From cdl at asgaard.org Mon Nov 1 01:52:23 2010 From: cdl at asgaard.org (Christopher LILJENSTOLPE) Date: Mon, 1 Nov 2010 17:52:23 +1100 Subject: Clarification from Pica8 (was Fwd: Mystery open source switching company claims top-of-rack price edge) References: <9786252079B042D8B4124863BD22185D@wovenrose> Message-ID: <5D70CC31-8EE6-47EE-9244-8F8075D80570@asgaard.org> I just talked to Lin Du (who I worked with when I was at Woven), who is the current CEO of Pica8. Don't know anything about the product, but this didn't seem like Lin's style. Turns out Fontaine GUILLAUME has registered pic8.org at gmail.com, has no relation to the company - and is trying to prove to them that he should be a reseller. Lin has told GUILLAUME to stop (not that that will do any good). Some e-mail fragments below. Chris Begin forwarded message: > From: "Lin Du" > Date: 01 November 2010 17.11.58 +1100 > To: "Christopher LILJENSTOLPE" > Subject: Re: Mystery open source switching company claims top-of-rack price edge > > Hi, Chris, > > Thanks for your reminding. > This guy wants to resell the Pronto products but without any partnership with us yet. > He even registered an email with my name as Pica8.org at gmail.com for posting. > > I sent another email to let him stop doing this anymore. I need to clarify NANOG for this. > Thanks, > > Lin > > > > From: Christopher LILJENSTOLPE > Sent: Monday, November 01, 2010 12:31 PM > To: Lin Du > Subject: Re: Mystery open source switching company claims top-of-rack price edge > > > NP. > > > Chris > > > On 01Nov2010, at 15.30, Lin Du wrote: > > > Chris, > > Many thanks. > > Guillaume, > Please stop using pica8 name in your posts, emails and any other public messages. We didn't grant you to do in this way. > You could be pica8 partner until you are legally qualified. > Thanks, > > Lin > Pica8 Technology Inc. > From mark at edgewire.sg Mon Nov 1 01:56:51 2010 From: mark at edgewire.sg (Mark) Date: Mon, 1 Nov 2010 14:56:51 +0800 Subject: Clarification from Pica8 (was Fwd: Mystery open source switching company claims top-of-rack price edge) In-Reply-To: <5D70CC31-8EE6-47EE-9244-8F8075D80570@asgaard.org> References: <9786252079B042D8B4124863BD22185D@wovenrose> <5D70CC31-8EE6-47EE-9244-8F8075D80570@asgaard.org> Message-ID: <3E929354-6019-4CA8-AB0F-D8DD566930EB@edgewire.sg> Oh good lord, when will that guy ever stop. On 01-Nov-2010, at 2:52 PM, Christopher LILJENSTOLPE wrote: > I just talked to Lin Du (who I worked with when I was at Woven), who is the current CEO of Pica8. Don't know anything about the product, but this didn't seem like Lin's style. Turns out Fontaine GUILLAUME has registered pic8.org at gmail.com, has no relation to the company - and is trying to prove to them that he should be a reseller. Lin has told GUILLAUME to stop (not that that will do any good). Some e-mail fragments below. > > Chris > > > Begin forwarded message: > >> From: "Lin Du" >> Date: 01 November 2010 17.11.58 +1100 >> To: "Christopher LILJENSTOLPE" >> Subject: Re: Mystery open source switching company claims top-of-rack price edge >> >> Hi, Chris, >> >> Thanks for your reminding. >> This guy wants to resell the Pronto products but without any partnership with us yet. >> He even registered an email with my name as Pica8.org at gmail.com for posting. >> >> I sent another email to let him stop doing this anymore. I need to clarify NANOG for this. >> Thanks, >> >> Lin >> >> >> >> From: Christopher LILJENSTOLPE >> Sent: Monday, November 01, 2010 12:31 PM >> To: Lin Du >> Subject: Re: Mystery open source switching company claims top-of-rack price edge >> >> >> NP. >> >> >> Chris >> >> >> On 01Nov2010, at 15.30, Lin Du wrote: >> >> >> Chris, >> >> Many thanks. >> >> Guillaume, >> Please stop using pica8 name in your posts, emails and any other public messages. We didn't grant you to do in this way. >> You could be pica8 partner until you are legally qualified. >> Thanks, >> >> Lin >> Pica8 Technology Inc. >> > Kind regards, Mark From tammy-lists at wiztech.biz Mon Nov 1 02:04:59 2010 From: tammy-lists at wiztech.biz (Tammy A Wisdom) Date: Mon, 1 Nov 2010 07:04:59 +0000 Subject: Clarification from Pica8 (was Fwd: Mystery open source switchingcompany claims top-of-rack price edge) In-Reply-To: <5D70CC31-8EE6-47EE-9244-8F8075D80570@asgaard.org> References: <9786252079B042D8B4124863BD22185D@wovenrose><5D70CC31-8EE6-47EE-9244-8F8075D80570@asgaard.org> Message-ID: <1580254238-1288595099-cardhu_decombobulator_blackberry.rim.net-86490837-@bda399.bisx.prod.on.blackberry> Hahah. I love it when my hunch is correct. I swear that he ate lead paint chips as a kid. The b& will be visiting soon I bet Tammy A Wisdom Summit Open Source Development Group -----Original Message----- From: Christopher LILJENSTOLPE Date: Mon, 1 Nov 2010 17:52:23 To: Subject: Clarification from Pica8 (was Fwd: Mystery open source switching company claims top-of-rack price edge) I just talked to Lin Du (who I worked with when I was at Woven), who is the current CEO of Pica8. Don't know anything about the product, but this didn't seem like Lin's style. Turns out Fontaine GUILLAUME has registered pic8.org at gmail.com, has no relation to the company - and is trying to prove to them that he should be a reseller. Lin has told GUILLAUME to stop (not that that will do any good). Some e-mail fragments below. Chris Begin forwarded message: > From: "Lin Du" > Date: 01 November 2010 17.11.58 +1100 > To: "Christopher LILJENSTOLPE" > Subject: Re: Mystery open source switching company claims top-of-rack price edge > > Hi, Chris, > > Thanks for your reminding. > This guy wants to resell the Pronto products but without any partnership with us yet. > He even registered an email with my name as Pica8.org at gmail.com for posting. > > I sent another email to let him stop doing this anymore. I need to clarify NANOG for this. > Thanks, > > Lin > > > > From: Christopher LILJENSTOLPE > Sent: Monday, November 01, 2010 12:31 PM > To: Lin Du > Subject: Re: Mystery open source switching company claims top-of-rack price edge > > > NP. > > > Chris > > > On 01Nov2010, at 15.30, Lin Du wrote: > > > Chris, > > Many thanks. > > Guillaume, > Please stop using pica8 name in your posts, emails and any other public messages. We didn't grant you to do in this way. > You could be pica8 partner until you are legally qualified. > Thanks, > > Lin > Pica8 Technology Inc. > From ops.lists at gmail.com Mon Nov 1 02:30:35 2010 From: ops.lists at gmail.com (Suresh Ramasubramanian) Date: Mon, 1 Nov 2010 13:00:35 +0530 Subject: BGP support on ASA5585-X In-Reply-To: References: <1288374173.4032.11.camel@ping01> <1288412842.995426538@192.168.2.229> Message-ID: Juniper srx runs JunOS. On Sat, Oct 30, 2010 at 11:31 AM, Jeffrey Lyon wrote: > > Juniper Netscreen does, in case the OP is looking for alternatives. > > Best regards, Jeff -- Suresh Ramasubramanian (ops.lists at gmail.com) From paljak at mit.bme.hu Mon Nov 1 03:21:01 2010 From: paljak at mit.bme.hu (paljak at mit.bme.hu) Date: Mon, 1 Nov 2010 09:21:01 +0100 Subject: datacenter traffic distribution Message-ID: Hi, I'm wondering if there's a reliable and public survey, statistics about the distribution of datacenter (or cloud, if you wish) traffic, according to protocols or traffic types? E.g. the share of iscsi/fcoe/etc in storage, or the share of TCP/UDP, and so on. For general, Internet traffic, i've found several, for example: - Cisco Visual Networking Index, http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705 /ns827/white_paper_c11-481360_ns827_Networking_Solutions_White_Paper.ht ml - Arbor Networks survey, http://www.arbornetworks.com/en/arbor-networks-the-university-of-michig an-and-merit-network-to-present-two-year-study-of-global-int-2.html I'd be interested in seeing something similar for datacenter traffic, for research purposes. Thanks for you help in advance, Gergely -- Gergely Paljak From nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org Mon Nov 1 04:28:33 2010 From: nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org (Mark Smith) Date: Mon, 1 Nov 2010 19:58:33 +1030 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> Message-ID: <20101101195833.2b5c91a0@opy.nosense.org> On Sun, 31 Oct 2010 21:32:39 -0400 Christopher Morrow wrote: > On Sun, Oct 31, 2010 at 3:10 PM, David Conrad wrote: > > On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: > >>>> "If Woody had gone straight to a ULA prefix, this would never have happened..." > >>> Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. > >> ula really never should an option... except for a short lived lab, nothing permanent. > > > > Seems to me the options are: > > > > 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat > > 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat > > 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat > > > > Folks appear to have voted with their feet that (2) isn't really viable -- they got that particular T-shirt with IPv4 and have been uniformly against getting the IPv6 version, at last as far as I can tell. > > > > My impression (which may be wrong) is that with respect to (1), a) most folks can't justify a PI request to the RIR, b) most folks don't want to deal with the RIR administrative hassle, c) most ISPs would prefer to not have to replace their routers. > > > > That would seem to leave (3). > > > > Am I missing an option? > > I don't think so, though I'd add 2 bits to your 1 and 3 options: > 1) we ought to make getting PI easy, easy enough that the other > options just don't make sense. Surely your not saying "we ought to make getting PI easy, easy enough that the other options just don't make sense" so that all residential users get PI so that if their ISP disappears their network doesn't break? Recently we've seen somebody (on either nanog or ipv6-ops) proposing to set valid lifetimes of 24 hours on ISP GUA prefixes. While a 24 hour outage is unusual for a always connected broadband service, it isn't for intermittently connected nodes and networks. In effect people who suggest using PA GUAs or PI for all IPv6 addressing are saying you can't run IPv6 unless you have an available IPv6 ISP connection or you must be able to afford to be able to thrust upon the world occupation of a global route table slot. They're not realistic requirements for all potential users of IPv6. For the most common and scalable case of PA, external addressing dependencies reduce reliability, because you can't control them. Completely relying on external connectivity and addressing for your internal networks reduces their reliability and availability. In this common case of PA, how are you going to justify that "no IPv6 without an IPv6 ISP" view to people who are very remote, such that even intermittent Internet access is very occasional; to people who run IPv6 sensor networks and don't ever want them connected to the Internet; or 3rd world countries where just local connectivity provides a very significant benefit, when global connectivity just isn't affordable? These and similar are cases where only ISP PA or PI aren't acceptable. Permanent connectivity to the global IPv6 Internet, while common, should not be essential to being able to run IPv6, and neither should PI. All you should need to run IPv6 reliably is stable internal addressing. Global connectivity should be optional, and possibly only occasional. > 2) ULA brings with it (as do any options that include multiple > addresses) host-stack complexity and address-selection issues... 'do I > use ULA here or GUA when talking to the remote host?' > There's an app for that (or rather a library routine called getaddrinfo() and an optional table it consults), and there's soon going to be a way to distribute it via DHCPv6 if the defaults don't suit - http://tools.ietf.org/html/draft-fujisaki-dhc-addr-select-opt-09 Regards, Mark. From tim at pelican.org Mon Nov 1 05:24:31 2010 From: tim at pelican.org (Tim Franklin) Date: Mon, 1 Nov 2010 10:24:31 +0000 (GMT) Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: <20101101195833.2b5c91a0@opy.nosense.org> Message-ID: <15194720.01288607071359.JavaMail.root@jennyfur.pelican.org> > Surely your not saying "we ought to make getting PI easy, easy enough > that the other options just don't make sense" so that all residential > users get PI so that if their ISP disappears their network doesn't > break? I've seen this last point come up a few times, and I really don't get it. If you're multihomed with multiple PA GUAs, yes, you'd want each RA to track its corresponding WAN availability so your devices are using a prefix that has connectivity. If you're a single-homed leaf network, why on earth wouldn't you want to generate RAs for your statically-assigned prefix all the time, regardless of the state of your WAN connection? Regards, Tim. From lee at asgard.org Mon Nov 1 09:51:23 2010 From: lee at asgard.org (Lee Howard) Date: Mon, 1 Nov 2010 10:51:23 -0400 Subject: IPv6 rDNS In-Reply-To: <4CCB6F98.6090103@mompl.net> References: <4CCB6F98.6090103@mompl.net> Message-ID: <000001cb79d4$45583f30$d008bd90$@org> Since there's a thread here, I'll mention rDNS for residential users. I'm not sure there's consensus about whether forward and reverse ought to match (how strong a "should" is that?). I know you can't populate every potential record in a reverse zone, as in IPv4. You can generate records on the fly, or just not provide PTRs. I've described options in draft-howard-isp-ip6rdns-04 but I'm not sure enough people care whether it's published as an RFC. Discuss on IETF's dnsop list. https://www.ietf.org/mailman/listinfo/dnsop Lee > -----Original Message----- > From: Jeroen van Aart [mailto:jeroen at mompl.net] > Sent: Friday, October 29, 2010 9:07 PM > To: NANOG list > Subject: IPv6 rDNS > > I battled for a few hours getting IPv6 rDNS to work. The following tool > proved to be quite helpful: > http://www.fpsn.net/?pg=tools&tool=ipv6-inaddr > > Just in case anyone else would run into similar problems. It's not as > straightforward as IPv4 rDNS. > > Greetings, > Jeroen > > -- > http://goldmark.org/jeff/stupid-disclaimers/ > http://linuxmafia.com/~rick/faq/plural-of-virus.html From jason.iannone at gmail.com Mon Nov 1 10:08:53 2010 From: jason.iannone at gmail.com (Jason Iannone) Date: Mon, 1 Nov 2010 09:08:53 -0600 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> <4CCDA6D6.8030408@matthew.at> Message-ID: Define long prefix length. Owen has been fairly forceful in his advocacy of /48s at every site. Is this too long a prefix? Should peers only except /32s and shorter? On Sun, Oct 31, 2010 at 1:12 PM, David Conrad wrote: > On Oct 31, 2010, at 9:01 AM, Owen DeLong wrote: >>> Would it help if ARIN's policies were changed to allow anyone and everyone >>> to obtain PI space directly from them (for the appropriate fee, of course), and >>> then it was left up to the operating community to decide whether or not to >>> route the smaller chunks of space? >> I really don't expect this to be as much of an issue in IPv6. > > Why would the commercial interests that have driven ISPs to remove long prefix length filters in IPv4 not apply to IPv6? > > Regards, > -drc > > > From Greg.Whynott at oicr.on.ca Mon Nov 1 10:21:00 2010 From: Greg.Whynott at oicr.on.ca (Greg Whynott) Date: Mon, 1 Nov 2010 11:21:00 -0400 Subject: Token ring? topic hijack: was Re: Mystery open source switching In-Reply-To: References: <20101030212621.460611CC45@ptavv.es.net> Message-ID: <0C5D997C-91C5-46EC-B383-D2D5EA6A3FF9@oicr.on.ca> off topic? you recently converted from token ring to ethernet? i had no idea there was still token ring networks out there, or am i living in a bubble? -g On Oct 31, 2010, at 9:07 PM, Paul WALL wrote: > I don't know what the big deal is. I've rolled at least 20 of these > switches into my network, and not only are they more stable than the > Centillion switches that they replaced, they only cost half as much. > Most of the money I dropped was on converting my stations from token > ring to ethernet. > > > On Sun, Oct 31, 2010 at 6:59 PM, bas wrote: >> Hi, >> >> On Sat, Oct 30, 2010 at 11:26 PM, Kevin Oberman wrote: >>> I might also mention that I received private SPAM from a name we all >>> know and loath. (Hint: He's been banned from NANOG for VERY good >>> reason and his name is of French derivation.) I just added a filter to >>> block any mail mentioning pica8 and will see no more of this thread or >>> their spam. >> >> Same here. >> He harvests email addresses from peeringdb. (I have slight typo's in >> my peeringdb record to recognize harvested spams.) >> >> Bas >> >> > -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization. From stephen at sprunk.org Mon Nov 1 10:39:20 2010 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 01 Nov 2010 10:39:20 -0500 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> <4CCDA6D6.8030408@matthew.at> Message-ID: <4CCEDF28.1060504@sprunk.org> On 01 Nov 2010 10:08, Jason Iannone wrote: > Define long prefix length. Owen has been fairly forceful in his > advocacy of /48s at every site. Is this too long a prefix? Should > peers only except /32s and shorter? One assumes unpaid peers will accept prefixes up to the maximum length the RIR issues for that block, which is currently either /32 (PA) or /48 (PI). Presumably, "long" means any prefix longer than that; paid peers may accept those as well, but one assumes unpaid peers will not. S -- Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3646 bytes Desc: S/MIME Cryptographic Signature URL: From nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org Mon Nov 1 11:07:12 2010 From: nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org (Mark Smith) Date: Tue, 2 Nov 2010 02:37:12 +1030 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: <15194720.01288607071359.JavaMail.root@jennyfur.pelican.org> References: <20101101195833.2b5c91a0@opy.nosense.org> <15194720.01288607071359.JavaMail.root@jennyfur.pelican.org> Message-ID: <20101102023712.0ac0febb@opy.nosense.org> On Mon, 1 Nov 2010 10:24:31 +0000 (GMT) Tim Franklin wrote: > > Surely your not saying "we ought to make getting PI easy, easy enough > > that the other options just don't make sense" so that all residential > > users get PI so that if their ISP disappears their network doesn't > > break? > > I've seen this last point come up a few times, and I really don't get it. > > If you're multihomed with multiple PA GUAs, yes, you'd want each RA to track its corresponding WAN availability so your devices are using a prefix that has connectivity. > > If you're a single-homed leaf network, why on earth wouldn't you want to generate RAs for your statically-assigned prefix all the time, regardless of the state of your WAN connection? > This isn't to do with anything low level like RAs. This is about people proposing every IPv6 end-site gets PI i.e. a default free zone with multiple billions of routes instead of using ULAs for internal, stable addressing. It's as though they're not aware that the majority of end-sites on the Internet are residential ones, and that PI can scale to that number of end-sites. I can't see any other way to interpret "we ought to make getting PI easy, easy enough that the other options just don't make sense". Regards, Mark. From morrowc.lists at gmail.com Mon Nov 1 11:17:53 2010 From: morrowc.lists at gmail.com (Christopher Morrow) Date: Mon, 1 Nov 2010 12:17:53 -0400 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: <20101101195833.2b5c91a0@opy.nosense.org> References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> <20101101195833.2b5c91a0@opy.nosense.org> Message-ID: On Mon, Nov 1, 2010 at 5:28 AM, Mark Smith wrote: > On Sun, 31 Oct 2010 21:32:39 -0400 > Christopher Morrow wrote: > >> On Sun, Oct 31, 2010 at 3:10 PM, David Conrad wrote: >> > On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: >> >>>> "If Woody had gone straight to a ULA prefix, this would never have happened..." >> >>> Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. >> >> ula really never should an option... except for a short lived lab, nothing permanent. >> > >> > Seems to me the options are: >> > >> > 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat >> > 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat >> > 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat >> > >> > Folks appear to have voted with their feet that (2) isn't really viable -- they got that particular T-shirt with IPv4 and have been uniformly against getting the IPv6 version, at last as far as I can tell. >> > >> > My impression (which may be wrong) is that with respect to (1), a) most folks can't justify a PI request to the RIR, b) most folks don't want to deal with the RIR administrative hassle, c) most ISPs would prefer to not have to replace their routers. >> > >> > That would seem to leave (3). >> > >> > Am I missing an option? >> >> I don't think so, though I'd add 2 bits to your 1 and 3 options: >> 1) we ought to make getting PI easy, easy enough that the other >> options just don't make sense. > > Surely your not saying "we ought to make getting PI easy, easy enough > that the other options just don't make sense" so that all residential > users get PI so that if their ISP disappears their network doesn't > break? all the world is not a corner case... I don't think sane folks are supportive of 'every end site gets pi', I think it's somewhat sane to believe that enterprise type folks can/should be able to get PI space to suit their needs. ULA for enterprises is really not a good solution. Cable/dsl end users can certainly apply for PI space they may even be able to justify an allocation (see owen...) I don't think they'll have much success actually getting a DSL/Cable provider to actually hold the route for them though... so I'm not sure that your pathological case matters here. -chris From owen at delong.com Mon Nov 1 11:20:41 2010 From: owen at delong.com (Owen DeLong) Date: Mon, 1 Nov 2010 09:20:41 -0700 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: <20101101195833.2b5c91a0@opy.nosense.org> References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> <20101101195833.2b5c91a0@opy.nosense.org> Message-ID: On Nov 1, 2010, at 2:28 AM, Mark Smith wrote: > On Sun, 31 Oct 2010 21:32:39 -0400 > Christopher Morrow wrote: > >> On Sun, Oct 31, 2010 at 3:10 PM, David Conrad wrote: >>> On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: >>>>>> "If Woody had gone straight to a ULA prefix, this would never have happened..." >>>>> Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. >>>> ula really never should an option... except for a short lived lab, nothing permanent. >>> >>> Seems to me the options are: >>> >>> 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat >>> 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat >>> 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat >>> >>> Folks appear to have voted with their feet that (2) isn't really viable -- they got that particular T-shirt with IPv4 and have been uniformly against getting the IPv6 version, at last as far as I can tell. >>> >>> My impression (which may be wrong) is that with respect to (1), a) most folks can't justify a PI request to the RIR, b) most folks don't want to deal with the RIR administrative hassle, c) most ISPs would prefer to not have to replace their routers. >>> >>> That would seem to leave (3). >>> >>> Am I missing an option? >> >> I don't think so, though I'd add 2 bits to your 1 and 3 options: >> 1) we ought to make getting PI easy, easy enough that the other >> options just don't make sense. > > Surely your not saying "we ought to make getting PI easy, easy enough > that the other options just don't make sense" so that all residential > users get PI so that if their ISP disappears their network doesn't > break? > He may or may not be. I don't think it's such a bad idea. > Recently we've seen somebody (on either nanog or ipv6-ops) proposing to > set valid lifetimes of 24 hours on ISP GUA prefixes. While a 24 hour > outage is unusual for a always connected broadband service, it isn't > for intermittently connected nodes and networks. > The upstream valid lifetime doesn't have a lot to do with what happens on the internal network if you're smart. > In effect people who suggest using PA GUAs or PI for all IPv6 addressing > are saying you can't run IPv6 unless you have an available IPv6 ISP > connection or you must be able to afford to be able to thrust upon the > world occupation of a global route table slot. They're not realistic > requirements for all potential users of IPv6. > No...PI does not require an available IPv6 ISP connection at all. This is a misstatement that does not become any less false no matter how many times you repeat it. > For the most common and scalable case of PA, external addressing > dependencies reduce reliability, because you can't control them. > Completely relying on external connectivity and addressing for your > internal networks reduces their reliability and availability. > This is also false if you use any form of sanity in applying the assigned PA prefix to your network. > In this common case of PA, how are you going to justify that "no IPv6 > without an IPv6 ISP" view to people who are very remote, such that even > intermittent Internet access is very occasional; to people who run IPv6 > sensor networks and don't ever want them connected to the Internet; or > 3rd world countries where just local connectivity provides a very > significant benefit, when global connectivity just isn't affordable? > These and similar are cases where only ISP PA or PI aren't acceptable. > Nobody is trying to. This is a fallacy of logic that you keep pushing, but, it's still false. If I wire a PA prefix into my router, it doesn't go away just because the ISP does. All that happens is that I can't reach the internet from it, which is kind of true regardless of the address space used at the point where your ISP goes away. > Permanent connectivity to the global IPv6 Internet, while common, > should not be essential to being able to run IPv6, and neither should > PI. All you should need to run IPv6 reliably is stable internal > addressing. Global connectivity should be optional, and possibly only > occasional. > Why shouldn't PI if it was easy to get? I still don't understand the perceived advantage of ULA vs. PI other than the perception that it is easier to get. If PI is just as easy to get, why is it a problem? >> 2) ULA brings with it (as do any options that include multiple >> addresses) host-stack complexity and address-selection issues... 'do I >> use ULA here or GUA when talking to the remote host?' >> > > There's an app for that (or rather a library routine called > getaddrinfo() and an optional table it consults), and there's soon going > to be a way to distribute it via DHCPv6 if the defaults don't suit - > > http://tools.ietf.org/html/draft-fujisaki-dhc-addr-select-opt-09 > Sure, now, how many applications have been coded to actually pay attention to what getaddrinfo is telling them about address selection order? Owen From tim at pelican.org Mon Nov 1 11:27:08 2010 From: tim at pelican.org (Tim Franklin) Date: Mon, 1 Nov 2010 16:27:08 +0000 (GMT) Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: <8023684.141288628720636.JavaMail.root@jennyfur.pelican.org> Message-ID: <23199213.161288628827999.JavaMail.root@jennyfur.pelican.org> > This isn't to do with anything low level like RAs. This is about > people proposing every IPv6 end-site gets PI i.e. a default free zone > with multiple billions of routes instead of using ULAs for internal, > stable addressing. It's as though they're not aware that the majority > of end-sites on the Internet are residential ones, and that PI can > scale to that number of end-sites. I can't see any other way to > interpret "we ought to make getting PI easy, easy enough that the > other options just don't make sense". OK, sorry, I think we're addressing different points of the same comment. I was looking very much at the second half of "all residential users get PI so that if their ISP disappears their network doesn't break", ie the reason *why* they'd want PI. I assumed that was "disappears" as in "has an outage", rather than goes bust, user changes ISP etc - and if you've only got one ISP, you don't need PI or ULA to have *local* connectivity work through an ISP outage. I agree, on the current routing platforms we have, PI for every end site is insanity. Whether we should be looking for routing platforms (or a different architecture - LISP?) that allows PI for every end user is a different question... Regards, Tim. From morrowc.lists at gmail.com Mon Nov 1 11:27:44 2010 From: morrowc.lists at gmail.com (Christopher Morrow) Date: Mon, 1 Nov 2010 12:27:44 -0400 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: <20101101195833.2b5c91a0@opy.nosense.org> References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> <20101101195833.2b5c91a0@opy.nosense.org> Message-ID: oops, I clipped a little too much from the message before replying... On Mon, Nov 1, 2010 at 5:28 AM, Mark Smith wrote: > > Permanent connectivity to the global IPv6 Internet, while common, > should not be essential to being able to run IPv6, and neither should > PI. All you should need to run IPv6 reliably is stable internal > addressing. Global connectivity should be optional, and possibly only > occasional. I think there are many cases where a 'disconnected' network will want ipv6, I do NOT believe they should use ULA space except in the most extreme cases. It makes more sense to just get these folks a GUA allocation of their proper size, support their DNS and registry needs. I agree that global connectivity should be optional... I've worked on more than one network that had better never see the light of day, and will most likely need (or already has?) ipv6 deployments in the coming months/years. -chris From nick at foobar.org Mon Nov 1 11:48:01 2010 From: nick at foobar.org (Nick Hilliard) Date: Mon, 01 Nov 2010 16:48:01 +0000 Subject: Token ring? topic hijack: was Re: Mystery open source switching In-Reply-To: <0C5D997C-91C5-46EC-B383-D2D5EA6A3FF9@oicr.on.ca> References: <20101030212621.460611CC45@ptavv.es.net> <0C5D997C-91C5-46EC-B383-D2D5EA6A3FF9@oicr.on.ca> Message-ID: <4CCEEF41.1060600@foobar.org> On 01/11/2010 15:21, Greg Whynott wrote: > you recently converted from token ring to ethernet? i had no idea > there was still token ring networks out there, or am i living in a > bubble? Sadly, you're living in a bubble. As long as there are banks and very large commercial institutions, there will be legacy installations. Including t/r. And OS/2. And windows NT 3.51. And FDDI and X.25 and every single legacy protocol, type of hardware and ancient operating system that ever existed. Why do you think the Cisco 7500 only went EoS 3 years ago? Nick From rgraves at ColumbusAirports.com Mon Nov 1 11:54:13 2010 From: rgraves at ColumbusAirports.com (Richard Graves (RHT)) Date: Mon, 1 Nov 2010 16:54:13 +0000 Subject: Token ring? topic hijack: was Re: Mystery open source switching In-Reply-To: <4CCEEF41.1060600@foobar.org> References: <20101030212621.460611CC45@ptavv.es.net> <0C5D997C-91C5-46EC-B383-D2D5EA6A3FF9@oicr.on.ca> <4CCEEF41.1060600@foobar.org> Message-ID: <8578763A31E3DC43BE4A1409B145D9D8ECD6@CMH-MAIL2.caa.local> Halloween is over, why do you have to keep saying scary things like that.. (even if it is true, unfortunately) -Richard -----Original Message----- From: Nick Hilliard [mailto:nick at foobar.org] Sent: Monday, November 01, 2010 12:48 PM To: nanog at nanog.org Subject: Re: Token ring? topic hijack: was Re: Mystery open source switching On 01/11/2010 15:21, Greg Whynott wrote: > you recently converted from token ring to ethernet? i had no idea > there was still token ring networks out there, or am i living in a > bubble? Sadly, you're living in a bubble. As long as there are banks and very large commercial institutions, there will be legacy installations. Including t/r. And OS/2. And windows NT 3.51. And FDDI and X.25 and every single legacy protocol, type of hardware and ancient operating system that ever existed. Why do you think the Cisco 7500 only went EoS 3 years ago? Nick From nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org Mon Nov 1 12:16:55 2010 From: nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org (Mark Smith) Date: Tue, 2 Nov 2010 03:46:55 +1030 Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses) In-Reply-To: References: <4CBF63BF.2000101@mompl.net> <4CC070E9.7090709@unfix.org> <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com> <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com> <171584.1288534952@localhost> <20101101195833.2b5c91a0@opy.nosense.org> Message-ID: <20101102034655.589f39f5@opy.nosense.org> On Mon, 1 Nov 2010 09:20:41 -0700 Owen DeLong wrote: > > On Nov 1, 2010, at 2:28 AM, Mark Smith wrote: > > > On Sun, 31 Oct 2010 21:32:39 -0400 > > Christopher Morrow wrote: > > > >> On Sun, Oct 31, 2010 at 3:10 PM, David Conrad wrote: > >>> On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: > >>>>>> "If Woody had gone straight to a ULA prefix, this would never have happened..." > >>>>> Or better yet, if Woody had gone straight to PI, he wouldn't have this problem, either. > >>>> ula really never should an option... except for a short lived lab, nothing permanent. > >>> > >>> Seems to me the options are: > >>> > >>> 1) PI, resulting in no renumbering costs, but RIR costs and routing table bloat > >>> 2) PA w/o ULA, resulting in full site renumbering cost, no routing table bloat > >>> 3) PA w/ ULA, resulting in externally visible-only renumbering cost, no routing table bloat > >>> > >>> Folks appear to have voted with their feet that (2) isn't really viable -- they got that particular T-shirt with IPv4 and have been uniformly against getting the IPv6 version, at last as far as I can tell. > >>> > >>> My impression (which may be wrong) is that with respect to (1), a) most folks can't justify a PI request to the RIR, b) most folks don't want to deal with the RIR administrative hassle, c) most ISPs would prefer to not have to replace their routers. > >>> > >>> That would seem to leave (3). > >>> > >>> Am I missing an option? > >> > >> I don't think so, though I'd add 2 bits to your 1 and 3 options: > >> 1) we ought to make getting PI easy, easy enough that the other > >> options just don't make sense. > > > > Surely your not saying "we ought to make getting PI easy, easy enough > > that the other options just don't make sense" so that all residential > > users get PI so that if their ISP disappears their network doesn't > > break? > > > He may or may not be. I don't think it's such a bad idea. > How about algorithmically generating these addresses, so that they're near unique, instead of having the overhead of a central registry, and a global routability expectation? > > Recently we've seen somebody (on either nanog or ipv6-ops) proposing to > > set valid lifetimes of 24 hours on ISP GUA prefixes. While a 24 hour > > outage is unusual for a always connected broadband service, it isn't > > for intermittently connected nodes and networks. > > > The upstream valid lifetime doesn't have a lot to do with what happens on > the internal network if you're smart. > Residential end-users aren't "smart" and aren't network engineers - they pay people like us so that they don't have to be. > > In effect people who suggest using PA GUAs or PI for all IPv6 addressing > > are saying you can't run IPv6 unless you have an available IPv6 ISP > > connection or you must be able to afford to be able to thrust upon the > > world occupation of a global route table slot. They're not realistic > > requirements for all potential users of IPv6. > > > No...PI does not require an available IPv6 ISP connection at all. This > is a misstatement that does not become any less false no matter how > many times you repeat it. > What if you don't have an IPv6 ISP connection? Where do you get your PA from? Link local isn't good enough, because it can't span more than a single link. Homes in the future are likely to have multiple networks - visitor segments, multicast segments for video, children segments, 6LowPAN for home sensor networks etc. You've stated you use link locals for this sort of thing, yet you'd be specifying the interface to use as well. That isn't much different to using a subnet number, embedded in the address, to specify either directly attached or remotely reachable subnets. The nice thing about doing it that way is that IPv6 applications are addressing scope agnostic - they just use the address supplied, and ask the underlying OS, which uses the local route table, to direct where the packets go and therefore select the outgoing interface. Link locals + interfaces is more complicated, because now socket options have to be invoked, and only in the case of when a link local address is specified, which also means performing an address type check for the interface option. This code has to be present in ever application, instead of letting the underlying OS taking care of how application packets are directed towards their destinations, and the applications not having to care. > > For the most common and scalable case of PA, external addressing > > dependencies reduce reliability, because you can't control them. > > Completely relying on external connectivity and addressing for your > > internal networks reduces their reliability and availability. > > > This is also false if you use any form of sanity in applying the assigned > PA prefix to your network. > I suppose since they don't have the expertise, you could consider residential end-users insane. You can't make the insane sane just by telling them to be so. Preventing their "insanity" from breaking their Internet service, causing them to call your helpdesk, is the sane thing to do. That is achieved by making their Internet service work with the absolute least operational intervention on their part. It's hard enough to get them to enter their username/password via an embedded web server - to the point where some vendors supply setup CDs to automate the discovery of the device, avoiding the end user having to type an IP address URL into their browser. > > In this common case of PA, how are you going to justify that "no IPv6 > > without an IPv6 ISP" view to people who are very remote, such that even > > intermittent Internet access is very occasional; to people who run IPv6 > > sensor networks and don't ever want them connected to the Internet; or > > 3rd world countries where just local connectivity provides a very > > significant benefit, when global connectivity just isn't affordable? > > These and similar are cases where only ISP PA or PI aren't acceptable. > > > Nobody is trying to. This is a fallacy of logic that you keep pushing, > but, it's still false. If I wire a PA prefix into my router, it doesn't go > away just because the ISP does. All that happens is that I can't > reach the internet from it, which is kind of true regardless of the > address space used at the point where your ISP goes away. > You haven't ever tried to get a majority of residential end-users to update their firmware have you? You'll have the same luck getting a majority of them to "wire a PA prefix into" their routers. > > Permanent connectivity to the global IPv6 Internet, while common, > > should not be essential to being able to run IPv6, and neither should > > PI. All you should need to run IPv6 reliably is stable internal > > addressing. Global connectivity should be optional, and possibly only > > occasional. > > > Why shouldn't PI if it was easy to get? I still don't understand the > perceived advantage of ULA vs. PI other than the perception that > it is easier to get. If PI is just as easy to get, why is it a problem? > It seems to me your main criticism of ULAs is that people would expect it to be globally routed if they paid enough money. Now you're saying that if PI is really easy to get, people *won't* have a global routing expectation of PI routability? I certainly would if I was given PI. What would be worse is that this "non-routable" PI won't come out of a specific prefix so that it can easily filtered, unlike ULAs. > >> 2) ULA brings with it (as do any options that include multiple > >> addresses) host-stack complexity and address-selection issues... 'do I > >> use ULA here or GUA when talking to the remote host?' > >> > > > > There's an app for that (or rather a library routine called > > getaddrinfo() and an optional table it consults), and there's soon going > > to be a way to distribute it via DHCPv6 if the defaults don't suit - > > > > http://tools.ietf.org/html/draft-fujisaki-dhc-addr-select-opt-09 > > > Sure, now, how many applications have been coded to actually > pay attention to what getaddrinfo is telling them about address > selection order? > All the ones I use - they all seem to use the first getaddrinfo() response. They should be attempting to successively connect() to all responses in the order that getaddrinfo() returns as connect() failures occur. I don't know if they are (as destination reachability is usually good), however if they aren't, then the application developers haven't used getaddrinfo() correctly. That behaviour wouldn't be exclusive to IPv6 though - IPv4 applications should also be attempting to connect() to successive addresses when multiple are returned. IOW, applications coping with multiple responses to getaddrinfo() is not an exclusive issue to IPv6. I actually override the current default IPv6 address rules. Here's my /etc/gai.conf, which makes ULAs override GUAs as that currently isn't in the default address selection rules, and makes tunnelled IPv6 preferred over native IPv4, as I don't currently have native IPv6. The MRS entries are the non-defaults, the rest are from the gai.conf manual page. -- # Used for selecting source addresses # # label