Personally I am not a fan of ISP provided gateways/routers for three reasons: - ISP can modify settings at will, quite literally their own back door into your network - software cannot be upgraded or fully configured by myself - usually of poor hardware quality, with 100M ports, poor wireless range, etc
Yup, only thing I want from my provider is a layer 2 handoff. The CPE they provide me should just be a media converter for whatever last mile access method they're using. I'll handle layer 3 and above on my side.
Not proven. Yay speculation! As piss poor as home wifi is I say let Google give it a shot. They are talking about making it have QoS that doesn't suck so I'm interested.
I'm not saying Google is doing naything evil, but of course they have an ulterior motive. They're not a non-profit, sheesh.
While this may benefit those who use the product, rest assured, that it also benefits Google in some manner.
I stand corrected... There's a "upgrade rom-monitor file..." privilege command that allows upgrade from the standard sources (tftp/ftp/http/flash/etc) on most platforms, thus it would trivial to upgrade with administrative access. One would assume a reboot is still necessary, which might raise suspicions, but once installed it may have counter measures to prevent removal or even detect it's installed.
If you're playing the long game, you don't even necessarily need to reboot it. As long as you can cover the tracks of the file being installed, you can just lie in wait until the next maintenance cycle that calls for a reboot of the device. Now, that could be a very long time. For example, rooting a Comcast Cisco router, you could lay in wait for years before it gets rebooted.
That, or just have the fel image tell IOS that it rebooted because of a power failure. Folks see that as the reboot reason, and they go swap the PEM's.
You don't actually need physical access, you just need access to the console port. Most folks don't access their console ports by going around and plugging in rollover cables, they hook the console ports into terminal servers and get remote console access that way.
So yeah, all you really need to is find a way onto the management network and obtain some admin credentials.
Big Media is hoping everyone needs their fix bad enough to overlook the way their being monetized.
It's shit like this that makes me lose not one second of sleep when my favorite shows happen to fall off the back of the internet, miraculously commercial free
I don't own one myself, so I'm not sure how they work, but I'd imagine it wouldn't matter if you had to DHCP them or not, as they're going to register with Sling regardless.
And I think the price is perfectly fair. Slings entire thing is to make it easy on folks to be able to watch their TV remotely. Your average user is not going to have any clue how to reserve a MAC address. They may have a clue how to forward a port, but I suspect that's more the gamer crowd. If maintenance of the service was an issue, then there should be a sub fee for it (but should have the option to avoid the sub fee by actually forwarding the port yourself, and then configuring the client). The advertising is another way of pushing a sub fee for the service - they're selling subscriptions to their users video streams to advertisers.
Even that wouldn't be so bad, *if* there was a way to opt out or configure direct connections to the Slingbox via the clients. As it is, however, their customers are a captive audience with no recourse to avoid seeing the ads. Hence, the class action suit.
Yup. that's why folks are kind of pissed about it and claiming bait and switch. Most folks purchased a slingbox as a device to act as video forwarder so they could watch their tv service when they weren't physically present, and Slingboxes have been really good at that for a long time. If folks knew they'd be getting extra ads on the device, they may have opted not to purchase.
I personally think that Sling should be forced to issue refunds if they're not going to stop the ads.
I work for one of the big cable companies. We use slingboxes at hub sites which are remote or just not staffed 24/7 in order to be able to verify whether or not video service is working, particularly after maintenances which may affect video.
A couple weeks ago was the first time in awhile that I've had to verify it myself, and I was very surprised to see ads popping up before the live tv stream kicked in, and I was thinking 'that's.... not right'. I'm not terribly surprised that there are some consumers who are pissed off enough to sue.
It's one thing if the service is free. With Youtube, we kind of understand that they have to show ads in order to keep the service free. But when something I paid for in order to use starts shoving ads at me, I tend to get a little ticked off too.
I'm curious, does Netflix do the same thing? Show ads before you start streaming? I don't remember that being the case, but I stopped using Netflix after their price hike fiasco.
If they don't currently do this, and Sling Media wins the suit, I'll bet my bottom dollar they will.
on where I was going, and how near the stations were.
If I was still commuting to downtown Atlanta, and MARTA was free, I would take it in a heartbeat. Driving downtown isn't that bad, but parking is a stone cold pain in the ass.
However, there would need to be a Marta train station within a couple of blocks of where I needed to go. That hasn't always been the case. If I had to transfer from rail to bus service, and it was still free, I wouldn't use it if I needed to transfer to bus.
No, it's actually 2 gigs each way, so you need a 10gig interface to be able to hook up to it, which means you need 10 gig network gear if you want to use it on more than one box.
This is, obviously, not intended for the average home user, this is more intended for an office or business setting.
A lawsuit is going to require alot more than just an email address, particularly if the company that accepted it did nothing to make sure the email address was actually one belonging to the person services were extended to before extending services.
Same thing with the credit reporting agencies.
If they ever do come after you, then have a field day filing a countersuit. Refer to the fair credit reporting act for the protections it offers.
And it may simply be someone typed in the wrong email address.
To give an example - this year, I started receiving emails from Comcast about a new install being setup. It was being sent to my email, but the name was that of someone else (same first initial). The email address is a gmail one, so pretty easy mistake to make.
Now I initially suspected that this was some kind of phising crap. The links looked legit though. Ironically enough, I actually work for Comcast, so I was able to pull up the new account based on details provided in the email to figure out it was actually legit, and was able to clear it up and get my email off the account.
So there's the old adage, never attribute to malice what can be covered by stupidity.
That being said - I sincerely suggest you put a credit freeze on your accounts with all three major bureaus. I've had it for years. They make it easy to lift the freeze, either permanently, or for a specified time period, in case you need the info to go through (credit application, job check, rental check, etc). It's an easy and sane way to help protect yourself from identity theft (there may be some cost involved, depending on what state you're in, but it's fairly small)
Sort of. The CCIE just requires you to pass the Written to recertify every 2 years, and it can be any Written, not for the track you passed the Lab exam in.
Passing any Cisco exam recertifies everything at the level it's at and everything below it.
So for example, lets say I have CCNP Routing and Switching, CCNA Routing and Switching, CCNA Security, and..... CCNA Service Provider.
All I need to do in order to recertify all of that is to pass one Professional level exam (maybe I take one exam for CCNP Security), and everything is recertified.
Or, I pass the CCIE Written exam instead. That qualifies me for the Lab Exam, and renews every cert at the Professional and Associate levels.
If I pass the Lab Exam, then I just need to pass a CCIE Written every two years in order to recertify the whole shebang.
So Cisco recert policies don't actually do much to keep you current on the technology you're certified for. What they do is keep you taking Cisco exams so that you can keep listing everything you've earned on your resume. This is incentive to avoid letting things expire, because if you do, then you have to retake everything.
The problem with certifications is that brain dumps are a big business.
Alot of folks believe that Certifications will enhance their chances of getting a job.
Hence, they brain dump the exam and pass.
For the folks who actually take the time and learn the material the certification is testing for, and pass the exam honestly, the certification process is a boon.
Unfortunately, we live in an on-demand society, so interviewers often see many more of the former than the latter.
I'm on the interview panel for my team. And I see an awful lot of paper tigers. Given that I also have an alphabet soup of certs, I know the skill levels those exams test for, and I tailor my interview questions to things that they should be able to answer, as well as any other technology they put on their resume. If it's on the resume, the candidate should be able to speak to it
Within 5 questions, I can almost always determine the persons actual skill level and whether or not they dumped the exam. And unfortunately, there are *alot*. To add to that, there are also some recruiters who actually encourage the candidates to add certain keywords to their resumes. I actually got one guy to admit during the interview that he'd just added it, after I started asking questions on it.
We have gotten a few folks with a good amount of certs that actually knew their stuff. We even hired a few of them. The ones we didn't hire, I knew we weren't going to be able to pay them what they'd be looking for, so they turned down the job.
In my opinion though, it's worth it to wade through the dross and take the time to make sure you get the right person. If you're careless in your hiring practices, you'll just be right back on the merry-go-round
I also work 3rd shift, as a network operator for a rather large ISP (3rd shift being something of a requirement, since folks don't like it when we do disruptive work during waking hours. Can't imagine why....)
So for me, the distractions are pretty minimal. Everyone else is asleep when I'm working, and other than my cat occasionally deciding she wants to play when I have six figures of customers down at the moment, there's no problem. When I'm in the office, the distractions are non stop.
Now, I'm a loner type, and my work doesn't involve a whole lot of in person communication. Most of the time the folks I'm talking to with whatever I'm working on aren't local, so it's done over a conference bridge, and that's just as easily handled from home as at work. So this kind of environment is perfect for me. That, and the office is a 2.5 hour commute.
Unfortunately, things have changed within the company enough that I've decided to leave come September. It's going to be interesting, as there isn't much call for skilled network operators in decent driving distance, so I'm going to have to either work 3 to 4 month contracts that take me away from home, or find something that will allow me to telecommute.
Fortunately, my wife makes very good money and we have no debt other than the mortgage, so leaving my job doesn't threaten our quality of life, but I still don't relish the idea of being away from my family for months at a time, nor do I relish the idea of going back to associating with office drama.
You're wrong. I get to handle messed up issues where folks can't reach ipv4 sites on a fairly regular basis.
Our customers do not call the company of the website they're having a problem reaching. They call us. And when we find out that the problem isn't on our end, our folks have to get in touch with their provider, who will then either fix it (if it's their fault) or talk to their customer and get them to fix it.
If the big ISP's decided to take a 'you will use ipv6 only stance', then grandma would be mad at us if she couldn't read and post on her basketweaving forum.
Now, don't get me wrong, I'd love it if we'd be ballsy enough to make such a move. But the average end user is not understanding or reasonable. They expect their stuff to just work, and when it doesn't just work, they get mad at the people they're paying money to in order to make it work.
In a market that's saturated and the only growth comes from taking your competitors customers, we'd be handing our competitors a golden opportunity to stick it to us. I can see the ad campaigns now 'Comcast won't let you get to your basketweaving website? Come to AT&T! We have full internet connectivity!'
Are you saying that IPv6 address can not be placed behind a firewall? Just because it's a publicly addressable block doesn't mean it can't be firewalled off. There are entire companies running on 'real' ipv4 addresses right now that can't just be nmaped because they are secured with a firewall. NAT is not required to create that curtain, proper network security (firewall, acls, gateways, routing, etc) is.
The rest of it, well i'm not expert so I can't comment.
But why can't we just get major ISPs to start handing out ipv6 addresses for external communication and just use ipv6 to ipv4 nat technology internally?
I suspect that is where a large part of it is going to go. I think alot of ISP's are going to start employing v6 to v4 gateways.
The problem with that, however, is going to be DNS.
Let's say my host is native v6 only, no ipv4 address. And I'm trying to reach a site that has ipv4 connectivity only, no v6 DNS records.
About the only way that's going to work is if the DNS server I'm using returns a result that points me to a v6 to v4 gateway for sites that don't have AAAA DNS records. I seem to remember folks getting up in arms when someone tried that for non-existent ipv4 domains.
Fortunately, that problem has already been solved. NAT64/DNS64 are viable migration alternatives, and one I'll be implementing on the home network as soon as my ISP decides they want to actually roll out native IPv6 connectivity (though I am a Comcast employee, I do not live in a Comcast area. Sometimes, there is a downside to being a telecommuter)
Good luck trying to scan an ipv6 range... The smallest subnet is a/64, even scanning every host there for a single port would take a LONG time.
That's not even close to true. You need big subnets if you're going to use autoconfigs based off of MAC Address sure, but with DHCPv6, there's no 64-bit boundary, you can break your subnets into whatever chunks you want and allocate IP's out of that.
Now, the subnets are still going to be big. I mean, if you break your allocations down into/96 blocks, for example, and hand those to the end users, you'd still be needing to port scan the equivalent of the entire ipv4 address space.
They don't call the businesses that they're trying to reach and can't though.
They call the ISP.
Since Comcast now has more Internet customers than cable subscribers, taking an ipv6 only stance would be committing suicide. The subscriber loss (and therefore, revenue loss) that would incur would piss off the shareholders, who would murder the company for failing in their fiduciary responsibility.
Instead, Comcast is fully dual-stacked. As companies transition over to ipv6, the Comcast network is ready and fully capable of supporting them.
Never going to happen. IPv4 network stacks are hard coded to not recognize anything 224 and above as valid host addresses. In order to actually use the multicast space, you would quite literally need to update every single network and host device in existence to support that. And not just the v4 stacks, it'd also be lower level things like the dynamic routing protocols that use link local multicast for neighbor discovery.
The amount of cost and pain it would cost in order to reclaim the Multicast and experimental ranges far outstrip the costs and pain to simply migrate to ipv6, especially since the amount of space gained is paltry compared to the growth needs.
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
Suckage.
I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.
I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.
I actually see alot of this. Customers complaining about slow surf, and these days, that's one of two things - A. Capacity B. Bad IPv6 routing. Since v6 is preferred, if the v6 path is bad, it'll take awhile to time out before it falls back to ipv4, and looks alot like network latency.
A large part of the problem is that companies are defining AAAA DNS records without making sure that their upstream provider has actually gotten their v6 routing in shape, but even the ones that have done that doesn't help when the end user is connected to a network that isn't directly connected to their destination, and the end users provider doesn't have their v6 routing in shape.
The real holdup, however, are the end user networks. Most of them simply aren't built to be accessible over ipv6. It's possible for the ISP's to provide entirely transparent v6 connectivity to it's end users, but if the places they're trying to go isn't v6 capable, that engineering has gone to waste. It's still wise to do it, as a migration to v6 is inevitable, but it's hard to justify the money making it right.
Unfortunately, I suspect that most folks will simply try and use stopgap measures. Carrier grade NAT, transparent gateway proxying, etc.
Eventually there will come a point where someone smart will say 'you know, we're spending alot of time and effort and adding more points of failure to the network to try and keep this legacy connectivity alive. It will actually simplify operations if we just go ipv6 native'.
If you're smart, and you have the opportunity to build out a network in this time and place, you do it dual stacked, and treat ipv6 connectivity as seriously as you treat ipv4 connectivity.
Cable Modem IP's were changed over to use IPv6 for their management addresses a couple years ago. Most Comcast CMTS's have very little space allocated for IPv4 management (usually a single/23) for those who are still running older modems that can't do IPv6 at all.
Likewise, DHCPv6 has been deployed for a couple years as well. So if you're using a consumer grade router that has IPv6 capability, it will pull a v6 allocation.
Since virtually every single modern OS has v6 capability, it's turned on by default, and it's preferred over v4, there are quite a few people out there who are going to popular v6 enabled websites (google, facebook, etc) without even realizing it.
I'm a network ops monkey for Comcast, so have direct experience in all this (one of my primary job functions was to get all the routing kinks worked out for a large part of the network before IPv6 day back in 2012), and while we're not on the verge of running out of v4 space, it's alot tighter than it used to be, and we're pretty careful about how we allocate them, we have a team dedicated to managing the v4 space, and they're pretty good at making sure we don't have large gobs of v4 space sitting around allocated but unused. We do alot of work to drive as much to v6 as we can without making it hard on the customer.
It wouldn't surprise me if there are other major ISP's who are doing the same. You can expect growth in this area as more and more networks realize the same thing, and as folks upgrade their old gear.
Every toll road has a toll for X years. Then after X years... it keeps the toll. Every time, no one can turn the tap off.
That's actually not entirely true. Georgia State Road 400 was a toll road. It was supposed to keep it's toll for 20 years, expiring in 2011. However, Governor Purdue and the State Road and Tollway Authority voted to extend tolls until 2020.
However, despite the above extension, Governor Deal and the SRTA decided to end tolls. In December, 2013 the toll plaza's on GA 400 collected their last tolls.
So while they did get a couple extra years of toll collection out of it, they did actually turn it off like planned.
Now, I don't think that they were entirely altruistic about it. It happened after they put in the toll express lanes on I-85, and alot of Georgians used GA 400, but alot also avoided it because of the tolls. I-85 is a little more difficult to avoid, and when you're stuck on the I-85 parking lot, that 2 bucks to use the express lane becomes alot more appealing.
You do realize, that in the example provided, Comcast to Nlayer was a steady 21Mbs, while AT&T was the sub Mbs carrier, right? The problem wasn't Comcast to Nlayer.
The funny thing is, if you read the article, that is the only time in the entire thing Comcast's name is mentioned, and it's not in a negative way.
But I guarantee you that everyone is going to assume Comcast is one of the five mentioned in the summary just because of the general bias.
Slashdot Mirror
Personally I am not a fan of ISP provided gateways/routers for three reasons:
- ISP can modify settings at will, quite literally their own back door into your network
- software cannot be upgraded or fully configured by myself
- usually of poor hardware quality, with 100M ports, poor wireless range, etc
Yup, only thing I want from my provider is a layer 2 handoff. The CPE they provide me should just be a media converter for whatever last mile access method they're using. I'll handle layer 3 and above on my side.
Not proven. Yay speculation!
As piss poor as home wifi is I say let Google give it a shot. They are talking about making it have QoS that doesn't suck so I'm interested.
I'm not saying Google is doing naything evil, but of course they have an ulterior motive. They're not a non-profit, sheesh.
While this may benefit those who use the product, rest assured, that it also benefits Google in some manner.
I stand corrected... There's a "upgrade rom-monitor file ..." privilege command that allows upgrade from the standard sources (tftp/ftp/http/flash/etc) on most platforms, thus it would trivial to upgrade with administrative access. One would assume a reboot is still necessary, which might raise suspicions, but once installed it may have counter measures to prevent removal or even detect it's installed.
If you're playing the long game, you don't even necessarily need to reboot it. As long as you can cover the tracks of the file being installed, you can just lie in wait until the next maintenance cycle that calls for a reboot of the device. Now, that could be a very long time. For example, rooting a Comcast Cisco router, you could lay in wait for years before it gets rebooted.
That, or just have the fel image tell IOS that it rebooted because of a power failure. Folks see that as the reboot reason, and they go swap the PEM's.
Unless of course there's a way to do it remotely using a built in security hole like a default password.
And then it becomes a whole let less "no shit, Sherlock" and becomes a lot more of "what the fuck were they thinking?".
If there was a backdoor password, someone would have spilled it by now, or it's the best kept secret in the black hat community.
The Cisco advisory is basically saying 'hey, if someone has root, they can do bad shit'. And yeah, that's no shit sherlock
You don't actually need physical access, you just need access to the console port. Most folks don't access their console ports by going around and plugging in rollover cables, they hook the console ports into terminal servers and get remote console access that way.
So yeah, all you really need to is find a way onto the management network and obtain some admin credentials.
Idjuts who try to respond with non-lethal force often find that the other side isnt always that considerate.
The opiate of the masses......
Big Media is hoping everyone needs their fix bad enough to overlook the way their being monetized.
It's shit like this that makes me lose not one second of sleep when my favorite shows happen to fall off the back of the internet, miraculously commercial free
I don't own one myself, so I'm not sure how they work, but I'd imagine it wouldn't matter if you had to DHCP them or not, as they're going to register with Sling regardless.
And I think the price is perfectly fair. Slings entire thing is to make it easy on folks to be able to watch their TV remotely. Your average user is not going to have any clue how to reserve a MAC address. They may have a clue how to forward a port, but I suspect that's more the gamer crowd. If maintenance of the service was an issue, then there should be a sub fee for it (but should have the option to avoid the sub fee by actually forwarding the port yourself, and then configuring the client). The advertising is another way of pushing a sub fee for the service - they're selling subscriptions to their users video streams to advertisers.
Even that wouldn't be so bad, *if* there was a way to opt out or configure direct connections to the Slingbox via the clients. As it is, however, their customers are a captive audience with no recourse to avoid seeing the ads. Hence, the class action suit.
Yup. that's why folks are kind of pissed about it and claiming bait and switch. Most folks purchased a slingbox as a device to act as video forwarder so they could watch their tv service when they weren't physically present, and Slingboxes have been really good at that for a long time. If folks knew they'd be getting extra ads on the device, they may have opted not to purchase.
I personally think that Sling should be forced to issue refunds if they're not going to stop the ads.
...when someone would get around to this.
I work for one of the big cable companies. We use slingboxes at hub sites which are remote or just not staffed 24/7 in order to be able to verify whether or not video service is working, particularly after maintenances which may affect video.
A couple weeks ago was the first time in awhile that I've had to verify it myself, and I was very surprised to see ads popping up before the live tv stream kicked in, and I was thinking 'that's.... not right'. I'm not terribly surprised that there are some consumers who are pissed off enough to sue.
It's one thing if the service is free. With Youtube, we kind of understand that they have to show ads in order to keep the service free. But when something I paid for in order to use starts shoving ads at me, I tend to get a little ticked off too.
I'm curious, does Netflix do the same thing? Show ads before you start streaming? I don't remember that being the case, but I stopped using Netflix after their price hike fiasco.
If they don't currently do this, and Sling Media wins the suit, I'll bet my bottom dollar they will.
on where I was going, and how near the stations were.
If I was still commuting to downtown Atlanta, and MARTA was free, I would take it in a heartbeat. Driving downtown isn't that bad, but parking is a stone cold pain in the ass.
However, there would need to be a Marta train station within a couple of blocks of where I needed to go. That hasn't always been the case. If I had to transfer from rail to bus service, and it was still free, I wouldn't use it if I needed to transfer to bus.
No, it's actually 2 gigs each way, so you need a 10gig interface to be able to hook up to it, which means you need 10 gig network gear if you want to use it on more than one box.
This is, obviously, not intended for the average home user, this is more intended for an office or business setting.
A lawsuit is going to require alot more than just an email address, particularly if the company that accepted it did nothing to make sure the email address was actually one belonging to the person services were extended to before extending services.
Same thing with the credit reporting agencies.
If they ever do come after you, then have a field day filing a countersuit. Refer to the fair credit reporting act for the protections it offers.
And it may simply be someone typed in the wrong email address.
To give an example - this year, I started receiving emails from Comcast about a new install being setup. It was being sent to my email, but the name was that of someone else (same first initial). The email address is a gmail one, so pretty easy mistake to make.
Now I initially suspected that this was some kind of phising crap. The links looked legit though. Ironically enough, I actually work for Comcast, so I was able to pull up the new account based on details provided in the email to figure out it was actually legit, and was able to clear it up and get my email off the account.
So there's the old adage, never attribute to malice what can be covered by stupidity.
That being said - I sincerely suggest you put a credit freeze on your accounts with all three major bureaus. I've had it for years. They make it easy to lift the freeze, either permanently, or for a specified time period, in case you need the info to go through (credit application, job check, rental check, etc). It's an easy and sane way to help protect yourself from identity theft (there may be some cost involved, depending on what state you're in, but it's fairly small)
Sort of. The CCIE just requires you to pass the Written to recertify every 2 years, and it can be any Written, not for the track you passed the Lab exam in.
Passing any Cisco exam recertifies everything at the level it's at and everything below it.
So for example, lets say I have CCNP Routing and Switching, CCNA Routing and Switching, CCNA Security, and..... CCNA Service Provider.
All I need to do in order to recertify all of that is to pass one Professional level exam (maybe I take one exam for CCNP Security), and everything is recertified.
Or, I pass the CCIE Written exam instead. That qualifies me for the Lab Exam, and renews every cert at the Professional and Associate levels.
If I pass the Lab Exam, then I just need to pass a CCIE Written every two years in order to recertify the whole shebang.
So Cisco recert policies don't actually do much to keep you current on the technology you're certified for. What they do is keep you taking Cisco exams so that you can keep listing everything you've earned on your resume. This is incentive to avoid letting things expire, because if you do, then you have to retake everything.
The problem with certifications is that brain dumps are a big business.
Alot of folks believe that Certifications will enhance their chances of getting a job.
Hence, they brain dump the exam and pass.
For the folks who actually take the time and learn the material the certification is testing for, and pass the exam honestly, the certification process is a boon.
Unfortunately, we live in an on-demand society, so interviewers often see many more of the former than the latter.
I'm on the interview panel for my team. And I see an awful lot of paper tigers. Given that I also have an alphabet soup of certs, I know the skill levels those exams test for, and I tailor my interview questions to things that they should be able to answer, as well as any other technology they put on their resume. If it's on the resume, the candidate should be able to speak to it
Within 5 questions, I can almost always determine the persons actual skill level and whether or not they dumped the exam. And unfortunately, there are *alot*. To add to that, there are also some recruiters who actually encourage the candidates to add certain keywords to their resumes. I actually got one guy to admit during the interview that he'd just added it, after I started asking questions on it.
We have gotten a few folks with a good amount of certs that actually knew their stuff. We even hired a few of them. The ones we didn't hire, I knew we weren't going to be able to pay them what they'd be looking for, so they turned down the job.
In my opinion though, it's worth it to wade through the dross and take the time to make sure you get the right person. If you're careless in your hiring practices, you'll just be right back on the merry-go-round
I also work 3rd shift, as a network operator for a rather large ISP (3rd shift being something of a requirement, since folks don't like it when we do disruptive work during waking hours. Can't imagine why....)
So for me, the distractions are pretty minimal. Everyone else is asleep when I'm working, and other than my cat occasionally deciding she wants to play when I have six figures of customers down at the moment, there's no problem. When I'm in the office, the distractions are non stop.
Now, I'm a loner type, and my work doesn't involve a whole lot of in person communication. Most of the time the folks I'm talking to with whatever I'm working on aren't local, so it's done over a conference bridge, and that's just as easily handled from home as at work. So this kind of environment is perfect for me. That, and the office is a 2.5 hour commute.
Unfortunately, things have changed within the company enough that I've decided to leave come September. It's going to be interesting, as there isn't much call for skilled network operators in decent driving distance, so I'm going to have to either work 3 to 4 month contracts that take me away from home, or find something that will allow me to telecommute.
Fortunately, my wife makes very good money and we have no debt other than the mortgage, so leaving my job doesn't threaten our quality of life, but I still don't relish the idea of being away from my family for months at a time, nor do I relish the idea of going back to associating with office drama.
Ok, you can think all you want.
You're wrong. I get to handle messed up issues where folks can't reach ipv4 sites on a fairly regular basis.
Our customers do not call the company of the website they're having a problem reaching. They call us. And when we find out that the problem isn't on our end, our folks have to get in touch with their provider, who will then either fix it (if it's their fault) or talk to their customer and get them to fix it.
If the big ISP's decided to take a 'you will use ipv6 only stance', then grandma would be mad at us if she couldn't read and post on her basketweaving forum.
Now, don't get me wrong, I'd love it if we'd be ballsy enough to make such a move. But the average end user is not understanding or reasonable. They expect their stuff to just work, and when it doesn't just work, they get mad at the people they're paying money to in order to make it work.
In a market that's saturated and the only growth comes from taking your competitors customers, we'd be handing our competitors a golden opportunity to stick it to us. I can see the ad campaigns now 'Comcast won't let you get to your basketweaving website? Come to AT&T! We have full internet connectivity!'
Are you saying that IPv6 address can not be placed behind a firewall? Just because it's a publicly addressable block doesn't mean it can't be firewalled off. There are entire companies running on 'real' ipv4 addresses right now that can't just be nmaped because they are secured with a firewall. NAT is not required to create that curtain, proper network security (firewall, acls, gateways, routing, etc) is.
The rest of it, well i'm not expert so I can't comment.
But why can't we just get major ISPs to start handing out ipv6 addresses for external communication and just use ipv6 to ipv4 nat technology internally?
I suspect that is where a large part of it is going to go. I think alot of ISP's are going to start employing v6 to v4 gateways.
The problem with that, however, is going to be DNS.
Let's say my host is native v6 only, no ipv4 address. And I'm trying to reach a site that has ipv4 connectivity only, no v6 DNS records.
About the only way that's going to work is if the DNS server I'm using returns a result that points me to a v6 to v4 gateway for sites that don't have AAAA DNS records. I seem to remember folks getting up in arms when someone tried that for non-existent ipv4 domains.
Fortunately, that problem has already been solved. NAT64/DNS64 are viable migration alternatives, and one I'll be implementing on the home network as soon as my ISP decides they want to actually roll out native IPv6 connectivity (though I am a Comcast employee, I do not live in a Comcast area. Sometimes, there is a downside to being a telecommuter)
Good luck trying to scan an ipv6 range... /64, even scanning every host there for a single port would take a LONG time.
The smallest subnet is a
That's not even close to true. You need big subnets if you're going to use autoconfigs based off of MAC Address sure, but with DHCPv6, there's no 64-bit boundary, you can break your subnets into whatever chunks you want and allocate IP's out of that.
Now, the subnets are still going to be big. I mean, if you break your allocations down into /96 blocks, for example, and hand those to the end users, you'd still be needing to port scan the equivalent of the entire ipv4 address space.
They don't call the businesses that they're trying to reach and can't though.
They call the ISP.
Since Comcast now has more Internet customers than cable subscribers, taking an ipv6 only stance would be committing suicide. The subscriber loss (and therefore, revenue loss) that would incur would piss off the shareholders, who would murder the company for failing in their fiduciary responsibility.
Instead, Comcast is fully dual-stacked. As companies transition over to ipv6, the Comcast network is ready and fully capable of supporting them.
Never going to happen. IPv4 network stacks are hard coded to not recognize anything 224 and above as valid host addresses. In order to actually use the multicast space, you would quite literally need to update every single network and host device in existence to support that. And not just the v4 stacks, it'd also be lower level things like the dynamic routing protocols that use link local multicast for neighbor discovery.
The amount of cost and pain it would cost in order to reclaim the Multicast and experimental ranges far outstrip the costs and pain to simply migrate to ipv6, especially since the amount of space gained is paltry compared to the growth needs.
My cell phone has been on IPv6 for years. Everything I have is ready for the conversion. What is holding it up?
Suckage.
I recently disabled IPv6 on my router because too many sites were slow loading. It was particularly bad with Wikipedia, which usually just timed out after a few minutes. OTOH, IPv4 works fine for the same sites.
I don't know where the trouble is, Wikipedia or my ISP (U-Verse) or somewhere in between or some problem with my computer... but in its current state, I can't endorse switching.
I actually see alot of this. Customers complaining about slow surf, and these days, that's one of two things - A. Capacity B. Bad IPv6 routing. Since v6 is preferred, if the v6 path is bad, it'll take awhile to time out before it falls back to ipv4, and looks alot like network latency.
A large part of the problem is that companies are defining AAAA DNS records without making sure that their upstream provider has actually gotten their v6 routing in shape, but even the ones that have done that doesn't help when the end user is connected to a network that isn't directly connected to their destination, and the end users provider doesn't have their v6 routing in shape.
The real holdup, however, are the end user networks. Most of them simply aren't built to be accessible over ipv6. It's possible for the ISP's to provide entirely transparent v6 connectivity to it's end users, but if the places they're trying to go isn't v6 capable, that engineering has gone to waste. It's still wise to do it, as a migration to v6 is inevitable, but it's hard to justify the money making it right.
Unfortunately, I suspect that most folks will simply try and use stopgap measures. Carrier grade NAT, transparent gateway proxying, etc.
Eventually there will come a point where someone smart will say 'you know, we're spending alot of time and effort and adding more points of failure to the network to try and keep this legacy connectivity alive. It will actually simplify operations if we just go ipv6 native'.
If you're smart, and you have the opportunity to build out a network in this time and place, you do it dual stacked, and treat ipv6 connectivity as seriously as you treat ipv4 connectivity.
Alot of that growth is actually due to Comcast.
Cable Modem IP's were changed over to use IPv6 for their management addresses a couple years ago. Most Comcast CMTS's have very little space allocated for IPv4 management (usually a single /23) for those who are still running older modems that can't do IPv6 at all.
Likewise, DHCPv6 has been deployed for a couple years as well. So if you're using a consumer grade router that has IPv6 capability, it will pull a v6 allocation.
Since virtually every single modern OS has v6 capability, it's turned on by default, and it's preferred over v4, there are quite a few people out there who are going to popular v6 enabled websites (google, facebook, etc) without even realizing it.
I'm a network ops monkey for Comcast, so have direct experience in all this (one of my primary job functions was to get all the routing kinks worked out for a large part of the network before IPv6 day back in 2012), and while we're not on the verge of running out of v4 space, it's alot tighter than it used to be, and we're pretty careful about how we allocate them, we have a team dedicated to managing the v4 space, and they're pretty good at making sure we don't have large gobs of v4 space sitting around allocated but unused. We do alot of work to drive as much to v6 as we can without making it hard on the customer.
It wouldn't surprise me if there are other major ISP's who are doing the same. You can expect growth in this area as more and more networks realize the same thing, and as folks upgrade their old gear.
Every toll road has a toll for X years. Then after X years... it keeps the toll. Every time, no one can turn the tap off.
That's actually not entirely true. Georgia State Road 400 was a toll road. It was supposed to keep it's toll for 20 years, expiring in 2011. However, Governor Purdue and the State Road and Tollway Authority voted to extend tolls until 2020.
However, despite the above extension, Governor Deal and the SRTA decided to end tolls. In December, 2013 the toll plaza's on GA 400 collected their last tolls.
So while they did get a couple extra years of toll collection out of it, they did actually turn it off like planned.
Now, I don't think that they were entirely altruistic about it. It happened after they put in the toll express lanes on I-85, and alot of Georgians used GA 400, but alot also avoided it because of the tolls. I-85 is a little more difficult to avoid, and when you're stuck on the I-85 parking lot, that 2 bucks to use the express lane becomes alot more appealing.
You do realize, that in the example provided, Comcast to Nlayer was a steady 21Mbs, while AT&T was the sub Mbs carrier, right? The problem wasn't Comcast to Nlayer.
The funny thing is, if you read the article, that is the only time in the entire thing Comcast's name is mentioned, and it's not in a negative way.
But I guarantee you that everyone is going to assume Comcast is one of the five mentioned in the summary just because of the general bias.