A T1 is 1.5 Mbps. Using a reasonable quality codec like G.729ab means you can fit 85 to 100 simultaneous calls into a single T1. Certainly you could stick to G.711 a/u-Law codec and have slightly better quality than G.729ab, and even with signalling overhead (either H.323 or SIP), you could fit 22 simultaneous calls into a T1.
These numbers comes from a real, working system. It's right now passing 85 calls, and consuming 1.5 Mbps. This particular VoIP router is sitting on an E1 (2Mbps) and can pass a maximum of 120 calls.
Are T1 circuits in the U.S. still so expensive? Do carriers charge more for an unframed data circuit than a PRI phone circuit? (which sounds bassackwards, but it's the new unregulated America where anything can happen) Average price for an E1 in Europe is about US$150/month for a data circuit, and depending on the phone company at the other end, about US$250/month for PRI over E1.
I was approaching 30 when I started to modify my CV to hide earlier accomplishments. No HR person could believe I started university at age 16 (actually 14 with some night courses for high school students). I started working with radios, satellite systems, and electronics at about age 8, had my Ham ticket at age 10, worked on early DEC computers at age 14, university system operator at 16, etc. Now I completely ignore my first few years of professional experience, and just pretend my career started at age 24, like a normal graduate.
Even at age 24, its time to start hiding your early accomplishments, get accurate dates on your resume starting at age 18 or 19, and highlight your education more than early work experience. HR drones are not misnamed, they really are drones who can spot an obviously dodgy CV and never even bother to look at the actual content.
If you really want good advice, befriend a recruiter. Buy them drinks, invite them to parties, have lunch with them on a regular basis. They'll drop you hints for improvements on how to get your CV/resume noticed, and take that advice to heart.
Fetchmail for the dozens of remote/old accounts I have Spamassassin as the milter No clamav, since I don't have any windoze machines that look at email Procmail to sort all the mailing lists, client email from personal, etc. Dovecot as the IMAP server. The alpha code was quite broken until recently, but they've started to fix the worst bugs and SSL support works again. External access is only IMAPS with preshared keys on my laptop and a couple of work machines. Internally I can do IMAP but rarely do. I have a mix of mbox and maildir users on my main server, it supports both quite well Imp for a web front end (available only through HTTPS), and I'm now looking at other packages
Main storage is currently a sparc solaris box, but I'm testing different small NAS boxes with DVD-RAM drives for archiving. The server will probably end up a Mac Mini with a firewire attached Raid box with a DVD-RAM and some applescripts to fire off regular backups. There is also an rsync backup to a server in a data centre, for those times my home network is completely offline.
On the client end, I can use just about anything, usually thunderbird. Sometimes I find myself on a client site with only a windoze machine, and I can configure lookout to IMAPS home. For those rare times I only have a browser, I have a webmail front end.
Given the poor state of graduating university students, a small company offering an entry level job could be swamped by students with absolutely *NO* CS/IT knowledge.
Earlier this year I agreed to help train up some client's apprentices (stagiaires) at a work site in France. Four guys in their fourth year of a university Comp Sci program, and they all had been in other internships at least two times before. I was shocked at the complete lack of any knowledge of anything to do with computers, except they knew all about how to move a mouse around in M$windoze, and had some minimal.NET programming experience. My counterpart on the New York end of our fibre reported even worse experiences with a couple of his trainees; total ignorance with sheer bravado, resulting in fibre linecards being forcefully inserted into chassis they were never designed for (used a hammer).
I posed some basic questions to see what they had learned in university: Have you ever installed linux? Have you ever installed any OS on any computer? Have you ever configured a router? Have you ever seen a router? What colour was it? Name a protocol, any protocol? Can you describe it, how does it work, where is it used, and why? What is binary? Hexadecimal? Can you write $01 in binary? Have you ever written a program? In what language? What is the difference between a functional and a procedural language? What is the speed of light? In any units?
Pretty much negative answers to all those questions. None of them had ever installed linux before, one of them "used linux, once". I stepped him through building a secondary DNS server, it took four 16 hour weeks. He was quite bright, just completely lacking in any practical CS background.
This isn't just a rant on the French university systeme, because lately I've noticed this in the UK and the US. I'm not sure why universities have stopped teaching the fundamentals and switched to churning out powerpoint and excel experts. Is that what companies are truly asking for? Certainly I hear from graduates that most companies are looking for M$ experts, and nothing more.
I'm all for entry level training programs, but these days I'm just not seeing any quality in the graduates. The few with a passion for the field tend to go start up their own companies (and fail miserably but learn huge amounts on their own). There is a big reason why jobs are going offshore, the process may have started as a cost cutting measure, but now offshore is where the young talent is.
You don't know anyone with young teenage kids, do you?
Pretty much every teenager in Europe has a cell phone, and most of them want to customize them in some way. Girls go for the Hello Kitty flashing led signal attenuator, boys go for their rock band sticker and studded leather carrying strap. Every model aimed at children are designed for aftermarket "tuning" upgrades, such as swappable cases in different colors and textures, neck clips, carrying cases and the like. You can get silk-screened boys-band cases to swap out the uni-color one, its a standard clause in any music contract to license the band's image for cell phone products. Many pop CDs now come with extra phone-sized stickers inside, so tweens can decorate their phones.
Then there is the market for downloadable ringtones, backgrounds and screen savers. It's huge right now, because its very difficult to get a ringtone onto a handset other than through the service provider. They can be downloaded as specially tagged SMS/MMS messages, so it's easy to just hit a website and have a new tone DLed to the phone. At the end of the month, the DL shows up on your phone bill. Kids don't understand offset pricing, so they tend to DL hundreds of tones to find the one they like, or change them every day to be one step ahead of the "uber-cool" crowd. It's a scam filled market (google for "gsm frog ringtone").
The recording execs see that the DL market is now 10%-15% of their total revenue, based on 20 second DLs of current pop songs and TV show themes. So they are extrapolating that they can continue to sell music at that price or higher, aiming straight for the teen market. Since the current range of handsets are also MP3 players, it makes sense to charge whatever the market is willing to pay. It will be a short lived fad, as shocked parents are pushing for legislation all over Europe to limit the DL/ringtone industry.
Fortunately I had just finished my morning coffee when I saw this, or you'd owe me a new keyboard. First good laugh I've had all day.
ObOnTopic: What the OP is looking for is to partner with another company. Sure, the project will not be 100% in house, but that's the price you pay if you need both fast and cheap.
the fACe man
Already at +5 funny, so no adding my mod points to this post.
Its a sad fact that Nigeria constantly rates as the most corrupt country, but that is a reflection of the bad mix of oil money, greedy politicians, racial/religious divisions, and a culture of corruption as the normal way of life.
Its unlikely you, or even a large group of activists will be able to change much within Nigeria. A revolution would only install a different corrupt regime, still backed by the petroleum companies, possibly with northern Nigeria cut off as a separate, and much poorer and dangerous, state. It would be far better to work at cleaning up the system from within, by creating a large movement to reform the judiciary and police, maybe by getting the petroleum interests to push the change. Only when your judicial system produces some positive results will the rest of the world start to work with Nigeria.
Nigierians have the worst reputation among all the western African peoples, as you are probably painfully aware. I've been working with a number of groups helping to develop western Africa (from DRC to Senegal). Everyone involved insists that Nigeria is excluded so the programs aren't immediately drained by corruption. The quote I hear from some Nigerian trade reps is that Nigerians would sell drugs in front of their children's school if they thought they could make any money off it, with no consideration for ethics or the welfare of their own offspring. As a Nigerian, you have a huge image problem to overcome, there are no quick or simple ways to establish a better reputation.
You could do what most Nigerian businesses do, open an office in Benin or Cameroon for all of your international transactions. There are many companies in Nigeria that offer this service, i.e. provide small companies in Nigeria with a phone number from another country, and postal redirection. But these too are abused by scammers, it is now the most lucrative way to bilk western companies.
the AC
Re:Legitimate concern?
on
A Flu Pandemic?
·
· Score: 2, Interesting
Considering my town has effectively been wiped off the map by at least 4 wars and a couple of plagues in the last 600 years, and the two pandemics last century left the town struggling for years afterwards, the town councilors have a lot of data to go on. They've even employed a couple of historiens to dig up summaries of the recoveries for the last 2 centuries of disasters. A couple of people with actual degrees in history that I always knew as either barmen or system administrators. I never thought a degree in history was worth much, but history has ways of proving me wrong. I haven't seen anything in the local press, I get my information first hand from town council meetings, a necessary evil in my line of work.
The hospitals started reworking their disaster plans at least two years ago, probably in response to SARS or some other event which freaked the powers that be.
What bothers me is the large percentage of people posting on/. in complete denial that there might be a pandemic coming. The 100 epidemioligists are sounding the alarm, starting last year, and now with human transmissible h5n1 cases and new strains being found in birds in Europe, the alarm has gone out. They have scheduled to drop by your house next week with all of their raw and cooked data to help convince you, personally, that the risk has jumped way higher than some random asteroid.
The flu shot was just for the three most likely influenza strains predicted for this winter in Northern Europe. Nothing in it to counter h5n1 or the other pandemic threats. Health authorities are waiting until there is a clear threat, and then an effective vaccine.
I caught the nasty flu that went around in the winter of 2003-04, and it left me in pretty bad shape ever since.
the AC
Re:Legitimate concern?
on
A Flu Pandemic?
·
· Score: 3, Interesting
Everyone I know that actually deals with disease for a living,... is scared, and takes bird flu VERY seriously
I was in the hospital last week for routine blood tests, chatting with my favorite nurse, and she was telling me about all the new plans they have in place for dealing with the coming pandemic. The top health authorities in each country have reviewed the actual hard data on what is coming, and getting ready for various worse case scenarios. They just aren't certain which winter it will hit, probably not this year, but almost certainly one of the next three winters.
The hospital had just reviewed and practiced for a "plan blanc" (white plan) of being overwhelmed with large numbers of highly contagious patients. The plan blanc was mostly aimed at preventing infection of the hospital staff, and how to isolate the sick and keep visitors from circulating and possibly spreading the disease. Next week they are reviewing their "plan noir", to deal with huge numbers of dead, and the disposal of highly contagious bodies and medical waste. The hospital never really had a plan noir tested before, what once was a short couple pages of suggestions is now a whole large book. In my town of 40k population, the hospital was looking for a place to store up to 1000 bodies, with 200-400 deaths per week over a 10 week period, and only being able to dispose of 100 per week. Scary shit, indeed.
The town authorities are preparing for a 50% worst case mortality rate, with all the subsequent recovery problems; no more younger school age children for years, half of the tax revenue generating population dead, food shortages if the borders are closed, longterm drop in tourism, local exports blockaded, and no financial aid from any direction because the devastation may be all around Europe.
All the hospitals in the Benelux, France and Germany are preparing for the worst, and its not in response to some poorly written articles in the mainstream press. They have the experts looking at the data and are getting very, very nervous.
I just got my flu shots, something I've never felt the need before.
There was a lot more wrong there then three phase power
Oh, yes. Whatever was going on there indicated a serious problem. Each wing of the building was on a single phase of the 3-phase building supply. Each wing was isolated by a little walkway between the buildings, so in theory you couldn't have a secretary touching the chassis of a PC in one building at the same time as one in another building. They never counted on a bunch of shielded twisted pair cables being pulled to complete the circuit. The only NICs to burn out were in the two wings, the main building never had the problem.
The ethernet cables should have been isolated at both ends, but obviously weren't. Even if one end had a problem, the other end should not have cared. We suspected that the ground in the main building was actually hot. The ground wires on the sockets went a couple centimetres into the conduit and no further, just enough to fool a casual inspection. The ethernet connectors had metal frames with a wire that went to a foil shield around the pairs, which probably was the closest thing to ground in the building.
I wasn't on that site in any kind of technical role. There was one tech who swapped the NICs every time they stopped working, and the people who installed the network just came by every couple months when all the ethernet ports were burned out and swapped a card. Fibre, or any kind of an upgrade or change were out of the question.
I learned more about intransigent bureaucracy at that job than any other place in my long career. That building burned partly down because of the electrical problem soon after we left.
Etherkillers shouldn't cause any immediate problems for anything up to 240V, you really need 480V or higher to start frying things. Electrical safety laws require isolation of up to 500VAC for a period of 48 hours, hence the isolation block on all NICs. The point where a card will start to smoke is usually higher than the breakdown voltage on the insulation of the wiring, cat5 or cat6 will break down at 350-600VAC, so its difficult to get enough voltage directly into a NIC to cause anything spectacular to happen. That I'm conversant in such matters is a good indication not to ever get me in a bad mood.
I once worked in a building that was on three phase power, where the outlets in each of the two wings off the main building were on different phases. The main wiring closet was in the main building, and the end points were plugged into PCs and hubs on a different phase. So there was 138VAC between the PCs and the main ethernet switches. NICs in PCs would last a few weeks before quietly failing, ports in switches lasted about two months. Every 3 months or so the company would just have to replace an entire 24 port blade. It was cheaper for them to keep their smartnet contracts up to date than to insist on an electrician fixing the problem since their lease was almost finished. The company that followed them into the building nearly burned it down the first week because of the improper electrical wiring, and much hilarity ensued.
I have a box of subtly bad ethernet cables from a reputable commercial source (its now marked "special cables for special lusers"), nice molded strain reliefs with tab protectors.
Normal straight through ethernet cables are wired like this: 1->1 2->2 3->3 6->6
These cables are wired similar to: 1->1 2->2 3->6 6->3
There are also some crossovers with similar polarity problems.
With just one of the directions having the wrong polarity, depending on which brands of NICs on each end, there are all kinds of bizarre problems. Sometimes things work (cisco to intel, but not with auto-negotiate), sometimes you get errors (realtek 81x9), sometimes link status doesn't come up in one direction but is fine in the other direction, sometimes nothing at all works.
I hand these out to people I don't like, those who beg cables off me for "just a few days".
By touching it. There's always an assistant named Murphy looking over my shoulder, but she usually waits until I'm in the shower or leaving on vacation before "helping".
Your question is really "How do I introduce layer 1 and 2 problems into my home LAN, since all layer 3 routing is limited to a NAT box with a single default route?". The lower layers are a good place to start, since half of all your problems come from there, save the routing problems for a future ask/. question.
Others have already pointed out the joys of having dueling DHCP servers, subtly mis-configured DNS servers, overlength cables and the like. Keep an eye out for others throwing out bad ethernet cables with broken catch-tabs, frayed insulation, sharp kinks or intermittent wiring, and put them into critical places in your network. They may not fail right away, but will wait until you host a lan party at your place or you have a few hours to get a report done. Her name is Murphy, she's a bitch and she'll gladly pay you a visit when you least want her around.
Start to learn what kind of traffic is on your local network. Get ethereal, snort and ntop running, and see what the packets look like. Chances are you'll find some things that look suspicious, you'll learn a lot by figuring out how DHCP handshakes work, how often ARPs happen, what other protocols are on your net besides IP. Since you are running a BSD, you can pretty safely put the box on the outside of the firewall (it probably is the firewall) and watch all the constant crap scanning the internet. That's a great way to learn how to tune firewall rules by hand, and you will break things along the way.
To really start to learn how layer 2 networking almost works, grab some old cisco kit off of eBay. I've seen 2900 switches for US$20. Plug something slightly pro into your network, start simple, just get a cheap used cisco/hp/3com switch off eBay that can do 802.1q vlans, spanning-tree, and snmp. Your BSD ethernet card can be configured to do.1q, so there is a lot of learning there by creating multiple separate vlans, one for each machine. A single router and switch with 802.1q vlans can make some pretty complicated networking topologies without massive amounts of wiring. Then you can break your network by plugging a crossover cable into two ports and watching spanning tree open up one of them. Bonus points if you create a topology where by creating a spanning tree loop, your main gateway or server port is the one that goes into blocking mode (you need a minimum of two switches to do that).
To break things in subtle and non-obvious ways, try changing your address ranges from the usual 192.168.0.0/24 to something unusual like 172.31.255.16/29, doing the netmask/subnet/broadcast calculations in your head for practice. Then misconfigure the netmasks on each device, notice how one machine can ping another, but not the other way around. Try building multiple separate segments rather than multiple subnets on a single wire, this will force traffic to use your router, and really show netmask problems more clearly.
To really break things, instead of using reserved RFC1918 addresses behind your NAT box, use a public network range like 66.35.250.0/24. Sure, it will break one major site, but you shouldn't be wasting your time there:-)
Since you already have a BSD running, do you leave it on 24/24? If so, its time to start loading up the real tools like cacti, nagios, and smokeping. It helps if you have an SNMP capable switch on your network, but configuring your own SNMP can be quite a learning experience as well. With graphs showing what is happening on your net and the internet over time, you will start to see the cycles of congestion every evening and maintenance times every sunday at wee hours. The most frustrating problems in networkin
What a very strange article. I'm not sure if the journalist missed the point completely, or got baffled by Geoff's gramatically correct run-on sentences.
Disclaimer: I was just out drinking with Geoff Huston, so I picked up on a lot of his ideas.
I never took Geoff as a rabid IPv4 loyalist. If anything he is a realist. He is an annoyingly accurate and concise person, who has spent years studying internet growth patterns, and he has a strong background in statistics and mathematics. He is the driving force behind getting all the RIRs to collect more information on exact numbers of allocations and usage patterns, and to limit handing out more addresses than are necessary. For these actions alone, Geoff has probably bought IPv4 an extra decade of life.
The reasons for his diminishing predictions comes from having more and more precise data points to plot his data. A few years ago, IANA and the RIRs just didn't have information about half of the address space in use or allocated but not in use. Recently people in the working groups have compiled even better statistics, and grad student research projects have more studies showing in-use prefix growth. The vague graphs from 2001-2002 have sharpened up, and depending on which model you want to believe, there is somewhere between 7 and 14 years until IANA/ICANN and the RIRs have no more IPv4 addresses to give out.
What this article touches on, but misses the point completely, is what happens as the exhaustion of addresses arrives. Geoff has always said that when the end times appear on the horizon, market forces will move in to make a profit off the scarcity, and will do so in twisted and unpredictable ways. This market force will add a number of years to the life of IPv4, but just can't be accurately predicted this far out.
Some of the IPv6 working group alcohol enhanced discussions came up with some interesting points.
There will be various authorities trying to force unused blocks to be surrendered, but that will require intervention of the courts. Once the courts get involved, there will be a myriad of questions to be resolved, like who is the real authority over IP addresses (IANA, IETF, ICANN, WSIS, the UN, the US commerce department, and 5 RIRs are all fighting this battle right now, with no end in sight) and whether financial restitution has to be paid if a large block holder has to renumber. At the end of the court cases, probably taking 2 or 3 years with a couple of rounds of appeals, they'll free up maybe a couple of/8's and a handful of/16's, about 1 years worth of allocations in 2005, and 3 months worth in 2010.
Then there will be the eBay solution of groups auctioning off their IPv4 block to the highest bidder, with all the problems of ownership and rights that go with that. Would you buy a netblock off of eBay and start running your data centre off of it? What happens when IANA notices and tell you to fark off their property, they've reissued the block to someone else? What happens when scammers sell the same block to a number of different people who then all try announcing it on the internet?
There will be problems when someone with a partially used large block decides to "lease" part of their block to someone else, and thereby causing the whole thing to be de-aggregated. When enough of this happens, the BGP tables will grow huge, older equipment will break, so ISPs will just stop routing to distant parts of the internet. Soon thereafter, much of IPv4 becomes broken into islands which can't reach other islands.
There will also be new technologies, such as address compression, and regional aggregation, and some other things that would have made my head asplode if it weren't for the soothing effects of beer.
Geoff points out that the investment in NAT technologies, and the subsequent work-arounds for all the things NAT breaks, has required a huge investment over the last decade. This investment is about equal to what it will take to roll out a dual v4/v6 inte
What is with all the low/. IDs posting in this thread? I divide the/. world into those with lower IDs (the clued) and with higher IDs than me (the clueless n00bs). Just about every IPv6 article brings out all the old/.ers.
who the hell uses GRE for tunneling any more?? *ahem* no comment
there are no websites on it
There are starting to be more and more websites with dual v4/v6 addresses. You notice it more once you start using IPv6 all the time, because there are a lot of broken systems where the site admin had no clue that by enabling v6 in a v6 knowledgeable data centre, more work had to go into the apache config file. It also breaks things like PHP and MySQL in strange ways, not much of which has been fixed yet. One dual stacked website I know who is based entirely on IIS and.Net claims they've had no problems with IPv6 connections, which account for about 1% of their traffic.
no ISPs that sell it
My entire life right now is helping ISPs and data centres get IPv6 up and running, with everything from training up their main engineers, to getting the BGP announcements right. This is because one of the 800lb gorillas in the ADSL world in Europe (jnanqbb) has been quietly testing IPv6 internally, and sometimes their macintosh users notice they have IPv6 (but no connectivity outside of their ISP). When they get all their internal problems worked out and start up their peerings with IPv6, there will be a large marketing campaign to bash all their competitors around for being stuck on the old, obsolete internet. This has the more aware ISPs getting ready before its too late.
most hardware doesn't work with it
Which hardware is this? Cisco, Juniper, Foundry, Extreme? Nope, they've been supporting it for years. Maybe you are talking about the cheap-ass home router/NAT boxes? I'll agree with you on that, there isn't much on the home market which supports it. Even if you buy a linksys router, you still have to upgrade the firmware to get IPv6.
maybe find a way to hack an extra byte on - rather than this overcomplex mess
What, and have two upgrade nightmares to live through? No thank you, this one change will keep knowledgeable people employed for long enough. Ignorant luddites like yourself can fester in the IPv4 ghetto for all we care. IPv6 was 5 years in research (1990-1995), 10 years in development (1995-2005), and has now become an Internet Standard. Its here, deal with it.
If you had been following the hard numbers coming out of the RIRs such as RIPE and APNIC, you would have noticed a strong upturn in the last 24 months for IPv4 allocations. There is no indication of it slowing down any time soon.
There is some debate as to whether this is due to a new dotcom bubble, or the beginning of a land rush for the last IPv4 spaces. The consensus at the last RIPE meeting was that it's a combination of both. The RIPE NCC folks are now scrutinising every application, and rejecting any that seem suspicious (more than their usual belligerent^Wcharming, very, very charming attitude). I've had clients ask me to grab them a/16 for their 25 servers, because they want to be able to sell the extra address space in a few years.
The problem, of course, is both the rollout of new broadband clients, and the building of new server farms. Both require publically reachable addresses, you can't hide servers behind NAT because they need to be reachable, and every DSL/cable/Sat client needs one reachable address (even if NAT hides a few computers, you can't hide all of an ISP behind a single enormous NAT box, its been tried and failed miserably). Fueling the fire is cheap home computers. Mac Minis are 500 Euros, I just saw a Dell ad for a basic mini-tower square box for 300 Euros (equivalent specs to a mac mini in 10x the space and 2x the weight). DSL prices in any town with a phone switch are 19 Euros/month for basic access. With the price point for consumers coming down to where just about anyone can be on the net, IPv4 use is exploding.
Depending on which prediction you plot your graphs, within a few years or a decade the internet will reach the point where there just aren't any new addresses to be handed out. Approaching that point there will be a whole market place for the trading of netblocks, but it will be fraught with problems. There will be lawsuits, bogons, multiple announcements of the same blocks, blackholing, routers that can't hold the whole fragmenting IPv4 BGP table*, etc.
When the end comes, IPv4 will not disappear, it will just settle down as the ghetto of the internet, and IPv6 will hopefully be running alongside for all the people who want more reachablility. The rollout of IPv6 will take a decade, but I hereby declare that the decade started earlier this week when the IETF moved IPv6 from draft to Internet Standard.
the AC
*Someone recently calculated the size of the routing table to hold the entire IPv4 address space, if it was all de-aggregated into/24 prefixes. From 1.0.0.0/24 to 223.255.255.0/24 would require 4.8 Gbytes on cisco, 5.2 Gbytes on Juniper, 5.8 Gbytes on Foundry, 12 Gbytes on OpenBGPd. Communities and other options would add to that. I have machines today which can hold 8Gbytes
Scanning even the complete *local* network alone requires checking a minimum of 2^64 IPs
No, it just requires the worm to send an ICMPv6 neighbor discovery packet (arp for IPv6), and see which machines are local.
Your argument is true for scanning the large empty spaces on the other side of routers, though. So as the space becomes vast, worm coders will just adopt whatever tricks the network people use to find sparsely populated networks, like directed ZeroConf.
PI vs. PA on IPv6 is a great topic to derail an IETF/RIPE/NANOG meeting on IPv6.
The winners, so far by attrition, are the "Every assignment is PA, portability is built in". Fsckheads! There are a lot of reasons to have PI space in IPv6, but the fear is non-aggregation of the routing tables. Of course, RAM is getting so cheap now (unless you buy direct from Cisco) that a small hit due to some PI driven non-ag wouldn't hurt much.
The official answer to your question is simple. Pay your money to become an LIR, and grab a/32 for yourself. For the $1000/year, you can have more subnets than you can ever use. The real answer is just go to an existing LIR, and pay them the $50 to give you an IPv6/48 assignment, and just carry it around with you. No IPv6 carriers right now care about which aggregated block a/48 came from, they'll route it.
the AC I'll lease you a portable/48 from my block for 100Euros admin fee
As every computer and router I'm connected to already has IPv6, I'd certainly get a lot of f3rst p0sts before the rest of the world catches up:-) Its a sad fact that not many ISPs offer IPv6 right now, and very few data centres, but once some popular systems go dual-stack, we'll see uptake increase.
This happens in many consumer markets. The one that springs to mind is the "duty-free shopping" products.
The duty-free shops almost always have products that can NOT be found in regular consumer shops outside of airports. It specifically is to prevent comparison shopping. I have a friend who produces wines and champagnes, one set of labels for most of the products, another set of labels specifically for duty-free. The same thing happens with most of the products, like perfumes, chocolates, alcohols and electronics. The duty-free shops require a special size not available in regular consumer channels. You can see this if you end up buying perfume for the girlfriend just before travelling. Shops will carry 25ml and 50ml sizes, duty-free carries 35ml and 60ml at the same price (with local TVA) as 50ml and 75ml in the regular shops.
The volumes of consumer goods sold in competition-protected markets is so large that any mass producer has multiple packaging schemes. It is so common, that my online MBA courses mention the practice as normal and expected. Some database oriented friends tell me that all the big stock management systems (like Oracle and SAP) have functions for tracking multiple stock numbers for the same product, as well as tracking multiple margins for each version of the product.
an ambitious high school student who applies for entrance to MIT and prays to remain sleeping until the acceptance letter comes, which doesn't happen for another 30 years.
There goes my exact story I was writing for NaNoWriMo this month. Now I'll have to go change all my references from MIT to Georgia Tech. And make it a girl. Who prays to remain stoned until she is accepted. And it will take 27 years.
Yup, that'll fix it. No infringement here.
the AC No smileys, there really isn't any humour to be mined in such an appalling mis-use of the patent system as this
This code has been out for a few months now, and many select beta sites have been testing it in production environments. The first few iterations had some serious (crash and reboot every few hours) problems, but it (12.2.15T1thru17) has been in production use on several edge routers for a month with no noticable problems. Cisco didn't just patch the one 'sploit published, they categorised the class of exploits and went about fixing many different possible attack vectors or watching for suspicious behaviour that could indicate a compromised system. That is what took several months even before Michael's talk, and its been in testing (and re-patching and recursion testing) since then. The announcement today is because they are confident their fix is solid, but anyone staying at the bleeding edge of IOS releases has been using it since at least June.
I'd say its solid, but I'm not rolling out the latest version on everything until others add some real world stress testing. I'm sure there will be several more newly introduced bugs uncovered in the new few months, and the timer checks usually result in a panic reload, not optimal for stable systems with SLAs and big money riding on them.
I'm also not in a rush to roll this out, because for the moment there are no known exploits running around. Maybe Effugas or some of the IOS engineers (I know you read/.) can add something to this thread.
I'm a techie. I don't do marketing. I certainly don't need to attract any more work, given that even the fly-by-night web hosters can find me. I just have to remember to keep my rates outrageously high enough to discourage the worst ones:-)
Slashdot Mirror
A T1 is 1.5 Mbps. Using a reasonable quality codec like G.729ab means you can fit 85 to 100 simultaneous calls into a single T1. Certainly you could stick to G.711 a/u-Law codec and have slightly better quality than G.729ab, and even with signalling overhead (either H.323 or SIP), you could fit 22 simultaneous calls into a T1.
These numbers comes from a real, working system. It's right now passing 85 calls, and consuming 1.5 Mbps. This particular VoIP router is sitting on an E1 (2Mbps) and can pass a maximum of 120 calls.
Are T1 circuits in the U.S. still so expensive? Do carriers charge more for an unframed data circuit than a PRI phone circuit? (which sounds bassackwards, but it's the new unregulated America where anything can happen) Average price for an E1 in Europe is about US$150/month for a data circuit, and depending on the phone company at the other end, about US$250/month for PRI over E1.
the AC
Seconded.
I was approaching 30 when I started to modify my CV to hide earlier accomplishments. No HR person could believe I started university at age 16 (actually 14 with some night courses for high school students). I started working with radios, satellite systems, and electronics at about age 8, had my Ham ticket at age 10, worked on early DEC computers at age 14, university system operator at 16, etc. Now I completely ignore my first few years of professional experience, and just pretend my career started at age 24, like a normal graduate.
Even at age 24, its time to start hiding your early accomplishments, get accurate dates on your resume starting at age 18 or 19, and highlight your education more than early work experience. HR drones are not misnamed, they really are drones who can spot an obviously dodgy CV and never even bother to look at the actual content.
If you really want good advice, befriend a recruiter. Buy them drinks, invite them to parties, have lunch with them on a regular basis. They'll drop you hints for improvements on how to get your CV/resume noticed, and take that advice to heart.
the AC
Almost exactly the setup I have at home.
Fetchmail for the dozens of remote/old accounts I have
Spamassassin as the milter
No clamav, since I don't have any windoze machines that look at email
Procmail to sort all the mailing lists, client email from personal, etc.
Dovecot as the IMAP server. The alpha code was quite broken until recently, but they've started to fix the worst bugs and SSL support works again. External access is only IMAPS with preshared keys on my laptop and a couple of work machines. Internally I can do IMAP but rarely do. I have a mix of mbox and maildir users on my main server, it supports both quite well
Imp for a web front end (available only through HTTPS), and I'm now looking at other packages
Main storage is currently a sparc solaris box, but I'm testing different small NAS boxes with DVD-RAM drives for archiving. The server will probably end up a Mac Mini with a firewire attached Raid box with a DVD-RAM and some applescripts to fire off regular backups. There is also an rsync backup to a server in a data centre, for those times my home network is completely offline.
On the client end, I can use just about anything, usually thunderbird. Sometimes I find myself on a client site with only a windoze machine, and I can configure lookout to IMAPS home. For those rare times I only have a browser, I have a webmail front end.
the AC
Given the poor state of graduating university students, a small company offering an entry level job could be swamped by students with absolutely *NO* CS/IT knowledge.
.NET programming experience. My counterpart on the New York end of our fibre reported even worse experiences with a couple of his trainees; total ignorance with sheer bravado, resulting in fibre linecards being forcefully inserted into chassis they were never designed for (used a hammer).
Earlier this year I agreed to help train up some client's apprentices (stagiaires) at a work site in France. Four guys in their fourth year of a university Comp Sci program, and they all had been in other internships at least two times before. I was shocked at the complete lack of any knowledge of anything to do with computers, except they knew all about how to move a mouse around in M$windoze, and had some minimal
I posed some basic questions to see what they had learned in university:
Have you ever installed linux?
Have you ever installed any OS on any computer?
Have you ever configured a router?
Have you ever seen a router? What colour was it?
Name a protocol, any protocol? Can you describe it, how does it work, where is it used, and why?
What is binary? Hexadecimal? Can you write $01 in binary?
Have you ever written a program? In what language?
What is the difference between a functional and a procedural language?
What is the speed of light? In any units?
Pretty much negative answers to all those questions. None of them had ever installed linux before, one of them "used linux, once". I stepped him through building a secondary DNS server, it took four 16 hour weeks. He was quite bright, just completely lacking in any practical CS background.
This isn't just a rant on the French university systeme, because lately I've noticed this in the UK and the US. I'm not sure why universities have stopped teaching the fundamentals and switched to churning out powerpoint and excel experts. Is that what companies are truly asking for? Certainly I hear from graduates that most companies are looking for M$ experts, and nothing more.
I'm all for entry level training programs, but these days I'm just not seeing any quality in the graduates. The few with a passion for the field tend to go start up their own companies (and fail miserably but learn huge amounts on their own). There is a big reason why jobs are going offshore, the process may have started as a cost cutting measure, but now offshore is where the young talent is.
the AC
You don't know anyone with young teenage kids, do you?
Pretty much every teenager in Europe has a cell phone, and most of them want to customize them in some way. Girls go for the Hello Kitty flashing led signal attenuator, boys go for their rock band sticker and studded leather carrying strap. Every model aimed at children are designed for aftermarket "tuning" upgrades, such as swappable cases in different colors and textures, neck clips, carrying cases and the like. You can get silk-screened boys-band cases to swap out the uni-color one, its a standard clause in any music contract to license the band's image for cell phone products. Many pop CDs now come with extra phone-sized stickers inside, so tweens can decorate their phones.
Then there is the market for downloadable ringtones, backgrounds and screen savers. It's huge right now, because its very difficult to get a ringtone onto a handset other than through the service provider. They can be downloaded as specially tagged SMS/MMS messages, so it's easy to just hit a website and have a new tone DLed to the phone. At the end of the month, the DL shows up on your phone bill. Kids don't understand offset pricing, so they tend to DL hundreds of tones to find the one they like, or change them every day to be one step ahead of the "uber-cool" crowd. It's a scam filled market (google for "gsm frog ringtone").
The recording execs see that the DL market is now 10%-15% of their total revenue, based on 20 second DLs of current pop songs and TV show themes. So they are extrapolating that they can continue to sell music at that price or higher, aiming straight for the teen market. Since the current range of handsets are also MP3 players, it makes sense to charge whatever the market is willing to pay. It will be a short lived fad, as shocked parents are pushing for legislation all over Europe to limit the DL/ringtone industry.
the AC
Fortunately I had just finished my morning coffee when I saw this, or you'd owe me a new keyboard. First good laugh I've had all day.
ObOnTopic: What the OP is looking for is to partner with another company. Sure, the project will not be 100% in house, but that's the price you pay if you need both fast and cheap.
the fACe man
Already at +5 funny, so no adding my mod points to this post.
Its a sad fact that Nigeria constantly rates as the most corrupt country, but that is a reflection of the bad mix of oil money, greedy politicians, racial/religious divisions, and a culture of corruption as the normal way of life.
Its unlikely you, or even a large group of activists will be able to change much within Nigeria. A revolution would only install a different corrupt regime, still backed by the petroleum companies, possibly with northern Nigeria cut off as a separate, and much poorer and dangerous, state. It would be far better to work at cleaning up the system from within, by creating a large movement to reform the judiciary and police, maybe by getting the petroleum interests to push the change. Only when your judicial system produces some positive results will the rest of the world start to work with Nigeria.
Nigierians have the worst reputation among all the western African peoples, as you are probably painfully aware. I've been working with a number of groups helping to develop western Africa (from DRC to Senegal). Everyone involved insists that Nigeria is excluded so the programs aren't immediately drained by corruption. The quote I hear from some Nigerian trade reps is that Nigerians would sell drugs in front of their children's school if they thought they could make any money off it, with no consideration for ethics or the welfare of their own offspring. As a Nigerian, you have a huge image problem to overcome, there are no quick or simple ways to establish a better reputation.
You could do what most Nigerian businesses do, open an office in Benin or Cameroon for all of your international transactions. There are many companies in Nigeria that offer this service, i.e. provide small companies in Nigeria with a phone number from another country, and postal redirection. But these too are abused by scammers, it is now the most lucrative way to bilk western companies.
the AC
Considering my town has effectively been wiped off the map by at least 4 wars and a couple of plagues in the last 600 years, and the two pandemics last century left the town struggling for years afterwards, the town councilors have a lot of data to go on. They've even employed a couple of historiens to dig up summaries of the recoveries for the last 2 centuries of disasters. A couple of people with actual degrees in history that I always knew as either barmen or system administrators. I never thought a degree in history was worth much, but history has ways of proving me wrong. I haven't seen anything in the local press, I get my information first hand from town council meetings, a necessary evil in my line of work.
/. in complete denial that there might be a pandemic coming. The 100 epidemioligists are sounding the alarm, starting last year, and now with human transmissible h5n1 cases and new strains being found in birds in Europe, the alarm has gone out. They have scheduled to drop by your house next week with all of their raw and cooked data to help convince you, personally, that the risk has jumped way higher than some random asteroid.
The hospitals started reworking their disaster plans at least two years ago, probably in response to SARS or some other event which freaked the powers that be.
What bothers me is the large percentage of people posting on
the AC
The flu shot was just for the three most likely influenza strains predicted for this winter in Northern Europe. Nothing in it to counter h5n1 or the other pandemic threats. Health authorities are waiting until there is a clear threat, and then an effective vaccine.
I caught the nasty flu that went around in the winter of 2003-04, and it left me in pretty bad shape ever since.
the AC
Everyone I know that actually deals with disease for a living, ... is scared, and takes bird flu VERY seriously
I was in the hospital last week for routine blood tests, chatting with my favorite nurse, and she was telling me about all the new plans they have in place for dealing with the coming pandemic. The top health authorities in each country have reviewed the actual hard data on what is coming, and getting ready for various worse case scenarios. They just aren't certain which winter it will hit, probably not this year, but almost certainly one of the next three winters.
The hospital had just reviewed and practiced for a "plan blanc" (white plan) of being overwhelmed with large numbers of highly contagious patients. The plan blanc was mostly aimed at preventing infection of the hospital staff, and how to isolate the sick and keep visitors from circulating and possibly spreading the disease. Next week they are reviewing their "plan noir", to deal with huge numbers of dead, and the disposal of highly contagious bodies and medical waste. The hospital never really had a plan noir tested before, what once was a short couple pages of suggestions is now a whole large book. In my town of 40k population, the hospital was looking for a place to store up to 1000 bodies, with 200-400 deaths per week over a 10 week period, and only being able to dispose of 100 per week. Scary shit, indeed.
The town authorities are preparing for a 50% worst case mortality rate, with all the subsequent recovery problems; no more younger school age children for years, half of the tax revenue generating population dead, food shortages if the borders are closed, longterm drop in tourism, local exports blockaded, and no financial aid from any direction because the devastation may be all around Europe.
All the hospitals in the Benelux, France and Germany are preparing for the worst, and its not in response to some poorly written articles in the mainstream press. They have the experts looking at the data and are getting very, very nervous.
I just got my flu shots, something I've never felt the need before.
the AC
There was a lot more wrong there then three phase power
Oh, yes. Whatever was going on there indicated a serious problem. Each wing of the building was on a single phase of the 3-phase building supply. Each wing was isolated by a little walkway between the buildings, so in theory you couldn't have a secretary touching the chassis of a PC in one building at the same time as one in another building. They never counted on a bunch of shielded twisted pair cables being pulled to complete the circuit. The only NICs to burn out were in the two wings, the main building never had the problem.
The ethernet cables should have been isolated at both ends, but obviously weren't. Even if one end had a problem, the other end should not have cared. We suspected that the ground in the main building was actually hot. The ground wires on the sockets went a couple centimetres into the conduit and no further, just enough to fool a casual inspection. The ethernet connectors had metal frames with a wire that went to a foil shield around the pairs, which probably was the closest thing to ground in the building.
I wasn't on that site in any kind of technical role. There was one tech who swapped the NICs every time they stopped working, and the people who installed the network just came by every couple months when all the ethernet ports were burned out and swapped a card. Fibre, or any kind of an upgrade or change were out of the question.
I learned more about intransigent bureaucracy at that job than any other place in my long career. That building burned partly down because of the electrical problem soon after we left.
the AC
30 seconds later my home network starts working again
/.
Thanks
You are welcome. The bill is in the mail.
the AC
Etherkillers shouldn't cause any immediate problems for anything up to 240V, you really need 480V or higher to start frying things. Electrical safety laws require isolation of up to 500VAC for a period of 48 hours, hence the isolation block on all NICs. The point where a card will start to smoke is usually higher than the breakdown voltage on the insulation of the wiring, cat5 or cat6 will break down at 350-600VAC, so its difficult to get enough voltage directly into a NIC to cause anything spectacular to happen. That I'm conversant in such matters is a good indication not to ever get me in a bad mood.
I once worked in a building that was on three phase power, where the outlets in each of the two wings off the main building were on different phases. The main wiring closet was in the main building, and the end points were plugged into PCs and hubs on a different phase. So there was 138VAC between the PCs and the main ethernet switches. NICs in PCs would last a few weeks before quietly failing, ports in switches lasted about two months. Every 3 months or so the company would just have to replace an entire 24 port blade. It was cheaper for them to keep their smartnet contracts up to date than to insist on an electrician fixing the problem since their lease was almost finished. The company that followed them into the building nearly burned it down the first week because of the improper electrical wiring, and much hilarity ensued.
the AC
You should have tried harder to destroy the PIX
Crimp your own ethernet cables
I have a box of subtly bad ethernet cables from a reputable commercial source (its now marked "special cables for special lusers"), nice molded strain reliefs with tab protectors.
Normal straight through ethernet cables are wired like this:
1->1
2->2
3->3
6->6
These cables are wired similar to:
1->1
2->2
3->6
6->3
There are also some crossovers with similar polarity problems.
With just one of the directions having the wrong polarity, depending on which brands of NICs on each end, there are all kinds of bizarre problems. Sometimes things work (cisco to intel, but not with auto-negotiate), sometimes you get errors (realtek 81x9), sometimes link status doesn't come up in one direction but is fine in the other direction, sometimes nothing at all works.
I hand these out to people I don't like, those who beg cables off me for "just a few days".
the AC
By touching it. There's always an assistant named Murphy looking over my shoulder, but she usually waits until I'm in the shower or leaving on vacation before "helping".
.1q, so there is a lot of learning there by creating multiple separate vlans, one for each machine. A single router and switch with 802.1q vlans can make some pretty complicated networking topologies without massive amounts of wiring. Then you can break your network by plugging a crossover cable into two ports and watching spanning tree open up one of them. Bonus points if you create a topology where by creating a spanning tree loop, your main gateway or server port is the one that goes into blocking mode (you need a minimum of two switches to do that).
:-)
Your question is really "How do I introduce layer 1 and 2 problems into my home LAN, since all layer 3 routing is limited to a NAT box with a single default route?". The lower layers are a good place to start, since half of all your problems come from there, save the routing problems for a future ask/. question.
Others have already pointed out the joys of having dueling DHCP servers, subtly mis-configured DNS servers, overlength cables and the like. Keep an eye out for others throwing out bad ethernet cables with broken catch-tabs, frayed insulation, sharp kinks or intermittent wiring, and put them into critical places in your network. They may not fail right away, but will wait until you host a lan party at your place or you have a few hours to get a report done. Her name is Murphy, she's a bitch and she'll gladly pay you a visit when you least want her around.
Start to learn what kind of traffic is on your local network. Get ethereal, snort and ntop running, and see what the packets look like. Chances are you'll find some things that look suspicious, you'll learn a lot by figuring out how DHCP handshakes work, how often ARPs happen, what other protocols are on your net besides IP. Since you are running a BSD, you can pretty safely put the box on the outside of the firewall (it probably is the firewall) and watch all the constant crap scanning the internet. That's a great way to learn how to tune firewall rules by hand, and you will break things along the way.
To really start to learn how layer 2 networking almost works, grab some old cisco kit off of eBay. I've seen 2900 switches for US$20. Plug something slightly pro into your network, start simple, just get a cheap used cisco/hp/3com switch off eBay that can do 802.1q vlans, spanning-tree, and snmp. Your BSD ethernet card can be configured to do
To break things in subtle and non-obvious ways, try changing your address ranges from the usual 192.168.0.0/24 to something unusual like 172.31.255.16/29, doing the netmask/subnet/broadcast calculations in your head for practice. Then misconfigure the netmasks on each device, notice how one machine can ping another, but not the other way around. Try building multiple separate segments rather than multiple subnets on a single wire, this will force traffic to use your router, and really show netmask problems more clearly.
To really break things, instead of using reserved RFC1918 addresses behind your NAT box, use a public network range like 66.35.250.0/24. Sure, it will break one major site, but you shouldn't be wasting your time there
Since you already have a BSD running, do you leave it on 24/24? If so, its time to start loading up the real tools like cacti, nagios, and smokeping. It helps if you have an SNMP capable switch on your network, but configuring your own SNMP can be quite a learning experience as well. With graphs showing what is happening on your net and the internet over time, you will start to see the cycles of congestion every evening and maintenance times every sunday at wee hours. The most frustrating problems in networkin
What a very strange article. I'm not sure if the journalist missed the point completely, or got baffled by Geoff's gramatically correct run-on sentences.
/8's and a handful of /16's, about 1 years worth of allocations in 2005, and 3 months worth in 2010.
Disclaimer: I was just out drinking with Geoff Huston, so I picked up on a lot of his ideas.
I never took Geoff as a rabid IPv4 loyalist. If anything he is a realist. He is an annoyingly accurate and concise person, who has spent years studying internet growth patterns, and he has a strong background in statistics and mathematics. He is the driving force behind getting all the RIRs to collect more information on exact numbers of allocations and usage patterns, and to limit handing out more addresses than are necessary. For these actions alone, Geoff has probably bought IPv4 an extra decade of life.
The reasons for his diminishing predictions comes from having more and more precise data points to plot his data. A few years ago, IANA and the RIRs just didn't have information about half of the address space in use or allocated but not in use. Recently people in the working groups have compiled even better statistics, and grad student research projects have more studies showing in-use prefix growth. The vague graphs from 2001-2002 have sharpened up, and depending on which model you want to believe, there is somewhere between 7 and 14 years until IANA/ICANN and the RIRs have no more IPv4 addresses to give out.
What this article touches on, but misses the point completely, is what happens as the exhaustion of addresses arrives. Geoff has always said that when the end times appear on the horizon, market forces will move in to make a profit off the scarcity, and will do so in twisted and unpredictable ways. This market force will add a number of years to the life of IPv4, but just can't be accurately predicted this far out.
Some of the IPv6 working group alcohol enhanced discussions came up with some interesting points.
There will be various authorities trying to force unused blocks to be surrendered, but that will require intervention of the courts. Once the courts get involved, there will be a myriad of questions to be resolved, like who is the real authority over IP addresses (IANA, IETF, ICANN, WSIS, the UN, the US commerce department, and 5 RIRs are all fighting this battle right now, with no end in sight) and whether financial restitution has to be paid if a large block holder has to renumber. At the end of the court cases, probably taking 2 or 3 years with a couple of rounds of appeals, they'll free up maybe a couple of
Then there will be the eBay solution of groups auctioning off their IPv4 block to the highest bidder, with all the problems of ownership and rights that go with that. Would you buy a netblock off of eBay and start running your data centre off of it? What happens when IANA notices and tell you to fark off their property, they've reissued the block to someone else? What happens when scammers sell the same block to a number of different people who then all try announcing it on the internet?
There will be problems when someone with a partially used large block decides to "lease" part of their block to someone else, and thereby causing the whole thing to be de-aggregated. When enough of this happens, the BGP tables will grow huge, older equipment will break, so ISPs will just stop routing to distant parts of the internet. Soon thereafter, much of IPv4 becomes broken into islands which can't reach other islands.
There will also be new technologies, such as address compression, and regional aggregation, and some other things that would have made my head asplode if it weren't for the soothing effects of beer.
Geoff points out that the investment in NAT technologies, and the subsequent work-arounds for all the things NAT breaks, has required a huge investment over the last decade. This investment is about equal to what it will take to roll out a dual v4/v6 inte
What is with all the low /. IDs posting in this thread? I divide the /. world into those with lower IDs (the clued) and with higher IDs than me (the clueless n00bs). Just about every IPv6 article brings out all the old /.ers.
.Net claims they've had no problems with IPv6 connections, which account for about 1% of their traffic.
who the hell uses GRE for tunneling any more??
*ahem* no comment
there are no websites on it
There are starting to be more and more websites with dual v4/v6 addresses. You notice it more once you start using IPv6 all the time, because there are a lot of broken systems where the site admin had no clue that by enabling v6 in a v6 knowledgeable data centre, more work had to go into the apache config file. It also breaks things like PHP and MySQL in strange ways, not much of which has been fixed yet. One dual stacked website I know who is based entirely on IIS and
no ISPs that sell it
My entire life right now is helping ISPs and data centres get IPv6 up and running, with everything from training up their main engineers, to getting the BGP announcements right. This is because one of the 800lb gorillas in the ADSL world in Europe (jnanqbb) has been quietly testing IPv6 internally, and sometimes their macintosh users notice they have IPv6 (but no connectivity outside of their ISP). When they get all their internal problems worked out and start up their peerings with IPv6, there will be a large marketing campaign to bash all their competitors around for being stuck on the old, obsolete internet. This has the more aware ISPs getting ready before its too late.
most hardware doesn't work with it
Which hardware is this? Cisco, Juniper, Foundry, Extreme? Nope, they've been supporting it for years. Maybe you are talking about the cheap-ass home router/NAT boxes? I'll agree with you on that, there isn't much on the home market which supports it. Even if you buy a linksys router, you still have to upgrade the firmware to get IPv6.
maybe find a way to hack an extra byte on - rather than this overcomplex mess
What, and have two upgrade nightmares to live through? No thank you, this one change will keep knowledgeable people employed for long enough. Ignorant luddites like yourself can fester in the IPv4 ghetto for all we care. IPv6 was 5 years in research (1990-1995), 10 years in development (1995-2005), and has now become an Internet Standard. Its here, deal with it.
the AC
If you had been following the hard numbers coming out of the RIRs such as RIPE and APNIC, you would have noticed a strong upturn in the last 24 months for IPv4 allocations. There is no indication of it slowing down any time soon.
/16 for their 25 servers, because they want to be able to sell the extra address space in a few years.
/24 prefixes. From 1.0.0.0/24 to 223.255.255.0/24 would require 4.8 Gbytes on cisco, 5.2 Gbytes on Juniper, 5.8 Gbytes on Foundry, 12 Gbytes on OpenBGPd. Communities and other options would add to that. I have machines today which can hold 8Gbytes
There is some debate as to whether this is due to a new dotcom bubble, or the beginning of a land rush for the last IPv4 spaces. The consensus at the last RIPE meeting was that it's a combination of both. The RIPE NCC folks are now scrutinising every application, and rejecting any that seem suspicious (more than their usual belligerent^Wcharming, very, very charming attitude). I've had clients ask me to grab them a
The problem, of course, is both the rollout of new broadband clients, and the building of new server farms. Both require publically reachable addresses, you can't hide servers behind NAT because they need to be reachable, and every DSL/cable/Sat client needs one reachable address (even if NAT hides a few computers, you can't hide all of an ISP behind a single enormous NAT box, its been tried and failed miserably). Fueling the fire is cheap home computers. Mac Minis are 500 Euros, I just saw a Dell ad for a basic mini-tower square box for 300 Euros (equivalent specs to a mac mini in 10x the space and 2x the weight). DSL prices in any town with a phone switch are 19 Euros/month for basic access. With the price point for consumers coming down to where just about anyone can be on the net, IPv4 use is exploding.
Depending on which prediction you plot your graphs, within a few years or a decade the internet will reach the point where there just aren't any new addresses to be handed out. Approaching that point there will be a whole market place for the trading of netblocks, but it will be fraught with problems. There will be lawsuits, bogons, multiple announcements of the same blocks, blackholing, routers that can't hold the whole fragmenting IPv4 BGP table*, etc.
When the end comes, IPv4 will not disappear, it will just settle down as the ghetto of the internet, and IPv6 will hopefully be running alongside for all the people who want more reachablility. The rollout of IPv6 will take a decade, but I hereby declare that the decade started earlier this week when the IETF moved IPv6 from draft to Internet Standard.
the AC
*Someone recently calculated the size of the routing table to hold the entire IPv4 address space, if it was all de-aggregated into
Scanning even the complete *local* network alone requires checking a minimum of 2^64 IPs
No, it just requires the worm to send an ICMPv6 neighbor discovery packet (arp for IPv6), and see which machines are local.
Your argument is true for scanning the large empty spaces on the other side of routers, though. So as the space becomes vast, worm coders will just adopt whatever tricks the network people use to find sparsely populated networks, like directed ZeroConf.
the AC
Have we met at an IPv6 meeting?
/32 for yourself. For the $1000/year, you can have more subnets than you can ever use. The real answer is just go to an existing LIR, and pay them the $50 to give you an IPv6/48 assignment, and just carry it around with you. No IPv6 carriers right now care about which aggregated block a /48 came from, they'll route it.
/48 from my block for 100Euros admin fee
PI vs. PA on IPv6 is a great topic to derail an IETF/RIPE/NANOG meeting on IPv6.
The winners, so far by attrition, are the "Every assignment is PA, portability is built in". Fsckheads! There are a lot of reasons to have PI space in IPv6, but the fear is non-aggregation of the routing tables. Of course, RAM is getting so cheap now (unless you buy direct from Cisco) that a small hit due to some PI driven non-ag wouldn't hurt much.
The official answer to your question is simple. Pay your money to become an LIR, and grab a
the AC
I'll lease you a portable
As every computer and router I'm connected to already has IPv6, I'd certainly get a lot of f3rst p0sts before the rest of the world catches up :-) Its a sad fact that not many ISPs offer IPv6 right now, and very few data centres, but once some popular systems go dual-stack, we'll see uptake increase.
the AC
This happens in many consumer markets. The one that springs to mind is the "duty-free shopping" products.
The duty-free shops almost always have products that can NOT be found in regular consumer shops outside of airports. It specifically is to prevent comparison shopping. I have a friend who produces wines and champagnes, one set of labels for most of the products, another set of labels specifically for duty-free. The same thing happens with most of the products, like perfumes, chocolates, alcohols and electronics. The duty-free shops require a special size not available in regular consumer channels. You can see this if you end up buying perfume for the girlfriend just before travelling. Shops will carry 25ml and 50ml sizes, duty-free carries 35ml and 60ml at the same price (with local TVA) as 50ml and 75ml in the regular shops.
The volumes of consumer goods sold in competition-protected markets is so large that any mass producer has multiple packaging schemes. It is so common, that my online MBA courses mention the practice as normal and expected. Some database oriented friends tell me that all the big stock management systems (like Oracle and SAP) have functions for tracking multiple stock numbers for the same product, as well as tracking multiple margins for each version of the product.
the AC
an ambitious high school student who applies for entrance to MIT and prays to remain sleeping until the acceptance letter comes, which doesn't happen for another 30 years.
There goes my exact story I was writing for NaNoWriMo this month. Now I'll have to go change all my references from MIT to Georgia Tech. And make it a girl. Who prays to remain stoned until she is accepted. And it will take 27 years.
Yup, that'll fix it. No infringement here.
the AC
No smileys, there really isn't any humour to be mined in such an appalling mis-use of the patent system as this
The answer is.....
/.) can add something to this thread.
This code has been out for a few months now, and many select beta sites have been testing it in production environments. The first few iterations had some serious (crash and reboot every few hours) problems, but it (12.2.15T1thru17) has been in production use on several edge routers for a month with no noticable problems. Cisco didn't just patch the one 'sploit published, they categorised the class of exploits and went about fixing many different possible attack vectors or watching for suspicious behaviour that could indicate a compromised system. That is what took several months even before Michael's talk, and its been in testing (and re-patching and recursion testing) since then. The announcement today is because they are confident their fix is solid, but anyone staying at the bleeding edge of IOS releases has been using it since at least June.
I'd say its solid, but I'm not rolling out the latest version on everything until others add some real world stress testing. I'm sure there will be several more newly introduced bugs uncovered in the new few months, and the timer checks usually result in a panic reload, not optimal for stable systems with SLAs and big money riding on them.
I'm also not in a rush to roll this out, because for the moment there are no known exploits running around. Maybe Effugas or some of the IOS engineers (I know you read
the AC
I'm a techie. I don't do marketing. I certainly don't need to attract any more work, given that even the fly-by-night web hosters can find me. I just have to remember to keep my rates outrageously high enough to discourage the worst ones :-)
the AC