[LINK] Tweaks to IPv4 could free up 'hundreds of millions of addresses'

[Computer Nerd Kev]

Tweaks to IPv4 could free up 'hundreds of millions of addresses'
By Dan Robinson, Wed 1 Jun 2022
- https://www.theregister.com/2022/06/01/ipv4_proposed_changes/

"It may be nearly three years since the world officially exhausted
all of the available IPv4 internet addresses, but now a new
initiative has been proposed that could free up hundreds of
millions of addresses that are currently unused - or are they?

While the world is still slowly moving towards broader adoption of
the newer IPv6 protocol, which offers a vast address space, the
widespread continued use of IPv4 has caused problems because all
available ranges of the roughly 4.3 billion addresses it supports
have largely been allocated.

Now it seems that Seth Schoen, formerly a senior staff technologist
at the Electronic Frontier Foundation and co-founder of Let's
Encrypt, has made proposals collectively labelled either the IPv4
Unicast Extensions Project or the IPv4 Cleanup Project (both are
used on the project's GitHub page)." ...

--
__ __
#_ < |\| |< _#

[Grant Taylor]

On 6/7/22 4:50 PM, Computer Nerd Kev wrote:
> Tweaks to IPv4 could free up 'hundreds of millions of addresses'
> By Dan Robinson, Wed 1 Jun 2022
> - https://www.theregister.com/2022/06/01/ipv4_proposed_changes/

I'm of mixed feelings about the IPv4 Cleanup Project.

I don't think that the reserved address ranges could be justified
/today/ if they were trying to be allocated, definitely not at the sizes
that they are. It would probably be possible to get single /24s for
some things, but definitely not a /8.

I think the zeroth address is simply legacy and could easily go away.

I also feel like some people are trying to squeeze every single IP
address they can out of the IPv4 pool is only going to delay the
inevitability of /needing/ to move to IPv6 in some capacity.

I also feel like the effort that some people are putting into retaining
IPv4 is probably questionable effort and probably would be better spent
on transitioning to IPv6.

Some of the effort spent on reclaiming IPv4 addresses is largely
tantamount to RFC 1918 / 7793 addressing and will be NATed to globally
routed IPv4 addresses or protocol translated to IPv6 addresses. Meaning
that the legacy IPv4 that people are trying to clean up likely won't
work on the open Default Free Internet for a long time.

I've also seen statements along the lines of "Let's start this effort
/now/ so that we can hopefully benefit from it in 10 years. Read: if we
don't start, we won't ever be able to use it. So start /now/."

Is there legacy that is being maintained for legacy reasons? Yes. Can
some of that legacy go away? Probably. Should /new/ green field
deployments work to newer standards? I think so.



--
Grant. . . .
unix || die

[Roger Blake]

On 2022-06-08, Grant Taylor <gta...@tnetconsulting.net> wrote:
> I also feel like the effort that some people are putting into retaining
> IPv4 is probably questionable effort and probably would be better spent
> on transitioning to IPv6.

I have steadfastly refused to use IPV6 and disable it on all of my devices.
I'm just not interested in dealing with it. At the rate this "transition"
is going by the time it's really necessary to use IPV6 I'll either be too
old to care about the damned internet or pushing up daisies.

--
------------------------------------------------------------------------------
18 Reasons I won't be vaccinated -- https://tinyurl.com/ebty2dx3
Covid vaccines: experimental biology -- https://tinyurl.com/57mncfm5
The fraud of "Climate Change" -- https://RealClimateScience.com
There is no "climate crisis" -- https://climatedepot.com
Don't talk to cops! -- https://DontTalkToCops.com
------------------------------------------------------------------------------

[SH]

On 08/06/2022 22:36, Roger Blake wrote:
> On 2022-06-08, Grant Taylor <gta...@tnetconsulting.net> wrote:
>> I also feel like the effort that some people are putting into retaining
>> IPv4 is probably questionable effort and probably would be better spent
>> on transitioning to IPv6.
>
> I have steadfastly refused to use IPV6 and disable it on all of my devices.
> I'm just not interested in dealing with it. At the rate this "transition"
> is going by the time it's really necessary to use IPV6 I'll either be too
> old to care about the damned internet or pushing up daisies.
>

one peculiarity I have seen is:

On a IPv4 network, devices use the configured IP address of the DNS. In
my case I have a pi Hole so all DNS queries all go to teh Pi Hole.

When running on IPv6, mobile phones over Wifi seemed able to get their
DNS results from a DNS OUTSIDE my LAn despite there being a DNS on teh
LAN itself.

This was despite the Pi Hole also set up for DNS over IPv6.

the computers on the LAN used the internal DNS.

I ended up having to disable IPv6 support in the router to ensure teh Pi
Hole DNS was used by *ALL* devices.

[SH]

PS. this issue still persisted when running Wireguard on the same
machine as the Pi Hole and with the mobile devices connecting to home
via VPN before then accessing the open internet.

A work colleague tells me that in the IPv6 standard there is more
freedom to use other DNS rather than use the IP address that the device
is TOLD is the DNS via DHCP.

If anyone knows how to resolve this, I'd like to know.

[Grant Taylor]

On 6/8/22 3:50 PM, SH wrote:
> A work colleague tells me that in the IPv6 standard there is more
> freedom to use other DNS rather than use the IP address that the device
> is TOLD is the DNS via DHCP.

I'm not aware of any more or less liberty to use the DNS server provided
by the network in IPv4 vs IPv6.

IMHO, IPv4 and IPv6 are rather agnostic when it comes to DNS.

I will say that there has been more of an effort over the last five or
so years for alternate DNS protocols, many of which are used by devices
to explicitly bypass local DNS servers. DNS over HTTPS (a.k.a. DOH) and
DNS over TLS (DOT) are two of the biggest candidates. Both DOH and DOT
use something other than TCP / UDP port 53. As such, filtering them
becomes harder.

[Grant Taylor]

On 6/8/22 3:36 PM, Roger Blake wrote:
> I have steadfastly refused to use IPV6 and disable it on all of my devices.

That's your choice. I've chosen differently.

> I'm just not interested in dealing with it. At the rate this
> "transition" is going by the time it's really necessary to use IPV6
> I'll either be too old to care about the damned internet or pushing
> up daisies.

I started at least configuring IPv6 sometime around 2005 as I ran into
services, notably Microsoft Exchange, that required IPv6 to be enabled
on the server. I specifically chose to manually configure / control
IPv6 on the LAN so that I didn't end up with an unmanaged protocol and
unpredictability therefrom.

I've been doing actively using dual stack since about 2010 including
IPv6 internet connectivity at home and on my servers.

I think that I'm rare in that I run email on IPv6, which many discourage.

[Johann Klammer]

On 06/09/2022 06:16 AM, Grant Taylor wrote:
>
> I will say that there has been more of an effort over the last five or so years for alternate DNS protocols,

Some of which may be built into your browser which might happily ignore the system wide DNS settings.

[Theo]

SH <i.l...@spam.com> wrote:
> one peculiarity I have seen is:
>
> On a IPv4 network, devices use the configured IP address of the DNS. In
> my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
>
> When running on IPv6, mobile phones over Wifi seemed able to get their
> DNS results from a DNS OUTSIDE my LAn despite there being a DNS on teh
> LAN itself.
>
> This was despite the Pi Hole also set up for DNS over IPv6.
>
> the computers on the LAN used the internal DNS.
>
> I ended up having to disable IPv6 support in the router to ensure teh Pi
> Hole DNS was used by *ALL* devices.

It depends how your IPv6 devices are getting their addresses. If DHCPv6,
things should work much the same as v4. If SLAAC is in operation, the
router advertisement (RA) can tell the device to find its DNS via DHCPv6.

It is possible the router is either not sending the 'Other' flag (saying to
use DHCPv6 to acquire DNS information) or the DHCPv6 isn't responding.
Maybe the device has a fallback DNS setting built into it in that case?
Wouldn't be surprised if Android phones use Google Public DNS, for
instance.

https://www.networkacademy.io/ccna/ipv6/stateless-dhcpv6

Theo

[SH]

to the point of not ignoring IPv4 DNS settings but ignoring IPv6 DNS
settings?

[Grant Taylor]

On 6/9/22 6:02 AM, SH wrote:
>  to the point of not ignoring IPv4 DNS settings but ignoring IPv6 DNS
> settings?

Yes.

[Marco Moock]

Am Dienstag, 07. Juni 2022, um 22:09:36 Uhr schrieb Grant Taylor:

> On 6/7/22 4:50 PM, Computer Nerd Kev wrote:
> > Tweaks to IPv4 could free up 'hundreds of millions of addresses'
> > By Dan Robinson, Wed 1 Jun 2022
> > - https://www.theregister.com/2022/06/01/ipv4_proposed_changes/
>
> I'm of mixed feelings about the IPv4 Cleanup Project.

I'm not. I think the entire idea of doing so is not a good one.
There are several reasons:
- It will slow down the transition to IPv6 (that is definitely needed)
- The "new" addresses will cause many problems: All routers, operating
systems and firewalls MUST be updated. The chance is really high that
most of them won't be changed, so the new addresses, e.g. from the
current localhost area, can't be properly used in many networks.

> I think the zeroth address is simply legacy and could easily go away.

True, but this must be implemented in EVERY device that uses IPv4 to
function. This will take years to be done and many devices can't be
changed, like old operating systems, routers etc..

> I also feel like some people are trying to squeeze every single IP
> address they can out of the IPv4 pool is only going to delay the
> inevitability of /needing/ to move to IPv6 in some capacity.

True, and these people must be stopped doing so.

> I also feel like the effort that some people are putting into
> retaining IPv4 is probably questionable effort and probably would be
> better spent on transitioning to IPv6.

Th only way is to move to IPv6, if all normal stuff is usable via IPv6,
the IPv4 addresses are free again and can be used for legacy purposes.

> Some of the effort spent on reclaiming IPv4 addresses is largely
> tantamount to RFC 1918 / 7793 addressing and will be NATed to
> globally routed IPv4 addresses or protocol translated to IPv6
> addresses. Meaning that the legacy IPv4 that people are trying to
> clean up likely won't work on the open Default Free Internet for a
> long time.

Full ack. The new global addresses will create many problems at many
places.

> I've also seen statements along the lines of "Let's start this effort
> /now/ so that we can hopefully benefit from it in 10 years. Read: if
> we don't start, we won't ever be able to use it. So start /now/."

We must start/continue transition to IPv6 ASAP.

> Is there legacy that is being maintained for legacy reasons? Yes.
> Can some of that legacy go away? Probably. Should /new/ green field
> deployments work to newer standards? I think so.

There are still very bad companies like SONY that sell (junk) products
(PlayStation 4) that can't use IPv6 at all.

[Marco Moock]

Am Mittwoch, 08. Juni 2022, um 21:36:10 Uhr schrieb Roger Blake:

> On 2022-06-08, Grant Taylor <gta...@tnetconsulting.net> wrote:
> > I also feel like the effort that some people are putting into
> > retaining IPv4 is probably questionable effort and probably would
> > be better spent on transitioning to IPv6.
>
> I have steadfastly refused to use IPV6 and disable it on all of my
> devices. I'm just not interested in dealing with it. At the rate this
> "transition" is going by the time it's really necessary to use IPV6
> I'll either be too old to care about the damned internet or pushing
> up daisies.

Further or later you will be offline. I also don't know a reason why
people refuse to learn IPv6. If you managed to learn IPv4, it is very
easy.

[Marco Moock]

Am Mittwoch, 08. Juni 2022, um 22:45:30 Uhr schrieb SH:

> On a IPv4 network, devices use the configured IP address of the DNS.
> In my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
>
> When running on IPv6, mobile phones over Wifi seemed able to get
> their DNS results from a DNS OUTSIDE my LAn despite there being a DNS
> on teh LAN itself.
>
> This was despite the Pi Hole also set up for DNS over IPv6.
>
> the computers on the LAN used the internal DNS.
>
> I ended up having to disable IPv6 support in the router to ensure teh
> Pi Hole DNS was used by *ALL* devices.

This is the worst idea.
You need to make sure that your computers get the IPv6 DNS resolver by
DHCPv6 (if your routers runs a DHCPv6) and via the IPv6 Router
Advertisement.

[Marco Moock]

Am Mittwoch, 08. Juni 2022, um 22:50:59 Uhr schrieb SH:

> A work colleague tells me that in the IPv6 standard there is more
> freedom to use other DNS rather than use the IP address that the
> device is TOLD is the DNS via DHCP.

This is completely wrong.
IPv6 just provides a new way to get the IPv6 DNS resolver address. It
is inside the Router Advertisement. There is also DHCPv6 that does
mostly the same as DHCPv4.

A computer can decide if it uses DHCPv6 or not. It can also decide if
it uses the DNS in the Router Advertisement or not.

[Marco Moock]

Am Donnerstag, 09. Juni 2022, um 13:02:29 Uhr schrieb SH:

> to the point of not ignoring IPv4 DNS settings but ignoring IPv6
> DNS settings?

This is because DHCPv6 and IPv6 Router Advertisement are additional
ways to get the address. If you keep the default settings, the computer
will use the addresses from there too. You need to configure your
router.

[SH]

i seem to recall that when setting up Pi hole, I put in a IPv4 address
192.168.0.29 and there was no option to add a IPv6 address EVEN though
there was a toggle option for enable IPv6 support in Pi Hole.

In the Vodafone router I have a toggle option for IPv6 support. I can
also enter in the IPv4 address of my preferred DNS but there is no box
for entering an IPv6 address for my preferred DNS.....


Hmmm what next?

[Grant Taylor]

On 6/10/22 3:58 AM, Marco Moock wrote:
> I'm not. I think the entire idea of doing so is not a good one.

I don't know if the idea of the IPv4 Cleanup Project is good or bad.
But, my opinion probably doesn't matter to most.

> There are several reasons:
> - It will slow down the transition to IPv6 (that is definitely needed)

I think it will serve as an excuse for those that want to avoid IPv6.
Nothing will make them move faster.

Those that want to adopt IPv6 will do so in spite of and independent of
the IPv4 Cleanup Project.

> - The "new" addresses will cause many problems: All routers, operating
> systems and firewalls MUST be updated.

Nope. That's not true.

Your client computer has no idea if my 192.168.1.0 is the zeroth address
in 192.168.1.0/24 or the middle of the 192.168.0.0/23 network. You
don't have to change anything.

The things that will need to be updated are things that are directly
attached to the network using zeroth addresses.

So the very vast majority of things will not need to be updated to
support zeroth addresses.

> The chance is really high that most of them won't be changed, so the
> new addresses, e.g. from the current localhost area, can't be properly
> used in many networks.

It's only a locally significant problem. Things that want to use the
zeroth address may need to update. Things that aren't local don't need
to care.

> True, but this must be implemented in EVERY device that uses IPv4 to
> function. This will take years to be done and many devices can't be
> changed, like old operating systems, routers etc.

Nope. (See above.)

> True, and these people must be stopped doing so.

Good luck convincing them.

> Th only way is to move to IPv6, if all normal stuff is usable via IPv6,
> the IPv4 addresses are free again and can be used for legacy purposes.

I feel like you're contradicting or time jumping yourself. Consider if
I have a currently normal IPv4, and I add an IPv6, it's still "normal"
and not "legacy".

Please rephrase your statement.

> Full ack. The new global addresses will create many problems at
> many places.

I view /most/ of what they are doing as locally scoped explicitly
because doing it globally is effectively a non-starter.

> We must start/continue transition to IPv6 ASAP.

Agreed.

We should also start hosting services on IPv6. I'm sick and tired of
people discouraging running mail servers on IPv6.

> There are still very bad companies like SONY that sell (junk) products
> (PlayStation 4) that can't use IPv6 at all.

horse ... water ...

[Grant Taylor]

On 6/10/22 1:51 PM, Grant Taylor wrote:
> Nope.  That's not true.
>
> Your client computer has no idea if my 192.168.1.0 is the zeroth address
> in 192.168.1.0/24 or the middle of the 192.168.0.0/23 network.  You
> don't have to change anything.

What's more is that we've been using zeroth addresses for years on
point-to-point links with a /31. Other systems on the Internet have no
problem with these.

[Andy Burns]

Grant Taylor wrote:

> Your client computer has no idea if my 192.168.1.0 is the zeroth address in
> 192.168.1.0/24 or the middle of the 192.168.0.0/23 network.  You don't have to
> change anything.

Exactly, my ISP gives my a /29 subnet, but rather than assigning it that way and
getting 6 usable addresses plus a useless subnet addr and broadcast addr, I
assign all 8 addrs as /32 and get two more usable IPs out of it ...

[Roger Blake]

On 2022-06-10, Marco Moock <mo...@posteo.de> wrote:
> We must start/continue transition to IPv6 ASAP.

I disagree. I certainly will not be changing over to IPV6. After working with
IPV4 practically since it was deployed I'm just not willing to learn or even
blindly use another protocol. I also see no good reason for every damned
electronic device to be internet-connected in the first place, which seems
to be at least part of the driving force for this. (In general if a product
has "smart" in its name or description I want nothing to do with it.)

Fortunately, as I stated previously, the "transition" is going so slowly the
chances are I won't have to deal with it in my lifetime and what happens
after that is not my concern.

[Roger Blake]

On 2022-06-10, Marco Moock <mo...@posteo.de> wrote:

> Further or later you will be offline. I also don't know a reason why
> people refuse to learn IPv6. If you managed to learn IPv4, it is very
> easy.

I see no good reason for it.

[Marco Moock]

Am Freitag, 10. Juni 2022, um 11:51:46 Uhr schrieb SH:

> i seem to recall that when setting up Pi hole, I put in a IPv4
> address 192.168.0.29 and there was no option to add a IPv6 address
> EVEN though there was a toggle option for enable IPv6 support in Pi
> Hole.
>
> In the Vodafone router I have a toggle option for IPv6 support. I can
> also enter in the IPv4 address of my preferred DNS but there is no
> box for entering an IPv6 address for my preferred DNS.....
>
>
> Hmmm what next?

Getting good hardware. Some home routers are crap - like these from
Vodafone. It is not a fault of IPv6 - it is just junk hardware/software.
I am sorry to tell you - but it is not your fault, it is Vodafone's.

[Marco Moock]

Am Samstag, 11. Juni 2022, um 04:52:35 Uhr schrieb Roger Blake:

> On 2022-06-10, Marco Moock <mo...@posteo.de> wrote:
> > Further or later you will be offline. I also don't know a reason why
> > people refuse to learn IPv6. If you managed to learn IPv4, it is
> > very easy.
>
> I see no good reason for it.

Ok, can you calculate 2³²?
This is the maximum amount of possible IPv4 addresses. Even this isn't
enough and many areas of that space can't be used for global
addressing. This is the reason for IPv6 and there is no way around it.

[Marco Moock]

Am Freitag, 10. Juni 2022, um 22:58:00 Uhr schrieb Andy Burns:

> Exactly, my ISP gives my a /29 subnet, but rather than assigning it
> that way and getting 6 usable addresses plus a useless subnet addr
> and broadcast addr, I assign all 8 addrs as /32 and get two more
> usable IPs out of it ...

Have you also changed all computers there that they don't treat the BC
address as BC?

[Marco Moock]

Am Freitag, 10. Juni 2022, um 13:51:01 Uhr schrieb Grant Taylor:

> On 6/10/22 3:58 AM, Marco Moock wrote:
> > - The "new" addresses will cause many problems: All routers,
> > operating systems and firewalls MUST be updated.
>
> Nope. That's not true.
>
> Your client computer has no idea if my 192.168.1.0 is the zeroth
> address in 192.168.1.0/24 or the middle of the 192.168.0.0/23
> network. You don't have to change anything.
>
> The things that will need to be updated are things that are directly
> attached to the network using zeroth addresses.
>
> So the very vast majority of things will not need to be updated to
> support zeroth addresses.

This only applies to the net addresses they want to make usable. But
think about making subnets of 127.0.0.0/8 public routable?
Currently the entire net is localhost, so addresses within that net
MUST NOT be transmitted to another host. This must be changed on EVERY
router, firewall, operating system etc.
If not, these new addresses can't be used in environments where routers
are blocking it.

> > The chance is really high that most of them won't be changed, so
> > the new addresses, e.g. from the current localhost area, can't be
> > properly used in many networks.
>
> It's only a locally significant problem. Things that want to use the
> zeroth address may need to update. Things that aren't local don't
> need to care.

See the post about localhost above. If I run a public server on the
new global address 127.123.2.1, then this can't be used of somebody
runs an operating system, a firewall or a router that doesn't know
about the change. Win XP, Vista and 7 users can't access it, many
computers in home networks with older routers can't access it.

> > True, but this must be implemented in EVERY device that uses IPv4
> > to function. This will take years to be done and many devices can't
> > be changed, like old operating systems, routers etc.
>
> Nope. (See above.)
>
> > True, and these people must be stopped doing so.
>
> Good luck convincing them.

For some I managed it, others are resistent to all suggestions.

> We should also start hosting services on IPv6. I'm sick and tired of
> people discouraging running mail servers on IPv6.

Full ack. I will further or sooner host my own sendmail server. Then I
can make it reachable via IPv6. Sadly, my current mail provider doesn't
support IPv6 in MX.
My own services (squid/danted/ftpd) are already IPv6 capable.

> > There are still very bad companies like SONY that sell (junk)
> > products (PlayStation 4) that can't use IPv6 at all.
>
> horse ... water ...

What does that mean?
PS: I am not an English native speaker.

[Spiros Bousbouras]

On Sat, 11 Jun 2022 07:56:27 +0200
Marco Moock <mo...@posteo.de> wrote:
> > horse ... water ...
>
> What does that mean?
> PS: I am not an English native speaker.

A proverb : "You can lead a horse to water but you can't make it drink"

[Grant Taylor]

On 6/10/22 11:56 PM, Marco Moock wrote:
> This only applies to the net addresses they want to make usable.

Yes.

> But think about making subnets of 127.0.0.0/8 public routable?

There are many facets to the IPv4 Cleanup Project as I understand it.

I think that trying to use any part of the 127/8 network across the
global Internet is as effective as spitting into a hurricane.

But that's /global/.

I do think that it's possible, if not likely, that companies (e.g.
Google) can update all of their equipment such that they can use parts
of the 127/8 network other than 127.0.0.0/24 internally the same way
that they can currently use RFC 1918 / 7793 addresses. Meaning private
passing through a CGNAT solution.

Your Windows XP won't care that the 192.0.2.127 it thinks it's talking
to is actually being translated to 127.2.0.192 inside of $COMPANY's data
center.

> Currently the entire net is localhost, so addresses within that net
> MUST NOT be transmitted to another host.

There's some very important minutia. Notably "currently". One of the
facets of the IPv4 Cleanup Project is to re-define the localhost network
so that it's just 127.0.0.0/24 instead of the larger 127.0.0.0/8 (24 vs
8 respectively).

That re-definition will mean that 127.127.127.127 would not be
localhost. As such it would not be subject to the localhost restrictions.

> This must be changed on EVERY router, firewall, operating system etc.

No. Not /every/ router / firewall / $DEVICE.

It /only/ needs to be changed in the devices that will see the formerly
restricted address; e.g. 127.127.127.127.

There is a *HUGE* difference in Google / Facebook / et al. needing to
update /their/ equipment to support the redefined networks as opposed to
the entire world needing to do so.

There's also the fact that only the devices that will participate in
such exchanges need to be updated. So devices that will never
participate in communications with 127.127.127.127 don't need to be
updated. Meaning my 20 year old HP LaserJet 4M+ can keep working just
fine and the lack of update won't prevent Google / Facebook / et al.
from using 127.127.127.127 in their network.

> If not, these new addresses can't be used in environments where routers
> are blocking it.

/me points to the LaserJet 4M+ above and says "so"

Not all environments /need/ to be updated. Only the environments that
will see / pass traffic to the effected IPs need to be updated.

> See the post about localhost above. If I run a public server on the
> new global address 127.123.2.1, then this can't be used of somebody
> runs an operating system, a firewall or a router that doesn't know
> about the change. Win XP, Vista and 7 users can't access it, many
> computers in home networks with older routers can't access it.

See my spitting into a hurricane comment above.

> For some I managed it, others are resistent to all suggestions.

And that is their choice.

They may, or may not, change their mind at some point in the future.

> Full ack. I will further or sooner host my own sendmail server. Then I
> can make it reachable via IPv6.

:-)

> Sadly, my current mail provider doesn't support IPv6 in MX.

:-(

> My own services (squid/danted/ftpd) are already IPv6 capable.

:-)

> What does that mean?

Spiros B. answered before I could.

> PS: I am not an English native speaker.

I had no idea. Your English is better than some people that I know are
native English speakers. I tip my hat to you.

[Grant Taylor]

On 6/10/22 11:54 PM, Marco Moock wrote:
> Have you also changed all computers there that they don't treat the
> BC address as BC?

/32s and /31s are a unique critter. They don't actually have a notion
of a broadcast nor network. There's an RFC that redefines the /31 for a
point to point network. /32s behave very similarly.

The /32 can't easily be used directly without something else to support
it. This is often accomplished by putting the /32 on a loopback or
dummy interface (as a single IP) and creating a route to it via a
different link-net IP. Thus you can use all IPs in a block. }:-)

[Grant Taylor]

On 6/10/22 10:51 PM, Roger Blake wrote:
> I disagree. I certainly will not be changing over to IPV6.

You are of course entitled to your own opinion.

> After working with IPV4 practically since it was deployed I'm just not
> willing to learn or even blindly use another protocol.

That's your choice.

My opinion is that it's a short sighted choice.

But my opinion of your choice doesn't lessen the fact that it's your choice.

> I also see no good reason for every damned electronic device to be
> internet-connected in the first place,

The addressing scheme is largely independent of the number of devices
using it.

I can use near 4 billion addresses on IPv4 or 400 addresses on IPv6.
The only restriction is if the addressing space is big enough for all of
the devices that want to be addressed.

I've been known to say that I don't want the Bic pen in my pocket to
have an IPv6 address.

> which seems to be at least part of the driving force for this.

No, I don't think so.

I know that there are more people getting cell phones which they want to
have internet access than there are IPv4 addresses available.

These are /new/ connections, not new devices replacing old devices thus
re-using an old connection.

There is a HUGE demand for Internet of Things or so called smart
devices. They simply add to the number of things that want internet
connectivity.

But the desire for those new phones / IoT devices does not dictate that
the Bic pen in my pocket needs it's own IPv6 address.

The desire for the new phones / IoT devices does mean that there are
more devices that want to get on the Internet than the current IPv4
address space can provide.

> (In general if a product has "smart" in its name or description I
> want nothing to do with it.)

I think some smart things can be dumbed down enough to be tolerable.

But I'm suspicious of them.

> Fortunately, as I stated previously, the "transition" is going so
> slowly the chances are I won't have to deal with it in my lifetime
> and what happens after that is not my concern.

~chuckle~

[Grant Taylor]

On 6/10/22 11:54 PM, Marco Moock wrote:

> Have you also changed all computers there that they don't treat the
> BC address as BC?

/32s and /31s are a unique critter. They don't actually have a notion
of a broadcast nor network. There's an RFC that redefines the /31 for a
point to point network. /32s behave very similarly.

The /32 can't easily be used directly without something else to support
it. This is often accomplished by putting the /32 on a loopback or
dummy interface (as a single IP) and creating a route to it via a
different link-net IP. Thus you can use all IPs in a block. }:-)

[Grant Taylor]

On 6/10/22 11:56 PM, Marco Moock wrote:

> This only applies to the net addresses they want to make usable.

Yes.

> But think about making subnets of 127.0.0.0/8 public routable?

There are many facets to the IPv4 Cleanup Project as I understand it.

I think that trying to use any part of the 127/8 network across the
global Internet is as effective as spitting into a hurricane.

But that's /global/.

I do think that it's possible, if not likely, that companies (e.g.
Google) can update all of their equipment such that they can use parts
of the 127/8 network other than 127.0.0.0/24 internally the same way
that they can currently use RFC 1918 / 7793 addresses. Meaning private
passing through a CGNAT solution.

Your Windows XP won't care that the 192.0.2.127 it thinks it's talking
to is actually being translated to 127.2.0.192 inside of $COMPANY's data
center.

> Currently the entire net is localhost, so addresses within that net
> MUST NOT be transmitted to another host.

There's some very important minutia. Notably "currently". One of the
facets of the IPv4 Cleanup Project is to re-define the localhost network
so that it's just 127.0.0.0/24 instead of the larger 127.0.0.0/8 (24 vs
8 respectively).

That re-definition will mean that 127.127.127.127 would not be
localhost. As such it would not be subject to the localhost restrictions.

> This must be changed on EVERY router, firewall, operating system etc.

No. Not /every/ router / firewall / $DEVICE.

It /only/ needs to be changed in the devices that will see the formerly
restricted address; e.g. 127.127.127.127.

There is a *HUGE* difference in Google / Facebook / et al. needing to
update /their/ equipment to support the redefined networks as opposed to
the entire world needing to do so.

There's also the fact that only the devices that will participate in
such exchanges need to be updated. So devices that will never
participate in communications with 127.127.127.127 don't need to be
updated. Meaning my 20 year old HP LaserJet 4M+ can keep working just
fine and the lack of update won't prevent Google / Facebook / et al.
from using 127.127.127.127 in their network.

> If not, these new addresses can't be used in environments where routers
> are blocking it.

/me points to the LaserJet 4M+ above and says "so"

Not all environments /need/ to be updated. Only the environments that
will see / pass traffic to the effected IPs need to be updated.

> See the post about localhost above. If I run a public server on the
> new global address 127.123.2.1, then this can't be used of somebody
> runs an operating system, a firewall or a router that doesn't know
> about the change. Win XP, Vista and 7 users can't access it, many
> computers in home networks with older routers can't access it.

See my spitting into a hurricane comment above.

> For some I managed it, others are resistent to all suggestions.

And that is their choice.

They may, or may not, change their mind at some point in the future.

> Full ack. I will further or sooner host my own sendmail server. Then I
> can make it reachable via IPv6.

:-)

> Sadly, my current mail provider doesn't support IPv6 in MX.

:-(

> My own services (squid/danted/ftpd) are already IPv6 capable.

:-)

> What does that mean?

Spiros B. answered before I could.

> PS: I am not an English native speaker.

I had no idea. Your English is better than some people that I know are
native English speakers. I tip my hat to you.

[Grant Taylor]

Sorry for the duplication.

My news server didn't want to post during it's maintenance last night
when I typed the replies. So I saved them for this morning. But it
looks like two of them did get posted despite errors to the contrary.

[Spiros Bousbouras]

On Fri, 10 Jun 2022 13:51:01 -0600
Grant Taylor <gta...@tnetconsulting.net> wrote:
> On 6/10/22 3:58 AM, Marco Moock wrote:
> > We must start/continue transition to IPv6 ASAP.
>
> Agreed.

For someone who doesn't know much about these issues , could someone explain
what kind of stuff a person would have to be involved in in order for that
person to have to take explicit steps for a transition as opposed to things
just working for whatever combination of hardware and software they're using ?
In particular , does someone who is not a networking professional need to
take some explicit steps ?

> We should also start hosting services on IPv6. I'm sick and tired of
> people discouraging running mail servers on IPv6.

On what grounds do they discourage it ?

> > There are still very bad companies like SONY that sell (junk) products
> > (PlayStation 4) that can't use IPv6 at all.
>
> horse ... water ...

What would Sony need to do in order to add support ?
en.wikipedia.org/wiki/PlayStation_4_system_software :
The PlayStation 4 system software is the updatable firmware and operating
system of the PlayStation 4. The operating system is Orbis OS, based on
FreeBSD 9.

I'm guessing that FreeBSD 9 does have support.

--
A good compiler can translate an 8K BASIC program in two or three
minutes.
http://www.atariarchives.org/mlb/chapter7.php

[Andy Burns]

Marco Moock wrote:

> schrieb Andy Burns:

>
>> my ISP gives my a /29 subnet, but rather than assigning it
>> that way and getting 6 usable addresses plus a useless subnet addr
>> and broadcast addr, I assign all 8 addrs as /32 and get two more
>> usable IPs out of it ...
>
> Have you also changed all computers there that they don't treat the BC
> address as BC?

The first IP is auto-assigned to the WAN interface of the router by the ISP, the
remaining seven I manually assign as secondary IPs on the same interface, they
are used for port forwarding to computers on the router's LAN or DMZ interfaces,
so nothing would be aware it was using a broadcast addr.

[Roger Blake]

On 2022-06-11, Marco Moock <mo...@posteo.de> wrote:
> Ok, can you calculate 2³²?
> This is the maximum amount of possible IPv4 addresses. Even this isn't
> enough and many areas of that space can't be used for global
> addressing. This is the reason for IPv6 and there is no way around it.

There are ways around it, such as carrier-grade NAT. There won't be
an actual need for IPV6 in my lifetime and as I've said what happens
after that is not my concern. I plan to keep IPV6 disabled here
indefinitely.

[Bruce Horrocks]

On 10/06/2022 11:51, SH wrote:
> On 10/06/2022 11:00, Marco Moock wrote:
>> Am Mittwoch, 08. Juni 2022, um 22:45:30 Uhr schrieb SH:
>>
>>> On a IPv4 network, devices use the configured IP address of the DNS.
>>> In my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
>>>
>>> When running on IPv6, mobile phones over Wifi seemed able to get
>>> their DNS results from a DNS OUTSIDE my LAn despite there being a DNS
>>> on teh LAN itself.
>>>
>>> This was despite the Pi Hole also set up for DNS over IPv6.
>>>
>>> the computers on the LAN used the internal DNS.
>>>
>>> I ended up having to disable IPv6 support in the router to ensure teh
>>> Pi Hole DNS was used by *ALL* devices.
>>
>> This is the worst idea.
>> You need to make sure that your computers get the IPv6 DNS resolver by
>> DHCPv6 (if your routers runs a DHCPv6) and via the IPv6 Router
>> Advertisement.
>>
>
> i seem to recall that when setting up Pi hole, I put in a IPv4 address
> 192.168.0.29 and there was no option to add a IPv6 address EVEN though
> there was a toggle option for enable IPv6 support in Pi Hole.

It does now. As well as being able to choose among half-a-dozen
pre-defined IPv6 DNS providers such as Cloudflare you can also specify
two IPv6 addresses for your own choice of upstream IPv6 DNS server.

> In the Vodafone router I have a toggle option for IPv6 support. I can
> also enter in the IPv4 address of my preferred DNS but there is no box
> for entering an IPv6 address for my preferred DNS.....
>
>
> Hmmm what next?

Stop using the Vodafone router for DHCP/DNS and use the Pi Hole instead.

--
Bruce Horrocks
Surrey, England

[Computer Nerd Kev]

Spiros Bousbouras <spi...@gmail.com> wrote:
> On Fri, 10 Jun 2022 13:51:01 -0600
> Grant Taylor <gta...@tnetconsulting.net> wrote:
>> On 6/10/22 3:58 AM, Marco Moock wrote:
>> > We must start/continue transition to IPv6 ASAP.
>>
>> Agreed.
>
> For someone who doesn't know much about these issues , could someone explain
> what kind of stuff a person would have to be involved in in order for that
> person to have to take explicit steps for a transition as opposed to things
> just working for whatever combination of hardware and software they're using ?
> In particular , does someone who is not a networking professional need to
> take some explicit steps ?

Well I just wasted another hour of my life trying to enable it for
my home internet connection (mobile broadband). It turns out that
yes, I am now using a modem that supports IPv6 and IPv4/IPv6 over
PPP. But whenever I enable it, the modem never connects. I guessed
that this means my ISP/telco doesn't support it. But no, although
as usual they're to polite to have an official page about it they
announced IPv4/v6 for mobile in 2016*. But it doesn't work, and
there's only so far to dig with that because there aren't many
cofiguration changes involved. Plus the error condition is "hmm,
it's been a couple of minutes and it's _still_ 'connecting', guess
that doesn't work either" (an all too familiar error condition, I
might add).

On the other hand I know most households here in Australia with
wired internet are now using modems/routers with IPv6 enabled,
because that's the default for most/all the new hardware they got
when the 'National Broadband Network' rolled out in Australia. So
they didn't need to take any explicit steps.

* https://www.computerworld.com/article/3521032/telstra-kicks-off-next-stage-of-ipv6-shift-for-mobile-network.html
https://forums.whirlpool.net.au/archive/3vy5n749

P.S.
Without an actual usage case for IPv6, seeing as I'm not
encountering any IPv6-only servers that I want to talk to, I won't
look into tunelling. Just in case someone here is eager to suggest
it.

--
__ __
#_ < |\| |< _#

[Computer Nerd Kev]

Grant Taylor <gta...@tnetconsulting.net> wrote:
> On 6/10/22 11:56 PM, Marco Moock wrote:
>> This only applies to the net addresses they want to make usable.
>
> Yes.
>
>> But think about making subnets of 127.0.0.0/8 public routable?
>
> There are many facets to the IPv4 Cleanup Project as I understand it.
>
> I think that trying to use any part of the 127/8 network across the
> global Internet is as effective as spitting into a hurricane.
>
> But that's /global/.
>
> I do think that it's possible, if not likely, that companies (e.g.
> Google) can update all of their equipment such that they can use parts
> of the 127/8 network other than 127.0.0.0/24 internally the same way
> that they can currently use RFC 1918 / 7793 addresses. Meaning private
> passing through a CGNAT solution.
>
> Your Windows XP won't care that the 192.0.2.127 it thinks it's talking
> to is actually being translated to 127.2.0.192 inside of $COMPANY's data
> center.

The project's GitHub pages seem to make it pretty clear that they
_are_ talking about global scope for all this. Their stated aim is
"adding 419 million new IPs to the world". They more or less
suggest that the battle is already won on internal networks:

""These addresses will never work globally"
They won't unless we try. They already work fine with the patchsets
we have on Linux, FreeBSD, and macOS. These addresses work on a
local LAN, in tunnels, and via the two major routing daemons we've
patched, and nearly every IoT OS we've tried."
https://github.com/schoen/unicast-extensions/blob/master/FAQ.md

Reading between the lines, I think the fact that this proposal is
coming from a co-founder of Let's Encrypt is a hint. This is all
about servers. Public servers are still considered to need an
IPv4 address, and as such IPv4 addresses have become (slightly)
valuable since the limit of their finite capacity was reached. If
you add more IPv4 addresses, you decrease the overall value, saving
some people money.

Running a server on 127.2.0.192 wouldn't be all that nice, but in
the real world maybe it would still work better for some services
than running IPv6-only. So if in some situation IPv4 is just too
expensive (presumably something like a large array of servers
talking to old IoT devices), then using a dodgy-but-cheap 'new'
IPv4 address might be a reasonable move. Devices that don't support
IPv6 (think mobile broadband connected, as an example that I'm
personally aware of), but don't get confused about global 127.* IP
addresses are then able to connect, whereas otherwise they
couldn't.

So if people are smart about these new global IPv4 addresses and
only use them when they expect specific compatible clients to be
connecting to associated servers, maybe it could work. The cost of
normal IPv4 addresses might also go down if some IoT operators
switch to the new, cheaper, addresses leaving more available for
operators of general-purpose servers.

But if a normal website server like wikipedia.org ever resolves to
127.2.0.192, or my ISP ever assigns an IP address like that to my
home internet connection, _that_ would be very bad state of
affairs. The question is therefore whether website operators and
ISPs can be trusted not to use the new global addresses
inappropriately?

I suspect that anyone who stands to save money if this proposal
went ahead would be particularly inclined to answer "yes".
Personally I'm not sure, especially about website operators.

[Spiros Bousbouras]

On 12 Jun 2022 11:50:31 +1000

So it should have worked just by ticking a box or something but you never
actually managed to make it work.

> On the other hand I know most households here in Australia with
> wired internet are now using modems/routers with IPv6 enabled,
> because that's the default for most/all the new hardware they got
> when the 'National Broadband Network' rolled out in Australia. So
> they didn't need to take any explicit steps.

Yes , that would have been my guess for all "sufficiently technologically
advanced" countries. I don't know if my router has IPv6 enabled and I'm
not inclined to find out because I resent the fact that its interface
requires a browser with javascript. But my guess is that IPv6 is enabled.

As a general comment , for people who post on usenet through googlegroups ,
their header includes a NNTP-Posting-Host field and in that I see sometimes
an IPv6 address.

--
vlaho.ninja/prog

[Richard Kettlewell]

n...@telling.you.invalid (Computer Nerd Kev) writes:

> Grant Taylor <gta...@tnetconsulting.net> wrote:
>> There are many facets to the IPv4 Cleanup Project as I understand it.
>>
>> I think that trying to use any part of the 127/8 network across the
>> global Internet is as effective as spitting into a hurricane.
>>
>> But that's /global/.
>>
>> I do think that it's possible, if not likely, that companies (e.g.
>> Google) can update all of their equipment such that they can use
>> parts of the 127/8 network other than 127.0.0.0/24 internally the
>> same way that they can currently use RFC 1918 / 7793 addresses.
>> Meaning private passing through a CGNAT solution.
>>
>> Your Windows XP won't care that the 192.0.2.127 it thinks it's
>> talking to is actually being translated to 127.2.0.192 inside of
>> $COMPANY's data center.
>
> The project's GitHub pages seem to make it pretty clear that they
> _are_ talking about global scope for all this. Their stated aim is
> "adding 419 million new IPs to the world". They more or less
> suggest that the battle is already won on internal networks:
>
> ""These addresses will never work globally"
> They won't unless we try. They already work fine with the patchsets
> we have on Linux, FreeBSD, and macOS. These addresses work on a
> local LAN, in tunnels, and via the two major routing daemons we've
> patched, and nearly every IoT OS we've tried."
> https://github.com/schoen/unicast-extensions/blob/master/FAQ.md

That’s not a very promising answer. They still haven’t got their work
fully merged into the main Unix kernels and I can find no hint anywhere
about how close Windows support is.

--
https://www.greenend.org.uk/rjk/

[Marco Moock]

Am Samstag, 11. Juni 2022, um 23:10:12 Uhr schrieb Bruce Horrocks:

> Stop using the Vodafone router for DHCP/DNS and use the Pi Hole
> instead.

For that it must be possible to switch off DHCPv6 on the router. Also
the IPv6 router advertisement must be changed at the router, because it
must come from that router. The only way is a router that offers to
change the settings.

[Marco Moock]

Am Sonntag, 12. Juni 2022, um 12:29:23 Uhr schrieb Computer Nerd Kev:

> So if people are smart about these new global IPv4 addresses and
> only use them when they expect specific compatible clients to be
> connecting to associated servers, maybe it could work. The cost of
> normal IPv4 addresses might also go down if some IoT operators
> switch to the new, cheaper, addresses leaving more available for
> operators of general-purpose servers.

Best would be if they offer IPv6 and require that for function. The
people wanting to use these devices need an ISP that offers IPv6.

> But if a normal website server like wikipedia.org ever resolves to
> 127.2.0.192, or my ISP ever assigns an IP address like that to my
> home internet connection, _that_ would be very bad state of
> affairs. The question is therefore whether website operators and
> ISPs can be trusted not to use the new global addresses
> inappropriately?

No, because there is no reason for that. If the "new" subnets are
global scope (if the attempt is successful), ISP will use them like
global addresses - regardless of some networks that have problems with
them because of old software/hardware.

[Marco Moock]

Am Sonntag, 12. Juni 2022, um 09:19:14 Uhr schrieb Richard Kettlewell:

> That’s not a very promising answer. They still haven’t got their work
> fully merged into the main Unix kernels and I can find no hint
> anywhere about how close Windows support is.

Also think about routers and firewalls. They also need to update all
their firmware to make it work.

[Scott Dorsey]

Roger Blake <rogb...@iname.invalid> wrote:
>I disagree. I certainly will not be changing over to IPV6. After working with
>IPV4 practically since it was deployed I'm just not willing to learn or even
>blindly use another protocol. I also see no good reason for every damned
>electronic device to be internet-connected in the first place, which seems
>to be at least part of the driving force for this. (In general if a product
>has "smart" in its name or description I want nothing to do with it.)

IoT has nothing to do with IPv6, in spite of a lot of marketing about it.
IPv6 is about everybody who wants one getting an address block in a world
that is much larger than just the US.

>Fortunately, as I stated previously, the "transition" is going so slowly the
>chances are I won't have to deal with it in my lifetime and what happens
>after that is not my concern.

The transition is already complete in most of Asia. They can't get IPv4
addresses because there haven't been any available for years, so they use
IPv6. The transition is only going slowly in the US where address space
is plentiful. Most of the rest of the world is not that way, and if you
want to talk to the rest of the would you likely would want IPv6.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

[Scott Dorsey]

Spiros Bousbouras <spi...@gmail.com> wrote:
>What would Sony need to do in order to add support ?
>en.wikipedia.org/wiki/PlayStation_4_system_software :
> The PlayStation 4 system software is the updatable firmware and operating
> system of the PlayStation 4. The operating system is Orbis OS, based on
> FreeBSD 9.
>
>I'm guessing that FreeBSD 9 does have support.

It does indeed, so I am suspecting that it would not be a huge issue for
Sony unless they have a lot of hardcoded junk in place. And if they DO
have a lot of hardcoded junk, this would seem as good a time as any to
fix it. Would they sell more units by doing so? Maybe not.

IPv6 compatibility has been required for US government procurement for
over a decade now. So it has become pretty much standard in software,
even though most people in the US choose not to use it.

[Scott Dorsey]

Why is turning off the DHCPv6 server on the router a problem? Just run
the DHCPv6 server on the pi hole. And why is the router advertisement an
issue? You should have a static block of addresses assigned to the router,
and the DHCPv6 server just assigns to individual machines within that block.

[Marco Moock]

Am Sonntag, 12. Juni 2022, um 16:17:15 Uhr schrieb Scott Dorsey:

> Why is turning off the DHCPv6 server on the router a problem? Just
> run the DHCPv6 server on the pi hole. And why is the router
> advertisement an issue? You should have a static block of addresses
> assigned to the router, and the DHCPv6 server just assigns to
> individual machines within that block. --scott

Most ISPs don't provide

[Marco Moock]

Am Sonntag, 12. Juni 2022, um 16:17:15 Uhr schrieb Scott Dorsey:

> Why is turning off the DHCPv6 server on the router a problem? Just
> run the DHCPv6 server on the pi hole. And why is the router
> advertisement an issue? You should have a static block of addresses
> assigned to the router, and the DHCPv6 server just assigns to
> individual machines within that block.

Most ISPs don't give their customers a static IPv6 net.
The Router Advertisement must come from the router itself, this can't
be done by another machine. If the RA includes DNS resolvers, these
must be changed at the router. Many cheap "home" routers don't support
changing that setting.

[Marco Moock]

Am Samstag, 11. Juni 2022, um 20:17:09 Uhr schrieb Roger Blake:

> There are ways around it, such as carrier-grade NAT. There won't be
> an actual need for IPV6 in my lifetime and as I've said what happens
> after that is not my concern. I plan to keep IPV6 disabled here
> indefinitely.

CG-NAT is no way around it, you can't run any servers, you can't use
SIP at all. CG-NAT and DS-Lite is just really nasty.

[SH]

which i sm doing as i disabled dhcp in the router and enabled the pi
holes own dhcp

[Eric Pozharski]

with <62a5...@news.ausics.net> Computer Nerd Kev wrote:
> Grant Taylor <gta...@tnetconsulting.net> wrote:
>> On 6/10/22 11:56 PM, Marco Moock wrote:

*SKIP*

>>> But think about making subnets of 127.0.0.0/8 public routable?
>> There are many facets to the IPv4 Cleanup Project as I understand it.

*SKIP*

> But if a normal website server like wikipedia.org ever resolves to
> 127.2.0.192, or my ISP ever assigns an IP address like that to my home
> internet connection, _that_ would be very bad state of affairs. The
> question is therefore whether website operators and ISPs can be
> trusted not to use the new global addresses inappropriately?

I have an idea for sticker: "Go IPv6 Now! Save 127.0.0.0/8 Tomorrow!"

*CUT*

--
Torvalds' goal for Linux is very simple: World Domination
Stallman's goal for GNU is even simpler: Freedom

[Marco Moock]

Am Sonntag, 12. Juni 2022, um 18:25:06 Uhr schrieb SH:

> which i sm doing as i disabled dhcp in the router and enabled the pi
> holes own dhcp

You need to know that there is DHCPv4 AND DHCPv6. Often DHCPv4 is being
called just DHCP.
Also the IPv6 Router Advertisement sent by the router (independent of
DHCPv6) can contain DNS resolvers.

https://datatracker.ietf.org/doc/html/rfc6106

[Roger Blake]

On 2022-06-12, Scott Dorsey <klu...@panix.com> wrote:
> The transition is already complete in most of Asia. They can't get IPv4
> addresses because there haven't been any available for years, so they use
> IPv6. The transition is only going slowly in the US where address space
> is plentiful. Most of the rest of the world is not that way, and if you
> want to talk to the rest of the would you likely would want IPv6.

I rarely connect to anything outside the U.S. so don't really care
about that. The rest of the world is welcome to go its own way.

[Roger Blake]

On 2022-06-12, Marco Moock <mo...@posteo.de> wrote:
> CG-NAT is no way around it, you can't run any servers, you can't use
> SIP at all. CG-NAT and DS-Lite is just really nasty.

CG-NAT is just fine for the typical end user "surfing thuh web".

[Computer Nerd Kev]

Spiros Bousbouras <spi...@gmail.com> wrote:
> On 12 Jun 2022 11:50:31 +1000
> n...@telling.you.invalid (Computer Nerd Kev) wrote:
>>
>> Well I just wasted another hour of my life trying to enable it for
>> my home internet connection (mobile broadband). It turns out that
>> yes, I am now using a modem that supports IPv6 and IPv4/IPv6 over
>> PPP. But whenever I enable it, the modem never connects. I guessed
>> that this means my ISP/telco doesn't support it. But no, although
>> as usual they're to polite to have an official page about it they
>> announced IPv4/v6 for mobile in 2016*. But it doesn't work, and
>> there's only so far to dig with that because there aren't many
>> cofiguration changes involved. Plus the error condition is "hmm,
>> it's been a couple of minutes and it's _still_ 'connecting', guess
>> that doesn't work either" (an all too familiar error condition, I
>> might add).
>
> So it should have worked just by ticking a box or something but you never
> actually managed to make it work.

Pretty much. I'm using OpenWRT so the instructions are to tick a
box and edit the chat script that initialises the modem, but I'm
not using the web interface so I edited the config file and the
chat script manually. The chat script edit just replaces "IP" with
"IPV4V6" on one line, but doing that (or I tried "IPV6" as well)
prevents the phone network from letting it connect. I followed
their instructions to check that it supports PDPv6 and PDPv4v6
(though their wiki page seems to be the only bit of the internet
that uses those terms), and it does, so I have to figure it's a
problem with my ISP/telco. My ISP/telco is the company that
actually sold the modem that I'm using though.

https://openwrt.org/docs/guide-user/network/wan/wwan/3gdongle#obtaining_ipv6_address

Years ago I edited my firewall rules on the router to allow IPv6,
but the modem I was using then didn't support it anyway. Even if
I stuffed that up the modem itself should still connect though.

Average users wouldn't have to worry about firewall settings on
their router. Nor manually editing chat scripts. They'd just tick
a box, or in fact many mobile devices are apparantly pre-set to
seek out IPv6 automatically anyway, so it just happens once the
telco enables it at their end.

>> On the other hand I know most households here in Australia with
>> wired internet are now using modems/routers with IPv6 enabled,
>> because that's the default for most/all the new hardware they got
>> when the 'National Broadband Network' rolled out in Australia. So
>> they didn't need to take any explicit steps.
>
> Yes , that would have been my guess for all "sufficiently technologically
> advanced" countries. I don't know if my router has IPv6 enabled and I'm
> not inclined to find out because I resent the fact that its interface
> requires a browser with javascript. But my guess is that IPv6 is enabled.

You can check easily whether your computer can access IPv6.
This command on Linux or whatever you have with recent-ish wget
installed:
wget -6 --spider https://www.wikipedia.org/
Should state that the "Remote file exists" along with a lot of other
stuff. If not, then if it works without the "-6" option that means
something is stopping IPv6 connections.

The "-6" option also works with ping on Linux.

[Computer Nerd Kev]

Computer Nerd Kev <n...@telling.you.invalid> wrote:
>
> Pretty much. I'm using OpenWRT so the instructions are to tick a
> box and edit the chat script that initialises the modem, but I'm
> not using the web interface so I edited the config file and the
> chat script manually. The chat script edit just replaces "IP" with
> "IPV4V6" on one line, but doing that (or I tried "IPV6" as well)
> prevents the phone network from letting it connect. I followed
> their instructions to check that it supports PDPv6 and PDPv4v6
> (though their wiki page seems to be the only bit of the internet
> that uses those terms), and it does, so I have to figure it's a
> problem with my ISP/telco. My ISP/telco is the company that
> actually sold the modem that I'm using though.
>
> https://openwrt.org/docs/guide-user/network/wan/wwan/3gdongle#obtaining_ipv6_address

I just tried the USB modem on a PC with Modem Manager, adding
"ip-type=ipv4v6" to the usual "--simple-connect=" string that I use
with the mmcli command to start the modem.

It worked! Connected, and I could use "wget -6"! However it was in
3G mode instead of 4G mode. OK, add "--set-preferred-mode=4G":

error: couldn't connect the modem:
'GDBus.Error:org.freedesktop.ModemManager1.Error.MobileEquipment.NoNetwork: No network service'

So I tried to connect again in 3G mode, but got the same error.
Restarted Modem manager. Same errors. Removed "ip-type=ipv4v6", it
connects (4G), but I can't "wget -6" anymore of course.

So I pulled out the modem, rebooted the PC, plugged in the modem,
and... again I got "No network service" when trying either 3G or
4G with "ip-type=ipv4v6".

So it seems to be that sometimes I can connect with IPv6, but most
times it fails to connect at all when requesting that. It would
be possible to script it to automatically fall back on trying to
make an IPv4-only connection when IPv4/v6 fails, but not worth the
effort for me, and it would probably be complicated on OpenWRT. I
think that's probably what smartphones etc. do though, hence the
unreliability of this network's IPv6 support isn't obvious to
normal users.

It also makes the IPv6 support pretty pointless on this network
because only servers with IPv4 can be accessed reliably. Not that
I ever encounter IPv6-only servers that I want to connect to
anyway.

[Grant Taylor]

On 2022-06-12, Marco Moock <mo...@posteo.de> wrote:
> CG-NAT is no way around it, you can't run any servers, you can't use
> SIP at all. CG-NAT and DS-Lite is just really nasty.

I've run SIP through NAT many times. I see no reason why CG-NAT would
make any difference.

On 6/12/22 5:10 PM, Roger Blake wrote:
> CG-NAT is just fine for the typical end user "surfing thuh web".

This is the difference between "being on the Internet" and "access to
the Internet".

Being on the Internet requires inbound IP connectivity. The easiest way
to achieve this is with globally routed IP addresses on the system
providing the service. A quite common method is via port forwarding
(DNAT) to a private non-globally routed IP address on the system
providing the service. CG-NAT is capable of doing port forwarding.
It's just that it's rather difficult to get ISPs to support such a
configuration.

Access to the Internet can be accomplished in many different ways and is
often a LOT simpler to do There are even ways to access the Internet
from a client device that doesn't even have an IP address (neither v4
nor v6) on the client accessing the Internet.

[Grant Taylor]

On 6/11/22 9:55 AM, Spiros Bousbouras wrote:
> On what grounds do they discourage it ?

There are many that think that the bulk of email coming from IPv6
clients is disproportionately spam and as such discourage providing IPv6
connectivity as a way to thwart this spam.

[Marco Moock]

Am Sonntag, 12. Juni 2022, um 23:10:03 Uhr schrieb Roger Blake:

> CG-NAT is just fine for the typical end user "surfing thuh web".

But this is very annoying, people can't rund their own server and have
their freedom. They must store files they want to remotely access on
foreign servers.

[Spiros Bousbouras]

On 13 Jun 2022 10:28:10 +1000

n...@telling.you.invalid (Computer Nerd Kev) wrote:

> Spiros Bousbouras <spi...@gmail.com> wrote:
> > Yes , that would have been my guess for all "sufficiently technologically
> > advanced" countries. I don't know if my router has IPv6 enabled and I'm
> > not inclined to find out because I resent the fact that its interface
> > requires a browser with javascript. But my guess is that IPv6 is enabled.
>
> You can check easily whether your computer can access IPv6.
> This command on Linux or whatever you have with recent-ish wget
> installed:
> wget -6 --spider https://www.wikipedia.org/
> Should state that the "Remote file exists" along with a lot of other
> stuff. If not, then if it works without the "-6" option that means
> something is stopping IPv6 connections.
>
> The "-6" option also works with ping on Linux.

Ahhh , great , thanks for that.

prompt> wget --spider www.google.com
Spider mode enabled. Check if remote file exists.
--2022-06-13 06:34:05-- http://www.google.com/
Resolving www.google.com... 172.217.169.36, 2a00:1450:4009:820::2004
Connecting to www.google.com|172.217.169.36|:80... connected.
[...]

prompt> wget -6 --spider www.google.com
Spider mode enabled. Check if remote file exists.
--2022-06-13 06:34:17-- http://www.google.com/
Resolving www.google.com... 2a00:1450:4009:80a::2004
Connecting to www.google.com|2a00:1450:4009:80a::2004|:80... failed: Network is unreachable.

prompt> wget --spider www.wikipedia.org
Spider mode enabled. Check if remote file exists.
--2022-06-13 06:34:46-- http://www.wikipedia.org/
Resolving www.wikipedia.org... 91.198.174.192, 2620:0:862:ed1a::1
Connecting to www.wikipedia.org|91.198.174.192|:80... connected.
[...]

prompt> wget -6 --spider https://www.wikipedia.org
Spider mode enabled. Check if remote file exists.
--2022-06-13 06:35:29-- https://www.wikipedia.org/
Resolving www.wikipedia.org... 2620:0:862:ed1a::1
Connecting to www.wikipedia.org|2620:0:862:ed1a::1|:443... failed: Network is unreachable.

It turns out that IPv6 is not enabled on my router. This makes me wonder
whether the occasional failure to access a website has been because the
server was IPv6 only. Obviously this is only one of many possibilities.

prompt> w3m http://172.217.169.36
[ Goes to Google home page. ]
prompt> w3m http://2a00:1450:4009:80a::2004
w3m: Can't load http://2a00:1450:4009:80a::2004.

The w3m message has nothing to suggest that it's an IPv6 configuration
issue on my router (which likely it is) and I suspect that the application
can't even tell the reason it can't connect. So I guess I will have to grit
my teeth and go through my router's bloatware javascript interface and see
how I can enable IPv6.

--
We've heard that other companies have people allocate a
percentage of their time to self-directed projects. At Valve,
that percentage is 100.
http://assets.sbnation.com/assets/1074301/Valve_Handbook_LowRes.pdf

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Grant Taylor wrote:
> On 2022-06-12, Marco Moock <mo...@posteo.de> wrote:
>> CG-NAT is no way around it, you can't run any servers, you can't use
>> SIP at all. CG-NAT and DS-Lite is just really nasty.
>
> I've run SIP through NAT many times. I see no reason why CG-NAT would
> make any difference.

Mostly it's the dual-NAT nature of CGNAT (public IP -> Carrier 100.64/10
- -> your RFC1918), coupled with things like the carrier not able (or
willing) to force the forward to your router, etc.

It's certainly fine for residential "access the internet" type
connections, but it seems the trend is that people (somewhat) want to be
"on the internet" -- maybe not running "very public" websites or
whatever; but still be able to "get home" while they're out for some
reason or other.


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKnLqIACgkQbWVw5Uzn
KGDV4hAAvNobd5p+/cSoTSVeZ7ZqK6ZblXDD6/EayYxYmswKlniKQBNC/VGcaZ7R
ec3aNoGYTpxmMSP+537TaG9stUGuDJgVQ4pZpdmAhxJDNh0ykdH5kdRbU1Y0WATq
JN8k+4cGgxZ69judtD709NkfacJGkIqPVckwkflVE+bNLBvkKR9Fu4gZZDHytxo7
7aLfN3sHv+11LouqystudKUGB/K+IOq/e4slFhUGJKmtoF4dCSb//gveUe1DaVOQ
ctcZVPBhkG+afkUArgqbkOgG5OEUBYZVfp385u/haqoo7cidEc19ElvSeUHHKvP6
6ZHK7ScpsXMnsE+AGrGZJkjN/Z0zccT5cDt9/Yhpc2BL7v/MyyespzZe24vvDC91
VpN2sbS4KUFi4lqhTn1ZASv/v/AlF4++hjzf+/hVTcceCT8DRSHqucbLGfi6q1lF
sXNBfkcxCAuVqmYzGSfNKBe+k3ZzLQS/9bev6lgHloOmhcT0MrclyXbge4lYkhiW
AH9zahjyYp6Wg2rxodU7HNI+IlLy5ckXtvtt70H/5WLg+OfIhlWTdKavxCVZOHcJ
QkZESS0tKZ0INibXWbrc96LLwLijNEeMP1aBv4Rp63VeYbmq3g+YPldNb2QX8K4s
2RLP1Xw/KJnYiP2dQmKcgGMhgbme18evW4np+mRmezQ4yPJzOhw=
=RZMo
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

[Grant Taylor]

On 6/13/22 4:34 AM, Marco Moock wrote:
> But this is very annoying, people can't rund their own server and have
> their freedom. They must store files they want to remotely access on
> foreign servers.

These are the type of people that need to "be on the Internet". There
are plenty of options for such people. This is traditionally where
"business Internet connections" from ISPs. This is also where a VPS and
/ or VPN come into play.

People that want to "be on the Internet" need to pay a little bit more
per month. Or said another way, people that are satisfied with "access
to the Internet" can save a little bit of money via CG-NAT.

[Grant Taylor]

On 6/13/22 6:33 AM, Dan Purgert wrote:
> Mostly it's the dual-NAT nature of CGNAT (public IP -> Carrier 100.64/10
> -> your RFC1918), coupled with things like the carrier not able (or
> willing) to force the forward to your router, etc.

I think that it's mostly a lack of willingness and maybe a lack of
capability (as in the vendor doesn't provide an option to the ISP) that
prevents this public IP -> Carrier 100.64/10 -> RFC1918 forwarding.

> It's certainly fine for residential "access the internet" type
> connections, but it seems the trend is that people (somewhat) want to be
> "on the internet" -- maybe not running "very public" websites or
> whatever; but still be able to "get home" while they're out for some
> reason or other.

There are options that people with "access to the Internet" can use to
get home via things like some VPNs and / or a VPS that's "on the
Internet" with a connection with the home.

[Marco Moock]

Am Montag, 13. Juni 2022, um 12:04:23 Uhr schrieb Grant Taylor:

> I think that it's mostly a lack of willingness and maybe a lack of
> capability (as in the vendor doesn't provide an option to the ISP)
> that prevents this public IP -> Carrier 100.64/10 -> RFC1918
> forwarding.

Is is a problem of NAT itself. SIP isn't intended to run behind
NAT/CG-NAT.

> > It's certainly fine for residential "access the internet" type
> > connections, but it seems the trend is that people (somewhat) want
> > to be "on the internet" -- maybe not running "very public" websites
> > or whatever; but still be able to "get home" while they're out for
> > some reason or other.
>
> There are options that people with "access to the Internet" can use
> to get home via things like some VPNs and / or a VPS that's "on the
> Internet" with a connection with the home.

I know, but this is really, really annoying, so I like to avoid that
whenever possible.

[Grant Taylor]

On 6/13/22 12:48 PM, Marco Moock wrote:
> Is is a problem of NAT itself. SIP isn't intended to run behind
> NAT/CG-NAT.

I think we're talking horses and oranges.

I was stating that -- I think -- CGNAT /could/ support port forwarding
if people wanted it to.

You seem to be talking about SIP specifically.

I maintain that I have used SIP through NAT in the (distant) past.

Sufficiently advanced NAT (helper programs) can modify data in packet
payload in addition to packet headers.

> I know, but this is really, really annoying, so I like to avoid that
> whenever possible.

So what would your reaction be if the annoyance was reduced such that
it's effectively an optional add-on to your Internet connection from
your ISP?

E.g. the ISP uses RFC 7793 IPs for everything but will optionally route
a small block of IPs to your RFC 7793 WAN IP. Hypothetically your
current monthly Internet service plus $1 per globally routed IP that is
routed to your RFC 7793 WAN IP. Then you route said globally routed
IP(s) to your internal system(s).

[sc...@alfter.diespammersdie.us]

Roger Blake <rogb...@iname.invalid> wrote:
> On 2022-06-11, Marco Moock <mo...@posteo.de> wrote:
>> Ok, can you calculate 2³²?
>> This is the maximum amount of possible IPv4 addresses. Even this isn't
>> enough and many areas of that space can't be used for global
>> addressing. This is the reason for IPv6 and there is no way around it.

>
> There are ways around it, such as carrier-grade NAT.

Good luck running any kind of server on a host behind CGNAT. There's
reverse SSH tunneling and other sorts of network voodoo that might help, but
even that ultimately relies on having a routable address somewhere.

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

[Grant Taylor]

On 6/13/22 3:20 PM, sc...@alfter.diespammersdie.us wrote:
> that ultimately relies on having a routable address somewhere.

Yes. There is no way around that.

But the germane point is "somewhere" and the fact that "somewhere"
doesn't have to be the IP provided by the ISP.

Things get even more interesting when the clients trying to reach the
service are in a private cloud. Then you don't even need an address on
the Global Internet. Things like Tor Hidden Services are an example of
this.

This is also one of the reasons to run a Tor Hidden Service. To expose
something without the need for an IP address on the Global Internet.

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Grant Taylor wrote:

> On 6/13/22 6:33 AM, Dan Purgert wrote:
>> Mostly it's the dual-NAT nature of CGNAT (public IP -> Carrier 100.64/10
>> -> your RFC1918), coupled with things like the carrier not able (or
>> willing) to force the forward to your router, etc.
>
> I think that it's mostly a lack of willingness and maybe a lack of
> capability (as in the vendor doesn't provide an option to the ISP) that
> prevents this public IP -> Carrier 100.64/10 -> RFC1918 forwarding.

Which "vendor" are you thinking of here? Cisco/Aruba/Juniper? They
totally can do DNAT over the CGNAT range.

There's honestly nothing special about CGNAT -- it's just a new range
that definitely won't collide with RFC1918, because modern small
carriers can't get their hands on a publicly routed /24 easily (if at
all).

>
>> It's certainly fine for residential "access the internet" type
>> connections, but it seems the trend is that people (somewhat) want to be
>> "on the internet" -- maybe not running "very public" websites or
>> whatever; but still be able to "get home" while they're out for some
>> reason or other.
>
> There are options that people with "access to the Internet" can use to
> get home via things like some VPNs and / or a VPS that's "on the
> Internet" with a connection with the home.

Of course. Or they could pressure their provider for v6, and be "on the
internet" that way (IME with various WISPs, that's their M.O.)


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKoVhcACgkQbWVw5Uzn
KGDm3Q/9EBTLzAV8OqKsJhKurkNI5auFhANARHak3iZIyQx3S9lEfwOpYGB0hH/i
U4ayBhPB1Ip8LORVHvvg8CzPz/AToPUrJjLjSpbsKqvZNR9GgUfjv4QG7F24+pau
GPhiJodrZjnWc3oMCBHvOSL7afZ8VU+z+WHujZ9784kYvP2xqj4bWRLfjxTDPjxM
sWVvgWthGBfFN3aaP1R0DRPVjptXVROwv43nMSKcyldkz/rIGPwTr2wSy97nEEvD
yfWQYcHqlBaMt10Jczp/GYwwnNhjNKNCwkfFri+y801K0vRALzoyypx+5dHVXbe6
bGNDgWGzDzyVbob1dZaBqo9d9BUtqjIzAGCnhpBGeD0RGKDpRDXcdv6QnEyHNmJT
KPEceiNV8lVLKYhyFtvq7u8qVIrVKkFKHGtreDkhidUd6U12DpDsJWVDvVTZ6VFA
sT89hV/vjmgvX/vmjeaWDe5kxAl15pqluUEn0HmC8zMThbvOauiqb5eCeBJNpJJT
GlcQZ7DS4e9CGKOc8THGU9l142pPaerzsDtiWZmV8XFK8U/UCtbRXpNFgHOHh/Mf
32QM5+oRB0VtMtRsUQA5l687cpGZrftZfD4lXlP6aGya/UIk+FU7IUhVc3ZvxGTd
m9Zz4CoTQVKa583EFEahbyRhqwK7O4SVDxOZ4CO8QVG+36VV7Mc=
=fnzU

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Grant Taylor wrote:

> On 6/13/22 12:48 PM, Marco Moock wrote:
>> Is is a problem of NAT itself. SIP isn't intended to run behind
>> NAT/CG-NAT.
>
> I think we're talking horses and oranges.
>
> I was stating that -- I think -- CGNAT /could/ support port forwarding
> if people wanted it to.

It does. But what incentive do I as a carrier have to setup the
necessary DNAT rule(s) for you?


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKoVn8ACgkQbWVw5Uzn
KGCkchAAjbUxzQp4V/1yIdLfb0CHeaDA15Y8Mx6FDtZnKgwI3x6XC8zdEoEylXgR
EkCbjGwANpIeOhqp6tZL6mh3jEkeT8pLNE4iBJKnViOQWv8wUpuGkOidAzuCRKuK
lt0ZqHNduh051W6zz70LiREwKRiFoZHBl04PbL17QrE5AtwjtG1ZEf/XlniRCeN4
KbUI84anmZehSZ1hO4kuOOOxPAM6dOs1mqHjGgNnim6npCEebqsYvjSo+xH+Uo20
pT4xYAAR/bQOI4Ynqv2Z8WX270/EJ3i75XDvOFZaOOiawcjGc+iFQjlpCnBet+IB
S4byR0BPDDLw3KFjvtyGzx29jj5xEMce+e3L1iqEoMosojHsJ2FRKq0X25fdCNeK
G3h8+v6kupAoz0FUKnsgrkUU1XCdAJu8xW3QYu9FBqxuFSiEagQy50LMG+MTqonq
PjKpq8b/b8BGVTStYlprcTNGknCYm9XKZil9OxH9x+SLXc68t44Cl0WuSCU4Um0O
JGk/TMRp3EO4JvqePMp7JdBSZORgWqPIZ4PWygCBNwN3sz/NQffmLGl18dcFuA7A
DvadD3Hsr3+7aAxXhq5cBf/K7KIHLaEi7C0QiU8bmkWaYYtl5fZ8sqabKosdU+eR
YnVrIeJ/cwuA5uwGxOSQc2bPr9NWoDi1/VgFAVt6+Z1ka0wNVeo=
=FTzz

[Marco Moock]

Am Dienstag, 14. Juni 2022, um 09:35:40 Uhr schrieb Dan Purgert:

> It does. But what incentive do I as a carrier have to setup the
> necessary DNAT rule(s) for you?

Nothing. Most customers are satisfied with CG-NAT/DS-Lite and those who
are not use another ISP/pay extra for native IPv4.

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Exactly, but I was asking Grant why he thought otherwise. ;)


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKoktQACgkQbWVw5Uzn
KGDL9hAAvMlCZ1/uSx0GgEIw9yLMNsguPX2+Ta6K/8uplRbHy184sHl6jx+l6Pis
Wm8Ii4JnvJ5fFkHZc5PcBZd/Ytr81l1zwD/4w7j73+YkNdW5wsYfl973RRtrSbVX
MwtQ797YPpNhxR/PFiDLQCmJ4JDOYlqJSZp16evPDqY8mkvTW21Xkse3QolQ/p16
D4V2+mFp+HQLjBQc1FrlNmxqNPKKCa30iea868FnJROkgNjpvcewx62FbYMIRfz7
YxXJLYcCaGDKShkOICNJKrSkkXFQprTaqBDi+3E8ggAJtVL/+6rNOXRIRCYsvbIA
xlO/ASWq+KMNu4Ks1uMEVmyt5CHS2WA1WeXIYTouqL4terMPrErNFb8P0udWeoIe
O+HlE0HnlvoePlznhm8A1XIBVmnyt6KGrpVbrI6BgwPjrsFeOpEhYM0VrlUodORt
MJ1zX/o6vo52YnrwH9wAUKpn4v2V2eoydK0la8AoVhMrAc2q21BNOjz5Qzpj82nz
zkEx5/P7xtGQuyua2hVKYXnDdld8mcS78dsQLi7PAgXxm0BUVUj9+IB283e5FPVE
28RcUixjLZas24Lvko2DuYvX2O0gqLgxgxnZQYCSH2a8Ta9WRwJDol1LmruE8j9/
2OagOhJKVy7t9AgtwQ2s2fDCMOXVw/CPdGJQAKsPWoc9ON3CnTQ=
=1pmi

[Grant Taylor]

On 6/14/22 3:35 AM, Dan Purgert wrote:

> It does. But what incentive do I as a carrier have to setup the
> necessary DNAT rule(s) for you?

I would hope that a ((reasonable) monthly) monetary incentive might work.

[Grant Taylor]

On 6/14/22 3:33 AM, Dan Purgert wrote:
> Which "vendor" are you thinking of here? Cisco/Aruba/Juniper?
> They totally can do DNAT over the CGNAT range.

I was mostly focusing on "lack of willingness" more than "capability".

Your response to my previous email make me think you probably fall into
the "lack of willingness" group.

> There's honestly nothing special about CGNAT -- it's just a new
> range that definitely won't collide with RFC1918, because modern
> small carriers can't get their hands on a publicly routed /24 easily
> (if at all).

Agreed.

> Of course. Or they could pressure their provider for v6, and be
> "on the internet" that way (IME with various WISPs, that's their M.O.)

Except IPv6 is not the same as IPv4. It's not even really feature
parity. It's definitely not the same set of endpoints.

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Grant Taylor wrote:

> On 6/14/22 3:35 AM, Dan Purgert wrote:
>> It does. But what incentive do I as a carrier have to setup the
>> necessary DNAT rule(s) for you?
>
> I would hope that a ((reasonable) monthly) monetary incentive might work.

I suppose it depends on the carrier, and the setup / future plans.

The ones I've worked with are pretty universally "no", outside of the
reserved / business accounts (as would I be, if I lived somewhere where
I could actually compete as a carrier). Long story short is that they
have NAT pools from their CGN-space to the public internet, in order to
avoid issues where popular websites/services will reject the customer
for "too many connections". That being said, they do offer ipv6
options.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKpqS0ACgkQbWVw5Uzn
KGAKBA/5AYsqvoyva8K1LLYcmDB62ec1t5yNixvYtirXo25Cwij5nkuxcXEZHAXY
bis5aHniermzLHetxPykfp4bIvEHMgltgJpxdF3nUYFoQTC5EFT1VZM0RC0/6M0Q
O6TQk/L9e0LCN6cc0rfULlw7YQ/IYyOOKelP0qQA9MtCipKfQrwWkv8LEAk7DdrH
vX2yKebuFb/93kedaPmtuVr5x3EGb/Q2rgAYaiGkd8RREvc3Hfk0xgUvVXyVGbod
WCsIEzmPjM14/sqmo8k6bd72PkMtsnx3SsyjzZrH3KTmH/qKl0TGxC0fPhTrDere
Oqjs3dCx/KswQKxMKsBp5FGFgXkzVc+sPBzALSg3sq6IrW38WjOFuyrC8ytVEe9B
N7edWbn8k5nC/dxfmthO48Hl4/lJNkdtSwY/9lltYO+hYeO5FW71cvSr0nqm6My9
9NRSDWwhhIdgA5NpDnG6NwG4acfC1NSu5brBBAneBw4iAScCa/RjZz4iwrKk7mqa
S0sNJIYzEkGc7AKuCZcNQ3VKyx6yUz1k40foBRfFSt+lif3fmAUif5otUVF9RjY4
tZ7mG0PZmtWQAHWwqHvVGq1EryaHhkQoig7AJSlXnFqb9zOpAg6TeJv7jTemMtiU
yRGCAAiRQyTdcn5ZkvGxYBCr7DaVOUvp1ZnOevCvsHozUL94kiM=
=SZMA

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Grant Taylor wrote:

> On 6/14/22 3:33 AM, Dan Purgert wrote:
>> Which "vendor" are you thinking of here? Cisco/Aruba/Juniper?
>> They totally can do DNAT over the CGNAT range.
>
> I was mostly focusing on "lack of willingness" more than "capability".
>
> Your response to my previous email make me think you probably fall into
> the "lack of willingness" group.

It's a mix of both -- remember that the "small carrier" who is forced
into using CGNAT may only have a /28's worth of actual public IPv4
addresses for their customers to share. Maybe even less.

Things get messy when you've got multiple households hitting the
internet from the same public IP address.

>> [...]

>> Of course. Or they could pressure their provider for v6, and be
>> "on the internet" that way (IME with various WISPs, that's their M.O.)
>
> Except IPv6 is not the same as IPv4. It's not even really feature
> parity. It's definitely not the same set of endpoints.

What, exactly, do you mean here by "same set of endpoints" ?

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKprQUACgkQbWVw5Uzn
KGBPqQ/9GKBYNM4brn0PZI70A+cxLbAqN3PshDCuXT/A6SJWeEdYfJMThiZ8y0J6
3uZZ0JWh7jFNaHt+MrCDDjq9e612lbabUSG16R3t+pZnEONGPWqI1xnt+WzWghEB
oIjN967qmuE+02rGm+PkqGOqcN6N7Cxd5igdN4mb6YOj3E8BhIfa2MF8EsgB2TEx
s/JqNkV+iECKnUU+gDhk1jvyfqfcE4xC02WhZJvsToF+jEAxjueulLs7o/ZsJF0b
YeKw4Wg6uVbv7ken70W8JZrpooFkppPI2+XdavUpIW1pRBsiCpbk/pHVQk9ALN2h
98ur9AnGd6Zn7F8AzrYS5EOEkv6o3Vl8UJ10zhPgBFOGP1VHLlUxw15CZKft6Tjt
q3khEXb7REzD2a0sHETqOKnJHK7KNmPHg6EAr2KsAdQHi5KLE82LJYSO7KsvY7p/
Aq1D8kJUiMnqQfnsnVNpdBpN4vZmLMe7MVOcQFsRmqZ0WL5RFrsQOXTZfuUxoavK
9uk0q1JnwWZ7SU6e/m8+uAKIeowa9deO/z5zLvHSCsrkW4b6IxNQ1xumNd1Wuq4R
g+DnKz0TloMvvPVDF8iYwLQgNoJZlFC1ku8QbpdwYnc5rcllZ3M/E8QW4UmBvzXj
FmIHlh1dBy4VYmuKhENTVxzUYeLKbaD4fXmBd5N3Wt0I3bMr6MY=
=K3V9

[Grant Taylor]

On 6/15/22 3:40 AM, Dan Purgert wrote:
> I suppose it depends on the carrier, and the setup / future plans.

Yep.

> The ones I've worked with are pretty universally "no", outside of the
> reserved / business accounts (as would I be, if I lived somewhere where
> I could actually compete as a carrier).

That's been my experience too.

Though said reserved / business accounts tend to be one or more levels
up from residential access to the Internet (atti) and are instead native
be on the Internet (boti). As such, forwarding via CGNAT isn't an issue
because CGNAT isn't in play.

> Long story short is that they have NAT pools from their CGN-space
> to the public internet, in order to avoid issues where popular
> websites/services will reject the customer for "too many
> connections". That being said, they do offer ipv6 options.

ACK

[Grant Taylor]

On 6/15/22 3:57 AM, Dan Purgert wrote:
> It's a mix of both -- remember that the "small carrier" who is forced
> into using CGNAT may only have a /28's worth of actual public IPv4
> addresses for their customers to share. Maybe even less.

I am surprised by the carrier only having a /28. I was naively thinking
that just about all small ISPs would have at least one /24 and be
participating in BGP with one (or more) upstream providers.

The /28 with it's own default gateway makes me think of something like
an individual providing / reselling access to neighbors and / or hotels
/ businesses using a /28 for their use and guest internet access.

I'm inclined to stick with the /24+BGP as the smallest end of a
traditional ISP.

> Things get messy when you've got multiple households hitting the
> internet from the same public IP address.

I'm well aware.

> What, exactly, do you mean here by "same set of endpoints" ?

Think about the Venn diagram of the overlap of IPv4 and / or IPv6
connectivity. You have different sets of endpoints (clients / servers)
in the IPv4 and IPv6 circles, plus the overlap in the middle. IPv4
/only/ endpoints can't talk to IPv6 /only/ endpoints.

Aside: I consider middle boxes that do protocol translation as negating
the /only/ aspect because they make the /only/ become a pseudo dual
protocol.

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Grant Taylor wrote:

> On 6/15/22 3:57 AM, Dan Purgert wrote:
>> It's a mix of both -- remember that the "small carrier" who is forced
>> into using CGNAT may only have a /28's worth of actual public IPv4
>> addresses for their customers to share. Maybe even less.
>
> I am surprised by the carrier only having a /28. I was naively thinking
> that just about all small ISPs would have at least one /24 and be
> participating in BGP with one (or more) upstream providers.

Yeah, but /24s are hard to come by, and not cheap -- about $55 per
address, and (at least in the US) require proof you need it/will
actually utilize it in the coming year (or something to that effect) --
so not something a startup / small WISP can necessarily get.

So, they get a contract with a transit carrier, who hands off a slice of
something they own. I mean, you gotta start somewhere ...

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmKq970ACgkQbWVw5Uzn
KGClpg//XGz42u0aYxK/gLDfpfJ6jAoeQ9fvNyWhvGQ3/MJZyRiUO0qySmDtw3oS
0D89Up+a/g21Hw9eSsEyRScGmKMN9AT+krl65HYPQRtGm1X50zBxPfXYm88eJZpR
QRZHxhybdBGQKIuONhKQ3ZBLUT8eROkZc/uF0pi6aGblzc0MnTJD+L4uBYvLoXxs
1pfqLYiX7pbHpruQN6FK/5nmJCqiW4u1uPMxnqWuUwCwWwwWCwqyBdQTcz008hMy
Kw1ZT4VQaeF3Nh3WA14cJLpaUuBc+aQpwGkKWcP3x79sWyjKkQ4H26vsvvNWJ/Rs
JqdxqO+jWeJoYFLVMnoj3CklK4Dqim2Vk/68IUeidhlRxeKM1c/GA2JSGvzMKpOj
/d4tg8YsoPL3mdQwUQY1s9CQ96VjCEieed7HhJMmn5dOtrLoJkb45Kt0h4xVv9fn
iP47XSCpgtErUmv9PwiswifxBwFcdQ7WnVbNXOhKqRLuqMcW9W9IFMNcMuk0Iwb1
FH4Cn9bbFPpctFs1IAbFCEnDm9x91ErOgnzK7/+uYJCoUGEFsiay16RYXcsKZWBn
vgVWspraKdEnX8vdyFcRq34WHMsvlRFnulc7JiUQRz3/lAaK1OrLKXsvdFZ0lR7d
qvLSVpKpZeDoWZJfb97NkdvCYk7/sktx3cm8tmbJAYPCBOfNKSg=
=QB7i

[Grant Taylor]

On 6/16/22 3:28 AM, Dan Purgert wrote:
> So, they get a contract with a transit carrier, who hands off a slice
> of something they own. I mean, you gotta start somewhere ...

Agreed.

I just hadn't considered an ISP operating with less than a /24.

[meff]

On 2022-06-13, Marco Moock <mo...@posteo.de> wrote:
> Is is a problem of NAT itself. SIP isn't intended to run behind
> NAT/CG-NAT.

SIP is a pretty obnoxious protocol for many reasons other than its
inability to work behind CGNAT (not that I'm excusing CGNAT.) SDP
negotiation is challenging, ICE takes a really long time (though I
guess you're mostly using ICE for NAT hole-punching), and UDP RDP
streams suffer all sorts of issues. SIP ALG has been implemented
buggily by pretty much every consumer router manufacturer and VoIP
providers will send SIP over TLS just to stop ALG for mucking with
addresses. Ask me about the time I ran into MTU issues with UDP RDP
and how I debugged it. Ugh.

I wish these complicated VC stacks could just be replaced by a QUIC
based protocol with in-band data already. There's a reason why so many
livestreaming services these days go with RTMP instead of SIP despite
RTMP being an "ancient" protocol.