Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:Dual Homing Failover and IPv6 address aggregati (Score 1) 389

by Pentium100 (#49543317) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

your outgoing traffic will still be fine

That may not be fine as well, since unless IPv6 can cram both host IPs into the packet, existing sessions will get dropped (which may not happen with IPv4, since IPs stay the same). Also, that requires more complex firewall configuration (what's the probability that one of the IPs will not be entered?).

My back-of-a-napkin solution to this a few years ago was that there's an obvious business model for a few ISP to conspire to jointly provide dual-homing.

There are a few problems with this:
1. The ISPs must be willing to cooperate (unlike now, they only have to provide BGP access).
2. The customer still cannot change ISPs (now I can take my AS to another ISP if I do not like the current one or another pair of ISPs if I'm moving and the current ISPs do not provide service in the new location).
3. The failure of an ISP must trigger a BGP announce to stop traffic from coming to it. This may not happen. Currently we had multiple problems where the main ISP failed but did not announce that - out BGP router still though that the ISP is good. I had to write a script that checks if the internet is accessible and if not (for a few minutes) forces our BGP router to use the other ISP (done with prepends and priorities).

Comment: Re:How about basic security? (Score 1) 389

by Pentium100 (#49530885) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

No, it's not. A NAT router works as a good firewall straight out of the box, you may not even need to configure it other than setting the admin password. Uplink IP is configured using DHCP, the router has its own DHCP server for internal network and no incoming connections are allowed.

Comment: Re:Can't remember adresses (Score 1) 389

by Pentium100 (#49526351) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

I remember quite a few v4 IPs of my own machines, machines of the company I work for and of clients.

Adding all that to a DNS server would be a pain (either having one private server with all of them or adding to the servers of the appropriate client, assuming the client has a DNS server, some don't, after all a network of x Windows PCs and a single samba server does not really need DNS, especially if the network is just a bunch of Windows PCs with no server).

Comment: Re:I need a IPv6 firewall (Score 1) 389

by Pentium100 (#49526309) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

When a program does not work, I just run tcpdump (on both ends) and figure out the problem. A port scanner may only be able to scan a limited number of hosts at once, so if it spends a couple of hours trying to scan me, it won't scan others. Also, if the scanning is not automated (like a bot or virus) but is instead because somebody ran nmap, they might get bored and stop.

This is especially useful if the server does not have publicly accessible resources (that is, all incoming connections are limited by source IP). Dropping packets makes it look like that host isn't even there. Also useful in case of a DOS (that is not enough to completely saturate the uplink) as there are no packets going back.

Comment: Re:IPv6's day will come, but... (Score 1) 389

by Pentium100 (#49525343) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

switch to another ISP, it isn't as if ISPs are thin on the ground.

I have a few options, but AFAIK a lot of Americans do not (I do not live in the US). Even for me, since I live in an individual house it would be expensive o have another ISP get its fiber cable to me.

You _can_ allocate networks smaller than a /64, but you can't use SLAAC on such networks. That means you're stuck manually configuring devices or using DHCPv6

That's good to know, though it would mean that if I use Android devices I will have to type in the long v6 IPs even though IPv4 has shorter IPs AND DHCP works with all devices.

Though since I would still need NAT (for keeping the IPs when switching to a backup ISP), I guess that is not such a big problem and AFAIK NAT exists for v6 (though not one-to-many as I understand, so I would need a proxy server to make all outgoing connections look like they are from a single device).

Comment: Re:Can't remember adresses (Score 1) 389

by Pentium100 (#49523051) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

Takes longer to type, though maybe they will start making keyboards with hex numpads.

Also, to me, remembering a number and letter combination is more difficult than just number combination (I guess it's related to the numpad).

Besides, I never had to type external and internal IP at once. It's either the external IP (one, so not difficult to remember) or the internal IP (can be compressed as "the 192 subnet" 1 2)

Comment: Re:IPv6's day will come, but... (Score 1) 389

by Pentium100 (#49522779) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

So, the designers of IPv6 could not conceive that somebody could have less than 2^64 devices and still want to put them in separate networks? Well, I guess IPv4 was divided using classes in the past, but CIDR is great.

So now my ISP will have a say in how many internal networks I have? And this is supposed to be better than IPV4 with NAT?

Comment: Re:NAT is just bandaid (Score 1) 389

by Pentium100 (#49521873) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

NAT creates layers of indirection, and NAT makes machines not directly addressable.

Good. What if I want to have machines that are not directly addressable. Also, I may want to redirect the packets to various machines based on where it came from (internal network or outside).

With NAT, you'll end up needing to fumble with your router and open / redirect ports anyway, just to be sure that everything works as it should.

Which I will need to do with IPv6 just the same because I do not want to allow incoming connections by default.

Comment: Re: The answer has been clear (Score 1) 389

by Pentium100 (#49519739) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

So, how do you change ISPs but keep your IPs? For example in a failover situation.

Currently the company I work for has its own AS and a /23 of IPv4, that can get announced trough one or both ISPs that we use (in case one goes down). If one ISP goes down the traffic goes trough another quite quickly. How do you do this with IPv6?

Comment: Re:Probably best (Score 1) 649

by Pentium100 (#49517075) Attached to: Automakers To Gearheads: Stop Repairing Cars

Terrible mileage

Well, that results in paying more for the fuel, right? Most likely not as much as a single trip to the dealer with a new car though.
My car, for example, has been modified to run on LPG - it uses slightly more of it, but since the LPG costs less than half of what gasoline costs, the car approaches much newer cars in terms of Euros/100km.

If you're willing to put up with all that because you're just such a gearhead, why not just build your own car from the ground up?

I'm not that good with mechanics (can't even weld) , however, I want to keep a single car for a very long time. It is easier to do so with an old car that is easier to repair without going to the "authorized service" - there's a lot of things I can repair myself and any competent mechanic an repair the rest.

The authorized services overcharge by orders of magnitude. Once a "check engine" light came on in my mother's Nissan Primera P12, he dealer told her that the timing chain has to be replaced, but then it would be cheaper to replace the whole engine (~1600EUR). A mechanic (that I sometimes go to) plugged in his PC and said that it's just the crankshaft position sensor that has failed and if the timing chain was loose then the car would rattle like a bag of nails. Cost of repair - 160EUR for the sensor, 16EUR for replacement.

Dead? No excuse for laying off work.

Working...