Slashdot Mirror

BTW, the specific RIPE project doing this is test traffic measurements

10ms is not enough.

The same cocaine-addled financial industry that brought you the mortgage crisis is busy fighting a little undeclared network latency war as each trading house tries to get the lowest-latency network path to various financial exchanges around the world. Carriers with shorter fibre optic paths have been able to command price premiums upwards of $500/month per millisecond of decreased latency vs. their competition. Eventually the exchanges will just host trading houses' servers locally, everyone will be on a level playing field, and this fiasco will end.

Incidentally, the RIPE's RIS routing information & network latency measurement project also requires precision beyond what NTP can provide. Each of the 200 or so RIS servers has a physically attached GPS receiver in order to provide accurate sub-millisecond network latency measurements.

Not sure how accurate it is, but there is a Java-based test located at http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues

Where did you get that number? The IETF slides say something like 0.07%.

I don't have that Google statistic, but I do know that Wikimedia run similar tests on Wikipedia. Here are the test results, updated daily. As of today, 2010-03-28, an AAAA breaks the request 0.39% of the time for Wikipedia users.

Those tests are done in the background to users at random by a snippet of JavaScript on Wikipedia articles.

This Google presentation says Google would lose 0.1% of traffic if they added AAAA, though it's not presented particularly prominently, so take that with a grain of salt.

Either way, adding AAAA's will break your website for some people. In my opinion, though, the number is so small it's not worth worrying about, but each to his own, I guess. All this pain will be over soon anyway. Hopefully.

wwwillem is correct even with private IP's we can't necessarily address everything. Just ask Comcast who ran through the full 10.x.x.x/8 on their network and had to get space from ARIN for cable modem management. See the presentation below.

http://www.ripe.net/ripe/meetings/ripe-54/presentations/IPv6_management.pdf

[citation needed]

In 2003, RIPE NCC noted that estimates fell around 2012. I will grant you that 2003 is not 12 years ago, only 6, but that was a result on the first page of google for "IPv4 run-out estimates over time."

I'm unfamiliar with oil reserves and cold fusion research, but I'd like to see your justifications for those claims, too :-)

Where do you get the idea that Europe has no LIR's ? I think RIPE NCC would disagree.

According to this document, BIND 9 has issues including being monolithic, having a "Bad Process Model", Hard to Administer and Hard to Hack. That's not a good reputation to have.

To some extent, these issues apply to everything Linux save for the last point. I am waiting for the time these points will not apply to Linux and its associated software.

I must say that understanding BIND's configuration file was not that easy for me at first but after trying several times, I can say I am almost an expert. Things can be made simpler though. A text based interactive system could be of a lot of help. Tools like Webmin come in handy too though they require that a system be running initially.

acl BADGOV src 194.225.164.0 - 194.225.165.255
http_access deny BADGOV

This is using only the first block on that page. I'm not sure if I can format IP blocks like that. Someone please help.

Stop saying that everyone trusts everyone on the internet! ... I'm tired of hearing doomsday scenarios

Agree. However I must say: just because the parent post causes us to growl in disgust, doesn't mean they affect the rest.

Reason is, other Slashdot readers tend to be very mature, experienced and knowledgeable. They know the real vulnerabilities in the Internet (BGP and DNS), and they pay more attention to these matters. The doomsday speeches that annoy us to no end, doesn't affect them in the least bit.

---

The way most networks are run today is actually very secure.

Agree. The last time we had such an incident was a year ago (equivalent to 7 dog years) in the Hijacking of BGP routes to Youtube incident.

---

All we need is to shoot all the idiots who don't protect their computers and let them become a part of a botnet, because realistically that's by far the biggest danger for the Tubes right now.

Slashdot writers don't worry about botnets because they know how to

• filter DDoS at the ISP level.
• filter Worms at the Firewall/AntiVirus/Windows file sharing level.

On the other hand, Slashdot writers don't really have access to the BGP and DNS infrastructure. This worries them because they know the vulnerabilities in BGP and DNS. Therefore Slashdot people talk about BGP and DNS vulnerabilities, and "how tomorrow some 3 month old ISP in the Elbonia is going to bring down the whole internet".

Oh, heavens no, I'm glad there's no such thing for us.

Well, according to the latest stats from RIPE, Sweden has 17,574,560 IPv4 addresses allocated, so that's approximately 1.90 addresses per inhabitant, or 3.94 per household.

Of course, that doesn't take business users into account, but in our office we have three different companies on the same floor, all sharing the same public IPv4 address (our group actually uses a NAT behind the one sharing out the floor's public IP, and we use one or both of our corporate VPNs in any case), and our other 2 offices also each use a single public IP + NAT for their internal networks, if that tells you anything.

BTW, it appears that Denmark has the most IPv6 addresses allocated among all of the RIPE countries by a wide margin.

Everybody who's not a journalist should know that it's not true.

But how can I argue with that! Everyone who's not a journalist knows it's not true, well except the little fringe lunatic organization holding together the actual allocations of IPv4 addresses in Europe called RIPE, or the similar organizations all around the world. In fact, "There is now consensus among Regional Internet Registries that final milestones of the exhaustion process will be met in 2010 or 2011, at the latest, and a policy process has started for the end-game and post-exhaustion era."

]$ whois 86.128.88.75

[Querying whois.ripe.net] [whois.ripe.net] This is the RIPE Whois query server #1. The objects are in RPSL format.

Rights restricted by copyright.
See http://www.ripe.net/db/copyright.html

Note: This output has been filtered.
To receive output for a database update, use the "-B" flag.

Information related to '86.128.0.0 - 86.135.255.255'

inetnum: 86.128.0.0 - 86.135.255.255
remarks:
remarks: * Please send abuse reports to abuse@btbroadband.com *
remarks:
netname: BT-CENTRAL-PLUS
descr: IP pools
country: GB
admin-c: BTCP1-RIPE
tech-c: BTCP1-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@btbroadband.com
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered

role: BT CENTRAL PLUS - OPERATIONAL SUPPORT
remarks:
remarks: * Please send abuse reports to abuse@btbroadband.com *
remarks:
address: BT
address: Wholesale
address: UK
abuse-mailbox: abuse@btbroadband.com
admin-c: PC487-RIPE
tech-c: SR401-RIPE
nic-hdl: BTCP1-RIPE
mnt-by: BTNET-MNT
source: RIPE # Filtered

Information related to '86.128.0.0/10AS2856'

route: 86.128.0.0/10
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered

Information related to '86.128.0.0/12AS2856'

route: 86.128.0.0/12
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered

This story rings true. I worked for a company during the dot-com boom and just after which requested an allocation from RIPE (the European equivalent of ARIN). I was the designated & trained "LIR" (I think that was the term?).

We received 8,192 IP addresses. We actually had them authorized to us in blocks of 256 addresses, and each time we needed another 256 we had to go back to RIPE and justify the expansion. However it is my understanding that the full 8,192 addresses were reserved for us.

We ended up using 3 x 256 addresses, but after a later downturn in the fortunes of the company, even many of those went unused.

I left the company many many years ago. However I notice the company that acquired it is still using those 3 x 256 addresses, and the original 8,192 are still reserved at RIPE. The IP addresses are even registered to the name of a director who was ousted when the company was taken over, at a street address that the company hasn't occupied for many years.

Rich.

While there is no argument that this is a serious war, the fact that everyone here in the United States keeps thinking that Georgia is the state where General Sherman burned Atlanta to the group, now would be a good time to refere to Georgia (the country) by its pronounciation Sakartvelo (SAK-ART-VEH-LOH).

Another problem I have noticed is that the TLD acronym for Georgia (the country) is .ge. (Gabon has .ga).

The most concerning part about this war is the cyberattacks both from Russia and from Sakartvelo. I am interested to see the report from RIPE NCC about this situation.

Secondly, I am also concerned about how this war will affect neighboring countries of Armenia (south of Sakartvelo), Azerbaijan (east of Sakartvelo), Belarus (which has had some conflicts with Russia), Ukraine (which is also thinking of joining NATO).

Actually, IP address allocations are handled by ARIN (http://www.arin.net/) and other regional registries (like RIPE http://www.ripe.net/) and the NRO (http://www.nro.net/). If you consider them the Phone Company, then ICANN is simply the Yellow and White Pages.

Actually, some of the big ISPs have good reason to move. Comcast, for example, is deploying IPv6 infrastructure now.

Comcast is adding support for IPv6 network wide. Each Comcast cable modem is managed and thus has a public IP address in addition to the one allocated to the customer, furthermore, the rise of triple play and digital set top boxes means that these also require IPs. They were using NET-10 (10.x.y.z) but they *exhausted this space*. So now they have an even larger public block. Their migration strategy is to use it for managing modems remotely now, and when the market demands it will be easy to offer IPv6 service to customers since their entire backbone is already routing v6. Clearly this is a slow, ongoing process, but "real" ISPs have already recognized the need for it.

They started this process in 2005. Check out these presentations for more info:

http://www3.ietf.org/proceedings/05aug/slides/lrw-5.pdf

http://www.ripe.net/ripe/meetings/ripe-54/presentations/IPv6_management.pdf

I don't really know how they work

Then you need a crash course in the state of the art in DWDM technology.

Start here {PDF warning!}. You can skip the first part and start at page 23, the first part was covered on slashdot before. [Peter, you win the bandwidth DSW for now, I'll reclaim my crown soon]

There is an accompanying video {quicktime warning!}. The 4th year university physics course material starts at about 12 minutes in. This is basically a good summary reduced to MTV-generation attention span length.

the AC

I don't really know how they work

Then you need a crash course in the state of the art in DWDM technology.

Start here {PDF warning!}. You can skip the first part and start at page 23, the first part was covered on slashdot before. [Peter, you win the bandwidth DSW for now, I'll reclaim my crown soon]

There is an accompanying video {quicktime warning!}. The 4th year university physics course material starts at about 12 minutes in. This is basically a good summary reduced to MTV-generation attention span length.

the AC

I have been talking quite a bit with an economist who was in Rio all this week at the IGF. His take is more of watching what the economic situation will be when artificial, monopoly based, scarcity is introduced into the system. I can't wait to hear his take on the brazillian brawl this week.

Specifically, what happens to IPv4 address allocation when there is no longer any freely available netblocks. (Pay special attention to pages 27&29, and watch the accompanying video). New allocations will come from returned address pools, so a queuing system will have to be implemented at the RIR level. Starting up a new ISP, or expanding your customer base and need more address space after 2010, and your request will go into a FIFO queue.

Now, economists see two distinct futures for a market based on scarcity. One is where cooperation and fairness ensure that everyone gets along, which is the current internet model, and the other is known as the "University of Chicago School of Free Market Uber Alles^W^W^W^WEconomics" government enforced monopoly, where a few select companies are allowed to charge whatever the market will bear with no real competition or alternatives. Maybe a US government sanctioned company called IPbay will become the sole broker to trade netblocks.

In the first scenario, the internet continues to function as it does now, companies needing new addresses will have longer and longer waits and will have to adjust their business plans accordingly. Into a system like this, where address space could be traded, stolen, pirated or worse, RIRs have no real powers to stop it falling into total anarchy. Except, the IETB, IANA, the RIRs, have a new tool in their arsenal to combat anarchy, called DNSSEC.

In the second scenario, one, or a very few, private companies based in the US, of course, take over the entire market for buying and selling IPv4 address space. Want to keep that nice /16 you are using? It will cost you $BIGNUM/month in rental fees, or we give it to someone else. Those controlling companies will also use DNSSEC to control who has the right to announce a prefix.

For router engineers, those who work with BGP and AS numbers on a regular basis, things have been pretty quiet until now. A few bogon filters, and you just generally believe whatever gets fed to you. The internet is mostly "best effort" and if some traffic doesn't reach it's goal, there isn't much that can be done beyond some simple tuning. There is some routing data in the routing registries, but it's rarely up to date and the accuracy depends on whatever random person did the update.

But in a few years, when companies start to get desperate for IPv4 address space NOW!, and can't wait for a proper allocation, they'll steal or buy a prefix. Companies with a large allocation not completely used will renumber internally, and sell the right to announce half their prefix to they highest bidder. Or companies will just find part of an unused block and announce it. Total anarchy! The most conservative estimates for 2012 with rampant de-aggregation and without DNSSEC is that the routing table will exceed 2,000,000 prefixes. Not much routing equipment out there today will be able to cope with that.

With DNSSEC, there will be cryptographically signed certificates [pdf warning]for every allocation from an RIR[quicktime warning]. When you build your routing table in BGP, you will verify every prefix for origin and valid neighbors based on certificates stored in the RIR whois/routing registry. This will prevent the anarchy part of stealing a prefix and announcing it in the wrong AS. This wil

I have been talking quite a bit with an economist who was in Rio all this week at the IGF. His take is more of watching what the economic situation will be when artificial, monopoly based, scarcity is introduced into the system. I can't wait to hear his take on the brazillian brawl this week.

Specifically, what happens to IPv4 address allocation when there is no longer any freely available netblocks. (Pay special attention to pages 27&29, and watch the accompanying video). New allocations will come from returned address pools, so a queuing system will have to be implemented at the RIR level. Starting up a new ISP, or expanding your customer base and need more address space after 2010, and your request will go into a FIFO queue.

Now, economists see two distinct futures for a market based on scarcity. One is where cooperation and fairness ensure that everyone gets along, which is the current internet model, and the other is known as the "University of Chicago School of Free Market Uber Alles^W^W^W^WEconomics" government enforced monopoly, where a few select companies are allowed to charge whatever the market will bear with no real competition or alternatives. Maybe a US government sanctioned company called IPbay will become the sole broker to trade netblocks.

In the first scenario, the internet continues to function as it does now, companies needing new addresses will have longer and longer waits and will have to adjust their business plans accordingly. Into a system like this, where address space could be traded, stolen, pirated or worse, RIRs have no real powers to stop it falling into total anarchy. Except, the IETB, IANA, the RIRs, have a new tool in their arsenal to combat anarchy, called DNSSEC.

In the second scenario, one, or a very few, private companies based in the US, of course, take over the entire market for buying and selling IPv4 address space. Want to keep that nice /16 you are using? It will cost you $BIGNUM/month in rental fees, or we give it to someone else. Those controlling companies will also use DNSSEC to control who has the right to announce a prefix.

For router engineers, those who work with BGP and AS numbers on a regular basis, things have been pretty quiet until now. A few bogon filters, and you just generally believe whatever gets fed to you. The internet is mostly "best effort" and if some traffic doesn't reach it's goal, there isn't much that can be done beyond some simple tuning. There is some routing data in the routing registries, but it's rarely up to date and the accuracy depends on whatever random person did the update.

But in a few years, when companies start to get desperate for IPv4 address space NOW!, and can't wait for a proper allocation, they'll steal or buy a prefix. Companies with a large allocation not completely used will renumber internally, and sell the right to announce half their prefix to they highest bidder. Or companies will just find part of an unused block and announce it. Total anarchy! The most conservative estimates for 2012 with rampant de-aggregation and without DNSSEC is that the routing table will exceed 2,000,000 prefixes. Not much routing equipment out there today will be able to cope with that.

With DNSSEC, there will be cryptographically signed certificates [pdf warning]for every allocation from an RIR[quicktime warning]. When you build your routing table in BGP, you will verify every prefix for origin and valid neighbors based on certificates stored in the RIR whois/routing registry. This will prevent the anarchy part of stealing a prefix and announcing it in the wrong AS. This wil

I have been talking quite a bit with an economist who was in Rio all this week at the IGF. His take is more of watching what the economic situation will be when artificial, monopoly based, scarcity is introduced into the system. I can't wait to hear his take on the brazillian brawl this week.

Specifically, what happens to IPv4 address allocation when there is no longer any freely available netblocks. (Pay special attention to pages 27&29, and watch the accompanying video). New allocations will come from returned address pools, so a queuing system will have to be implemented at the RIR level. Starting up a new ISP, or expanding your customer base and need more address space after 2010, and your request will go into a FIFO queue.

Now, economists see two distinct futures for a market based on scarcity. One is where cooperation and fairness ensure that everyone gets along, which is the current internet model, and the other is known as the "University of Chicago School of Free Market Uber Alles^W^W^W^WEconomics" government enforced monopoly, where a few select companies are allowed to charge whatever the market will bear with no real competition or alternatives. Maybe a US government sanctioned company called IPbay will become the sole broker to trade netblocks.

In the first scenario, the internet continues to function as it does now, companies needing new addresses will have longer and longer waits and will have to adjust their business plans accordingly. Into a system like this, where address space could be traded, stolen, pirated or worse, RIRs have no real powers to stop it falling into total anarchy. Except, the IETB, IANA, the RIRs, have a new tool in their arsenal to combat anarchy, called DNSSEC.

In the second scenario, one, or a very few, private companies based in the US, of course, take over the entire market for buying and selling IPv4 address space. Want to keep that nice /16 you are using? It will cost you $BIGNUM/month in rental fees, or we give it to someone else. Those controlling companies will also use DNSSEC to control who has the right to announce a prefix.

For router engineers, those who work with BGP and AS numbers on a regular basis, things have been pretty quiet until now. A few bogon filters, and you just generally believe whatever gets fed to you. The internet is mostly "best effort" and if some traffic doesn't reach it's goal, there isn't much that can be done beyond some simple tuning. There is some routing data in the routing registries, but it's rarely up to date and the accuracy depends on whatever random person did the update.

But in a few years, when companies start to get desperate for IPv4 address space NOW!, and can't wait for a proper allocation, they'll steal or buy a prefix. Companies with a large allocation not completely used will renumber internally, and sell the right to announce half their prefix to they highest bidder. Or companies will just find part of an unused block and announce it. Total anarchy! The most conservative estimates for 2012 with rampant de-aggregation and without DNSSEC is that the routing table will exceed 2,000,000 prefixes. Not much routing equipment out there today will be able to cope with that.

With DNSSEC, there will be cryptographically signed certificates [pdf warning]for every allocation from an RIR[quicktime warning]. When you build your routing table in BGP, you will verify every prefix for origin and valid neighbors based on certificates stored in the RIR whois/routing registry. This will prevent the anarchy part of stealing a prefix and announcing it in the wrong AS. This wil

I have been talking quite a bit with an economist who was in Rio all this week at the IGF. His take is more of watching what the economic situation will be when artificial, monopoly based, scarcity is introduced into the system. I can't wait to hear his take on the brazillian brawl this week.

Specifically, what happens to IPv4 address allocation when there is no longer any freely available netblocks. (Pay special attention to pages 27&29, and watch the accompanying video). New allocations will come from returned address pools, so a queuing system will have to be implemented at the RIR level. Starting up a new ISP, or expanding your customer base and need more address space after 2010, and your request will go into a FIFO queue.

Now, economists see two distinct futures for a market based on scarcity. One is where cooperation and fairness ensure that everyone gets along, which is the current internet model, and the other is known as the "University of Chicago School of Free Market Uber Alles^W^W^W^WEconomics" government enforced monopoly, where a few select companies are allowed to charge whatever the market will bear with no real competition or alternatives. Maybe a US government sanctioned company called IPbay will become the sole broker to trade netblocks.

In the first scenario, the internet continues to function as it does now, companies needing new addresses will have longer and longer waits and will have to adjust their business plans accordingly. Into a system like this, where address space could be traded, stolen, pirated or worse, RIRs have no real powers to stop it falling into total anarchy. Except, the IETB, IANA, the RIRs, have a new tool in their arsenal to combat anarchy, called DNSSEC.

In the second scenario, one, or a very few, private companies based in the US, of course, take over the entire market for buying and selling IPv4 address space. Want to keep that nice /16 you are using? It will cost you $BIGNUM/month in rental fees, or we give it to someone else. Those controlling companies will also use DNSSEC to control who has the right to announce a prefix.

For router engineers, those who work with BGP and AS numbers on a regular basis, things have been pretty quiet until now. A few bogon filters, and you just generally believe whatever gets fed to you. The internet is mostly "best effort" and if some traffic doesn't reach it's goal, there isn't much that can be done beyond some simple tuning. There is some routing data in the routing registries, but it's rarely up to date and the accuracy depends on whatever random person did the update.

But in a few years, when companies start to get desperate for IPv4 address space NOW!, and can't wait for a proper allocation, they'll steal or buy a prefix. Companies with a large allocation not completely used will renumber internally, and sell the right to announce half their prefix to they highest bidder. Or companies will just find part of an unused block and announce it. Total anarchy! The most conservative estimates for 2012 with rampant de-aggregation and without DNSSEC is that the routing table will exceed 2,000,000 prefixes. Not much routing equipment out there today will be able to cope with that.

With DNSSEC, there will be cryptographically signed certificates [pdf warning]for every allocation from an RIR[quicktime warning]. When you build your routing table in BGP, you will verify every prefix for origin and valid neighbors based on certificates stored in the RIR whois/routing registry. This will prevent the anarchy part of stealing a prefix and announcing it in the wrong AS. This wil

The RIPE NCC's Special Projects group have been offering sub-microsecond latency/jitter/analytical services to ISPs for years. Their data is invaluable and unique, since it measures latency, jitter and packetloss in a single direction (unlike ICMP Ping, which is a round-trip measurement over an asymmetric path) and goes back at least to 2000. The paper claims accuracy to 0.0006 ms, which was good for the time when the product was designed.

Read about the project here and the paper on TTM [pdf] that was presented at the PAM2001 conference.

(This isn't what Corvil do.)

The RIPE NCC's Special Projects group have been offering sub-microsecond latency/jitter/analytical services to ISPs for years. Their data is invaluable and unique, since it measures latency, jitter and packetloss in a single direction (unlike ICMP Ping, which is a round-trip measurement over an asymmetric path) and goes back at least to 2000. The paper claims accuracy to 0.0006 ms, which was good for the time when the product was designed.

Read about the project here and the paper on TTM [pdf] that was presented at the PAM2001 conference.

(This isn't what Corvil do.)

The RIPE NCC's Special Projects group have been offering sub-microsecond latency/jitter/analytical services to ISPs for years. Their data is invaluable and unique, since it measures latency, jitter and packetloss in a single direction (unlike ICMP Ping, which is a round-trip measurement over an asymmetric path) and goes back at least to 2000. The paper claims accuracy to 0.0006 ms, which was good for the time when the product was designed.

Read about the project here and the paper on TTM [pdf] that was presented at the PAM2001 conference.

(This isn't what Corvil do.)

The RIPE NCC's Special Projects group have been offering sub-microsecond latency/jitter/analytical services to ISPs for years. Their data is invaluable and unique, since it measures latency, jitter and packetloss in a single direction (unlike ICMP Ping, which is a round-trip measurement over an asymmetric path) and goes back at least to 2000. The paper claims accuracy to 0.0006 ms, which was good for the time when the product was designed.

Read about the project here and the paper on TTM [pdf] that was presented at the PAM2001 conference.

(This isn't what Corvil do.)

The RIPE NCC's Special Projects group have been offering sub-microsecond latency/jitter/analytical services to ISPs for years. Their data is invaluable and unique, since it measures latency, jitter and packetloss in a single direction (unlike ICMP Ping, which is a round-trip measurement over an asymmetric path) and goes back at least to 2000. The paper claims accuracy to 0.0006 ms, which was good for the time when the product was designed.

Read about the project here and the paper on TTM [pdf] that was presented at the PAM2001 conference.

(This isn't what Corvil do.)

Connectivity do that IP is directly provided, in Amsterdam, by companies that operate in the US that could be sued, in US or Netherlands, for indirect profit from piracy or forced to cease their service to PirateBay (check your traceroutes).

DNS can resolve diferently for some because of Round Robin, but they do have servers in Nederlands which are supported by companies that operate in the US.

Given that they're still giving away IP addresses freely (my ISP threw in 16 even though I only wanted 8, 'just in case') I don't think there's much push for it. NAT has basically made one IP per household (so the old bugaboo of IP enabled toasters eating all the space has gone away).

As of Jan 2007 about 35% of the total ipv4 address space is still unallocated (source: http://www.ripe.net/ripe/maillists/archives/ipv6-w g/2007/msg00001.html)

The US alone holds 57% of the allocated space so there's *huge* scope for releasing more space - the rest of the world seems to have no problems with its much smaller usage.

graphs here

Anyway, I think it'll still be a very searchable space - there are a relatively small number of ISPs and the way most give out addresses is not going to be random.

I'm sure there will be sites doing the following sort of stuff for IPv6:
http://www.cidr-report.org/cgi-bin/as-report?as=AS 12222
http://www.ripe.net/whois?searchtext=AS3292&form_t ype=simple

Also is the common method of ipv6 autoconfig random? Or is it based on the MAC? If it is based on the MAC then that narrows things down even more.

Basically if the advantages of IPv6 are used then everyone gets to be a "peer", that probably means that people running such servers will want to make it easy for others to find their servers (or zombies ;) ).

If "users" don't get to run their own servers, then it sounds a bit like NAT + IPv4 ;).

http://www.ripe.net/nicdb.html Yup. Some of us have have their own networks. No gnomes were harmed during typing this information.

ISPs pay for their address space
No... they don't.

Sigh... another troll, guess I got baited, but:

See, there's this thing called The Internet, and Google, and AOL, and CNN are all on it. We all agree that that thing is called the Internet.

On IPV6, there's nobody.

Who is this "we" that you are talking about? Obviously you are not on any IETF working groups as you are completely ignorant of the fact that IPv6 is a DOCUMENTED STANDARD that is ALREADY IS USE on the Internet! (See stupid comment about: "IPV6 is just a misnomer")

So it is obvious that you are not part of the "we" that "agree that that thing is called the Internet". You are just an end user, who knows very little about networking. Sit back and enjoy the ride, leave network engineering to those of us with a clue. When WE decide to move everything over to IPv6 YOU will follow. Or you can stop using the network, your choice really...

Oh, and if you bothered to do any research before opening your mouth and claiming Google is "on your side", you may want to check into the fact that Google already own IPv6 space!

Way to go cheese!

Check out RIPE's WHOIS for 131.188.40.90. openlinux.org is hosted at a university in Neurnberg, Germany. Bogus.

-h-

It would also help to complain to the ISP. In this case: $ping 1342912795 PING 1342912795 (80.11.57.27) 56(84) bytes of data. 64 bytes from 80.11.57.27: icmp_seq=0 ttl=242 time=482 ms 64 bytes from 80.11.57.27: icmp_seq=1 ttl=242 time=481 ms --- 1342912795 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1009ms rtt min/avg/max/mdev = 481.824/482.169/482.514/0.345 ms, pipe 2 $whois 80.11.57.27 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Note: the default output of the RIPE Whois server % is changed. Your tools may need to be adjusted. See % http://www.ripe.net/db/news/abuse-proposal-2005033 1.html % for more details. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '80.11.57.0 - 80.11.57.127' inetnum: 80.11.57.0 - 80.11.57.127 netname: IP2000-ADSL-BAS descr: BSREI105 Reims Bloc1 country: FR admin-c: WITR1-RIPE tech-c: WITR1-RIPE status: ASSIGNED PA remarks: for hacking, spamming or security problems send mail to remarks: postmaster@wanadoo.fr AND abuse@wanadoo.fr mnt-by: FT-BRX source: RIPE # Filtered I have already mailed abuse@wanadoo.fr (though given Wanadoo's reputation...)
The original post hit the lameness filter. Irritating. Hopefully, this adds enough characters that the lameness filter works.

It would also help to complain to the ISP. In this case: $ping 1342912795 PING 1342912795 (80.11.57.27) 56(84) bytes of data. 64 bytes from 80.11.57.27: icmp_seq=0 ttl=242 time=482 ms 64 bytes from 80.11.57.27: icmp_seq=1 ttl=242 time=481 ms --- 1342912795 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1009ms rtt min/avg/max/mdev = 481.824/482.169/482.514/0.345 ms, pipe 2 $whois 80.11.57.27 [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Note: the default output of the RIPE Whois server % is changed. Your tools may need to be adjusted. See % http://www.ripe.net/db/news/abuse-proposal-2005033 1.html % for more details. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '80.11.57.0 - 80.11.57.127' inetnum: 80.11.57.0 - 80.11.57.127 netname: IP2000-ADSL-BAS descr: BSREI105 Reims Bloc1 country: FR admin-c: WITR1-RIPE tech-c: WITR1-RIPE status: ASSIGNED PA remarks: for hacking, spamming or security problems send mail to remarks: postmaster@wanadoo.fr AND abuse@wanadoo.fr mnt-by: FT-BRX source: RIPE # Filtered I have already mailed abuse@wanadoo.fr (though given Wanadoo's reputation...)
The original post hit the lameness filter. Irritating. Hopefully, this adds enough characters that the lameness filter works.

A lot is happening with DNSSEC these days. It is being deployed in the ccTLD for Sweden: ".se" Check out

http://dnssec.nic.se/

Tutorial/howto: http://www.ripe.net/disi/dnssec_howto/

$ dig @bind.dnssec.se www.ripe.net +retry=1 +dnssec +multiline
and look for the "flags" to include "ad": ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

http://www.dnssec-deployment.org/
  Threat Analysis Of The Domain Name System
    IETF RFC 3833 http://www.rfc-archive.org/getrfc.php?rfc=3833

Cache poisoning, in the wild:
      http://isc.sans.org/presentations/dnspoisoning.php
      http://www.dnssec-deployment.org/epi.htm

http://www.dnssec.net/

> ICANN seems to forget some things, it is wholy supported by the US government on US soil.

What do you mean by supported? If you mean by "supported", the current state of things is supported (preferred) by the US government, then you are right. If you mean with "supported" paid, then maybe you can show me in the budget the paycheck is listed, because I can't find it.

From what I've heard, 2/3 of the funding of the ICANN comes from Europe.

> I would not underestimate the US influence, but nor do I fear it.

Which people rebelled against taxation without representation? And why? Because they feared the English influence?

"Waiting For The Valerie Plame Wilson Grand Jury: The Big Question Is Whether Dick Cheney Was a Target"

"2 Brits nabbed with $3 trillion in fake US fed notes"

Robert

At RIPE-51 Geoff Huston gave a presentation about the IPv4 address lifetime: http://www.ripe.net/ripe/meetings/ripe-51/presenta tions/uploads/Wednesday/huston-ipv4_address_lifeti me_revisited.pdf

The presentation has a lot of nice graphs, gives estimations of address exhaustion based on Geoff's models, and talks a little about what could happen after IANA and the RIRs run out of addresses.

See http://www.ripe.net/ripe/meetings/ripe-51/presenta tions/pdf/ripe51-ipv4-lifetime-rev.pdf.

You can multihome with a PA (provider allocated) address space, it may even be more reliable (if anyone refuses to route to you they'll route to one of your ISPs), but we're using a PI (provider independant) address space. We have a /24, which seems to be routable from just about everywhere.

It wasn't too hard to get, we just had to write some blurb justifying it. We're not big, 6 employees, ~1000 customers, ~1.5M EUR annual billing.

See this for the RIPE's policies on this stuff.

Where did you get the idea that US was ever "authorized" by the UN to invade Iraq?

I guess the difference between you and most Americans is that we don't think we need the UN's permission to wipe our ass.

Something like the ITU is simply inevitable and necessary for it is simply impossible for the US to be in charge of asssigning phone numbers in, say, Russia, which is what the present scheme amounts to.

We assign IP addresses and domain names in Russia? That's funny. I was under the impression that responsibility was delegated to regional IP and domain name registries. Ya, know, like these guys?

Only because ISPs in other countries have not asked for lots of addresses.

Ah, but they have - but they're asking for IPv6 addresses, not IPv4 addresses.

Since IP addresses are allocated out of a common worldwide pool, everybody will run out more-or-less at the same time.

Those who grabbed the most addresses when they were available suffer the least when the crunch comes - they just reallocate them more efficiently, and use NAT more aggressively. Countries with a very small IPv4 address per person ratio, on the other hand, will switch to IPv6.

Hopefully once all the addresses are allocated they will be privatized so that ISPs can trade address blocks, leading to a more efficient allocation.

1. Collect lots of logs with client IP addresses and User Agents from various popular web sites.
   Since www.visitorville.com is in the business of providing web stats, they are probably aggregating stats from many of their customers.
   
2. Get the mapping of which IP address blocks are owned by which companies.
   You can get them the registries (e.g., ARIN, RIPE , APNIC) by asking nicely and agreeing to use them for marketing.
3. Write some software that dissects user agents and OS from the User-Agent value and counts occurrences per per IP address block owner.

Move to Europe.

The AMSix is a major IPv6 peering point, where many of their clients offer IPv6 to customers.

Nerim is a major provider in France. They offer IPv6 natively to all their home users, just enable it on your router/firewall.

The UK has any number of IPv6 capable ISPs (blech, puke), you just have to keep an eye on their internal support groups for help from those who have managed to make it work. Tunnels are always a way around broken providers, but are not an answer to your question.

There are a number of other transit and peering providers all over Europe who provide IPv6, and the ISPs are all starting to follow along. Demand only started when a handful of providers realised their was a large enough market for extra added services, even though very few customers made it an important item. The problem with IPv6 is that there is no WOW! factor, it just works as well as IPv4, transparently, and currently doesn't bring any new features to the internet that users can see.

Completely off topic...
I had a great time at CeBit this year, talking to the chinese ADSL modem makers. After asking if thier boxes supported IPv6, I then told them I needed 20,000 boxes right away for a small scale test, but only with a product with IPv6 enabled right out of the box, no upgrades allowed. Once I started talking about the 20-40 million unit market over the next year, you could see their eyes light up. But if they offered an upgrade within a few weeks (in other words, they'd have their coders pull some all-nighters), I'd walk off to find another with IPv6 already built in. I have a feeling that next year there will be dozens of small ADSL routers with IPv6 capability. Once we can get cheap ADSL routers with IPv6 as a checklist item, ISPs will start offering it.

In the U.S., the term for your situation is TSOL.

the AC