www.apache.org with IPv6, not reachable ?

On Sat, 30 May 2009, Gert Doering wrote:

> Hi,
>
> On Thu, May 28, 2009 at 03:27:45PM +0200, Wim Biemolt wrote:
>> Last time we mentiond this issue to them they replied
>>
>> ===
>>
>> Yes, we have moved services back to XXXXXX (which doesn't have IPv6
>> right now  :(  ), because we are upgrading xxxxxx.apache.org, the
>> machine that normally hosts the website.
>>
>> ===
>
> IPv6 *is* "Rocket Science", after all... like "removing AAAA entries
> when you know the machine will be down for a week"...
>
> *sigh*
>
> Gert Doering
>        -- NetMaster
> -- 
> Total number of prefixes smaller than registry allocations:  128645
>
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
>

www.apache.org with IPv6, not reachable ?

On Sat, 2009-05-30 at 13:37 +0200, Gert Doering wrote:
> IPv6 *is* "Rocket Science", after all... like "removing AAAA entries
> when you know the machine will be down for a week"...

Come on, you can't expect the guys behind apache.org to understand
everything about the internets! ;)

--

-- 
Mark Schouten, Unix/NOC-engineer
BIT BV      | info <at> bit.nl | +31 318 648688
MS8714-RIPE | B1FD 8E60 A184 F89A 450D  A128 049B 1B19 9AD6 17FF

All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

In a conversation with my DNS admin, he brought up the fact that RFC3513
seems to forbid using a subnet size other than /64 AS WELL as using
anything other than EUI-64 to determine the host ID of an address.

In RFC3513: http://www.ietf.org/rfc/rfc3513.txt
Section 2.5.4 Paragraph 2:

"All global unicast addresses other than those that start with binary
   000 have a 64-bit interface ID field (i.e., n + m = 64), formatted as
   described in section 2.5.1.  Global unicast addresses that start with
   binary 000 have no such constraint on the size or structure of the
   interface ID field."

Given 2001::/8 and 2620::/8 fit this criteria, it seems that the
interface ID or HOST portion of an IPv6 address must be 64-bits long and
formatted in accordance to section 2.5.1.

Section 2.5.1 Paragraph 3:
"For all unicast addresses, except those that start with binary value
   000, Interface IDs are required to be 64 bits long and to be
   constructed in Modified EUI-64 format."

The way I read it seems to imply staticly assigned IPv6 addresses are
forbidden. Which puts a damper on securing the coveted DEAD:BEEF address
for my workstation.

I have not understood this to be true and have experienced practice
where this is absolutely not met. I see /126s for p-t-p links, static
DNS servers, static web servers, etc, etc.

Re: All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

Re: All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

On Tue, 2 Jun 2009, Erik Kline wrote:

> Also: 3513 was obsoleted by http://tools.ietf.org/html/rfc4291 (one 
> reason I prefer the tools.ietf.org links).

>From 2.5.4 in RFC4291:

"All Global Unicast addresses other than those that start with binary
    000 have a 64-bit interface ID field (i.e., n + m = 64), formatted as
    described in Section 2.5.1.  Global Unicast addresses that start with
    binary 000 have no such constraint on the size or structure of the
    interface ID field."

This still seems to imply that you really have to have a 64bit interface 
ID field in there, formatted per 2.5.1. So how does /126 fit into that?

--

-- 
Mikael Abrahamsson    email: swmike <at> swm.pp.se

Re: All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

On Tue, Jun 02, 2009 at 09:18:57PM +0200, Mikael Abrahamsson wrote:
> On Tue, 2 Jun 2009, Erik Kline wrote:
> 
> >Also: 3513 was obsoleted by http://tools.ietf.org/html/rfc4291 (one 
> >reason I prefer the tools.ietf.org links).
> 
> >From 2.5.4 in RFC4291:
> 
> "All Global Unicast addresses other than those that start with binary
>    000 have a 64-bit interface ID field (i.e., n + m = 64), formatted as
>    described in Section 2.5.1.  Global Unicast addresses that start with
>    binary 000 have no such constraint on the size or structure of the
>    interface ID field."
> 
> This still seems to imply that you really have to have a 64bit interface 
> ID field in there, formatted per 2.5.1. So how does /126 fit into that?
> 
> -- 
> Mikael Abrahamsson    email: swmike <at> swm.pp.se

	kind of points out that the folks who did the RFC's lost touch
	with operational reality some time ago.

--bill

Re: All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

  Are you going to start the /126 vs /64 pt-to-pt discussion  
again? :) :)

Enough people do /126s and most products support it that I've come  
across.  Although someone once did tell me "If you want to make sure  
it works use /64s".

I typically look at what products do and while most try and conform  
to RFCs there's plenty of deviations.

- merike

On Jun 2, 2009, at 12:18 PM, Mikael Abrahamsson wrote:

> On Tue, 2 Jun 2009, Erik Kline wrote:
>
>> Also: 3513 was obsoleted by http://tools.ietf.org/html/rfc4291  
>> (one reason I prefer the tools.ietf.org links).
>
>> From 2.5.4 in RFC4291:
>
> "All Global Unicast addresses other than those that start with binary
>    000 have a 64-bit interface ID field (i.e., n + m = 64),  
> formatted as
>    described in Section 2.5.1.  Global Unicast addresses that start  
> with
>    binary 000 have no such constraint on the size or structure of the
>    interface ID field."
>
> This still seems to imply that you really have to have a 64bit  
> interface ID field in there, formatted per 2.5.1. So how does /126  
> fit into that?
>
> -- 
> Mikael Abrahamsson    email: swmike <at> swm.pp.se
>

Re: All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

> Section 2.5.1 Paragraph 3:
> "For all unicast addresses, except those that start with binary value
>    000, Interface IDs are required to be 64 bits long and to be
>    constructed in Modified EUI-64 format."
> 
> The way I read it seems to imply staticly assigned IPv6 addresses are
> forbidden. Which puts a damper on securing the coveted DEAD:BEEF address
> for my workstation.

Read also paragraph 4. Staticly assigned addresses are OK.

Andras

Re: All Subnets must be /64, all hosts must use EUI-64? (According to RFC3513)

Ryan Harden wrote:
> Section 2.5.1 Paragraph 3:
> "For all unicast addresses, except those that start with binary value
>    000, Interface IDs are required to be 64 bits long and to be
>    constructed in Modified EUI-64 format."

Check out RFC 4291[1], appendix A for more information on constructing
those identifiers. Long story short, creation from a 48-bit MAC
identifier is just one way of doing it. You are also free to choose your
own, as long as it is unique on the subnet prefix.

[1] http://tools.ietf.org/html/rfc4291

www.apache.org with IPv6, not reachable ?