
>Why must the people who want it ju
On Dec 24, 2013, at 8:15 AM, Lee Howard wrote:
>> default route information via DHCPv6. That's what I'm still waiting for.
>
> Why?
> You say, "The protocol suite doesn't meet my needs; I need default gateway
> in DHCPv6." So the IETF WG must change for you to deploy IPv6. Why?
>
> Lee
Ther
On Tue, 24 Dec 2013, Lee Howard wrote:
I used to run an enterprise network. It was very different from an ISP
network. I didn't say, "You're wrong!" I said, "What's missing?"
default route information via DHCPv6. That's what I'm still waiting for.
Why?
You say, "The protocol suite doesn't m
> You say, "The protocol suite doesn't meet my needs; I need default
> gateway in DHCPv6." So the IETF WG must change for you to deploy
> IPv6. Why?
this is actually a non-trivial barrier to enterprise deployment and the
ietf has been in stubborn denial for years. when an it department has
been
On Dec 24, 2013, at 8:15 AM, Lee Howard wrote:
> Why?
> You say, "The protocol suite doesn't meet my needs; I need default gateway
> in DHCPv6." So the IETF WG must change for you to deploy IPv6. Why?
Why must the people who want it justify to _you_?
This is fundamental part I've not gotten
From: Matthew Petach
Date: Saturday, December 21, 2013 10:55 PM
To: Lee Howard
Cc: Jamie Bowden , Owen DeLong ,
"m...@kenweb.org" , "nanog@nanog.org"
>>
>> So there's an interesting question. You suggest there's a disagreement
>> between enterprise network operators and protocol designer
On Fri, Dec 20, 2013 at 5:25 AM, Lee Howard wrote:
>
>
> On 12/20/13 8:07 AM, "Jamie Bowden" wrote:
>
> >
> >
> >> "Parity" isn't enough information; what features are missing? RA is
> >>part
> >> of IPv6, but you don't have to use SLAAC.
> >> I'd say it's the DHC people who need to hear it, no
On Dec 20, 2013, at 14:44 , Eric Oosting wrote:
>
> On Fri, Dec 20, 2013 at 5:16 PM, Matthew Huff wrote:
> Owen,
>
> Have you ever worked in a corporate environment? Replacing equipment can be a
> 5-7 year window and has to be justified and budgeted. Replacing a piece of
> equipment because
On Fri, Dec 20, 2013 at 5:16 PM, Matthew Huff wrote:
> Owen,
>
> Have you ever worked in a corporate environment? Replacing equipment can
> be a 5-7 year window and has to be justified and budgeted. Replacing a
> piece of equipment because it's an incomplete IPv6 implementation (which
> has chang
On Dec 20, 2013, at 14:16 , Matthew Huff wrote:
> Owen,
>
> Have you ever worked in a corporate environment? Replacing equipment can be a
> 5-7 year window and has to be justified and budgeted. Replacing a piece of
> equipment because it's an incomplete IPv6 implementation (which has changed
On Dec 20, 2013, at 14:27 , Matthew Huff wrote:
> You can request a fully working IPv6 implementation, but it's not going to
> stop a purchasing if it doesn't. If you are deciding between two vendors and
> one is better/cheaper and doesn't have IPv6 and you choose the other, it's
> likely you
You can request a fully working IPv6 implementation, but it's not going to stop
a purchasing if it doesn't. If you are deciding between two vendors and one is
better/cheaper and doesn't have IPv6 and you choose the other, it's likely you
will be looking for another job. There is no strong justif
Owen,
Have you ever worked in a corporate environment? Replacing equipment can be a
5-7 year window and has to be justified and budgeted. Replacing a piece of
equipment because it's an incomplete IPv6 implementation (which has changed
considerably as it has been deployed), isn't feasible. Ther
In message
,
Christopher Morrow writes:
> >
> > Not all devices have working IPv6 stacks. OK, they're broken, complain
> > to the vendor and get them to fix their product or buy a working product
> > from a different vendor.
> >
>
> I don't know that this is a practical option... for say some sy
>
> Not all devices have working IPv6 stacks. OK, they’re broken, complain to the
> vendor and get them to fix their product or buy a working product from a
> different vendor.
>
I don't know that this is a practical option... for say some systems I
know that don't do v6 properly or at all, and
On Fri, 20 Dec 2013 15:50:12 -0500, Matthew Huff said:
> There is a lot of cruft out there in the enterprise
> world that claims IPv6 compatibility, but in the real world doesn't work
> consistently. Almost all can be made to work, but require custom
> configuration.
The exact same
On Dec 20, 2013, at 12:50 PM, Matthew Huff wrote:
>
> On Dec 20, 2013, at 3:23 PM, Owen DeLong wrote:
>
>>
>> On Dec 20, 2013, at 6:29 AM, Matthew Huff wrote:
>>
>>> With RA, what is the smallest interval failover will work? Compare that
>>> with NHRP such as HSRP, VRRP, etc with sub-seco
On Dec 20, 2013, at 3:23 PM, Owen DeLong wrote:
>
> On Dec 20, 2013, at 6:29 AM, Matthew Huff wrote:
>
>> With RA, what is the smallest interval failover will work? Compare that with
>> NHRP such as HSRP, VRRP, etc with sub-second failover.
>
> RA and VRRP are not mutually exclusive. What y
On Fri, 20 Dec 2013 15:16:57 -0500, Doug Barton
wrote:
On 12/20/2013 05:25 AM, Lee Howard wrote:
So there's an interesting question. You suggest there's a disagreement
between enterprise network operators and protocol designers. Who should
change?
Rather obviously the protocol designers,
rchase, NY 10577
> OTA Management LLC | Phone: 914-460-4039
>
>> -Original Message-
>> From: Lee Howard [mailto:l...@asgard.org]
>> Sent: Friday, December 20, 2013 8:25 AM
>> To: Jamie Bowden; Owen DeLong; m...@kenweb.org
>> Cc: North Am
On 12/20/2013 05:25 AM, Lee Howard wrote:
So there's an interesting question. You suggest there's a disagreement
between enterprise network operators and protocol designers. Who should
change?
Rather obviously the protocol designers, since they are clearly out of
touch with real-world require
On Fri, Dec 20, 2013 at 11:56 AM, wrote:
> On Fri, 20 Dec 2013 12:36:38 +, Jamie Bowden said:
>> How many times do the IPv6 people have to hear that until DHCPv6 reaches
>> feature parity with DCHPv4, IPv6 is dead to enterprise networks?
>
> How many times do the IPv4 people have to hear that
On Fri, 20 Dec 2013 12:36:38 +, Jamie Bowden said:
> How many times do the IPv6 people have to hear that until DHCPv6 reaches
> feature parity with DCHPv4, IPv6 is dead to enterprise networks?
How many times do the IPv4 people have to hear that many sites are running
IPv6 on enterprise network
Thus spake Jamie Bowden (ja...@photon.com) on Fri, Dec 20, 2013 at 01:07:27PM
+:
> > From: Lee Howard [mailto:l...@asgard.org]
> > On 12/20/13 7:36 AM, "Jamie Bowden" wrote:
> > >> From: Owen DeLong [mailto:o...@delong.com]
>
>
> > >> I'm almost afraid to ask about the phrase "add-default-r
ilto:l...@asgard.org]
> Sent: Friday, December 20, 2013 8:25 AM
> To: Jamie Bowden; Owen DeLong; m...@kenweb.org
> Cc: North American Network Operators' Group
> Subject: Re: turning on comcast v6
>
>
>
> On 12/20/13 8:07 AM, "Jamie Bowden" wrote:
>
>
On 12/20/13 8:07 AM, "Jamie Bowden" wrote:
>
>
>> "Parity" isn't enough information; what features are missing? RA is
>>part
>> of IPv6, but you don't have to use SLAAC.
>> I'd say it's the DHC people who need to hear it, not the IPv6 people,
>>but
>> YMMV.
>
>I have a question. Why does DHCP
> From: Lee Howard [mailto:l...@asgard.org]
> On 12/20/13 7:36 AM, "Jamie Bowden" wrote:
> >> From: Owen DeLong [mailto:o...@delong.com]
> >> I'm almost afraid to ask about the phrase "add-default-route=yes" in the
> >> dhcp-client configuration. That seems wrong on the face of it since you
> >>
On 12/20/2013 12:30 AM, Owen DeLong wrote:
>> I'd like to encourage people to use prefix-hint=::/48.
>>
>> The router should accept the /60 and deal with it, but it's better to have
>> Comcast's logs show that you requested a proper full-size prefix.
>>
>> I'm almost afraid to ask about the phras
On 12/20/13 7:36 AM, "Jamie Bowden" wrote:
>> From: Owen DeLong [mailto:o...@delong.com]
>
>> I'm almost afraid to ask about the phrase "add-default-route=yes" in the
>> dhcp-client configuration. That seems wrong on the face of it since you
>> should be getting your routing information from RA
> From: Owen DeLong [mailto:o...@delong.com]
> I'm almost afraid to ask about the phrase "add-default-route=yes" in the
> dhcp-client configuration. That seems wrong on the face of it since you
> should be getting your routing information from RA and not DHCP.
No, no, no, a thousand times no. I'
On Fri, Dec 20, 2013 at 5:42 AM, Christopher Morrow
wrote:
> On Fri, Dec 20, 2013 at 12:30 AM, Owen DeLong wrote:
>> I'd like to encourage people to use prefix-hint=::/48.
...
> I think if I ask (via wide-dhcpv6-server) for more than is going to be
> sent I don't get anything configured at a
On Fri, Dec 20, 2013 at 12:30 AM, Owen DeLong wrote:
>>
>> FYI - DHCP-PD is now working better in RouterOS 6.5
>>
>> Prefix length hints are now available (CLI) only.
>>
>> /ipv6 dhcp-client add add-default-route=yes interface=
>> pool-name=dhcp-pd \
>> prefix-hint=::/60
>>
>
> I'd like to encoura
>
> FYI - DHCP-PD is now working better in RouterOS 6.5
>
> Prefix length hints are now available (CLI) only.
>
> /ipv6 dhcp-client add add-default-route=yes interface=
> pool-name=dhcp-pd \
> prefix-hint=::/60
>
I'd like to encourage people to use prefix-hint=::/48.
The router should accept
> In the case of Comcast (and anecdotally ISC DHCP) - You'll either need
> to wait out the the lease time (4 days) or ask Comcast to nicely clear
> out your /64 lease manually. Release/renew doesn't release your current
> DHCP lease. I was getting A /64 and /60 (/64 had a preference of 255)
> bef
On 12/11/2013 10:23 PM, Rob Seastrom wrote:
> Eric Oosting writes:
>
>> It brings a tear to my eye that it takes:
>>
>> 0) A long standing and well informed internet technologist;
>> 1) specific, and potentially high end, CPE for the res;
>> 2) specific and custom firmware, unsupported by CPE manu
I did an OK job of getting my Linksys E2100L working with Comcast v6 on
OpenWRT. It is not officially supported on this platform per se, but a
simple hack of the source for WRT160NL allows it to be built.
Since I was already rolling my own firmware, I checked the box for 'ipv6'
and got the attache
Ok, so... with a little messing around with the raspberry-pi + tp-link +
wide-dhcpv6 client.. success!
more at: http://goo.gl/jnrY7s
On Fri Dec 13 2013 at 3:57:49 PM, Bill Weiss
wrote:
> Kinkaid, Kyle(kkink...@usgs.gov)@Wed, Dec 11, 2013 at 11:46:56AM -0800:
> > On Wed, Dec 11, 2013 at 11:18 AM
Kinkaid, Kyle(kkink...@usgs.gov)@Wed, Dec 11, 2013 at 11:46:56AM -0800:
> On Wed, Dec 11, 2013 at 11:18 AM, Owen DeLong wrote:
>
> > It doesn’t. You can get IPv6 working with off-the-shelf equipment if you
> > choose to.
> >
> > Randy chose to use that particular hardware and software combination
>> "They are a bit quirky but generally they work fairly well when configured
>> and left alone."
> That describes most every router ever made :)
except those which burst into flame
except those which ...
On Thu, Dec 12, 2013 at 7:55 AM, Ryan Wilkins wrote:
>
> "They are a bit quirky but generally they work fairly well when configured
> and left alone."
>
That describes most every router ever made :)
-Steve
> On Dec 11, 2013, at 10:23 PM, Rob Seastrom wrote:
>
> Pretty much works out of the box on Mikrotik RouterOS if you are
> secure enough in your geek cred to admit to running such stuff here in
> this august forum.
>
> -r
>
I run a few at home and even in an access role at an ISP I work for.
Eric Oosting writes:
> It brings a tear to my eye that it takes:
>
> 0) A long standing and well informed internet technologist;
> 1) specific, and potentially high end, CPE for the res;
> 2) specific and custom firmware, unsupported by CPE manufacturer ... or
> anyone;
> 3) hand installing seve
1 - 100 of 148 matches
Mail list logo
