On 7/02/2009, at 8:45 PM, Mikael Abrahamsson wrote:
So, what is the security problem with IPv6 in an IPv4 network? Well,
imagine an IPv4 network where security is done via ARP inspection,
DHCP snooping and L3 ACLs. Now, insert rogue customer who announces
itself via RA/DHCPv6 and says it's
Re Charles,
this is all about control, so you don't lose connectivity in case something
outside your control fails.
The best idea so far is the ebgp-multihop idea with your ISP's transit
provider. This means speaking BGP to them yourself and taking care that
the traffic takes the intended path, t
On Feb 7, 2009, at 2:09 AM, Nathan Ward wrote:
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of
the earth's surf
> > I suppose you can individually configure every host to get itself
> > temporary addresses from RA announcements. This isn't usually a
> > good default configuration, but OS implementation already seems to
> > be inconsistent on the default configuration here. So we're back to
> > the IPv4 dar
On Sat, 7 Feb 2009, sth...@nethelp.no wrote:
This does not seem to be generally true:
- For the routers I am most familiar with (Juniper M/MX), you need to
explicitly turn on router advertisement to make the router perform this.
I.e. it is perfectly possible to have an interface with an IPv6 ad
For the folks asking what island.
http://en.wikipedia.org/wiki/Magdalen_Islands
http://www.panoramio.com/user/45210
We are hiring if someone is interested :)
It's not like the Bahamas. I wish it was. It's alot colder here.
I've talked to ISP1 yesterday and they will let me know what they can
do.
>Five things? Really? My DHCP server hands out the following things to its
>clients:
>
>Default Route
>DNS Servers
>Log host
>Domain Name (or, our case, the sub-domain for the office) NIS Domain NIS
>Servers NTP Server WINS Servers SMTP Server POP Server NNTP Server Domain
>suffix search orders.
>as I've said a few times now, reason #775 that autoconf is a broken and
non-
>useful 'gadget' for network operators. There is a system today that does
>lots of client-conf (including the simple default-route +
>dns-server) called DHCP, there MUST be a similarly featured system in the
>'new world o
>What most people do of course is VRRP.
Sure, or HSRP or GLBP ... all still doable.
>
>Barring that, you just specify multiple default routers, and the client
will
>select the router that still responds to ARP. But support for this is not
>universal, so.
Indeed, not universal and in fact defau
IMHO, off the top of my head, on a weekend where I haven't had enough coffee
yet:
3. Anycasted DNS Providers? Not sure how they could fix it, other than
flag certain domains as special, and do something special for them,
but man that smells like a hack.
Anycast is a good thin
If you didn't see it in last thread,
http://geekmerc.livejournal.com/699.html may provide some information
for you, but I can tell from your concerns that your current choice of
edge layouts is different than mine. As such, more below.
Mikael Abrahamsson wrote:
Now, take for instance the resid
Michael,
>From my work in access networks they are:
IPv6 native support for:
Routed Access - Ethernet or Wireless, global prefix under the main or dot1Q isl
encapsulated sub-interfaces.
For DSL and ATM PVCs routed RFC 2684 encapsulation with a different IPv6 prefix
for each one of the PVCs.
On Sat, 7 Feb 2009, John Lee wrote:
My IPv4 only deployment in 2001 used DSLAMs that had limited number of
active CPEs and DS3/T3 upstreams to the network. We used front end
Fore/Marconi ATM switches in front of Redback aggregation switches
connecting to Cisco 6509s and then GSR 12012s as the
On Sat, Feb 07, 2009 at 07:51:36PM +1300, Nathan Ward wrote:
> I'm not sure, but you seem to be implying that you need to configure hosts
> to tell them to use RA or DHCPv6 to get addresses. My apologies if this is
> not your intention.
Close, but it is worth clearing up.
> RA messages are alwa
Yes it was definitely last century. With your 30 USD per port and no tunnels
poses some interesting challenges. Customer CPE tunnel access was the main
method discussed in the different v6 meetings I attended. I appreciate you
bringing up this set of requirements since it needs to be addressed f
Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even "security" folks at
major corporations, think a NAT box is a firewall and disabling NAT
is inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently fail-clos
>But I don't see how you could route some
>/48s without having software to route all /48s and that is hugemongous.
As currently spec'ed, you [would|should|could] allow /48s from the specific
PI ranges (1/RIR?) - not just auto-accept all /48s.
/TJ
>It would be nice if DHCPv6 (or DHCPv4 for that matter) could include not
only a default, but, a static routing table in what it distributes.
In theory, RAs can - "more specific routes", although I don't believe any
vendor (router or client side) supports these as of yet ...
(Default Router Prefe
On Fri, 6 Feb 2009, Jason Biel wrote:
As I mentioned earlier, you'll want to have one provider announce the /22
unweighted and the other announce it weighted. Just pick the better of the
two providers as the primary. Don't base it soley off bandwidth, but check
your SLA and any recent outage o
On Fri, Feb 6, 2009 at 7:12 PM, Matthew Moyle-Croft
wrote:
> Jack Bates wrote:
> > Dynamic or static; how does this alter the state of the routing table?...
> Dynamic assigned addresses mean that the BRAS the customer terminates on can
> hand out a range out of a pool assigned to it. This means
Bill Stewart wrote:
That's not because it's doing dynamic address assignment - it's
because you're only advertising the aggregate route from the
BRAS/DSLAM/etc., and you can just as well do the same thing if you're
using static addresses.
Customers can land on one of a fleet of large BRAS ac
Dear list,
Since IPv4 exhaustion is an increasingly serious and timely topic
lately, I would like to point out something that interests me, and maybe
everyone else who will be spending a lot on Tylenol and booze when we
really do run out of v4 IPs.
I have trouble understanding why an ARIN record
Whatever happened to NAT?
Jeff
On Sat, Feb 7, 2009 at 9:24 PM, Jeff S Wheeler wrote:
> Dear list,
>
> Since IPv4 exhaustion is an increasingly serious and timely topic
> lately, I would like to point out something that interests me, and maybe
> everyone else who will be spending a lot on Tylenol
Any cell phone that uses data service to download a ringtone, wallpaper,
picature, use their TV/radio webcast service, or their walkie talkie feature
will use an IP address.
In addition to that Verizon wireless sells their EVDO aircards for laptops.
Given the size of their customer base it is not
On Sat, Feb 7, 2009 at 9:24 PM, Jeff S Wheeler wrote:
> Dear list,
>
> Since IPv4 exhaustion is an increasingly serious and timely topic
> lately, I would like to point out something that interests me, and maybe
> everyone else who will be spending a lot on Tylenol and booze when we
> really do r
On Wednesday 04 February 2009 09:51:16 am Nathan Ward wrote:
> You get the same with OSPF - you run OSPFv2 and OSPFv3 in
> parallel.
Suffice it to say that some vendors are already implementing
'draft-ietf-ospf-af-alt-06.txt', which allows OSPFv3 to
handle multiple address families, including I
On Wednesday 04 February 2009 10:10:02 am Steve Bertrand
wrote:
> I'm not ready for MPLS (but I am interested in the theory
> of it's purpose), so when I'm done what I'm doing now,
> I'll look at it.
Well, having a v6 core will prevent from you running MPLS,
as a v6 control plane for MPLS is no
27 matches
Mail list logo
