UK among nations that have done least
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Trials
- :
- IPv6 Trial
- :
- Re: UK among nations that have done least
Re: UK among nations that have done least
12-10-2013 9:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: UK among nations that have done least
12-10-2013 9:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: UK among nations that have done least
12-10-2013 10:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote •Typical IPv6 prefix assignments:
–Service provider (LIR): /32 > 232 /64 subnets
–Large end user: /48 > 65,536 /64 subnets
–Small end user: /56 > 256 /64 subnets
–SOHO: /64 or /60 > 1 or 16 /64 subnets
•Address conservation is not a major consideration
–Is this wasteful?
–Yes! (But that’s okay)
•If you don’t have enough subnets, you don’t have the right prefix allocation
In Practical Terms…
The default IPv6 allocation from a RIR for an ISP is a /32
yet that's what network engineers are working to as part of the switchover implementations from 4>6
and indeed IETF is pushing to get things further ratified in this regard
Quote Additional points:
1.Separate address block for infrastructure from other uses (enterprise, loopbacks)•May mean two /48s per PoP
•Document so that you can justify it in your Host Density ratio
2.Each individual site should receive plenty of subnets, such as between a /48 and /56. See RFC 6177.
3.Summary aggregates for groups of sites where it makes sense, but watch your HD ratio
4.Any prefixes shorter than /48 will only be assigned when there is written justification to show that this prefix will meet the RIR HD ratio guidelines within 5 years.
5.Each PoP is a site therefore assign a /48 for infrastructure
6.No subnets will use prefixes longer than /64.
7.Separate address block for router loop-back interfaces•Generally number all loopbacks out of one /64
•/128 per loopback
•Note that this recommendation violates RFC 4291 - "IP Version 6 Addressing Architecture", which states that for addresses with other than binary 000 as their first 3 bits, the Interface Identifier must be 64 bits long. It isn't really necessary to save IPv6 address space by using /128s on loopbacks. For example, out of a /48, if you allowed for 16384 /64s for loopbacks, you'd still have 49 152 subnets left for links. If your network is big enough that that sort of addressing plan is not going to be large enough, then you probably won't have any issues with getting multiple /48s e.g. a /47 or /46.
8.Assign a /64 per LAN / VLAN / subnet
9.Organizations with multiple /48 allocations should consider enterprise-wise aggregation levels of /60 or larger blocks for the administration of enterprise policies for common functions such as:•DMZ
•Realtime traffic, such as voice & video
•Network loopback addresses and Link space
10.IETF expects that you will assign a /64 for point-to-point links•Fewer typos because all subnets are the same size
•You can use longer prefixes but what's the point?
•/126 will break Mobile IPv6 Home Agent discovery
•/112 leaves final 16 bits free for Node IDs
•Use /64 unless you have read and understand RFC 3627
•Note: on pure point-to-point links (e.g., SONET) anything shorter than /127 is vulnerable to ping-pong packet amplification as described in Maz's APNIC 26 presentation. (On Ethernet, this is at most a neighbor cache DoS)
11.The enterprise network should receive a prefix sufficient to provide a /48 allocation for each site (office/campus/PoP) at which the company has employees or systems.
12.All customers get one /48 unless they can show that they need more than 65k subnets.•Host count is irrelevant.
•Do not assign to customers from PoP aggregates
•Define aggregate areas which contain several PoPs
•Carry customer networks in iBGP
•Aggregate only in eBGP
•If you have lots of consumer customers you may want to assign /56s to private residence sites.
13.Expect the registry to allocate a /32 and reserve one /32•Plan for the time when you get a second allocation giving you a /31 aggregate.
•If you get more than /32 first time round, ask the RIR how much is reserved so you can plan appropriately.
14.If you need private addresses, generate a ULA prefix as defined in RFC 4193•Use this handy web tool to generate one
•Add it to the registry at the above site, if you want people to know that this is your private space
•Make sure your internal registry people are aware of your ULA prefix(es) so that everybody uses it.
Specific Situations
1.Point-to-point links may be assigned a /126 prefix if there is written assurance that the drawbacks documented in RFC 3627 will not occur
I could also link back to various other pages but why bother my arse, all I get is comments about how I don't understand the insecure nature of ipv6 or how its routing might work when despite several papers on the subject no standard practice to overcome the problems has been worked out yet almost all of the original problems are still extant more than 20 years after the protocol was first unveiled as the way forward for multicast domain interaction
Re: UK among nations that have done least
12-10-2013 10:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I also see nothing that says that all hosts need to have DNS entries, that IPv6 routing tables need list all hosts or that opening ports in a router's firewall will remove all security...
Re: UK among nations that have done least
13-10-2013 12:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote •Typical IPv6 prefix assignments:
–Service provider (LIR): /32 > 232 /64 subnets
–Large end user: /48 > 65,536 /64 subnets
–Small end user: /56 > 256 /64 subnets
–SOHO: /64 or /60 > 1 or 16 /64 subnets
•Address conservation is not a major consideration
–Is this wasteful?
–Yes! (But that’s okay)
•If you don’t have enough subnets, you don’t have the right prefix allocation
In Practical Terms…
The default IPv6 allocation from a RIR for an ISP is a /32
That is the standard allocation strategy recommended by all the RIRs. You seem to think this is somehow restrictive?
Here's a hint: They are talking about subnets. Not individual addresses. SUBNETS!
Each /64 subnet gives you upto 18,446,744,073,709,551,616 addresses!!
You need to go back to the drawing board and learn what is meant by terms such as 'subnet', '/64', etc. Your complete misunderstanding of the topic without admission is making you look like a fool.
P.S. Your quote is also wrong because of the copy-and-paste. A /32 doesn't give 232 /64 subnets, but rather 2 to the power 32!
Re: UK among nations that have done least
13-10-2013 7:28 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I realise that's going to confuse you but its not about address conservation and has to do with attempting to provide security for end users (be they residential or corporations) through address separation and space, its also convention that a monster sized /48 allocation will actually allocate only /64 addresses to all there workstations etc using no more than 500 addresses out of each /64 subnet
that means that a large business would be 500x65,536 addresses out of the trillions they could use, and similarly for the isp its meant to limit itself to only using 232 /64 subnets
and the residential end user will get between 1 and 16 addresses from a /64 subnet range (yes that makes a hard limit on the number of devices or equipment's a residential customer can have)
its further propagated that an isp for residential or soho customers will retain a none propagated dns server listing all the addresses used by there customers so that when solicited traffic tries to work out where its going can actually get there, and that in order for isp's to limit there server space they "should" investigate the best way to provide a random assignment of subnet addresses and force stateful auto config so there isn't a giant security backdoor within there network,
and whilst its theoretically possible to utilise different subnet sizes the unintended consequence is to lock out mobile devices from gaining connectivity, and of course because of propagation that can cascade across the entire internet
Re: UK among nations that have done least
13-10-2013 7:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The table clearly shows that a home user, for instance, will be allocated 1 off /64 or 16 off /64 (ie a /60). This is the number of subnets, not the number of addresses! In the case of the ISP you seriously think they're limited to 232 out of the possible 2^32 /64 subnets they can use?
Perhaps you could also explain why you think a DNS server is required to perform routing?
Re: UK among nations that have done least
13-10-2013 8:19 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Perhaps the other is https://getipv6.info/display/IPv6/IPv6+Addressing+Plans
I don't even know what point nanotm is trying to make. Something about how IPv6 is a catastrophic security flaw, or can't possibly ever work, because somehow we've managed to run out of IPv6 addresses, or some other trolling rubbish just to see how many people will reply with corrections.
Re: UK among nations that have done least
13-10-2013 9:18 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: UK among nations that have done least
13-10-2013 9:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: MJN P.S. Your quote is also wrong because of the copy-and-paste. A /32 doesn't give 232 /64 subnets, but rather 2 to the power 32!
TIP: You can post powers on here using the button. E.g.: 232
The code to do that looks like:
2[sup]32[/sup]
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: UK among nations that have done least
13-10-2013 10:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: nanotm your aware that's the number of addresses from the subnet allocated to each layer based on size as opposed to the total number of possible subnet addresses available ?
What? That sentence does not make sense.
Quote from: nanotm I realise that's going to confuse you but its not about address conservation and has to do with attempting to provide security for end users (be they residential or corporations) through address separation and space, its also convention that a monster sized /48 allocation will actually allocate only /64 addresses to all there workstations etc using no more than 500 addresses out of each /64 subnet
It's confusing because it makes no sense. And which convention is it that you're talking about? Who said this? Where? When?
Quote from: nanotm that means that a large business would be 500x65,536 addresses out of the trillions they could use, and similarly for the isp its meant to limit itself to only using 232 /64 subnets
So you honestly think that despite an ISP being able to allocate billions of subnets, and then end users being able to allocate billions upon billions of different addresses they're only use a few hundred?
Quote from: nanotm and the residential end user will get between 1 and 16 addresses from a /64 subnet range (yes that makes a hard limit on the number of devices or equipment's a residential customer can have)
And how is this going to be done? After the ISP allocates a /64 subnet (at the minimum) to an end user how are they going to ensure that they can only use between 1 and 16 of the 264 addresses within the subnet?
Quote from: nanotm its further propagated that an isp for residential or soho customers will retain a none propagated dns server listing all the addresses used by there customers so that when solicited traffic tries to work out where its going can actually get there,
Do you actually know what DNS does?
Re: UK among nations that have done least
13-10-2013 10:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Krazeh Do you actually know what DNS does?
I can answer that for you - he doesn't!
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: UK among nations that have done least
13-10-2013 11:10 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv TIP: You can post powers on here using the button. E.g.: 232
Great tip - thanks Jelv!
Re: UK among nations that have done least
13-10-2013 3:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: UK among nations that have done least
13-10-2013 10:10 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: nanotm the manual of the router stating that it does,
how to port forward "do xyz", *please note this disabled the spi firewall and changes NAT to open or loose*
That seems to be a big part of your problem - you are reading the manual for a piece of rubbish router and making the big leap that this applies to all routers. Toss the bit of rubbish in the bin, and buy something that doesn't need you to disable the SPI firewall when opening ports.
In the general case, and certainly for anything worthy of the term "firewall" you can open a port without allowing any other traffic through. So for example, you can allow (say) port 80 through to a specific internal address and this will not allow ANY traffic other than port 80 through to anything (other than traffic that would be allowed due to other rules etc). On many routers, you can even restrict this port 80 traffic to specific IP addresses out on the internet - though a lot of consumer level routers don't provide this last level of control (you allow port 80 from everywhere or not at all).
I'm afraid you seem to have picked up a few bits of information from various places, misunderstood what they mean, and now aren't prepared to listen to anything that contradicts the facts as you've put them together. As others have already said, you need to open your mind up and listen to what people are telling you - if you don't then you will never understand IPv4 let alone IPv6. People have given you a lot of good advice, but unfortunately you appear determined to cling to your incorrect beliefs.
Things you need to unlearn :
NAT = Security, no-NAT = insecure. This is simply untrue - I manage several networks using no NAT where everything is using public IPs, and the "problems" you describe simply do not exist. A fairly basic firewall will give you all the security you get from NAT (and more).
ISPs limit connected devices. Well some of the very worst do, but in general the ISP doesn't give a toss what you connect as long as you don't cause problems (send spam, attack other systems, etc). With IPv4 it is possible, but difficult, to determine what you have connected - and in the general case it's not worth bothering about. it is true that IPv6 without NAT means that your devices aren't hidden, in the general case it'll be a lot of work for an ISP to monitor and enforce any limitation - and such activity would almost certainly be commercial suicide.
Users get individually routable addresses. For various technical reasons related to how certain things have been designed in IPv6, the minimum practical address allocation is a /64 - so that's 264 addresses (minimum) allocated to each customer. The ISP will aggregate all these allocations and will only advertise the aggregate route for the entire block out to the internet.
There are measures to allow "portability" of addresses, but support for roaming of individual devices is an advanced topic and you can safely discount this - it still doesn't make any individual address routable over the internet (it requires support from the "home" network where inbound packets would always be routed to).
So my advice would be - open your mind, accept that (for whatever reasons) you've picked up some incorrect knowledge, and learn from the advice you've been given.
If you aren't prepared to do this, then my advice would be - please STFU and stop spreading this incorrect rubbish as fact. There's enough incorrect information about, please don't add to it.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page