[190009] in North American Network Operators' Group
Re: Netflix banning HE tunnels
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Jun 13 04:56:34 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAPkb-7AMjiVPqTSmTvk7Wa0NW3WysOPhxPyEGhTJ+8O54=UEzw@mail.gmail.com>
Date: Mon, 13 Jun 2016 01:56:27 -0700
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Jun 12, 2016, at 18:27 , Baldur Norddahl =
<baldur.norddahl@gmail.com> wrote:
>=20
> On 13 June 2016 at 02:05, Owen DeLong <owen@delong.com> wrote:
>=20
>> 2. Consistent and easier comparisons for equality or ranges
>> In iPv4, this was useful. In IPv6, it=E2=80=99s =
essential.
>>=20
>=20
>=20
> You could also normalize your IPv6 text representation. There is even =
RFC
> 5952 for that. Abbreviated the rule is:
>=20
> 1) lower case
> 2) as short as possible, except do not shorten just one :0: into ::.
> 3) if there is more than one possible :: block that results in the =
same
> shortest length, choose the first block as ::.
>=20
> I am not quite sure why they put in the exception not to shorten one =
zero,
> but otherwise this is what most people would naturally come up with.
Actually, it isn=E2=80=99t.
Consider the case of 2001:0:0::/48 and the resultant subnet =
2001:0:0:406::/64.
Now consider the static address of a host within that subnet =
2001:0:0:406:0:0:0:302.
Most people would naturally tend to write this as 2001:0:0:406::302.
However, your ruleset would write it as 2001::406:0:0:0:302.
Yes, you can use a standardized text representation, but the easiest way =
to produce
this in most cases is to first convert to an integer then convert back =
to a representation
of the integer. If you=E2=80=99re going to go to all the trouble to =
convert to an integer to begin
with, isn=E2=80=99t it easier to just shovel things around as a 128-bit =
integer which has the
advantage of also being fixed-length and more compact in memory?
> Also, technically there is more than one IPv4 representation too. I =
have in
> the past poked security holes through this as most people forget (or =
don't
> know):
>=20
> Baldurs-MacBook-Pro-2:~ baldur$ ping -c1 100000000
> PING 100000000 (5.245.225.0): 56 data bytes
Yes, I believe I made examples of those and stated that it made more =
sense to store
IPv4 addresses as integers as well.
Owen
