I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig
with them, So they don't do that dual peering thing with us. (They do it on
another 100Mb/s circuit we have... I despise it.)
Just kind of curious how they go about it.
Do they issue you a small IPv6 block for your interface, just like they do
for IPv4? Is it a separate session? Any things to be aware of before
pulling the trigger on it? (Other then them not having connectivity to HE's
IPv6 side of things, Wish they would fix that already...)
For our peering with Cogent they assigned us a /112 from 2001:550. When we turned this up they dropped the old 'dual peering' thing for IPv4. Said they did not need that arrangement any longer.
I'm sure someone here is doing IPv6 peering with cogent.
(snip)
Any things to be aware of before
pulling the trigger on it? (Other then them not having connectivity to HE's
IPv6 side of things, Wish they would fix that already...)
Not just HE's prefixes you miss with Cogent.
Lack of full table means they can't be considered a full transit, ie,
you need something like minimum 2 full transits + cogent to do v6
properly. They're more like a private peering.
We have separate v4 and v6 sessions with them on the same dual-stack interface (a v4 /29 and v6 /112 on the interface). One session is between our v4 address and theirs, and carries v4 prefixes only. Then another session between v6 addresses that carries v6 prefixes only.
I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig
with them, So they don't do that dual peering thing with us. (They do it on
another 100Mb/s circuit we have... I despise it.)
Just kind of curious how they go about it.
Do they issue you a small IPv6 block for your interface, just like they do
for IPv4? Is it a separate session?
Like Mark described, for us too they dropped the goofy dual-session thing for IPv4 so we just have an IPv4 and an IPv6 session now.
Any things to be aware of before pulling the trigger on it? (Other then them not having connectivity to HE's IPv6 side of things, Wish they would fix that already...)
Yeah, there's that ... (We have a couple other providers, too, so we don't really care but it's goofy).
Worse, for us, is that their router doesn't respond to neighbor discovery requests, so I had to make a static neighbor entry on our router for the session to come up. Not very pretty. I spent more than an hour on the phone with them and they didn't have any ideas (we have plenty other IPv6 sessions for transit and peering on the same router that are working fine).
Somewhere on the internets someone anecdotally told they had a Cisco router that did the same thing until it was rebooted. Didn't bother calling them to tell them to reboot the router we are on.
Anyway, I guess the lesson is that they (like most providers, I am sure) don't have that much IPv6 experience and they didn't care that much that it didn't work right. Hopefully that attitude will change over the next months.
From: ryan@u13.net [mailto:ryan@u13.net]
Sent: Wednesday, June 08, 2011 9:19 AM
To: nanog@nanog.org
Subject: Re: Cogent IPv6
> I'm sure someone here is doing IPv6 peering with cogent. We've got a
> Gig
[SNIP]
We have separate v4 and v6 sessions with them on the same dual-stack
interface (a v4 /29 and v6 /112 on the interface). One session is
between our v4 address and theirs, and carries v4 prefixes only. Then
another session between v6 addresses that carries v6 prefixes only.
IPv6 newbie alert!
I thought the maximum prefix length for IPv6 was 64 bits, so the comment about a v6 /112 for peering vexed me. I have Googled so much that Larry Page called me and asked me to stop.
Can someone please point me to a resource that explains how IPv6 subnets larger than 64 bits function and how they would typically be used?
thanks,
Kelly
******* CONFIDENTIALITY NOTICE *******
This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended
solely for the use of the addressee. If the reader of this message
is not the intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other use of this
message or its attachments is strictly prohibited. If you have
received this message in error, please notify the sender
immediately and delete this message from your system. Thank you.
IPv6 netmasks work exactly like IPv4 netmasks. You can even route
/128's if you want. Two major caveats:
1. SLAAC (stateless autoconfiguration, the more or less replacement
for DHCP) only works if the subnet on your LAN is exactly /64. So
unless you're manually configuring the IPv6 address on every machine
on your subnet, you're using a /64.
2. Reverse DNS delegates every 4 bits (in IPv4 its every 8 bits). And
when you write the address, every 4 bits is one digit. So unless you
want to make things needlessly hard, you're also going to choose 4-bit
boundaries for everything. I.e. a /56 or a /60 but never a /57.
Now, as to why they'd choose a /112 (65k addresses) for the interface
between customer and ISP, that's a complete mystery to me.
Once upon a time, William Herrin <bill@herrin.us> said:
Now, as to why they'd choose a /112 (65k addresses) for the interface
between customer and ISP, that's a complete mystery to me.
I had to ask this here a while back, so I can now share.
IPv6 addresses are written as 8 16-bit chunk separated by colons
(optionally with the longest consecutive set of :0 sections replaced
with ::). A /112 means the prefix is 7 of the 8 chunks, which means you
can use ::1 and ::2 for every connection.
Of course, just because you allocate a /112 (or shorter) in your
database doesn't mean you have to use it. You could also allocate a
/112 for a point-to-point link and use a /127 (e.g. addresses ::a and
::b).
I had to ask this here a while back, so I can now share.
IPv6 addresses are written as 8 16-bit chunk separated by colons
(optionally with the longest consecutive set of :0 sections replaced
with ::). A /112 means the prefix is 7 of the 8 chunks, which means you
can use ::1 and ::2 for every connection.
Of course, just because you allocate a /112 (or shorter) in your
database doesn't mean you have to use it. You could also allocate a
/112 for a point-to-point link and use a /127 (e.g. addresses ::a and
::b).
Still that doesn't give any reason to provide /112 for point to point
connectivitiy. Seriously, I'm peering with a transit provider with /126 and
when I asked for a reason they said, ease of management. How come Subnetting
/32 to /126 is ease of management??.... thats quite difficult to understand.
This debate is there fore quite a long time but everytime it pops up I
feel so uncomfortable with this granular subnetting.
More below on use of various prefix lengths. You need to watch out
for the EUI-64 'u' and 'g' bits, as well as subnet anycast addresses
(top 127 addresses of every subnet):
Also, there is no prefix-length (or default router) option in DHCPv6,
so you have to configure the Router Advertisements with the longer
prefix length in this case.
> You can actually use DHCPv6 to assign addresses to hosts dynamically
> on longer than /64 networks.
>
> However, you may have to go to some effort to add DHCPv6 support to
> those hosts first.
Also, there is no prefix-length (or default router) option in DHCPv6,
so you have to configure the Router Advertisements with the longer
prefix length in this case.
It is perfectly possible to use RA *only* for the default router, and
not announce any prefix at all. This implies a link-local next hop.
> Of course, just because you allocate a /112 (or shorter) in your
> database doesn't mean you have to use it. You could also allocate a
> /112 for a point-to-point link and use a /127 (e.g. addresses ::a and
> ::b).
Please *do* consider using /127 on "real" point-to-point links (e.g.
SDH/SONET, serial) - especially if you have internet facing links and
are using a hardware based forwarding platform from vendors like Cisco
or Juniper.
This may be your simplest choice if you want to avoid the "ping-pong"
problem which is very real (on some platforms). See
