Some of you may have noticed me talking about IPv6 lately. IPv6 is coming and is necessary, as IPv4 addresses are estimated to reach exhaustion within a year. Everyone, particularly those managing web sites or business networks, should be making plans to support IPv6 ASAP. I realize that many ISPs do not yet support IPv6, so some method, such as using a tunnel broker, is required while waiting for ISPs to get up to date. I use gogoNET http://gogonet.gogo6.com. Another is Hurricane Electric http://he.net and there are others. In the mean time, call your ISP and ask about when IPv6 will be available. Then ask them why they're behind the times. ;-) Some hosting sites have IPv6 available, so all you'd have to do is use it. DNS servers will require AAAA record support, but BIND has supported that for several years. Here's a link to an article about moving to IPv6, with some more links to other articles. http://www.itworldcanada.com/news/ipv6/141456 BTW, for some reason, Seamonkey, on either Linux or Windows, does not like this site. Firefox and IE work fine. On my own network, I use OpenSUSE 11.0 (soon to be updated) on an old computer for my firewall. I use the tunnel to get a subnet with 2^72 addresses and all computers on my network, including my smart phone, get an IPv6 address automagically. When I'm away from home, I use the client to get a single IPv6 address on my ThinkPad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 08 September 2010 20:26:42 James Knott wrote:
Some of you may have noticed me talking about IPv6 lately. IPv6 is coming and is necessary, as IPv4 addresses are estimated to reach exhaustion within a year. Everyone, particularly those managing web sites or business networks, should be making plans to support IPv6 ASAP. I realize that many ISPs do not yet support IPv6, so some method, such as using a tunnel broker, is required while waiting for ISPs to get up to date. I use gogoNET http://gogonet.gogo6.com. Another is Hurricane Electric http://he.net and there are others. In the mean time, call your ISP and ask about when IPv6 will be available.
They say not in plans. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
They say not in plans.
That's a common problem. We'll soon reach the point where IPv4 addresses are no longer available to ISPs and sometime after that to new customers. In the mean time, there's no reason why people can't get ready now, even if they have to use a tunnel to get IPv6. As I mentioned, I use gogoNET. They have a client available for Linux, Windows, Unix, Mac etc. (versions other than Windows have to be compiled) that can be configured for either a single address or a subnet. It's easy to set up and get going on IPv6 with it. The other provider I mention may be better for use with routers that support 6in4 tunnels, but can certainly be used with a Linux box. If ISPs don't provide IPv6, then they'll be forced to use NAT, as some already do. As has been shown, that breaks some protocols and also makes it difficult for people to reach their own networks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 08 September 2010 21:12:17 James Knott wrote:
Ilya Chernykh wrote:
They say not in plans.
That's a common problem. We'll soon reach the point where IPv4 addresses are no longer available to ISPs and sometime after that to new customers.
My provider used dynamic IPs and also NAT to mitigate this problem. Using NAT there is virtully no problem with IP address shortage (NAT technology limits some network activities, but this does not concern the provider as there is plenty of users who are willing to pay for NAT access, some even ask to change their PPTP or PPPoE to NAT, erroneously confusing it with IPoE)
In the mean time, there's no reason why people can't get ready now, even if they have to use a tunnel to get IPv6.
As I mentioned, I use gogoNET. They have a client available for Linux, Windows, Unix, Mac etc. (versions other than Windows have to be compiled) that can be configured for either a single address or a subnet. It's easy to set up and get going on IPv6 with it.
I have tried but it seems not to work for me.
The other provider I mention may be better for use with routers that support 6in4 tunnels, but can certainly be used with a Linux box.
If ISPs don't provide IPv6, then they'll be forced to use NAT, as some already do. As has been shown, that breaks some protocols and also makes it difficult for people to reach their own networks.
This is a concern of users, not providers, so the providers are comfortable with NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Wednesday 08 September 2010 21:12:17 James Knott wrote:
Ilya Chernykh wrote:
They say not in plans.
That's a common problem. We'll soon reach the point where IPv4 addresses are no longer available to ISPs and sometime after that to new customers.
My provider used dynamic IPs and also NAT to mitigate this problem. Using NAT there is virtully no problem with IP address shortage (NAT technology limits some network activities, but this does not concern the provider as there is plenty of users who are willing to pay for NAT access, some even ask to change their PPTP or PPPoE to NAT, erroneously confusing it with IPoE)
NAT has limitations and dynamic IPs only delay the problem as your ISP will eventually reach the point where there are not enough addresses for everyone who wants to use the internet.
In the mean time, there's no reason why people can't get ready now, even if they have to use a tunnel to get IPv6.
As I mentioned, I use gogoNET. They have a client available for Linux, Windows, Unix, Mac etc. (versions other than Windows have to be compiled) that can be configured for either a single address or a subnet. It's easy to set up and get going on IPv6 with it.
I have tried but it seems not to work for me.
Have you used gogoNET? I found it easy to set up. From what I've seen, he.net is also fairly simple.
The other provider I mention may be better for use with routers that support 6in4 tunnels, but can certainly be used with a Linux box.
If ISPs don't provide IPv6, then they'll be forced to use NAT, as some already do. As has been shown, that breaks some protocols and also makes it difficult for people to reach their own networks.
This is a concern of users, not providers, so the providers are comfortable with NAT.
It will concern the providers when the customers start complaining and leaving. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010 01:06:31 James Knott wrote:
They say not in plans.
That's a common problem. We'll soon reach the point where IPv4 addresses are no longer available to ISPs and sometime after that to new customers.
My provider used dynamic IPs and also NAT to mitigate this problem. Using NAT there is virtully no problem with IP address shortage (NAT technology limits some network activities, but this does not concern the provider as there is plenty of users who are willing to pay for NAT access, some even ask to change their PPTP or PPPoE to NAT, erroneously confusing it with IPoE)
NAT has limitations and dynamic IPs only delay the problem as your ISP will eventually reach the point where there are not enough addresses for everyone who wants to use the internet.
My impression is they have hundreds of thousands if not millions of addresses much exceeding their user base. Not to say still most of their clients get real (dynamic) IPs so they have reserve to transfer all to NAT. They also make business by selling static real IPs to their users.
In the mean time, there's no reason why people can't get ready now, even if they have to use a tunnel to get IPv6.
As I mentioned, I use gogoNET. They have a client available for Linux, Windows, Unix, Mac etc. (versions other than Windows have to be compiled) that can be configured for either a single address or a subnet. It's easy to set up and get going on IPv6 with it.
I have tried but it seems not to work for me.
Have you used gogoNET? I found it easy to set up. From what I've seen, he.net is also fairly simple.
My impression last time I tried was the service is abandoned. I could not register and also could not find an up-to-date client.
This is a concern of users, not providers, so the providers are comfortable with NAT.
It will concern the providers when the customers start complaining and leaving.
Leaving for what? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
My provider used dynamic IPs and also NAT to mitigate this problem. Using NAT there is virtully no problem with IP address shortage (NAT technology limits some network activities, but this does not concern the provider as there is plenty of users who are willing to pay for NAT access, some even ask to change their PPTP or PPPoE to NAT, erroneously confusing it with IPoE)
NAT has limitations and dynamic IPs only delay the problem as your ISP will eventually reach the point where there are not enough addresses for everyone who wants to use the internet.
My impression is they have hundreds of thousands if not millions of addresses much exceeding their user base. Not to say still most of their clients get real (dynamic) IPs so they have reserve to transfer all to NAT.
This is the crux of the matter - ISPs need to dish out IP-addresses. If they can't get them or can't get enough, they'll try (to find) other ways - NAT for instance. Only once they've exhausted both options, will IPv6 become a real option. For a small ISP, incompetent or not, that could still be quite a while. -- Per Jessen, Zürich (14.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010 01:43:25 Per Jessen wrote:
Ilya Chernykh wrote:
My provider used dynamic IPs and also NAT to mitigate this problem. Using NAT there is virtully no problem with IP address shortage (NAT technology limits some network activities, but this does not concern the provider as there is plenty of users who are willing to pay for NAT access, some even ask to change their PPTP or PPPoE to NAT, erroneously confusing it with IPoE)
NAT has limitations and dynamic IPs only delay the problem as your ISP will eventually reach the point where there are not enough addresses for everyone who wants to use the internet.
My impression is they have hundreds of thousands if not millions of addresses much exceeding their user base. Not to say still most of their clients get real (dynamic) IPs so they have reserve to transfer all to NAT.
This is the crux of the matter - ISPs need to dish out IP-addresses. If they can't get them or can't get enough, they'll try (to find) other ways - NAT for instance. Only once they've exhausted both options, will IPv6 become a real option. For a small ISP, incompetent or not, that could still be quite a while.
They have, for example, all of 79.111.*.*, 46.73.*.*, 95.220.*.*, 95.221.*.* and many others. This makes up for hundreds of thousands of IPs. The shortage may be exists for somebody but not for them. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010 01:43:25 Per Jessen wrote: Just to calculate. Only from those ranges I know they have, the number sums up at least to 262136 addresses. In a city of 12 million I doubt they can have more than 500000 clients, considering there are equal (if not larger) providers in the city and many smaller. Of note also that they did not connect even 50% of districts yet. They of course do not need to provide with an unique IP all of their clients, just those who are online at the moment thanks to dynamic IP. They already have NAT in some districts and can force others to NAT also. So unless the city expands 100-fold, they will not experience IP shortage, even if any inhabitant connects to Internet his mobile phone, vacuum cleaner, dog, watch etc :-). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Thursday 09 September 2010 01:43:25 Per Jessen wrote:
Just to calculate.
Only from those ranges I know they have, the number sums up at least to 262136 addresses.
In a city of 12 million I doubt they can have more than 500000 clients, considering there are equal (if not larger) providers in the city and many smaller. Of note also that they did not connect even 50% of districts yet.
They of course do not need to provide with an unique IP all of their clients, just those who are online at the moment thanks to dynamic IP. They already have NAT in some districts and can force others to NAT also.
So unless the city expands 100-fold, they will not experience IP shortage, even if any inhabitant connects to Internet his mobile phone, vacuum cleaner, dog, watch etc :-).
They will have to provide a unique port & address pair for each IP connection, so if you've got 10 web pages open, that's 10 pairs for you right there. Also ports under 1024 are not available for this purpose as they have to remain available as "target" ports. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
This is the crux of the matter - ISPs need to dish out IP-addresses. If they can't get them or can't get enough, they'll try (to find) other ways - NAT for instance. Only once they've exhausted both options, will IPv6 become a real option. For a small ISP, incompetent or not, that could still be quite a while. And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time, alternatives such as tunnel brokers and 6in4 tunnelling exist to get
Per Jessen wrote: things going. It's even easier for servers. If IPv6 is not available at the server location, just connect to a tunnel broker and get an IPv6 address for that computer. BTW, one thing IPv6 supports is something called "depreciated addresses". As an example of how this might be used is when someone initially uses a tunnel broker to get an IPv6 address. Then, when IPv6 is finally available from their ISP (hopefully before the sun goes supernova <g>), they simply change their DNS and leave both addresses up for a while and then, at some point later, disconnect from the tunnel broker. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
This is the crux of the matter - ISPs need to dish out IP-addresses. If they can't get them or can't get enough, they'll try (to find) other ways - NAT for instance. Only once they've exhausted both options, will IPv6 become a real option. For a small ISP, incompetent or not, that could still be quite a while.
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ... -- Per Jessen, Zürich (13.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4.
ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ...
While I can't speak about individual modems, PPPoE does support IPv6 (and a lot more). I'm in a similar position with my cable modem. It runs DOCSIS 2, which requires an update to run IPv6 (the current DOCSIS 2 specs have been updated to include IPv6). DOCSIS 3 already supports it. So, if my ISP provides IPv6 and the modem can't be updated, then I'd have to buy a new modem or use a tunnel to my ISP. One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 18:06, James Knott wrote:
One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind.
I have seen, with oS 11.3, many people complaining of "slow internet", and the reply is always "disable ipv6". Thus, it is "obvious" that support for ipv6 is broken and/or incomplete in current openSUSE >:-) -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
On 2010-09-09 18:06, James Knott wrote:
One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind.
I have seen, with oS 11.3, many people complaining of "slow internet", and the reply is always "disable ipv6".
Thus, it is "obvious" that support for ipv6 is broken and/or incomplete in current openSUSE>:-)
I have seen those messages too and I wonder why. I have never had the need to disable IPv6 because of that. Perhaps it's an issue with the DNS server they're using. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/11/2010 04:50 AM, James Knott wrote:
Carlos E. R. wrote:
On 2010-09-09 18:06, James Knott wrote:
One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind. I have seen, with oS 11.3, many people complaining of "slow internet", and the reply is always "disable ipv6".
Thus, it is "obvious" that support for ipv6 is broken and/or incomplete in current openSUSE>:-)
I have seen those messages too and I wonder why. I have never had the need to disable IPv6 because of that. Perhaps it's an issue with the DNS server they're using.
I think the slowness is due to DNS timeouts where support for IPv6 is incomplete. You can also disable IPv6 in Firefox to speed up lookups: <http://soniahamilton.wordpress.com/2009/01/09/speed-up-firefox-on-linux-disable-ipv6-lookups/> There can be other problems when doing large-scale IPv6 deployments. I helped with the deployment of IPv6 on a network of approximately 18,000 hosts. The customer has been working on this, literally, for years and has only recently achieved enablement rates above 95%. NAT is forbidden on this network by policy, so that wasn't an issue. Linux/UNIX hosts weren't a problem, except for very old distributions. The lion's share of hosts were Windows XP boxes, older Windows systems were disallowed by policy and active registration filtering. Enabling XP required a number of command-line config changes that didn't always work reliably. For example, if a user had Symantec Endpoint Protection installed, IPv6 packets would be dropped on the floor. Another more insidious problem was the case where Win-XP was running on a dual-homed box (two or more Ethernet interfaces). Windows, always wanting to be helpful, assumed that if it is running on a dual-homed box that it should be a router. It would then advertise itself as a 6-to-4 router under IPv6 and would siphon away IPv6 packets on it's subnet and dump them on its inside interface. This was BAD and caused no end of heartbreak until we figured out what was going on. The IDS guy figured out how to remotely sense when this condition happened and have automated email sent to the right people to fix the problem. Bottom line: There WILL be issues when converting even a small mixed home NAT network to IPv6. These issues can be subtle indeed, way above what an average home user can handle. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/11/2010 11:19 AM, Lew Wolfgang wrote:
On 09/11/2010 04:50 AM, James Knott wrote:
Carlos E. R. wrote:
On 2010-09-09 18:06, James Knott wrote:
One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind. I have seen, with oS 11.3, many people complaining of "slow internet", and the reply is always "disable ipv6".
Thus, it is "obvious" that support for ipv6 is broken and/or incomplete in current openSUSE>:-)
I have seen those messages too and I wonder why. I have never had the need to disable IPv6 because of that. Perhaps it's an issue with the DNS server they're using.
I think the slowness is due to DNS timeouts where support for IPv6 is incomplete. You can also disable IPv6 in Firefox to speed up lookups:
<http://soniahamilton.wordpress.com/2009/01/09/speed-up-firefox-on-linux-disable-ipv6-lookups/>
There can be other problems when doing large-scale IPv6 deployments. I helped with the deployment of IPv6 on a network of approximately 18,000 hosts. The customer has been working on this, literally, for years and has only recently achieved enablement rates above 95%. NAT is forbidden on this network by policy, so that wasn't an issue.
Linux/UNIX hosts weren't a problem, except for very old distributions. The lion's share of hosts were Windows XP boxes, older Windows systems were disallowed by policy and active registration filtering. Enabling XP required a number of command-line config changes that didn't always work reliably. For example, if a user had Symantec Endpoint Protection installed, IPv6 packets would be dropped on the floor.
Another more insidious problem was the case where Win-XP was running on a dual-homed box (two or more Ethernet interfaces). Windows, always wanting to be helpful, assumed that if it is running on a dual-homed box that it should be a router. It would then advertise itself as a 6-to-4 router under IPv6 and would siphon away IPv6 packets on it's subnet and dump them on its inside interface. This was BAD and caused no end of heartbreak until we figured out what was going on. The IDS guy figured out how to remotely sense when this condition happened and have automated email sent to the right people to fix the problem.
Bottom line: There WILL be issues when converting even a small mixed home NAT network to IPv6. These issues can be subtle indeed, way above what an average home user can handle.
Regards, Lew
This is the reason I read threads like this. Thanks. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 September 2010 15:46:25 Carlos E. R. wrote:
One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind.
I have seen, with oS 11.3, many people complaining of "slow internet", and the reply is always "disable ipv6".
Thus, it is "obvious" that support for ipv6 is broken and/or incomplete in current openSUSE >:-)
My provider recommends to disable IPv6 on Windows either as IPv6 creates lags in browsers and network flooding. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
My provider recommends to disable IPv6 on Windows either as IPv6 creates lags in browsers and network flooding.
I can understand the lags caused by DNS issues, but flooding? How does that happen? If someone is running IPv6 on their network and uses a tunnel to get IPv6 access, then the ISP's network would never see an IPv6 packet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 21:42, James Knott wrote:
Ilya Chernykh wrote:
My provider recommends to disable IPv6 on Windows either as IPv6 creates lags in browsers and network flooding.
I can understand the lags caused by DNS issues, but flooding? How does that happen? If someone is running IPv6 on their network and uses a tunnel to get IPv6 access, then the ISP's network would never see an IPv6 packet.
Larger routing tables overflowing routers, perhaps. I read about this in a report, from the IEEE if I recall correctly. Or a side effect of some sort. Discovery broadcasts?? -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Sat, 2010-09-11 at 13:46 +0200, Carlos E. R. wrote:
On 2010-09-09 18:06, James Knott wrote:
One thing I see in this thread, is people saying that since IPv6 isn't yet supported by everything, we shouldn't use it at all. If everyone did that, then we'll never be able to use it. IPv6 is available and usable now. The more it gets used, the more the laggards will have to provide support or be left behind.
I have seen, with oS 11.3, many people complaining of "slow internet", and the reply is always "disable ipv6".
Thus, it is "obvious" that support for ipv6 is broken and/or incomplete in current openSUSE >:-)
In some cases it is that people somehow got a v6-global address, but no routing (or wrong routing), hence firefox & co firt try to use an v6-connection, but has to wait for the time-out before trying on v4. Indeed in those case will disabling v6 alltogether speed things up, though it is certainly not the best way, imho ... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 08:56, Per Jessen wrote:
James Knott wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ...
That's the crux. And those modems are often supplied by the ISP, so the cost would be on them. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
On 2010-09-09 08:56, Per Jessen wrote:
James Knott wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ...
That's the crux. And those modems are often supplied by the ISP, so the cost would be on them.
In Switzerland the modem is paid for by the customer, but either way there's an extra cost. -- Per Jessen, Zürich (20.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/11/2010 09:07 AM:
Carlos E. R. wrote:
On 2010-09-09 08:56, Per Jessen wrote:
James Knott wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ...
That's the crux. And those modems are often supplied by the ISP, so the cost would be on them.
In Switzerland the modem is paid for by the customer, but either way there's an extra cost.
Please note: "supplied by" and "paid for by" are not the same thing. My cable provider supplies a modem. I pay for that. I can pay a monthly fee or buy it from them. There are lots of cheaper cable modems, but they refuse to support them and threaten to discontinue service if I use them. As it stands, they only support connections from PCs and MACs. That I have a firewall and that I use Linux means they won't support me when I have problems. This seems to be typical of consumer grade support from the major providers. Their official stance and what happens in reality are different, though. Many of support people are network geeks or other techie variants and use Linux at home and can be quite reasonable and break-out of the "script". But the modem is paid for by the customer. One way or another. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 15:33, Anton Aylward wrote:
Per Jessen said the following on 09/11/2010 09:07 AM:
Carlos E. R. wrote:
That's the crux. And those modems are often supplied by the ISP, so the cost would be on them.
In Switzerland the modem is paid for by the customer, but either way there's an extra cost.
Please note:
"supplied by" and "paid for by" are not the same thing.
I know.
Their official stance and what happens in reality are different, though. Many of support people are network geeks or other techie variants and use Linux at home and can be quite reasonable and break-out of the "script".
Yes, I know. Only that reaching them is difficult, we usually can only access the "flower pots" folk. (I have worked as a flower pot myself, no denigration intended)
But the modem is paid for by the customer. One way or another.
Yes. But I think is that, if the provider "changes the setup" in such a way that makes the current router (that they supply) to not work, like changing to IPV6, the onus would be on them to replace the router, as it would be their "fault". If I had bought the router in the market, it would be on me. Similar issue as if the home voltage is changed from 127 to 230. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Saturday 11 September 2010 17:07:53 Per Jessen wrote:
Carlos E. R. wrote:
On 2010-09-09 08:56, Per Jessen wrote:
James Knott wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ...
That's the crux. And those modems are often supplied by the ISP, so the cost would be on them.
In Switzerland the modem is paid for by the customer, but either way there's an extra cost.
I have no modem here. I think most people who use Internet in this city have no modems, I just have a socket for Ethernet cable on the wall, so no additional costs for me for transition to IPv6. It is just provider who does not want IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Saturday 11 September 2010 17:07:53 Per Jessen wrote:
Carlos E. R. wrote:
On 2010-09-09 08:56, Per Jessen wrote:
James Knott wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time,
The thing is - their customers will have to as well. Ye olde Zyxel ADSL router doesn't do IPv6 (but it does the rest of the internet very well). New customers would have to pay extra to get a box that does IPv6 - it's a steep path, so as long as an ISP is not actually running out of addresses, well ...
That's the crux. And those modems are often supplied by the ISP, so the cost would be on them.
In Switzerland the modem is paid for by the customer, but either way there's an extra cost.
I have no modem here. I think most people who use Internet in this city have no modems, I just have a socket for Ethernet cable on the wall,
Wow, very modern - Ethernet-To-The-Home. Do you get ethernet speeds as well? -- Per Jessen, Zürich (21.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 September 2010 19:34:58 Per Jessen wrote:
I have no modem here. I think most people who use Internet in this city have no modems, I just have a socket for Ethernet cable on the wall,
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
Do you get ethernet speeds as well?
The Internet speed depends on your plan but otherwise limited with 100Mbit/s. All plans also have unlimited access to the LAN at 100Mbit/s. There are about several thousand computers in the LAN with PtP, video broacast and other services. The LAN connection is not the subject for any payments. Unfortunately Internet is quite expensive in this city: in Ukraine for example you can have unlimited 100Mbit/s access for under $10/month http://triolan.ua/item.aspx?id=137 http://internet.beeline.ua/ukr/tariffs/rates.wbp and in St.Petersburg they advertise 0.5 Gbiit/s Internet access with unlimited traffic coupled with 1 Gbit/s LAN for about $10/month. http://terabita.ru/money.php -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Saturday 11 September 2010 19:34:58 Per Jessen wrote:
I have no modem here. I think most people who use Internet in this city have no modems, I just have a socket for Ethernet cable on the wall,
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming? Fibre is slowly becoming available here too, but so far only in the cities. The DSL speeds go to 20Mbps, but that's on copper. -- Per Jessen, Zürich (14.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/09/2010 17:39, Per Jessen wrote:
Ilya Chernykh wrote:
On Saturday 11 September 2010 19:34:58 Per Jessen wrote:
I have no modem here. I think most people who use Internet in this city have no modems, I just have a socket for Ethernet cable on the wall,
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming? Fibre is slowly becoming available here too, but so far only in the cities. The DSL speeds go to 20Mbps, but that's on copper.
Awww, you are way behind the times! *We* have 24Mbps on copper! But you will only get this if you live on top of the telephone exchange! Look at this graph for example: http://www.tpg.com.au/dslam/faq.php This is why, in the UK, there are complaints about false advertising about what you get for what you pay. Here in Australia people have yet to wake up. But the newly elected government here has promised to deliver on a new fibre optic system (NBN) to every home. Pictures at 11pm, in 20 years...... BC -- Fact is that which enough people believe. Truth is determined by how fervently they believe it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Basil Chupin wrote:
On 12/09/2010 17:39, Per Jessen wrote:
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming? Fibre is slowly becoming available here too, but so far only in the cities. The DSL speeds go to 20Mbps, but that's on copper.
Awww, you are way behind the times! *We* have 24Mbps on copper!
You must have better copper :-) I don't know what the actual speeds are, but VDSL is advertised as 20'000Kbit/s. My office connection is advertised as 6000Kbit/s, but the ADSL negotiation says 5632kbit/s.
But you will only get this if you live on top of the telephone exchange!
Look at this graph for example: http://www.tpg.com.au/dslam/faq.php
Seems to fit with my offices being 3500m from the exchange, so 6000 is all we get. -- Per Jessen, Zürich (15.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
This is why, in the UK, there are complaints about false advertising about what you get for what you pay. Last year, there was a TV show comparing performance of various ISPs in Canada. As part of the test, they timed how long it took to download a Linux distro. Bell Canada was by far the worst, taking hours (I don't
Basil Chupin wrote: think they actually completed the download) to do what my ISP (Rogers) was able to do in under half an hour. The tests showed that none of the ADSL providers were able to deliver advertised performance, but Bell was the worst. Rogers, with cable modems, was able to deliver very close to the advertised speed. I have experienced the same at home. I have a 10 Mb down/1 Mb up services. When I run a speed test I generally get better than 9.8 Mb down and often slightly exceed 1 Mb up. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 15:27:55 James Knott wrote:
Last year, there was a TV show comparing performance of various ISPs in Canada. As part of the test, they timed how long it took to download a Linux distro. Bell Canada was by far the worst, taking hours (I don't think they actually completed the download) to do what my ISP (Rogers) was able to do in under half an hour. The tests showed that none of the ADSL providers were able to deliver advertised performance, but Bell was the worst. Rogers, with cable modems, was able to deliver very close to the advertised speed. I have experienced the same at home. I have a 10 Mb down/1 Mb up services. When I run a speed test I generally get better than 9.8 Mb down and often slightly exceed 1 Mb up.
This is what I get: http://www.speedtest.net/result/950210907.png with the theoretic limit of 100 Mbit/s -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2010-09-12 at 18:05 +1000, Basil Chupin wrote:
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming? Fibre is slowly becoming available here too, but so far only in the cities. The DSL speeds go to 20Mbps, but that's on copper.
Awww, you are way behind the times! *We* have 24Mbps on copper!
But you will only get this if you live on top of the telephone exchange!
Look at this graph for example:
http://www.tpg.com.au/dslam/faq.php
This is why, in the UK, there are complaints about false advertising about what you get for what you pay.
Here some real-life results based on end-user reports, from NL http://adsl.xandrios.net/ Though the site is dutch, the graphs speak for themselfs. Clearly, any subscription while living more than 3km from the local exchange, is a waste of money (unless you have no alternative) Biggest telco around here is succesfully obstructing any other players around here, who might be introducing ftth. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 11:39:43 Per Jessen wrote:
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming?
It is available and was available, but I know of nobody who says something good about such service.
Fibre is slowly becoming available here too, but so far only in the cities. The DSL speeds go to 20Mbps, but that's on copper.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 11:39:43 Per Jessen wrote:
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming?
First Ethernet-based nets appeared here in the mid-90s when people just bought first Ethernet cards (then with throughput of 10 Mbit/s) and connected to their neighbors to exchange files and play LAN games. Some of such games included only 2-3 computers and some spanned several buildings to include tens and hundreds. The people themselves negotiated with local officials, utility services for unofficial permissions to lay the cable, for access to collectors, attics etc. Then people from some nets decided that they can collect money to buy Internet access wholesale from the provider to have much lower prices and higher speed than on dial-up. From this time on some people connected to the local networks just to have cheap Internet. Some nets were organized with this purpose in mind. Over time the largest nets officially registered as "Local network of district XXX" to be able to officially collect money and negotiate with the officials for cable placement. Then there appeared some professional providers who decided to use the same technology. They either competed or bought small local providers. This day I would say that most of smaller providers already incorporated in 2-3 largest and ad-hoc nets were disbanded due to unnecessity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Sunday 12 September 2010 11:39:43 Per Jessen wrote:
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming?
First Ethernet-based nets appeared here in the mid-90s when people just bought first Ethernet cards (then with throughput of 10 Mbit/s) and connected to their neighbors to exchange files and play LAN games.
Some of such games included only 2-3 computers and some spanned several buildings to include tens and hundreds. The people themselves negotiated with local officials, utility services for unofficial permissions to lay the cable, for access to collectors, attics etc.
Well yes, we've all been there, but that's not quite what is meant by "Ethernet-To-The-Home". -- Per Jessen, Zürich (16.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 13:19:30 Per Jessen wrote:
Some of such games included only 2-3 computers and some spanned several buildings to include tens and hundreds. The people themselves negotiated with local officials, utility services for unofficial permissions to lay the cable, for access to collectors, attics etc.
Well yes, we've all been there, but that's not quite what is meant by "Ethernet-To-The-Home".
Then what does? It was already in the mid-90s (96-98) when some people were already able to connect Internet over Ethernet this was dependent on whether their building is already connected. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Sunday 12 September 2010 13:19:30 Per Jessen wrote:
Some of such games included only 2-3 computers and some spanned several buildings to include tens and hundreds. The people themselves negotiated with local officials, utility services for unofficial permissions to lay the cable, for access to collectors, attics etc.
Well yes, we've all been there, but that's not quite what is meant by "Ethernet-To-The-Home".
Then what does? It was already in the mid-90s (96-98) when some people were already able to connect Internet over Ethernet this was dependent on whether their building is already connected.
http://en.wikipedia.org/wiki/ETTH -- Per Jessen, Zürich (17.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 13:46:38 Per Jessen wrote:
Well yes, we've all been there, but that's not quite what is meant by "Ethernet-To-The-Home".
Then what does? It was already in the mid-90s (96-98) when some people were already able to connect Internet over Ethernet this was dependent on whether their building is already connected.
So the difference is only in fiber optics? Optic cable is an Ethernet technology nothing more than 10 Mbit/s card. The provider uses those technologies which he considers economically viable. This does not impact end-user as optic cable anyway does not reach apartments, and possible even separate buildings. Currently in each building there is a hub with several 100 Mbit/s ports and at least two 1 Gigabit/s ports (one of them used for uplink to the provider and the other is in reserve). The Gigabit ports may be copper or optic or support the both cable types. This does not make any difference for a end-user. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-12 12:06, Ilya Chernykh wrote:
So the difference is only in fiber optics? Optic cable is an Ethernet technology nothing more than 10 Mbit/s card. The provider uses those technologies which he considers economically viable. This does not impact end-user as optic cable anyway does not reach apartments, and possible even separate buildings. Currently in each building there is a hub with several 100 Mbit/s ports and at least two 1 Gigabit/s ports (one of them used for uplink to the provider and the other is in reserve). The Gigabit ports may be copper or optic or support the both cable types.
This does not make any difference for a end-user.
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere? Interesting. No, I haven't seen such a thing here (Spain). -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Sunday 12 September 2010 20:19:17 Carlos E. R. wrote:
So the difference is only in fiber optics? Optic cable is an Ethernet technology nothing more than 10 Mbit/s card. The provider uses those technologies which he considers economically viable. This does not impact end-user as optic cable anyway does not reach apartments, and possible even separate buildings. Currently in each building there is a hub with several 100 Mbit/s ports and at least two 1 Gigabit/s ports (one of them used for uplink to the provider and the other is in reserve). The Gigabit ports may be copper or optic or support the both cable types.
This does not make any difference for a end-user.
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
Yes, until this month we used VPN to access Internet (connecting to a server ppp.lan). Now they moved us to PPPoE. In other districts they use NAT, but in any case all connected to one local network. You can use the local network for free even if you did not pay for Internet.
Interesting.
No, I haven't seen such a thing here (Spain).
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
In another message, I provided a link to just such a setup in Wellington NZ. There, Ethernet is a utility, which you can use to connect to an ISP of your choice. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 20:34:48 James Knott wrote:
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
In another message, I provided a link to just such a setup in Wellington NZ. There, Ethernet is a utility, which you can use to connect to an ISP of your choice.
I would say that my network is entirely controlled by one provider, but I can insert my Ethernet cable into a hub any of at least 3 providers who have a hub in my house. This is completely standard not only for this city but for this country and for neighboring countries also. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Sunday 12 September 2010 20:34:48 James Knott wrote:
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
In another message, I provided a link to just such a setup in Wellington> NZ. There, Ethernet is a utility, which you can use to connect to an ISP of your choice.
I would say that my network is entirely controlled by one provider, but I can insert my Ethernet cable into a hub any of at least 3 providers who have a hub in my house.
This sounds a lot like a cable-TV network, except it's not for TV. I guess the uplink is fibre?
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason. -- Per Jessen, Zürich (21.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
A while ago, I set up ADSL in a seniors residence, which bridged them to the main network, where the DHCP server and internet connection were. They used the existing phone wires to get ADSL into the rooms. Otherwise, they'd have had to rewire the building for ethernet, which would have been *VERY* expensive. I also did similar in a university student's residence, which had previously been a hotel. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
A while ago, I set up ADSL in a seniors residence, which bridged them to the main network, where the DHCP server and internet connection were. They used the existing phone wires to get ADSL into the rooms. Otherwise, they'd have had to rewire the building for ethernet, which would have been *VERY* expensive.
Exactly - that was the whole attraction of ADSL: reuse of existing infrastructure to provide more with the same two wires. -- Per Jessen, Zürich (18.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 20:55:17 Per Jessen wrote:
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
In another message, I provided a link to just such a setup in Wellington> NZ. There, Ethernet is a utility, which you can use to connect to an ISP of your choice.
I would say that my network is entirely controlled by one provider, but I can insert my Ethernet cable into a hub any of at least 3 providers who have a hub in my house.
This sounds a lot like a cable-TV network, except it's not for TV. I guess the uplink is fibre?
Completely irrelevant. It may be optic fiber or copper UTP depending on distance to a higher-level hub. What is definite is that the cable which connects my building has capacity 1 Gbit/s, optical or not. The higher-level cable is almost certainly optic because it should have higher capacity.
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations?
For areas with higher concentrations.
I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
There are providers who advertise xDSL, for example, a telephone company, but they are competitive only in buildings which are not connected to the Ethernet (the number of them decreases with the majority now have multiple Ethernet providers). Ethernet is a standard here at least from mid-90s, the only major change for a end-user being change of the end-user connection capacity from 10 Mbit/s to 100 Mbit/s which was mostly completed by the end of 1990s. And of course, the moment when his building was connected after all. I recall how in the end of 1990s I every day opened a site of a district network to see the map: which new buildings they connected? The network though, failed to cross a wide street separating the connected part of the district from non-connected. Another network was in a quarter from me in the opposite direction. In the end my building was connected to a third network and it seems I learned about it much later than it actually happened :-) After a while it was bought by a city-wide provider. The tariffs changed greatly in the last 3 years and now one can have a 50 times faster connection (of more traffic if the tariff is traffic-based with unlimited speed) for the same money than 3 years ago. But if to compare with onthe cities and countries one can find that we now have high prices: in Ukraine one can have 40 times cheaper Internet if to count $/(Mbit/s), also by Ethernet of course. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
What is definite is that the cable which connects my building has capacity 1 Gbit/s, optical or not. The higher-level cable is almost certainly optic because it should have higher capacity.
Your building is almost certainly also connected with fibre, 1GigE copper ethernet only goes so far.
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations?
For areas with higher concentrations.
Okay, so same as here. The fibre infrastructure is expensive, needs lots of customers for it pay off.
I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
There are providers who advertise xDSL, for example, a telephone company, but they are competitive only in buildings which are not connected to the Ethernet (the number of them decreases with the majority now have multiple Ethernet providers). Ethernet is a standard here at least from mid-90s, the only major change for a end-user being change of the end-user connection capacity from 10 Mbit/s to 100 Mbit/s which was mostly completed by the end of 1990s.
I'm really surprised that it was worth rewiring entire apartment buildings with Cat5 cable, when VoIP didn't exist. I mean, in the mid-90s the internet had barely been invented, people were happy dialling into Compuserve at 56K (or 64K in ISDN countries). It's totally surreal to hear you explain about 10Mbps speeds to an internet that barely existed (to Joe Bloggs).
The tariffs changed greatly in the last 3 years and now one can have a 50 times faster connection (of more traffic if the tariff is traffic-based with unlimited speed) for the same money than 3 years ago.
Here they haven't changed a lot - one significant change was in 2008, when the Swiss government made Swisscom provide a certain minimum of xDSL to every Swiss household that wants it. (Grundversorgungspflicht). -- Per Jessen, Zürich (18.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
söndagen den 12 september 2010 20.46.17 skrev Per Jessen:
I'm really surprised that it was worth rewiring entire apartment buildings with Cat5 cable, when VoIP didn't exist. I mean, in the mid-90s the internet had barely been invented, people were happy dialling into Compuserve at 56K (or 64K in ISDN countries). It's totally surreal to hear you explain about 10Mbps speeds to an internet that barely existed (to Joe Bloggs).
I got that in my flat in Malmö, Sweden in 2000. All HSB flats were connected using 100Mbps ethernet, plug in the wall to an ethernet card, dhcp, done, surf. The houses were at that time connected using gigabit routers, I don't know what it's like today, since I moved away from there some time ago (and boy do I miss that connection :) Today I can get 100Mbps with vdsl2, but only if I live in the right areas. I guess that will become standard too some day. 50Mbps I can get in many places, and t-online has been broadcasting digital TV over the net with 25Mbps for some time now Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
söndagen den 12 september 2010 20.46.17 skrev Per Jessen:
I'm really surprised that it was worth rewiring entire apartment buildings with Cat5 cable, when VoIP didn't exist. I mean, in the mid-90s the internet had barely been invented, people were happy dialling into Compuserve at 56K (or 64K in ISDN countries). It's totally surreal to hear you explain about 10Mbps speeds to an internet that barely existed (to Joe Bloggs).
I got that in my flat in Malmö, Sweden in 2000. All HSB flats were connected using 100Mbps ethernet, plug in the wall to an ethernet card, dhcp, done, surf. The houses were at that time connected using gigabit routers, I don't know what it's like today, since I moved away from there some time ago (and boy do I miss that connection :)
I guess those were new buildings? That doesn't surprise me, it's the rewiring of existing buildings as well as the highspeed fibre connections.
Today I can get 100Mbps with vdsl2, but only if I live in the right areas. I guess that will become standard too some day. 50Mbps I can get in many places, and t-online has been broadcasting digital TV over the net with 25Mbps for some time now
Fibre is the latest thing in Switzerland - even my little Gemeinde (5500 people) are planning to provide fibre to each household over the next two years. A 5mill franc investment. -- Per Jessen, Zürich (13.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 09:21:44 Per Jessen wrote:
Anders Johansson wrote:
söndagen den 12 september 2010 20.46.17 skrev Per Jessen:
I'm really surprised that it was worth rewiring entire apartment buildings with Cat5 cable, when VoIP didn't exist. I mean, in the mid-90s the internet had barely been invented, people were happy dialling into Compuserve at 56K (or 64K in ISDN countries). It's totally surreal to hear you explain about 10Mbps speeds to an internet that barely existed (to Joe Bloggs).
I got that in my flat in Malmö, Sweden in 2000. All HSB flats were connected using 100Mbps ethernet, plug in the wall to an ethernet card, dhcp, done, surf. The houses were at that time connected using gigabit routers, I don't know what it's like today, since I moved away from there some time ago (and boy do I miss that connection :)
I guess those were new buildings?
My flat was built in the 30s, I believe. Very much not new. Anyway, as I said it was all HSB flats, and they are the largest condo company in Sweden. It was called "HSB bolina" and was a very ambitious project. Some friends of mine worked for one of the contractors who laid down the cabling, they were very busy at the time :) Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 22:46:17 Per Jessen wrote:
Ilya Chernykh wrote:
What is definite is that the cable which connects my building has capacity 1 Gbit/s, optical or not. The higher-level cable is almost certainly optic because it should have higher capacity.
Your building is almost certainly also connected with fibre, 1GigE copper ethernet only goes so far.
Gigabit Ethernet allows copper connections: http://en.wikipedia.org/wiki/Gigabit_ethernet You know, any network card 9and motherboard) now supports gigabit Ethernet. Thus some providers, for example, in St.Petersburg as I already mentioned provide Gigabit Ethernet to end users via a copper cable. Some people even can convince a normal provider like mine to connect them via a gigabit end-user link because any hub as I mentioned has one unused gigabit port. Some indeed did so via good personal connections, but for gigabit ethernet to become a mainstream the provider has to upgrade their equipment so each hub had multiple gigabit ports and a thicker uplink. No upgrade on the end-user side is needed and no support for optics on the motherboard.
I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
There are providers who advertise xDSL, for example, a telephone company, but they are competitive only in buildings which are not connected to the Ethernet (the number of them decreases with the majority now have multiple Ethernet providers). Ethernet is a standard here at least from mid-90s, the only major change for a end-user being change of the end-user connection capacity from 10 Mbit/s to 100 Mbit/s which was mostly completed by the end of 1990s.
I'm really surprised that it was worth rewiring entire apartment buildings with Cat5 cable, when VoIP didn't exist. I mean, in the mid-90s the internet had barely been invented, people were happy dialling into Compuserve at 56K (or 64K in ISDN countries). It's totally surreal to hear you explain about 10Mbps speeds to an internet that barely existed (to Joe Bloggs).
People just stretched cables from window to window to get the LAN working. Internet in those time was only a supplement to the LAN, it was expensive, although technically it was already possible to have a 10 Mbit/s connection. Even 3 years ago in 2007 the normal speed for an internet connection was 128 Kbit/s on speed-limited tariffs (this is not the technical speed limitation, which always was 100 Mbit/s but an artificial limitation on unlimited-traffic tariffs, on pay-for-traffic tariffs you could have 100 Mbit/s but would pay more money for traffic). But you could download films, programs etc from the LAN with speed of 100 Mbit/s for free. That's why existence of LAN was a great competitive advantage for any provider those times. Now this is not so important because the average speed of Internet connection (according the tariff plan) catches up with that of LAN.
The tariffs changed greatly in the last 3 years and now one can have a 50 times faster connection (of more traffic if the tariff is traffic-based with unlimited speed) for the same money than 3 years ago.
Here they haven't changed a lot - one significant change was in 2008, when the Swiss government made Swisscom provide a certain minimum of xDSL to every Swiss household that wants it. (Grundversorgungspflicht).
This is great and I would choose it is it was available here. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
You know, any network card 9and motherboard) now supports gigabit Ethernet. Thus some providers, for example, in St.Petersburg as I already mentioned provide Gigabit Ethernet to end users via a copper cable.
But ethernet only reaches 100m - how do the providers connect to the switch? Must be fibre, presumably dug in.
I'm really surprised that it was worth rewiring entire apartment buildings with Cat5 cable, when VoIP didn't exist. I mean, in the mid-90s the internet had barely been invented, people were happy dialling into Compuserve at 56K (or 64K in ISDN countries). It's totally surreal to hear you explain about 10Mbps speeds to an internet that barely existed (to Joe Bloggs).
People just stretched cables from window to window to get the LAN working. Internet in those time was only a supplement to the LAN, it was expensive, although technically it was already possible to have a 10 Mbit/s connection.
But you said that it then developed such that every house/apartment now has 10Mpbs ethernet. Of course, you're also saying that the internet is not available at that speed, so we're not really talking about ETTH, more EITH (ethernet in the home)?
Even 3 years ago in 2007 the normal speed for an internet connection was 128 Kbit/s on speed-limited tariffs (this is not the technical speed limitation, which always was 100 Mbit/s but an artificial limitation on unlimited-traffic tariffs, on pay-for-traffic tariffs you could have 100 Mbit/s but would pay more money for traffic).
Even with a very high contention ratio, providing 100Mbit/s to more than a few apartments in a residential area is very, very pricey. I'm amazed that your providers are able to do that and make it affordable. In Zurich (the city itself), you can have a 100Mbit connection, but at CHF2000/month. xDSL is far cheaper. -- Per Jessen, Zürich (13.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-12 18:55, Per Jessen wrote:
Ilya Chernykh wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older. When I worked for a phone company, around 1997-2001, we had some issues with international phone calls there, because part of the network was still analogical, not digital. Which would make connection to internet via modem also difficult. Also, when Fidonet declined with the rise of Internet, some Fidonet software started to be maintained there: for some reason it was used there more than in these parts. Some dev lists started to talk Russian instead of English... -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
söndagen den 12 september 2010 22.58.01 skrev Carlos E. R.:
On 2010-09-12 18:55, Per Jessen wrote:
Ilya Chernykh wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
That's hardly the only reason for such a move. It is a service just like any other. I dare you to try selling a house or flat without a telephone connection or power outlets. You either won't be able to or you'll have to dramatically drop the price In the future, it will become equally impossible to sell any house or flat without an internet connection. In Sweden when I got it, that was the main argument used to sell the idea - it was a step into the future. DSL is a hack that deserves to die, the sooner the better, just like the analog modems. Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
söndagen den 12 september 2010 22.58.01 skrev Carlos E. R.:
On 2010-09-12 18:55, Per Jessen wrote:
Ilya Chernykh wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
That's hardly the only reason for such a move.
But it is undoubtedly a very significant argument. If the existing wiring is good enough to provide X, why spend more money to provide X ?
DSL is a hack that deserves to die, the sooner the better, just like the analog modems.
Troll :-) -- Per Jessen, Zürich (13.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 11:42:17 Per Jessen wrote:
Anders Johansson wrote:
söndagen den 12 september 2010 22.58.01 skrev Carlos E. R.:
On 2010-09-12 18:55, Per Jessen wrote:
Ilya Chernykh wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
That's hardly the only reason for such a move.
But it is undoubtedly a very significant argument. If the existing wiring is good enough to provide X, why spend more money to provide X ?
Are you asking about now or some time ago? Some time ago nobody would use just Internet without a LAN because Internet was very expensive. Now they are closer, but Ethernet is somewhat cheaper. And also there is only one telephone company with their ADSL over telephone and multiple Ethernet providers.
DSL is a hack that deserves to die, the sooner the better, just like the analog modems. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 11:42:17 Per Jessen wrote:
Anders Johansson wrote:
söndagen den 12 september 2010 22.58.01 skrev Carlos E. R.:
On 2010-09-12 18:55, Per Jessen wrote:
Ilya Chernykh wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
That's hardly the only reason for such a move.
But it is undoubtedly a very significant argument. If the existing wiring is good enough to provide X, why spend more money to provide X ?
Are you asking about now or some time ago? Some time ago nobody would use just Internet without a LAN because Internet was very expensive.
Some time ago there was no internet, but I think we have already established that 1) in my part of the world in the 90s, there was no use nor demand for the LAN in residential areas, but once the internet content grew, the internet connection got increasingly better, and more people began buying computers. 2) in your part of the world, ethernet LAN (for some yet unexplained reason) became extremely popular in residential multi-storey buildings.
Now they are closer, but Ethernet is somewhat cheaper. And also there is only one telephone company with their ADSL over telephone and multiple Ethernet providers.
How do your Ethernet providers connect your LANs to the internet? I mean, I guess you have a switch in each building, but what does that connect to? A central highspeed backbone switch or fibre connection or what (just curious). -- Per Jessen, Zürich (15.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 14:19:49 Per Jessen wrote:
How do your Ethernet providers connect your LANs to the internet? I mean, I guess you have a switch in each building, but what does that connect to? A central highspeed backbone switch or fibre connection or what (just curious).
I think each district (and maybe each building) is connected by an optical fiber. But this is a subject to change as provider has to upgrade infrastructure frequently. Early providers tried to avoid use of optics that's why Internet was so expensive(=good charge for low speed) then. In the last 3 years Internet became much cheaper, I think because of infrastructure upgrade. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 14:19:49 Per Jessen wrote:
1) in my part of the world in the 90s, there was no use nor demand for the LAN in residential areas, but once the internet content grew, the internet connection got increasingly better, and more people began buying computers. 2) in your part of the world, ethernet LAN (for some yet unexplained reason) became extremely popular in residential multi-storey buildings.
Because 1. it was cheap to buy an ethernet card and a cable and connect to the neighbors 2. five people if acting together could get cheaper Internet than acting separately - just buy one channel (whether fiber, ADSL, radio or other technology available then) and share it. 3. such networks grew to become local providers, then merged to become a city-wide provider -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 14:19:49 Per Jessen wrote:
1) in my part of the world in the 90s, there was no use nor demand for the LAN in residential areas, but once the internet content grew, the internet connection got increasingly better, and more people began buying computers. 2) in your part of the world, ethernet LAN (for some yet unexplained reason) became extremely popular in residential multi-storey buildings.
Because
1. it was cheap to buy an ethernet card and a cable and connect to the neighbors
Same was the case here, except to 99% of people it wasn't interesting. (even then, it was still mostly people with some involvement in IT or other technical sciences that had a computer at home).
2. five people if acting together could get cheaper Internet than acting separately - just buy one channel (whether fiber, ADSL, radio or other technology available then) and share it.
That must have happened later, right? Well, comparing with western Europe, sharing across household limits was not allowed due to telecomms regulation and pricewise it didn't matter much anyway.
3. such networks grew to become local providers, then merged to become a city-wide provider
Yep, that I have understood and that makes sense. What I still can't quite see is how a few nerds wiring up their apartments developed into every or virtually every apartment building being fully wired for ethernet, but I'm obviously missing the bigger picture. -- Per Jessen, Zürich (15.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 15:02:49 Per Jessen wrote:
1) in my part of the world in the 90s, there was no use nor demand for the LAN in residential areas, but once the internet content grew, the internet connection got increasingly better, and more people began buying computers. 2) in your part of the world, ethernet LAN (for some yet unexplained reason) became extremely popular in residential multi-storey buildings.
Because
1. it was cheap to buy an ethernet card and a cable and connect to the neighbors
Same was the case here, except to 99% of people it wasn't interesting. (even then, it was still mostly people with some involvement in IT or other technical sciences that had a computer at home).
2. five people if acting together could get cheaper Internet than acting separately - just buy one channel (whether fiber, ADSL, radio or other technology available then) and share it.
That must have happened later, right?
I think from 90s.
Well, comparing with western Europe, sharing across household limits was not allowed due to telecomms regulation
1. It i impossible to check 2. Not all providers impose such restrictions (some do indeed, modeling after Western countries), but I think it appeared only recently 3. I think such restrictions illegal in this country and can be protested in the court, so nobody enforces it.
and pricewise it didn't matter much anyway.
Matters very much if traffic not counted but the payment is only for connection speed.
3. such networks grew to become local providers, then merged to become a city-wide provider
Yep, that I have understood and that makes sense. What I still can't quite see is how a few nerds wiring up their apartments developed into every or virtually every apartment building being fully wired for ethernet,
http://www.tushino.com/ - LAN of Tushino district http://www.izmaylovo.ru/ - LAN of Izmailovo district http://www.butovo.com/ - LAN of Butovo district http://www.metronet.ru/ - LAN of Metrogorodok district http://www.golnet.ru/ - LAN of a part of Golyanovo They all now Internet providers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
Well, comparing with western Europe, sharing across household limits was not allowed due to telecomms regulation
1. It i impossible to check
It's probably difficult to enforce, but then you just make the fine so much much severe.
2. Not all providers impose such restrictions (some do indeed, modeling after Western countries), but I think it appeared only recently
It was not primarily a provider rule, it was government legislation concerning who is allowed to carry telecommunication traffic as a third party. With the liberalisation of the telecomms industry that has happened in the later years, many of these restrictions have gone away, and it's far more likely today that a few households in a remote(ish) village will get together and share a high-speed connection. Their reasons for doing it is typical installation costs and/or geography-dependent unavailability.
3. such networks grew to become local providers, then merged to become a city-wide provider
Yep, that I have understood and that makes sense. What I still can't quite see is how a few nerds wiring up their apartments developed into every or virtually every apartment building being fully wired for ethernet,
http://www.tushino.com/ - LAN of Tushino district http://www.izmaylovo.ru/ - LAN of Izmailovo district http://www.butovo.com/ - LAN of Butovo district http://www.metronet.ru/ - LAN of Metrogorodok district http://www.golnet.ru/ - LAN of a part of Golyanovo
They all now Internet providers.
Like I said, I'm missing the bigger picture. -- Per Jessen, Zürich (16.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 13:02 +0200, Per Jessen wrote: > Ilya Chernykh wrote: > > On Monday 13 September 2010 14:19:49 Per Jessen wrote: > >> 1) in my part of the world in the 90s, there was no use nor demand > >> for the LAN in residential areas, but once the internet content grew, > >> the internet connection got increasingly better, and more people > >> began buying computers. > >> 2) in your part of the world, ethernet LAN (for some yet unexplained > >> reason) became extremely popular in residential multi-storey > >> buildings. > > Because > > 1. it was cheap to buy an ethernet card and a cable and connect to the > > neighbors > Same was the case here, except to 99% of people it wasn't interesting. > (even then, it was still mostly people with some involvement in IT or > other technical sciences that had a computer at home). +1; there is no local content. And, especially today, peer-to-peer is essentially dead. > > 2. five people if acting together could get cheaper Internet than > > acting separately - just buy one channel (whether fiber, ADSL, radio > > or other technology available then) and share it. > That must have happened later, right? Well, comparing with western > Europe, sharing across household limits was not allowed due to > telecomms regulation and pricewise it didn't matter much anyway. And sociological attitudes matter too. This could happen only rarely in the USA. > > 3. such networks grew to become local providers, then merged to become > > a city-wide provider > Yep, that I have understood and that makes sense. What I still can't > quite see is how a few nerds wiring up their apartments developed into > every or virtually every apartment building being fully wired for > ethernet, but I'm obviously missing the bigger picture. Easy; with facilitation from local governments. Which is why what he is talking about isn't applicable other places - it just won't happen in most places due to non-technical reasons; and it is probably criminal, or at least prohibited [the USA*], in many places,. * government entities are often restricted form 'competing' with the 'private sector' (note that both those terms are used in a very tongue-in-cheek manner). If a local government installs something like a fiber-loop you can start the count-down until they are sued by the telopolies. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 13:51, Adam Tauno Williams wrote:
On Mon, 2010-09-13 at 13:02 +0200, Per Jessen wrote:
Ilya Chernykh wrote:
3. such networks grew to become local providers, then merged to become a city-wide provider Yep, that I have understood and that makes sense. What I still can't quite see is how a few nerds wiring up their apartments developed into every or virtually every apartment building being fully wired for ethernet, but I'm obviously missing the bigger picture.
Easy; with facilitation from local governments. Which is why what he is talking about isn't applicable other places - it just won't happen in most places due to non-technical reasons; and it is probably criminal, or at least prohibited [the USA*], in many places,.
(here) it is forbidden to share a connection, unless you ask the ISP for a connection that you are going to share between several households - I think. Some small villages here (Spain) experimented with free WiFi for the entire village, to give all the inhabitants free access to internet (free means, of course, a shared connection paid by the council). Soon the Telcos became angry, and severed the Internet connection. I believe some negotiated and got a shareable connection, which was, of course, more expensive. Or something like that, I don't the current status.
* government entities are often restricted form 'competing' with the 'private sector' (note that both those terms are used in a very tongue-in-cheek manner). If a local government installs something like a fiber-loop you can start the count-down until they are sued by the telopolies.
I know of some local goverments here that started their own small telco company, in order to bypass that >:-) -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 9/13/2010 12:15 PM, Carlos E. R. wrote:
On 2010-09-13 13:51, Adam Tauno Williams wrote:
On Mon, 2010-09-13 at 13:02 +0200, Per Jessen wrote:
Ilya Chernykh wrote:
3. such networks grew to become local providers, then merged to become a city-wide provider Yep, that I have understood and that makes sense. What I still can't quite see is how a few nerds wiring up their apartments developed into every or virtually every apartment building being fully wired for ethernet, but I'm obviously missing the bigger picture.
Easy; with facilitation from local governments. Which is why what he is talking about isn't applicable other places - it just won't happen in most places due to non-technical reasons; and it is probably criminal, or at least prohibited [the USA*], in many places,.
(here) it is forbidden to share a connection, unless you ask the ISP for a connection that you are going to share between several households - I think.
Its criminal in most places. Its called theft of services. In Hong Kong and some parts of Mexico and most of Iraq people steel electricity this way too. You can always get away with this on small scale. Close neighbors who you trust. This is about the only thing Coax is still good for, because of the long run lengths allowed. But Its not legal anywhere there is a commercial ISP that does not specifically offer it as an option. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 23:24:37 John Andersen wrote:
In Hong Kong and some parts of Mexico and most of Iraq people steel electricity this way too.
Steal electricity? And those who pay for it do not know? Or they buy electricity together? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 21:42, Ilya Chernykh wrote:
On Monday 13 September 2010 23:24:37 John Andersen wrote:
In Hong Kong and some parts of Mexico and most of Iraq people steel electricity this way too.
Steal electricity? And those who pay for it do not know? Or they buy electricity together?
In the "corrugated steel villages" or however you call them, I mean villages that grow on the outskirts of cities, illegally, they usually just climb a pole and hook a cable. Try to sue them... nobody lives there, officially. The policy may unhook the cable, that people put it back as soon as they go. That is, assuming they dare to get inside that village! Another trick is to hook the cable after the meter of the neighbor. It is cheaper, because there is only one contract, but they are paying whatever electricity (or water) they use. Of course both know what they are doing. Then there is the trick of connecting "before" the meter. That's stealing. Or put a "jumper" across the meter: it does not bulge even if you put the entire house on air conditioning! If an inspector comes by, they remove the jumper fast. There are many tricks - I only know what every body knows :-p -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Monday 13 September 2010 23:55:30 Carlos E. R. wrote:
On 2010-09-13 21:42, Ilya Chernykh wrote:
On Monday 13 September 2010 23:24:37 John Andersen wrote:
In Hong Kong and some parts of Mexico and most of Iraq people steel electricity this way too.
Steal electricity? And those who pay for it do not know? Or they buy electricity together?
In the "corrugated steel villages" or however you call them, I mean villages that grow on the outskirts of cities, illegally, they usually just climb a pole and hook a cable.
This is theft of course.
Try to sue them... nobody lives there, officially. The policy may unhook the cable, that people put it back as soon as they go. That is, assuming they dare to get inside that village!
Another trick is to hook the cable after the meter of the neighbor. It is cheaper, because there is only one contract, but they are paying whatever electricity (or water) they use. Of course both know what they are doing.
Also theft.
Then there is the trick of connecting "before" the meter. That's stealing. Or put a "jumper" across the meter: it does not bulge even if you put the entire house on air conditioning! If an inspector comes by, they remove the jumper fast.
There are many tricks - I only know what every body knows :-p
But a cannot understand why you can 'theft' when people buy some amount of product or service and then resell it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 22:50, Ilya Chernykh wrote:
On Monday 13 September 2010 23:55:30 Carlos E. R. wrote:
Another trick is to hook the cable after the meter of the neighbor. It is cheaper, because there is only one contract, but they are paying whatever electricity (or water) they use. Of course both know what they are doing.
Also theft.
I don't think that particular one is strictly forbidden here. It is typically done when your neighbour has to repair his cabling and you lend him a "cable". It is not prosecuted, as far as I know - after all, you are paying all that electricity, and being "two", you are using more, so more money.
But a cannot understand why you can 'theft' when people buy some amount of product or service and then resell it.
Different countries, different laws :-) -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 9/13/2010 3:19 PM, Carlos E. R. wrote:
On 2010-09-13 22:50, Ilya Chernykh wrote:
But a cannot understand why you can 'theft' when people buy some amount of product or service and then resell it.
Different countries, different laws :-)
Mostly because you signed an agreement that said you would not do this. But also, because quantity purchased is sometimes not really specific. Unlimited does not really mean unlimited. In the US, they tend to limit speed, not so much total transfer bytes. Even with no transfer caps in place, ISPs price service based on what a typical household consumes. When there start to be 4 or 8 households they still get the revenue for one contract but they get 4 or 8 times the usage. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 02:30, John Andersen wrote:
On 9/13/2010 3:19 PM, Carlos E. R. wrote:
Even with no transfer caps in place, ISPs price service based on what a typical household consumes. When there start to be 4 or 8 households they still get the revenue for one contract but they get 4 or 8 times the usage.
They even gets "nasty" when people use their connection full time and full capacity, downloading videos or linux dvds. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
On Tuesday 14 September 2010 02:19:52 Carlos E. R. wrote:
On Monday 13 September 2010 23:55:30 Carlos E. R. wrote:
Another trick is to hook the cable after the meter of the neighbor. It is cheaper, because there is only one contract, but they are paying whatever electricity (or water) they use. Of course both know what they are doing.
Also theft.
I don't think that particular one is strictly forbidden here. It is typically done when your neighbour has to repair his cabling and you lend him a "cable". It is not prosecuted, as far as I know - after all, you are paying all that electricity, and being "two", you are using more, so more money.
Oh I missed they pay for it. In that case it is not theft of course.
But a cannot understand why you can 'theft' when people buy some amount of product or service and then resell it.
Different countries, different laws :-)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 21:24, John Andersen wrote:
On 9/13/2010 12:15 PM, Carlos E. R. wrote:
(here) it is forbidden to share a connection, unless you ask the ISP for a connection that you are going to share between several households - I think.
Its criminal in most places. Its called theft of services.
Yes, of course, but it is not theft if you are paying the provider specifically for that kind of service. If you ask the provider an internet connection for a hundred households and pay for it, it is the same as if you ask for a connection for a hundred employees. The provider may refuse, of course. It is not theft in that case, you respect the terms of the contract. It is theft if you ask for a connection for a household, and then connect a hundred. You lied to them. However... why should they care? It is the same bandwidth. The problem is that it is fully used. Bad design. If I buy one meg I'm entitled to use it fully and full time. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Monday 13 September 2010 23:44:32 Carlos E. R. wrote:
Its criminal in most places. Its called theft of services.
Yes, of course, but it is not theft if you are paying the provider specifically for that kind of service.
If you ask the provider an internet connection for a hundred households and pay for it, it is the same as if you ask for a connection for a hundred employees. The provider may refuse, of course. It is not theft in that case, you respect the terms of the contract.
It is theft if you ask for a connection for a household, and then connect a hundred. You lied to them.
Is it theft if you buyed some oranges saying it is for you but then re-selled them?
However... why should they care? It is the same bandwidth. The problem is that it is fully used. Bad design. If I buy one meg I'm entitled to use it fully and full time.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2010-09-14 at 00:48 +0400, Ilya Chernykh wrote:
Its criminal in most places. Its called theft of services. Yes, of course, but it is not theft if you are paying the provider specifically for that kind of service. If you ask the provider an internet connection for a hundred households and pay for it, it is the same as if you ask for a connection for a hundred employees. The provider may refuse, of course. It is not theft in that case, you respect the terms of the contract. It is theft if you ask for a connection for a household, and then connect a hundred. You lied to them. Is it theft if you buyed some oranges saying it is for you but then re-selled
On Monday 13 September 2010 23:44:32 Carlos E. R. wrote: them?
If you agreed to a contract [like you do when you purchase connectivity] stating that you wouldn't resell the oranges - Yes, it is. Technically it is breach-of-contract, but in this particular case is referred to as theft-of-service. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 22:48, Ilya Chernykh wrote:
On Monday 13 September 2010 23:44:32 Carlos E. R. wrote:
...
Is it theft if you buyed some oranges saying it is for you but then re-selled them?
Not theft, but it is something, because you don't have the paper that says that you can manipulate food - health certificate or whatnot :-) Also, being a private person, you are not registered as a private busineman, you have not registered to pass over the VAT (whatever is the technical term in English), not registered to pay revenue for the benefits you get, not registered (and paying taxes) with the council for having a business, and... I'm sure I have forgotten a dozen laws or bylaws :-P Of course you can resell your oranges to a friend. But if you make an habit of that, selling to random people, you do risk being fined or prosecuted. In fact, there are people selling fruits that way, without license, from the boot of a car. They have to run when the police gets near. Often it is stolen fruit or groceries from some grange or other. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Tuesday 14 September 2010 02:34:38 Carlos E. R. wrote:
On 2010-09-13 22:48, Ilya Chernykh wrote:
On Monday 13 September 2010 23:44:32 Carlos E. R. wrote:
...
Is it theft if you buyed some oranges saying it is for you but then re-selled them?
Not theft, but it is something, because you don't have the paper that says that you can manipulate food - health certificate or whatnot :-)
Also, being a private person, you are not registered as a private busineman, you have not registered to pass over the VAT (whatever is the technical term in English), not registered to pay revenue for the benefits you get, not registered (and paying taxes) with the council for having a business, and... I'm sure I have forgotten a dozen laws or bylaws :-P
It is if you have business of selling oranges. And for taxes there is a limitation: if you have profits lower that a set limit you have not to declare. Yes, to sell oranges you have to have a food selling license, but suppose you have.
Of course you can resell your oranges to a friend. But if you make an habit of that, selling to random people, you do risk being fined or prosecuted. In fact, there are people selling fruits that way, without license, from the boot of a car. They have to run when the police gets near. Often it is stolen fruit or groceries from some grange or other.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 09:29, Ilya Chernykh wrote:
On Tuesday 14 September 2010 02:34:38 Carlos E. R. wrote:
On 2010-09-13 22:48, Ilya Chernykh wrote:
On Monday 13 September 2010 23:44:32 Carlos E. R. wrote:
...
Is it theft if you buyed some oranges saying it is for you but then re-selled them?
Not theft, but it is something, because you don't have the paper that says that you can manipulate food - health certificate or whatnot :-)
Also, being a private person, you are not registered as a private busineman, you have not registered to pass over the VAT (whatever is the technical term in English), not registered to pay revenue for the benefits you get, not registered (and paying taxes) with the council for having a business, and... I'm sure I have forgotten a dozen laws or bylaws :-P
It is if you have business of selling oranges. And for taxes there is a limitation: if you have profits lower that a set limit you have not to declare.
Ah, but that's different! First, when you buy you declare that you are a businesman - the price is lower, and you can pass on the VAT. The seller knows that you are buying to sell again. It is different from buying letting them think that you are the final buyer. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
* Carlos E. R. (robin.listas@gmail.com) [20100914 20:37]:
It is different from buying letting them think that you are the final buyer.
Folks! This is as off topic as it can get so PLEASE move this to the off-topic ml. EOD for opensuse, please! Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/13/2010 12:44 PM, Carlos E. R. wrote:
However... why should they care? It is the same bandwidth. The problem is that it is fully used. Bad design. If I buy one meg I'm entitled to use it fully and full time.
From a purely business case, I presume they price the service based on the fact that
Hey Carlos, don't get me to try to defend those rip off artists. ;-) they know nobody uses one meg all the time. They run the numbers and learn that people use less, and price it accordingly. They know (on average) you won't use the full meg, so they charge you less than it would actually cost (allegedly) to provide you with a full meg 24/7. Nobody wants caps. That's why they do it that way. If they just put in the bandwidth caps and byte caps they would never be in this situation. But people bitch, and equipment to do so is more expensive. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-09-14 02:39, John Andersen wrote:
On 9/13/2010 12:44 PM, Carlos E. R. wrote:
However... why should they care? It is the same bandwidth. The problem is that it is fully used. Bad design. If I buy one meg I'm entitled to use it fully and full time.
Hey Carlos, don't get me to try to defend those rip off artists. ;-)
From a purely business case, I presume they price the service based on the fact that they know nobody uses one meg all the time. They run the numbers and learn that people use less, and price it accordingly.
I know, I know... after all, it is my field ;-)
They know (on average) you won't use the full meg, so they charge you less than it would actually cost (allegedly) to provide you with a full meg 24/7.
Nobody wants caps. That's why they do it that way. If they just put in the bandwidth caps and byte caps they would never be in this situation. But people bitch, and equipment to do so is more expensive.
But it is bad design. You can cut corners, offer, say so much capacity, but instead install less, calculating for an average, peak, and reserve. However, if everybody fully utilizes their network, the fault is of the ISP, they should not be allowed to bitch and increase prizes. You know, the network is not designed to minimize congestion, but to reduce congestion claims to a certain acceptable limit. No congestion is expensive; to many claims is also expensive. That's it. >:-) - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iF4EAREIAAYFAkyPLgIACgkQja8UbcUWM1yDpQEAloEQHNpJ4/anX0hZl/7gYVnH zXdcaFc9LhFb5THwol8A/RGT/+a7uRoy6obQWPSSeFXmzJW87FATq1PhdKEezl97 =MolH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-12 23:13, Anders Johansson wrote:
söndagen den 12 september 2010 22.58.01 skrev Carlos E. R.:
I guess that their phone network is older.
That's hardly the only reason for such a move.
I don't know if analog exchanges can support xDSL. I think not.
It is a service just like any other. I dare you to try selling a house or flat without a telephone connection or power outlets.
I'll take you on it :-P Those houses are sold here (Spain) and are as expensive as any. I know the owners of one such personally, they have had to use cellular phones for about 4 years till they finally got a land line.
You either won't be able to or you'll have to dramatically drop the price
Absolutely not :-) Care to know why? The laws here specify that new houses have to be built with telecommunication access facilities, meaning tubing and common cabling for telephone, satellite, tv, cable... the lot, already prepared but not connected to a provider, reaching a... hole? near the front door of the building in the street pavement. The trouble is that these new houses were built in an old street, on which the Telephone company had distributed aerial cabling, since ever. They (telco) refused to connect to the house if it wasn't by the roof, and authorities said that it had be via underground the pavement... So nothing was done for several years. Thus, no phone service. No cable service, either (new service company, underground cabling, does not suply the entire city). Don't assume your standards of living are standard everywhere. :-)
DSL is a hack that deserves to die, the sooner the better, just like the analog modems.
Perhaps. In cities. I know of many sites with no choice. Many don't even have the chance of even a bad ADSL. Nothing, only wireless. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
I don't know if analog exchanges can support xDSL. I think not.
Yes they can. There are ADSL shelves that are separate from the exchange and the phone line passes through them on the way to the customer. I have installed some of those. I have also installed the ones that include digital phone lines on the same cards. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 03:30, James Knott wrote:
Carlos E. R. wrote:
I don't know if analog exchanges can support xDSL. I think not.
Yes they can. There are ADSL shelves that are separate from the exchange and the phone line passes through them on the way to the customer. I have installed some of those. I have also installed the ones that include digital phone lines on the same cards.
I don't mean ISDN, I mean POTS with digital exchange, vs analog exchanges: rotatrix, pentaconta... (I don't know the English names). Here there are a lot of 1240s. I think in Russia they even have multiplexed frequency transmission (hey, even Canada had it in the early nineties...). They can have xDSL? Wow. :-O -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
Carlos E. R. wrote:
On 2010-09-14 03:30, James Knott wrote:
Carlos E. R. wrote:
I don't know if analog exchanges can support xDSL. I think not.
Yes they can. There are ADSL shelves that are separate from the exchange and the phone line passes through them on the way to the customer. I have installed some of those. I have also installed the ones that include digital phone lines on the same cards.
I don't mean ISDN, I mean POTS with digital exchange, vs analog exchanges: rotatrix, pentaconta... (I don't know the English names). Here there are a lot of 1240s. I think in Russia they even have multiplexed frequency transmission (hey, even Canada had it in the early nineties...). They can have xDSL? Wow. :-O
Yes, I know what you mean. I wasn't referring to ISDN at all. Stand alone ADSL DSLAM shelves are available which can be wired in between an existing phone switch, including old analog ones, and the subscriber line. There is also another type, used for newer digital switches, where both telephone lines and ADSL are supported on the same equipment. It's entirely possible to use the appropriate card to provide basic rate ISDN, but I don't have experience with that. (I have worked with both basic and primary rate ISDN, but provided in a different manner.). So, if you had a old phone switch in a central office that was installed long before anyonehad even heard of the internet, you could still offer ADSL, by using the stand alone shelf. With the other type of shelf that I have worked with, the phone lines are connected to the switch via DS1 (T1) circuits (1.544 Mb/s) and the ADSL data via DS3 (45 Mb/s). The stand alone shelf uses etherent for the ADSL data. http://en.wikipedia.org/wiki/Dslam -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-09-14 17:37, James Knott wrote:
Carlos E. R. wrote:
Yes, I know what you mean. I wasn't referring to ISDN at all. Stand alone ADSL DSLAM shelves are available which can be wired in between an existing phone switch, including old analog ones, and the subscriber line. There is also another type, used for newer digital switches, where both telephone lines and ADSL are supported on the same equipment. It's entirely possible to use the appropriate card to provide basic rate ISDN, but I don't have experience with that. (I have worked with both basic and primary rate ISDN, but provided in a different manner.). So, if you had a old phone switch in a central office that was installed long before anyonehad even heard of the internet, you could still offer ADSL, by using the stand alone shelf. With the other type of shelf that I have worked with, the phone lines are connected to the switch via DS1 (T1) circuits (1.544 Mb/s) and the ADSL data via DS3 (45 Mb/s). The stand alone shelf uses etherent for the ADSL data.
I see. I saw those racks being installed, but it wasn't my section, couldn't find time to have a good look at them. And the switch I worked for (5ESS) was digital, so I did not know that analog exchanges could be given xdsl service. Good for them - or bad, it delays further the time for a renewal of equipment.
I often forget that the wikipedia is so vast :-) - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Elessar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyPwe4ACgkQU92UU+smfQUuDACfSywyT+rhXO5NbA68pmc+ZXCW k8oAn13OKC9Da4s+mc97AdMP0KQ7zHwU =DfEn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 03:18:43 Carlos E. R. wrote:
söndagen den 12 september 2010 22.58.01 skrev Carlos E. R.:
I guess that their phone network is older.
That's hardly the only reason for such a move.
I don't know if analog exchanges can support xDSL. I think not.
No exchange can support transfer of xDSL data. In order to have DSL you have to specifically modify the telephone stations so that high-frequency signal to bypass the repeaters, and the telephone station completely. This is a difficult task. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
No exchange can support transfer of xDSL data. In order to have DSL you have to specifically modify the telephone stations so that high-frequency signal to bypass the repeaters, and the telephone station completely.
This is a difficult task.
Care to try again? All the phone company has to do, is install the appropriate equipment and ensure there are no loading coils on the line. As I mentioned in another note, there are ADSL shelves available that are wired in between the exchange and the subscriber line. With digital exchanges, you can use equipment that provides both the phone line and ADSL. I have worked with both types. Loading coils were used to make phone links work better over longer cable runs, by equalizing frequency response in the voice bandwidth. However, those coils also kill ADSL. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 16:37:09 James Knott wrote:
Loading coils were used to make phone links work better over longer cable runs, by equalizing frequency response in the voice bandwidth. However, those coils also kill ADSL.
Yes, and also in this country most of telephone wiring historically was made not with twisted pair but with cables with parallel conductors (like this: http://img137.imageshack.us/img137/6526/resizeoftrp.jpg ) Also in older outlets a saw capacitors which effectively filter out not only high frequency but even the frequencies of modem data transfer. This may require re-wiring in order to have full speed ADSL. ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets. Some ADSL providers advertise ADSL solutions based on new lines, which is nothing more expensive for the user than using existing telephone lines (i.e. the connection in both cases is free, and of course there is no evident advantage over Ethernet as in both cases new wiring is required). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Tuesday 14 September 2010 16:37:09 James Knott wrote:
Loading coils were used to make phone links work better over longer cable runs, by equalizing frequency response in the voice bandwidth. However, those coils also kill ADSL.
Yes, and also in this country most of telephone wiring historically was made not with twisted pair but with cables with parallel conductors (like this: http://img137.imageshack.us/img137/6526/resizeoftrp.jpg )
Yep, that's also the case in western Europa. AFAIK, nobody uses twisted pair for analog telephone wiring. For ISDN, it is often used on the S0 bus, but that's more for convenience.
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Some ADSL providers advertise ADSL solutions based on new lines, which is nothing more expensive for the user than using existing telephone lines (i.e. the connection in both cases is free, and of course there is no evident advantage over Ethernet as in both cases new wiring is required).
The old 2-wire telephone is both thinner and cheaper than Cat5. -- Per Jessen, Zürich (17.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Yes, and also in this country most of telephone wiring historically
was made not with twisted pair but with cables with parallel conductors (like this: http://img137.imageshack.us/img137/6526/resizeoftrp.jpg )
Yep, that's also the case in western Europa. AFAIK, nobody uses twisted pair for analog telephone wiring. For ISDN, it is often used on the S0 bus, but that's more for convenience.
That is similar to what, in Canada, is referred to as "drop wire". It would be used to run from the cable in the street to the home. Inside the home, a cable with 4 wires, often called "quad" or "JKT" was run around the home. More recently, 3 pair CAT 3 cable has been used inside for running phone lines. The cables back to the central office have been twisted pairs for many, many years, although not necessarily even CAT 3 quality. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
Yes, and also in this country most of telephone wiring historically
was made not with twisted pair but with cables with parallel conductors (like this: http://img137.imageshack.us/img137/6526/resizeoftrp.jpg )
Yep, that's also the case in western Europa. AFAIK, nobody uses twisted pair for analog telephone wiring. For ISDN, it is often used on the S0 bus, but that's more for convenience.
That is similar to what, in Canada, is referred to as "drop wire". It would be used to run from the cable in the street to the home. Inside the home, a cable with 4 wires, often called "quad" or "JKT" was run around the home.
Same here, typically a 4-fire, but quite thin. -- Per Jessen, Zürich (18.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 15:20, Per Jessen wrote:
Ilya Chernykh wrote:
On Tuesday 14 September 2010 16:37:09 James Knott wrote:
Loading coils were used to make phone links work better over longer cable runs, by equalizing frequency response in the voice bandwidth. However, those coils also kill ADSL.
Yes, and also in this country most of telephone wiring historically was made not with twisted pair but with cables with parallel conductors (like this: http://img137.imageshack.us/img137/6526/resizeoftrp.jpg )
Yep, that's also the case in western Europa. AFAIK, nobody uses twisted pair for analog telephone wiring.
Yes, but when you group about 50 pairs in a single cable, pairs are twisted. Twisted and grouped by fours or eights with a strand of colour silk. Or similar combination. The twist on the pairs can be different for each pair (how many turns per meter).
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
The old 2-wire telephone is both thinner and cheaper than Cat5.
There are two kinds: internal (to the house) pair, and external. The old internal was a thin parallel wire. The new internal pair is two wires twisted in a loose sleve, similar to cat5, but thinner. The old external pair had a third iron or steel wire for strength, it could hang for itself from poles. The current variant instead has a thick plastic cover. I have seen a variant with a copper braid, like coaxials. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
The old 2-wire telephone is both thinner and cheaper than Cat5.
There are two kinds: internal (to the house) pair, and external. The old internal was a thin parallel wire. The new internal pair is two wires twisted in a loose sleve, similar to cat5, but thinner.
Not around here. The usual kind that is used in housing is a plain 4-wire, no twists, but shielded. http://www.teleprofi-shop.de/out/pictures/0/ekk12600028.pdf
The old external pair had a third iron or steel wire for strength, it could hang for itself from poles. The current variant instead has a thick plastic cover. I have seen a variant with a copper braid, like coaxials.
We don't have many of those left, only in places that are genuinely difficult to get to. Ten years ago, our house also had an overhead telephone line, but when I ordered some more lines for the office I was setting up, the overhead line was taken down and dug in instead. -- Per Jessen, Zürich (15.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 23:42:46 Per Jessen wrote:
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
It exists and currently advertised: ADSL over telephone is advertised by telephone company (a monopoly) and ADSL combined with cable television is advertised by another provider. This is an article from 2007: http://www.rosinvest.com/news/357112 It says ADSL had about 27% of the market share just one year ago but loose 10% of the market just in one year since because of backwards technology to the Ethernet providers. I think now they lost even more. It says the ADSL peaked in 2005 with 38% of all connections. It also says that in 2005 ADSL prices were 2 times lower than that of home networks (ethernet) but since then the prices became equal because starting from 2006 already existing home networks regained their positions by lowering prices. I also think that in other cities ADSL never had such share. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 23:42:46 Per Jessen wrote:
Carlos E. R. wrote:
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
This is a chart showing market shares in 2006: http://www.3dnews.ru/_imgdata/img/2006/11/30/34333.png -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-15 at 01:37 +0400, Ilya Chernykh wrote:
On Tuesday 14 September 2010 23:42:46 Per Jessen wrote:
Carlos E. R. wrote:
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
This is a chart showing market shares in 2006:
Impressive charts, however i presume that two-third share of ethernet is only achieved in densely populated cities. How about the more rural area's? Still 1200 bps modems? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 15 September 2010 01:57:03 Hans Witvliet wrote:
Impressive charts, however i presume that two-third share of ethernet is only achieved in densely populated cities.
How about the more rural area's? Still 1200 bps modems?
This is a chart for the cerntral region, from 2006: http://www.compress.ru/Archive/CP/2006/1/2/Graphic1.jpg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 23:42:46 Per Jessen wrote:
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
Another chart from 2006, comparing shares of home networks, ADSL and dialup: http://www.mediaplan.ru/img/news/news75.jpg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 23:42:46 Per Jessen wrote:
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
This is a chart for Yekaterinburg (2008): http://www.mobekat.ru/user_files/image/2008/11/21-11-2009-02.jpg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 September 2010 23:42:46 Per Jessen wrote:
ADSL over telephone line is not better in any way than other exotic solutions on the market like ADSL over mains power outlets.
No, it's only a matter of providing the access and the bandwidth in the most economical fashion.
Exactly. It appears that in Russia it is not economical, but in Western Europe it is.
Which is why I keep saying I'm not getting the whole picture. I still haven't figured out why it doesn't pay to re-use the existing infrastructure. There are really two possible answers - 1) it doesn't exist or 2) it's not good enough. Or maybe there is no market if the majority is ethernet connected to Internet3.
Chart from 2004, Moscow: http://img.nag.ru/images/16708/001.gif This shows that Ehernet networks emerged before ADSL -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 00:58:01 Carlos E. R. wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
Can you please tell me why do you think ADSL is better than Ethernet? Why one should choose ADSL? - ADSL requires installing of much of additional equipment on the abonent side - It requires modification of telephone stations - It has lower data rates - It it asymmetric - It has greather latency - There is no LAN for ADSL users so they have to pay for Internet in order to connect to each other. The last reason was I think the man cause why ADSL was not adopted here. When Internet was too expensive, people used cost-free LANs to play games, exchange files etc and connected to Internet only rarely so their bills were moderate. Early Internet providers also attracted people with wide LANs with much of shared resources, chats, forums, PtP services, Counter-Strike and Quake servers, film libraries, so any ADSL providers were in disadvantage as they could provide only (costly) Internet access. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 01:52 +0400, Ilya Chernykh wrote:
On Monday 13 September 2010 00:58:01 Carlos E. R. wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
Can you please tell me why do you think ADSL is better than Ethernet?
A question or better-or-worse has no merit. For Ethernet you must have an Ethernet network (Cat-5 copper, OptEman fiber, etc...). Lacking that - you use something else.
Why one should choose ADSL?
*IF* one has the choice? Nobody would choose ADSL. Ether hardware and software support is ubiquitous and extremely well tested and known.
- ADSL requires installing of much of additional equipment on the abonent side - It requires modification of telephone stations - It has lower data rates - It it asymmetric - It has greather latency - There is no LAN for ADSL users so they have to pay for Internet in order to connect to each other. The last reason was I think the man cause why ADSL was not adopted here. When Internet was too expensive, people used cost-free LANs to play games, exchange files etc and connected to Internet only rarely so their bills were moderate. Early Internet providers also attracted people with wide LANs with much of shared resources, chats, forums, PtP services, Counter-Strike and Quake servers, film libraries, so any ADSL providers were in disadvantage as they could provide only (costly) Internet access.
I don't know about "costly" (that is a relative term). At scale ADSL networks [obviously] have proven to be cost-effective. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 02:13:29 Adam Tauno Williams wrote:
I don't know about "costly" (that is a relative term). At scale ADSL networks [obviously] have proven to be cost-effective.
For whom? Currently ADSL companies advertise Internet access in my area slightly more expensive than Ethenet providers for the same download speed (and much slower upload speed). Also it is known ADSL speed often much slower than declared unlike Ethernet. If I have (on Ethernet provider) speed slower than in my contract I can call the support and they have to repair the line. This is true for any plan other than "not limited" which speed is limited only by Ethernet bandwidth and in practice is about 80-95% of 100 Mbit/s theoretical limit. But imagine the situation of say 7-8 years ago. Internet was very expensive then. There is a local network provider which allows you to play online games, exchange files, use chat and other services for free. You can befriend a girl in a chat and meet her the same evening because she lives in a neighboring building, you can play games with your schoolmates, once a week there is a meeting of the local LAN called "pointovka" (possibly from FIDO terminology). You need recent Windows? Just download it. You need "The Matrix"? Just download it. For free. At 100 Mbit/s. You can also connect Internet is you need of course... Now compare it with an ADSL provider. If you need something, you have to connect to Internet and both pay high price and wait for ages for any download. Internet was very expensive... Even if ADSL provided more cost efficient connection to Internet (counting $/MByte or $/(Mbit/s)) than Ethernet (this was not the case but imagine), you would have to connect to Internet more frequently and download much more content than with a LAN-based provider, and consequently, pay much more. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
For whom? Currently ADSL companies advertise Internet access in my area slightly more expensive than Ethenet providers for the same download speed (and much slower upload speed). In order to offer ethernet, you have to have cables capable of carrying it. There are a lot of buildings and neighbourhoods that have lots of
Ilya Chernykh wrote: phone cable but no cat5 or fibre. The only way is via ADSL riding on the phone lines or by the cable TV networks. It cost a lot to rewire an area with a new cable type. So, the work around, in the mean time, is ADSL, cable, microwave or satellite. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 03:23:04 James Knott wrote:
For whom? Currently ADSL companies advertise Internet access in my area slightly more expensive than Ethenet providers for the same download speed (and much slower upload speed).
In order to offer ethernet, you have to have cables capable of carrying it. There are a lot of buildings and neighbourhoods that have lots of phone cable but no cat5 or fibre.
What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
The only way is via ADSL riding on the phone lines or by the cable TV networks.
Why do you think cable TV coaxial(or anything) is better than UTP? To have cable TV you also have to make wiring. In this country television is historically by radio shared between flats by coaxial. Even if there were (or are) some cables connecting the buildings to a district TV hub (there were sometime in 90s translations from a district TV studio), it is unevident by whom such cables may be owned and why they should be interested in Internet deal and even if they agree how all customers would share one cable? Only imagine: plain UTP ethernet cable has bandwidth 10-100 times greater than any old wiring that could exist, even without optics and cat5 cables. If you want to provide modern cable TV with Internet, you still have to provide optics to any building, so no difference from ethernet.
It cost a lot to rewire an area with a new cable type.
Which area do you mean? One building? Or a wider area?
So, the work around, in the mean time, is ADSL, cable, microwave or satellite.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 03:48 +0400, Ilya Chernykh wrote:
On Monday 13 September 2010 03:23:04 James Knott wrote:
For whom? Currently ADSL companies advertise Internet access in my area slightly more expensive than Ethenet providers for the same download speed (and much slower upload speed). In order to offer ethernet, you have to have cables capable of carrying it. There are a lot of buildings and neighbourhoods that have lots of phone cable but no cat5 or fibre. What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
You are repeatedly missing a *very* important point - you are talking *about where YOU are*. Ethernet cabling in existing facilities is extremely rare. There is a *HUGE* cost in just labor and materials to deploying such a network. Obviously where you are _somehow_ those organizations are defraying that cost [subsidies, tax breaks, grants, etc...]. I have some experience with issues regarding transportation, and network infrastructure suffers from one of the same major issues: *RIGHT-OF-WAY* If you want to put a wire on a pole, under a road, under a rail line, etc... you have to have RIGHT-OF-WAY from whatever authority controls that impediment. That means you need *LAWYERS* to build your network. Which may end up costing more than the physical infrastructure.
The only way is via ADSL riding on the phone lines or by the cable TV networks. Why do you think cable TV coaxial(or anything) is better than UTP?
Nobody is saying it is. But it _is_ there, pretty universally. Cat-5 and fiber are nowhere near universal.
To have cable TV you also have to make wiring.
But the wire was installed 20 years ago. Cat-5 didn't exist.
In this country television is historically by radio shared between flats by coaxial. Even if there were (or are) some cables connecting the buildings to a district TV hub (there were sometime in 90s translations from a district TV studio), it is unevident by whom such cables may be owned and why they should be interested in Internet deal and even if they agree how all customers would share one cable?
They are interesting for providing Internet because they are already there. There are no RIGHT-OF-WAY issues. I just replace what is on both ends of the wire and BAM - I have a network.
Only imagine: plain UTP ethernet cable has bandwidth 10-100 times greater than any old wiring that could exist, even without optics and cat5 cables. If you want to provide modern cable TV with Internet, you still have to provide optics to any building, so no difference from ethernet.
No, you can provide a large amount of service on existing cable with a negligible installation cost; you just replace what is on both ends of the wire.
It cost a lot to rewire an area with a new cable type. Which area do you mean? One building? Or a wider area?
City blocks, neighborhoods, industrial parks, etc... where you have to cross roads, rail lines, rivers, and all manner of impediments you don't own.
So, the work around, in the mean time, is ADSL, cable, microwave or satellite.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
On Mon, 2010-09-13 at 03:48 +0400, Ilya Chernykh wrote:
For whom? Currently ADSL companies advertise Internet access in my area slightly more expensive than Ethenet providers for the same download speed (and much slower upload speed). In order to offer ethernet, you have to have cables capable of carrying it. There are a lot of buildings and neighbourhoods that have lots of phone cable but no cat5 or fibre. What's the problem with stretching such cables? Currently at least 3
On Monday 13 September 2010 03:23:04 James Knott wrote: providers have their separate ethernet networks in my building.
You are repeatedly missing a *very* important point - you are talking *about where YOU are*. Ethernet cabling in existing facilities is extremely rare.
There is a *HUGE* cost in just labor and materials to deploying such a network. Obviously where you are _somehow_ those organizations are defraying that cost [subsidies, tax breaks, grants, etc...].
Even if ethernet cabling were already available in every building in my Gemeinde, the uplink connections would still be incredibly expensive. xDSL would easily win. -- Per Jessen, Zürich (13.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
Cost. In an existing building you have to run cables in conduits that barely have room for phone cables or run new conduits on the outside of the buildings. Laying new cables around town is also expensive.
Why do you think cable TV coaxial(or anything) is better than UTP? To have cable TV you also have to make wiring. UTP has a maximum usable distance of 100M. This means you'll need lots of repeaters for lots of cables to deliver ethernet. Cable TV plant has been around for many years and the technology used works better over the greater distances.
Only imagine: plain UTP ethernet cable has bandwidth 10-100 times greater than any old wiring that could exist, even without optics and cat5 cables.
I think you have that reversed. Cable TV plant handles much greater bandwidth than UTP and does it over much greater distances. On my shelf beside me there's a cable modem that is capable of up to 30 MB/s. Many of my neighbours have similar. These are all supplied by the same cable that's also carrying hundreds of digital TV channels, including several HD. It still carries analog TV too. All this on one single cable serving over 300 homes. A UTP cable couldn't even reach the street from my condo and still provide usable ethernet.
Which area do you mean? One building? Or a wider area?
Both. Either a building or a neighbourhood. Retrofitting cable into a multi-unit building is a big, expensive job. Laying new cable down the street is also expensive. Cables like that are amortized over decades. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 04:20, James Knott wrote:
Ilya Chernykh wrote:
What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
Cost. In an existing building you have to run cables in conduits that barely have room for phone cables or run new conduits on the outside of the buildings. Laying new cables around town is also expensive.
It depends on what permissions you have. No space inside? Put it up the front outside wall, all the way up. One drop per level, just to the living room window. You just need a chap hanging down in ropes from the top, making holes in the wall, and another one helping. Two people. You just need permission from the owners. No kidding, that's how they do it here (Spain). Newer buildings have to have conduits in place from the start for several providers, by law. Very easy to wire up. The street is way more expensive, you have to put pipes under the pavement, and cover it with concrete. Get permission from the authorities, put the street out of service for a week or a month. Costs in the hundred thousands euros per kilometer. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
On 2010-09-13 04:20, James Knott wrote:
Ilya Chernykh wrote:
What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
Cost. In an existing building you have to run cables in conduits that barely have room for phone cables or run new conduits on the outside of the buildings. Laying new cables around town is also expensive.
It depends on what permissions you have. No space inside? Put it up the front outside wall, all the way up. One drop per level, just to the living room window. You just need a chap hanging down in ropes from the top, making holes in the wall, and another one helping. Two people. You just need permission from the owners.
No kidding, that's how they do it here (Spain).
I had the feeling someone was going to point that out :-)
The street is way more expensive, you have to put pipes under the pavement, and cover it with concrete. Get permission from the authorities, put the street out of service for a week or a month. Costs in the hundred thousands euros per kilometer.
Yep. -- Per Jessen, Zürich (13.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 06:40:05 Carlos E. R. wrote:
The street is way more expensive, you have to put pipes under the pavement, and cover it with concrete. Get permission from the authorities, put the street out of service for a week or a month.
Oh no, never seen anybody closed a street for a month especially to lay an Internet cable. :-) They usually either use existing collectors or stretch the cables over air from one building to another, which is even cheaper.
Costs in the hundred thousands euros per kilometer.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
They usually either use existing collectors or stretch the cables over air from one building to another, which is even cheaper.
Have fun getting competitors to allow you to run cables in their conduits. Also, in many areas of the world, overhead cables are not used. Everything is underground. You seem to be passing off what some neighbours have done (perhaps out of necessity) as the proper way to run a communications network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 16:24:25 James Knott wrote:
Ilya Chernykh wrote:
They usually either use existing collectors or stretch the cables over air from one building to another, which is even cheaper.
Have fun getting competitors to allow you to run cables in their conduits.
The collectors are state-owned of course.
Also, in many areas of the world, overhead cables are not used. Everything is underground.
You seem to be passing off what some neighbours have done (perhaps out of necessity) as the proper way to run a communications network.
First it was some people, now it's large providers. What they can do better? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 10:56, Ilya Chernykh wrote:
On Monday 13 September 2010 06:40:05 Carlos E. R. wrote:
The street is way more expensive, you have to put pipes under the pavement, and cover it with concrete. Get permission from the authorities, put the street out of service for a week or a month.
Oh no, never seen anybody closed a street for a month especially to lay an Internet cable. :-)
I have. Several times :-) First they dig up the street. The start placing the tubes. Then they discover they can not cross certain place, because there is a water pipe, or gas, or "something" that nobody knows what it is. So they have to wait. That's just a possible scenario of many. Or just after they close the hole, somebody finds out that it would be a good time to put gas piping, so they open the street up again. Or repair the sewage. Or worse, the machinery breaks something from some other company: the water piping breaks, because it is half a century old. The water gets with force inside the new telco piping and gets to the hole in the pavement where the equipment is and ruins it all, putting the district out of service. Or the digging machinery breaks the entire fiber optic loop from the competing company and puts an entire city out of telephone service... Just dream away, it has already happened somewhere. >:-P
They usually either use existing collectors
For that they need permission from the owner of those conduits, who is going to charge. Perhaps a lot. Here.
or stretch the cables over air from one building to another, which is even cheaper.
And forbidden here. People could do it on their own, till somebody complains and the police investigates. A business can not do it, they risk hefty fines. What you describe that happens in your city is very peculiar, very different from what happens on many other places. For you it is the obvious thing to do, it is familiar, but not for us. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Tuesday 14 September 2010 00:22:24 Carlos E. R. wrote:
For that they need permission from the owner of those conduits, who is going to charge. Perhaps a lot. Here.
The owner is the state or the city here. Of course they need an official permission to lay the cable, but they cannot be just rejected: to reject an official should have a reason, i.e. if the cable breaks something or contrary to a standard.
or stretch the cables over air from one building to another, which is even cheaper.
And forbidden here.
People could do it on their own, till somebody complains and the police investigates. A business can not do it, they risk hefty fines.
What you describe that happens in your city is very peculiar, very different from what happens on many other places. For you it is the obvious thing to do, it is familiar, but not for us.
It is not only in my city to be fair. It is even not only in my country. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 22:56, Ilya Chernykh wrote:
On Tuesday 14 September 2010 00:22:24 Carlos E. R. wrote:
It is not only in my city to be fair. It is even not only in my country.
Ok, but very peculiar :-) Let me guess, when you meet a neighbour on the elevator, you salute and exchange pleasantries? :-) Here, in flats, we ignore one another. Privacy or whatever. Frequently people do not know the person living above or below, or even in the same level. It would be very rare that we would coordinate and create a building LAN. In fact, I did think, sometime in the late 90's, that a LAN in the building would be interesting, sharing one internet connection somehow. I had no idea about switches and routers anyway, and I knew that it would be impossible task to coordinate and make all the neighbours to even agree to allow installation of the cable. Reminds me... when I wanted to play computer games with my room-mate, I set up a long RS232 cable across our rooms. The idea of "ethernet" never occurred to us - and anyway, none of our computers had a card. I'm very sure mine didn't, at least. The other chap had a better machine. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Tuesday 14 September 2010 02:51:01 Carlos E. R. wrote:
On 2010-09-13 22:56, Ilya Chernykh wrote:
On Tuesday 14 September 2010 00:22:24 Carlos E. R. wrote:
It is not only in my city to be fair. It is even not only in my country.
Ok, but very peculiar :-)
Let me guess, when you meet a neighbour on the elevator, you salute and exchange pleasantries? :-)
If I meet the neighbor who lives next to my flat, yes. Others from my house - no.
Here, in flats, we ignore one another. Privacy or whatever. Frequently people do not know the person living above or below, or even in the same level. It would be very rare that we would coordinate and create a building LAN.
Well I know only those with whom I had some contact.
In fact, I did think, sometime in the late 90's, that a LAN in the building would be interesting, sharing one internet connection somehow. I had no idea about switches and routers anyway, and I knew that it would be impossible task to coordinate and make all the neighbours to even agree to allow installation of the cable. Reminds me... when I wanted to play computer games with my room-mate, I set up a long RS232 cable across our rooms. The idea of "ethernet" never occurred to us - and anyway, none of our computers had a card. I'm very sure mine didn't, at least. The other chap had a better machine.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 06:20:08 James Knott wrote:
Ilya Chernykh wrote:
What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
Cost. In an existing building you have to run cables in conduits that barely have room for phone cables
Oh they have, in fact my provider used the existing tube which is used for electricity, phone and anything else. It is a large thick tube connecting all floors. On the other hand, other providers made separate tubes and drilled holes for them in each floor/ceiling. I do not think it was too expensive. Just have a drill, plastic tube and a cable.
or run new conduits on the outside of the buildings. Laying new cables around town is also expensive.
Why do you think cable TV coaxial(or anything) is better than UTP? To have cable TV you also have to make wiring.
UTP has a maximum usable distance of 100M. This means you'll need lots of repeaters for lots of cables to deliver ethernet.
Yes but you connect not just one building but lots of them.
Cable TV plant has been around for many years and the technology used works better over the greater distances.
How can one provide Internet to a building over one coax (even if it exist?) I even do not know if there is any cable television here. I have only ether channels, although they expanded the number greatly last year (which may indicate they layed cable TV cable). There is also a commercial cable TV provider here who is notorious for advertising by telephone calls, they have a separate net and advertise cable TV and Internet, but they for sure layed their network themselves from start. Overall I had telephone spam advertising calls from at least 6 or 7 broadband providers who all claimed they connected my house. Some of them called 5-6 times or more even if I said I am not interested.
Only imagine: plain UTP ethernet cable has bandwidth 10-100 times greater than any old wiring that could exist, even without optics and cat5 cables.
I think you have that reversed. Cable TV plant handles much greater bandwidth than UTP and does it over much greater distances. On my shelf beside me there's a cable modem that is capable of up to 30 MB/s. Many of my neighbours have similar. These are all supplied by the same cable that's also carrying hundreds of digital TV channels, including several HD. It still carries analog TV too. All this on one single cable serving over 300 homes.
So the cable is probably modern, no difference from Ethernet then - you still have to lay a ney cable. Or we are speaking about a 30-year old cable?
A UTP cable couldn't even reach the street from my condo and still provide usable ethernet.
Which area do you mean? One building? Or a wider area?
Both. Either a building or a neighbourhood. Retrofitting cable into a multi-unit building is a big, expensive job.
I think it is very very cheap.
Laying new cable down the street is also expensive. Cables like that are amortized over decades.
This may be but only for mainline cables. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
How can one provide Internet to a building over one coax (even if it exist?)
A coaxial cable has a _lot_ of bandwidth.
Both. Either a building or a neighbourhood. Retrofitting cable into a multi-unit building is a big, expensive job.
I think it is very very cheap.
I can assure you it is not. My mum lives on the 4th floor in an apartment building - last year, they had ethernet wired into every apartment (2 per floor, seven floors, eight such units per building, probably 10 buildings. New cable ducts, lots of holes to be drilled (through 15-20cm concrete), 80 local switches, power supply, racks with locks. I think it took two or three months. I don't know the exact cost, but the word cheap does not come into it. -- Per Jessen, Zürich (14.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 13:12:36 Per Jessen wrote:
How can one provide Internet to a building over one coax (even if it exist?)
A coaxial cable has a _lot_ of bandwidth.
Then they would rather use coax for Ethernet than Cat-5 UTP. :-)
Both. Either a building or a neighbourhood. Retrofitting cable into a multi-unit building is a big, expensive job.
I think it is very very cheap.
I can assure you it is not. My mum lives on the 4th floor in an apartment building - last year, they had ethernet wired into every apartment (2 per floor, seven floors, eight such units per building, probably 10 buildings. New cable ducts, lots of holes to be drilled (through 15-20cm concrete), 80 local switches, power supply, racks with locks. I think it took two or three months. I don't know the exact cost, but the word cheap does not come into it.
The other provider (not mine) wired my building (12 floors) in only one day. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
Both. Either a building or a neighbourhood. Retrofitting cable into a multi-unit building is a big, expensive job.
I think it is very very cheap.
I can assure you it is not. My mum lives on the 4th floor in an apartment building - last year, they had ethernet wired into every apartment (2 per floor, seven floors, eight such units per building, probably 10 buildings. New cable ducts, lots of holes to be drilled (through 15-20cm concrete), 80 local switches, power supply, racks with locks. I think it took two or three months. I don't know the exact cost, but the word cheap does not come into it.
The other provider (not mine) wired my building (12 floors) in only one day.
I don't think I want to know to what it looks like. -- Per Jessen, Zürich (15.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 14:10:57 Per Jessen wrote:
I don't think I want to know to what it looks like.
It looks like two plastic tubes from floor to floor (one in each wing). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 12:10 +0200, Per Jessen wrote:
Ilya Chernykh wrote:
Both. Either a building or a neighbourhood. Retrofitting cable into a multi-unit building is a big, expensive job. I think it is very very cheap. I can assure you it is not. My mum lives on the 4th floor in an apartment building - last year, they had ethernet wired into every apartment (2 per floor, seven floors, eight such units per building, probably 10 buildings. New cable ducts, lots of holes to be drilled (through 15-20cm concrete), 80 local switches, power supply, racks with locks. I think it took two or three months. I don't know the exact cost, but the word cheap does not come into it. The other provider (not mine) wired my building (12 floors) in only one day. I don't think I want to know to what it looks like.
Heh. I say *crap*. If the provider says they wired a 12 floor building in one day - they are lying. That statement reeks of maximal bogosity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
The other provider (not mine) wired my building (12 floors) in only one day.
Having worked in the telecom industry for many years, I find that highly unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 08:41 -0400, James Knott wrote:
Ilya Chernykh wrote:
The other provider (not mine) wired my building (12 floors) in only one day.
Having worked in the telecom industry for many years, I find that highly unlikely.
What did they define by "wired my building" ? Putting a router on each floor of the elevator shaft? do-able ... Wiring each apartment? No way! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 23:34:10 Hans Witvliet wrote:
On Mon, 2010-09-13 at 08:41 -0400, James Knott wrote:
Ilya Chernykh wrote:
The other provider (not mine) wired my building (12 floors) in only one day.
Having worked in the telecom industry for many years, I find that highly unlikely.
What did they define by "wired my building" ? Putting a router on each floor of the elevator shaft? do-able ...
No need for router on any floor, just one for a building.
Wiring each apartment? No way!
Wiring the flats do flat owners. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
Oh they have, in fact my provider used the existing tube which is used for electricity, phone and anything else.
In many areas, that would be illegal. Power and copper signal cables must be separate for safety reasons. No problem with fibre though. Also, it's often very difficult to run new cables into a conduit that already has cables. With phone cables in an apartment building etc., you'll find multi-pair cables running vertically in conduits, from floor to floor, appearing in a utility box in the wall, where individual pairs can be connected to. A 25 pair cable is about as big as your finger, and 50 pair a bit bigger than your thumb. There's no way you're going to get 25 or 50 ethernet cables in anywhere near the same space.
UTP has a maximum usable distance of 100M. This means you'll need lots
of repeaters for lots of cables to deliver ethernet. Yes but you connect not just one building but lots of them.
Are you suggesting they have repeaters in every building? Even so, you're still limited to 100M between bridges or switches. Carriers in Canada are gradually installing "fibre to curb", which brings fibre into the local neighbourhood. But they are most certainly not running cat5 or cat6 building to building to cover the distance from the central office. As I mentioned in another note, my building is over 100M from the road and the utility room is even further back, at the opposite end from the road. Ethernet over UTP simply won't go that far.
How can one provide Internet to a building over one coax (even if it exist?) I even do not know if there is any cable television here. I have only ether channels, although they expanded the number greatly last year (which may indicate they layed cable TV cable). There is also a commercial cable TV provider here who is notorious for advertising by telephone calls, they have a separate net and advertise cable TV and Internet, but they for sure layed their network themselves from start.
Internet over the cable TV network has been common in Canada and elsewhere for many years. I first connected to it about 11-12 years ago. Here's a link to some info on the technology used: http://en.wikipedia.org/wiki/Docsis For many years, the cable networks here have been capable of carrying data in both directions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 16:20:20 James Knott wrote:
Oh they have, in fact my provider used the existing tube which is used for electricity, phone and anything else.
In many areas, that would be illegal. Power and copper signal cables must be separate for safety reasons.
That tube is used for telephone, TV antenna cable and and cable radio from the Soviet times.
No problem with fibre though. Also, it's often very difficult to run new cables into a conduit that already has cables.
It has about 5-6 cm in diameter and bricked up in the wall, connects utility boxes on each floor.
With phone cables in an apartment building etc., you'll find multi-pair cables running vertically in conduits, from floor to floor, appearing in a utility box in the wall, where individual pairs can be connected to. A 25 pair cable is about as big as your finger, and 50 pair a bit bigger than your thumb. There's no way you're going to get 25 or 50 ethernet cables in anywhere near the same space.
There is no need for 50 cables, just for those users who are interested, maybe, 10 in one entrance (which has two utility columns, so just 5 on each column).
UTP has a maximum usable distance of 100M. This means you'll need lots
of repeaters for lots of cables to deliver ethernet.
Yes but you connect not just one building but lots of them.
Are you suggesting they have repeaters in every building? Even so, you're still limited to 100M between bridges or switches.
Certainly they have hubs/switches in each building.
Carriers in Canada are gradually installing "fibre to curb", which brings fibre into the local neighbourhood. But they are most certainly not running cat5 or cat6 building to building to cover the distance from the central office. As I mentioned in another note, my building is over 100M from the road and the utility room is even further back, at the opposite end from the road. Ethernet over UTP simply won't go that far.
I think my provider also uses optics to connect buildings but this does not mean that the optic was here from the very beginning.
How can one provide Internet to a building over one coax (even if it exist?) I even do not know if there is any cable television here. I have only ether channels, although they expanded the number greatly last year (which may indicate they layed cable TV cable). There is also a commercial cable TV provider here who is notorious for advertising by telephone calls, they have a separate net and advertise cable TV and Internet, but they for sure layed their network themselves from start.
Internet over the cable TV network has been common in Canada and elsewhere for many years. I first connected to it about 11-12 years ago. Here's a link to some info on the technology used: http://en.wikipedia.org/wiki/Docsis
For many years, the cable networks here have been capable of carrying data in both directions.
Not here as there was no cable TV here historically. Each building has its own antenna and receives radio signal. It then distributed between the flats. In the mid-90s there was an experiment with the cable TV: the district had its own TV station which was connected to the usual antennas. But it was only one 'district channel' and it was closed soon. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
With phone cables in an apartment building etc., you'll find multi-pair cables running vertically in conduits, from floor to floor, appearing in a utility box in the wall, where individual pairs can be connected to. A 25 pair cable is about as big as your finger, and 50 pair a bit bigger than your thumb. There's no way you're going to get 25 or 50 ethernet cables in anywhere near the same space.
There is no need for 50 cables, just for those users who are interested, maybe, 10 in one entrance (which has two utility columns, so just 5 on each column).
Um, I thought we were previously talking about entire buildings, where all or virtual all apartments had ethernet? That's what it sounded like to me. -- Per Jessen, Zürich (16.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 17:24:35 Per Jessen wrote:
With phone cables in an apartment building etc., you'll find multi-pair cables running vertically in conduits, from floor to floor, appearing in a utility box in the wall, where individual pairs can be connected to. A 25 pair cable is about as big as your finger, and 50 pair a bit bigger than your thumb. There's no way you're going to get 25 or 50 ethernet cables in anywhere near the same space.
There is no need for 50 cables, just for those users who are interested, maybe, 10 in one entrance (which has two utility columns, so just 5 on each column).
Um, I thought we were previously talking about entire buildings, where all or virtual all apartments had ethernet? That's what it sounded like to me.
Yes, anybody who wants can have Ethernet in just a day. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
There is no need for 50 cables, just for those users who are interested, maybe, 10 in one entrance (which has two utility columns, so just 5 on each column).
When cabling a building for a new service, you're not going to do it for just some. It'll be an all or none situation. Otherwise, if one person moves out and someone else moves in, then they''ll have to run a new cable just for that new person. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 10:52, Ilya Chernykh wrote:
Overall I had telephone spam advertising calls from at least 6 or 7 broadband providers who all claimed they connected my house. Some of them called 5-6 times or more even if I said I am not interested.
Me too! I wish I could hook some programmable machine to the phone line to start rejecting calls. I have though of using a modem and a small computer. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
I wish I could hook some programmable machine to the phone line to start rejecting calls. I have though of using a modem and a small computer.
If you have call forwarding, I supposed you could always send them to one of those bible thumper lines. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On 2010-09-13 10:52, Ilya Chernykh wrote:
Overall I had telephone spam advertising calls from at least 6 or 7 broadband providers who all claimed they connected my house. Some of them called 5-6 times or more even if I said I am not interested.
Me too!
I wish I could hook some programmable machine to the phone line to start rejecting calls.
asterisk? might be overkill :-) -- Per Jessen, Zürich (10.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 08:10, Per Jessen wrote:
Carlos E. R. wrote:
On 2010-09-13 10:52, Ilya Chernykh wrote:
Overall I had telephone spam advertising calls from at least 6 or 7 broadband providers who all claimed they connected my house. Some of them called 5-6 times or more even if I said I am not interested.
Me too!
I wish I could hook some programmable machine to the phone line to start rejecting calls.
asterisk? might be overkill :-)
Indeed :-) If I could get hold of a cheap embedded machine with serial port and a fax-modem voice capable, I could get it done. Hylafax log displays the CLI number, I could use that or just watch the modem with minicom and some code. If the number is on a list, activate answer machine (on computer) to replay a message that the call is not accepted, and hang. It is a project for hobby time :-) Even if I do not know all their numbers, I can restrict calls on some hours (siesta time) to only friends and family. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
Per Jessen wrote:
Carlos E. R. wrote:
On 2010-09-13 10:52, Ilya Chernykh wrote:
Overall I had telephone spam advertising calls from at least 6 or 7 broadband providers who all claimed they connected my house. Some of them called 5-6 times or more even if I said I am not interested.
Me too!
I wish I could hook some programmable machine to the phone line to start rejecting calls.
asterisk? might be overkill :-)
You can play SIT tones on the line to make the equipment most of those spammers use think your number is disconnected. Here's a link to some that are used in North America. I have no idea how well they'd work elsewhere. http://en.wikipedia.org/wiki/SIT_tone. After playing a tone, you can click on "More" to download. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-09-14 14:29, James Knott wrote:
Per Jessen wrote:
Carlos E. R. wrote:
asterisk? might be overkill :-)
You can play SIT tones on the line to make the equipment most of those spammers use think your number is disconnected. Here's a link to some that are used in North America. I have no idea how well they'd work elsewhere. http://en.wikipedia.org/wiki/SIT_tone. After playing a tone, you can click on "More" to download.
What a good idea! X'-) - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Elessar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyPxhwACgkQU92UU+smfQVvCwCffZ7yQLKOJFTsiMGzm1aGHce7 TqcAoIZpP0cBpsHrxcG47gKQglTRB8hW =yfQD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 03:23:04 James Knott wrote:
For whom? Currently ADSL companies advertise Internet access in my area slightly more expensive than Ethenet providers for the same download speed (and much slower upload speed).
In order to offer ethernet, you have to have cables capable of carrying it. There are a lot of buildings and neighbourhoods that have lots of phone cable but no cat5 or fibre.
What's the problem with stretching such cables? Currently at least 3 providers have their separate ethernet networks in my building.
There's no problem as such, it's only a matter of cost. Older buildings will typically not have room for a thick ethernet cable per apartment in the cable ducts, so new ducts are required. Because of the length limitation, you need ethernet switches in each building, one port per apartment. To inter-connect buildings, you'll need to dig the cables in, that's expensive and disruptive. To connect to the internet, you need an uplink. All very expensive. -- Per Jessen, Zürich (13.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 01:48, Ilya Chernykh wrote:
Why do you think cable TV coaxial(or anything) is better than UTP? To have cable TV you also have to make wiring.
Coaxial is more capable than twisted pair. But quite more expensive, too. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 9/13/2010 4:29 PM, Carlos E. R. wrote:
On 2010-09-13 01:48, Ilya Chernykh wrote:
Why do you think cable TV coaxial(or anything) is better than UTP? To have cable TV you also have to make wiring. Coaxial is more capable than twisted pair. But quite more expensive, too.
Actually, no. Coax is much easier to build as a true constant-impedance line, but it has higher loss, especially at higher frequencies, which is the true limiting characteristic. If you can build a twisted pair to a very high standard of consistency, it will give greater ultimate range due to the lower signal loss. Coax needs less signal conditioning over shorter distances, and less complex conditioning over any distance because it's normally better controlled (that's why short instrumentation cables like oscillosope probes are almost always coax), but twisted pair gives greater range and acceptable signal fidelity once you've done the signal conditioning. That's also why the ancient Ethernet cables were coax, but limited essentially to 10Mbps and short distances, and we had to go to twisted pair (cat-5, cat-5E, cat-6) to get higher bandwidth and signal fidelity over longer distances. Manufacturers are building Ethernet cables much more carefully than they do short-range, low-frequency twisted pair, and for longer distances the transceivers are more complex to compensate for the poorer signal fidelity,. Those cable systems that still use coax have frequent repeaters with frequency-dependent loss compensation. Pedantic John Perry :-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Coax is much easier to build as a true constant-impedance line, but it has higher loss, especially at higher frequencies, which is the true limiting characteristic. If you can build a twisted pair to a very high standard of consistency, it will give greater ultimate range due to the lower signal loss. Actually, it's not quite that simple. Loss depends on physical dimensions and the dielectric constant of the insulator. However,
John Perry wrote: properly constructed coax generally has better shielding than Unshielded Twisted Pair (UTP).
That's also why the ancient Ethernet cables were coax, but limited essentially to 10Mbps and short distances, and we had to go to twisted pair (cat-5, cat-5E, cat-6) to get higher bandwidth and signal fidelity over longer distances. Manufacturers are building Ethernet cables much more carefully than they do short-range, low-frequency twisted pair, and for longer distances the transceivers are more complex to compensate for the poorer signal fidelity,.
It was cost that drove the switch to twisted pair. The cable, connectors etc. are much cheaper for twisted pair. Also, twisted pair, even at 10 Mb, didn't reach as far as even 10base2. 10base5 could reach even further. 10baseT (twisted pair) is rated for about 100M, 10base2 (RG58 coax) goes 200M and 10base5 (RG8) could reach about 500M. 10baseT had the further advantage that it could be used over the existing CAT 3 telephone cables that were commonly installed. Of course, fibre can go much further. I have used it to run Ethernet between two buildings that were a few kilometres apart. http://en.wikipedia.org/wiki/10BASE-T http://en.wikipedia.org/wiki/10BASE2 http://en.wikipedia.org/wiki/10base5 Another factor that limited network distance in 10base5, 10base2 and hub connected 10baseT was the size of the collision domain. Originally, Ethernet used collision detection to arbitrate network access. In order to do this, there was a maximum permitted length, so that a collision could be detected within the first 64 bytes of the frame. At 10 Mb/s that time is 51.2 uS, which, after allowing for the speed of the signal in a cable, works out to about 5 KM (10 KM round trip), which is much greater than any permitted cable & repeater configuration. With switches and full duplex communications, there are no longer any collisions, so distances are no longer a concern. With copper you're still limited to 100M, but with fibre, microwave or other, you can now go essentially unlimited distances, limited only by what the hardware can do. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/14/2010 10:25 AM:
Actually, it's not quite that simple. Loss depends on physical dimensions and the dielectric constant of the insulator. However, properly constructed coax generally has better shielding than Unshielded Twisted Pair (UTP).
Which is significant in buildings that have other electrical devices (motors, fluorescent lights, microwave ovens, etc) around. To say nothing of what might be encountered in the great outdoors: electrical motors, automotive spark plugs, commercial lighting, storms, sunspots ...) -- Life is like an analogy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/14/2010 10:25 AM, James Knott wrote:
Coax is much easier to build as a true constant-impedance line, but it has higher loss, especially at higher frequencies, which is the true limiting characteristic. If you can build a twisted pair to a very high standard of consistency, it will give greater ultimate range due to the lower signal loss. Actually, it's not quite that simple. Loss depends on physical dimensions and the dielectric constant of the insulator. However,
John Perry wrote: properly constructed coax generally has better shielding than Unshielded Twisted Pair (UTP).
And, since there's more dielectric in coax than in TP, there's more loss. And, since copper losses are greater than in TP due to the much smaller center conductor, there's more loss. And shielding has been known since the 1930's (demonstrated by Telco research, actually) to be useful only for near-field electric fields (generally a small part of the interference environment). The main benefit of the coax structure is forming the outer conductor around an easily-controlled internal insulator.
That's also why the ancient Ethernet cables were coax, but limited essentially to 10Mbps and short distances, and we had to go to twisted pair (cat-5, cat-5E, cat-6) to get higher bandwidth and signal fidelity over longer distances. Manufacturers are building Ethernet cables much more carefully than they do short-range, low-frequency twisted pair, and for longer distances the transceivers are more complex to compensate for the poorer signal fidelity,.
It was cost that drove the switch to twisted pair. ... With copper you're still limited to 100M, but with fibre, microwave or other, you can now go essentially unlimited distances, limited only by what the hardware can do.
So it appears I've gone astray trying to extend my instrumentation background where it's not appropriate. :-/ I'll now drop back into the background and continue watching you all argue this interesting topic. I'll have to ask my Russian in-laws if their home town is set up like Ilya's. irrelevant jp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2010-09-14 at 11:52 -0400, John Perry wrote:
And, since there's more dielectric in coax than in TP, there's more loss. And, since copper losses are greater than in TP due to the much smaller center conductor, there's more loss.
The loss at higher frequencies has nothing to do with the amount of copper. Because of the "skin effect" lots of smaller wires will have less attenuation than a thicker solid core. Only when pushing many amps through a wire (as if hf-transmitters) this might be an issue, although even then, isolation of the dielectricum is more of a problem. Pushing 1kw through RG58U gives a nasty smell. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 10:52, John Perry wrote:
On 9/13/2010 4:29 PM, Carlos E. R. wrote:
On 2010-09-13 01:48, Ilya Chernykh wrote:
Why do you think cable TV coaxial(or anything) is better than UTP? To have cable TV you also have to make wiring. Coaxial is more capable than twisted pair. But quite more expensive, too.
Actually, no.
Coax is much easier to build as a true constant-impedance line, but it has higher loss, especially at higher frequencies, which is the true limiting characteristic. If you can build a twisted pair to a very high standard of consistency, it will give greater ultimate range due to the lower signal loss. Coax needs less signal conditioning over shorter distances, and less complex conditioning over any distance because it's normally better controlled (that's why short instrumentation cables like oscillosope probes are almost always coax), but twisted pair gives greater range and acceptable signal fidelity once you've done the signal conditioning.
I thought that the old submarine telephone cables were coaxials with underwater repeaters :-?
That's also why the ancient Ethernet cables were coax, but limited essentially to 10Mbps and short distances, and we had to go to twisted pair (cat-5, cat-5E, cat-6) to get higher bandwidth and signal fidelity over longer distances. Manufacturers are building Ethernet cables much more carefully than they do short-range, low-frequency twisted pair, and for longer distances the transceivers are more complex to compensate for the poorer signal fidelity,.
Those cable systems that still use coax have frequent repeaters with frequency-dependent loss compensation.
Pedantic John Perry
:-)
The first switches I installed were twisted pair for the run to each computer, and coaxial for the run to another switch, which could be far away. Actually, the coax passed a tooling workshop with heavy electric motors. Worked fine, at 10Mbps, which was the speed at that time. I do believe those switches were subject to collisions, too. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 2010-09-12 23:52, Ilya Chernykh wrote:
On Monday 13 September 2010 00:58:01 Carlos E. R. wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
Can you please tell me why do you think ADSL is better than Ethernet? Why one should choose ADSL?
Where did I say that??? :-o
- ADSL requires installing of much of additional equipment on the abonent side - It requires modification of telephone stations - It has lower data rates - It it asymmetric - It has greather latency - There is no LAN for ADSL users so they have to pay for Internet in order to connect to each other.
It is cheaper and faster to install, because the cable (copper pair) is already there. The equipment is placed in the exchange, with lots of space, no need to go to the street and request permissions. It is a method to reuse what is already installed, with profit. Look. In my country (Spain), there was a moment when the government favoured the installation of new telephone companies, phone and cable, starting on the 1st of January of 1998. I remember, I was there, a diminute participant. To facilitate competitivity, the state forced the dominant Telephone company (previous monopoly) to refrain from offering advanced services, like fast adsl, or TV over the copper pair, or fiber to the home, so that the cable companies had time to start up. This restriction has finished, I understand. Well. In my home (not a flat), I have the cable box on the corner of the block, not more than 25 meters from my front door. Never the less, the cable company, when I wanted to hire service from them (TV, Internet, and phone) refused to give service because I was "too far" to lay the cable (year 1999). To this day, I have no option to use cable, a mere 25 meter lay. Several neighbours on the block were told the same, and one I know fought the decision - unsuccessfully. Apparently, as the corner house is a baby school, they need some kind of special permission or insurance. I know the school gave permission. Nevertheless, the cable company said "no". Even with the advantage given by the authorities to the cable companies, they do not give service unless you live on a high rise building, with high rentability. So... Is cable better? Undoubtedly, for the user. But I have no option: Copper pair phone and ADSL, plus satellite dish for digital TV (now we have terrestrial digital TV, free of charge, 20 or 40 channels, so satellite is less of a temptation). The copper pair was already in the house, I asked for adsl, got it immediately. That is probably the situation in western Europe (except that Spain is/was less developed than most of W.Europe). ADSL was faster and cheaper to install. And what I said is that my guess is that perhaps in Russia that was not the case perhaps because the network wasn't fully digitalized. It is an hypothesis, I do not know. I never said nor implied that ADSL is better. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Monday 13 September 2010 04:38:24 Carlos E. R. wrote:
That is probably the situation in western Europe (except that Spain is/was less developed than most of W.Europe). ADSL was faster and cheaper to install. And what I said is that my guess is that perhaps in Russia that was not the case perhaps because the network wasn't fully digitalized. It is an hypothesis, I do not know.
I don't think it matter. ADSL providers are there and always were. The only problem is that with ADSL you get only Internet, but with Ethernet you get also the LAN. Formerly it was very important as Internet was very expensive, but now it is not so. In Russia very little people live in separate houses, most live in blocks so it is easier to connect them to Ethernet. In dachas (summer country houses) there is no telephone usually that's why people usually use wireless (GPRS) to connect Internet. The prevalence of Ethernet is not only Russian specific, it is characteristic of all former-USSR countries, including Ukraine, Belarus, Moldova etc.
I never said nor implied that ADSL is better.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 04:38:24 Carlos E. R. wrote:
That is probably the situation in western Europe (except that Spain is/was less developed than most of W.Europe). ADSL was faster and cheaper to install. And what I said is that my guess is that perhaps in Russia that was not the case perhaps because the network wasn't fully digitalized. It is an hypothesis, I do not know.
I don't think it matter. ADSL providers are there and always were. The only problem is that with ADSL you get only Internet, but with Ethernet you get also the LAN.
Which to most people is probably of zero importance. I have no need to have a local network connection to my neighbour, but with ADSL I can still always ping him. -- Per Jessen, Zürich (14.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 12:54:44 Per Jessen wrote:
That is probably the situation in western Europe (except that Spain is/was less developed than most of W.Europe). ADSL was faster and cheaper to install. And what I said is that my guess is that perhaps in Russia that was not the case perhaps because the network wasn't fully digitalized. It is an hypothesis, I do not know.
I don't think it matter. ADSL providers are there and always were. The only problem is that with ADSL you get only Internet, but with Ethernet you get also the LAN.
Which to most people is probably of zero importance. I have no need to have a local network connection to my neighbour, but with ADSL I can still always ping him.
Today, yes. But some 10 years ago it was very important. Just imagine you need a new version of Windows... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
Today, yes. But some 10 years ago it was very important. Just imagine you need a new version of Windows...
Ummm... I have been using the internet for almost 20 years, going back to dial up days. I have never found it necessary to access my neighbour's network. If I ever find the need to, I'd likely use a VPN (unless they shared their WiFi with me) as I'd expect they'd have a firewall. In the interest of security, you don't leave your network wide open to whoever happens to live near you. The more you talk, the more I get the impression you had to improvise something, because you simply didn't have available things we have taken for granted for many years. In Canada, it's almost impossible to be in a location so remote that you couldn't have phone and internet access, even if only via satellite. In urban, suburban and even rural areas, if you don't have a connection, it's because you chose not to, not because it isn't available in some form. In fact, some people are complaining about others using the internet or phones when they're out camping and want to get away from it all! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 16:40:03 James Knott wrote:
Today, yes. But some 10 years ago it was very important. Just imagine you need a new version of Windows...
Ummm... I have been using the internet for almost 20 years, going back to dial up days. I have never found it necessary to access my neighbour's network. If I ever find the need to, I'd likely use a VPN (unless they shared their WiFi with me) as I'd expect they'd have a firewall. In the interest of security, you don't leave your network wide open to whoever happens to live near you.
This is a local network of a district. It's like Internet but is not accessible from the outside.
The more you talk, the more I get the impression you had to improvise something, because you simply didn't have available things we have taken for granted for many years. In Canada, it's almost impossible to be in a location so remote that you couldn't have phone and internet access, even if only via satellite.
Same here, what's the point? I am talking about late 90s, not now, just re-read the first line.
In urban, suburban and even rural areas, if you don't have a connection, it's because you chose not to, not because it isn't available in some form. In fact, some people are complaining about others using the internet or phones when they're out camping and want to get away from it all!
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
This is a local network of a district. It's like Internet but is not accessible from the outside.
How much do you trust your neighbours? Are you willing to give them access to your personal data? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 18:08:26 James Knott wrote:
This is a local network of a district. It's like Internet but is not accessible from the outside.
How much do you trust your neighbours? Are you willing to give them access to your personal data?
Why personal data? Nobody opens access to personal data. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
Why personal data? Nobody opens access to personal data.
If you put several neighbours on a lan, with no firewall, you may find one of your neighbours has the skill and desire to break into your computer to access your data. They may also be able to intercept your data, as it flies around the neighbourhood network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 18:26:02 James Knott wrote:
Why personal data? Nobody opens access to personal data.
If you put several neighbours on a lan, with no firewall, you may find one of your neighbours has the skill and desire to break into your computer to access your data. They may also be able to intercept your data, as it flies around the neighbourhood network.
The same as with Internet. You can install a firewall on your computer any time, of course. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 00:58:01 Carlos E. R. wrote:
This is completely standard not only for this city but for this country and for neighboring countries also.
Also for single-family houses or mostly in areas with higher concentrations? I'm surprised it was worth the extra investment in the infrastructure, but I guess xDSL wasn't suitable for some reason.
I guess that their phone network is older.
Can you please tell me why do you think ADSL is better than Ethernet? Why one should choose ADSL?
ADSL requires only two wires, Ethernet at least 4, usually in shielded cables with 4 twisted pairs. ADSL deteriorates slowly over distance, but up to at least 3500m is fine. Ethernet is limited to about 100m. ADSL is better suited to the typical user profile which has more downstream than upstream traffic. Most residential places are not wired for ethernet, but have a telephone, so ADSL would not require any extra investment. -- Per Jessen, Zürich (13.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 10:57:40 Per Jessen wrote:
ADSL is better suited to the typical user profile which has more downstream than upstream traffic. Most residential places are not wired for ethernet, but have a telephone, so ADSL would not require any extra investment.
At least they have to install a modem, telephone filters or a separate telephone line (?). I asked about ADSL in the early 2000s and they said only connection cost would be comparable with that of getting a new separate telephone number (about $300-$500). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 10:57:40 Per Jessen wrote:
ADSL is better suited to the typical user profile which has more downstream than upstream traffic. Most residential places are not wired for ethernet, but have a telephone, so ADSL would not require any extra investment.
At least they have to install a modem, telephone filters or a separate telephone line (?).
Yes, you need a modem and a splitter, they can be had for about EUR120. Then you plug them in, and that's it. (more expensive modem are available with Wifi, VoIP and what have you).
I asked about ADSL in the early 2000s and they said only connection cost would be comparable with that of getting a new separate telephone number (about $300-$500).
We got ADSL at home around 2003 I think. Prior to that, Swisscom told it wasn't possible due to the distance to the exchange, but I guess the technology improved. I think the price was about CHF50/month (it still is for the entry-level connection). -- Per Jessen, Zürich (14.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 13:20:42 Per Jessen wrote:
ADSL is better suited to the typical user profile which has more downstream than upstream traffic. Most residential places are not wired for ethernet, but have a telephone, so ADSL would not require any extra investment.
At least they have to install a modem, telephone filters or a separate telephone line (?).
Yes, you need a modem and a splitter, they can be had for about EUR120.
And why pay it if you can connect Ethernet for free and have several months of free Internet in addition? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 13:20:42 Per Jessen wrote:
ADSL is better suited to the typical user profile which has more downstream than upstream traffic. Most residential places are not wired for ethernet, but have a telephone, so ADSL would not require any extra investment.
At least they have to install a modem, telephone filters or a separate telephone line (?).
Yes, you need a modem and a splitter, they can be had for about EUR120.
And why pay it if you can connect Ethernet for free and have several months of free Internet in addition?
Of course, I'd also choose the free 100Mpbs fibre link, but those are not an option. I'm genuinely surprised (uh, envious actually) to hear that internet at ethernet speeds is the most prevalent connection where you live. (even if it's mostly your local Internet3). The only wiring available for bringing internet to me is 4-wire ISDN cabling which gives me 6Mbps with ADSL (we're too far from the exchange to get VDSL). If I want something more, the next option is a permanent 100Mbit fibre connection, which comes with a price tag of CHF3-4000 for the installation (about 20meters of digging) plus about CHF3000 per month. Those who live closer to the exchange get VDSL at 20Mbps at no installation cost and CHF69/month. -- Per Jessen, Zürich (15.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 14:06:04 Per Jessen wrote:
If I want something more, the next option is a permanent 100Mbit fibre connection,
100 Mbit is not a fibre speed. It is a speed of copper twisted pair. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Monday 13 September 2010 14:06:04 Per Jessen wrote:
If I want something more, the next option is a permanent 100Mbit fibre connection,
100 Mbit is not a fibre speed. It is a speed of copper twisted pair.
Well, by far the most economical way to provide 100Mbit speeds over a distance of more than 100m is with fibre. -- Per Jessen, Zürich (15.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
At least they have to install a modem, telephone filters or a separate telephone line (?). I asked about ADSL in the early 2000s and they said only connection cost would be comparable with that of getting a new separate telephone number (about $300-$500).
You have to pay to get a phone number??? I currently have 2 phone numbers (home & cell) and I used to have a 2nd number on my home line (same wires) for fax & computer. I never had to pay up front to get a number, although the 2nd number cost a small amount per month. Around here, you just call the phone company and you soon have service. All you pay is the monthly service fee. If you want ADSL, they send you the modem in the mail and you just plug it in. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 16:29:09 James Knott wrote:
At least they have to install a modem, telephone filters or a separate telephone line (?). I asked about ADSL in the early 2000s and they said only connection cost would be comparable with that of getting a new separate telephone number (about $300-$500).
You have to pay to get a phone number??? I currently have 2 phone numbers (home & cell) and I used to have a 2nd number on my home line (same wires) for fax & computer. I never had to pay up front to get a number, although the 2nd number cost a small amount per month.
Oh yes, it is very expensive here and was historically. People waited years to get a number. Now it is not so important as there is mobile telephony.
Around here, you just call the phone company and you soon have service. All you pay is the monthly service fee. If you want ADSL, they send you the modem in the mail and you just plug it in.
Yes, now it is cheaper to install ADSL and yes, they rent the modem. But if something happens to it, they will fine you. Currently ADSL really can compete with Internet over Ethernet, some ADSL providers even set up their distributed LANs so people can use the services like if they were connected via Ethernet. The difference is small but the advantage is still on the Ethernet side. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-13 11:02, Ilya Chernykh wrote:
On Monday 13 September 2010 10:57:40 Per Jessen wrote:
ADSL is better suited to the typical user profile which has more downstream than upstream traffic. Most residential places are not wired for ethernet, but have a telephone, so ADSL would not require any extra investment.
At least they have to install a modem, telephone filters or a separate telephone line (?). I asked about ADSL in the early 2000s and they said only connection cost would be comparable with that of getting a new separate telephone number (about $300-$500).
On 2000 I only had V90 modem. There were contracts giving you a "flat" Internet connection, which we called "undulated rate" because it was not 24 hours. ADSL was more expensive if you used Internet little. When I got my ADSL I had to pay a first payment of... I don't know, perhaps 60 or 90 euros, I don't remember. Monthly rates I think they start around 19€, plus phone, usually combined with flat call rates - I can call anywhere in Spain for free. The total cost is higher, depending on the company. I can't give you exact prices at the moment as I'm off the network just now :-} -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Minas Tirith))
James Knott wrote:
Carlos E. R. wrote:
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
In another message, I provided a link to just such a setup in Wellington NZ. There, Ethernet is a utility, which you can use to connect to an ISP of your choice.
Yes, that's what I understand ETTH to be. -- Per Jessen, Zürich (21.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 12 September 2010 20:19:17 Carlos E. R. wrote:
It is a curious setup what you describe. So the building, perhaps the city, is a local network to you, with a gateway to internet somewhere?
Interesting.
No, I haven't seen such a thing here (Spain).
Initially I was connected to a local provider and had LAN only spanning my district. Later it was bought by a larger provider and the LANs of multiple districts (about a half of the city) were connected to each other. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/12/2010 4:55 AM, Ilya Chernykh wrote:
On Sunday 12 September 2010 11:39:43 Per Jessen wrote:
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming?
First Ethernet-based nets appeared here in the mid-90s when people just bought first Ethernet cards (then with throughput of 10 Mbit/s) and connected to their neighbors to exchange files and play LAN games. Some of such games included only 2-3 computers and some spanned several buildings to include tens and hundreds. The people themselves negotiated with local officials, utility services for unofficial permissions to lay the cable, for access to collectors, attics etc.
Then people from some nets decided that they can collect money to buy Internet access wholesale from the provider to have much lower prices and higher speed than on dial-up. From this time on some people connected to the local networks just to have cheap Internet. Some nets were organized with this purpose in mind.
Over time the largest nets officially registered as "Local network of district XXX" to be able to officially collect money and negotiate with the officials for cable placement.
Then there appeared some professional providers who decided to use the same technology. They either competed or bought small local providers. This day I would say that most of smaller providers already incorporated in 2-3 largest and ad-hoc nets were disbanded due to unnecessity.
I LOVE THIS! I wish we had done that. For all it's glory, in many ways the US really sucks. Our culture basically prevents good things like that from happening. Most I ever hear of like this is a few neighbors in a single building sharing one cable modem, but that's actually technically forbidden although almost impossible to enforce. In the US we are just too look-out-for-myself to cooperate on things like that. When some of us try, it just dissolves under "That jerk is using all the resources we I'm paying for, we should make him pay more or exclude him." and "I'm not paying for someone else." and "I'm not going to risk getting sued or arrested for whatever bad stuff those other guys do." Selfish and litigous, and so we are relegated to the "3rd world of the internet". We pay the most and get the least. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Brian K. White wrote:
Most I ever hear of like this is a few neighbors in a single building sharing one cable modem, but that's actually technically forbidden although almost impossible to enforce.
These days, it's often done via WiFi. Sometimes even intentionally. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 12:45 -0400, James Knott wrote:
Brian K. White wrote:
Most I ever hear of like this is a few neighbors in a single building sharing one cable modem, but that's actually technically forbidden although almost impossible to enforce.
These days, it's often done via WiFi. Sometimes even intentionally. ;-)
v6 over wifi ? (to feed the trols) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2010-09-13 at 16:01 -0400, James Knott wrote:
Hans Witvliet wrote:
v6 over wifi ? (to feed the trols)
Actually, yes. On my home WiFi, both my notebook and Nexus One phone get IPv6 addresses in addition to v4.
Sure, all pc's/netbooks/notebooks will be able to do IPv6 over wifi. Actually, (shooting in my own foot) i fear that most of the current cots wifi-routers will only be v4. (hope i'm wrong) We can solve it by putting a wifi-card into master-mode, but that is not something for "the general public" to do. [btw, i've got a distinct feeling that (how interesting it might be) it is losing its relevance to this list ] hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
Actually, (shooting in my own foot) i fear that most of the current cots wifi-routers will only be v4. (hope i'm wrong) I don't have an IPv6 router. I simply use one in "AP" mode, where it simply is a switch that passes IPv6 and v4 to all wireless devices. The "router" isn't used at all and switches don't care whether IPv4, IPv6, IPX etc.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 13 September 2010 11:39:39 Brian K. White wrote:
On 9/12/2010 4:55 AM, Ilya Chernykh wrote:
On Sunday 12 September 2010 11:39:43 Per Jessen wrote:
Wow, very modern - Ethernet-To-The-Home.
This is common here, nobody uses xDSL. I have Ethernet here from 2007.
I guess you (i.e. your city) was able to skip DSL altogether because the infra-structure was late in coming?
First Ethernet-based nets appeared here in the mid-90s when people just bought first Ethernet cards (then with throughput of 10 Mbit/s) and connected to their neighbors to exchange files and play LAN games. Some of such games included only 2-3 computers and some spanned several buildings to include tens and hundreds. The people themselves negotiated with local officials, utility services for unofficial permissions to lay the cable, for access to collectors, attics etc.
Then people from some nets decided that they can collect money to buy Internet access wholesale from the provider to have much lower prices and higher speed than on dial-up. From this time on some people connected to the local networks just to have cheap Internet. Some nets were organized with this purpose in mind.
Over time the largest nets officially registered as "Local network of district XXX" to be able to officially collect money and negotiate with the officials for cable placement.
Then there appeared some professional providers who decided to use the same technology. They either competed or bought small local providers. This day I would say that most of smaller providers already incorporated in 2-3 largest and ad-hoc nets were disbanded due to unnecessity.
I LOVE THIS!
I wish we had done that.
For all it's glory, in many ways the US really sucks. Our culture basically prevents good things like that from happening.
Most I ever hear of like this is a few neighbors in a single building sharing one cable modem, but that's actually technically forbidden although almost impossible to enforce. In the US we are just too look-out-for-myself to cooperate on things like that. When some of us try, it just dissolves under "That jerk is using all the resources we I'm paying for, we should make him pay more or exclude him." and "I'm not paying for someone else." and "I'm not going to risk getting sued or arrested for whatever bad stuff those other guys do." Selfish and litigous, and so we are relegated to the "3rd world of the internet". We pay the most and get the least.
+1, bk i am fascinated to have this glimpse into the internet culture of russia -- apparently it isn't all mobsters, thugs, and bread lines -- thank you ilya sc -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
I have no modem here. I think most people who use Internet in this
city have no modems, I just have a socket for Ethernet cable on the wall,
Wow, very modern - Ethernet-To-The-Home. Do you get ethernet speeds as well?
One place that does this is Wellington NZ. http://www.linuxjournal.com/article/8073?page=0,0 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
In Switzerland the modem is paid for by the customer, but either way there's an extra cost.
With my ISP, the options are to rent or buy the modem. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/08/2010 08:51 PM, James Knott wrote:
And yet, IPv6 is so easy. It's a lot easier to configure than IPv4. ISPs may have to update some equipment, but in the mean time, alternatives such as tunnel brokers and 6in4 tunnelling exist to get things going. It's even easier for servers. If IPv6 is not available at the server location, just connect to a tunnel broker and get an IPv6 address for that computer.
James, I'd like to go ahead and setup my 4 DNS servers for IPV6 just to learn. You got a good howto for adding the quad-A records and any gotchas to look out for in a mixed IPV4-IPV6 setup? From an ignorant standpoint it seems as simple as just adding the quad-A records for fix-IP boxes and then setting up the dhcpd/dynDNS to hand out IPV6 as well as IPv4 to dynamic clients. Not to mention that providing IPV6 reverse lookups will cure a current Samba log error issue with some win clients as well (if you have disabled all IPV6 in sysconfig/network and ifup scripts) A favorite link or two? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
I'd like to go ahead and setup my 4 DNS servers for IPV6 just to learn. You got a good howto for adding the quad-A records and any gotchas to look out for in a mixed IPV4-IPV6 setup?
That's one thing I haven't done. I use the hosts file for my own addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/15/2010 09:04 PM, James Knott wrote:
David C. Rankin wrote:
I'd like to go ahead and setup my 4 DNS servers for IPV6 just to learn. You got a good howto for adding the quad-A records and any gotchas to look out for in a mixed IPV4-IPV6 setup?
That's one thing I haven't done. I use the hosts file for my own addresses.
Slacker :p OK, I'll post the cliff's notes bind9 howto once I get it sorted :) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-15 at 23:58 -0500, David C. Rankin wrote:
On 09/15/2010 09:04 PM, James Knott wrote:
David C. Rankin wrote:
I'd like to go ahead and setup my 4 DNS servers for IPV6 just to learn. You got a good howto for adding the quad-A records and any gotchas to look out for in a mixed IPV4-IPV6 setup? That's one thing I haven't done. I use the hosts file for my own addresses. OK, I'll post the cliff's notes bind9 howto once I get it sorted :)
I run IPv6 bind servers; if you ask specific questions I can probably help [please change the subject when you do so, this thread has gotten pretty lame]. There really isn't that much to IPv6 DNS, it works pretty much exactly the same as IPv4 only the addresses are much longer. :) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/17/2010 05:09 AM, Adam Tauno Williams wrote:
On Wed, 2010-09-15 at 23:58 -0500, David C. Rankin wrote:
On 09/15/2010 09:04 PM, James Knott wrote:
David C. Rankin wrote:
I'd like to go ahead and setup my 4 DNS servers for IPV6 just to learn. You got a good howto for adding the quad-A records and any gotchas to look out for in a mixed IPV4-IPV6 setup?
I run IPv6 bind servers; if you ask specific questions I can probably help [please change the subject when you do so, this thread has gotten pretty lame].
There really isn't that much to IPv6 DNS, it works pretty much exactly the same as IPv4 only the addresses are much longer. :)
Adam, I've been poking around trying to figure out the easiest way to incorporate ipv6 into my 4 existing bind 9 ipv4 servers (2 sites, 1 primary, 1 slave at each). The first note that confused me was from the bind9 ARM: "Use of IPv4-in-IPv6 mapped addresses is not recommended. If a host has an IPv4 address, use an A record, not a AAAA, with ::ffff:192.168.42.1 as the address" (bind/Bv9ARM.ch04.html#id2572077) How are you handling your zone file records for ipv4 hosts in an ipv6 net? I ask because I have several big devices that are ipv4 that won't be ipv6 and replacement cost is out of the question (large copiers, etc..) If you have any good links that explain the nuts and bolts of the move to ipv6, please add them below. Also, for the rest that are interested, here are a few links I collected this morning. (I haven't digested them all by any means, but I have stuck some notes at the end of the links) Useful ipv4-ipv6 Links: http://tldp.org/HOWTO/html_single/Linux+IPv6-HOWTO/ http://www.cs.princeton.edu/~mef/research/napt/reports/usenix98/index.html http://www.linuxjournal.com/article/6541 (NOTE A6 records are deprecated now) http://linux.yyz.us/ipv6-fc2-howto.html (short 6-to-4 tunnel config on Linux) http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html (2003 - dated, but useful) http://download.oracle.com/javase/1.4.2/docs/guide/net/ipv6_guide/ (java issues) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
I'd like to go ahead and setup my 4 DNS servers for IPV6 just to learn. You got a good howto for adding the quad-A records and any gotchas to look out for in a mixed IPV4-IPV6 setup?
From an ignorant standpoint it seems as simple as just adding the quad-A records for fix-IP boxes
Yep, that's it. PLus the reverse of course. -- Per Jessen, Zürich (14.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 03:21, James Knott wrote:
Ilya Chernykh wrote:
Leaving for what?
An ISP that provides IPv6.
And where do you find them? Not in my country - unless you are a big business demanding a huge pipe, so that ISPs flock to your door. “A persian carpet under the modem?” “No doubt, no doubt!” :-P -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
On 2010-09-09 03:21, James Knott wrote:
Ilya Chernykh wrote:
Leaving for what?
An ISP that provides IPv6.
And where do you find them? Not in my country - unless you are a big business demanding a huge pipe, so that ISPs flock to your door. “A persian carpet under the modem?” “No doubt, no doubt!”
:-P
I don't know where you are, but in some parts of the world, IPv6 is your only choice. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 13:52, James Knott wrote:
Carlos E. R. wrote:
I don't know where you are, but in some parts of the world, IPv6 is your only choice.
I know that lack of addresses is a real problem in China, because they were given little ipv4 space. But I'm in Spain, and I have not heard of any provider here offering ipv6 for home or small businesses. The battle here is pricing and broadband. Or cable versus ADSL. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Saturday 11 September 2010 15:59:46 Carlos E. R. wrote:
I don't know where you are, but in some parts of the world, IPv6 is your only choice.
I know that lack of addresses is a real problem in China, because they were given little ipv4 space.
But I'm in Spain, and I have not heard of any provider here offering ipv6 for home or small businesses. The battle here is pricing and broadband. Or cable versus ADSL.
The same here. IPv6 came now to have image of a protocol for developing world and poor countries which brings problems and does not allow fully functional Internet access. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. said the following on 09/11/2010 07:59 AM:
On 2010-09-11 13:52, James Knott wrote:
Carlos E. R. wrote:
I don't know where you are, but in some parts of the world, IPv6 is your only choice.
I know that lack of addresses is a real problem in China, because they were given little ipv4 space.
But I'm in Spain, and I have not heard of any provider here offering ipv6 for home or small businesses. The battle here is pricing and broadband. Or cable versus ADSL.
It seems much the same here in Canada, if you add in wifi bandwidth. The cable providers and the DSL providers have been hit with lawsuits that have forced them to open up to allow other ISPs to use their facilities, rather like what we had with the phone companies back in the 80s and 90s. Since those same telcos run (almost) all the cell phone space they are fighting back with with internet-over-3G and internet-over-AWS. My cell phone is only capable of IPv4 addresses :-( -- Without friends no one would choose to live, though he had all other goods. Aristotle (384 BC - 322 BC), Nichomachean Ethics -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 14:23, Anton Aylward wrote:
Carlos E. R. said the following on 09/11/2010 07:59 AM:
But I'm in Spain, and I have not heard of any provider here offering ipv6 for home or small businesses. The battle here is pricing and broadband. Or cable versus ADSL.
It seems much the same here in Canada, if you add in wifi bandwidth. The cable providers and the DSL providers have been hit with lawsuits that have forced them to open up to allow other ISPs to use their facilities, rather like what we had with the phone companies back in the 80s and 90s. Since those same telcos run (almost) all the cell phone space they are fighting back with with internet-over-3G and internet-over-AWS. My cell phone is only capable of IPv4 addresses :-(
Yes, same thing here. There is a big telephone company (Telefonica) that once was a monopoly. It had to open up for new, smaller, telcos, then open again for ISPs. It is funny that you can contract from a few different ISP providers, when the copper pair is still going to the same exchange as has been for fifty years. I assume they have inside separate racks for each new company where they do the splitting. If they do it all... A nightmare, I have been told, by friends working there. The situation in many countries has to be very similar, we haven't invented the technology ;-) -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
There is a big telephone company (Telefonica) that once was a monopoly. It had to open up for new, smaller, telcos, then open again for ISPs. It is funny that you can contract from a few different ISP providers, when the copper pair is still going to the same exchange as has been for fifty years. I assume they have inside separate racks for each new company where they do the splitting. If they do it all... A nightmare, I have been told, by friends working there. The situation in many countries has to be very similar, we haven't invented the technology ;-)
It sounds exactly like how it's done elsewhere - Switzerland, Germany, Britain. I doubt if they have separate equipment in the exchanges, it's not necessary. -- Per Jessen, Zürich (20.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/11/2010 09:06 AM:
Carlos E. R. wrote:
There is a big telephone company (Telefonica) that once was a monopoly. It had to open up for new, smaller, telcos, then open again for ISPs. It is funny that you can contract from a few different ISP providers, when the copper pair is still going to the same exchange as has been for fifty years. I assume they have inside separate racks for each new company where they do the splitting. If they do it all... A nightmare, I have been told, by friends working there. The situation in many countries has to be very similar, we haven't invented the technology ;-)
It sounds exactly like how it's done elsewhere - Switzerland, Germany, Britain. I doubt if they have separate equipment in the exchanges, it's not necessary.
Its amazing what the equipment manufacturers can do with software. If you pay the licence fees. -- There are two ways to slide easily through life: to believe everything or to doubt everything; both ways save us from thinking. -- Alfred Korzybski -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
It sounds exactly like how it's done elsewhere - Switzerland, Germany, Britain. I doubt if they have separate equipment in the exchanges, it's not necessary.
That depends on the ISP. Some lease bandwidth from the phone company, others have their own "point of presence" in the phone company central office and only lease the pair from the phone company. A few years ago, I was involved with setting up phone and ADSL shelves for Sprint Canada, in Bell Canada offices. In other situations, the ISP might provide their own ADSL equipment that the phone line passes through, for when the customer gets only internet from the ISP and phone service from the phone company. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
It sounds exactly like how it's done elsewhere - Switzerland, Germany, Britain. I doubt if they have separate equipment in the exchanges, it's not necessary.
That depends on the ISP.
More on the telco(s) and local legislation, I suspect. In Britain, then years ago, there were plenty of stories about how BT would make it _very_ difficult for others to get access to their exchanges, despite BT having been ordered to do so. Something similar in Germany. In Switzerland, the exchange and the DSLAMs belongs to Swisscom, but they're obligated to rent out or share their equipment. -- Per Jessen, Zürich (14.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/09/2010 17:34, Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
It sounds exactly like how it's done elsewhere - Switzerland, Germany, Britain. I doubt if they have separate equipment in the exchanges, it's not necessary.
That depends on the ISP.
More on the telco(s) and local legislation, I suspect. In Britain, then years ago, there were plenty of stories about how BT would make it _very_ difficult for others to get access to their exchanges, despite BT having been ordered to do so.
Not to mention the stories about our Telstra, here in Australia, deliberately throttling people's service to force them onto a higher costing per month broadband plan so as to get "better performance".
Something similar in Germany. In Switzerland, the exchange and the DSLAMs belongs to Swisscom, but they're obligated to rent out or share their equipment.
So is Telstra here. BC -- Fact is that which enough people believe. Truth is determined by how fervently they believe it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
My cell phone is only capable of IPv4 addresses My Nexus One supports IPv6 and gets an IPv6 address when connected to my home WiFi. However, I can't yet get IPv6 from Rogers. However, that will likely change when 4G phones appear, as they will use voice over IP and there aren't anywhere near enough IPv4 addresses to support them. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/11/2010 12:49 PM, James Knott wrote:
My cell phone is only capable of IPv4 addresses My Nexus One supports IPv6 and gets an IPv6 address when connected to my home WiFi. However, I can't yet get IPv6 from Rogers. However,
Anton Aylward wrote: that will likely change when 4G phones appear, as they will use voice over IP and there aren't anywhere near enough IPv4 addresses to support them.
Why not? They are likely going to replace current smartphones, all of which have IPs now. They are all behind nat too. Visit www.whatsmyip.net on your nexus one. Then dial *#*#4636#*#* and select Phone Information. Scroll down till you see Interface Rmnet0, compare numbers. 4G phones is a meaningless term. LTE is meaningful, but does not require ipV6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
jsa wrote:
Why not?
VoIP phones normally connect directly to each other, with the VoIP exchange used to advise the phones of the other phone's IP address, using H.225 (Registration, Admission and Status or RAS) to pass the info between phone and VoIP exchange and also between exchanges. If you don't use real world IP addresses to the phones, you'll have to use a gateway at each carrier, convert the call so some other network to get to the next carrier to reach the destination. RFC1918 addresses could work, but only within one carrier's network.
They are likely going to replace current smartphones, all of which have IPs now.
Right now, there are still a lot more 2G phones around and people are still buying them. These are the old GSM or CDMA phones that have been in use for years.
They are all behind nat too.
Yes, I was already aware of that.
Visitwww.whatsmyip.net on your nexus one. Then dial *#*#4636#*#* and select Phone Information. Scroll down till you see Interface Rmnet0, compare numbers.
4G phones is a meaningless term. LTE is meaningful, but does not require ipV6.
LTE is the progression towards full 4G. And no, they do not "need" IPv6. What they do need is sufficient IP addresses to support them all. IPv4 is near exhaustion. Using RFC1918 addresses and NAT will get in the way of setting up a proper VoIP network. Here's a link to a Wikipedia article on 4G: http://en.wikipedia.org/wiki/4G That article includes the following: "Unlike 3G, which is based on two parallel infrastructures consisting of circuit switched and packet switched network nodes respectively, 4G will be based on packet switching only. This will require low-latency data transmission. By the time that 4G is deployed, the process of IPv4 address exhaustion is expected to be in its final stages. Therefore, in the context of 4G, IPv6 support is essential in order to support a large number of wireless-enabled devices." http://en.wikipedia.org/wiki/4G -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2010-09-11 at 13:59 +0200, Carlos E. R. wrote:
On 2010-09-11 13:52, James Knott wrote:
Carlos E. R. wrote:
I don't know where you are, but in some parts of the world, IPv6 is your only choice.
I know that lack of addresses is a real problem in China, because they were given little ipv4 space.
I've heard that too (Korea, Tywan, Maleysia,etc etc) But i thought that those countries got their blocks from APNIC, and they are getting stil new /8 blocks recently. So it might be a (wise) policy, but not needed right now, or am i mistaken? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 08 September 2010 21:12:17 James Knott wrote: I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
On Wednesday 08 September 2010 21:12:17 James Knott wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS.
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. As far as refusing to provide support, if IPv6 isn't disabled, that tells me your ISP is incompetent. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010 01:03:53 James Knott wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS.
It's time for you to find a new ISP.
There is no ISP here who provides IPv6. They all simply conduct the same policy: once one decides to invent new technology or change prices, others follow.They just coordinate their efforts. Thus similar prices and services.
NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. As far as refusing to provide support, if IPv6 isn't disabled, that tells me your ISP is incompetent.
They also say IPv6 in addition to corrupting routing table and creating lags in browsers, also floods the network so any user who uses IPv6 not only created problems for themselves but also for all other users. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 01:13 +0400, Ilya Chernykh wrote:
On Thursday 09 September 2010 01:03:53 James Knott wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS. It's time for you to find a new ISP.
+1
There is no ISP here who provides IPv6. They all simply conduct the same policy: once one decides to invent new technology or change prices, others follow.They just coordinate their efforts. Thus similar prices and services.
NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. As far as refusing to provide support, if IPv6 isn't disabled, that tells me your ISP is incompetent. They also say IPv6 in addition to corrupting routing table and creating lags in browsers,
Then we know for certain they are incompetent.
also floods the network so any user who uses IPv6 not only created problems for themselves but also for all other users.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
There is no ISP here who provides IPv6. They all simply conduct the same policy: once one decides to invent new technology or change prices, others follow.They just coordinate their efforts. Thus similar prices and services.
That's why I suggested using a tunnel broker, until such time as your ISP provides IPv6.
They also say IPv6 in addition to corrupting routing table and creating lags in browsers, also floods the network so any user who uses IPv6 not only created problems for themselves but also for all other users.
Like I said, incompetent. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
They also say IPv6 in addition to corrupting routing table and creating lags in browsers, also floods the network so any user who uses IPv6 not only created problems for themselves but also for all other users.
The more you tell me about them, the more incompetent they appear. How does IPv6 corrupt routing tables? Also, if you're using a tunnel broker, you're only sending out IPv4 packets that happen to encapsulate IPv6. The ISP won't see a single IPv6 packet that way. 6in4 tunnelling uses IP protocol 41, which adds a 20 byte IPv4 header to an IPv6 packet, so that it can be carried over an IPv4 network to the tunnel broker. The tunnel broker I use, also supports an IPv6 packet in an IPv4 UDP packet, to do the same thing. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 03:44, James Knott wrote:
Ilya Chernykh wrote:
They also say IPv6 in addition to corrupting routing table and creating lags in browsers, also floods the network so any user who uses IPv6 not only created problems for themselves but also for all other users.
The more you tell me about them, the more incompetent they appear. How does IPv6 corrupt routing tables?
I have seen serious studies, published by the IEEE (IIRC), that current hardware could not support the huge routing tables that ipv6 needs (huge number of addresses). -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
The more you tell me about them, the more incompetent they appear. How does IPv6 corrupt routing
tables?
I have seen serious studies, published by the IEEE (IIRC), that current hardware could not support the huge routing tables that ipv6 needs (huge number of addresses).
Actually, the opposite is true. With IPv6, it set up to be a hierarchical structure, which greatly reduces the number of routing tables. Because of the way IPv4 grew, it's routing table is a real mess, even after the aggregation that took place several years ago. However, because the addresses are longer, the same number of addresses would require 4x the space to hold them. Regardless, in the original message that I was replying to, it was implied that IPv6 packets on an IPv4 network would corrupt the IPv4 tables, even though with tunneling, as would be required on such a network, they'd never see an IPv6 packet that didn't have an IPv4 header attached to it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Actually, the opposite is true. With IPv6, it set up to be a hierarchical structure, which greatly reduces the number of routing tables. That should be "the number of routing table entries".
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2010-09-11 at 15:37 -0400, James Knott wrote:
Carlos E. R. wrote:
tables? I have seen serious studies, published by the IEEE (IIRC), that current hardware could not support
The more you tell me about them, the more incompetent they appear. How does IPv6 corrupt routing the huge routing tables that ipv6 needs (huge number of addresses). Actually, the opposite is true.
+1. Easier routing is one of the core features of IPv6. It also fixes lots of stupid IPv4 behavior like per-hop checksums and fragmentation. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
+1. Easier routing is one of the core features of IPv6. It also fixes lots of stupid IPv4 behavior like per-hop checksums and fragmentation.
And also variable length headers, which have been replaced with fixed length and extension headers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/8/2010 2:03 PM, James Knott wrote:
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped.
Well, in some ways, making it harder to reach your own net is not totally a bad idea. What you can reach, others can reach, and with a nat-less internet you end up requiring protection in every device. Desirable perhaps, but not practical. Breaking some protocols, true, ftp is something that was broken from the start and the fact that it does not work well with nat is hardly the end of the world. As for impossible to reach your own net thru nat, I suggest prior planning. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-08 at 14:25 -0700, John Andersen wrote:
On 9/8/2010 2:03 PM, James Knott wrote:
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. Well, in some ways, making it harder to reach your own net is not totally a bad idea. What you can reach, others can reach, and with a nat-less internet you end up requiring protection in every device.
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in?
Desirable perhaps, but not practical.
Why? Firewalls are cheap and abundant. It is extremely practical and [I hope] common practice. It is legally required in many circumstances.
Breaking some protocols, true, ftp is something that was broken from the start and the fact that it does not work well with nat is hardly the end of the world.
NAT is just a pain, and a pointless one.
As for impossible to reach your own net thru nat,
False. Watch any hacker worth his salt blow right through your NAT. NAT is not security. A firewall is security. NAT != Firewall. NAT is at best obfuscation, and it is obfuscation both ways [it breaks apps from inside too, and renders PKI even more difficult than it already is]. Obfuscation is not security, so throw NAT away. NAT is nothing, ***nothing*** , but a hack for IPv4s limit address space. That's it. Nothing else. Just configure a firewall. Easy, done.
I suggest prior planning.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
On Wed, 2010-09-08 at 14:25 -0700, John Andersen wrote:
On 9/8/2010 2:03 PM, James Knott wrote:
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. Well, in some ways, making it harder to reach your own net is not totally a bad idea. What you can reach, others can reach, and with a nat-less internet you end up requiring protection in every device.
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in?
It doesn't matter, it still does pretty well as such. -- Per Jessen, Zürich (14.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/8/2010 2:44 PM, Per Jessen wrote:
Adam Tauno Williams wrote:
On Wed, 2010-09-08 at 14:25 -0700, John Andersen wrote:
On 9/8/2010 2:03 PM, James Knott wrote:
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. Well, in some ways, making it harder to reach your own net is not totally a bad idea. What you can reach, others can reach, and with a nat-less internet you end up requiring protection in every device.
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in?
It doesn't matter, it still does pretty well as such.
Exactly. NAT IS a router. You pretty much can't have nat without a router. And a router is a pretty good form of a firewall. A far simpler firewall than would be required if you had to protect a couple dozen IPs in the typical home in a flat internet that ipv6 is capable of providing. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
A far simpler firewall than would be required if you had to protect a couple dozen IPs in the typical home in a flat internet that ipv6 is capable of providing.
With something like IPTables, the simplest configuration blocks everything. Back when I had a firewall that used IPChains, the initial configuration only had 5 lines IIRC. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 03:56, James Knott wrote:
John Andersen wrote:
A far simpler firewall than would be required if you had to protect a couple dozen IPs in the typical home in a flat internet that ipv6 is capable of providing.
With something like IPTables, the simplest configuration blocks everything. Back when I had a firewall that used IPChains, the initial configuration only had 5 lines IIRC.
The openSUSE firewall warns when starting that certain features are not still supported for ipv6, and thus, disabled. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Wed, 2010-09-08 at 14:49 -0700, John Andersen wrote:
On 9/8/2010 2:44 PM, Per Jessen wrote:
Adam Tauno Williams wrote:
On Wed, 2010-09-08 at 14:25 -0700, John Andersen wrote:
On 9/8/2010 2:03 PM, James Knott wrote:
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. Well, in some ways, making it harder to reach your own net is not totally a bad idea. What you can reach, others can reach, and with a nat-less internet you end up requiring protection in every device. Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in? It doesn't matter, it still does pretty well as such. Exactly. NAT IS a router.
*FALSE*
You pretty much can't have nat without a router.
Correct, NAT is meaningless without a router. That doesn't make NAT a router.
And a router is a pretty good form of a firewall.
Seriously?
A far simpler firewall than would be required if you had to protect a couple dozen IPs in the typical home in a flat internet that ipv6 is capable of providing.
Easy. I set the firewall to block-all-incoming-connections. Done. Even simpler than NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in?
It doesn't matter, it still does pretty well as such.
It doesn't do anything that a properly configured firewall can't do. Start by blocking everything and then allow only what you want. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in?
It doesn't matter, it still does pretty well as such.
It doesn't do anything that a properly configured firewall can't do. Start by blocking everything and then allow only what you want.
Sure, but with NAT in his xDSL router, Joe Bloggs doesn't have to do anything at all. -- Per Jessen, Zürich (13.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 09:05 +0200, Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in? It doesn't matter, it still does pretty well as such. It doesn't do anything that a properly configured firewall can't do. Start by blocking everything and then allow only what you want. Sure, but with NAT in his xDSL router, Joe Bloggs doesn't have to do anything at all.
And what does he have to do with IPv6? Nothing at all! AND all his apps [and games!] just work. The default firewall on every device I've seen is block-all-incoming-connections. So nothing changes as far as the [mythical] joe-user is concerned. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-09-09 12:08, Adam Tauno Williams wrote:
On Thu, 2010-09-09 at 09:05 +0200, Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in? It doesn't matter, it still does pretty well as such. It doesn't do anything that a properly configured firewall can't do. Start by blocking everything and then allow only what you want. Sure, but with NAT in his xDSL router, Joe Bloggs doesn't have to do anything at all.
And what does he have to do with IPv6? Nothing at all! AND all his apps [and games!] just work. The default firewall on every device I've seen is block-all-incoming-connections. So nothing changes as far as the [mythical] joe-user is concerned.
The default in my ISP's suplied adsl router is NO firewalll at all, and NAT. In fact, to activate the firewall one has to go over hidden config settings - by hidden I mean: · export config to a file on a computer. · edit xml config with an editor. · activate firewall in that config file. · upload changed config back to the router. Forget about the internal web page for configuration, nor telnet; until you do that, the firewall config is not accessible. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Elessar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyLcRAACgkQU92UU+smfQWElQCgk5TctT3wxhM66MXiW/FHH4c9 p58An0+nQdpCxfcUPrLSU/lOGrGuc4Ex =jqCh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The default in my ISP's suplied adsl router is NO firewalll at all, and NAT.
Yes, I think that's quite normal.
In fact, to activate the firewall one has to go over hidden config settings - by hidden I mean:
· export config to a file on a computer. · edit xml config with an editor. · activate firewall in that config file. · upload changed config back to the router.
That sounds a bit unusual though.
Forget about the internal web page for configuration, nor telnet; until you do that, the firewall config is not accessible.
Which kind of box is this?? -- Per Jessen, Zürich (19.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 15:02, Per Jessen wrote:
Carlos E. R. wrote:
The default in my ISP's suplied adsl router is NO firewalll at all, and NAT.
Yes, I think that's quite normal.
The idea seems to be that the internal machines can not be accessed, packets can not be routed to them directly, so no firewall is necessary.
In fact, to activate the firewall one has to go over hidden config settings - by hidden I mean:
· export config to a file on a computer. · edit xml config with an editor. · activate firewall in that config file. · upload changed config back to the router.
That sounds a bit unusual though.
It is, doesn't it? :-)
Forget about the internal web page for configuration, nor telnet; until you do that, the firewall config is not accessible.
Which kind of box is this??
A Comtrend. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
Forget about the internal web page for configuration, nor telnet; until you do that, the firewall config is not accessible.
I suppose some ISPs can be "fun". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-08 at 21:53 -0400, James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in? It doesn't matter, it still does pretty well as such. It doesn't do anything that a properly configured firewall can't do. Start by blocking everything and then allow only what you want.
+1 With IPv6 you just block-all-incoming connections. Done. That is actually quite a bit *simpler* than NAT + firewall on IPv4. NAT is actually quite complicated and requires the "firewall" to maintain a large amount of connection state information. Non-NAT is much less resource intensive. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/08/2010 05:33 PM, Adam Tauno Williams wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in?
So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes. Yeah, if I stored a lot of critical information on my wife's Windows computers, and if I were important enough or rich enough to make it worth some crook's while to attack me, I could see the need for more.
Desirable perhaps, but not practical.
Why? Firewalls are cheap and abundant. It is extremely practical and [I hope] common practice. It is legally required in many circumstances.
So what? I don't want to have to maintain separate external firewalls for -my laptop -my work laptop -my wife's work laptop -my network printer (IPv4 only) -our home desktop -our 3 sons' laptops when they visit -our son's wife's laptop when she visits I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now. But the (restricted address?) feature, that makes it possible for me to keep an internal local network, still invisible to the outside world, relieved my apprehensions in that respect.
Breaking some protocols, true, ftp is something that was broken from the start and the fact that it does not work well with nat is hardly the end of the world.
...of no concern at all to me personally, since I neither need nor want outside access to my home network. I carry all my information with me when I travel, and have no need for external access.
NAT is just a pain, and a pointless one.
For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing. And only the (restricted address?) feature saves me from major problems when I have to go to IPv6. I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me. My router with dhcp makes NAT and firewalling Just Work for me and mine. You want v6; fine. I'll have to go to it soon; fine. --that is, now that I'm pretty sure v6 won't impose a huge new workload on my home networking arrangement. John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 13:43 -0400, John E. Perry wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in? So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the
On 09/08/2010 05:33 PM, Adam Tauno Williams wrote: public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes. Yeah, if I stored a lot of critical information on my wife's Windows computers, and if I were important enough or rich enough to make it worth some crook's while to attack me, I could see the need for more.
Desirable perhaps, but not practical. Why? Firewalls are cheap and abundant. It is extremely practical and [I hope] common practice. It is legally required in many circumstances. So what? I don't want to have to maintain separate external firewalls for
Eh? Who said to do that? You operate a firewall on your router, just like you operate your NAT, only it is just a firewall'd router [not a firewall router and a bunch of NAT hacks]. Internet<---->(IPv6 firewall/router)<--->(IPv6 network) instead of Internet<---->(IPv6 firewall/router+NAT)<--->(IPv6 network) That's it. It is categorically simpler. Firewall blocks all incoming connections - Done. Which is essentially what people on this list _believe_ NAT is doing currently.
I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now.
It won't, it will be much easier.
But the (restricted address?) feature, that makes it possible for me to keep an internal local network, still invisible to the outside world, relieved my apprehensions in that respect.
True, and with IPv6 it is much simpler to have multiple addresses and subnets on an interface.
Breaking some protocols, true, ftp is something that was broken from the start
Why? Nothing is broken about FTP. NAT breaks it. Don't claim a protocol is broken because it breaks when used with a hack. By that logic Open Office is "broken" because MS-Word can't open an ODT file.
NAT is just a pain, and a pointless one. For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing
Why on earth do you believe that? NAT isn't doing *anything* but hacking around an IPv4 limitation. Operationally under IPv6 you only have a simpler network - and just as much privacy.
. And only the (restricted address?) feature saves me from major problems when I have to go to IPv6.
I don't see how, but OK.
I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me.
It is a bad thing, FACT, full-stop. Because a breakage [limitation] doesn't apply to you doesn't make it "contrived", "bogus", "false", or anything else. Firewalls good, NAT bad. It seems a *lot* of people are very much confusing the functionality of a router, a firewall, and NAT. A firewall is what protects you - not NAT. <http://www.cs.utk.edu/~moore/what-nats-break.html> <http://www.faqs.org/rfcs/rfc1627.html> It is a necessary evil now, it will be a better network when it is gone.
My router with dhcp makes NAT and firewalling Just Work for me and mine. You want v6; fine. I'll have to go to it soon; fine. --that is, now that I'm pretty sure v6 won't impose a huge new workload on my home networking arrangement.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Firewall blocks all incoming connections - Done. Which is essentially what people on this list _believe_ NAT is doing currently.
It seems a lot of people are very much confusing the functionality of a router, a firewall, and NAT.
Say what? I have difficulty believing that most (or even many) folks on this list confuse NAT with a firewall. Or think that NAT blocks all incoming connections. Or that a router IS a firewall. Btw, seems that this discussion has moved to the religious debate stage. Can we at least hold off the snark? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Btw, seems that this discussion has moved to the religious debate stage. Can we at least hold off the snark?
Perhaps it sounds that way, but Adam is correct on all technical points and so he should absolutely not allow anyone to get the idea that the dissenting opinions hold any water if he cares about accuracy of documentation and the safety of others. If the inarguability of facts looks like the unshakability of faith, well that's just too bad for those who practice faith in things other than facts. Why should he or anyone else care if anyone else understands the issues here? Because unfortunately none of us exists alone. One cannot simply opt to do the right thing while allowing others to be stupid if they want. I can't use .odt, .ogg, and .ogv files which would be better for _everyone_ if we all did, because too many of the people I must interact with don't understand and don't care why they should not use .xls, .mp3, and h264 files because as far as they can tell it "works for them". When too many people don't understand something and/or don't care to even try to understand, then the broken system that popularity==validity results in the knowledgeable minority being forced by circumstances outside their control to live with, participate in, and even commit, broken crap themselves even though they know better and are willing to do better. Thanks for that. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Btw, seems that this discussion has moved to the religious debate stage. Can we at least hold off the snark?
Perhaps it sounds that way, but Adam is correct on all technical points and so he should absolutely not allow anyone to get the idea that the dissenting opinions hold any water if he cares about accuracy of documentation and the safety of others.
If the inarguability of facts looks like the unshakability of faith, well that's just too bad for those who practice faith in things other than facts.
Why should he or anyone else care if anyone else understands the issues here? Because unfortunately none of us exists alone. One cannot simply opt to do the right thing while allowing others to be stupid if they want. I can't use .odt, .ogg, and .ogv files which would be better for _everyone_ if we all did, because too many of the people I must interact with don't understand and don't care why they should not use .xls, .mp3, and h264 files because as far as they can tell it "works for them".
When too many people don't understand something and/or don't care to even try to understand, then the broken system that popularity==validity results in the knowledgeable minority being forced by circumstances outside their control to live with, participate in, and even commit, broken crap themselves even though they know better and are willing to do better.
Thanks for that.
That's fine, it seems I was not clear: My comment was a general one re a nbr of the posts, not directed towards anyone in particular. I thought that was implied. A technical debate on the facts and perceived merits is welcome. However, it is neither advanced nor enhanced by language that personalizes, condescends, or insults. I was just hoping to calm the waters a bit. Apparently I failed, so let's leave it at that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 16:45 -0400, dwgallien wrote:
Btw, seems that this discussion has moved to the religious debate stage. Can we at least hold off the snark?
Perhaps it sounds that way, but Adam is correct on all technical points and so he should absolutely not allow anyone to get the idea that the dissenting opinions hold any water if he cares about accuracy of documentation and the safety of others. If the inarguability of facts looks like the unshakability of faith, well that's just too bad for those who practice faith in things other than facts. Why should he or anyone else care if anyone else understands the issues here? Because unfortunately none of us exists alone. One cannot simply opt to do the right thing while allowing others to be stupid if they want. I can't use .odt, .ogg, and .ogv files which would be better for _everyone_ if we all did, because too many of the people I must interact with don't understand and don't care why they should not use .xls, .mp3, and h264 files because as far as they can tell it "works for them". When too many people don't understand something and/or don't care to even try to understand, then the broken system that popularity==validity results in the knowledgeable minority being forced by circumstances outside their control to live with, participate in, and even commit, broken crap themselves even though they know better and are willing to do better.
That's fine, it seems I was not clear: My comment was a general one re a nbr of the posts, not directed towards anyone in particular. I thought that was implied.
Well, when I said "It seems a lot of people are very much confusing the functionality of a router, a firewall, and NAT." I meant exactly that; no snark intended. The comments about NAT *clearly* indicate a failure to distinguish between NAT, firewall, and routing [three different capabilities]. Routing - moving packets. IPv6 allows 'normal' routing between any two points [which NAT breaks]. Firewalls - control access [not NAT]. Being routable [and theoretically reachable] is not the same as being accessible. Most "firewalls" support NAT, that doesn't make a firewall and NAT the same thing. Firewalls can be positioned at *routed* ingress/egress points, so the every-device-must-be-firewalled arguement is bogus [although it isn't a bad idea - even in an IPv4 NAT'd world]. NAT - a hack to allow use of private IPv4 ranges to access resources outside the local subnet. NAT breaks good things like GRE tunnels, and SCTP [anyone want a faster Internet?] - even outgoing, it isn't just an inbound issue. NAT breaks the topology, and if the address-space constraint is removed - adds nothing. <http://www.faqs.org/rfcs/rfc1627.html> <http://www.cs.utk.edu/~moore/what-nats-break.html>
A technical debate on the facts and perceived merits is welcome. However, it is neither advanced nor enhanced by language that personalizes, condescends, or insults. I was just hoping to calm the waters a bit. Apparently I failed, so let's leave it at that.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
That's fine, it seems I was not clear: My comment was a general one re a nbr of the posts, not directed towards anyone in particular. I thought that was implied.
Well, when I said "It seems a lot of people are very much confusing the functionality of a router, a firewall, and NAT." I meant exactly that; no snark intended. The comments about NAT *clearly* indicate a failure to distinguish between NAT, firewall, and routing [three different capabilities].
As I thought I had already indicated, the snark observation was not a direct reference to the previously ref'd comment, but rather to how - IMHO - the language in some of the posts was becoming unproductive. Again, it was not directed towards any specific individual and that should have been better clarified. Revisiting for a moment the NAT statement which you reiterate, it may very well be that there is a "failure to distinguish" among those engaged in the debate (or not, I'm not qualified to judge). The surprise I expressed was only in ref to that being generalized to "what people on this list believe" (as opposed to just those in the debate). Nothing more. Obviously, I should have just kept my clap shut. On both points. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Today I discovered what gigabit can do for me, so I want to buy a new 8-port wired "internet" firewall/router. Will I need to read the fine print to discover its IPV6 capability, or would I be safe to assume any major brand current model would competently support IPV6 now and for the foreseeable future? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Felix Miata wrote:
Today I discovered what gigabit can do for me, so I want to buy a new 8-port wired "internet" firewall/router. Will I need to read the fine print to discover its IPV6 capability, or would I be safe to assume any major brand current model would competently support IPV6 now and for the foreseeable future?
Some of the newer models from D-Link and others support it. You'll have to read the specs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010/09/09 22:29 (GMT-0400) James Knott composed:
Felix Miata wrote:
Today I discovered what gigabit can do for me, so I want to buy a new 8-port wired "internet" firewall/router. Will I need to read the fine print to discover its IPV6 capability, or would I be safe to assume any major brand current model would competently support IPV6 now and for the foreseeable future?
Some of the newer models from D-Link and others support it. You'll have to read the specs.
I don't see how a switch to IPV6 could happen in the short term. It's really hard to find any reference to IPV6 in product searches. When I try combining IPV6 with either 8-port or gigabit I come up empty virtually every time. I did find a very few products, but at affordable pricing with only 4 wired LAN ports, and nothing with more than 4 at any price resembling affordable. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Felix Miata wrote:
I don't see how a switch to IPV6 could happen in the short term. It's really hard to find any reference to IPV6 in product searches. When I try combining IPV6 with either 8-port or gigabit I come up empty virtually every time. I did find a very few products, but at affordable pricing with only 4 wired LAN ports, and nothing with more than 4 at any price resembling affordable. -- I haven't seen any 8 port IPv6 routers, but then again I haven't looked either. Consumer level 8 port routers tend to be scarce. However, unless you've got an extremely fast internet connection, you don't need a gigabit router. It might be easier to just put a gigabit switch ahead of the router. Even on commercial installations, when using gigabit switches, I've always used a separate router. I did one job, about 1.5 years ago, with a total of 120 gigiabit ports, but the router was only capable of 100 Mb and connected to a cable modem that was only capable of 10 Mb. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/10/2010 07:59 AM:
Felix Miata wrote:
I don't see how a switch to IPV6 could happen in the short term. It's really hard to find any reference to IPV6 in product searches. When I try combining IPV6 with either 8-port or gigabit I come up empty virtually every time. I did find a very few products, but at affordable pricing with only 4 wired LAN ports, and nothing with more than 4 at any price resembling affordable.
I haven't seen any 8 port IPv6 routers, but then again I haven't looked either. Consumer level 8 port routers tend to be scarce. However, unless you've got an extremely fast internet connection, you don't need a gigabit router. It might be easier to just put a gigabit switch ahead of the router. Even on commercial installations, when using gigabit switches, I've always used a separate router. I did one job, about 1.5 years ago, with a total of 120 gigiabit ports, but the router was only capable of 100 Mb and connected to a cable modem that was only capable of 10 Mb.
Yes, that's the point of a gigabit 8-port device and that's the point of NAT as made clear in the RFCs I've referred to, Its about INTERNAL communication. People want fast access to their file servers that are just a few meters away. Its a psychological thing: they can understand a delay to the outside world and a server in a different {city,state,nation,content} that is being used by thousands of other people, but why should that delay apply to something local and is restricted in access and only available to their workgroup? As the RFCs said: <quote> Many applications require connectivity only within one enterprise and do not even need external connectivity for the majority of internal hosts. In larger enterprises it is often easy to identify a substantial number of hosts using TCP/IP that do not need network layer connectivity outside the enterprise. </quote> I have 100M Ethernet cards in my laptop even though I only have a 10M link to the outside world. I expect to be able to access my locally connected devices at 100M so I have a 100M switch. It happens to be a SMC device that is also a NAT'ing router with many 'firewall' functions. (I also have a proper firewall, but that's not what this is about.) It takes no stretch of my imagination to understand the utility value of a SMB needing a high speed switch within the workgroup. After all, most traffic in a SMB is going to be local. Having a ready supply of low cost IPv6 capable high speed switches/routers as drop-in replacements for things like the Linksys or SMC devices, be they wired or wifi, would be a good way to introduce IPv6 to SMBs. Dismissing this need out of hand, James, is unproductive. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Having a ready supply of low cost IPv6 capable high speed switches/routers as drop-in replacements for things like the Linksys or SMC devices, be they wired or wifi, would be a good way to introduce IPv6 to SMBs.
Switches don't worry about IPv6 or IPv4. They handle both and any other protocol that can be handled over ethernet. It's only routers that are the concern
Dismissing this need out of hand, James, is unproductive.
I have never dismissed that. What I have dismissed is the attitude that since not everything is not yet IPv6 ready, we shouldn't be using it at all. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Having a ready supply of low cost IPv6 capable high speed switches/routers as drop-in replacements for things like the Linksys or SMC devices, be they wired or wifi, would be a good way to introduce IPv6 to SMBs. Switches don't worry about IPv6 or IPv4. They handle both and any other protocol that can be handled over ethernet. It's only routers
Anton Aylward wrote: that are the concern
Dismissing this need out of hand, James, is unproductive.
I have never dismissed that. What I have dismissed is the attitude that since not everything is not yet IPv6 ready, we shouldn't be using it at all.
That should be " since not everything is IPv6 ready". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-09-10 at 08:29 -0400, James Knott wrote:
Having a ready supply of low cost IPv6 capable high speed switches/routers as drop-in replacements for things like the Linksys or SMC devices, be they wired or wifi, would be a good way to introduce IPv6 to SMBs. Switches don't worry about IPv6 or IPv4. They handle both and any other
Anton Aylward wrote: protocol that can be handled over ethernet. It's only routers that are the concern
That is mostly true; managed switches may care if you are using vLAN features. Older switches frequently discard unknown-protocols on vLAN ports. But we recently survey'd switches and every switch we looked at supported IPv6 (even the 'low end' Linksys managed switches).
Dismissing this need out of hand, James, is unproductive. I have never dismissed that. What I have dismissed is the attitude that since not everything is not yet IPv6 ready, we shouldn't be using it at all.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
That is mostly true; managed switches may care if you are using vLAN features. Older switches frequently discard unknown-protocols on vLAN ports. But we recently survey'd switches and every switch we looked at supported IPv6 (even the 'low end' Linksys managed switches).
That sounds a bit strange. Switches, vlan or other, don't support IP of any flavour. They support ethernet. Any switch that doesn't pass a valid ethernet frame is defective. No matter what IP protocol you're running, it's supposed to just be data carried on ethernet. It sounds like someone has their layers mixed up. Don't forget, when switches (and bridges before them) first came out, we had a lot more protocols than just IP floating around. Back then, there was also IPX, SNA, NetBIOS, Appletalk and others in common use. All could be carried over ethernet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-09-10 at 21:56 -0400, James Knott wrote:
Adam Tauno Williams wrote:
That is mostly true; managed switches may care if you are using vLAN features. Older switches frequently discard unknown-protocols on vLAN ports. But we recently survey'd switches and every switch we looked at supported IPv6 (even the 'low end' Linksys manage switches). That sounds a bit strange. Switches, vlan or other, don't support IP of any flavour. They support ethernet.
This isn't really true; managed switches are very aware of higher level protocols. Often times protocols are bound to vLANs.
Any switch that doesn't pass a valid ethernet frame is defective. No matter what IP protocol you're running, it's supposed to just be data carried on ethernet. It sounds like someone has their layers mixed up. Don't forget, when switches (and bridges before them) first came out, we had a lot more protocols than just IP floating around. Back then, there was also IPX, SNA, NetBIOS, Appletalk and others in common use. All could be carried over ethernet.
True - but a lot of low end switches only know a couple of protocols [usually IPv4 & IPX]. They switch anything until vLANs are enabled, and then other protocols get dropped. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
This isn't really true; managed switches are very aware of higher level protocols. Often times protocols are bound to vLANs.
I am aware of that. I have configured switches for vlan, QoS, diffserv etc. My point is that a switch shouldn't just block a valid ethernet frame, just because it doesn't understand the higher level protocol, as you seemed to have implied. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010/09/10 07:59 (GMT-0400) James Knott composed:
I haven't seen any 8 port IPv6 routers, but then again I haven't looked either. Consumer level 8 port routers tend to be scarce. However, unless you've got an extremely fast internet connection, you don't need a gigabit router. It might be easier to just put a gigabit switch ahead of the router.
I thought of that, but: 1-I've read reports more than once that the router model I've been using is a poor performer 2-adding an 8-port switch means yet another fs$@#*$^%ing power brick 3-adding an 8-port switch means yet more power consumption (eco unfriendly) 4-adding an 8-port switch means yet more heat generation (eco unfriendly) 5-space considerations dictate stacking the router and switch, increasing the operating temperature of the devices, likely causing shortened life expectancy. So, replacing the router makes good sense, particularly if one wants to add wireless capability. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-10 16:33, Felix Miata wrote:
On 2010/09/10 07:59 (GMT-0400) James Knott composed:
So, replacing the router makes good sense, particularly if one wants to add wireless capability.
Indeed, an 8 port "router" is a better idea, at home or small office, than a 4 port router and an 8 port switch - simply because it is a box less to care about. Fewer cables (ethernet cables, power cables, one more power socket used, perhaps one power splitter more). Actually the "4 (or 8) port router" is not an 4 port router. It is a two port router (adsl <-> eth0) with a an 4 port bridge. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 09/10/2010 04:59 AM, James Knott wrote:
Felix Miata wrote:
I don't see how a switch to IPV6 could happen in the short term. It's really hard to find any reference to IPV6 in product searches. When I try combining IPV6 with either 8-port or gigabit I come up empty virtually every time. I did find a very few products, but at affordable pricing with only 4 wired LAN ports, and nothing with more than 4 at any price resembling affordable. -- I haven't seen any 8 port IPv6 routers, but then again I haven't looked either. Consumer level 8 port routers tend to be scarce. However, unless you've got an extremely fast internet connection, you don't need a gigabit router. It might be easier to just put a gigabit switch ahead of the router. Even on commercial installations, when using gigabit switches, I've always used a separate router. I did one job, about 1.5 years ago, with a total of 120 gigiabit ports, but the router was only capable of 100 Mb and connected to a cable modem that was only capable of 10 Mb.
Hi James, I came across this link as I was searching for consumer-grade IPv6: <http://gpshead.blogspot.com/2009/01/consumer-router-ipv6-firewall-fail.html> The Linksys wrt610n silently supports 6-to-4 IPv6 but doesn't firewall it! Apparently none of the Netgear products do IPv6 except for the WNR3500L which allows user installation of open-source software (DD-WRT). I actually have this router, but am using only the Netgear firmware. I think I'll purchase another one and try playing around with it. Those folks who are fluent in IPv6 will become valuable in the coming years... Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Felix Miata wrote:
I don't see how a switch to IPV6 could happen in the short term. It's really hard to find any reference to IPV6 in product searches. When I try combining IPV6 with either 8-port or gigabit I come up empty virtually every time. I did find a very few products, but at affordable pricing with only 4 wired LAN ports, and nothing with more than 4 at any price resembling affordable.
fwiw . . . I recently upgraded my home network: A Motorola SB6120 DOCSIS cable modem IPv4/IPv6 and a Buffalo WZR-HP-G300NH 4/6 router with high-power AP and a Gb switch - but only 4 port. Handles HD streaming perfectly, and I can finally use my Gb NIC's. 20Mb on the WAN, higher than the line rating. The modem is a bit expensive, the router not at all. I also could not find a consumer grade 8-port alternative. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/9/2010 9:23 PM, Felix Miata wrote:
When I try combining IPV6 with either 8-port or gigabit I come up empty virtually every time. I did find a very few products, but at affordable pricing with only 4 wired LAN ports, and nothing with more than 4 at any price resembling affordable.
Do switches even care about IPV6? I thought they were all about mac addresses at that level. Routers care about IP4/IP6, but you don't need that many ports on a router. My router has exactly two ports. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Do switches even care about IPV6?
No. They don't even care about IP at all. They can handle any traffic that can be stuffed into an ethernet frame. As you mention, switching is based on MAC addresses.
My router has exactly two ports.
Mine has three. It's a Linux box and when I first set it up, I was using WEP encryption on WiFi. Since WEP is so easy to break, I put it on it's own subnet and required OpenVPN or ssh to get through the firewall. Now that I'm using WPA2, I don't use that 3rd interface any more. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Brian K. White said the following on 09/09/2010 03:47 PM:
[...]
When too many people don't understand something and/or don't care to even try to understand, then the broken system that popularity==validity results in the knowledgeable minority being forced by circumstances outside their control to live with, participate in, and even commit, broken crap themselves even though they know better and are willing to do better.
Thanks for that.
Ah. Yes. Betamax vs VHS Linux vs Windows I'm sure subscribers here can think of many more examples. Anyone who has visited the technology shows such as CeBit in Germany will realise that here in North Amerca we are a backwater that has to settle for "old stuff" even though it marketed to us with the razzle dazzle. Perhaps someone can comment on issues like 'tethering'. -- Skill without imagination is craftsmanship and gives us many useful objects such as wickerwork picnic baskets. Imagination without skill gives us modern art. -- Tom Stoppard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian K. White wrote:
Btw, seems that this discussion has moved to the religious debate stage. Can we at least hold off the snark?
Perhaps it sounds that way, but Adam is correct on all technical points and so he should absolutely not allow anyone to get the idea that the dissenting opinions hold any water if he cares about accuracy of documentation and the safety of others.
If the inarguability of facts looks like the unshakability of faith, well that's just too bad for those who practice faith in things other than facts.
Why should he or anyone else care if anyone else understands the issues here? Because unfortunately none of us exists alone. One cannot simply opt to do the right thing while allowing others to be stupid if they want. I can't use .odt, .ogg, and .ogv files which would be better for _everyone_ if we all did, because too many of the people I must interact with don't understand and don't care why they should not use .xls, .mp3, and h264 files because as far as they can tell it "works for them".
When too many people don't understand something and/or don't care to even try to understand, then the broken system that popularity==validity results in the knowledgeable minority being forced by circumstances outside their control to live with, participate in, and even commit, broken crap themselves even though they know better and are willing to do better.
Thanks for that.
Used to observe to our network team that for most of the user community X500 was a night bus from the London Termini to Heathrow airport... for some reason that did not go down well... :-) The show stopper is not always the validity of (or facts about) a technology, but the occasionally valid non technical reasons for not deploying a technology. Non technical decision makers will need answers to at least three questions in some form. a) How much will it cost? b) How much will it save? c) What is the benefit (to our organisation)? That is the simple bit, assuming the case is accepted and a decision is made. (At the moment there is consensus about the worth of the technology here, without any real attempt to address the three points above). In an ideal work scenario, if one is lucky enough to work in environment that does not question the judgement of the IT team and has relatively benign inter-departmental politics, the decision once made tends to stay made The reality is often different, where one has to protect ones rear from ones technical "colleagues", and deal with (often toxic) inter-departmental politics, such decisions can get badly warped. Dealing with Technology is easy, dealing with people is hard. It is not surprising in this context progress is frequently slow. At this time, I do not intend to move to IPv6 on my local network as it will incur a cost (my time) for little perceivable benefit and AFAIK my ISP has no plans to move to IPv6 for DSL services, (the ISP does not at this time use non routable IPv4 addresses anyway and probably be very happy if got the customer base large enough for address space to become a problem). For others YMMV - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyLiecACgkQasN0sSnLmgISHACeJxvyLV7zvKlVjBUlKUY6n8iE rL0AoIE3aomj6MnNabKRfeqNxnQ1K1eE =5fk4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith wrote:
Non technical decision makers will need answers to at least three questions in some form.
a) How much will it cost? b) How much will it save? c) What is the benefit (to our organisation)?
For something like IPv6, the forward looking companies would make sure to get IPv6 ready gear, whenever purchasing new equipment, even if they don't plan to offer it for a while. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 22:09, James Knott wrote:
G T Smith wrote:
Non technical decision makers will need answers to at least three questions in some form.
a) How much will it cost? b) How much will it save? c) What is the benefit (to our organisation)?
For something like IPv6, the forward looking companies would make sure to get IPv6 ready gear, whenever purchasing new equipment, even if they don't plan to offer it for a while.
Reminds me. I did a networking course not long ago (250 h), and ipv6 was not taught at all. Just mentioned. I am, in theory, a qualified network installer, I even got a Cisco diploma (almost wet paper, IMO). But I know next to nothing about IPV6. This is just an example, other people might have been more fortunate with their training, but... how do you expect ipv6 to grow in acceptance, if the people that should know about it do not? -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
But I know next to nothing about IPV6.
I have also been on courses, where the course material is bordering on obsolete. Some schools don't keep up with the times. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Non technical decision makers will need answers to at least three questions in some form. a) How much will it cost? b) How much will it save? c) What is the benefit (to our organisation)? That is the simple bit, assuming the case is accepted and a decision is made. (At the moment there is consensus about the worth of the technology here, without any real attempt to address the three points above). In an ideal work scenario, if one is lucky enough to work in environment that does not question the judgement of the IT team and has relatively benign inter-departmental politics, the decision once made tends to stay made The reality is often different
And suddenly IPv6 will be required for some 'business purpose' and you [the IT dept] will be left looking by a bunch of dolts. Not rolling forward with IPv6 now in a thoughtful deployment *only* leaves you the scramble to deploy it [and overcome all the obstacles raised in this thread] when suddenly you need it. I'll take a pass on that experience. Just roll IPv6 support into the normal maintenance / update cycle. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Tauno Williams wrote:
And suddenly IPv6 will be required for some 'business purpose' and you [the IT dept] will be left looking by a bunch of dolts. Not rolling forward with IPv6 now in a thoughtful deployment *only* leaves you the scramble to deploy it [and overcome all the obstacles raised in this thread] when suddenly you need it. I'll take a pass on that experience. Just roll IPv6 support into the normal maintenance / update cycle.
If you are seriously suggesting moving to a multi-protocol environment you have obviously never worked in one. As for dolt comment in many cases the team is considered is damned if they get it right and damned if they dont. In terms of popularity on a good day you may get to be more highly considered than HR. In part this is because one is financially trying to swim like a swan by paddling furiously under the waterline . To do anything else would be taken as the wrong kind incompetent (i.e the kind bean counters do not give cash to), however there is catch 22 scenario in this in that the bean counters then imagine that you have what is needed to do the job well. . Therefore, getting the resources in large organisations and SMBs to get the resources required has the potential to be... well... interesting.. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOHCcACgkQasN0sSnLmgK9cACeK9qXcY+qr2At3I9X8c1X2dn9 MJAAn1I9Q3n68m4SxuQuszbwp3U87D0O =vggo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
And suddenly IPv6 will be required for some 'business purpose' and you [the IT dept] will be left looking by a bunch of dolts. Not rolling forward with IPv6 now in a thoughtful deployment *only* leaves you the scramble to deploy it [and overcome all the obstacles raised in this thread] when suddenly you need it. I'll take a pass on that experience. Just roll IPv6 support into the normal maintenance / update cycle. If you are seriously suggesting moving to a multi-protocol environment you have obviously never worked in one.
FALSE: I've worked in IPv4, IPv6, NetBIOS, IPX, and SNA. A multi-protocol network *IS THE FUTURE*! Fact. You can dodge IPv6 for awhile if you like. You will not be able to forever; IPv6 & IPv4 dual-stack networks are going to be the *norm* for the next decade.
As for dolt comment in many cases the team is considered is damned if they get it right and damned if they dont. In terms of popularity on a good day you may get to be more highly considered than HR. In part this is because one is financially trying to swim like a swan by paddling furiously under the waterline . To do anything else would be taken as the wrong kind incompetent (i.e the kind bean counters do not give cash to), however there is catch 22 scenario in this in that the bean counters then imagine that you have what is needed to do the job well. . Therefore, getting the resources in large organisations and SMBs to get the resources required has the potential to be... well... interesting..
Ok. And that explains why "large organizations" are frequently replaced by previously-small organizations. When the bean counter can't use the IPv6 web-service let me know what happens. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Tauno Williams wrote:
FALSE: I've worked in IPv4, IPv6, NetBIOS, IPX, and SNA.
A multi-protocol network *IS THE FUTURE*! Fact.
You can dodge IPv6 for awhile if you like. You will not be able to forever; IPv6 & IPv4 dual-stack networks are going to be the *norm* for the next decade.
I am sure someone would have said something like this about the QWERTY keyboard layout (which was designed to slow down the typist), non-QWERTY keyboards are still relatively uncommon in the English world. History tends to show that the adoption of technology is not just about whether it is best, but also whether the technology addresses an important perceived need or provides a new service that there is a demand for, the cost of adopting it, and the vested interests involved. Readers of the runes will tend to suspect by the time agreement is made something new will come along. Given no-one seems to be be prepared to give a schedule for any central changes at the moment 10 years may be an underestimate. One would expect many with mostly functioning infrastructures to concentrate on the things that they know are not working now, rather than the things that may not be in the future. AFAIK the Europe/US take up is not good. NAT made the immediate problem go away. It yet another kludge that has become a default (as is the QWERTY keyboard). At the moment IPv6 provides roaming internet/IP capabilities, (something IPv4 does not do) but that is mainly of interest for suppliers of mobile networks.
Ok. And that explains why "large organizations" are frequently replaced by previously-small organizations.
Eh!?I do not know where you did your basic business studies but you should ask for your money back.
When the bean counter can't use the IPv6 web-service let me know what happens.
ICANN have got to shoot themselves in the organisational foot before this becomes an issue. There are lot of people who want the root name servers to be controlled outside of the US, and of course the US is unenthusiastic about the idea, blowing awayea large chunks of the network name space is not going to make friends and influence people.. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyPWs8ACgkQasN0sSnLmgKaEwCfQ3tXGkWWE0W9yAyWDU9Vmi4O Hv4AoPlsjC9RnD+QB6cyAaDwngKbG+Zk =uON3 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2010-09-14 at 12:21 +0100, G T Smith wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Tauno Williams wrote:
FALSE: I've worked in IPv4, IPv6, NetBIOS, IPX, and SNA. A multi-protocol network *IS THE FUTURE*! Fact. You can dodge IPv6 for awhile if you like. You will not be able to forever; IPv6 & IPv4 dual-stack networks are going to be the *norm* for the next decade. I am sure someone would have said something like this about the QWERTY keyboard layout (which was designed to slow down the typist), non-QWERTY keyboards are still relatively uncommon in the English world.
Ah yes, the old yarn about qwerty. Only problem: other keyboard layouts aren't any faster. QWERTY will be with us, and the norm, forever. Because, unlike IPv6, switching keyboard schemes really doesn't offer any advantages.
History tends to show that the adoption of technology is not just about whether it is best, but also whether the technology addresses an important perceived need or provides a new service that there is a demand for, the cost of adopting it, and the vested interests involved.
Well, I don't know about "vested interests". But *Microsoft* now *requires* IPv6 for some of there newest products and technologies [those products WILL NOT WORK with IPv4]. So those M$ shops WILL all be supporting IPv6. I congratulate M$ for this move, it is going to be a big driver in IPv6 adoption.
Readers of the runes will tend to suspect by the time agreement is made something new will come along. Given no-one seems to be be prepared to give a schedule for any central changes at the moment 10 years may be an underestimate. One would expect many with mostly functioning infrastructures to concentrate on the things that they know are not working now, rather than the things that may not be in the future. AFAIK the Europe/US take up is not good. NAT made the immediate problem go away. It yet another kludge that has become a default (as is the QWERTY keyboard). At the moment IPv6 provides roaming internet/IP capabilities, (something IPv4 does not do) but that is mainly of interest for suppliers of mobile networks.
Right, because a faster and more efficient Internet [IPv6 is *FASTER*] isn't of any interest to anyone.
When the bean counter can't use the IPv6 web-service let me know what happens. ICANN have got to shoot themselves in the organisational foot before this becomes an issue. There are lot of people who want the root name servers to be controlled outside of the US, and of course the US is unenthusiastic about the idea, blowing awayea large chunks of the network name space is not going to make friends and influence people..
What on earth does that have to do with IPv6? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Tauno Williams wrote:
On Tue, 2010-09-14 at 12:21 +0100, G T Smith wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am sure someone would have said something like this about the QWERTY keyboard layout (which was designed to slow down the typist), non-QWERTY keyboards are still relatively uncommon in the English world.
Ah yes, the old yarn about qwerty. Only problem: other keyboard layouts aren't any faster. QWERTY will be with us, and the norm, forever. Because, unlike IPv6, switching keyboard schemes really doesn't offer any advantages.
Take a look at... http://home.earthlink.net/~dcrehr/whyqwert.html http://www.bbc.co.uk/news/technology-10925456
History tends to show that the adoption of technology is not just about whether it is best, but also whether the technology addresses an important perceived need or provides a new service that there is a demand for, the cost of adopting it, and the vested interests involved.
Well, I don't know about "vested interests".
Which largely explains your apparent lack of grasp of the politics of and economics of change... But *Microsoft* now
*requires* IPv6 for some of there newest products and technologies [those products WILL NOT WORK with IPv4]. So those M$ shops WILL all be supporting IPv6. I congratulate M$ for this move, it is going to be a big driver in IPv6 adoption.
A device that does not support IPv4 in a transitional environment is at best problematic to deploy. (I remember having to disable IPv6 on M$ because of the grief it caused in a IPv4 environment). If M$ start loosing market share changes will be made and M$ has always responded to market needs when it could not dictate them. However, when M$ start being active in a particular area it is something to be red flagged, as they are notorious for being creative in the interpretation of standards.
Right, because a faster and more efficient Internet [IPv6 is *FASTER*] isn't of any interest to anyone.
Which do not really make a lot of difference to an end user when line speed and connection reliability are the key issues. A high speed sports car on a dirt track is just window dressing.
ICANN have got to shoot themselves in the organisational foot before this becomes an issue. There are lot of people who want the root name servers to be controlled outside of the US, and of course the US is unenthusiastic about the idea, blowing awayea large chunks of the network name space is not going to make friends and influence people..
What on earth does that have to do with IPv6?
More politics, the issues around who is actually in control could end up being a significant factor in how something is deployed. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyQopUACgkQasN0sSnLmgJyNACg46FuTe1mVBHY8bbAAfqy5lzA rZMAn2s+sXndxloOPbEU8rQT76F8C93T =p0DC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith said the following on 09/14/2010 07:21 AM:
I am sure someone would have said something like this about the QWERTY keyboard layout (which was designed to slow down the typist), non-QWERTY keyboards are still relatively uncommon in the English world.
Good illustration. I'd add VHS in the VHS vs Beta debate. There's _almost_ a AC vs DC issue. While Tesla may have been right in the context that existed back then, "that was then, this is now". We make a lot of use of DC - all our electronics runs on it, mostly low voltage. I also have a lot of low voltage (and high efficiency) DC lighting in my house. By contrast, at work I have racks of equipment that _runs_ on 5V and 12V and each unit in the rack has its own transformer and regulator to step down from 110V (you may be use 220V) to 5V, each generating its own heat. What is more ironic is that in the net room there is this huge UPS that takes AC power (220V actually) and converts it to 12V. It uses that 12V to charge batteries. The batteries then power an alternator that converts it back up to 110V which goes to the racks. Where the units I just mentioned convert it back down to 12V and 5V. I can't say this makes a lot of sense to me. Surely taking that 12V from the batteries to the racks (with some regulators etc) would make things more efficient? Its not as the usual benefits of AC apply here, its not as if this power is being transmitted over great distances.
History tends to show that the adoption of technology is not just about whether it is best, but also whether the technology addresses an important perceived need or provides a new service that there is a demand for, the cost of adopting it, and the vested interests involved.
I realise that in the past many small communities ran on locally generated DC. Converting them to AC and putting them on National Grid was a matter of efficiencies of scale, reliability and management. When I talk of running a computer room on DC, I am not talking about giving up the efficiencies that go with AC - generation, distribution and voltage manipulation. The heat produces but the per-device transformers & regulators when they step down from 110V to 5V is local to the equipment and a waste because the low voltage is already available. Eliminating the DC-to-AC-to-DC conversion would reduce the overall heat loading as well as the electrical efficiency of the plant. I just betcha someone is going to tell me that many places DO run on per-rack DC.
Readers of the runes will tend to suspect by the time agreement is made something new will come along.
Indeed, the Start Trek theme can continue ...
AFAIK the Europe/US take up is not good. NAT made the immediate problem go away. It yet another kludge that has become a default (as is the QWERTY keyboard). At the moment IPv6 provides roaming internet/IP capabilities, (something IPv4 does not do) but that is mainly of interest for suppliers of mobile networks.
Its quite possible that two separate "worlds" might exist for a while: the wired and the mobile. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
What is more ironic is that in the net room there is this huge UPS that takes AC power (220V actually) and converts it to 12V. It uses that 12V to charge batteries. The batteries then power an alternator that converts it back up to 110V which goes to the racks. Where the units I just mentioned convert it back down to 12V and 5V.
There are now some UPS systems that deliver high voltage DC to the computer, which then converts it down to the voltage required by the system. This eliminates a couple of conversion steps. The telecom industry has been running on 48V DC for a very long time. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Anton Aylward wrote:
What is more ironic is that in the net room there is this huge UPS that takes AC power (220V actually) and converts it to 12V. It uses that 12V to charge batteries. The batteries then power an alternator that converts it back up to 110V which goes to the racks. Where the units I just mentioned convert it back down to 12V and 5V.
There are now some UPS systems that deliver high voltage DC to the computer, which then converts it down to the voltage required by the system. This eliminates a couple of conversion steps. The telecom industry has been running on 48V DC for a very long time.
We don't have any blade systems, but I think they run on 48VDC too. -- Per Jessen, Zürich (19.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/14/2010 11:24 AM:
Anton Aylward wrote:
What is more ironic is that in the net room there is this huge UPS that takes AC power (220V actually) and converts it to 12V. It uses that 12V to charge batteries. The batteries then power an alternator that converts it back up to 110V which goes to the racks. Where the units I just mentioned convert it back down to 12V and 5V.
There are now some UPS systems that deliver high voltage DC to the computer, which then converts it down to the voltage required by the system. This eliminates a couple of conversion steps. The telecom industry has been running on 48V DC for a very long time.
It used to that each rack had a PSU (for some stupid reason they always seemed to be at the bottom) that delivered DC (+/-12V, +/-5V) on busbars to items in the racks. "Yes it used to be but we changed all that..." I think a distorted form of consumerism (and multiplier effect) had something to do with it. If the per item PSU costs $X they can charge $Xx4 for it, and its "mandatory". What do you want to bet that removing that PSU from each rack-able item is going to be an 'additional charge item' - yes even though there's less to it. Hey, does you telco charge extra for 'tone dialling' instead of rotary, even though DTMF is the default/norm and rotary/pulse needs special configuration? -- But it doesn't have to be this way. We can do things better. We need to stop doing business as usual and start focusing on end-to-end quality. Security needs to be built in from the start -- not slapped on after the fact. -- Gene Spafford, at the 23rd National Information Systems Security Conference in October 2000 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
It used to that each rack had a PSU (for some stupid reason they always seemed to be at the bottom) that delivered DC (+/-12V, ±5V) on busbars to items in the racks.
That "stupid reason" would be weight. Power supplies have, until recently, been very heavy. Putting them at the top would make the cabinets top heavy. Placing the P.S. at the bottom also keeps AC power away from the equipment. When you run AC power in a cabinet, you have to be a lot more careful than you would with signal or DC power cables. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/14/2010 11:59 AM:
Anton Aylward wrote:
It used to that each rack had a PSU (for some stupid reason they always seemed to be at the bottom) that delivered DC (+/-12V, ±5V) on busbars to items in the racks.
That "stupid reason" would be weight. Power supplies have, until recently, been very heavy. Putting them at the top would make the cabinets top heavy. Placing the P.S. at the bottom also keeps AC power away from the equipment. When you run AC power in a cabinet, you have to be a lot more careful than you would with signal or DC power cables.
For every good reason there's a stupid example and for every good reasons there's a good example. My stupid examples from the DEC worlds of the 70s and early 80s (PDP-11 and VAX) where the cabinets had the PSU at the bottom include ... someone tweaking one of the boards and dropping a small tool into the grill on the PSU. Trying - stupidly - to fish it out with a piece of wire shorted the PSU - explosively. Five volts at mucho amps will vaporise things like screwdrivers and Allen wrenches. ... leaving the cabinet's back door open and disturbing the heat flow, and causing a fire because of the cardboard box of printer paper on the floor next to the hot PSU holding the door open. Yes, "stupidity". The Number one cause of incidents and accidents. I don't know about heavy, though. Back in the mid 70s I needed a 50W PSU for a piece of avionics I was working on. I pulled the catalogues and built a custom switched mode PSU that fitted in one of those kitchen-size matchboxes[1]. The toroidal transformer - OTS - was about as big as my thumb. The 'trick' was running it at high frequency. Which made smoothing easier as well. The case - doubled as the heat-sink - was the heaviest component. [1] http://www.indiamart.com/apt-exim/kitchen-match-box.html -- We are all agreed that your theory is crazy. The question which divides us is whether it is crazy enough to have a chance of being correct. My own feeling is that it is not crazy enough. -- Niels Bohr -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
I don't know about heavy, though. Back in the mid 70s I needed a 50W PSU for a piece of avionics I was working on. I pulled the catalogues and built a custom switched mode PSU that fitted in one of those kitchen-size matchboxes[1]. The toroidal transformer - OTS - was about as big as my thumb. The 'trick' was running it at high frequency.
Switch-mode - some 25 years ago I had a PDP11-04 in my workshop - no switch-mode in that thing. Lots of heavy copper windings on the enormous transformers. -- Per Jessen, Zürich (14.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/14/2010 03:29 PM:
Anton Aylward wrote:
I don't know about heavy, though. Back in the mid 70s I needed a 50W PSU for a piece of avionics I was working on. I pulled the catalogues and built a custom switched mode PSU that fitted in one of those kitchen-size matchboxes[1]. The toroidal transformer - OTS - was about as big as my thumb. The 'trick' was running it at high frequency.
Switch-mode - some 25 years ago I had a PDP11-04 in my workshop - no switch-mode in that thing. Lots of heavy copper windings on the enormous transformers.
Another reason they put the PSU at the bottom of the rack! How much computing power was in the -04? More than in my cell phone? -- Most good crime on this planet involves insiders. -- Bruce Schneier -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Per Jessen said the following on 09/14/2010 03:29 PM:
Anton Aylward wrote:
I don't know about heavy, though. Back in the mid 70s I needed a 50W PSU for a piece of avionics I was working on. I pulled the catalogues and built a custom switched mode PSU that fitted in one of those kitchen-size matchboxes[1]. The toroidal transformer - OTS - was about as big as my thumb. The 'trick' was running it at high frequency.
Switch-mode - some 25 years ago I had a PDP11-04 in my workshop - no switch-mode in that thing. Lots of heavy copper windings on the enormous transformers.
Another reason they put the PSU at the bottom of the rack!
How much computing power was in the -04? More than in my cell phone?
Haha, I doubt it - it was TTL based, the main board had 4 x 4-bit ALUs - 74181 I think they were. -- Per Jessen, Zürich (18.3°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
I don't know about heavy, though. Back in the mid 70s I needed a 50W PSU for a piece of avionics I was working on. Equipment for use on aircraft was severely weight constrained, compared to elsewhere. Switching supplies weren't common until the '80s or so. Prior to that, a power supply would need a heavy iron transformers, heat sinks for analog regulators, large filter capacitors etc. IIRC, aircraft equipment commonly used 400 Hz AC, which meant power supplies could be built with smaller transformers, capacitors etc. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
IIRC, aircraft equipment commonly used 400 Hz AC, which meant power supplies could be built with smaller transformers, capacitors etc.
I think that went for IBM mainframes as well - I've spent quite a few years working with IBM equipment, I feel pretty certain the power supply boxes (biiiiig cupboards) produced 400Hz AC for supplying the 3090s, the 3380s and such. -- Per Jessen, Zürich (14.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/14/2010 04:04 PM:
Anton Aylward wrote:
I don't know about heavy, though. Back in the mid 70s I needed a 50W PSU for a piece of avionics I was working on. Equipment for use on aircraft was severely weight constrained, compared to elsewhere. Switching supplies weren't common until the '80s or so. Prior to that, a power supply would need a heavy iron transformers, heat sinks for analog regulators, large filter capacitors etc. IIRC, aircraft equipment commonly used 400 Hz AC, which meant power supplies could be built with smaller transformers, capacitors etc.
Indeed. But when I cranked the maths, I found that a 5V DC output that was powering the semiconductor circuitry could be best achieved with a 30kHz switcher, and as a result very small - OTS - components. This was dramatic enough at the time to get "why didn't I think of that" reactions. Even back then, the 'norm" was rectification and voltage droppers (aka resistor chains that grew hot). I still wonder why we don't see more high-frequency switchers. Someone is going to say "interference". Well, yes, but we know how to deal with that, and there's a lot of high frequency noise anyway on the power mains..... -- There are two ways to slide easily through life: to believe everything or to doubt everything; both ways save us from thinking. -- Alfred Korzybski -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
I still wonder why we don't see more high-frequency switchers.
We do. Computers now use switching supplies, as do a lot of "wall warts" and also many electronic devices. It's the old analog regulators that are now, fortunately, getting scarce. Your PC would be a lot heavier if it didn't have a switching supply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/14/2010 04:34 PM:
Anton Aylward wrote:
I still wonder why we don't see more high-frequency switchers.
We do. Computers now use switching supplies, as do a lot of "wall warts" and also many electronic devices. It's the old analog regulators that are now, fortunately, getting scarce. Your PC would be a lot heavier if it didn't have a switching supply.
Yes, but that tower under my desk could have a switcher PSU a fraction the size/weight it does. I know, I've built them! So, the question is "why?" Is there some weir economics or is it 'history' ? -- Bullet proof vest vendors do not need to demonstrate that naked people are vulnerable to gunfire. Similarly, a security consultant does not need to demonstrate an actual vulnerability in order to claim there is a valid risk. The lack of a live exploit does not mean there is no risk. - Crispin Cowan, 23 Aug 2002 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Yes, but that tower under my desk could have a switcher PSU a fraction the size/weight it does. I know, I've built them! Engineering a power supply, like anything else, is a matter of balancing requirements. Sure you could build it smaller (up to a point), but it may cost more. What may be appropriate on aircraft equipment, might not be on price sensitive consumer gear. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Anton Aylward wrote:
Yes, but that tower under my desk could have a switcher PSU a fraction the size/weight it does. I know, I've built them!
Engineering a power supply, like anything else, is a matter of balancing requirements. Sure you could build it smaller (up to a point), but it may cost more.
There is also the two issues of airflow and noise. In particular in consumer grade equipment with ATX standards and such. The powersupplies in more professional style equipment, e.g. Proliant servers, are indeed smaller, but they're also a lot noisier. -- Per Jessen, Zürich (18.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-14 15:11, Anton Aylward wrote:
There's _almost_ a AC vs DC issue. While Tesla may have been right in the context that existed back then, "that was then, this is now". We make a lot of use of DC - all our electronics runs on it, mostly low voltage. I also have a lot of low voltage (and high efficiency) DC lighting in my house.
Ha! But now there are also high voltage DC transmission lines. :-p Why? For instance, to transmit power with an underwater cable to an island. In this case, the losses of AC transmission are higher than those for DC, as the field is formed on water instead of air. It might come that power transmission lines in cities may have to "go back" to DC. It is a static electro-magnetic field, less "dangerous" for those that oppose, saying cancer or whatever. Economically, it has fewer losses for underground cables, which may become the norm in cities. Just imagine the huge DC to DC step down or step up converters.
What is more ironic is that in the net room there is this huge UPS that takes AC power (220V actually) and converts it to 12V. It uses that 12V to charge batteries. The batteries then power an alternator that converts it back up to 110V which goes to the racks. Where the units I just mentioned convert it back down to 12V and 5V.
I can't say this makes a lot of sense to me. Surely taking that 12V from the batteries to the racks (with some regulators etc) would make things more efficient? Its not as the usual benefits of AC apply here, its not as if this power is being transmitted over great distances.
Telephone exchanges run at 48 volts. Only computers and such use AC, often taken via a converter from the 48 volts line (with huge batteries). -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
Ha! But now there are also high voltage DC transmission lines. :-p
Not just now, they've been place for decades. In Scandinavia, the power exchange between the Danish mainland (Jutland) and Norway and Sweden (through Sjaelland) has been done with DC since the 70s. -- Per Jessen, Zürich (14.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ok, let's try again. Maybe I misled you with my "simple-minded home user" crack. On 09/09/2010 01:57 PM, Adam Tauno Williams wrote:
... Eh? Who said to do that? You operate a firewall on your router, just like you operate your NAT, only it is just a firewall'd router [not a firewall router and a bunch of NAT hacks].
...which, of course, I already knew. I should have thought you could understand from my comments that I knew the differences between firewall, router, private addresses, NAT, and dhcp.
... That's it. It is categorically simpler. Firewall blocks all incoming connections - Done. Which is essentially what people on this list _believe_ NAT is doing currently.
I never believed NAT was doing it (and, really, I seriously doubt that anyone else in this discussion did, either). I've known all along exactly what NAT is and how it fits into the Internet. As I thought I made clear in the large quantity of text that you deleted, now that previous discussions have convinced me that my needs are not going to change materially, I'm perfectly content to take up v6 when it comes. But v4 with NAT does exactly what I need now, and v6 from my point of view is for you guys who have to deal with the complexities personally.
I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now.
It won't, it will be much easier.
It will be much easier for _you_. It will have little effect on me; Netgear took care of the complexities for me in _much_ better fashion than I could have myself. I fully expect Netgear will take care of even the reduced complexity for me when they sell me my next one. IPv6 makes things much easier for you and Netgear; it will have little direct effect on me.
... And only the (restricted address?) feature saves me from major problems when I have to go to IPv6.
I don't see how, but OK.
I simply don't believe you're not aware enough to have understood what I was saying. Several other responders did.
It is a necessary evil now, it will be a better network when it is gone.
As I thought I made clear, I agree -- not for my needs, but for yours, and for the network in general.
My router with dhcp makes NAT and firewalling Just Work for me and mine. You want v6; fine. I'll have to go to it soon; fine. --that is, now that I'm pretty sure v6 won't impose a huge new workload on my home networking arrangement.
jp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John E. Perry wrote:
It will be much easier for_you_. It will have little effect on me; Netgear took care of the complexities for me in_much_ better fashion than I could have myself. I fully expect Netgear will take care of even the reduced complexity for me when they sell me my next one. IPv6 makes things much easier for you and Netgear; it will have little direct effect on me.
Please explain the difference to you in how Netgear would provide a NAT router vs one that's configured to block incoming traffic to a range of addresses. I'd expect most people couldn't tell the difference. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/09/2010 11:53 PM, James Knott wrote:
John E. Perry wrote:
It will be much easier for_you_. It will have little effect on me; Netgear took care of the complexities for me in_much_ better fashion than I could have myself. I fully expect Netgear will take care of even the reduced complexity for me when they sell me my next one. IPv6 makes things much easier for you and Netgear; it will have little direct effect on me.
Please explain the difference to you in how Netgear would provide a NAT router vs one that's configured to block incoming traffic to a range of addresses. I'd expect most people couldn't tell the difference.
I won't be able to tell the difference myself for a while. Netgear sold me a v4 system that I could configure without knowing all the nasty little details of network management. I had to learn just enough to understand what the various options meant, and I had a working home network. I've since learned a lot more, but that's because I'm interested. When Netgear updates my router to v6, or, if they can't, I have to buy an IPv6-capable router, I fully expect Netgear to provide me the user manual that tells me exactly how to configure my home lan. Who knows -- they may even make it look the same to me. It could hardly be much easier than configuring my present router. jp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John E. Perry wrote:
I won't be able to tell the difference myself for a while. Precisely. The average person could not tell the difference.
When Netgear updates my router to v6, or, if they can't, I have to buy an IPv6-capable router, D-Link has some models and I believe Linksys (Cisco) does too.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John E. Perry said the following on 09/09/2010 01:43 PM:
On 09/08/2010 05:33 PM, Adam Tauno Williams wrote:
[....]
Breaking some protocols, true, ftp is something that was broken from the start and the fact that it does not work well with nat is hardly the end of the world.
...of no concern at all to me personally, since I neither need nor want outside access to my home network. I carry all my information with me when I travel, and have no need for external access.
+1
NAT is just a pain, and a pointless one.
For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing.
+1 for every Joe Sixpack at home in a similar situation
And only the (restricted address?) feature saves me from major problems when I have to go to IPv6.
Yes, but will Joe Sixpack understand that?
I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me.
+5
My router with dhcp makes NAT and firewalling Just Work for me and mine.
+1 for every Joe Sixpack out there. -- Between the iron gates of fate, The seeds of time were sown, And watered by the deeds of those Who know and who are known; Knowledge is a deadly friend When no one sets the rules. The fate of all mankind I see Is in the hands of fools. - Greg Lake -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
For you, maybe, as a professional systems administrator. For me, as a
simple-minded home user, it's a blessing.
+1 for every Joe Sixpack at home in a similar situation
Please explain the difference to Joe Sixpack, of a firewall that blocks everything, to using NAT? Both block everything, so how does NAT provide any advantage over a firewall configured to block everything? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John E. Perry wrote:
So what? I don't want to have to maintain separate external firewalls for
-my laptop -my work laptop -my wife's work laptop -my network printer (IPv4 only) -our home desktop -our 3 sons' laptops when they visit -our son's wife's laptop when she visits
I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now. But the (restricted address?) feature, that makes it possible for me to keep an internal local network, still invisible to the outside world, relieved my apprehensions in that respect.
You don't have to you'll still have a router to connect to your ISP. You'll just not have to use NAT to support multiple computers. You just configure the firewall to allow only what you want. If you want ssh to be available to all computers, done. If you want http to only one, done again. That is what a proper firewall is designed to do. You don't need NAT to provide appropriate protection.
For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing. And only the (restricted address?) feature saves me from major problems when I have to go to IPv6.
When you set up a firewall, NAT doesn't really help much. Even with the current NAT/routers, you start with everything blocked. Then you start adding whatever you need. With NAT, it quickly becomes more complex, if you want to use the same protocol to multiple computers. That issue simply does not arise with sufficient address on either IPv4 or IPv6. As for firewalls, there'd be no practical difference between configuring a subnet for IPv4 or IPv6. There is a difference with NAT, in that it makes it more difficult.
I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me. My router with dhcp makes NAT and firewalling Just Work for me and mine.
With IPv6, you don't even need DHCP, although it is available. IPv6 addresses are automagically configured. The router advertises the network address and the computer adds it's MAC address to create a unique IP address. There are also methods to use a random number instead of the MAC address, as I believe currently happens with newer versions of Windows. Of course, manual configuration is still available. And if you still want to use them, there are also IPv6 equivalents of the RFC1918 addresses used by NAT.
You want v6; fine. I'll have to go to it soon; fine.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/9/2010 1:11 PM, James Knott wrote:
You don't have to you'll still have a router to connect to your ISP.
Wait, why would I need a router? Seems to me all I would need was a firewall. People have been vociferously pointing out in this thread that a router is not a firewall. Was that you? -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On 9/9/2010 1:11 PM, James Knott wrote:
You don't have to you'll still have a router to connect to your ISP.
Wait, why would I need a router?
Seems to me all I would need was a firewall.
People have been vociferously pointing out in this thread that a router is not a firewall. Was that you?
A router has always been necessary to move between IP (or IPX) networks. NAT came later. When you use the default (or other) route, you have to pass through a router. In the very early days, a computer was used as the router, just like we often use an old computer running Linux for one. Firewalls are often part of a router, but don't have to be. You can also have a bridging firewall that isolates two networks, on the same subnet, so that traffic between them is filtered or between the router and local network. It sounds to me like you should be doing some reading up on routers and firewalls. That might eliminate some of the confusion you're experiencing. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/9/2010 2:01 PM, James Knott wrote:
John Andersen wrote:
On 9/9/2010 1:11 PM, James Knott wrote:
You don't have to you'll still have a router to connect to your ISP.
Wait, why would I need a router?
Seems to me all I would need was a firewall.
People have been vociferously pointing out in this thread that a router is not a firewall. Was that you?
A router has always been necessary to move between IP (or IPX) networks. NAT came later. When you use the default (or other) route, you have to pass through a router. In the very early days, a computer was used as the router, just like we often use an old computer running Linux for one. Firewalls are often part of a router, but don't have to be. You can also have a bridging firewall that isolates two networks, on the same subnet, so that traffic between them is filtered or between the router and local network. It sounds to me like you should be doing some reading up on routers and firewalls. That might eliminate some of the confusion you're experiencing.
See! There you go with that snark again. With a globally unique address why do I need a router on the end of my cable modem? -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/09/2010 04:25 PM, John Andersen wrote:
On 9/9/2010 2:01 PM, James Knott wrote:
John Andersen wrote:
On 9/9/2010 1:11 PM, James Knott wrote:
You don't have to you'll still have a router to connect to your ISP.
Wait, why would I need a router?
Seems to me all I would need was a firewall.
People have been vociferously pointing out in this thread that a router is not a firewall. Was that you?
A router has always been necessary to move between IP (or IPX) networks. NAT came later. When you use the default (or other) route, you have to pass through a router. In the very early days, a computer was used as the router, just like we often use an old computer running Linux for one. Firewalls are often part of a router, but don't have to be. You can also have a bridging firewall that isolates two networks, on the same subnet, so that traffic between them is filtered or between the router and local network. It sounds to me like you should be doing some reading up on routers and firewalls. That might eliminate some of the confusion you're experiencing.
See! There you go with that snark again.
With a globally unique address why do I need a router on the end of my cable modem?
Exactly! Why not just connect a hub or a switch to your IPv6-enabled cable modem? No need for a router at all! Then, all of our widgets can be hanging out in the breeze with the big boyz. If you wanted centralized firewalling, a bridged firewall between modem and hub would work, right? Can I go down to Fry's to pick up a consumer-grade bridged firewall yet? Does IPv6 render the concept of a "subnet" moot? Or will subnets/routers still be needed to confine the scope of ARP broadcasts and for geographical port distribution? I need to learn more about IPv6 theory and operation... Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Lew Wolfgang wrote:
Exactly! Why not just connect a hub or a switch to your IPv6-enabled cable modem? No need for a router at all! Then, all of our widgets can be hanging out in the breeze with the big boyz. See my reply to John.
Can I go down to Fry's to pick up a consumer-grade bridged firewall yet?
Industrial grade gear can usually do that. There was also a recent article in the Linux Journal about rolling your own with Linux.
Or will subnets/routers still be needed to confine the scope of ARP broadcasts and for geographical port distribution?
There will be a router somewhere, either at your site or the ISPs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
See! There you go with that snark again.
When had I done that before or now. I was simply suggesting you might want to do some research to clear up some confusions.
With a globally unique address why do I need a router on the end of my cable modem?
Lets go back to the beginning of the internet. Back then, there were a variety of network types, such as ethernet, token ring, arcnet and proprietary networks. The internet was intended to be a universal standard that could connect all these different networks. Each site was assigned a block of addresses for use on their networks. Now the problem became how to get from network A to network B. The solution was the router. The router on network A would have an address on that network that could talk to other devices on that network and the other side of the router would connect to the router on network B, which would likewise have an address on it's local network. The links themselves don't have an address. Now when a computer on network A wants to send a packet, it checks to see if the destination is on the local network. If so, it sends it directly over the local network. If the destination is not on the local network, it sends it to the appropriate router (there may be more than one router on a network) to be forwarded on to the remote network, where the router there sends the packet to another local device, which might even be another router. This is how communication around the world is possible. As for whether or not you'll need a router, that depends on how your ISP delivers your subnet to you. Cable and DSL modems are generally configured to deliver a single address to the customer. With those, you'd need a router to connect to your network so that it could relay foreign packets, in the manner described above.. The other method would be for the ISP to do all your routing for you and connect to your network with what amounts to a bridge (bridges preserve MAC addresses, routers discard them), so that no routing would be required between you and the ISP. This way, their router would appear on your local lan, as though it were actually at your location. I have used this method to connect multiple sites via microwave, fibre, T1 or SHDSL, so that the customer would have a flat network, instead of separate subnets at each site. I have also set up many networks with traditional routing, often, but not always, with NAT. One customer had 5 sites with routing, but no NAT, connected via SHDSL. Another had 3 sites with a flat network, connected via microwave. Another had 3 sites with a flat network, connected via fibre. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 19:43, John E. Perry wrote:
On 09/08/2010 05:33 PM, Adam Tauno Williams wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in?
So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes.
Yeah, if I stored a lot of critical information on my wife's Windows computers, and if I were important enough or rich enough to make it worth some crook's while to attack me, I could see the need for more.
How critical is your money? >:-) I met a chap, actually the teacher at a networking course I took. He commented on how he, quite easily, entered his neighbour WiFi network. From there, he gained access to the windows machine. From there, he captured the login and password used for that neighbour banking account. Then he verified that login/pass by entering himself into that banking account, had a look, and exited. He said that, had he really intended to move money, he would have hacked a second wifi somewhere to do the mischief, so that when the police or whoever started to track back who was responsible, his own IP would not be the one listed, but somebody else's. Thus, even if you don't have bank accounts, if your network is breakable it can be used to cause mischief to others (spam sending, for instance), and you would be the prime suspect when the police start investigating >:-) -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 09/09/2010 12:43 PM, John E. Perry wrote:
So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes.
I live in Nac.... I'm am invisible to ALL wardrivers :p All reasonably recent cable/dsl routers do a darn good job of firewalling and giving you reasonable flexibility with port-choice and port-forwarding. For every service I want to offer, I have to punch a hole in the router to let traffic in (open a port and fwd it to a box that handles the service on that port) I don't see how this will change with IPV6. The issue will be whether the router is smart enough to handle/route IPV6 and if so -- no issue -- if not => new router. (looking at my old Linksys WRT54G, it looks like I'll have to swap that with my Trendnet 633GR and pray it does IPV6 work over the WAN -- bummer. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/15/2010 11:36 PM, David C. Rankin wrote:
On 09/09/2010 12:43 PM, John E. Perry wrote:
So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes.
I live in Nac.... I'm am invisible to ALL wardrivers :p
All reasonably recent cable/dsl routers do a darn good job of firewalling and giving you reasonable flexibility with port-choice and port-forwarding. For every service I want to offer, I have to punch a hole in the router to let traffic in (open a port and fwd it to a box that handles the service on that port) I don't see how this will change with IPV6. The issue will be whether the router is smart enough to handle/route IPV6 and if so -- no issue -- if not => new router. (looking at my old Linksys WRT54G, it looks like I'll have to swap that with my Trendnet 633GR and pray it does IPV6 work over the WAN -- bummer.
Whew, the 633 will work: The TEW-633GR employs a VSC7385 Gigabit Ethernet switch made by VITESSE. This SparX series chip is recommended for use in high-performance SOHO solutions. The chip offers 5 ports, has a 112KB frame buffer, supports IPv4 and IPv6 networks (with Jumbo Frames), and features integrated tools for QoS and other services. Having an integrated processor, it can even work as a router in its own right, but this capability is not utilized in the TEW-633GR. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
What you can reach, others can reach, and with a nat-less internet you end up requiring protection in every device. Desirable perhaps, but not practical.
With a firewall, such as IPTables, you start by blocking everything and then adding only what you want.
As for impossible to reach your own net thru nat, I suggest prior planning.
It's easy enough to port forward to only one computer, but what if you have more than one and want to reach them? While not impossible, things can get messy. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010 01:03:53 James Knott wrote:
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. As far as refusing to provide support, if IPv6 isn't disabled, that tells me your ISP is incompetent.
They anyway do not support Linux, so nothing changes for me. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Ilya Chernykh wrote:
On Wednesday 08 September 2010 21:12:17 James Knott wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS.
It's time for you to find a new ISP. NAT is broken in a number of ways.
Still works remarkably well despite it ... -- Per Jessen, Zürich (14.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010 01:39:34 Per Jessen wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS.
It's time for you to find a new ISP. NAT is broken in a number of ways.
Still works remarkably well despite it ...
And for an average housewife there is no difference. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/8/2010 2:46 PM, Ilya Chernykh wrote:
On Thursday 09 September 2010 01:39:34 Per Jessen wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS.
It's time for you to find a new ISP. NAT is broken in a number of ways.
Still works remarkably well despite it ...
And for an average housewife there is no difference.
My wife as asked me to ask you not to use housewives as the lowest common denominator. She'd ask you herself, but she doesn't think much of this whole new fangled mailing list stuff. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/8/2010 2:46 PM, Ilya Chernykh wrote:
And for an average housewife there is no difference.
My wife as asked me to ask you not to use housewives as the lowest common denominator.
She'd ask you herself, but she doesn't think much of this whole new fangled mailing list stuff.
Ouch. I'm guessing that just about the whole list saw that one coming . . . -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
dwgallien wrote:
She'd ask you herself, but she doesn't think
much of this whole new fangled mailing list stuff.
Ouch. I'm guessing that just about the whole list saw that one coming . . .
I guess we'll have to switch to grandmothers or brothers in law. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Still works remarkably well despite it ...
Try doing a command line ftp with a client that doesn't support passive mode. Try setting up for voice over IP or certain gaming to more than one computer. Try using ssh to multiple computers, without changing port numbers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
Still works remarkably well despite it ...
Try doing a command line ftp with a client that doesn't support passive mode.
A bit contrived that, isn't it? I mean, yes, you're right, but I think I'll maintain that NAT still works remarkably well despite that "problem". Snippet from 'man ftp': "-A Force active mode ftp. By default, ftp will try to use passive mode ftp and fall back to active mode if passive is not supported by the server. This option causes ftp to always use an active connection. It is only useful for connecting to very old servers that do not implement passive mode properly."
Try setting up for voice over IP or certain gaming to more than one computer.
No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon.
Try using ssh to multiple computers, without changing port numbers.
I do that every day from my workstation. (which is behind a NAT setup). -- Per Jessen, Zürich (13.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Try setting up for voice over IP or certain gaming to more than one computer. No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon.
Emphasis: "Of course, I run a stun daemon."
Try using ssh to multiple computers, without changing port numbers. I do that every day from my workstation. (which is behind a NAT setup).
The issue is the reverse. With IPv6 I just unblock SSH (TCP/22). Done. Sooo much simpler. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
Try setting up for voice over IP or certain gaming to more than one computer.
No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon.
Emphasis: "Of course, I run a stun daemon."
Therefore: problem eliminated.
Try using ssh to multiple computers, without changing port numbers.
I do that every day from my workstation. (which is behind a NAT setup).
The issue is the reverse.
Yeah, I thought that mnight be it - well, to me, it also seems a little contrived. When I need external ssh access to something on my NAT'ed network, I ssh to the NAT'ing gateway, and from there to whatever I need. -- Per Jessen, Zürich (18.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 14:57 +0200, Per Jessen wrote:
Adam Tauno Williams wrote:
Try setting up for voice over IP or certain gaming to more than one computer. No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon. Emphasis: "Of course, I run a stun daemon." Therefore: problem eliminated. Try using ssh to multiple computers, without changing port numbers. I do that every day from my workstation. (which is behind a NAT setup). The issue is the reverse. Yeah, I thought that mnight be it - well, to me, it also seems a little contrived. When I need external ssh access to something on my NAT'ed network, I ssh to the NAT'ing gateway, and from there to whatever I need.
The basis of your argument is that NAT is *simple*. You've just, in this brief conversation, enumeration *TWO* work-arounds. Enable IPv6, toss both of them; just control access with a firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
On Thu, 2010-09-09 at 14:57 +0200, Per Jessen wrote:
Try setting up for voice over IP or certain gaming to more than one computer. No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon. Emphasis: "Of course, I run a stun daemon." Therefore: problem eliminated. Try using ssh to multiple computers, without changing port numbers. I do that every day from my workstation. (which is behind a NAT setup). The issue is the reverse. Yeah, I thought that mnight be it - well, to me, it also seems a
Adam Tauno Williams wrote: little contrived. When I need external ssh access to something on my NAT'ed network, I ssh to the NAT'ing gateway, and from there to whatever I need.
The basis of your argument is that NAT is *simple*.
I *do* think NAT is simple, but that's not the basis of my argument. I'm merely arguing against the suggestion that "NAT is broken in a number of ways" when the problems mentioned turn out to be either contrived or non-problems. -- Per Jessen, Zürich (18.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
I*do* think NAT is simple, but that's not the basis of my argument. I'm merely arguing against the suggestion that "NAT is broken in a number of ways" when the problems mentioned turn out to be either contrived or non-problems.
Using NAT, for outgoing traffic is simple. However, as soon as you want remote access to computers behind your firewall, things get "interesting". There is no simple way to access multiple computers with the same protocol. You have to resort to tricks such as non-standard ports, or, as you mentioned in another note, relaying ssh. A VPN will work (assuming no NAT address clash), but you might not have one handy. It might also be blocked by the local firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want remote access to computers behind your firewall, things get "interesting". There is no simple way to access multiple computers with the same protocol. You have to resort to tricks such as non-standard ports, or, as you mentioned in another note, relaying ssh. A VPN will work (assuming no NAT address clash), but you might not have one handy. It might also be blocked by the local firewall.
Are you seriously suggesting that having a firewall is a problem, and that anything less than complete, unrestricted and unauthenticated access to the LAN is in some sense broken? I don't think this is what you want to say, but it certainly sounds as though those are the words you choose. Somehow I don't think you would argue like this on other topics that didn't involve NAT. Anders P.S. Who broke the email templates in kmail? Argh! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 20:02 +0200, Anders Johansson wrote:
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want remote access to computers behind your firewall, things get "interesting". There is no simple way to access multiple computers with the same protocol. You have to resort to tricks such as non-standard ports, or, as you mentioned in another note, relaying ssh. A VPN will work (assuming no NAT address clash), but you might not have one handy. It might also be blocked by the local firewall. Are you seriously suggesting that having a firewall is a problem
No, I don't read that in the above text at all.
, and that anything less than complete, unrestricted and unauthenticated access to the LAN is in some sense broken?
Nothing said above isn't fact. With IPv4+NAT: * There is no simple way to access multiple computers with the same protocol. * You have to resort to tricks such as non-standard ports, * A VPN will work - assuming no NAT address clash I agree the "It might also be blocked by the local firewall" statement is confusing. It doesn't invalidate any of the other statements. With a firewall'd IPv6 network you just say - permit inbound :80. Done. No need to port forward 80 on the external interface to A.B.C.D:80 on some internal host. Or you can say permit inbound :80 just to A.B.C.D.E.F. And if you want to access port 80 on two machines - no problem. No need to have one be :80 and the other :81 as is required with NAT (and makes for hackish URLs). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010, Adam Tauno Williams wrote:
With a firewall'd IPv6 network you just say - permit inbound :80. Done. No need to port forward 80 on the external interface to A.B.C.D:80 on some internal host. Or you can say permit inbound :80 just to A.B.C.D.E.F. And if you want to access port 80 on two machines - no problem. No need to have one be :80 and the other :81 as is required with NAT (and makes for hackish URLs).
Except you're not supposed to run external services on the internal LAN at all, because once a flaw has been discovered, your entire LAN with all its desktops and everything is wide open. A LAN should be locked down, completely, totally, utterly. Saying "with IPv6 you can run services there" is simply not an argument that wins any favours with me, and I hope any security conscious admin agrees Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson said the following on 09/09/2010 02:19 PM:
On Thursday 09 September 2010, Adam Tauno Williams wrote:
With a firewall'd IPv6 network you just say - permit inbound :80. Done. No need to port forward 80 on the external interface to A.B.C.D:80 on some internal host. Or you can say permit inbound :80 just to A.B.C.D.E.F. And if you want to access port 80 on two machines - no problem. No need to have one be :80 and the other :81 as is required with NAT (and makes for hackish URLs).
Except you're not supposed to run external services on the internal LAN at all, because once a flaw has been discovered, your entire LAN with all its desktops and everything is wide open. A LAN should be locked down, completely, totally, utterly. Saying "with IPv6 you can run services there" is simply not an argument that wins any favours with me, and I hope any security conscious admin agrees
+1 -- "The wide world is all about you: you can fence yourselves in, but you cannot for ever fence it out." -- JRR Tolkien, -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:19 PM:
On Thursday 09 September 2010, Adam Tauno Williams wrote:
With a firewall'd IPv6 network you just say - permit inbound :80. Done. No need to port forward 80 on the external interface to A.B.C.D:80 on some internal host. Or you can say permit inbound :80 just to A.B.C.D.E.F. And if you want to access port 80 on two machines - no problem. No need to have one be :80 and the other :81 as is required with NAT (and makes for hackish URLs).
Except you're not supposed to run external services on the internal LAN at all, because once a flaw has been discovered, your entire LAN with all its desktops and everything is wide open. A LAN should be locked down, completely, totally, utterly. Saying "with IPv6 you can run services there" is simply not an argument that wins any favours with me, and I hope any security conscious admin agrees
+1
Of course ssh may be handy to manage systems remotely. Of course you'd then want to use public/private keys, instead of passwords. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want remote access to computers behind your firewall, things get "interesting". There is no simple way to access multiple computers with the same protocol. You have to resort to tricks such as non-standard ports, or, as you mentioned in another note, relaying ssh. A VPN will work (assuming no NAT address clash), but you might not have one handy. It might also be blocked by the local firewall.
Are you seriously suggesting that having a firewall is a problem, and that anything less than complete, unrestricted and unauthenticated access to the LAN is in some sense broken?
No, it's not a problem. However, I have experienced having a VPN blocked from the local public library, where free WiFi is available. Unfortunately, they also block the IPv6 tunnel. In some situations, where security is a concern, you'd want to block VPNs, as they'd be a security hole. On the other hand why bother on a publicly available network, as happens at the library (you only require a library card to use it). Of course, if I'm worried about getting past a firewall, all I have to do is fire up my Nexus One, tether to it (via WiFi or USB), and get out that way.
I don't think this is what you want to say, but it certainly sounds as though those are the words you choose. Somehow I don't think you would argue like this on other topics that didn't involve NAT.
Quite so, firewalls are an important part of security. They just have to be configured appropriately to the needs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/09/2010 12:33 PM:
Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a major load on the 'Net. Most home users don't have the technical sophistication to configure a firewall, v4 or v6, and don't need inbound access. The point here is that your arguments about peer-to-peer connectivity do not apply to them. And they probably neither want nor can afford a cluster of IPv4 addresses.[1] In fact, when I think about it, they don't apply in a lot of corporate settings either. Many organisations don't want to allow inbound access to just any machine, and 'un-routable' subnets are useful for that :-) "Support" you say? Well Per Jensen showed how to ssh though NAT. I've BTDT myself for support, and also in a M$ environment. I know of quite a few Big Name Corporations that use NAT - not for their whole organization but certainly for an isolated subnet. James: I think you are (a) underestimating the utility value of NAT and so condemning it even for IPv4 and (b) assuming every user of the 'Net has your degree of technical sophistication. [1] Yes, IPv6 addresses will be as available and cheap as the nuclear electricity we were promised back in the late '40s and early '50s. But the reality is that letting Joe Sixpack expose all his internal home devices so they can 'peer-to-peer' with anything else on the 'Net will be a security nightmare. -- The scientific name for an animal that doesn't either run from or fight its enemies is lunch. - Michael Friedman -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
James Knott said the following on 09/09/2010 12:33 PM:
Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a major load on the 'Net.
One of the cable companies in my part of the world has announced PVRs that can be programmed remotely via the internet. What does said home user do now? What if he has two or more PVRs? Other appliances are coming which consumers may want to access from outside the home. Lot's of people have media servers now. What about them?
Most home users don't have the technical sophistication to configure a firewall, v4 or v6, and don't need inbound access.
The point here is that your arguments about peer-to-peer connectivity do not apply to them.
And they probably neither want nor can afford a cluster of IPv4 addresses.[1]
In fact, when I think about it, they don't apply in a lot of corporate settings either. Many organisations don't want to allow inbound access to just any machine, and 'un-routable' subnets are useful for that :-)
"Support" you say? Well Per Jensen showed how to ssh though NAT. I've BTDT myself for support, and also in a M$ environment. I know of quite a few Big Name Corporations that use NAT - not for their whole organization but certainly for an isolated subnet.
James: I think you are (a) underestimating the utility value of NAT and so condemning it even for IPv4 and (b) assuming every user of the 'Net has your degree of technical sophistication.
NAT produces zero benefit over a properly configured firewall. It does cause problems for many genuine needs.
[1] Yes, IPv6 addresses will be as available and cheap as the nuclear electricity we were promised back in the late '40s and early '50s. But the reality is that letting Joe Sixpack expose all his internal home devices so they can 'peer-to-peer' with anything else on the 'Net will be a security nightmare.
Already some devices can talk to firewall routers, to open a port to them. There's no reason why that shouldn't continue with or without NAT. Not using NAT makes it easier for multiple devices. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/9/2010 1:47 PM, James Knott wrote:
Anton Aylward wrote:
James Knott said the following on 09/09/2010 12:33 PM:
Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a major load on the 'Net.
One of the cable companies in my part of the world has announced PVRs that can be programmed remotely via the internet. What does said home user do now? What if he has two or more PVRs? Other appliances are coming which consumers may want to access from outside the home. Lot's of people have media servers now. What about them?
Most of these are not being addressed directly via your internet connection. Requiring that would eliminate this feature for customers that only buy TV from the cable company. You point your web browser to a box attached to the head end controller, which in turn sends commands to your PVR. There is no public network (and quite possibly no TCP/IP) involved. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 22:47, James Knott wrote:
Anton Aylward wrote:
James Knott said the following on 09/09/2010 12:33 PM:
Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a major load on the 'Net.
One of the cable companies in my part of the world has announced PVRs that can be programmed remotely via the internet. What does said home user do now? What if he has two or more PVRs? Other appliances are coming which consumers may want to access from outside the home. Lot's of people have media servers now. What about them?
Having IPV6 and the possibility of accessing computers or gadgets from outside, is very interesting for consumers - and providers. Anything from accessing your fridge log while traveling on the tube, to sharing a file with a colleague without an external sharing server. Or using VoIp (on several home computers or gadgets) without having to use weird things to traverse the nat router. There is a new, wide, range of applications once we get rid of NAT - with new dangers that Joe User knows not how to cope with. We are not prepared for that. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Thu, 2010-09-09 at 15:36 +0200, Per Jessen wrote:
Adam Tauno Williams wrote:
On Thu, 2010-09-09 at 14:57 +0200, Per Jessen wrote:
Try setting up for voice over IP or certain gaming to more than one computer. No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon. Emphasis: "Of course, I run a stun daemon." Therefore: problem eliminated. Try using ssh to multiple computers, without changing port numbers. I do that every day from my workstation. (which is behind a NAT setup). The issue is the reverse. Yeah, I thought that mnight be it - well, to me, it also seems a
Adam Tauno Williams wrote: little contrived. When I need external ssh access to something on my NAT'ed network, I ssh to the NAT'ing gateway, and from there to whatever I The basis of your argument is that NAT is *simple*. I *do* think NAT is simple, but that's not the basis of my argument. I'm merely arguing against the suggestion that "NAT is broken in a number of ways"
It is exactly "broken in a number of ways". <http://www.faqs.org/rfcs/rfc1627.html> <http://www.cs.utk.edu/~moore/what-nats-break.html>
when the problems mentioned turn out to be either contrived or non-problems.
So everything that doesn't specifically apply to your use-case is "contrived"? Do you enjoy double-SSH-ing? Why bother? Wouldn't it be nice not to have to futz with port-forwards? I own a 1919 Model-T Ford. I can crank-start it or use the electric starter. I always use the electric starter. Why? Its easier, and safer [just like IPv6]. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010, Adam Tauno Williams wrote:
So everything that doesn't specifically apply to your use-case is "contrived"?
Do you enjoy double-SSH-ing? Why bother? Wouldn't it be nice not to have to futz with port-forwards?
A company who thinks "yes, with IPv6 we can just open everything up so no one will have to bother with silly things like authentication anymore!" is probably the same company that lets everyone run as administrator in windows. Yes, IPv6 is the future, but this just isn't the argument for it. You are aware, I hope, that many companies today run VPNs to their internal LANs even though every single machine has a real IPv4 address. The external connection is heavily locked down, and you only get in to your destination machine after seriously authenticating yourself. IPv6 will reduce the number of steps needed here by exactly zero! Yes NAT is bad, yes IPv6 is good, but please update your arguments. No one will ever implement it on the basis of "no security for anyone" Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 20:10 +0200, Anders Johansson wrote:
So everything that doesn't specifically apply to your use-case is "contrived"?
Do you enjoy double-SSH-ing? Why bother? Wouldn't it be nice not to have to futz with port-forwards? A company who thinks "yes, with IPv6 we can just open everything up so no one will have to bother with silly things like authentication anymore!" is
On Thursday 09 September 2010, Adam Tauno Williams wrote: probably the same company that lets everyone run as administrator in windows.
Who said anything like: "an just open everything up so no one will have to bother with silly things like authentication anymore". Nobody did. Are you trolling?
Yes, IPv6 is the future, but this just isn't the argument for it.
How is ability-to-more-simply-access-my-resourcesnot an argument-for?
You are aware, I hope, that many companies today run VPNs to their internal LANs even though every single machine has a real IPv4 address.
Really? I know of exactly one local company [non-ISP] with a large enough IPv4 allocation to enumerate all their internal resources. I doubt the "many". Everywhere I go it is private IPs. Price a large block of IPv4 addresses.
The external connection is heavily locked down, and you only get in to your destination machine after seriously authenticating yourself. IPv6 will reduce the number of steps needed here by exactly zero!
Agree; I just don't see that as the standard-case.
Yes NAT is bad, yes IPv6 is good, but please update your arguments. No one will ever implement it on the basis of "no security for anyone"
No one suggested that argument. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 09 September 2010, Adam Tauno Williams wrote:
Who said anything like: "an just open everything up so no one will have to bother with silly things like authentication anymore". Nobody did.
Maybe you're not really listening to yourself, but that is exactly what you're saying. "With IPv6, I don't have to open up multiple ports in the firewall to get to internal machines, everything is directly available". As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
Yes, IPv6 is the future, but this just isn't the argument for it.
How is ability-to-more-simply-access-my-resourcesnot an argument-for?
You are aware, I hope, that many companies today run VPNs to their internal LANs even though every single machine has a real IPv4 address.
Really? I know of exactly one local company [non-ISP] with a large
I don't know what is local for you, but I know several multinationals who do it. Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson said the following on 09/09/2010 02:22 PM:
As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
+1 -- ASCII stupid question, get a stupid ANSI -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:22 PM:
As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
+1
Or perhaps our understanding of the implications of NAT cause us to oppose it. NAT is a hack that's used to get around the shortage of IP addresses and in the process violates IP specs that addresses shouldn't be tampered with and it also breaks some things. Now that more than sufficient addresses are available, there's absolutely no justification for continuing to use NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/09/2010 04:50 PM:
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:22 PM:
As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
+1
Or perhaps our understanding of the implications of NAT cause us to oppose it.
NAT is a hack that's used to get around the shortage of IP addresses and in the process violates IP specs that addresses shouldn't be tampered with and it also breaks some things.
How little you know abut history. The original 'RFC1918 considered harmful" (actually "RFC 1627 - Network 10 Considered Harmful") dates from 1994. That's 26 years ago. http://www.packetizer.com/rfc/rfc1918/ Please note that this is tagged as a "best current practice" and as "Obsoletes: 1627, 1597" However it replicates the wording of RFC1597 in many places. Yes, there were panics about address exhaustion that long ago. And a lot of other nonsense, if you recall, like running out of oil. The justification for "Network 10" - what we now call NAT'ing, read: <quote src="RFC1597, RFC1918"> Hosts within enterprises that use IP can be partitioned into three categories: - hosts that do not require access to hosts in other enterprises or the Internet at large; - hosts that need access to a limited set of outside services (e.g., E-mail, FTP, netnews, remote login) which can be handled by application layer gateways; - hosts that need network layer access outside the enterprise (provided via IP connectivity); - hosts within the first category may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises. For many hosts in the second category an unrestricted external access (provided via IP connectivity) may be unnecessary and even undesirable for privacy/security reasons. Just like hosts within the first category, such hosts may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises. Only hosts in the last category require IP addresses that are globally unambiguous. Many applications require connectivity only within one enterprise and do not even need external connectivity for the majority of internal hosts. In larger enterprises it is often easy to identify a substantial number of hosts using TCP/IP that do not need network layer connectivity outside the enterprise. </quote> The case that Bob Moskowitz (http://htt-consult.com/bio.html) and others made back then still has validity today. The issue isn't that "NAT breaks the IP protocols" so much as there are situations where it doesn't matter. IPv6 may be a good thing, but this slagging of NAT is not necessary. There are and there will continue to be good reasons or people to use NAT. I will go so far as to predict that even with IPv6in place, there will be something like "network 10" - private address spaces, and hence something like NAT. Its just too convenient to have addresses that cannot be - will not be - routed. <quote> An enterprise that decides to use IP addresses out of the address space defined in this document can do so without any coordination with IANA or an Internet registry. The address space can thus be used by many enterprises. Addresses within this private address space will only be unique within the enterprise. </quote> Its a pity that James' enthusiasm for IPv6 is matched by such intolerance of the useful aspects of NAT and the conditions under which "network 10" has been beneficial to corporations and individuals. <quote> In order to use private address space, an enterprise needs to determine which hosts do not need to have network layer connectivity outside the enterprise in the foreseeable future. Such hosts will be called private hosts, and will use the private address space defined above. Private hosts can communicate with all other hosts inside the enterprise, both public and private. However, they cannot have IP connectivity to any external host. While not having external network layer connectivity private hosts can still have access to external services via application layer relays. </quote> That's the kind of process that IT regularly performs. Risk Analysis and Needs Analysis. <quote> 4. Advantages and Disadvantages of Using Private Address Space The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required. Enterprises themselves also enjoy a number of benefits from their usage of private address space: They gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. </quote> Well, lets face it, does you network printer really need to be "globally connected"? Please note: I am no denigrating IPv6 or saying that one _should_ use NAT. Nor am I saying that NAT should be forced on organizations to further (asymptotically) delay the exhaustion of the IPv4 address space. I *am* saying that slagging NAT is not a good argument in favour of IPv6. I am saying that blithely asserting that universal connectivity is an argument or IPv6 ignores the reality of the needs of business and of domestic users. I am saying that blithely asserting that you can configure a firewall to allow domestic the benefits of NAT - that is restricting universal connectivity - ignores the reality of how poorly many firewalls are already configured and the lack of such expertise in the domestic market. "NAT breaks things". Yes. It was meant to. Lets make that quite clear. RFCs 1597 and 1918 make that quite clear and are unambiguous about the purpose and benefits http://www.packetizer.com/rfc/rfc1597/ http://www.packetizer.com/rfc/rfc1918/ We really don't need this rabid slagging of NAT in order to justify IPv6. If IPv6 cannot stand on its own merits without the need to badmouth other technologies then something is wrong with it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
James Knott said the following on 09/09/2010 04:50 PM:
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:22 PM:
As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
+1
Or perhaps our understanding of the implications of NAT cause us to oppose it.
NAT is a hack that's used to get around the shortage of IP addresses and in the process violates IP specs that addresses shouldn't be tampered with and it also breaks some things.
How little you know abut history. The original 'RFC1918 considered harmful" (actually "RFC 1627 - Network 10 Considered Harmful") dates from 1994. That's 26 years ago.
http://www.packetizer.com/rfc/rfc1918/ Please note that this is tagged as a "best current practice" and as "Obsoletes: 1627, 1597"
However it replicates the wording of RFC1597 in many places.
Yes, there were panics about address exhaustion that long ago. And a lot of other nonsense, if you recall, like running out of oil.
The justification for "Network 10" - what we now call NAT'ing, read:
<quote src="RFC1597, RFC1918"> Hosts within enterprises that use IP can be partitioned into three categories:
- hosts that do not require access to hosts in other enterprises or the Internet at large;
- hosts that need access to a limited set of outside services (e.g., E-mail, FTP, netnews, remote login) which can be handled by application layer gateways;
- hosts that need network layer access outside the enterprise (provided via IP connectivity);
- hosts within the first category may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises.
For many hosts in the second category an unrestricted external access (provided via IP connectivity) may be unnecessary and even undesirable for privacy/security reasons. Just like hosts within the first category, such hosts may use IP addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises.
Only hosts in the last category require IP addresses that are globally unambiguous.
Many applications require connectivity only within one enterprise and do not even need external connectivity for the majority of internal hosts. In larger enterprises it is often easy to identify a substantial number of hosts using TCP/IP that do not need network layer connectivity outside the enterprise. </quote>
The case that Bob Moskowitz (http://htt-consult.com/bio.html) and others made back then still has validity today. The issue isn't that "NAT breaks the IP protocols" so much as there are situations where it doesn't matter.
IPv6 may be a good thing, but this slagging of NAT is not necessary. There are and there will continue to be good reasons or people to use NAT.
I will go so far as to predict that even with IPv6in place, there will be something like "network 10" - private address spaces, and hence something like NAT. Its just too convenient to have addresses that cannot be - will not be - routed.
<quote> An enterprise that decides to use IP addresses out of the address space defined in this document can do so without any coordination with IANA or an Internet registry. The address space can thus be used by many enterprises. Addresses within this private address space will only be unique within the enterprise. </quote>
Its a pity that James' enthusiasm for IPv6 is matched by such intolerance of the useful aspects of NAT and the conditions under which "network 10" has been beneficial to corporations and individuals.
<quote> In order to use private address space, an enterprise needs to determine which hosts do not need to have network layer connectivity outside the enterprise in the foreseeable future. Such hosts will be called private hosts, and will use the private address space defined above. Private hosts can communicate with all other hosts inside the enterprise, both public and private. However, they cannot have IP connectivity to any external host. While not having external network layer connectivity private hosts can still have access to external services via application layer relays. </quote>
That's the kind of process that IT regularly performs. Risk Analysis and Needs Analysis.
<quote> 4. Advantages and Disadvantages of Using Private Address Space
The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required.
Enterprises themselves also enjoy a number of benefits from their usage of private address space: They gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. </quote>
Well, lets face it, does you network printer really need to be "globally connected"?
Please note: I am no denigrating IPv6 or saying that one _should_ use NAT. Nor am I saying that NAT should be forced on organizations to further (asymptotically) delay the exhaustion of the IPv4 address space. I *am* saying that slagging NAT is not a good argument in favour of IPv6. I am saying that blithely asserting that universal connectivity is an argument or IPv6 ignores the reality of the needs of business and of domestic users. I am saying that blithely asserting that you can configure a firewall to allow domestic the benefits of NAT - that is restricting universal connectivity - ignores the reality of how poorly many firewalls are already configured and the lack of such expertise in the domestic market.
"NAT breaks things". Yes. It was meant to. Lets make that quite clear. RFCs 1597 and 1918 make that quite clear and are unambiguous about the purpose and benefits
These links were provided earlier. Please read them. http://www.cs.utk.edu/~moore/what-nats-break.html http://www.faqs.org/rfcs/rfc1627.html -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/09/2010 10:34 PM:
Anton Aylward wrote:
"NAT breaks things". Yes. It was meant to. Lets make that quite clear. RFCs 1597 and 1918 make that quite clear and are unambiguous about the purpose and benefits
These links were provided earlier. Please read them. http://www.cs.utk.edu/~moore/what-nats-break.html http://www.faqs.org/rfcs/rfc1627.html
Since my post referred to and quoted from the latter and addressed the former, I obviously had! -- Those who wish to seek out the cause of miracles, and to understand the things of nature as philosophers, and not to stare at them in astonishment like fools, are soon considered heretical and impious,and proclaimed as such by those whom the mob adores as the interpreters of nature and the gods. For these men know that once ignorance is put aside that wonderment would be taken away which is the only means by which their authority is preserved. --Spinoza -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
IPv6 may be a good thing, but this slagging of NAT is not necessary. There are and there will continue to be good reasons or people to use NAT.
+1.
I will go so far as to predict that even with IPv6in place, there will be something like "network 10" - private address spaces, and hence something like NAT. Its just too convenient to have addresses that cannot be - will not be - routed.
unique local addresses, I think that is.
Please note: I am no denigrating IPv6 or saying that one _should_ use NAT. Nor am I saying that NAT should be forced on organizations to further (asymptotically) delay the exhaustion of the IPv4 address space. I *am* saying that slagging NAT is not a good argument in favour of IPv6.
Same here. -- Per Jessen, Zürich (14.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Its just too convenient to have addresses that
cannot be - will not be - routed.
unique local addresses, I think that is.
Many people seem to think those RFC1918 address can't be routed. They can, just as well as any other address. However, they're supposed to be blocked from reaching the public internet. In fact, my own ISP uses 10.x.y.z addresses to route within it's own network (you can see them with traceroute). However, where it meets the internet or the customer, it uses "real" addresses. With IPv6, there are non-routable addresses called "link local", which every device gets. Routers are supposed to be configured to always block them. There are also the unique local addresses, which may be routed within a private network, but are also supposed to be blocked from the internet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/10/2010 02:47 AM:
Anton Aylward wrote:
IPv6 may be a good thing, but this slagging of NAT is not necessary. There are and there will continue to be good reasons or people to use NAT.
+1.
I will go so far as to predict that even with IPv6in place, there will be something like "network 10" - private address spaces, and hence something like NAT. Its just too convenient to have addresses that cannot be - will not be - routed.
unique local addresses, I think that is.
Its funny. When I read the RFCs and commentaries on ULA (go google) they seem to have only a slight difference from the older RFCs such as RFC1918. These seem to be 1. There is no mention of address space exhaustion. 2. There are efforts at central administration The second I find laughable. The emphasis on non-routable address space for local use and the "isolation" has much the same _semantic_ content as RFC1918 and RFC1627. So, if "Network 10" and NAT is to be 'cosnidered harmfu'l then fc00::/7 and the gateway that maps those non-routable address across the 'Net is to be 'considered harmful' as well. In RFC4193 we have <quote> - Provides Local IPv6 prefixes that can be used independently of any provider-based IPv6 unicast address allocations. This is useful for sites not always connected to the Internet or sites that wish to have a distinct prefix that can be used to localize traffic inside of the site. </quote> Yes, the wording is different, but that is what "network 10" (and the other unroutable IPv4 addresses) was achieving. Locally restricted addressing that necessitated an _explicit_ (i.e. NAT'ing firewall) gateway (aka choke point where access rules can be applied) Whoopee. IPv6 is "broken" in exactly the same way that IPv4 was. Big Deal. -- If a little knowledge is dangerous, where is the man who has so much as to be out of danger. Thomas H. Huxley -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
So, if "Network 10" and NAT is to be 'cosnidered harmfu'l then fc00::/7 and the gateway that maps those non-routable address across the 'Net is to be 'considered harmful' as well.
In RFC4193 we have <quote> - Provides Local IPv6 prefixes that can be used independently of any provider-based IPv6 unicast address allocations. This is useful for sites not always connected to the Internet or sites that wish to have a distinct prefix that can be used to localize traffic inside of the site. </quote>
Yes, the wording is different, but that is what "network 10" (and the other unroutable IPv4 addresses) was achieving. Locally restricted addressing that necessitated an_explicit_ (i.e. NAT'ing firewall) gateway (aka choke point where access rules can be applied)
Whoopee. IPv6 is "broken" in exactly the same way that IPv4 was.
The issue is not RFC1918 addresses or equivalent, as there are many reasons why they might be used. However, while RFC1918 addresses are often used with NAT, they don't have to be. They are simply addresses that are available for use, without co-ordinating with others. The IPv6 unique local address serve a similar purpose. I have never said RFC1918 or unique local addresses are bad. I have said NAT is. Big difference. RFC1918 does not require NAT, but NAT requires RFC1918, unless you're willing to to risk address conflicts. Even then, you still risk them if using a VPN between NAT sites. With globally assigned addresses, on either IPv4 or IPv6, you don't have that problem, as globally assigned addresses are unique. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/10/2010 10:09 AM:
[snip]
Whoopee. IPv6 is "broken" in exactly the same way that IPv4 was.
The issue is not RFC1918 addresses or equivalent, as there are many reasons why they might be used.
Good. We're getting somewhere. That's despite the RFC1627 "network 10 considered harmful" ... and RFC1918 is the revised version of RFC1597 to which RFC1627 refers. RFC1918 and the categorisation of needs that it describes, including NAT that it espouses (although not by that name) is still labelled a "best Current Practice" http://tools.ietf.org/html/bcp5
However, while RFC1918 addresses are often used with NAT, they don't have to be. They are simply addresses that are available for use, without co-ordinating with others.
The converse also applies. I can use a set of IP addresses I have been assigned and NAT those as well :-) In fact I can even be very naughty and use a set of addresses that has been assigned to someone else! Yes, very naughty. However so long as I don't do business with the group they _are_ assigned to, it gets round your problem of SSH'ing from my hotel to another site that uses RFC1918 addresses since I'm going to be certain there won't be crash Yes, very naughty! Ironically I know of a quite a few organizations that use NAT'ed subnets on addresses they have been assigned to isolate internal subnets.
The IPv6 unique local address serve a similar purpose.
And I'll bet they get NAT'ed too :-)
I have never said RFC1918 or unique local addresses are bad.
Right. Guns don't kill people.
I have said NAT is. Big difference.
Guns don't kill people. It what people do with guns that kill people. RFC1918 addresses aren't bad, its what people do with them that you say is bad. And the same can be said about IPv6 ...
RFC1918 does not require NAT, but NAT requires RFC1918, unless you're willing to to risk address conflicts.
NAT does not require RFC1918. See above. NAT is an address mapping technology. I can apply it to any addresses. I can apply it to IPv6. Some people are making the argument that IPv6 _should_ have NAT for various reasons, such as "topology hiding". http://tools.ietf.org/html/draft-iab-ipv6-nat-00 <quote> The discussions on the necessity for IPv6 NAT can be summarized as follows: network address translation is viewed as a solution to achieve a number of desired properties for individual networks: avoiding renumbering, facilitating multihoming, internal topology hiding, and in particular preventing host counting. </quote> You many not want to use those, but others will. In the days before the universality of the IP protocol suite, which I'm sure many people here recall, we had gateways for the "highly optimized" Ethernet LAN protocols from Novel, Microsoft and others, that were not themselves routable. That too was a form of NAT. Yes, it modified the protocol as well, but so does "deep inspection" filtering and sanitizing in modern firewalls and other security appliances. Big Deal.
Even then, you still risk them if using a VPN between NAT sites. With globally assigned addresses, on either IPv4 or IPv6, you don't have that problem, as globally assigned addresses are unique.
Despite the randomization algorithm, its still going to be possible to have a ULA clash :-) It his was Diskworld it would happen 9 times out of 10. IPv6 not only has a lot to recommend it, but it is going to be necessary to the survival and future of the 'Net. However slagging NAT and spreading misinformation about it does the proponents of IPv6 no credit. -- "It is impossible for a man to begin to learn what he thinks he knows". -- Epictetus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-09-10 at 08:47 +0200, Per Jessen wrote:
Anton Aylward wrote:
IPv6 may be a good thing, but this slagging of NAT is not necessary. There are and there will continue to be good reasons or people to use NAT.
+1.
I will go so far as to predict that even with IPv6in place, there will be something like "network 10" - private address spaces, and hence something like NAT. Its just too convenient to have addresses that cannot be - will not be - routed.
unique local addresses, I think that is.
Please note: I am no denigrating IPv6 or saying that one _should_ use NAT. Nor am I saying that NAT should be forced on organizations to further (asymptotically) delay the exhaustion of the IPv4 address space. I *am* saying that slagging NAT is not a good argument in favour of IPv6.
Same here.
Allthough i completely agree (nat works for a lot of people), getting back to the original issue, some parts of internet are going to be IPv6 only. Like it or not, it is going to happen, perhaps in 10 months, perhaps sooner or later. And that part might start very small, but it will grow. If you stay with v4-only and nat, other people will still be able to contact you (as much as you let them), but not vice-versa. So people should be preperred. And rather sooner than later, not? hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
Allthough i completely agree (nat works for a lot of people), getting back to the original issue, some parts of internet are going to be IPv6 only. Like it or not, it is going to happen, perhaps in 10 months, perhaps sooner or later. And that part might start very small, but it will grow.
That's already happened. In Asia, there's nowhere near enough IPv4 addresses to go around, so IPv6 is used a lot over there. I believe I recently read that Cuba is about 60% IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:22 PM:
As I said to James, I don't really believe you think this, I suspect your hatred for NAT has gotten the better of your choice of arguments
+1
Or perhaps our understanding of the implications of NAT cause us to oppose it.
NAT is a hack that's used to get around the shortage of IP addresses and in the process violates IP specs that addresses shouldn't be tampered with and it also breaks some things.
Now that more than sufficient addresses are available, there's absolutely no justification for continuing to use NAT.
You're ignoring the real world. Time, money, unnecessary change etc. I have a "very broken", yet perfectly working NAT setup joining my local RFC1918 office network to my external IPv4 /27 and IPv6 /48 - there is no justification for changing that. You know, if it ain't broke ... -- Per Jessen, Zürich (13.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Now that more than sufficient addresses are available, there's
absolutely no justification for continuing to use NAT.
You're ignoring the real world. Time, money, unnecessary change etc. I have a "very broken", yet perfectly working NAT setup joining my local RFC1918 office network to my external IPv4 /27 and IPv6 /48 - there is no justification for changing that. You know, if it ain't broke ...
I'm not ignoring the real world. I know about the many existing networks etc. However, that's no excuse to not move to IPv6 and gradually get rid of the IPv4 stuff. On simple networks, as used in homes and many business, it's a trivial matter to get going with IPv6, even if only via a tunnel broker, and start moving to an entirely IPv6 word. Consumer level IPv6 firewalls are available now and also include support for 6in4 tunnels. You get one of those and you've got IPv6, just as easily as you've currently got IPv4. My own firewall on my home network is a Linux box that I've been using for years. All I had to do to enable IPv6 to the internet was install the tunnel client. Even before that, I had IPv6 over my local network, without having to do anything. It simply worked out of the box, with both Linux and XP. Even my smart phone gets an IPv6 address, when connected to my network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
Now that more than sufficient addresses are available, there's absolutely no justification for continuing to use NAT.
You're ignoring the real world. Time, money, unnecessary change etc. I have a "very broken", yet perfectly working NAT setup joining my local RFC1918 office network to my external IPv4 /27 and IPv6 /48 - there is no justification for changing that. You know, if it ain't broke ...
I'm not ignoring the real world. I know about the many existing networks etc. However, that's no excuse to not move to IPv6 and gradually get rid of the IPv4 stuff.
One excuse - lack of a business case? For my customer-side setup, obviously I need to go IPv6, sooner rather than later. For my back-office and local servers, there's no business case.
On simple networks, as used in homes and many business, it's a trivial matter to get going with IPv6, even if only via a tunnel broker, and start moving to an entirely IPv6 world.
If via a tunnel broker, I submit it's outside the reasonable reach/need of Joe Bloggs. If not, it might be trivial, but not free. With little no apparent benefit.
Consumer level IPv6 firewalls are available now and also include support for 6in4 tunnels. You get one of those and you've got IPv6, just as easily as you've currently got IPv4.
A Zyxel (a favourite consumer level manufacturer in Switzerland) P662HW is about CHF500. A plain IPv4-only device is less than CHF150. I recently purchased a new LANCOM dsl router - pricey stuff, and not even IPv6 capable. (I tried getting bridged IPv6 to work with pppd, but openSUSE wasn't quite up to it).
My own firewall on my home network is a Linux box that I've been using for years. All I had to do to enable IPv6 to the internet was install the tunnel client. Even before that, I had IPv6 over my local network, without having to do anything.
What specific advantages did you gain (other than the joy of it just working?) -- Per Jessen, Zürich (17.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
Now that more than sufficient addresses are available, there's absolutely no justification for continuing to use NAT.
You're ignoring the real world. Time, money, unnecessary change etc. I have a "very broken", yet perfectly working NAT setup joining my local RFC1918 office network to my external IPv4 /27 and IPv6 /48 - there is no justification for changing that. You know, if it ain't broke ...
I'm not ignoring the real world. I know about the many existing networks etc. However, that's no excuse to not move to IPv6 and gradually get rid of the IPv4 stuff.
One excuse - lack of a business case? For my customer-side setup, obviously I need to go IPv6, sooner rather than later. For my back-office and local servers, there's no business case.
Sure, if you're not interested in what happens in the not to distant future.
On simple networks, as used in homes and many business, it's a trivial matter to get going with IPv6, even if only via a tunnel broker, and start moving to an entirely IPv6 world.
If via a tunnel broker, I submit it's outside the reasonable reach/need of Joe Bloggs. If not, it might be trivial, but not free. With little no apparent benefit.
The tunnel brokers I'm aware of are free.
Consumer level IPv6 firewalls are available now and also include support for 6in4 tunnels. You get one of those and you've got IPv6, just as easily as you've currently got IPv4.
A Zyxel (a favourite consumer level manufacturer in Switzerland) P662HW is about CHF500. A plain IPv4-only device is less than CHF150. I recently purchased a new LANCOM dsl router - pricey stuff, and not even IPv6 capable. (I tried getting bridged IPv6 to work with pppd, but openSUSE wasn't quite up to it).
I have no idea about prices in Switzerland, but that price difference seems a bit extreme. At the moment, IPv6 is found mainly on newer consumer gear and so more expensive, but not more than 3x for similar features.
My own firewall on my home network is a Linux box that I've been using for years. All I had to do to enable IPv6 to the internet was install the tunnel client. Even before that, I had IPv6 over my local network, without having to do anything.
What specific advantages did you gain (other than the joy of it just working?)
Well, I'm developing some expertise in working with IPv6, that may translate to benefit at work. My main area of work is where telecom and networks meet, which means I have to be competent in both. My career, going back over 38 years, has mostly been a mix of telecommunications and computers, including computer networks, starting in 1978, when I first worked on a lan. BTW, that lan used time division multiplexing (time slots), instead of packets as used on ethernet. It ran at a blazing 8 Mb/s over triaxial cable. There was also a 2 Mb low speed lan that ran on RG-58 cable. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
Now that more than sufficient addresses are available, there's absolutely no justification for continuing to use NAT.
You're ignoring the real world. Time, money, unnecessary change etc. I have a "very broken", yet perfectly working NAT setup joining my local RFC1918 office network to my external IPv4 /27 and IPv6 /48 - there is no justification for changing that. You know, if it ain't broke ...
I'm not ignoring the real world. I know about the many existing networks etc. However, that's no excuse to not move to IPv6 and gradually get rid of the IPv4 stuff.
One excuse - lack of a business case? For my customer-side setup, obviously I need to go IPv6, sooner rather than later. For my back-office and local servers, there's no business case.
Sure, if you're not interested in what happens in the not to distant future.
I'm primarily interested in the bottom line; what happens in the near future might well affect that, but I don't see it affecting my use of NAT on my local networks.
On simple networks, as used in homes and many business, it's a trivial matter to get going with IPv6, even if only via a tunnel broker, and start moving to an entirely IPv6 world.
If via a tunnel broker, I submit it's outside the reasonable reach/need of Joe Bloggs. If not, it might be trivial, but not free. With little no apparent benefit.
The tunnel brokers I'm aware of are free.
Like I said: via a tunnel broker, it's outside the reasonable reach/need of Joe Bloggs; if not via a tunnel broker, it might be trivial, but not free. -- Per Jessen, Zürich (14.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Sure, if you're not interested in what happens in the not to distant
future.
I'm primarily interested in the bottom line; what happens in the near future might well affect that, but I don't see it affecting my use of NAT on my local networks.
You have a new customer, who finds they can only get a NAT address from the ISP. They also want VPN access to their network. How would you arrange that? If they get a real IP address and use NAT internally, you could still run a VPN to their firewall, but what if they want to have VPNs directly to computers behind their firewall? Now things start to get messy. As I've mentioned in another note, NAT rules out IPSecauthentication headers. This means that even if a company has a real address, where the vpn terminates and you want to connect from home, where you use NAT, you can't use that security feature. Perhaps NAT is fine for you right now, but what happens tomorrow when you want to use something that fails with NAT? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
Sure, if you're not interested in what happens in the not to distant
future.
I'm primarily interested in the bottom line; what happens in the near future might well affect that, but I don't see it affecting my use of NAT on my local networks.
You have a new customer, who finds they can only get a NAT address from the ISP. They also want VPN access to their network. How would you arrange that?
Impossible for you to know, but my customers networks are none of my concern. Regardless, what you're asking is impossible unless you've got at least one routable IP for that customer.
If they get a real IP address and use NAT internally, you could still run a VPN to their firewall, but what if they want to have VPNs directly to computers behind their firewall? Now things start to get messy.
A bit far fetched I think, but it's up the customer to sort out, not me.
As I've mentioned in another note, NAT rules out IPSecauthentication headers. This means that even if a company has a real address, where the vpn terminates and you want to connect from home, where you use NAT, you can't use that security feature.
Correct. Still doesn't affect _my_ bottom line.
Perhaps NAT is fine for you right now, but what happens tomorrow when you want to use something that fails with NAT?
If it's mission critical, I'll sort it out when the time comes. -- Per Jessen, Zürich (19.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 11 Sep 2010 13:59:30 Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
Sure, if you're not interested in what happens in the not to distant
future.
I'm primarily interested in the bottom line; what happens in the near future might well affect that, but I don't see it affecting my use of NAT on my local networks.
You have a new customer, who finds they can only get a NAT address from the ISP. They also want VPN access to their network. How would you arrange that?
Impossible for you to know, but my customers networks are none of my concern. Regardless, what you're asking is impossible unless you've got at least one routable IP for that customer.
If they get a real IP address and use NAT internally, you could still run a VPN to their firewall, but what if they want to have VPNs directly to computers behind their firewall? Now things start to get messy.
A bit far fetched I think, but it's up the customer to sort out, not me.
As I've mentioned in another note, NAT rules out IPSecauthentication headers. This means that even if a company has a real address, where the vpn terminates and you want to connect from home, where you use NAT, you can't use that security feature.
Correct. Still doesn't affect _my_ bottom line.
Perhaps NAT is fine for you right now, but what happens tomorrow when you want to use something that fails with NAT?
If it's mission critical, I'll sort it out when the time comes.
Has this not gone far enough now it seems more relavent to the OT list now ipv6 is comming it's not a current problem or issue (it is a P I T A ) Pete . -- Powered by openSUSE 11.3 (x86_64) Kernel: 2.6.34-12-desktop KDE Development Platform: 4.4.4 (KDE 4.4.4) "release 2" 17:18 up 7 days 21:16, 3 users, load average: 2.34, 1.65, 1.11 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Impossible for you to know, but my customers networks are none of my concern. Regardless, what you're asking is impossible unless you've got at least one routable IP for that customer.
My mistake. I thought you were in the business of setting up networks for businesses. I have done so many times and yes, I do have to know what they want.
If they get a real IP address and use NAT internally, you could still
run a VPN to their firewall, but what if they want to have VPNs directly to computers behind their firewall? Now things start to get messy.
A bit far fetched I think, but it's up the customer to sort out, not me.
It's not that far fetched if they're really worried about security. A VPN that terminates on the firewall only protects that far. It does nothing for risks on the local network. In some situations, that may be important. I have worked in places where my fingerprints have been scanned or I have been weighed, coming and going, and also gone through security checks & scans, similar to those at the airports. Those sorts of places are very concerned about security. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
Maybe you're not really listening to yourself, but that is exactly what you're saying. "With IPv6, I don't have to open up multiple ports in the firewall to get to internal machines, everything is directly available".
I suspect you're misreading something. Our point is that with NAT, when you want to access multiple computers with the same protocol, you have to resort to non-standard ports or ssh relaying. However, if you have sufficient addresses, with either IPv4 or IPv6, you simply connect to the desired computer, using the standard ports. Of your, your firewall should be configured to allow only what you want. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Of your, your firewall should be configured to allow only what you want. That line should read "Of course, your firewall should be configured to allow only what you want." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Anders Johansson wrote:
Maybe you're not really listening to yourself, but that is exactly what you're saying. "With IPv6, I don't have to open up multiple ports in the firewall to get to internal machines, everything is directly available".
I suspect you're misreading something. Our point is that with NAT, when you want to access multiple computers with the same protocol, you have to resort to non-standard ports or ssh relaying.
And _that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage. Like I started out saying, I think that NAT, despite rumours of "being broken in a number of ways", works remarkably well. -- Per Jessen, Zürich (13.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
And_that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage.
No, that's not all. As I mentioned, I have personally experienced NAT address clash, when using my VPN from a hotel, because they used the same address range as I did at home. When you do that, it becomes a "you can't get there from here" situation, because when you try to access a computer at the remoted end, your computer doesn't know it has to route through the VPN. There has also been mention of certain protocols that break. Now, you tell me, what's so great about NAT, when you have sufficient addresses available to not require it? In that situation, it provides absolutely no benefit at all. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Per Jessen wrote:
And_that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage.
No, that's not all. As I mentioned, I have personally experienced NAT address clash, when using my VPN from a hotel, because they used the same address range as I did at home. When you do that, it becomes a "you can't get there from here" situation, because when you try to access a computer at the remoted end, your computer doesn't know it has to route through the VPN.
I can't personally blame NAT for that - the range of RFC1918 address is so vast that the risk of a clash is minimal - unless you choose to use a commonly used range. My VPN runs on 10.221.78.0/22.
There has also been mention of certain protocols that break.
I'm sure there are some, although I haven't heard of nor had any hard problems in that respect. Which, quite selfishly, makes me conclude that there aren't any _real_ problems.
Now, you tell me, what's so great about NAT, when you have sufficient addresses available to not require it? In that situation, it provides absolutely no benefit at all.
Correct - I haven't thought it through, but I think if I had had an IPv6 range and affordable IPv6-capable hardware six years ago when I was setting up my datacentre and office, I would never even had considered NAT. However, I had neither, nor did my external suppliers, and the cost of IPv4 address for plain office use was just not justifiable. All I'm saying is - don't start using NAT tomorrow if you aren't already, but if you're using it today, do carry on using it tomorrow too. -- Per Jessen, Zürich (18.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Now, you tell me, what's so great about NAT, when you have sufficient addresses available to not require it? In that situation, it provides absolutely no benefit at all.
If you are in the position in which you can control all relevant network, perhaps. At one project, i had to monitor 8 different **networks, and all of them were using the same rfc1918 addresses. As i couldn't ask them to change their addresses, it was a nice job for nat. ** they were all using the addresses used in the training examples ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
I can't personally blame NAT for that - the range of RFC1918 address is so vast that the risk of a clash is minimal - unless you choose to use a commonly used range. My VPN runs on 10.221.78.0/22.
Choose whatever you want, you cannot guarantee someone else won't choose it. When I found out about the clash, I wasn't in a position to change my home network, as I was a four hour flight from home.
I'm sure there are some, although I haven't heard of nor had any hard problems in that respect. Which, quite selfishly, makes me conclude that there aren't any_real_ problems. In another note, I mentioned the authentication header problem with IPSec when NAT is used. This means anyone using NAT will not be able to use that security feature. There are others.
All I'm saying is - don't start using NAT tomorrow if you aren't already, but if you're using it today, do carry on using it tomorrow too.
Or, perhaps start moving towards a situation where you no longer need NAT. As long as people maintain the position that NAT is good enough, despite the problems it causes, then we'll never be able to move fully to IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott said the following on 09/10/2010 09:37 PM:
Per Jessen wrote:
I can't personally blame NAT for that - the range of RFC1918 address is so vast that the risk of a clash is minimal - unless you choose to use a commonly used range. My VPN runs on 10.221.78.0/22.
Choose whatever you want, you cannot guarantee someone else won't choose it.
Indeed. And that's why they have the randomization algorithm for choosing an address range for the local addresses in IPv6. Implicit in that is the assumption that people _will_ do something like NAT and try to connect from one unroutable range to another unroutable range via a mechanism that may or may not be called NAT. If course there's nothing forcing people to use that randomization algorithm and even if they do, despite the expanded range, there's still the possibility of a clash, given a large enough population and enough time. Chose whatever you want - however you want, you cannot guarantee someone else won't choose it. -- The emphasis should be on "why" we do a job - W. Edwards Deming -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
In the forum that discusses issues etc pertaining to my cable IP provider there is an interesting point raised. It seems that to convert to IPv6 the software on their 'nodes' and their CPE-facing equipment will need to be upgraded at a cost of around $6,000 per node for the licences.. What constitutes a node? It seems there are hundreds of them. It also seems while they have IPv6 addresses they still have a surfeit of IPv4 addresses :-) Oh, and one other thing. Your registrar need to be able to handle IPv6 addresses. Check that out too. -- Ah, nostalgia ain't what it used to be. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Oh, and one other thing. Your registrar need to be able to handle IPv6 addresses. Check that out too.
My registrar? Registrar of what? -- Per Jessen, Zürich (17.8°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/11/2010 07:40 AM:
Anton Aylward wrote:
Oh, and one other thing. Your registrar need to be able to handle IPv6 addresses. Check that out too.
My registrar? Registrar of what?
Who handles you name registration? For me its CIRA.ca You also need IPv6 address capability in all the DNS services to match the turtles all the way down ...:-) -- "What we have learned from others becomes our own by reflection". -- Ralph Waldo Emerson -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
Per Jessen said the following on 09/11/2010 07:40 AM:
Anton Aylward wrote:
Oh, and one other thing. Your registrar need to be able to handle IPv6 addresses. Check that out too.
My registrar? Registrar of what?
Who handles you name registration? For me its CIRA.ca
Ah, I've got different ones, but they don't need to do IPv6. -- Per Jessen, Zürich (19.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
What constitutes a node? It seems there are hundreds of them.
That would be the head end equipment that talks to the subscriber's modems.
It also seems while they have IPv6 addresses they still have a surfeit of IPv4 addresses:-)
They might consider 6in4 tunnelling in the mean time.
Oh, and one other thing. Your registrar need to be able to handle IPv6 addresses. Check that out too.
Reasonably new DNS servers support IPv6 AAAA records. Bind has for years. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward wrote:
James Knott said the following on 09/10/2010 09:37 PM:
Per Jessen wrote:
I can't personally blame NAT for that - the range of RFC1918 address is so vast that the risk of a clash is minimal - unless you choose to use a commonly used range. My VPN runs on 10.221.78.0/22.
Choose whatever you want, you cannot guarantee someone else won't choose it.
Indeed. And that's why they have the randomization algorithm for choosing an address range for the local addresses in IPv6. Implicit in that is the assumption that people _will_ do something like NAT and try to connect from one unroutable range to another unroutable range via a mechanism that may or may not be called NAT.
The problem is the subnet address, not the individual computer. With IPv6, you can use the mac address to form part of the IPv6 address, use a random address, configure one manually or DHCP. With RFC1918, there are only so many subnet ranges to chose from.
If course there's nothing forcing people to use that randomization algorithm and even if they do, despite the expanded range, there's still the possibility of a clash, given a large enough population and enough time.
Actually, the IPv6 random address generators have a method to check for that, but of course it only applies on the local lan.
Chose whatever you want - however you want, you cannot guarantee someone else won't choose it.
Get a globally unique IPv6 address (and there's an incredibly high number of those) and you'll never have to worry about that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/10/2010 02:23 AM:
James Knott wrote:
Anders Johansson wrote:
Maybe you're not really listening to yourself, but that is exactly what you're saying. "With IPv6, I don't have to open up multiple ports in the firewall to get to internal machines, everything is directly available".
I suspect you're misreading something. Our point is that with NAT, when you want to access multiple computers with the same protocol, you have to resort to non-standard ports or ssh relaying.
And _that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage.
Indeed. From the application programmer's POV its just another API parameter.
Like I started out saying, I think that NAT, despite rumours of "being broken in a number of ways", works remarkably well.
It fulfils the objectives of RFC1918 for devices that do not unfettered peer-to-peer access across the 'Net very well. As a number of us have pointed out, for SMBs local access dominates. -- "Security is a chain within the infrastructure and is as secure as its weakest link. It is not a product nor a series of technologies but a process of solutions measured against the business needs of the organization." -- Walter S. Kobus, Jr., CISM CISSP IAM -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/10/2010 8:37 AM, Anton Aylward wrote:
Per Jessen said the following on 09/10/2010 02:23 AM:
James Knott wrote:
Anders Johansson wrote:
Maybe you're not really listening to yourself, but that is exactly what you're saying. "With IPv6, I don't have to open up multiple ports in the firewall to get to internal machines, everything is directly available".
I suspect you're misreading something. Our point is that with NAT, when you want to access multiple computers with the same protocol, you have to resort to non-standard ports or ssh relaying.
And _that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage.
Indeed. From the application programmer's POV its just another API parameter.
Like I started out saying, I think that NAT, despite rumours of "being broken in a number of ways", works remarkably well.
It fulfils the objectives of RFC1918 for devices that do not unfettered peer-to-peer access across the 'Net very well. As a number of us have pointed out, for SMBs local access dominates.
Per, I'm replying to your post but this isn't meant to sound directed at you personally. Every instance of "you" below is figurative. If you don't believe your smb needs anything nat breaks, it just means you don't understand what you're talking about. Luckily, other people in key postions do and have seen to it that ipv6 got invented and then implemented in all the major hardware and software by now. You think they did all that for the fun of it? You think it maybe makes anyone a bunch of money? It costs everyone. MS didn't sell more copies of Windows because they added ipv6. Cisco didn't sell more routers because they added ipv6. They all knew there was simply no choice. But somehow, for you, miraculously, it's not necessary? What else that breaks things for everyone else but works for you don't you care about? Does your car suck down gas at 6 miles per gallon? Are your refrigerator and air conditioners and heaters all nice sturdy reliable indestructible 1950's models that work great for you, while burning enough power/fuel to run 3x as many modern units? How many houses go cold to support yours because "it works for you"? Do you smoke and talk on cell phones in restaurants? Do you park diagonally across two parking spaces just so no one can park close enough to risk scratching your car? Did you print a fake handicap tag so you can always park right in front of every door? So convenient! I'm guessing no to all of the above. No one here seems to be anything like that sort of jerk at least about things they understand. Try to understand that this is somewhat like that. Also, there is no such distinction as "good for admins" vs "good for users" that which is good for the providers of goods or services IS good for the end consumers. The reverse is equally true. How can you possibly think these two things are in any way disconnected? If I can't deliver you a service or application feature, or can only do a crappy limited, inefficient, and worst of all unreliable job of it, how is that "good for users"? By insisting on using NAT in situations where it's not actually required you shoot yourself in the foot, because developers can not then develop the cool new things that NAT makes impossible. Whole classes of things are just impossible if it's known that lots of nat is going on in general between any two machines. Sure there are places where nat might still be useful, but THOSE situations are the exotic contrived ones, not the other way around. It was a useful hack for a while, a slick thing even, but it was never a sane thing, just a necessary evil to work around an even worse problem. A step along the way of development. Not a destination. Just because you're used to something, and just because a lot of other people have been forced to bend over backwards to deal with this thing you're used to and hide it's problems from you by all manner of other hacks and kludges that turn simple needs into complex problems with no actually robust solutions let alone efficient ones, doesn't make it not utter garbage. As a sys admin and app developer and integration specialist, I spend ridiculous amounts of time trying to come up with ways to make things work across nat boundaries that should be dead simple. All that wasted time and lost productivity, progress that could have happened but didn't because I was too busy banging my head against broken network topology, because "it works for me" and "it's you admin's problem not mine". Maybe we admins & developers should just stop bothering? It will certainly matter to you then. The security arguments are complete nonsense. Being able to sanely address things has absolutely nothing to do with security. I don't have to know how to address remote internal natted machines to do harm to them. As in pretty much every other area of life, destruction is far easier than construction. Nat does not much hinder destruction but does hinder construction. At the same time, sane functional addressing does not prevent or even hinder security nor does it help destruction. In fact it could INCREASE security if we went all the way with it. It wouldn't bother me too much if we made it a rule that NAT was not allowed anywhere on the internet. Build some sort of checksum into the base protocols so that *real* NAT (proxies would still be possible, and that's just fine) would not be possible without breaking the checksum, and thus ensure that no machine anywhere can spoof it's activities. No more spam! No more dictionary attacks! No more slow distributed botnet attacks! No more phishing ages! Every action would be immediately traceable directly to it's source even through indirect means like worms in emails and web pages. Nah, what do we care about that stuff? We're not saying everyone drop everything and go replace all your hardware and software now(*). Other people have already seen to it that mostly ipv6 will have made it's way into most of your stuff through natural attrition without you having to do anything. We're just really disgusted by the attitude that ipv6 was invented for no purpose and should just be ignored and we should just use nat even more than we already do instead. Don't offer that kind of "advice". It's backwrds and destructive. Those links that have been posted over and over actually do point out simple and inarguable problems. Why is it so hard to understand? Pick any single one of those problems, just one, and it's enough to call the whole concept of nat a broken thing that should only be used in the oddest of special circumstances, not as a pervasive thing everywhere like it is today. Yet there are several, not just one. Todays overuse of nat is just the classic trying to solve all problems with a hammer because you have a hammer. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Brian K. White <brian@aljex.com> [09-10-10 10:32]:
Just because you're used to something, and just because a lot of other people have been forced to bend over backwards to deal with this thing you're used to and hide it's problems from you by all manner of other hacks and kludges that turn simple needs into complex problems with no actually robust solutions let alone efficient ones, doesn't make it not utter garbage. As a sys admin and app developer and integration specialist, I spend ridiculous amounts of time trying to come up with ways to make things work across nat boundaries that should be dead simple. All that wasted time and lost productivity, progress that could have happened but didn't because I was too busy banging my head against broken network topology, because "it works for me" and "it's you admin's problem not mine". Maybe we admins & developers should just stop bothering? It will certainly matter to you then.
Humm, a good argument re: KDE3 <--> KDE4 -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 10 September 2010 18:52:17 Patrick Shanahan wrote:
Just because you're used to something, and just because a lot of other people have been forced to bend over backwards to deal with this thing you're used to and hide it's problems from you by all manner of other hacks and kludges that turn simple needs into complex problems with no actually robust solutions let alone efficient ones, doesn't make it not utter garbage. As a sys admin and app developer and integration specialist, I spend ridiculous amounts of time trying to come up with ways to make things work across nat boundaries that should be dead simple. All that wasted time and lost productivity, progress that could have happened but didn't because I was too busy banging my head against broken network topology, because "it works for me" and "it's you admin's problem not mine". Maybe we admins & developers should just stop bothering? It will certainly matter to you then.
Humm, a good argument re: KDE3 <--> KDE4
How? Please tell me. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/10/2010 10:52 AM, Patrick Shanahan wrote:
* Brian K. White<brian@aljex.com> [09-10-10 10:32]:
Just because you're used to something, and just because a lot of other people have been forced to bend over backwards to deal with this thing you're used to and hide it's problems from you by all manner of other hacks and kludges that turn simple needs into complex problems with no actually robust solutions let alone efficient ones, doesn't make it not utter garbage.
Humm, a good argument re: KDE3<--> KDE4
hehe touche :) But note that the kde3 users have in fact taken over responsibility for supporting themselves. Nor do I think their use of kde3 interferes with others' use of kde4 or anything else. Also, kde4's user-visible problems were voluntary design changes that had little to do with the claimed need to scrap and re-write all the underlying code. If maintaining and improving the kde3 code was so terrible, that's fine, but that does not mean they had to remove so many features and/or so greatly change the way it works for the user. They could have just refactored everything without changing the outward functionality. But gee that's boring for a developer. Well you get what you pay for I guess but I think the users that have a complaint, have a valid complaint, even if many other users have no complaint. The freeness works both for and against them in this case. The developers are free to disregard the users complaints, and the users are free to disregard developments they don't like. And some have done just that by putting kde3 on life support by themselves for themselves. It's not really a reason for contention as I see it. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Brian K. White wrote:
Build some sort of checksum into the base protocols so that *real* NAT (proxies would still be possible, and that's just fine) would not be possible without breaking the checksum, and thus ensure that no machine anywhere can spoof it's activities.
That already happens with authentication headers in IPSec VPNs. Any tampering of the header, including NAT, corrupts it. So, NAT makes this security feature impossible to use. For those who don't know what this implies, authenticated headers ensure the data comes from where it claims and has not been tampered with. http://en.wikipedia.org/wiki/Authentication_Header##Authentication_Header -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Brian K. White wrote:
Per, I'm replying to your post but this isn't meant to sound directed at you personally. Every instance of "you" below is figurative.
Hi Brian, kind of makes it difficult to respond then. Please assume a "Personally speaking" prefix on every response below:
If you don't believe your smb needs anything nat breaks, it just means you don't understand what you're talking about.
I do I know what I'm talking about. I've been using NAT in my business since 2004, and sofar NAT hasn't broken anything for me nor my business. (that I know of, but I'm prepared to listen to suggestions).
Luckily, other people in key postions do and have seen to it that ipv6 got invented and then implemented in all the major hardware and software by now. You think they did all that for the fun of it? You think it maybe makes anyone a bunch of money? It costs everyone. MS didn't sell more copies of Windows because they added ipv6. Cisco didn't sell more routers because they added ipv6. They all knew there was simply no choice. But somehow, for you, miraculously, it's not necessary?
I've never said that. (I don't think I've heard anyone say it either). IPv6 is certainly the way to go, but it doesn't always justify the effort in and by itself.
What else that breaks things for everyone else but works for you don't you care about? Does your car suck down gas at 6 miles per gallon? Are your refrigerator and air conditioners and heaters all nice sturdy reliable indestructible 1950's models that work great for you, while burning enough power/fuel to run 3x as many modern units? How many houses go cold to support yours because "it works for you"? Do you smoke and talk on cell phones in restaurants? Do you park diagonally across two parking spaces just so no one can park close enough to risk scratching your car? Did you print a fake handicap tag so you can always park right in front of every door? So convenient! I'm guessing no to all of the above. No one here seems to be anything like that sort of jerk at least about things they understand. Try to understand that this is somewhat like that.
Okay, I can sort of see what you're aiming at, but I think you're pointing your finger at the wrong culprit - NAT is omnipresent because IPv6 didn't make it out there fast enough. Blame the hardware manufacturers and the providers for that. NAT isn't going away anytime soon, despite being broken, and again you can blame the manufacturers and the providers. NAT solve[d|s] a real problem, and mass-culling it is not possible. The problem is that there is no hardcore business case for swapping out the end users modem/router nor for deploying new IPv6-capable boxes at an extra cost. If somebody called up my neighbours and said "Guys, I've got a new router for you, can I come round and swap it for your old one? At no cost for you, of course", they'd have no problem with it.
By insisting on using NAT in situations where it's not actually required you shoot yourself in the foot, because developers can not then develop the cool new things that NAT makes impossible. Whole classes of things are just impossible if it's known that lots of nat is going on in general between any two machines. Sure there are places where nat might still be useful, but THOSE situations are the exotic contrived ones, not the other way around.
I can think of at least a million xDSL customers in Switzerland who are most likely using NAT. It's very useful to them, hardly exotic nor contrived. However, it is true that there are few, if any, places where NAT is actually _required_. However, until consumer-level IPv6 hardware becomes affordable, we're stuck with NAT, and to millions of people it works really well - despite being broken. Now, to play along with your analogy from above, how about we take a look at how difficult it is and has been to sell the idea of energy conservation to people around the world and compare that to how difficult it would be to sell them a new router at CHF500 because it does IPv6 and that eliminates the need for NAT (which is really broken). -- Per Jessen, Zürich (19.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/10/2010 01:08 PM:
Now, to play along with your analogy from above, how about we take a look at how difficult it is and has been to sell the idea of energy conservation to people around the world and compare that to how difficult it would be to sell them a new router at CHF500 because it does IPv6 and that eliminates the need for NAT (which is really broken).
Quite. Economic incentive is an amazing thing :-) If back in the the 70s when we had that first oil/energy crisis, the price a the pump had risen - I was living in the UK at that time - from #0.50 to #5.00 overnight we would have seen a real change. Instead we boiled the frog http://en.wikipedia.org/wiki/Boiling_frog The gradual canges resulted in better engines, better fuel control, lighter cars, and regressed when costswent down. In "real" terms, compared to housing, education, entertainment (CDs vs vinyl; moveie and theater tickets) and many other things, the price of gas at the pump isn't that bad. And so for much of the world that uses NAT, the address shortage has not been apparent. My 3MBps cable link today costs about 1/20th what my 56K leased line did in 1990. That's what most people see. Now when people are told that they can't join the 'Net because there are no more addresses - ZILCH! - and vendors can't expand their customer base to those people unable to join the 'Net, then we will see a revolution. Economics. And realistically, this is much more likely to happen in the developing world, China in particular, than in the USA and western Europe. Here in North America we are already in a technological backwater in other areas of consumer electronics such as cell phones. -- In the beginning was The Word and The Word was Content-type: text/plain -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
Really? I know of exactly one local company [non-ISP] with a large enough IPv4 allocation to enumerate all their internal resources. I doubt the "many". Everywhere I go it is private IPs.
When I was at IBM Canada, (1997 - 2000), I had 5 IP addresses, one for my own computer (9.29.146.147) and 4 for testing in my work. All of them were reachable from the outside world. I also had 4 SNA addresses (which I had used often enough to memorize at the time, but have since forgotten), but that's another story. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 16:34 -0400, James Knott wrote:
Adam Tauno Williams wrote:
Really? I know of exactly one local company [non-ISP] with a large enough IPv4 allocation to enumerate all their internal resources. I doubt the "many". Everywhere I go it is private IPs.
When I was at IBM Canada, (1997 - 2000), I had 5 IP addresses, one for my own computer (9.29.146.147) and 4 for testing in my work. All of them were reachable from the outside world. I also had 4 SNA addresses (which I had used often enough to memorize at the time, but have since forgotten), but that's another story.
At one of our providers here in NL, you still get 5 public v4 addresses with a business account. And their normal, ordinary account (with one dynamic address) isn't that much cheaper than their business account.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
On Thu, 2010-09-09 at 16:34 -0400, James Knott wrote:
Adam Tauno Williams wrote:
Really? I know of exactly one local company [non-ISP] with a large enough IPv4 allocation to enumerate all their internal resources. I doubt the "many". Everywhere I go it is private IPs.
When I was at IBM Canada, (1997 - 2000), I had 5 IP addresses, one for my own computer (9.29.146.147) and 4 for testing in my work. All of them were reachable from the outside world. I also had 4 SNA addresses (which I had used often enough to memorize at the time, but have since forgotten), but that's another story.
At one of our providers here in NL, you still get 5 public v4 addresses with a business account. And their normal, ordinary account (with one dynamic address) isn't that much cheaper than their business account....
It's much the same here where individuals or small businesses generally get 1, one, count 'em, one address. However, businesses can get as many as they can arrange for. Larger businesses, such as IBM, get their own address block(s) assigned to them from the numbering authority, whereas small businesses will have to pay for whatever an ISP will sell them. On the other hand, my IPv6 subnet, which costs me nothing, contains 2^72 or 4722366482869645213696 addresses. Of course, I lose one of those to the network address. With IPv6, unlike IPv4, you don't lose one to the broadcast address. I've already used up 6 of my addresses! ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
A company who thinks "yes, with IPv6 we can just open everything up so no one will have to bother with silly things like authentication anymore!" is probably the same company that lets everyone run as administrator in windows.
That has never been claimed. All we've been saying is configure your firewall as appropriate to your needs. If you don't want any incoming access, just say so in the configuration. No need for NAT to block anything. Then should the time come when you want that incoming access, just allow it in the firewall, to whatever computers you wish. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
You are aware, I hope, that many companies today run VPNs to their internal LANs even though every single machine has a real IPv4 address. The external connection is heavily locked down, and you only get in to your destination machine after seriously authenticating yourself. IPv6 will reduce the number of steps needed here by exactly zero!
There is nothing in IPv6 that prevents that. As I mentioned in another note, IPv6 has the equivalent of RFC1918 addresses. It just doesn't require NAT to use them. As has been mentioned, IPv6 easily supports multiple addresses on an interface. You could assign both public and local address to an interface and use the local address (there's another name for them that escapes me at the moment) for VPNs between sites and use the public address for outbound connections and specifically authorized inbound. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Anders Johansson wrote:
You are aware, I hope, that many companies today run VPNs to their internal LANs even though every single machine has a real IPv4 address. The external connection is heavily locked down, and you only get in to your destination machine after seriously authenticating yourself. IPv6 will reduce the number of steps needed here by exactly zero!
There is nothing in IPv6 that prevents that. As I mentioned in another note, IPv6 has the equivalent of RFC1918 addresses. It just doesn't require NAT to use them. As has been mentioned, IPv6 easily supports multiple addresses on an interface. You could assign both public and local address to an interface and use the local address (there's another name for them that escapes me at the moment) for VPNs between sites and use the public address for outbound connections and specifically authorized inbound.
I just remember that other name. It's "unique local". http://en.wikipedia.org/wiki/Unique_local_address -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
It is exactly "broken in a number of ways". <http://www.faqs.org/rfcs/rfc1627.html> <http://www.cs.utk.edu/~moore/what-nats-break.html>
That's all?? Gee, what a mess. (hmm, can't say any of those issues have ever affected my use of NAT).
when the problems mentioned turn out to be either contrived or non-problems.
So everything that doesn't specifically apply to your use-case is "contrived"?
Please refrain from putting words in my mouth. I've only spoken about the two examples of active FTP and ssh-accessing multiple hosts behind a NAT.
Do you enjoy double-SSH-ing? Why bother? Wouldn't it be nice not to have to futz with port-forwards?
I couldn't care less, but it's company policy only to allow external ssh access via the gateway anyway. -- Per Jessen, Zürich (13.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen said the following on 09/10/2010 02:13 AM:
I couldn't care less, but it's company policy only to allow external ssh access via the gateway anyway.
Indeed. A common and respectable security control. OK, no single control is all-powerful and invincible, but that is no reason to gainsay it and discard it. The point that James keeps making is that the 'Net of today is not the 'Net of the 1970s and 1980s (BTDT) and unfettered peer-to-peer access is not required. That is why we have isolated subnets. Heck, many of my clients have subnets _within_ their premises that are behind a firewall (or even NAT'ed) to restrict access. One bank has a subnet where all the internal data services, ldap & web based directories, are behind a NAT and you need SSH+token to get there to maintain them. Special ports? Yes, but that's all hidden in the application software, so "who cares". Not the users. Its all transparent. From the POV of the application developers its no different to writing any other API-driven interfaces. -- The great successful men of the world have used their imagination ... think ahead and create their mental picture in all it details, filling in here, adding a little there, altering this a bit and that a bit, but steadily building - steadily building. -- Robert Collier -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Yeah, I thought that mnight be it - well, to me, it also seems a little contrived. When I need external ssh access to something on my NAT'ed network, I ssh to the NAT'ing gateway, and from there to whatever I need.
That's what I thought. I have done the same too. However, now, with IPv6, I can connect directly to the desired computer. No relaying ssh or using non-standard port. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 12:11, Adam Tauno Williams wrote:
Try using ssh to multiple computers, without changing port numbers. I do that every day from my workstation. (which is behind a NAT setup).
The issue is the reverse. With IPv6 I just unblock SSH (TCP/22). Done. Sooo much simpler.
HA! That is another can of worms, because I currently have a few gadgets with hardcoded login/password pairs. Yes, of the kind that you can find listed in manuals and FAQs sites in Internet. What, have my TV set with hard disk open to the internet at large, just because I wanted to open ssh to my main computer? Ouch! :-( Worse, some of them do not support ssh, only telnet. Yes, today, current hardware. And probably, hardware that does not support ipv6, either. Crap hardware? Sure. But it is what I can buy. I don't know of any other I can buy that is better in that respect. I would need a really good entry firewall if I were to have ipv6 adsl. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Carlos E. R. wrote:
HA!
That is another can of worms, because I currently have a few gadgets with hardcoded login/password pairs. Yes, of the kind that you can find listed in manuals and FAQs sites in Internet. What, have my TV set with hard disk open to the internet at large, just because I wanted to open ssh to my main computer? Ouch! :-(
Worse, some of them do not support ssh, only telnet. Yes, today, current hardware.
And probably, hardware that does not support ipv6, either.
Crap hardware? Sure. But it is what I can buy. I don't know of any other I can buy that is better in that respect.
I would need a really good entry firewall if I were to have ipv6 adsl.
Just a normal firewall, nothing special is needed. -- Per Jessen, Zürich (20.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-11 15:09, Per Jessen wrote:
Carlos E. R. wrote:
HA!
That is another can of worms, because I currently have a few gadgets with hardcoded login/password pairs. Yes, of the kind that you can find listed in manuals and FAQs sites in Internet. What, have my TV set with hard disk open to the internet at large, just because I wanted to open ssh to my main computer? Ouch! :-(
Worse, some of them do not support ssh, only telnet. Yes, today, current hardware.
And probably, hardware that does not support ipv6, either.
Crap hardware? Sure. But it is what I can buy. I don't know of any other I can buy that is better in that respect.
I would need a really good entry firewall if I were to have ipv6 adsl.
Just a normal firewall, nothing special is needed.
The firewall in my router, although it runs Linux internally, is not that "normal". I would need to say to it "open ssh only to this list of IPV6 addresses", instead of using the current port forwarding configuration window. Similar, but it simply is not IPV6 aware. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Sat, 2010-09-11 at 14:56 +0200, Carlos E. R. wrote:
Try using ssh to multiple computers, without changing port numbers. I do that every day from my workstation. (which is behind a NAT setup). The issue is the reverse. With IPv6 I just unblock SSH (TCP/22). Done. Sooo much simpler. HA! That is another can of worms, because I currently have a few gadgets with hardcoded login/password
On 2010-09-09 12:11, Adam Tauno Williams wrote: pairs. Yes, of the kind that you can find listed in manuals and FAQs sites in Internet. What, have my TV set with hard disk open to the internet at large, just because I wanted to open ssh to my main computer? Ouch! :-(
BOGUS! Why would you're TV be exposed because you opened your workstation's / server's TCP/22 port. Firewalls can be as granular as you want/need.
Worse, some of them do not support ssh, only telnet. Yes, today, current hardware. And probably, hardware that does not support ipv6, either. Crap hardware? Sure. But it is what I can buy. I don't know of any other I can buy that is better in that respect. I would need a really good entry firewall if I were to have ipv6 adsl.
You'd need a standard / normal firewall. Every firewall can open / close a specific address / port. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-12 01:36, Adam Tauno Williams wrote:
On Sat, 2010-09-11 at 14:56 +0200, Carlos E. R. wrote:
The issue is the reverse. With IPv6 I just unblock SSH (TCP/22). Done. Sooo much simpler. HA! That is another can of worms, because I currently have a few gadgets with hardcoded login/password pairs. Yes, of the kind that you can find listed in manuals and FAQs sites in Internet. What, have my TV set with hard disk open to the internet at large, just because I wanted to open ssh to my main computer? Ouch! :-(
BOGUS!
Why would you're TV be exposed because you opened your workstation's / server's TCP/22 port. Firewalls can be as granular as you want/need.
They can, but they will not. The firewall on the ipv6 router, whenever my ISP makes the change (not before) will be as granular as they want - which means, not granular. Their choice.
Worse, some of them do not support ssh, only telnet. Yes, today, current hardware. And probably, hardware that does not support ipv6, either. Crap hardware? Sure. But it is what I can buy. I don't know of any other I can buy that is better in that respect. I would need a really good entry firewall if I were to have ipv6 adsl.
You'd need a standard / normal firewall. Every firewall can open / close a specific address / port.
Not mine. My point is that my current hardware is not prepared for an ipv6 network, and I'm not going to buy new hardware just because you say IPV6 is better. I don't need IPV6. Others may. When my provider makes the switch, and only then, forcing customers to change, will I change. I'm not going to expend money in something I do not need. And so long as providers do not _need_ to change, they will not change, either. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
Per Jessen wrote:
Snippet from 'man ftp':
"-A Force active mode ftp. By default, ftp will try to use passive mode ftp and fall back to active mode if passive is not supported by the server. This option causes ftp to always use an active connection. It is only useful for connecting to very old servers that do not implement passive mode properly."
Passive mode is now available, but wasn't on older OSs.
Try setting up for voice over IP or certain gaming to more than one computer.
No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon.
How many at each location?
Try using ssh to multiple computers, without changing port numbers.
I do that every day from my workstation. (which is behind a NAT setup).
Do you directly access or connect to one and run another ssh connection from there? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Try setting up for voice over IP or certain gaming to more than one computer.
No problem - I have a number of Linksys/Cisco SPA phones hooked up from peoples home offices to our central telephone server. The phone is usually sat behind a NAT'ing router. This has been working very well for at least two years now. Of course, I run a stun daemon.
How many at each location?
Just one. AFAICT, multiple phones should not present a problem. The phones themselves have a NAT keep-alive option, but it's not needed (because of the STUN dameon).
Try using ssh to multiple computers, without changing port numbers.
I do that every day from my workstation. (which is behind a NAT setup).
Do you directly access or connect to one and run another ssh connection from there?
I'm guessing you meant the reverse - to access multiple, individual systems _behind_ the NAT? (as Adam Williams suggested). No, in that situation I access the main gateway, and then ssh on from there. -- Per Jessen, Zürich (17.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/8/2010 11:50 PM, Per Jessen wrote:
Try using ssh to multiple computers, without changing port numbers.
I do that every day from my workstation. (which is behind a NAT setup).
I do that every day from behind a nat to workstations that are behind yet ANOTHER nat. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen said the following on 09/09/2010 01:50 PM:
On 9/8/2010 11:50 PM, Per Jessen wrote:
Try using ssh to multiple computers, without changing port numbers.
I do that every day from my workstation. (which is behind a NAT setup).
I do that every day from behind a nat to workstations that are behind yet ANOTHER nat.
+1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
I do that every day from my workstation. (which is behind a NAT setup).
I do that every day from behind a nat to workstations that are behind yet ANOTHER nat.
Going out from behind NAT is not the problem. It's sorting things out at the remote site. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-08 at 17:03 -0400, James Knott wrote:
Ilya Chernykh wrote:
On Wednesday 08 September 2010 21:12:17 James Knott wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. They also recommend and provide instructions how to disable IPv6 on clients' operating systems and say they do not provide support for those who did not completely remove IPv6 support from their OS.
It's time for you to find a new ISP. NAT is broken in a number of ways. For example, it breaks some protocols and makes it impossible for a user to reach their network from elsewhere. Also, it's possible for an ISP to overload NAT, as each IP address has a limited number of ports that can be remapped. As far as refusing to provide support, if IPv6 isn't disabled, that tells me your ISP is incompetent.
From the perspective of the people around here on the list, i mean who know what they are doing, more ore less, i disagree.
Even if your access provider does not provide you with native IPv6, so what the heck? Specially linux and *bsd support IPv6 for many years and people around here (should) know how to set up an IPv6 tunnel using tunnelbroker.net, or other tunnel providers. It is more for the computer-nono's that if they power up their modem/computer, that they will get a dual stack automagically. Otherwise they will find out that more and more parts of internet will become unreachable for them (both mail and websites) As some sites will become IPv6-only. Exaustion day is getting forward more rapidly than expected. coservatives estimations for IANA are about may-2011, though some expect a huge rush for the last 6 /8-blocks, so it might even be this year. As Ipv4 will still be with us for a couple of decades, i don't worry about some equipment (printers, scanners, san, nas, camera's) will only do IPv4. Most important thing, is that equipment that transfers or terminate globally routable traffic [servers, routers, modems] are either capable of doing IPv6 natively, or doing dual stack. So about now, would be a right moment for having all mirrors (and preferably suse.de also) being reachable on V6. [gwdg.de, packman.de ..] Some sites allready claim that they do support IPv6, but only for their webservers. As soon as you do an rsync with option "-6" you'll have to wait forever... (like belnet.be) If a "john doe", just want to stick with v4, sorry for him..., If a company who is intensively using internet, doesn't want to be ready for V6, they deserves to go bust (and probably will). Last month there was a report that (mainly smaller isp's) will go bust because they won't support IPv6 in time, and loose customers. If organisations in the public sector don't care about upcoming change (and all the security aspects that come with it), they should fire their sysops. It is true that only recently ISP's are going to provide V6 to their customers, but tunnelbrokers are their for a long time. I just checked, my tunnel (from HE) is from march 2007.... So either way, no excuses anymore but action! For one thing, i'm glad that the upcoming 1.8 release of asterisk will support v6. Same about openvpn: their trunc-versions allready supports it. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
It is more for the computer-nono's that if they power up their modem/computer, that they will get a dual stack automagically. Otherwise they will find out that more and more parts of internet will become unreachable for them (both mail and websites) As some sites will become IPv6-only.
Fortunately, the Windows client for gogoNET is very easy to install and get running without any configuration required. There are also some consumer level routers that can handle 6in4 tunnels to a broker. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. I forgot to mention, if you are forced to use NAT, you'll have to use a service like gogoNET, which can use UDP encapsulation to get through NAT. Otherwise it will use 6in4 tunneling (IP protocol 41). He.net uses 6in4 tunnelling only, which will not work through NAT.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ilya Chernykh wrote:
I am currently using PPPoE but I think my provider will force everybody to NAT as they already declared. I forgot to mention, if you are forced to use NAT, you'll have to use a service like gogoNET, which can use UDP encapsulation to get through NAT. Otherwise it will use 6in4 tunneling (IP protocol 41). He.net uses 6in4 tunnelling only, which will not work through NAT.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/8/2010 10:12 AM, James Knott wrote:
Ilya Chernykh wrote:
They say not in plans.
That's a common problem. We'll soon reach the point where IPv4 addresses are no longer available to ISPs and sometime after that to new customers. In the mean time, there's no reason why people can't get ready now, even if they have to use a tunnel to get IPv6.
There have been a lot of stories about this in the press of late, and the general consensus I see is that its a lot further off than most people think, for a whole number of reasons. First most big campus organizations would RATHER be behind a NAT (ipv4 or ipv6), and are actually selling off address blocks they once owned. That frees up ipv4 blocks. Second, most organizations are far from ready, although some are more ready than they know since windows and linux and mac(i think) have been shipping IPv6 stacks for some time now. There are a lot of devices (printers, print controllers, cams, NAS, phones, etc) lurking about about on ipv4 which force you to run an ipv4 network internally anyway. Major firewall components and router could not handle ipv6 till about/after 2005, (netfilter didn't even handle ipv6 till about that time). Lots of these are still in production in home routers. There is just tons of software that needs to use or keep track of IPs that simply is not ready. -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On 9/8/2010 10:12 AM, James Knott wrote:
Ilya Chernykh wrote:
They say not in plans.
That's a common problem. We'll soon reach the point where IPv4 addresses are no longer available to ISPs and sometime after that to new customers. In the mean time, there's no reason why people can't get ready now, even if they have to use a tunnel to get IPv6.
There have been a lot of stories about this in the press of late, and the general consensus I see is that its a lot further off than most people think, for a whole number of reasons.
First most big campus organizations would RATHER be behind a NAT (ipv4 or ipv6), and are actually selling off address blocks they once owned. That frees up ipv4 blocks.
That will only go so far.
Second, most organizations are far from ready, although some are more ready than they know since windows and linux and mac(i think) have been shipping IPv6 stacks for some time now.
Quite so. Windows with SP1 will do it, but SP3 is better. In Linux, it just works, unless you disable it.
There are a lot of devices (printers, print controllers, cams, NAS, phones, etc) lurking about about on ipv4 which force you to run an ipv4 network internally anyway.
IPv6 capable hardware is beginning to appear, for example my Nexus One smart phone supports it and other consumer level devices, such as some routers do too. Any 4G smart phone will pretty much have to, as by then cell phones will be running VoIP and there simply aren't enough IPv4 addresses to support them. Also, Windows has something called "Port Proxy" that will convert IPv4 addresses to IPv6, but I haven't found similar for Linux.
Major firewall components and router could not handle ipv6 till about/after 2005, (netfilter didn't even handle ipv6 till about that time). Lots of these are still in production in home routers.
There is just tons of software that needs to use or keep track of IPs that simply is not ready.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-08 at 12:54 -0700, John Andersen wrote:
On 9/8/2010 10:12 AM, James Knott wrote:
Ilya Chernykh wrote:
They say not in plans. First most big campus organizations would RATHER be behind a NAT (ipv4 or ipv6), and are actually selling off address blocks they once owned. That frees up ipv4 blocks.
I know, as profession sys-admin, I look *forward* to our campus no longer being behind NAT. [NAT is *NOT* a security measure, just use firewalls - much easier to manage]. So many nagging issues will just evaporate.
Second, most organizations are far from ready, although some are more ready than they know since windows and linux and mac(i think) have been shipping IPv6 stacks for some time now.
It is actually funny. I've been to a couple organizations where I can move around their network via IPv6 and they didn't even know it. And their oblivious firewalls don't do anything to protect them. They aren't ready in a very special kind of way - their security is essentially broken. All because they aren't "ready" to support IPv6.
There are a lot of devices (printers, print controllers, cams, NAS, phones, etc) lurking about about on ipv4 which force you to run an ipv4 network internally anyway.
So? Continue to support IPv4; we will be dual-stack for a decade. And you might be surprised; when we did our device survey [as a clunky old rust-belt industry] things actually turned out pretty good.
Major firewall components and router could not handle ipv6 till about/after 2005, (netfilter didn't even handle ipv6 till about that time). Lots of these are still in production in home routers.
The latest DOCSIS standards *mandate* IPv6. Your recent cable/DSL supports IPv6. Or your provider will be replacing it soon - in order to provide higher speeds and more manageability. Then IPv6 support is there.
There is just tons of software that needs to use or keep track of IPs that simply is not ready.
There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works]. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
There is just tons of software that needs to use or keep track of IPs that simply is not ready.
There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works].
I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment - spamassassin, php, rbldnsd. openSUSE also has issues with IPv6 setup for pppd. -- Per Jessen, Zürich (18.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 14:47 +0200, Per Jessen wrote:
Adam Tauno Williams wrote:
There is just tons of software that needs to use or keep track of IPs that simply is not ready. There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works]. I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment -... php,...
Dunno, we are using PHP extensively in an IPv6 network. Haven't seen any issues so far [over a year]. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
On Thu, 2010-09-09 at 14:47 +0200, Per Jessen wrote:
Adam Tauno Williams wrote:
There is just tons of software that needs to use or keep track of IPs that simply is not ready. There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works]. I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment -... php,...
Dunno, we are using PHP extensively in an IPv6 network. Haven't seen any issues so far [over a year].
Well, if a PHP application needs to lookup an IPv6 address, it would need to use getaddrinfo() and that has yet to be implemented in PHP. -- Per Jessen, Zürich (18.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-09-09 at 14:47 +0200, Per Jessen wrote:
I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment - spamassassin, php, rbldnsd. openSUSE also has issues with IPv6 setup for pppd.
What issues did you encounter with php? version? modules? hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hans Witvliet wrote:
On Thu, 2010-09-09 at 14:47 +0200, Per Jessen wrote:
I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment - spamassassin, php, rbldnsd. openSUSE also has issues with IPv6 setup for pppd.
What issues did you encounter with php? version? modules?
Most recent version - there is no getaddrinfo() equivalent function call for looking up an IPv6 address. It also looks like functions such as socket_bind() only supports IPv4, whereas socket_create() appears to support IPv6. dns_get_record appears to support IPV6, so all in all, it's a bit of mix. -- Per Jessen, Zürich (13.5°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Adam Tauno Williams wrote:
There is just tons of software that needs to use or keep track of IPs that simply is not ready.
There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works].
I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment - spamassassin, php, rbldnsd. openSUSE also has issues with IPv6 setup for pppd.
You can add asterisk to that list. -- Per Jessen, Zürich (13.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2010-09-12 at 08:59 +0200, Per Jessen wrote:
Per Jessen wrote:
Adam Tauno Williams wrote:
There is just tons of software that needs to use or keep track of IPs that simply is not ready.
There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works].
I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment - spamassassin, php, rbldnsd. openSUSE also has issues with IPv6 setup for pppd.
You can add asterisk to that list.
Did you tried the 1.8 version of asterisk? (it's in the repo from vitsoft, in case you don't want to compile it yourself) Russel Byrant hoped IPv6 would be integrated in the 1.6.2-branch, but it missed the deadline. So now ipv6, together with some other nice features line srtp) will be available from 1.8,0 onwards. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2010-09-12 at 23:26 +0200, Hans Witvliet wrote:
On Sun, 2010-09-12 at 08:59 +0200, Per Jessen wrote:
Per Jessen wrote
Adam Tauno Williams wrote:
There is just tons of software that needs to use or keep track of IPs that simply is not ready. There is a lot; I don't know about 'tons'. Most software doesn't care. I think there is very little software that "needs to use or keep track of IPs". In our entire stack I think we located two applications that didn't work with IPv6. One of those was very easily fixed [typically IP addresses end up getting stored as strings, make the string field longer, recompile, works]. I can name at least three fairly popular bits of software that have an issue with IPv6 for the moment - spamassassin, php, rbldnsd. openSUSE also has issues with IPv6 setup for pppd. You can add asterisk to that list. Did you tried the 1.8 version of asterisk?
Correct, I was at a presentation about Asterisk 1.8 just yesterday. IPv6 is not supported. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
The latest DOCSIS standards*mandate* IPv6. Your recent cable/DSL supports IPv6. Or your provider will be replacing it soon - in order to provide higher speeds and more manageability. Then IPv6 support is there.
This is one thing that might bite me. I bought my DOCSIS 2 modem a few years ago. When my ISP gets around to providing IPv6, the modem will have to be updated, if possible, or replaced. However, I've recovered the it's purchase cost many times over, by not having to pay rental costs. IIRC, it took just over a year to recoup my investment. My ISP is now providing DOCSIS 3 modems, which do support IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/9/2010 3:24 AM, Adam Tauno Williams wrote:
Second, most organizations are far from ready, although some are more ready than they know since windows and linux and mac(i think) have been shipping IPv6 stacks for some time now.
It is actually funny. I've been to a couple organizations where I can move around their network via IPv6 and they didn't even know it. And their oblivious firewalls don't do anything to protect them. They aren't ready in a very special kind of way - their security is essentially broken. All because they aren't "ready" to support IPv6.
Exactly my point. Just because you have an ipv6 stack doesn't mean you are ready to use it. Until a couple years ago IPTables/Netfilter firewalls were essentially useless when ipv6 was turned in the network. They didn't even know there was traffic going on behind their back. Yet that's what is built into virtually all cheap AND expensive routers. Anything built prior to about 2006 which hasn't had a software upgrade is at risk here. (And most routers NEVER get a software update). There is no generic way to defend against it because a port that is open is open regardless of whether you arrive via the ipv4 stack or the ipv6 stack. So you end up configuring a firewall on every device, especially windows devices where many ports are open by default. This is why the safest thing to do is to block all ipv6 traffic at the perimeter until you can do a complete site survey or at least assure yourself that your perimeter firewall can filter ipv6 traffic. That way all you have to worry about is people like you on the inside. ;-) -- _____________________________________ At one time I had a Real Sig. Its been downsized. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-08 at 12:26 -0400, James Knott wrote:
Some of you may have noticed me talking about IPv6 lately. IPv6 is coming and is necessary,
+1
as IPv4 addresses are estimated to reach exhaustion within a year.
I disagree with casting "exhaustion" as the only reason to move to IPv6. IPv6 is simply a better and faster network protocol, it solves a variety of problems [mobility, multicast, routing-table bloat, NAT].
Everyone, particularly those managing web sites or business networks, should be making plans to support IPv6 ASAP.
Yep.
I realize that many ISPs do not yet support IPv6, so some method, such as using a tunnel broker, is required while waiting for ISPs to get up to date. I use gogoNET http://gogonet.gogo6.com. Another is Hurricane Electric http://he.net and there are others.
+1 for HE
In the mean time, call your ISP and ask about when IPv6 will be available. Then ask them why they're behind the times. ;-) Some hosting sites have IPv6 available, so all you'd have to do is use it. DNS servers will require AAAA record support, but BIND has supported that for several years.
If your ISPs answer at this point is "no plans" - FIND A NEW ISP! Really, if that is the case, your ISP is obsolete and has no plans of upgrading their infrastructure. They are just a has-been waiting for the cash to stop rolling in.
Here's a link to an article about moving to IPv6, with some more links to other articles. http://www.itworldcanada.com/news/ipv6/141456 BTW, for some reason, Seamonkey, on either Linux or Windows, does not like this site. Firefox and IE work fine. On my own network, I use OpenSUSE 11.0 (soon to be updated) on an old computer for my firewall. I use the tunnel to get a subnet with 2^72 addresses and all computers on my network, including my smart phone, get an IPv6 address automagically. When I'm away from home, I use the client to get a single IPv6 address on my ThinkPad.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
On Wed, 2010-09-08 at 12:26 -0400, James Knott wrote:
Some of you may have noticed me talking about IPv6 lately. IPv6 is coming and is necessary,
+1
as IPv4 addresses are estimated to reach exhaustion within a year.
I disagree with casting "exhaustion" as the only reason to move to IPv6.
It's still probably the best argument.
IPv6 is simply a better and faster network protocol, it solves a variety of problems [mobility, multicast, routing-table bloat, NAT].
For the end-user, it solves ... let me see ... uh, nothing. :-( -- Per Jessen, Zürich (14.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
IPv6 is simply a better and faster network protocol, it solves a
variety of problems [mobility, multicast, routing-table bloat, NAT].
For the end-user, it solves ... let me see ... uh, nothing.:-(
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen. Also, the day is not far off, when people might want to access appliances or home computers from elsewhere. It's easier with an IPv6 address than using a VPN and worrying about whether NAT address ranges will clash. I experienced that one, while staying at a hotel that used the same address range as I did at home. IPv6 also will result in faster routing, so they might notice that too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2010-09-08 at 21:43 -0400, James Knott wrote:
Per Jessen wrote:
IPv6 is simply a better and faster network protocol, it solves a
variety of problems [mobility, multicast, routing-table bloat, NAT]. For the end-user, it solves ... let me see ... uh, nothing.:-( One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
Amazing isn't it. It just works! And multicast actually works too. People will dismiss these as fringe things somehow not applicable to [mythical] joe-sixpack-user. Until they experience them.
Also, the day is not far off, when people might want to access appliances or home computers from elsewhere. It's easier with an IPv6 address than using a VPN and worrying about whether NAT address ranges will clash.
+1, heck, +10,000! This is such a @*&!^$&*@*& pain. At an organization of any size this happens all-the-time.
I experienced that one, while staying at a hotel that used the same address range as I did at home.
Yep, another reason NAT is crap.
IPv6 also will result in faster routing, so they might notice that too.
+1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-09-09 03:43, James Knott wrote:
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
You mean that the device will have its own IP address regardless of where it is connected to - which means that several routing tables in several places have to be updated to know where your gadget is at the moment. Ie, large or huge routing tables. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On Sun, 2010-09-12 at 01:02 +0200, Carlos E. R. wrote:
On 2010-09-09 03:43, James Knott wrote:
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
You mean that the device will have its own IP address regardless of where it is connected to -
Yes.
which means that several routing tables in several places have to be updated to know where your gadget is at the moment. Ie, large or huge routing tables.
No, it doesn't work that way. <http://en.wikipedia.org/wiki/Mobile_IPv6> It is _normal_ for devices in IPv6 to have multiple addresses, and IPv6 supports encapsulation natively, it uses these two properties to accomplish this very efficiently. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/11/2010 04:02 PM, Carlos E. R. wrote:
On 2010-09-09 03:43, James Knott wrote:
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
You mean that the device will have its own IP address regardless of where it is connected to - which means that several routing tables in several places have to be updated to know where your gadget is at the moment. Ie, large or huge routing tables.
Wait... This is a red herring. You can not use a Flaw in the Android OS (shutting down an interface with an active connection in process) as justification for anything at all OTHER than fixing Android. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
jsa wrote:
You can not use a Flaw in the Android OS (shutting down an interface with an active connection in process) as justification for anything at all OTHER than fixing Android.
It's not a flaw in Android. The phone is designed to use WiFi when available. While you might be able to maintain a 3G connection while within range of your WiFi, you can't say the same about maintaining WiFi while walking away from home. At some point you will lose your signal and be forced onto 3G. IPv6 allows for that. IPv4 doesn't. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On 2010-09-09 03:43, James Knott wrote:
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
You mean that the device will have its own IP address regardless of where it is connected to - which means that several routing tables in several places have to be updated to know where your gadget is at the moment. Ie, large or huge routing tables.
Yes, when you're away from home, your home network essentially give someone trying to connect to you a "care of" address. Here's a link to a Wikipedia article about it: http://en.wikipedia.org/wiki/H.323 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
On 2010-09-09 03:43, James Knott wrote:
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
You mean that the device will have its own IP address regardless of where it is connected to - which means that several routing tables in several places have to be updated to know where your gadget is at the moment. Ie, large or huge routing tables.
Yes, when you're away from home, your home network essentially give someone trying to connect to you a "care of" address. Here's a link to a Wikipedia article about it: Sorry, I sent the wrong link. It should have been: http://en.wikipedia.org/wiki/Mobile_IP -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/11/2010 7:02 PM, Carlos E. R. wrote:
On 2010-09-09 03:43, James Knott wrote:
One feature that users might appreciate is mobility. For example, I have a Nexus One smart phone. It can get it's internet access via 3G connection to my cell phone carrier, but if it's within range of a WiFi network that it's configured for, it will switch to that. So, if I'm doing something, such as voice over IP, while walking up to my home, I'll be going through my cell carrier. However, as soon as I'm within range of my home WiFi, the phone will switch connections and kill my VoIP call. With IPv6 mobility, that won't happen.
You mean that the device will have its own IP address regardless of where it is connected to - which means that several routing tables in several places have to be updated to know where your gadget is at the moment. Ie, large or huge routing tables.
No, just more dynamic ones. If the sky is not quite yet falling due to the limitations of ipv4, neither is it due to the differences of ipv6. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (25)
-
Adam Tauno Williams -
Anders Johansson -
Anders Johansson -
Anton Aylward -
Basil Chupin -
Brian K. White -
Carlos E. R. -
Carlos E. R. -
David C. Rankin -
dwgallien -
Felix Miata -
G T Smith -
Hans Witvliet -
Ilya Chernykh -
James Knott -
John Andersen -
John E. Perry -
John Perry -
jsa
-
Lew Wolfgang -
Patrick Shanahan -
Per Jessen -
Peter Nikolic -
Philipp Thomas -
sc