From pawal at blipp.com Wed Nov 7 10:34:59 2007 From: pawal at blipp.com (Patrik Wallstrom) Date: Wed, 7 Nov 2007 10:34:59 +0100 Subject: [ipv6-wg] Commercial IPv6 firewall support In-Reply-To: References: Message-ID: <20071107093459.GD20254@vic20.blipp.com> On Fri, 26 Oct 2007, michael.dillon at bt.com wrote: > Some people have claimed that they cannot yet sell > IPv6 Internet access because there is no IPv6 firewall > support. According to this ICANN study: > http://www.icann.org/committees/security/sac021.pdf > this is not quite true. At least 30% of the 42 vendors > surveyed, had IPv6 support. > > According to this talk > -IPv6-Firewalling-PeterBieringer-Talk.pdf> > many open-source and commercial firewalls supporting IPv6 are available. > > IPCop is based on Linux > > > m0n0wall is based on FreeBSD > > > pfSense is also based on FreeBSD > > > FWBuilder is a management tool that builds filter setups for > several different firewalls. > [...] I am not really sure this list contains routers that really really supports tested IPv6 routing, or just of those that say they do. For example FWBuilder here does not support IPv6 other than (from the changelog in the latest version) "... option to the firewall settings dialog for iptables that controls whether compiler should skip generation of the code to set default policy of all ipv6 chains to DROP", and that is all v6 support there I can find. -- patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956 From ed-ripe-ipv6 at s5h.net Wed Nov 7 19:27:52 2007 From: ed-ripe-ipv6 at s5h.net (ed) Date: Wed, 7 Nov 2007 18:27:52 +0000 Subject: [ipv6-wg] OT? Ripe NCC posting on youtube Message-ID: <20071107182752.020ce7c1@workstation> Sorry if this is off topic or old news, but I saw this on the SCLUG mailing list. Truly excellent: http://uk.youtube.com/user/RIPENCC -- The 14.4 dialup to the PS2 is doing the twist because of a power outage. AOL is playing way too much Diablo II. :: http://www.s5h.net/ :: http://www.s5h.net/gpg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From dennislun at gmail.com Thu Nov 8 18:22:42 2007 From: dennislun at gmail.com (Dennis Lundstrom) Date: Thu, 8 Nov 2007 18:22:42 +0100 Subject: [ipv6-wg] Commercial IPv6 firewall support In-Reply-To: <20071107093459.GD20254@vic20.blipp.com> References: <20071107093459.GD20254@vic20.blipp.com> Message-ID: <4CF1DE97-4994-4C69-93B6-1147AC7B5CD0@gmail.com> I believe that the biggest obstacle here, is education, and scheduling. This issue have to get more time in the board-rooms, and be discussed at a higher level. If management does not understand the severity, and the application. They will most likely never apply funds for research and training needed. Much of our economy is based on resources, that we will eventually one day run out on. Looking at the sky-rocketing oil-prices. I doubt that we want the same thing happening to IPv4. though we can set up policy against third party trade of address-space. This will most likely happen on an organized level anyway. The thing is, If we draw parallels to the oil industry. Let's face it,we got the technology today to quit our dependency of IPv4. Another big issue is IPv6 support in SOHO market. More home-use IP- enabled equipment need to support IPv6 out of the box. Best regards. --Dennis Lundstr?m Adamo Europe S.L (AS35699) On 7 nov 2007, at 10.34, Patrik Wallstrom wrote: > On Fri, 26 Oct 2007, michael.dillon at bt.com wrote: > >> Some people have claimed that they cannot yet sell >> IPv6 Internet access because there is no IPv6 firewall >> support. According to this ICANN study: >> http://www.icann.org/committees/security/sac021.pdf >> this is not quite true. At least 30% of the 42 vendors >> surveyed, had IPv6 support. >> >> According to this talk >> > -IPv6-Firewalling-PeterBieringer-Talk.pdf> >> many open-source and commercial firewalls supporting IPv6 are >> available. >> >> IPCop is based on Linux >> >> >> m0n0wall is based on FreeBSD >> >> >> pfSense is also based on FreeBSD >> >> >> FWBuilder is a management tool that builds filter setups for >> several different firewalls. >> > > [...] > > I am not really sure this list contains routers that really really > supports tested IPv6 routing, or just of those that say they do. For > example FWBuilder here does not support IPv6 other than (from the > changelog in the latest version) "... option to the firewall settings > dialog for iptables that controls whether compiler should skip > generation of the code to set default policy of all ipv6 chains to > DROP", and that is all v6 support there I can find. > > -- > patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956 > From david.conrad at icann.org Thu Nov 8 20:00:43 2007 From: david.conrad at icann.org (David Conrad) Date: Thu, 08 Nov 2007 11:00:43 -0800 Subject: [ipv6-wg] Commercial IPv6 firewall support In-Reply-To: <4CF1DE97-4994-4C69-93B6-1147AC7B5CD0@gmail.com> Message-ID: Dennis, On 11/8/07 9:22 AM, "Dennis Lundstrom" wrote: > I believe that the biggest obstacle here, is education, and scheduling. While education and scheduling are issues, I suspect they're more symptoms than causes. From my perspective the real problem is that there is no commercial incentive to drive IPv6 adoption. Simply, IPv6 provides nothing of value to people with money over IPv4. The theory now appears to be that exhaustion of the IPv4 free pool will mean that the "killer IPv6 app" will be lower cost IP addresses, however even with very expensive IPv4 addresses, it isn't clear to me the cost of deploying IPv6 will still be lower than IPv4+NAT. > Much of our economy is based on resources, that we will eventually one day > run out on. Looking at the sky-rocketing oil-prices. I doubt that we want the > same thing happening to IPv4. Not sure what we can do to stop it. > though we can set up policy against third party trade of address-space. Creating such a policy by itself will simply mean the registration databases become useless as people go outside the traditional systems to trade addresses. > This will most likely happen on an organized level anyway. The thing > is, If we draw parallels to the oil industry. Let's face it,we got the > technology today to quit our dependency of IPv4. An interesting analogy. Yes, we have the technology, but what is the incentive to change? How do you go about redeploying a widely deployed infrastructure critical to national and international economies, particularly when the proposed replacement isn't backwards compatible? > Another big issue is IPv6 support in SOHO market. More home-use IP- > enabled equipment need to support IPv6 out of the box. And if they did? Where is the IPv6 content folks would connect to? Why would those content providers spend the money to support IPv6 since everybody can connect their content via IPv4? We've boxed ourselves in quite nicely. We've created a new protocol that does not interoperate with the old protocol, implying we have to redeploy the entire infrastructure, but we've provided no incentives to actually drive that redeployment. "Oops". Regards, -drc From drixter at e-utp.net Fri Nov 9 22:58:52 2007 From: drixter at e-utp.net (Marcin Gondek) Date: Fri, 9 Nov 2007 22:58:52 +0100 Subject: [ipv6-wg] Few questions about IPv6 Message-ID: <006201c8231b$b784ec10$268ec430$@net> Hello All , I have few question about IPv6 and maybe someone can explain this. Sorry if those information can be found on RIPE page or I'm sending it to wrong mailing list, I'm not able to find it. 1. Do I have to be a LIR to request /32 subnet from RIPE, can be it done by another LIR which will request subnet for me (as its customer)? 2. Do I have to be a LIR to request AS number from RIPE, can be it done by another LIR which will request AS number for me (as its customer)? Thanks in advance. -- Marcin Gondek / Drixter e-utp.net NIP: PL1181589645 REGON: 140584662 Tel. +48602159929 Fax. +48222012418 office at e-utp.net http://www.e-utp.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From drixter at e-utp.net Fri Nov 9 23:15:11 2007 From: drixter at e-utp.net (Marcin Gondek) Date: Fri, 9 Nov 2007 23:15:11 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <20071109220735.GA25081@bfib.ipng.nl> References: <006201c8231b$b784ec10$268ec430$@net> <20071109220735.GA25081@bfib.ipng.nl> Message-ID: <007901c8231d$ff1c5610$fd550230$@net> > On Fri, Nov 09, 2007 at 10:58:52PM +0100, Marcin Gondek wrote: > | 1. Do I have to be a LIR to request /32 subnet from RIPE, can > be it > | done by another LIR which will request subnet for me (as its > customer)? > You have to be an LIR to request an IPv6 allocation from RIPE NCC. To be sure, LIR can not request /32 subnet for it's customer, even If customer need and LIR agree for customer needs. It's not important for customer to get allocation directly from RIPE. It can be allocated from LIR but /32 is needed to be not filtered in BGP peers because theoretically smaller PI addresses in IPv6 world not exists in RIPE region. > | 2. Do I have to be a LIR to request AS number from RIPE, can be > it > | done by another LIR which will request AS number for me (as its > customer)? > You can ask another LIR to request an AS number from RIPE NCC. Thanks. -- Marcin Gondek / Drixter e-utp.net NIP: PL1181589645 REGON: 140584662 Tel. +48602159929 Fax. +48222012418 office at e-utp.net http://www.e-utp.net From slz at baycix.de Fri Nov 9 23:21:50 2007 From: slz at baycix.de (Sascha Lenz) Date: Fri, 09 Nov 2007 23:21:50 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <006201c8231b$b784ec10$268ec430$@net> References: <006201c8231b$b784ec10$268ec430$@net> Message-ID: <4734DD7E.8060707@baycix.de> Hi, Marcin Gondek schrieb: > Hello All , > > > > I have few question about IPv6 and maybe someone can explain this. > > > > Sorry if those information can be found on RIPE page or I?m sending it > to wrong mailing list, I?m not able to find it. > > > > 1. Do I have to be a LIR to request /32 subnet from RIPE, can be > it done by another LIR which will request subnet for me (as its customer)? If you need a /32 ALLOCATION and want to do ASSIGNMENTS to downstream customers/3rd parties, you may need to become LIR yourself. If you really need a /32 ASSIGNMENT for yourself, not for any 3rd parties, you might try to talk to another LIR to hand in the request for you. But i doubt that you mean the latter :-) > 2. Do I have to be a LIR to request AS number from RIPE, can be it > done by another LIR which will request AS number for me (as its customer)? You can ask any LIR to request an ASN for you. But you can't get it directly from RIPE without being a LIR (i.e. you need to hand in the request with help from an existing LIR, or become LIR yourself and talk directly to RIPE). Try reading http://www.ripe.net/info/faq/ in whole for some further clues in general. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz at baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ======================================================================== From pim at ipng.nl Fri Nov 9 23:07:35 2007 From: pim at ipng.nl (Pim van Pelt) Date: Fri, 9 Nov 2007 23:07:35 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <006201c8231b$b784ec10$268ec430$@net> References: <006201c8231b$b784ec10$268ec430$@net> Message-ID: <20071109220735.GA25081@bfib.ipng.nl> On Fri, Nov 09, 2007 at 10:58:52PM +0100, Marcin Gondek wrote: | 1. Do I have to be a LIR to request /32 subnet from RIPE, can be it | done by another LIR which will request subnet for me (as its customer)? You have to be an LIR to request an IPv6 allocation from RIPE NCC. | 2. Do I have to be a LIR to request AS number from RIPE, can be it | done by another LIR which will request AS number for me (as its customer)? You can ask another LIR to request an AS number from RIPE NCC. -- ---------- - - - - -+- - - - - ---------- Pim van Pelt Email: pim at ipng.nl http://www.ipng.nl/ IPv6 Deployment ----------------------------------------------- From gert at space.net Fri Nov 9 23:57:01 2007 From: gert at space.net (Gert Doering) Date: Fri, 9 Nov 2007 23:57:01 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <006201c8231b$b784ec10$268ec430$@net> References: <006201c8231b$b784ec10$268ec430$@net> Message-ID: <20071109225701.GF69215@Space.Net> Hi, On Fri, Nov 09, 2007 at 10:58:52PM +0100, Marcin Gondek wrote: > 1. Do I have to be a LIR to request /32 subnet from RIPE, can be it > done by another LIR which will request subnet for me (as its customer)? You have to be a LIR. The /32 is for the LIR and its customers. It's not meant to be given to 3rd parties. (Of course that's possible, like in cases where the LIR is not the same entity as the ISP -- but that means that the LIR will not get another /32, unless it can document that the first /32 is full). There is no provider-independent IPv6 address space (as in "request it via a LIR, take it, go away") yet. > 2. Do I have to be a LIR to request AS number from RIPE, can be it > done by another LIR which will request AS number for me (as its customer)? A LIR is needed, but ASes can be requested for third parties that fulfill the requirements in the policy documents (basically: "different routing policy"). Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 122119 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From drixter at e-utp.net Sat Nov 10 11:02:05 2007 From: drixter at e-utp.net (Marcin Gondek) Date: Sat, 10 Nov 2007 11:02:05 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <20071109225701.GF69215@Space.Net> References: <006201c8231b$b784ec10$268ec430$@net> <20071109225701.GF69215@Space.Net> Message-ID: <00ab01c82380$c0158140$404083c0$@net> Hi all, > There is no provider-independent IPv6 address space (as in "request it > via a LIR, take it, go away") yet. Yet? So there are plans to be available? -- Marcin Gondek / Drixter e-utp.net NIP: PL1181589645 REGON: 140584662 Tel. +48602159929 Fax. +48222012418 office at e-utp.net http://www.e-utp.net From gert at space.net Sat Nov 10 11:10:58 2007 From: gert at space.net (Gert Doering) Date: Sat, 10 Nov 2007 11:10:58 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <00ab01c82380$c0158140$404083c0$@net> References: <006201c8231b$b784ec10$268ec430$@net> <20071109225701.GF69215@Space.Net> <00ab01c82380$c0158140$404083c0$@net> Message-ID: <20071110101058.GG69215@Space.Net> Hi, On Sat, Nov 10, 2007 at 11:02:05AM +0100, Marcin Gondek wrote: > > There is no provider-independent IPv6 address space (as in "request it > > via a LIR, take it, go away") yet. > Yet? So there are plans to be available? There is a policy proposal (2006-01) and ongoing discussion about it. If you're interested in the details and the discussion, please check the archives of the address-policy WG mailing list, available via http://www.ripe.net/ripe/wg/address-policy/ Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 122119 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From president at ukraine.su Tue Nov 13 00:23:06 2007 From: president at ukraine.su (Max Tulyev) Date: Tue, 13 Nov 2007 01:23:06 +0200 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <20071109220735.GA25081@bfib.ipng.nl> References: <006201c8231b$b784ec10$268ec430$@net> <20071109220735.GA25081@bfib.ipng.nl> Message-ID: <4738E05A.20606@ukraine.su> Pim van Pelt wrote: > On Fri, Nov 09, 2007 at 10:58:52PM +0100, Marcin Gondek wrote: > | 1. Do I have to be a LIR to request /32 subnet from RIPE, can be it > | done by another LIR which will request subnet for me (as its customer)? > You have to be an LIR to request an IPv6 allocation from RIPE NCC. The more interesting question is if I am a LIR, can I ask other LIR to get /32 allocation for me? :) -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO) From slz at baycix.de Tue Nov 13 13:13:49 2007 From: slz at baycix.de (Sascha Lenz) Date: Tue, 13 Nov 2007 13:13:49 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <4738E05A.20606@ukraine.su> References: <006201c8231b$b784ec10$268ec430$@net> <20071109220735.GA25081@bfib.ipng.nl> <4738E05A.20606@ukraine.su> Message-ID: <473994FD.4090305@baycix.de> Hi, Max Tulyev schrieb: > Pim van Pelt wrote: >> On Fri, Nov 09, 2007 at 10:58:52PM +0100, Marcin Gondek wrote: >> | 1. Do I have to be a LIR to request /32 subnet from RIPE, can be it >> | done by another LIR which will request subnet for me (as its customer)? >> You have to be an LIR to request an IPv6 allocation from RIPE NCC. > > The more interesting question is if I am a LIR, can I ask other LIR to > get /32 allocation for me? :) > according to the current policy, no. That doesn't even work for IPv4. Only LIRs get Allocations ... End-Users get Assignments. And for now that's a good idea IMHO. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz at baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ======================================================================== BayCIX GmbH * 84034 Landshut * Wagnergasse 8 Tel: +49 871 925360 * Fax: +49 871 9253629 eMail: technik at baycix.de GF: Thomas Zajac * HR B 4878 (Landshut) From leo.vegoda at icann.org Thu Nov 15 10:56:54 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Thu, 15 Nov 2007 10:56:54 +0100 Subject: [ipv6-wg] Few questions about IPv6 In-Reply-To: <473994FD.4090305@baycix.de> References: <006201c8231b$b784ec10$268ec430$@net> <20071109220735.GA25081@bfib.ipng.nl> <4738E05A.20606@ukraine.su> <473994FD.4090305@baycix.de> Message-ID: On 13 Nov 2007, at 13:13, Sascha Lenz wrote: [...] >>> On Fri, Nov 09, 2007 at 10:58:52PM +0100, Marcin Gondek wrote: >>> | 1. Do I have to be a LIR to request /32 subnet from RIPE, >>> can be it >>> | done by another LIR which will request subnet for me (as its >>> customer)? >>> You have to be an LIR to request an IPv6 allocation from RIPE NCC. >> The more interesting question is if I am a LIR, can I ask other LIR >> to >> get /32 allocation for me? :) > > according to the current policy, no. > That doesn't even work for IPv4. > > Only LIRs get Allocations ... End-Users get Assignments. > And for now that's a good idea IMHO. I don't think the policy is that clear-cut. 5.3. LIR-to-ISP allocation There is no specific policy for an organisation (LIR) to allocate address space to subordinate ISPs. Each LIR organisation may develop its own policy for subordinate ISPs to encourage optimum utilisation of the total address block allocated to the LIR. However, all /48 assignments to End Sites are required to be registered either by the LIR or its subordinate ISPs in such a way that the RIR/NIR can properly evaluate the HD-Ratio when a subsequent allocation becomes necessary. http://www.ripe.net/ripe/docs/ripe-412.html#lir_to_isp This text seems to state that an LIR can decide how much is appropriate to sub-allocate to a downstream ISP. As such, an LIR with more than a /32 could decide to sub-allocate a /32 if they though that doing so would "encourage optimum utilisation of the total address block allocated to the LIR". Ultimately, it's the LIR's problem if they are convinced to sub- allocate a /32 and the downstream ISP makes very light use of the space. A prudent LIR would make sure the contract with their downstream was sufficiently rigourous in this area. Regards, Leo Vegoda From clement at cavadore.net Mon Nov 26 18:35:16 2007 From: clement at cavadore.net (Clement Cavadore) Date: Mon, 26 Nov 2007 18:35:16 +0100 Subject: [ipv6-wg] IPv6 policies & BGP announcements Message-ID: <474B03D4.2090200@cavadore.net> Hi, I have a few question regarding IPv6, and policies. I am not LIR, so I cannot get any /32 for my network usage. I got from my LIR a /48 for my internal network needs, and another /48 for another end-user, routed through my network. The two /48 are consecutive, and aggregable as a single /47. - Am I allowed to announce a prefix more specific than my LIR's /32 (originated from my ASN, not the LIR's one) ? - If I can announce a more specific prefix, do I have to announce a couple of /48s, or may I announce a single /47, originated from my AS ? If I can announce the /47, I assume the LIR has to create a route: object ? - Is there any recommendations I'd need to know for such a situation (except becoming LIR, which is not possible for us at the moment) ? Thank you for your help -- Cl?ment Cavadore From fw at deneb.enyo.de Mon Nov 26 20:36:37 2007 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 26 Nov 2007 20:36:37 +0100 Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: <474B03D4.2090200@cavadore.net> (Clement Cavadore's message of "Mon, 26 Nov 2007 18:35:16 +0100") References: <474B03D4.2090200@cavadore.net> Message-ID: <87tzn84x4q.fsf@mid.deneb.enyo.de> * Clement Cavadore: > - Am I allowed to announce a prefix more specific than my LIR's /32 > (originated from my ASN, not the LIR's one) ? This is really the LIR's call because it's within their prefix. There are no other rules regarding prefix announcements. > - If I can announce a more specific prefix, do I have to announce a > couple of /48s, or may I announce a single /47, originated from my AS ? > If I can announce the /47, I assume the LIR has to create a route: object ? Not necessarily. For IPv4, there are some folks who use RIR data to create filters, so having such an object would be beneficial. I don't know about the state of IPv6 filtering. A lot of operators likely discard anything longer than /32 in the RIR allocation space. > - Is there any recommendations I'd need to know for such a situation > (except becoming LIR, which is not possible for us at the moment) ? ARIN offers IPv6 PI space, perhaps you can get a /48 prefix which is supposed to be globally routable from them. From pekkas at netcore.fi Tue Nov 27 06:52:59 2007 From: pekkas at netcore.fi (Pekka Savola) Date: Tue, 27 Nov 2007 07:52:59 +0200 (EET) Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: <474B03D4.2090200@cavadore.net> References: <474B03D4.2090200@cavadore.net> Message-ID: On Mon, 26 Nov 2007, Clement Cavadore wrote: > I have a few question regarding IPv6, and policies. I am not LIR, so I > cannot get any /32 for my network usage. I got from my LIR a /48 for my > internal network needs, and another /48 for another end-user, routed > through my network. The two /48 are consecutive, and aggregable as a > single /47. > > - Am I allowed to announce a prefix more specific than my LIR's /32 > (originated from my ASN, not the LIR's one) ? > > - If I can announce a more specific prefix, do I have to announce a > couple of /48s, or may I announce a single /47, originated from my AS ? > If I can announce the /47, I assume the LIR has to create a route: object ? > > - Is there any recommendations I'd need to know for such a situation > (except becoming LIR, which is not possible for us at the moment) ? Are you single-homed to your LIR? If yes, your advertisement does not need to propagate to the whole internet. If not, connectivity might break to those other ISPs which do filter more specifics based on allocation boundaries. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From cfriacas at fccn.pt Tue Nov 27 20:22:54 2007 From: cfriacas at fccn.pt (Carlos Friacas) Date: Tue, 27 Nov 2007 19:22:54 +0000 (WET) Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: <87tzn84x4q.fsf@mid.deneb.enyo.de> References: <474B03D4.2090200@cavadore.net> <87tzn84x4q.fsf@mid.deneb.enyo.de> Message-ID: On Mon, 26 Nov 2007, Florian Weimer wrote: > * Clement Cavadore: > >> - Am I allowed to announce a prefix more specific than my LIR's /32 >> (originated from my ASN, not the LIR's one) ? > > This is really the LIR's call because it's within their prefix. There > are no other rules regarding prefix announcements. > >> - If I can announce a more specific prefix, do I have to announce a >> couple of /48s, or may I announce a single /47, originated from my AS ? >> If I can announce the /47, I assume the LIR has to create a route: object ? > > Not necessarily. For IPv4, there are some folks who use RIR data to > create filters, so having such an object would be beneficial. I don't > know about the state of IPv6 filtering. The biggest problem is the state of IPv6 deployment itself :-( But some transit providers start to ask about route6 objects, just like they do about route object (i.e. see rpslng). At least mine, does :-) > A lot of operators likely > discard anything longer than /32 in the RIR allocation space. Probably. Most people doesn't follow (or is aware) about: http://www.space.net/~gert/RIPE/ipv6-filters.html Perhaps the effect would be different if the RIRs would start to maintain these recommendations themselves....... >> - Is there any recommendations I'd need to know for such a situation >> (except becoming LIR, which is not possible for us at the moment) ? > > ARIN offers IPv6 PI space, perhaps you can get a /48 prefix which is > supposed to be globally routable from them. > Best Regards, ------------------------------------------------------------------------- Carlos Friac,as See: Wide Area Network Working Group (WAN) www.gigapix.pt FCCN - Fundacao para a Computacao Cientifica Nacional www.ipv6.eu Av. do Brasil, n.101 www.6diss.org 1700-066 Lisboa, Portugal, Europe www.geant2.net Tel: +351 218440100 Fax: +351 218472167 www.fccn.pt ------------------------------------------------------------------------- The end is near........ see http://ipv4.potaroo.net "Internet is just routes (241744/992), naming (billions) and... people!" Esta mensagem foi enviada de 2001:690:2080:8004:250:daff:fe3b:2830 Aviso de Confidencialidade Esta mensagem e' exclusivamente destinada ao seu destinatario, podendo conter informacao CONFIDENCIAL, cuja divulgacao esta' expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via ou para o telefone +351 218440100 devendo apagar o seu conteudo de imediato. Warning This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail or by telephone +351 218440100 and delete it immediately. From clement at cavadore.net Tue Nov 27 22:45:28 2007 From: clement at cavadore.net (Clement Cavadore) Date: Tue, 27 Nov 2007 22:45:28 +0100 Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: References: <474B03D4.2090200@cavadore.net> <87tzn84x4q.fsf@mid.deneb.enyo.de> Message-ID: <1196199928.15906.15.camel@puisard.hivane.net> On Tue, 2007-11-27 at 19:22 +0000, Carlos Friacas wrote: > The biggest problem is the state of IPv6 deployment itself :-( > But some transit providers start to ask about route6 objects, just like > they do about route object (i.e. see rpslng). At least mine, does :-) That's exactly what I assumed, so I asked my LIR to create a route6 object for the /47 I announce to him. > > A lot of operators likely > > discard anything longer than /32 in the RIR allocation space. > > Probably. > Most people doesn't follow (or is aware) about: > http://www.space.net/~gert/RIPE/ipv6-filters.html > > Perhaps the effect would be different if the RIRs would start to maintain > these recommendations themselves....... It would sure be better. I saw a /42 announced by RIPE, which is part of another LIR's /32 sTLA. Although there is no route6: object for it, I guess most of IPv6-aware networks do care about reaching RIPE's IPv6 servers. Seeing that announcement gave me guidelines regarding BCP in doing IPv6 multihoming without being LIR. Florian Weimer wrote: > > ARIN offers IPv6 PI space, perhaps you can get a /48 prefix which is > > supposed to be globally routable from them. Well, since I am not in ARIN-land, it wouldn't be really normal for me to ask for an ARIN-PIv6. Let's assume RIPE will find a good solution for people in my case :). Regards, -- Cl?ment Cavadore From jeroen at unfix.org Tue Nov 27 23:35:16 2007 From: jeroen at unfix.org (Jeroen Massar) Date: Tue, 27 Nov 2007 23:35:16 +0100 Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: <1196199928.15906.15.camel@puisard.hivane.net> References: <474B03D4.2090200@cavadore.net> <87tzn84x4q.fsf@mid.deneb.enyo.de> <1196199928.15906.15.camel@puisard.hivane.net> Message-ID: <474C9BA4.5080405@spaghetti.zurich.ibm.com> Clement Cavadore wrote: [..] > It would sure be better. I saw a /42 announced by RIPE, which is part of > another LIR's /32 sTLA. Although there is no route6: object for it, I > guess most of IPv6-aware networks do care about reaching RIPE's IPv6 > servers. Seeing that announcement gave me guidelines regarding BCP > in doing IPv6 multihoming without being LIR. The RIPE _NCC_ did this as they don't qualify for an allocation themselves, this as they are not an LIR nor are they anywhere near anything that would justify for something much larger than a /48 (I wonder why they got a /42 in this case but there prolly is some reason for it) It is good to see that RIPE NCC follow and adhere to their own guidelines unlike other organizations. As such they only get a small chunk of space and that from a LIR. They can choose to announce it and have a route6 object for it, and in case that announcement gets filtered the /32 BGP announcement from the LIR will cover it and route it to them. There is one problem with this setup though. If 'good/fast' providers filter your more specific, then most likely only 'bad/slow' providers will transit it to others, who will use the more specific and thus the bad/slow providers. As such announcing a more specific can cause that your prefix becomes broken due to the better ISP's filtering the more specific out. > Florian Weimer wrote: >>> ARIN offers IPv6 PI space, perhaps you can get a /48 prefix which is >>> supposed to be globally routable from them. > > Well, since I am not in ARIN-land, it wouldn't be really normal for me > to ask for an ARIN-PIv6. Let's assume RIPE will find a good solution for > people in my case :). What exactly is "your case"? Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From clement at cavadore.net Wed Nov 28 01:19:26 2007 From: clement at cavadore.net (Clement Cavadore) Date: Wed, 28 Nov 2007 01:19:26 +0100 Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: <474C9BA4.5080405@spaghetti.zurich.ibm.com> References: <474B03D4.2090200@cavadore.net> <87tzn84x4q.fsf@mid.deneb.enyo.de> <1196199928.15906.15.camel@puisard.hivane.net> <474C9BA4.5080405@spaghetti.zurich.ibm.com> Message-ID: <1196209166.15906.45.camel@puisard.hivane.net> On Tue, 2007-11-27 at 23:35 +0100, Jeroen Massar wrote: > There is one problem with this setup though. If 'good/fast' providers > filter your more specific, then most likely only 'bad/slow' providers > will transit it to others, who will use the more specific and thus the > bad/slow providers. As such announcing a more specific can cause that > your prefix becomes broken due to the better ISP's filtering the more > specific out. I agree on that. But except having a statically routed IP space by a LIR (or becoming LIR and ask for a /32, which would surely be overkill, or trying to ask ARIN for PIv6), is there any other proper solutions ? Hopefully, as you said, if a more specific prefix is filtered somewhere, it could still be routed through its LIR's /32 announcement (if the LIR knows the more specific route, or course). > What exactly is "your case"? I simply run a small network without being LIR (having PI in IPv4 land), and would like to have IPv6 services available in it. First, I got a /48 statically routed in my network by the LIR who owns the parent /32. Then, I got the consecutive /48 routed to my network, so I chose to announce a /47, in order to have multihoming and peering intercos, in the future, using my ASN, like I do in IPv4. I guess it's always the same debate: What are the pros and cons regarding PIv6 (or call it "globally routable smaller prefix than /32"). Regards, -- Cl?ment Cavadore From jeroen at unfix.org Wed Nov 28 01:55:05 2007 From: jeroen at unfix.org (Jeroen Massar) Date: Wed, 28 Nov 2007 01:55:05 +0100 Subject: [ipv6-wg] IPv6 policies & BGP announcements In-Reply-To: <1196209166.15906.45.camel@puisard.hivane.net> References: <474B03D4.2090200@cavadore.net> <87tzn84x4q.fsf@mid.deneb.enyo.de> <1196199928.15906.15.camel@puisard.hivane.net> <474C9BA4.5080405@spaghetti.zurich.ibm.com> <1196209166.15906.45.camel@puisard.hivane.net> Message-ID: <474CBC69.4040302@spaghetti.zurich.ibm.com> Clement Cavadore wrote: > On Tue, 2007-11-27 at 23:35 +0100, Jeroen Massar wrote: >> There is one problem with this setup though. If 'good/fast' providers >> filter your more specific, then most likely only 'bad/slow' providers >> will transit it to others, who will use the more specific and thus the >> bad/slow providers. As such announcing a more specific can cause that >> your prefix becomes broken due to the better ISP's filtering the more >> specific out. > > I agree on that. But except having a statically routed IP space by a LIR > (or becoming LIR and ask for a /32, which would surely be overkill, or > trying to ask ARIN for PIv6), is there any other proper solutions ? The RIPE membership clearly voted for the latter. Become LIR and get your piece of IPv6. > Hopefully, as you said, if a more specific prefix is filtered somewhere, > it could still be routed through its LIR's /32 announcement (if the LIR > knows the more specific route, or course). It does, but note that the more specific might have a bad path which can cause your prefix to be semi-blacklisted because of this. >> What exactly is "your case"? > > I simply run a small network without being LIR (having PI in IPv4 land), > and would like to have IPv6 services available in it. First, I got a /48 > statically routed in my network by the LIR who owns the parent /32. > Then, I got the consecutive /48 routed to my network, so I chose to > announce a /47, in order to have multihoming and peering intercos, in > the future, using my ASN, like I do in IPv4. That is a description of what you want, not what problem it exactly tries to solve. Thus what is the case that you are trying to solve and in which way is current policy inadequate and how do you propose it could be solved in a better way and why? Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: From henk at ripe.net Wed Nov 28 10:12:12 2007 From: henk at ripe.net (Henk Uijterwaal) Date: Wed, 28 Nov 2007 10:12:12 +0100 Subject: [ipv6-wg] [Fwd: need help with global ipv6 topology measurement] Message-ID: <474D30EC.2050800@ripe.net> -------- Original Message -------- Subject: need help with global ipv6 topology measurement Date: Tue, 27 Nov 2007 15:55:42 -0800 From: k claffy To: nanog at merit.edu if you have ipv6 connectivity and are willing to volunteer some (low bandwidth) v6 traceroute data to a good cause (== a topology map of observed ipv6 connectivity), please help us out for a few ( estimated < 15) min with: http://www.caida.org/data/how-to/scamper/ipv6-collection-2007/ please share w all your ipv6friends, k -- ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.amsterdamned.org/~henk P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ Is one of the choices leaving the office open? Alan Greenspan on the next elections