It's Ars Tech's turn to bang the IPv4 exhaustion drum
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addre... Well, on reading it, it's more an "IPv6: It's great -- ask for it by name!" piece. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
I'm dealing with Hughsnet and have observed the following issue/ SOA is me for testing 72.169.156.122 Upstream router seems to be a public IP Number: 15942 Date: 18Aug2008 Time: 23:03:21 Product: FireWall-1 Interface: eth0 Origin: rockgate (192.168.1.1) Type: Log Action: Accept Protocol: udp Service: 2016 Source: upstream_router (72.169.156.121) Destination: Firewall_external (72.169.156.122) Rule: 10 Source Port: domain-udp (53) Problem is that target port is not 53, in otherwords asking for a DNS response on an odd port while sourcing port 53. Is this normal, am I missing something that a bigger ISP knows? This would be Hughesnet. so I should be concerned? I have a ticket opened with them, #15048812 but am getting the run around with them. I understand that the normal recourse is to "Reboot the modem" but in this case I think it's a bit more than that. Can anyone point me in the right direction? Thanks in advance, Again sorry for the noise Joe Blanchard 906-384=6525
From: "Joe Blanchard" <joe@sumless.net> Date: Mon, 18 Aug 2008 23:50:08 -0400
I'm dealing with Hughsnet and have observed the following issue/
SOA is me for testing 72.169.156.122
Upstream router seems to be a public IP Number: 15942 Date: 18Aug2008 Time: 23:03:21 Product: FireWall-1 Interface: eth0 Origin: rockgate (192.168.1.1) Type: Log Action: Accept Protocol: udp Service: 2016 Source: upstream_router (72.169.156.121) Destination: Firewall_external (72.169.156.122) Rule: 10 Source Port: domain-udp (53)
Problem is that target port is not 53, in otherwords asking for a DNS response on an odd port while sourcing port 53. Is this normal, am I missing something that a bigger ISP knows? This would be Hughesnet. so I should be concerned? I have a ticket opened with them, #15048812 but am getting the run around with them. I understand that the normal recourse is to "Reboot the modem" but in this case I think it's a bit more than that. Can anyone point me in the right direction? Thanks in advance,
Are they asking for a DNS or is this a reply? Replies are from 53 to an ephemeral destination. If your firewall is set up correctly and not losing state too quickly for DNS responses, this may be backscatter. I see a bit of this from time to time and dark space monitoring systems see a lot of it. With the cache poisoning attacks, I'd expect to see more t it. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Jay R. Ashworth wrote:
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addre...
Well, on reading it, it's more an "IPv6: It's great -- ask for it by name!" piece.
This article reminded me that I really needed to stop relying on a tunnel over my backup DSL line for IPv6 and spend the time to get my own ISP on the road to deploying IPv6. Step 1: Request address space from ARIN Took <1 day to get a reply that we'd be getting the space that day, a few more hours to receive a /32. That was easy. Step 2: Get set up for IPv6 peering and transit Took 30 minutes for Equinix to tell me that all I need to do is fill out a form and I'm all set. Even quicker than ARIN. Took a little over 2 days for my transit provider (Abovenet) to tell me that they don't offer IPv6 transit and don't know when they will. Native IPv6 isn't important enough for me to spend money on a new transit provider on yet, so I guess maybe next year we'll try this again and see what's changed. In the meantime, I need to upgrade some routers (including some that went EOL before IPv6 support came along) anyway. Matthew Kaufman http://www.matthew.at
Matthew Kaufman wrote:
Jay R. Ashworth wrote:
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addre...
This article reminded me that I really needed to stop relying on a tunnel over my backup DSL line for IPv6 and spend the time to get my own ISP on the road to deploying IPv6.
Step 1: Request address space from ARIN
Took <1 day to get a reply that we'd be getting the space that day, a few more hours to receive a /32. That was easy.
Did you have existing IPv4 space with ARIN? If so, I have to wonder if I would get the same speedy service from ARIN as a new entrant without existing ipv4 space? :) I'm looking at building a large network with Ipv6 in the Los Angeles metro area, to serve a number of small businesses via a large scale wireless network. Essentially a large scale private WAN, with globally routable addresses (for a VoIP/IPTV roll out later) So I'm not exactly a traditional ISP or colocation customer, but share characteristics with them. Does this matter? Should I just submit my request and see what happens? -- Charles Wyble (818) 280 - 7059 http://charlesnw.blogspot.com CTO Known Element Enterprises / SoCal WiFI project
I'm looking at building a large network with Ipv6 in the Los Angeles metro area, to serve a number of small businesses via a large scale wireless network. Essentially a large scale private WAN, with globally routable addresses (for a VoIP/IPTV roll out later) So I'm not exactly a traditional ISP or colocation customer, but share characteristics with them. Does this matter? Should I just submit my request and see what happens?
Yes, you should just submit your request and see what happens. If there isn't enough documentation or you filled out something incorrectly, ARIN generally contacts you and explains what you need to provide in order to justify your request. It is pretty painless really. At worst, because your business model is out of the ordinary, you might spend a week or two going back and forth explaining things. --Michael Dillon
On Fri, Aug 22, 2008 at 02:24:18PM -0700, Matthew Kaufman wrote:
Jay R. Ashworth wrote:
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addre...
Well, on reading it, it's more an "IPv6: It's great -- ask for it by name!" piece.
This article reminded me that I really needed to stop relying on a tunnel over my backup DSL line for IPv6 and spend the time to get my own ISP on the road to deploying IPv6.
Well, funny you should say that. I'm a masochist, so next week, I'm going to look into getting L3 to extend native IPv6 down my 10Mb/s uplink. My edge machines are Linux 2.6.mumble, but the one that faces L3 is at the end of another 10Mb/s tail circuit to me from a colo cage, so it's going to be Even More Fun. Has anyone already done the Edge IPv6 dance with L3? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
On Fri, 22 Aug 2008, Jay R. Ashworth wrote:
Has anyone already done the Edge IPv6 dance with L3?
I've been meaning to do this too for some time...only our GigE circuit to L3 was going into cisco gear with no v6 support. We moved the circuit recently to a Sup720-3bxl...so in theory, we should be able to turn up v6 with them. How painful should that be? We do already have our own v6 /32 and of course are doing ipv4 BGP with them. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Here is the response I got from L3 when I inquired about IPV6: "The answer to your questions is "no", we have not yet inplemented IPV6 for our customers yet. IPV4 is the de facto on our backbone nad alledge router on which customers connectc." Poor spelling aside, it seems they have not implemented it yet. If someone manages to get them to implement, I would really like to hear about it. -kyle Kyle Murray Network Manager Digital Forest, Inc. Jon Lewis wrote:
On Fri, 22 Aug 2008, Jay R. Ashworth wrote:
Has anyone already done the Edge IPv6 dance with L3?
I've been meaning to do this too for some time...only our GigE circuit to L3 was going into cisco gear with no v6 support. We moved the circuit recently to a Sup720-3bxl...so in theory, we should be able to turn up v6 with them. How painful should that be? We do already have our own v6 /32 and of course are doing ipv4 BGP with them.
---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
No native service available but there is a trial tunneled IPv6 service with best effort support with *no SLA* available to current Level 3 Internet customers. IPv6 is currently being provided via IPv4 tunnels to the customer's existing router and supported by a handful of engineers. There is a simple service agreement addendum and form to fill out for relevant config bits. -Craig On Aug 22, 2008, at 5:22 PM, Kyle Murray wrote:
Here is the response I got from L3 when I inquired about IPV6:
"The answer to your questions is "no", we have not yet inplemented IPV6 for our customers yet. IPV4 is the de facto on our backbone nad alledge router on which customers connectc."
Poor spelling aside, it seems they have not implemented it yet. If someone manages to get them to implement, I would really like to hear about it.
-kyle
Kyle Murray Network Manager Digital Forest, Inc.
That's good to know. Do you know if there are any rate-limits that would apply to this trial service? Any idea where the tunnel head-end is? Will they do a backup tunnel to another router? I'll have to give them a holler as soon as I'm ready to make the IPv6 jump. Thanks Justin Craig Pierantozzi wrote:
No native service available but there is a trial tunneled IPv6 service with best effort support with *no SLA* available to current Level 3 Internet customers. IPv6 is currently being provided via IPv4 tunnels to the customer's existing router and supported by a handful of engineers.
There is a simple service agreement addendum and form to fill out for relevant config bits.
-Craig
On Aug 22, 2008, at 5:22 PM, Kyle Murray wrote:
Here is the response I got from L3 when I inquired about IPV6:
"The answer to your questions is "no", we have not yet inplemented IPV6 for our customers yet. IPV4 is the de facto on our backbone nad alledge router on which customers connectc."
Poor spelling aside, it seems they have not implemented it yet. If someone manages to get them to implement, I would really like to hear about it.
-kyle
Kyle Murray Network Manager Digital Forest, Inc.
No rate limits, tunnel termination in DC, San Jose, Dallas, Amsterdam, London. You can request termination to multiple routers for diversity. * Justin Shore was thought to have said:
That's good to know. Do you know if there are any rate-limits that would apply to this trial service? Any idea where the tunnel head-end is? Will they do a backup tunnel to another router? I'll have to give them a holler as soon as I'm ready to make the IPv6 jump.
On 8/22/08, Kyle Murray <kyle@forest.net> wrote:
Here is the response I got from L3 when I inquired about IPV6:
"The answer to your questions is "no", we have not yet inplemented IPV6 for our customers yet. IPV4 is the de facto on our backbone nad alledge router on which customers connectc."
Poor spelling aside, it seems they have not implemented it yet. If someone manages to get them to implement, I would really like to hear about it.
wow that is odd.. since stewart bamford has been off giving ipv6 deployment talks to various conferences (including this one: http://www.nanog.org/mtg-0510/bamford.html ) maybe L3's support staff should check their internal documentation?? Slide 17 says: "Deployment completed Q3 2005"... so, they apparently have it, can get it to you and do 6PE (or did 6PE a bit ago). Maybe ask again and aim the nay-sayer to the nanog preso and ask them to call stewart up directly? -chris
On 26/08/2008, at 3:33 PM, Christopher Morrow wrote:
wow that is odd.. since stewart bamford has been off giving ipv6 deployment talks to various conferences (including this one: http://www.nanog.org/mtg-0510/bamford.html )
It might be odd but its consistent. I had the response that there is no native support for transit, but there are some "customer trials" using tunnels.
maybe L3's support staff should check their internal documentation?? Slide 17 says: "Deployment completed Q3 2005"... so, they apparently have it, can get it to you and do 6PE (or did 6PE a bit ago). Maybe ask again and aim the nay-sayer to the nanog preso and ask them to call stewart up directly?
In the end, we talked to he.net that was a far simpler process :-) -- James
Christopher Morrow wrote:
On 8/22/08, Kyle Murray <kyle@forest.net> wrote:
Here is the response I got from L3 when I inquired about IPV6:
"The answer to your questions is "no", we have not yet inplemented IPV6 for our customers yet. IPV4 is the de facto on our backbone nad alledge router on which customers connectc."
Poor spelling aside, it seems they have not implemented it yet. If someone manages to get them to implement, I would really like to hear about it.
wow that is odd.. since stewart bamford has been off giving ipv6 deployment talks to various conferences (including this one: http://www.nanog.org/mtg-0510/bamford.html )
maybe L3's support staff should check their internal documentation?? Slide 17 says: "Deployment completed Q3 2005"... so, they apparently have it, can get it to you and do 6PE (or did 6PE a bit ago). Maybe ask again and aim the nay-sayer to the nanog preso and ask them to call stewart up directly?
We had the same issue when we inquired initially. Apparently Level(1) support at Level(3) has Level(0) clue as to their capabilities. I responded to Kyle off-list as to the email address for getting to the people with the answers. Stewart is still on the team and they had us up and running on IPv6 within a couple of days once I contacted the right people. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
On Tue, Aug 26, 2008 at 1:47 AM, Jay Hennigan <jay@west.net> wrote:
Christopher Morrow wrote:
www.nanog.org/mtg-0510/bamford.html )
maybe L3's support staff should check their internal documentation?? Slide 17 says: "Deployment completed Q3 2005"... so, they apparently have it, can get it to you and do 6PE (or did 6PE a bit ago). Maybe ask again and aim the nay-sayer to the nanog preso and ask them to call stewart up directly?
We had the same issue when we inquired initially. Apparently Level(1) support at Level(3) has Level(0) clue as to their capabilities.
This is, sadly, not different from a bunch of ISP's (I think vzb is still in a wierd state where getting their sales/install/support folks to put v6 on your link is harder than it ought to be)
I responded to Kyle off-list as to the email address for getting to the people with the answers. Stewart is still on the team and they had us up and running on IPv6 within a couple of days once I contacted the right people.
hurray! :) what's the email address so other folks searching might be able to find it? Looking at the ARIN contact info for: 2001:1900::/32 doesn't produce something that seems ipv6 specific (which is probably good). -chris
This is, sadly, not different from a bunch of ISP's (I think vzb is still in a wierd state where getting their sales/install/support folks to put v6 on your link is harder than it ought to be)
I responded to Kyle off-list as to the email address for getting to the people with the answers. Stewart is still on the team and they had us up and running on IPv6 within a couple of days once I contacted the right people.
hurray! :) what's the email address so other folks searching might be able to find it?
Please go to the ARIN IPv6 wiki and add any ISP contact info to this page: <http://www.getipv6.info/index.php/Providers_Currently_Selling_IPv6_Tran sit> --Michael Dillon
participants (14)
-
Charles Wyble
-
Christopher Morrow
-
Craig Pierantozzi
-
Craig Pierantozzi
-
James Spenceley
-
Jay Hennigan
-
Jay R. Ashworth
-
Joe Blanchard
-
Jon Lewis
-
Justin Shore
-
Kevin Oberman
-
Kyle Murray
-
Matthew Kaufman
-
michael.dillon@bt.com