[opensuse] Linux Kernel Allows 0.0.0.0/8 as a Valid Address Range
IPv6 has been around for years. Why don't some people get with the program, instead of coming up with hacks to get around the address shortage. Even with this block, there still won't be enough IPv4 addresses just for mobile devices, let alone everything else. The longer people take to move to IPv6, the worse the problem is going to get. By comparison, on IPv6, the smallest address block, /64 provides as many addresses as the entire IPv4 address space squared. I get 256 of those /64s from my ISP. Some ISPs provide 65K of them to each customer. Why are we wasting our time trying to squeeze more life out of something that should have been retired years ago? Incidentally, this block represents less than 0.4% of the IPv4 address space. Will it really make a difference? https://www.technotification.com/2019/08/linux-kernel-allows-0-0-0-0-8-as-a-... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-13 3:22 p.m., James Knott wrote:
IPv6 has been around for years. Why don't some people get with the program, instead of coming up with hacks to get around the address shortage.
I think a much easier question to answer is why do some people still believe the earth is flat. I gave up long ago asking my internet provider why they are not making a move to IPv6; their answer has always been that it is a complex thing to implement (or some nonsense like that). I think their real reason is they don't like the idea of handing out more than a single IP to any one computer, and the complexity of the issue is they cannot figure out how to do that with IPv6. They have a /32 address assignment from ARIN, serve a population of about half a million, and cannot figure out they have enough distinct _subnets_ to serve half the population of the planet. Yes, "why is the planet not flat" is much easier to figure out. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-13 07:17 PM, Darryl Gregorash wrote:
I think a much easier question to answer is why do some people still believe the earth is flat.
Ah. I see your ISP is in Saskatchewan. That might explain why they think the earth is flat. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
IPv6 has been around for years. Why don't some people get with the program, instead of coming up with hacks to get around the address shortage. Even with this block, there still won't be enough IPv4 addresses just for mobile devices, let alone everything else. The longer people take to move to IPv6, the worse the problem is going to get.
[off-topic] My guess - many of the larger access providers have yet to feel the pain. You have mentioned it yourself, your IPv4 address virtually never changes, versus my example of hosts on a Swiss mobile network changing every other day. The latter suggests a higher contention ratio.
Why are we wasting our time trying to squeeze more life out of something that should have been retired years ago?
We will have dual-stack for years to come. No public server will go IPv6-only, unless in restricted or controlled environments, not on the world-wide internet. So even when those larger providers do start with IPv6 deployment, they cannot give up on IPv4.
Incidentally, this block represents less than 0.4% of the IPv4 address space. Will it really make a difference?
A full class A network is not to be laughed at. Enabling it in Linux is a good thing. [1] The regional internet registries (RIPE, ARIN et al) are being very tight with what remains of IPv4 addresses. Since 2015, these are all RIPE announcements regarding recovered ranges, in chronological order: [ncc-announce] [news] RIPE NCC Receives a /13 from IANA's Recovered [ncc-announce] [news] RIPE NCC Receives a /14 from IANA's Recovered [ncc-announce] [news] RIPE NCC Receives /15 from IANA's Recovered [ncc-announce] [news] RIPE NCC Receives /18 from IANA's Recovered [ncc-announce] [news] RIPE NCC Receives /19 from IANA's Recovered [ncc-announce] [news] RIPE NCC Receives /20 from IANA's Recovered [ncc-announce] [news] RIPE NCC Receives /21 from IANA’s Recovered Pool [ncc-announce] [news] RIPE NCC Receives /22 from IANA’s Recovered Pool [ncc-announce] [news] RIPE NCC Receives /23 from IANA’s Recovered Pool (all composed of non-contiguous /24 ranges). A rough calculation says the total is a mere 5% of a full class A. [1] An interesting question might be - how many applications will have a problem with that 0.0.0.0/8 range? Usually all zeros have meant all addresses or no address. Or default route. -- Per Jessen, Zürich (14.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 03:03 AM, Per Jessen wrote:
My guess - many of the larger access providers have yet to feel the pain. You have mentioned it yourself, your IPv4 address virtually never changes, versus my example of hosts on a Swiss mobile network changing every other day. The latter suggests a higher contention ratio.
Yet my ISP is 100% ready for IPv6. In addition to my Internet connection, my cell phone (same company) is also IPv6 only. In order to access IPv4 only sites, it uses something called 464XLAT to convert to IPv4. Several other companies in my area are also offering IPv6, but not the big one, the phone company. They've been offering IPv6 on the Internet for over 3.5 years and had a pilot program, with 6to4 & 6rd tunneling for years before that.
We will have dual-stack for years to come. No public server will go IPv6-only, unless in restricted or controlled environments, not on the world-wide internet. So even when those larger providers do start with IPv6 deployment, they cannot give up on IPv4.
No doubt dual stack will be around a long time. However, the move to IPv6 should have started years ago for everyone. There are also some parts of the world where no IPv4 addresses are available, so there are some IPv6 only servers in those areas.
A full class A network is not to be laughed at. Enabling it in Linux is a good thing. [1] The regional internet registries (RIPE, ARIN et al) are being very tight with what remains of IPv4 addresses.
Yep. According to what I read a while ago, they're not handing out anything bigger than a /24. I also recall reading that they won't release addresses to anyone that does not have IPv6 up & running and also that some are being reserved for transistion purposes.
A rough calculation says the total is a mere 5% of a full class A.
And a class A is only 0.39% of the total IPv4 address space. All this is doing is very slightly delaying the inevitable.
[1] An interesting question might be - how many applications will have a problem with that 0.0.0.0/8 range? Usually all zeros have meant all addresses or no address. Or default route.
Yep, that's something that has to be considered. Bottom line, why bother with this, when the proper solution is to move to IPv6. On top of this, is the problems caused by all the hacks to get around the shortage. We have NAT which causes problems, so we have STUN servers, so that VoIP and games can work through NAT, etc. If people would put as much effort into moving to IPv6 as is done with creating hacks and work arounds to the IPv4 address shortage, we'd have done the job years ago. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/14/2019 05:53 AM, James Knott wrote:
Bottom line, why bother with this, when the proper solution is to move to IPv6. On top of this, is the problems caused by all the hacks to get around the shortage. We have NAT which causes problems, so we have STUN servers, so that VoIP and games can work through NAT, etc. If people would put as much effort into moving to IPv6 as is done with creating hacks and work arounds to the IPv4 address shortage, we'd have done the job years ago.
Sigh... IPv4 just works. IPv6 does not. You may recall that I tried to get it working here at home a couple of years ago with my Zyxel router. Tried and failed. My problem was (I think) that my ISP was dispensing only /64 addresses. I've got three subnets for which I want to maintain to separation: WiFi and IOT from desktops. This is easy to set up with IPv4, not so with a /64 IPv6 address. But, I do have a new Zyxel now and may be inclined to try it again, not because I have to or to make the Internet a better place, but out of curiosity. Perhaps my ISP is doing better now too? Wolfgang Prediction: IPv4 will never go away. It will co-exist with IPv6 and its successors until the end of time. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 10:45 AM, Lew Wolfgang wrote:
Sigh... IPv4 just works. IPv6 does not.
It certainly does here. As for IPv4, there are many people who are behind carrier grade NAT, which means they can't connect to their own network from elsewhere. That sounds broken to me.
You may recall that I tried to get it working here at home a couple of years ago with my Zyxel router. Tried and failed. My problem was (I think) that my ISP was dispensing only /64 addresses. I've got three subnets for which I want to maintain to separation: WiFi and IOT from desktops. This is easy to set up with IPv4, not so with a /64 IPv6 address.
I don't recall that problem, however there are some ISPs that could use some educating.
But, I do have a new Zyxel now and may be inclined to try it again, not because I have to or to make the Internet a better place, but out of curiosity. Perhaps my ISP is doing better now too?
You need DHCPv6-PD.
Wolfgang Prediction: IPv4 will never go away. It will co-exist with IPv6 and its successors until the end of time.
There's no reason why it should persist on the Internet. Some ISPs are already IPv6 only, with some transition mechanism such as 464XLAT to access IPv4 only web sites. That's what's on my cell phone on Rogers. No doubt there will be IPv4 devices hanging around for years on the local network. However, that's no reason to keep IPv4 going long term on the Internet. Things change and equipment gets discarded, because it can no longer keep up. When was the last time you saw someone talking on an analog cell phone? Any phone that's capable of LTE is capable of IPv6. That's mandatory. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
On 08/14/2019 05:53 AM, James Knott wrote:
Bottom line, why bother with this, when the proper solution is to move to IPv6. On top of this, is the problems caused by all the hacks to get around the shortage. We have NAT which causes problems, so we have STUN servers, so that VoIP and games can work through NAT, etc. If people would put as much effort into moving to IPv6 as is done with creating hacks and work arounds to the IPv4 address shortage, we'd have done the job years ago.
Sigh... IPv4 just works. IPv6 does not.
let's not feed the troll :-) Please take this to the offtopic list. -- Per Jessen, Zürich (22.6°C) member, openSUSE Heroes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 09.03, Per Jessen wrote:
James Knott wrote:
IPv6 has been around for years. Why don't some people get with the program, instead of coming up with hacks to get around the address shortage. Even with this block, there still won't be enough IPv4 addresses just for mobile devices, let alone everything else. The longer people take to move to IPv6, the worse the problem is going to get.
[off-topic] My guess - many of the larger access providers have yet to feel the pain. You have mentioned it yourself, your IPv4 address virtually never changes, versus my example of hosts on a Swiss mobile network changing every other day. The latter suggests a higher contention ratio.
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem. Their official stance is that they are running tests on IPv6. For years they answer the same.
[1] An interesting question might be - how many applications will have a problem with that 0.0.0.0/8 range? Usually all zeros have meant all addresses or no address. Or default route.
Right. Old apps may have a problem. Even my ISP. What was that IP which was used by a new DNS service? Ah, 1.1.1.1. My ISP uses that internally on their home routers, many people can't access it. Clients sued and lost: +++........... With regard to the facts set out above, it is clear that the subject-matter of the present complaint does not focus on an electronic communications service, but on a service which is supported by it, but which is alien to it. RESOLVES Inhibition in the present matter, without prejudice to the right of the interested party to address, if he deems it convenient, before the Organs with competence to solve controversies regulated in the legislation of Consumers and Users. ...........++- So, use now the 0.0.0.0 range? Bad idea. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 10:16 AM, Carlos E. R. wrote:
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem.
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 16.25, James Knott wrote:
On 2019-08-14 10:16 AM, Carlos E. R. wrote:
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem.
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT.
Mine is 10.190.*.*, after disabling the WiFi. Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 10:32 AM, Carlos E.R. wrote:
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT. Mine is 10.190.*.*, after disabling the WiFi.
Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account.
Yet another reason to move to IPv6. I hadn't heard of that one before. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 16.37, James Knott wrote:
On 2019-08-14 10:32 AM, Carlos E.R. wrote:
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT. Mine is 10.190.*.*, after disabling the WiFi.
Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account.
Yet another reason to move to IPv6. I hadn't heard of that one before.
Again, that is not up to me. I don't make that decision. My phone uses what the ISP provides... I don't have a choice in what they do or not. If you google, you will find out that many ISPs do the same: give phones an address in the 10.*.*.* range and use NAT. I can be thankful that my ISP doesn't do it on the home fibre network - because some do. Here, see: <https://en.wikipedia.org/wiki/Carrier-grade_NAT> Carrier-grade NAT (CGN), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network. Carrier-grade NAT has been proposed as an approach for mitigating IPv4 address exhaustion.[1] One use scenario of CGN has been labeled as NAT444,[2] because some customer connections to Internet services on the public Internet would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network and the public Internet. Another CGN scenario is Dual-Stack Lite, in which the carrier's network uses IPv6 and thus only two IPv4 addressing domains are needed. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 10:52 AM, Carlos E.R. wrote:
One use scenario of CGN has been labeled as NAT444,[2] because some customer connections to Internet services on the public Internet would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network and the public Internet.
Hacks on hacks to avoid resolving the problem the proper way. Anyone behind CGN is unable to connect to their home network from elsewhere. This means crippled service. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 17.04, James Knott wrote:
On 2019-08-14 10:52 AM, Carlos E.R. wrote:
One use scenario of CGN has been labeled as NAT444,[2] because some customer connections to Internet services on the public Internet would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network and the public Internet.
Hacks on hacks to avoid resolving the problem the proper way. Anyone behind CGN is unable to connect to their home network from elsewhere. This means crippled service.
Absolutely. Now try to convince them. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Le 14/08/2019 à 16:52, Carlos E.R. a écrit :
If you google, you will find out that many ISPs do the same: give phones an address in the 10.*.*.* range and use NAT.
reading this, I looked at my phone. Without wiki, so on GSM, I get now 10.232.47.xxx (FIA Free, France) If I open the wifi (fiber network), I first get what looks as an IPV6 address (fe80::d204:....), then after some time an IPV4 local address 192.168.0.20 jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 12:10 PM, jdd@dodin.org wrote:
If I open the wifi (fiber network), I first get what looks as an IPV6 address (fe80::d204:....), then after some time an IPV4 local address 192.168.0.20
That fe80 address is link local. That is it's only used on the local network and not the Internet. A global unicast address starts with 2 or 3. https://en.wikipedia.org/wiki/IPv6_address#Address_formats -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 14/08/2019 à 18:20, James Knott a écrit :
On 2019-08-14 12:10 PM, jdd@dodin.org wrote:
If I open the wifi (fiber network), I first get what looks as an IPV6 address (fe80::d204:....), then after some time an IPV4 local address 192.168.0.20
That fe80 address is link local. That is it's only used on the local network and not the Internet. A global unicast address starts with 2 or 3.
yes, I guess, so is the 192... address, but it means the router knows about IPV6 as do the phone jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 18.27, jdd@dodin.org wrote:
Le 14/08/2019 à 18:20, James Knott a écrit :
On 2019-08-14 12:10 PM, jdd@dodin.org wrote:
If I open the wifi (fiber network), I first get what looks as an IPV6 address (fe80::d204:....), then after some time an IPV4 local address 192.168.0.20
That fe80 address is link local. That is it's only used on the local network and not the Internet. A global unicast address starts with 2 or 3.
yes, I guess, so is the 192... address, but it means the router knows about IPV6 as do the phone
That fe80 address you have even if router does not have IPv6. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Le 14/08/2019 à 18:31, Carlos E. R. a écrit :
yes, I guess, so is the 192... address, but it means the router knows about IPV6 as do the phone
That fe80 address you have even if router does not have IPv6.
ah... thanks, but I didn't notice this previously, may be only from last android jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 18.50, jdd@dodin.org wrote:
Le 14/08/2019 à 18:31, Carlos E. R. a écrit :
yes, I guess, so is the 192... address, but it means the router knows about IPV6 as do the phone
That fe80 address you have even if router does not have IPv6.
ah...
thanks, but I didn't notice this previously, may be only from last android
It is created from the MAC address of the device. Look Telcontar:~ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:21:85:16:2d:0b brd ff:ff:ff:ff:ff:ff inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fc00::14/64 scope global valid_lft forever preferred_lft forever inet6 fe80::221:85ff:fe16:2d0b/64 scope link valid_lft forever preferred_lft forever Reorder: mac 00:21:85:16:2d:0b mac 00:21:85: 16:2d:0b inet6 fe80::221:85ff:fe16:2d0b/64 scope link -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 01:09 PM, Carlos E. R. wrote:
It is created from the MAC address of the device.
Usually, but not always. For example, the link local address for my router is fe80::1:1. I could have multiple local networks on it and they will all have that link local address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 19.12, James Knott wrote:
On 2019-08-14 01:09 PM, Carlos E. R. wrote:
It is created from the MAC address of the device.
Usually, but not always. For example, the link local address for my router is fe80::1:1. I could have multiple local networks on it and they will all have that link local address.
Oh. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
James Knott wrote:
On 2019-08-14 01:09 PM, Carlos E. R. wrote:
It is created from the MAC address of the device.
Usually, but not always. For example, the link local address for my router is fe80::1:1.
I would tempted to bet it has both the "regular" fe80::mac:addr and that simple address. That is how we do the routing in the datacentre and the office. -- Per Jessen, Zürich (21.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 01:50 PM, Per Jessen wrote:
Usually, but not always. For example, the link local address for my router is fe80::1:1. I would tempted to bet it has both the "regular" fe80::mac:addr and that simple address. That is how we do the routing in the datacentre and the office.
Ifconfig shows only one: inet6 fe80::1:1%bge0 prefixlen 64 scopeid 0x1 Wireshark shows the same thing, only fe80::1:1 This is with pfSense. Don't forget, the IP address is not what's used to transmit data over the wire. It's simply used to determine the MAC address, which is then used. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-14 01:50 PM, Per Jessen wrote:
Usually, but not always. For example, the link local address for my router is fe80::1:1. I would tempted to bet it has both the "regular" fe80::mac:addr and that simple address. That is how we do the routing in the datacentre and the office.
Ifconfig shows only one: inet6 fe80::1:1%bge0 prefixlen 64 scopeid 0x1
Wireshark shows the same thing, only fe80::1:1
With openSUSE, afaict systems always get the fe80::mac:addr, and then I assign e.g. "fe80::1" as a 2nd address. For e.g. transparant http proxying, we use fe80::28 -- Per Jessen, Zürich (20.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 02:09 PM, Per Jessen wrote:
With openSUSE, afaict systems always get the fe80::mac:addr, and then I assign e.g. "fe80::1" as a 2nd address. For e.g. transparant http proxying, we use fe80::28
That's just adding an alias address, something I was doing with IPv4 on Red Hat years ago. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 14/08/2019 à 19:09, Carlos E. R. a écrit :
On 14/08/2019 18.50, jdd@dodin.org wrote:
thanks, but I didn't notice this previously, may be only from last android
It is created from the MAC address of the device.
I understand that, but I previously looked at this setup and only the IPV4 was displayed, so may be this come with last android update, not so long time ago (it can be that this setup was done but not displayed) thanks jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 01:52 PM, jdd@dodin.org wrote:
I understand that, but I previously looked at this setup and only the IPV4 was displayed, so may be this come with last android update, not so long time ago (it can be that this setup was done but not displayed)
I had IPv6 working on my first Android phone, a Nexus 1, which I bought in 2010. I've had IPv6 on my network since May 2010. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 14/08/2019 à 20:00, James Knott a écrit :
I had IPv6 working on my first Android phone, a Nexus 1, which I bought
how do you test this? My phone is not rooted (moto g5 +), android 8.1.0 may be we should go elsewhere, it's no more openSUSE3 related :-( thanks jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 02:23 PM, jdd@dodin.org wrote:
I had IPv6 working on my first Android phone, a Nexus 1, which I bought
how do you test this?
Phone info (About phone) will list IP addresses. I had IPv6 on my home network, so when I connected to my WiFi, the phone got IPv6 addresses.
it's no more openSUSE3 related
Never was, though it was Linux related. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 14/08/2019 à 20:44, James Knott a écrit :
On 2019-08-14 02:23 PM, jdd@dodin.org wrote:
I had IPv6 working on my first Android phone, a Nexus 1, which I bought
how do you test this?
Phone info (About phone) will list IP addresses. I had IPv6 on my home network, so when I connected to my WiFi, the phone got IPv6 addresses.
I have this, may be the three hex lines are 3 addresses?? only partly related to MAC https://www.cjoint.com/doc/19_08/IHotMcdChjk_Screenshot-20190814-213320.png jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 03:39 PM, jdd@dodin.org wrote:
I have this, may be the three hex lines are 3 addresses??
only partly related to MAC
You have IPv6. The 2 lines related to the MAC address are the link local address and the permanent global address. The other, starting with 2a01, is a privacy address. You get a new one every day and, if you leave the phone on long enough, will have up to 7 of them. The privacy addresses are used for outgoing connections and the permanent one would be the one you point a DNS server to. Your phone may also provide IPv6 to tethered devices, which means the phone has a /64 prefix, in addition to the addresses shown. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 12:27 PM, jdd@dodin.org wrote:
yes, I guess, so is the 192... address, but it means the router knows about IPV6 as do the phone
It means the phone does. There is nothing there about the router. Any device that has IPv6 enabled has a link local address. Now, if you went into the router and saw a similar link local address, then the router would too. It's entirely possible to have an IPv6 enabled router, but if it doesn't have IPv6 on the WAN site, it won't provide a global address to devices behind it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 18.10, jdd@dodin.org wrote:
Le 14/08/2019 à 16:52, Carlos E.R. a écrit :
If you google, you will find out that many ISPs do the same: give phones an address in the 10.*.*.* range and use NAT.
reading this, I looked at my phone.
Without wiki, so on GSM, I get now 10.232.47.xxx (FIA Free, France)
Yep. Thus the mobile service provider doesn't feel the presure to abandon IPv4.
If I open the wifi (fiber network), I first get what looks as an IPV6 address (fe80::d204:....), then after some time an IPV4 local address 192.168.0.20
Yes. The first one is automatic, "generated" by your phone, so it appears instantly. The second one is negotiated with your router, so it takes longer to appear. And the reporting window might not refresh fast enough. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E.R. wrote:
On 14/08/2019 16.25, James Knott wrote:
On 2019-08-14 10:16 AM, Carlos E. R. wrote:
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem.
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT.
Mine is 10.190.*.*, after disabling the WiFi.
Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account.
Surely that is something else? otherwise people would always have trouble when travelling. -- Per Jessen, Zürich (21.3°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 10:54 AM, Per Jessen wrote:
Surely that is something else? otherwise people would always have trouble when travelling.
The only issue I've had while travelling is with my VPN, where the local NAT addresses conflicted with my home network. I moved my home network to the 172.16 range, as I've rarely seen it used elsewhere. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 16.54, Per Jessen wrote:
Carlos E.R. wrote:
On 14/08/2019 16.25, James Knott wrote:
On 2019-08-14 10:16 AM, Carlos E. R. wrote:
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem.
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT.
Mine is 10.190.*.*, after disabling the WiFi.
Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account.
Surely that is something else? otherwise people would always have trouble when travelling.
It is a consequence of ISP grade NAT. I get the external IPv4 address of their CGN gateway, sometimes Barcelona, sometimes Granada. Geolocation based on IP address breaks, so google thinks it is some hacker accessing my account from those cities, and blocks the access. Happens to me almost every time I tether my laptop to my phone. Happens a bit less with OAUTH2, but fetchmail doesn't handle it. Doesn't happen with all my gmail accounts. And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming... Of course the proper way to do is IPv6, but we clients do not decide. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 14/08/2019 16.54, Per Jessen wrote:
Carlos E.R. wrote:
On 14/08/2019 16.25, James Knott wrote:
On 2019-08-14 10:16 AM, Carlos E. R. wrote:
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem.
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT.
Mine is 10.190.*.*, after disabling the WiFi.
Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account.
Surely that is something else? otherwise people would always have trouble when travelling.
It is a consequence of ISP grade NAT. I get the external IPv4 address of their CGN gateway, sometimes Barcelona, sometimes Granada. Geolocation based on IP address breaks, so google thinks it is some hacker accessing my account from those cities, and blocks the access.
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming...
VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth. Gaming also works just fine - ask my son. He even ran his own Minecraft server for a while :-) The vast majority of people are still on private IPv4 addresses, behind a NAT'ing router/firewall. If gaming and VoIP was a real problem, we would have heard about it :-) -- Per Jessen, Zürich (22.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 01:10 PM, Per Jessen wrote:
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
Have you moved that 2000 Km in the time it takes to tether a device?
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming... VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
That's thanks to something called STUN, which is a hack to get around the problems caused by NAT. https://en.wikipedia.org/wiki/STUN -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 19.15, James Knott wrote:
On 2019-08-14 01:10 PM, Per Jessen wrote:
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
Have you moved that 2000 Km in the time it takes to tether a device?
The alert can trigger with normal travel...
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming... VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
That's thanks to something called STUN, which is a hack to get around the problems caused by NAT. https://en.wikipedia.org/wiki/STUN
Yep. Or because he uses IPv6. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 14/08/2019 19.15, James Knott wrote:
On 2019-08-14 01:10 PM, Per Jessen wrote:
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
Have you moved that 2000 Km in the time it takes to tether a device?
The alert can trigger with normal travel...
I assumed so to, I just wanted to point out that the distance was irrelevant.
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming... VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
That's thanks to something called STUN, which is a hack to get around the problems caused by NAT. https://en.wikipedia.org/wiki/STUN
Yep.
Fyi, the Linksys phone also do NAT keep-alive.
Or because he uses IPv6.
It isn't up to me, it is up to the user in the home office. -- Per Jessen, Zürich (21.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 19.10, Per Jessen wrote:
Carlos E. R. wrote:
On 14/08/2019 16.54, Per Jessen wrote:
Carlos E.R. wrote:
On 14/08/2019 16.25, James Knott wrote:
On 2019-08-14 10:16 AM, Carlos E. R. wrote:
My ISP has no problem on phones. They use a 10.*.*.* address. ISP Natting. From their point of view, that is not a problem.
My phone's IPv4 address is 192.0.0.4, which is used for 464XLAT.
Mine is 10.190.*.*, after disabling the WiFi.
Plays havoc when I have to tether my laptop and use gmail with it - google thinks I suddenly moved 800Km north or 300 west abd blocks my account.
Surely that is something else? otherwise people would always have trouble when travelling.
It is a consequence of ISP grade NAT. I get the external IPv4 address of their CGN gateway, sometimes Barcelona, sometimes Granada. Geolocation based on IP address breaks, so google thinks it is some hacker accessing my account from those cities, and blocks the access.
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
With one of my three google accounts, I get it every time I travel. With the other three, occasionally. It is considered a feature. just google "when I travel I get a gmail security alert" One example: <https://www.reddit.com/r/GMail/comments/b7w0vc/how_can_i_avoid_critical_security_alert_when/> +++.................. I use IMAP to access my gmail account (via Thunderbird) and I have the following problem: whenever I connect from a "new" location, gmail blocks my access, and requires me to then log in via the gmail web interface and go into the security page to let it know the connection was by me. I also receive an email that says: "Sign-in attempt was blocked for your linked Google Account - Someone just used your password to try to sign in to your account. Google blocked them, but you should check what happened." I travel often, and every time I connect from a different hotel wifi network this happens, which is very annoying. Is there any way of telling gmail to disable this check? I should be allowed to connect from whatever IP address I want without gmail blocking me every time. ..................++-
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming...
VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
With Carrier Grade NAT? I thought you were using IPv6. If your phone gets a 10.*.*.* address, you are on CGN. I guess you aren't. I am.
Gaming also works just fine - ask my son. He even ran his own Minecraft server for a while :-)
The vast majority of people are still on private IPv4 addresses, behind a NAT'ing router/firewall. If gaming and VoIP was a real problem, we would have heard about it :-)
-- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 14/08/2019 19.10, Per Jessen wrote:
Carlos E. R. wrote:
It is a consequence of ISP grade NAT. I get the external IPv4 address of their CGN gateway, sometimes Barcelona, sometimes Granada. Geolocation based on IP address breaks, so google thinks it is some hacker accessing my account from those cities, and blocks the access.
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
With one of my three google accounts, I get it every time I travel. With the other three, occasionally.
It is considered a feature.
just google "when I travel I get a gmail security alert"
I'll take your word for it, I just don't understand why it isn't a problem for me.
I travel often, and every time I connect from a different hotel wifi network this happens, which is very annoying. Is there any way of telling gmail to disable this check? I should be allowed to connect from whatever IP address I want without gmail blocking me every time.
Maybe I have unchecked the right box, but I don't use gmail very much. I get occasional warning when I have logged in on a new device.
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming...
VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
With Carrier Grade NAT? I thought you were using IPv6.
With plain/local NAT - what I'm (main office) running is irrelevant. I don't immediately see that carrier-grade NAT (clients on private addresses) should be any issue, but I don't think I have had any opportunity to test, so maybe.
If your phone gets a 10.*.*.* address, you are on CGN. I guess you aren't. I am.
It doesn't matter what I am on. It matters what the clients are on. -- Per Jessen, Zürich (21.7°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 19.45, Per Jessen wrote:
Carlos E. R. wrote:
On 14/08/2019 19.10, Per Jessen wrote:
Carlos E. R. wrote:
It is a consequence of ISP grade NAT. I get the external IPv4 address of their CGN gateway, sometimes Barcelona, sometimes Granada. Geolocation based on IP address breaks, so google thinks it is some hacker accessing my account from those cities, and blocks the access.
I have travelled to 4 different countries, 2000km apart, since beginning of the year, never had that problem, whether on a local wifi or occasionally with data roaming.
With one of my three google accounts, I get it every time I travel. With the other three, occasionally.
It is considered a feature.
just google "when I travel I get a gmail security alert"
I'll take your word for it, I just don't understand why it isn't a problem for me.
I travel often, and every time I connect from a different hotel wifi network this happens, which is very annoying. Is there any way of telling gmail to disable this check? I should be allowed to connect from whatever IP address I want without gmail blocking me every time.
Maybe I have unchecked the right box, but I don't use gmail very much. I get occasional warning when I have logged in on a new device.
You must have. I have three accounts and one of them (the one I use some times here) nags me almost every time I connect via phone. Or when I go to another city, or Canada... And despite having three accounts, I don't know which is the proper setting that makes the difference, or what was the question they asked which I gave the "incorrect" answer.
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming...
VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
With Carrier Grade NAT? I thought you were using IPv6.
With plain/local NAT - what I'm (main office) running is irrelevant. I don't immediately see that carrier-grade NAT (clients on private addresses) should be any issue, but I don't think I have had any opportunity to test, so maybe.
It is an issue. It is a NAT you do not control, so you can not punch a hole in the router/gateway. And it is connected to another NAT at the user. Sometimes even two CGNs upstream, making three to traverse. For example, on my router I configure that when a connection comes to port 22, it gets redirected to a certain computer in the LAN. You can not do that with CGN.
If your phone gets a 10.*.*.* address, you are on CGN. I guess you aren't. I am.
It doesn't matter what I am on. It matters what the clients are on.
I thought you said you have not personally experienced it, not that you were talking about your clients. Well, it depends what their provider does on their phones, because CGN happens mostly on phones. Actually, I suspect that either the fibre TV or the VoIP transparent phone service uses a 10.*.*.* at my home, besides having a real IPv4 internet address. Either an VPN or a second address. I don't know for sure. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 04:56 PM, Carlos E. R. wrote:
Well, it depends what their provider does on their phones, because CGN happens mostly on phones.
It also happens with some home and business connections. For example, if you're using the cell network routers, you will also likely get CGN. Also, there used to be a Canadian ISP that used short haul microwave links (not cell) to provide connections. They were also CGN. My understanding is that even some wired ISPs use it. If someone were to start an ISP today, in much of the world, they would not be able to get much of an IPv4 address block, if any. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 23.43, James Knott wrote:
On 2019-08-14 04:56 PM, Carlos E. R. wrote:
Well, it depends what their provider does on their phones, because CGN happens mostly on phones.
It also happens with some home and business connections. For example, if you're using the cell network routers, you will also likely get CGN. Also, there used to be a Canadian ISP that used short haul microwave links (not cell) to provide connections. They were also CGN. My understanding is that even some wired ISPs use it. If someone were to start an ISP today, in much of the world, they would not be able to get much of an IPv4 address block, if any.
Right. Any such has to use CGN or IPv6. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
James Knott wrote:
If someone were to start an ISP today, in much of the world, they would not be able to get much of an IPv4 address block, if any.
Since 2012, RIPE policy has been a single one-time /22 allocation for new LIRs. In 2011, RIPE received the last /8, which was exhausted in April of last year. Since then, recovered IP addresses have been added to the pool of available addresses, currently about nine million. The most recent projections estimate that to last about two years. https://labs.ripe.net/Members/wilhelm/so-long-last-8-and-thanks-for-all-the-... -- Per Jessen, Zürich (18.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-15 03:28 AM, Per Jessen wrote:
Since 2012, RIPE policy has been a single one-time /22 allocation for new LIRs. In 2011, RIPE received the last /8, which was exhausted in April of last year. Since then, recovered IP addresses have been added to the pool of available addresses, currently about nine million. The most recent projections estimate that to last about two years.
A /22 is only 1024 addresses. That wouldn't allow for a lot of customers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-15 03:28 AM, Per Jessen wrote:
Since 2012, RIPE policy has been a single one-time /22 allocation for new LIRs. In 2011, RIPE received the last /8, which was exhausted in April of last year. Since then, recovered IP addresses have been added to the pool of available addresses, currently about nine million. The most recent projections estimate that to last about two years.
A /22 is only 1024 addresses. That wouldn't allow for a lot of customers.
Well, about a thousand :-) If you need more addresses, the going rate is usd15-20 apiece. -- Per Jessen, Zürich (20.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-15 07:39 AM, Per Jessen wrote:
A /22 is only 1024 addresses. That wouldn't allow for a lot of customers. Well, about a thousand :-) If you need more addresses, the going rate is usd15-20 apiece.
A big problem with this is fragmentation of the address space, which in turn causes growth in the routing tables. A few years back, there was a problem with routers failing to be able to handle all the routes. When you sell bits and pieces, without considering where they fit in the routes, you will have more routes for the routers to handle. In fact, in Europe, several years ago, they aggregated the address space to avoid this. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I've been ignoring this, but feel compelled to comment on this bit
A big problem with this is fragmentation of the address space, which in turn causes growth in the routing tables.
This has been going on since the dawn of the public internet. At one point, a very long time ago, the entire routing table could fit on the memory of a Cisco 1400. The fix is trivial, more memory. Every couple of years the table grows larger then the lowest end routers that could handle this before. Not to say fragmentation is no issue. But it's a general issue, not particular to the shortage of IP addresses. -- __________________________________________________________________________ Josef Fortier Systems Administrator fortier@augsburg.edu Phone: 612-330-1479 __________________________________________________________________________ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-15 09:22 AM, Josef Fortier wrote:
But it's a general issue, not particular to the shortage of IP addresses.
I never said it was, but the reselling of addresses may cause the fragmentation, if the new owner is in a completely different area from where it was originally used. Routing works on longest match. So, if most of an address block is in, for example, Canada and a bit of it is sold to someone in Europe, then all the routers will need a route for that bit, in addition to the original block. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 14/08/2019 19.45, Per Jessen wrote:
Carlos E. R. wrote:
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming...
VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
With Carrier Grade NAT? I thought you were using IPv6.
With plain/local NAT - what I'm (main office) running is irrelevant. I don't immediately see that carrier-grade NAT (clients on private addresses) should be any issue, but I don't think I have had any opportunity to test, so maybe.
It is an issue. It is a NAT you do not control, so you can not punch a hole in the router/gateway.
My experience contradicts that. Over the years, I have handed out Linksys SPA921 VoIP telephones to four different employees, to use when working from home. There was never any need to "control" a NAT or punch a hole anywhere. The telephone device does that for you. The phone is configured for plain DHCP, so it will automatically get an address on the employee home network. It is configured to contact a tftp server to retrieve the initial config, for instance "sip123.example.com". And that's it - the telephone is now connected to our Asterisk, can be dialled internally and make internal and external calls. Note - no fiddling with anyoe's router or NAT or firewall or whatever. The NAT is done with keep-alive traffic or with a STUN server, I don't think one works better than the other. As I mentioned, I am not aware of any of my installations having been behind a CGN, but I fail to see the significance. Basically, if you can browse a website from behind layers of NAT and CGN, the VoIP telephone will also work. You can even try it yourself - I'll be happy to set up a SIP account for you, and you can use a softphone.
If your phone gets a 10.*.*.* address, you are on CGN. I guess you aren't. I am.
It doesn't matter what I am on. It matters what the clients are on.
I thought you said you have not personally experienced it, not that you were talking about your clients. Well, it depends what their provider does on their phones, because CGN happens mostly on phones.
Maybe I was not being very clear. See above. -- Per Jessen, Zürich (17.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 09.17, Per Jessen wrote:
Carlos E. R. wrote:
On 14/08/2019 19.45, Per Jessen wrote:
Carlos E. R. wrote:
And of course, getting a 10... address means people can not connect to me. VoIp might not be possible, I have not tried. Gaming...
VoIP works just fine. I have had people in home office with Linksys SPA phones hooked up to our Asterisk, since 2008 or 2009. Works very well, even back in the days with limited bandwidth.
With Carrier Grade NAT? I thought you were using IPv6.
With plain/local NAT - what I'm (main office) running is irrelevant. I don't immediately see that carrier-grade NAT (clients on private addresses) should be any issue, but I don't think I have had any opportunity to test, so maybe.
It is an issue. It is a NAT you do not control, so you can not punch a hole in the router/gateway.
My experience contradicts that. Over the years, I have handed out Linksys SPA921 VoIP telephones to four different employees, to use when working from home. There was never any need to "control" a NAT or punch a hole anywhere. The telephone device does that for you.
You probably have a STUN server somewhere.
The phone is configured for plain DHCP, so it will automatically get an address on the employee home network. It is configured to contact a tftp server to retrieve the initial config, for instance "sip123.example.com". And that's it - the telephone is now connected to our Asterisk, can be dialled internally and make internal and external calls. Note - no fiddling with anyoe's router or NAT or firewall or whatever.
The NAT is done with keep-alive traffic or with a STUN server, I don't think one works better than the other.
See? I knew you had a stun server.
As I mentioned, I am not aware of any of my installations having been behind a CGN, but I fail to see the significance. Basically, if you can browse a website from behind layers of NAT and CGN, the VoIP telephone will also work.
I think you need another stun server in that network. I'm not sure.
You can even try it yourself - I'll be happy to set up a SIP account for you, and you can use a softphone.
:-) Thanks, maybe some time. :-) What I'd like to setup is reach directly the existing but hidden VoIp of my provider. I know people do it. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-15 03:17 AM, Per Jessen wrote:
The NAT is done with keep-alive traffic or with a STUN server, I don't think one works better than the other. As I mentioned, I am not aware of any of my installations having been behind a CGN, but I fail to see the significance. Basically, if you can browse a website from behind layers of NAT and CGN, the VoIP telephone will also work.
The problem is that VoIP is supposed to work directly end to end. NAT breaks that. So, first off, the firewall NAT has to be configured to pass the incoming UDP packets to the phone. Then, STUN has to be used, as the address contained in the UDP packets is for the phone, not the firewall. Since that's going to be an RFC1918 address, it can't be used. Instead a STUN server is used to provide the actual public firewall address. This is a hack to get around NAT. Now with CGN, you cannot configure the NAT to provide the appropriate address to get to the phone, which is on the other side of another NAT. On top of that, you'd need another layer of STUN and I don't know that's supported. All in all, NAT is a hack that causes problems and the sooner we get away from it the better. The way to get away from it is IPv6. Another thing NAT breaks is Authentication Headers, in IPSec. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-15 03:17 AM, Per Jessen wrote:
The NAT is done with keep-alive traffic or with a STUN server, I don't think one works better than the other. As I mentioned, I am not aware of any of my installations having been behind a CGN, but I fail to see the significance. Basically, if you can browse a website from behind layers of NAT and CGN, the VoIP telephone will also work.
The problem is that VoIP is supposed to work directly end to end. NAT breaks that.
In my experience, that is a theorical problerm. In practice, the problem has been solved. It works. In my case for at least 10 years.
So, first off, the firewall NAT has to be configured to pass the incoming UDP packets to the phone. Then, STUN has to be used, as the address contained in the UDP packets is for the phone, not the firewall. Since that's going to be an RFC1918 address, it can't be used. Instead a STUN server is used to provide the actual public firewall address. This is a hack to get around NAT. Now with CGN, you cannot configure the NAT to provide the appropriate address to get to the phone, which is on the other side of another NAT. On top of that, you'd need another layer of STUN and I don't know that's supported.
James, in what I describe, never once didn't anyone touch the router config, NAT'ing, firewall nor anything else. That would have been far too involved, likely would have required sending someone out to do it. Anyway, we're already way off-topic again. -- Per Jessen, Zürich (18.6°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 13/08/2019 23.22, James Knott wrote:
IPv6 has been around for years. Why don't some people get with the program, instead of coming up with hacks to get around the address shortage. Even with this block, there still won't be enough IPv4 addresses just for mobile devices, let alone everything else. The longer people take to move to IPv6,
Providers, not people. Don't blame us, blame the internet suppliers.
the worse the problem is going to get. By comparison, on IPv6, the smallest address block, /64 provides as many addresses as the entire IPv4 address space squared. I get 256 of those /64s from my ISP. Some ISPs provide 65K of them to each customer. Why are we wasting our time trying to squeeze more life out of something that should have been retired years ago? Incidentally, this block represents less than 0.4% of the IPv4 address space. Will it really make a difference?
https://www.technotification.com/2019/08/linux-kernel-allows-0-0-0-0-8-as-a-...
-- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 10:06 AM, Carlos E. R. wrote:
Providers, not people. Don't blame us, blame the internet suppliers.
Mine's been providing it for at least 3.5 years natively and for a few years prior, through 6to4 and 6rd tunnels. They also own the cell network I'm on and it's also IPv6 entirely. My phone has to use something called 464XLAT for IPv4 only sites. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/08/2019 16.12, James Knott wrote:
On 2019-08-14 10:06 AM, Carlos E. R. wrote:
Providers, not people. Don't blame us, blame the internet suppliers.
Mine's been providing it for at least 3.5 years natively and for a few years prior, through 6to4 and 6rd tunnels. They also own the cell network I'm on and it's also IPv6 entirely. My phone has to use something called 464XLAT for IPv4 only sites.
You are fortunate. I'm not. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
participants (8)
-
Carlos E. R. -
Carlos E.R. -
Darryl Gregorash -
James Knott -
jdd@dodin.org -
Josef Fortier -
Lew Wolfgang -
Per Jessen