Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 29 2010

6734 bfc4
IPv4? Nein, danke!
Reposted fromfpletz fpletz

November 09 2010

Mike was wondering whether his ISP is giving him what he needs to start an IPv6 pilot within his enterprise network. He wrote:

So I got an IPv6 assignment with a /120 mask (basically our IPv4/24 network mapped to IPv6) and two smaller networks to use for links between our external router and the ISP.

Believe it or not, I’m not making this up. I was as amazed as you probably are.

Cisco IOS Hints and Tricks: IPv6 addressing: how wrong can you get it?
Reposted fromfinkregh finkregh

October 29 2010

<_ruben> ugh, coming up with a decent naming scheme for infra devices is a bitch <Paul2> get a scheme and go through that 'pokemon I have known and loved' <Paul2> 'women who have rejected my advances' should be almost as large a list as there are number of IPv6 addresses available :)
— irc://freenode.org/#ipv6
Reposted fromfinkregh finkregh

September 14 2010

<ver> i wish ipv6 in ios made more sense.
— irc://irc.freenode.org/ipv6
Reposted fromfinkregh finkregh

September 03 2010

v6 on the road

Nach dem ich ja bereits seit einiger Zeit versuche alles per IPv6 zu betreiben hab ich mich jetzt mal darum gekümmert mir auch für unterwegs IPv6 zu besorgen. Nach dem ich ein bisschen rum probiert habe und teredo und 6to4 als nicht benutzbar auf dem mac erachte, hab ich mir gedacht gleich einen tunnel nachhause aufzubauen um mich dort ins IPv6 Netz zu bringen.
Das ganze sieht so aus: OpenBSD Router hat einen SixXS Tunnel und verteilt per rtadvd IPv6 Adressen im LAN. Die Idee ist per ssh einen Tunnel aufzumachen. Dazu ist folgendes zu tun.
1. tun/tap Treiber auf dem mac installieren. 2. tun interface am Router anlegen /etc/hostname.tun1:
description "SSHVPN - Tunnel Interface"
link0
up
sh /etc/netstart tun1
3. bridge ins LAN /etc/hostname.bridge0:
description "bridge sshvpn"
add re0
add tun1
up
sh /etc/netstart bridge0
4. sshd_config anpassen, damit erlauben wir L2 und L3 Tunnel
PermitTunnel yes
PermitRootLogin forced-commands-only

5. Am Mac RSA pub Key für root erzeugen ssh ssh-keygen -t rsa
6. Am Server den root pub-key in die /root/.ssh/authorized_keys file einpassen.
tunnel="1",command="true" ssh-rsa AA...0LQ== root@mac.local
damit kann man mit dem key nichts weiter als den Tunnel eroeffnen.
7. Testen   Tunnel aufbauen:   sudo ssh -w any:1 root@ssh.qan.de -o "Tunnel ethernet" -f -M -S \   /var/run/sshvpn true   sudo ip6 -u tap15    Hier tritt nun leider ein Problem auf, die Apple Automagie für die IPv6 Adresszuordnung sendet leider kein RS Messages. rtsold(8) funktioniert leider nicht auf tap Interfaces. Alles müssen wir auf ein RA Packet warten. Also habe ich am am rtadvd(8) rumgedreht damit das RA Packet nicht solange auf sich warten lässt. Ich habe hier folgendes in die /etc/rtadvd.conf hinzugefügt:
re0:\
             :maxinterval#30:
  Tunnel abbauen:   sudo ssh root@ssh.qan.de -S /var/run/sshvpn -O exit
8. Nun kann man sich noch die DNS Server von HE eintragen, die im Google IPv6 Projekt teilnehmen. siehe: http://www.tunnelbroker.net/forums/index.php?topic=459.0
Reposted fromts ts

July 03 2010

> What steps will reproduce the problem?
1. add an ipv6-URI http://[2001:db8::1]/nagios3/

> What is the expected output? What do you see instead?
Autoconfig does not work, adding the cgi-bin-URI by hand does not work. I get an 'error'.

> What version of the product are you using (Nagios Checker and Nagios)? On what operating system?
Nagios 3.0. / checker 0.15.3

> Please provide any additional information below.
the GET-requests is:
GET /?hostgroup=all&style=hostdetail&hoststatustypes=12 HTTP/1.1
and not
GET /nagios3/?hostgroup=all&style=hostdetail&hoststatustypes=12 HTTP/1.1
Issue 159 - nagioschecker - no IPv6 connection / wrong GET-request - Project Hosting on Google Code

June 16 2010

As you might know IPv6 uses it’s own Ethernet type 0x86dd. You can use this easily capture only IPv6 traffic with wireshark just uses eth.type == 0x86dd as filter.
Jens’ BLOG » Wireshark: IPv6 filter
Reposted byantifuchs3fitness

June 15 2010

Test your IPv6.

Test your IPv6 connectivity.
Reposted fromfinkregh finkregh

June 14 2010

There is no manual configuration of IPv6 printers in OS X. If the pritner supports Bonjour, then it will favor the IPv6 address. Or you can give the printer a name and your dns server can serve-up an IPv6 address.
rdar://7100507: Can't configure IPv6 printer
Tags: fail apple ipv6
Original von Denny
Solang die Inhaltsanbieter nicht wissen wie sie dem Problem entgegenwirken können, wenn der Rechner über eine IPV6 Adresse verfügt, diese aber nicht funktionstüchtig ist (z.B.) und der User daher eine Zeitüberschreitung erhält, wird das sicher noch eine weile Dauern.
Vor diesem Problem scheinen sich viele Anbieter zu fürchten wie der Teufel vor dem Weihwasser, aber erste Untersuchungen, von z.B. Google zeigen, dass der Anteil der Nutzer mit defektem IPv6 extrem gering ist.

Ich habe eine Zahl von 0,2x% im Hinterkopf (kann mich aber auch täuschen). Für manche Anbieter mag das unakzeptabel sein, aber so schlecht (langsam, buggy, kaputt) selbst manche großen Webseiten sind kann man dieses Argument eigentlich nicht gelten lassen. So setzen z.B. einige große Webseiten (eBay, ...) Flash zwingend vorraus obwohl deutlich mehr als 0,2% der Nutzer kein Flash aktiviert/installiert haben.

Daher komme ich zu dem Schluss, dass die Verantwortlichen einfach Angst vor Veränderungen haben und deren Vorgesetzte einfach nicht wissen was überhaupt "IP" (geschweige denn IPv6) ist.
Hetzner Online Diskussionsforum

Thursday, June 10th: Deployment Experiences

Deployment experiences, lessons learned, and the state of the art.

09:30 - 09:45 Opening remarks

  • Opening remarks – Vint Cerf, Google  (slides)

09:45 - 11:00 Access networks

  • Yahoo! Broadband’s strategy for IPv6 transition – Masato Yamanishi, Softbank BB  (slides)
  • IPv6 Internet access over the NTT NGN  – Ichiro Mizukoshi, NTT East  (slides)
  • Comcast IPv6 trials – John Jason Brzozowski, Comcast  (slides)
  • AT&T broadband transition to IPv6 using 6rd – Chris Chase, AT&T  (slides)

11:00 - 11:15 Break

11:15 - 12:30 Content networks

  • IPv6 at Facebook – Donn Lee, Facebook  (slides)
  • Yahoo! serving strategy for IPv6 – Jason Fesler, Yahoo!  (slides)
  • IPv6 Issues in the CDN Space – Tom Coffeen, Limelight Networks  (slides)
  • IPv6 at Google – Lorenzo Colitti, Google  (slides)

[...]
Agenda (Google IPv6 Implementors Conference)

June 11 2010

Unknown ( - ):

Neither the vendor nor the community can confirm the feature is present. 

 

No:

Vendor or testing confirms the feature is not supported.
 

Claimed by vendor:

The vendor has confirmed the feature is present. However, we haven’t heard any reports from the community confirming whether it actually works and we haven’t been able to test it ourselves.

 

Broken:

Feedback from the community or test results indicate the feature is there but not working.

 

Buggy:

Feedback from the community or test results indicate the feature is showing irregular behavior or is not working as expected.

 

Confirmed:

Based on community feedback and testing we can confirm the feature is there and working as expected.

 


AVM (FRITZ!Box) Draytek Zyxel Juniper (ScreenOS) Juniper (JUNOS) Cisco Hardware version required 7270, 7570 Vigor 2130 series, vigor 120 All models released in 2010 All All Most SOHO boxes Minimum software level required "Labor" only 2130:v1.3.0 120:v3.2.4.3 Per model, check vendor 6.1 10.2 12.4T or 15 Status Beta General deployment Beta General deployment Early deployment General deployment






WAN layer 2





Docsis 3.0 vendor no no no no - ADSL 2+ confirmed 120 only vendor confirmed confirmed confirmed VDSL confirmed no vendor no vendor - Ethernet confirmed vendor vendor confirmed confirmed confirmed FTTx - vendor vendor no no - WAN Layer 3





PPPoA confirmed no vendor no vendor confirmed PPPoE confirmed confirmed vendor confirmed confirmed confirmed RFC1483/bridge vendor no vendor no no - RFC1483/routed - - vendor vendor vendor - Plain IP - vendor vendor confirmed confirmed confirmed WAN address acquiring





PPP link local only (unnumbred) confirmed confirmed vendor confirmed confirmed confirmed SLAAC confirmed vendor vendor vendor vendor confirmed DHCPv6 IA_NA - vendor vendor vendor vendor - DHCPv6 IA_PD confirmed confirmed vendor no no confirmed LAN





Manual addressing on LAN interface no - - confirmed confirmed confirmed SLAAC confirmed confirmed vendor confirmed confirmed confirmed DHCPv6 server no vendor vendor vendor vendor - DHCPv6 prefix delegation no - - - - - Static routing towards LAN no confirmed - - - confirmed Firewall





Configurable buggy confirmed vendor confirmed confirmed confirmed Default setting on on on on on off DNS resolving





WAN RFC5006 - no - no no - WAN DHCP confirmed confirmed no - - - LAN RFC5006 buggy no - no no - LAN DHCP confirmed - - - - - Configurable no - - - - confirmed Tunnels





6in4 - vendor vendor vendor no confirmed 6to4 confirmed no vendor vendor no - Teredo - no no no no - SIXXS buggy no no no no - 6RD - no no no no - Management





WebGUI buggy confirmed vendor confirmed no confirmed Telnet no confirmed vendor confirmed confirmed confirmed SSH no confirmed vendor confirmed confirmed confirmed SNMP no vendor vendor vendor no confirmed TR69 vendor vendor vendor no no - Routing protocols no no RIP announced most most most
IPv6 CPE Survey | RIPE Labs

May 29 2010

@kitchen any plans when to get ipv6-ready? :)
Reposted bywiedi wiedi

Day 1 - May 26, 2010

9:00 - 9:15 Event Kickoff and Opening Remarks - Scott Hogg
9:15 - 10:00 Keynote - John Curran - ARIN - Demystifying IPv6: How to Ensure a Smooth Transition
10:00 - 10:15 Morning Break
10:15 - 10:45 Chuck Sellers - NTT America - IPv6 Embedded Systems and 6LoWPAN Sensor Networks
10:45 - 11:15 Shannon McFarland - Cisco - Enterprise IPv6 Deployment Overview
11:15 - 11:45 Owen DeLong - Hurricane Electric - Porting v4 only apps to IPv4/v6 dual stack
11:45 - 12:45 Lunch
12:45 - 1:15 Erica Johnson - University of New Hampshire InterOperability Laboratory - What's new in IPv6 testing?
1:15 - 1:45 Stan Barber - IPv6 in the Real World: Running an IPv6-enable Web Site
1:45 - 2:15 Mark Bennett - Secure64 - DNS, IPv6 and some IPv4 depletion statistics
2:15 - 2:30 Afternoon Break
2:30 - 3:00 Junaid Islam - Vidder - Software Based IPv6 Services
3:00 - 3:30 Nalini Elkins - Inside Products - IPv6 Migration Issues
3:30 - 4:00 Chris Donley - Cable Labs - IPv6 Support in Home Gateways
4:00 - 5:30 Beer and Gear - Expo Hall - Drawings

 

 

Day 2 - May 27, 2010

9:00 - 9:15 Second Day Opening Remarks - Scott Hogg
9:15 - 10:00 Keynote - Latif Ladid - IPv6 Forum - Cloud Computing, Internet of Things & Smart Grids optimized thru IPv6
10:00 - 10:15 Morning Break
10:15 - 10:45 Yanick Pouffary - Hewlett Packard, IPv6 Forum - IPv6 Enterprise Strategy
10:45 - 11:15 Scott Hogg - GTRI - IPv6 Security for Broadband Access, Wireless and ISPs
11:15 - 11:45 Yenu Gobena - Cisco - Cisco Internal IPv6 Deployment Plans and Strategy
11:45 - 12:45 Lunch
12:45 - 1:15 Ron Broersma - DREN - Experiences with Deployment of IPv6 into Production Networks
1:15 - 1:45 Chris Gibbings - Google - IPv6 at Google
1:45 - 2:15 Ron Hulen - Command Information - Current Cyber-Security Issues in IPv6
2:15 - 2:30 Afternoon Break
2:30 - 3:00 Yurie Rich - QinetiQ North America - Scalability - Why the Smart Grid needs IPv6
3:00 - 3:30 Mike Hollyman - Arbor Networks & Danny McPherson - VeriSign, Inc. - IPv6 on the Internet: Empirical Observations
3:30 - 4:00 John Jason Brzozowski - Comcast - Comcast IPv6 Trial Experiences
4:00 - 4:15 Closing Remarks - Scott Hogg

SpringEvent2010

ICMPv6 Router Advertisement Vulnerability - CVE-2010-0239

endA() chkHide('s'+sID);

A remote code execution vulnerability exists in the Windows TCP/IP stack due to insufficient bounds checking when processing specially crafted ICMPv6 Router Advertisement packets. An anonymous attacker could exploit the vulnerability by sending specially crafted ICMPv6 Router Advertisement packets to a computer with IPv6 enabled. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-0239.

sID='3l2-EMIAC';writePM(sID) startA('s'+sID)

Mitigating Factors for ICMPv6 Router Advertisement Vulnerability - CVE-2010-0239

endA() chkHide('s'+sID);

Microsoft has not identified any mitigating factors for this vulnerability.

Microsoft Security Bulletin MS10-009 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)

May 28 2010

Play fullscreen
YouTube - Martin Levy of Hurricane Electric on IPv6 Deployment

May 09 2010

Welcome to the world of Team ARIN! We hope you find these publications educational and entertaining. Team ARIN is a fictionalized view of the American Registry for Internet Numbers (ARIN), its processes, and the whole concept of Internet governance. Though our heroes are fictional, the issues they face are very real.
The Adventures of Team ARIN
btw, when is ipv6 coming to soup.io? @kitchen
We provide it free because we think IPv6 is that important for people to get connected to. You still have the overhead of your IPv6 packets encapsulated inside your IPv4, so your throughput over the tunnel will obviously be affected by that variation. We do not rate limit the tunnels, and the machines have additional ports we can enable if we ever do saturate their GIGE uplinks with tunnel traffic. There is no additional cost for running them on our already dual-stacked multiple 10G-link backbone that we operate. We do not get IPv6 transit from anyone (paid or otherwise, so no cost there either), and provide IPv6 transit to customers or peer with other networks. In truth, the only real cost is our time. However since we already work tirelessly to promote IPv6 adoption, it is again essentially operating at no cost, since we are already working on it Cheesy

There are no plans to dismantle the tunnel broker or the tunnels. I think the entire world would have to go native IPv6 before that would even be plausible, and adoption with the eyeball networks is still dragging heels (although yes there are the Comcast announcements for the US, and some EU residential providers are already native, but that isn't 100% of all eyeballs/residences).
How/why is hurricane electric giving this service away for free?
Reposted byfinkregh finkregh

May 06 2010


IPv6 is good and we all know that. I has been talked for years but practically it hasnt found much success. Verizon made some noise last year but I am not sure of the conclusion.

Just to recap, IPv4 was introduced back in 1982 and IPv6 work started since 1995. IPV4 uses 32 bit (4 bytes) addresses while IPV6 uses 128 bit (16 bytes) addresses. Theoretically we would now have 2^96 times more addresses than in case of IPv4.

Most of network infrastructure manufacturers have their equipment ready for IPv6 as some of the handset manufacturers. The main driver being that someday soon IPv4 addresses would be exhausted (Internet Assigned Numbers Authority will run out of IPv4 addresses in September of 2011, based on current projections) and their equipment would be ready to provide IPv6 addresses without any problems.

Recently, IETF-3GPP Workshop on IPv6 in cellular networks was held in San Francisco, USA on 1 - 2 March, 2010. There are lots of interesting presentations available here for people who want to dig a bit deeper. The concluding report that summarises the presentations and discussions are available here. Here is a brief summary from one of the reports (with links at the end):
3G and 4G Wireless Blog: IPv6 transition in cellular networks gaining momentum
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl