Tag: network

Problems with a IPv6 only network – Ben’s Place

In my last post I talked about running a pure IPv6 network, as part of my ISP building project, but still allowing access to resources on the internet currently only available via IPv4.This works well assuming all the clients on the local network are IPv6 capable, unfortunately this is not always the case. There are legacy devices that do not understand IPv6.This is a real problem with IoT devices that are either no longer being maintained or just that have hardware that is incapable of using anything other than IPv4. There is also a small problem that a IP cam with a IPv6 address is probably available to the world with out some firewall rules or a ACL limiting access to the local /64, but those are problems for another day…Another issue is hard coded IPv4 addresses in legacy applications, this is a problem even if the OS/device supports both IPv4 & IPv6 but is only connected via IPv6.There is are a few of solution to both these problems.

Source: Problems with a IPv6 only network – Ben’s Place

Proactive Network Configuration Validation with Batfish – NANOG (2015) Presentation

Proactive Network Configuration Validation with Batfish
Watch this video on YouTube.

Batfish is an open-source network configuration analysis tool in active development produced jointly by researchers at University of California, Los Angeles; University of Southern California; and Microsoft Research. Though its individual modules have various applications, its primary purpose is to detect bugs in network configurations. Batfish takes as input a set of network configurations, and an environment, which consists of a set of (in)active links and a set of external BGP advertisements. Users are able to ask customized queries about the control plane using Batfish’s domain-specific query language e.g. whether all loopback addresses are being advertised into OSPF, or whether all route policies attached to eBGP neighbors apply a particular community to incoming routes. Batfish also is able to compute the convergent data plane for a network, which provides further query facilities. Given the data plane, users can employ an off-the-shelf data plane checker or use Batfish’s data-plane queries to check common properties such as reachability/black holes, loops, etc, as well as novel properties (introduced at NSDI’15) regarding equivalence of multipath routes, fault-tolerance, and unique delegation of customer address space, with more to come.

De-bogonising 2a10::/12 | RIPE

With the RIPE NCC having become the first RIR to receive an additional /12 IPv6 allocation (2a10::/12) from IANA a few months ago, we will soon begin to delegate space from this IPv6 block to LIRs. In preparation for this, in order to improve routability and minimise the risk of filtering, the RIPE NCC will perform several de-bogonising activities in the next few weeks.We plan to start announcing the full /12, as well as a few /32 or longer blocks out of 2a10::/12 from AS12654 (RIPE Routing Information System (RIS)), within the next few days. We will analyse data from RIS and RIPE Atlas and we plan to write up an analysis around this effort.We want to remind everybody to update their bogon filters and allow routes originating from 2a10::/12 in their network.

Source: RIPE NEWSRouting WG, Google (De-bogonising 2a10::/12)

Vodafone tests open cellular radio tech that could lower call costs

Open standards for radio networks ? … ‘3 steps forward, and less than ⅛ back’ ?

Your wireless carrier is usually beholden to using proprietary cellular network tech from the likes of Ericsson or Nokia, but there may soon be a more universal technology that could benefit your bank account. Vodafone has started the first European tests (specifically, the UK) for OpenRAN, an Intel co-developed open access radio system that harmonizes hardware and software in cellular infrastructure. It doesn’t sound exciting, but it effectively opens the door to lower-cost cell networks — and that, in turn, could lower the costs of your calls and data.

Source: Vodafone tests open cellular radio tech that could lower call costs

David Holder – An Overview of IPv6 Security

UKNOF42 - An Overview of IPv6 Security
Watch this video on YouTube.

Speaker: Dr David Holder (Erion Ltd)
http://uknof.uk/42/

Security is one of the most crucial factors in modern networks. Network operators are painfully aware of this. IPv6 brings new challenges, features and opportunities for network security.

This presentation provides a comprehensive overview of IPv6 security, why it needs to be taken seriously, how it differs from IPv4, the problems it presents and current IPv6 security techniques and best practice.

As IPv6 becomes more widespread, no one interested in network security or network forensics can afford to ignore security IPv6