[00:02] *** kingedgar has quit IRC (Ping timeout: 246 seconds)
[00:03] *** _Ehtyar has quit IRC (Remote host closed the connection)
[00:04] *** kingedgar has joined #arpnetworks
[00:05] *** _Ehtyar has joined #arpnetworks
[00:09] *** _Ehtyar has quit IRC (Remote host closed the connection)
[00:11] *** _Ehtyar has joined #arpnetworks
[00:17] *** __Ehtyar has quit IRC (Remote host closed the connection)
[00:58] *** LT has joined #arpnetworks
[01:39] *** ivan-kanis has joined #arpnetworks
[03:17] *** ivan-kanis has quit IRC (Ping timeout: 258 seconds)
[03:17] *** phreak has quit IRC (Quit: sleep)
[03:20] *** phreak has joined #arpnetworks
[03:27] <stamps> hmm, should i get an ipv4 dhcp offer when configuring a new OS on my vps?
[03:37] <stamps> hmm guess not. no ipv6 RAs either
[03:37] *** phreak has quit IRC (Quit: sleep)
[03:39] <LT> have to configure it static
[03:50] <stamps> yeah, would have been nice if it happened automagically
[03:50] <stamps> had to boot back into the previous install to get the network config
[03:58] <LT> think if you log into your account there's a webpage with the IP details
[03:58] <LT> personally I dislike the idea of dhcp for servers and the idea of RA at all
[04:36] <toddf> RA is great, if you need dynamic allocation. better than dhcp, since its stateless. for static configs, pretty much not recommended indeed.
[04:43] <LT> curious... why does being stateless make it better?
[04:50] <toddf> a) less memory requirements on the server
[04:50] <toddf> b) less roundtrips to configure
[04:50] <toddf> c) simpler
[04:50] <toddf> d) quicker
[04:51] <toddf> so in my mind dhcp is a book wrt conversation between the client/server. RA is a tweet.
[04:52] <toddf> need to prod or hack myself dns into rtadvd/rtsol on OpenBSD and then life would be complete. there are rfc's that describe it, just needs implementing.
[04:53] <G> toddf: Windows also needs to implement it big time :)
[04:53] <toddf> windows doesn't have a RA client?
[04:53] <toddf> osx so I've been told has RA but no dhcp6
[04:53] <toddf> at least by default
[04:53] <G> toddf: RA client, but no DNS in RA
[04:53] <toddf> G: ah.
[04:53] <G> toddf: I think that's right wrt to OSX too
[04:54] <G> yeah, my OSX has an RA client
[04:54] <G> but it doesn't appear to have added the IPv6 NS server to /etc/resolv.conf
[04:54] <G> toddf: my other issue w/ Windows, is that it doesn't use the same EUI64 format
[04:55] <toddf> doesn't it do the privacy thing?
[04:55] <G> yeah, I think it still uses the MAC, but it's not as resolvable or something
[04:55] <toddf> my issue with windows is the closed source nature .. amongst other things.
[04:56] <toddf> resolvable? lower 64bits have no business in a sentence with 'resolvable'
[04:56] <G> I mean back to the MAC address
[04:56] <toddf> so they used their own algorithm. great. score for 'windows hacks it up,.... again ;-('
[04:57] <G> my RA'd Windows laptop, has the lower 64bits of: 39ba:ba9b:5ece:262b
[04:57] <G> where as, if I boot it into Fedora, it'll have something with fffe in the middle
[04:57] <G> which imo is actually more of a security risk, than telling the world want brand NICs you are running
[04:58] <G> "Ohhh that person must be connecting from a Windows box, lets exploit some bugs with the TCP replies"
[04:59] <toddf> I can tell what os you are running down to the patchlevel if you establish a tcp connection that I can access either via pf or bpf.
[05:00] <G> toddf: good point :)
[05:00] <toddf> so conversations about the random algorithms for EUI64 are rather moot.
[05:00] <toddf> in the context of security and os discovery.
[05:00] <G> yeah, a good point I guess, I was trying to add a bit of drama to it :)
[05:00] <toddf> OpenBSD has a privacy extension thing as well. though I've never used it, as I don't see the point.
[05:01] <G> oh, where it fuddles with the EUI64?
[05:01] <toddf> security through obscurity is playing russian rhoulette.
[05:01] <G> exactly
[05:01] <toddf> at some point you're going to be had.
[05:01] <toddf> lookup dropship for an example.
[05:01] <G> I laugh at the people that said that IPv6 needs NAT for security
[05:01] <G> because you shouldn't expose the public routable IPs that are internal to your network
[05:01] <G> my response is: that is what ACLs are for
[05:02] <G> don't allow external people to get that far into your network
[05:02] <toddf> I am angered by them. I lost a client due to someone accusing me of having a bad plan for them since they had a class C and I was subnetting it to give windos systems public IP's (behind an OpenBSD firewall of course). the client believed the other person vs me. *SHAKES FIST*
[05:03] <G> yeah, Cisco in their books have got the issue spot on imo
[05:03] <G> well in their CCNP training books anyway
[05:04] <toddf> nice to know. *SHAKES FIST AT CISCO FOR MAKING SOME PEOPLE BELIEVE IT IS THE ONLY NETWORK FIREWALL/VPN WORTH TRUSTING*
[05:04] <G> toddf: ahh well with that I agree
[05:06] <G> I kinda find it funny how the Cisco Press books go on abotu how good IPv6 in all their products is, but the real world half the stuff doesn't support it, or doesn't support it properly (if what people actually using and trying to implement it, are asying is true
[05:07] <G> and well, when it comes to their Linksys business
[05:08] <G> "All our commercial/business kit supports IPv6, just about all home computers support IPv6 now, but the equipment needed in between, ha good luck!"
[05:10] <G> but anywho, it's not just Cisco
[05:14] <toddf> G: so since you seem clueful on IPv6 and cisco, can you point me to the docs (or give the ios commands) on how to disable RA while still enabling ipv6 forwarding? (have a cisco I'd love to enable IPv6 on, but the instant I do, it starts advertising itself as the default router which is incorrect)
[05:15] <LT> I find the argument that RA requires less memory a bit suspect... with DHCP the server tracks a single address per host. with RA a host may assign itself as many addresses as it likes, each of which takes up memory in the routers neighbour cache, which is far smaller and more expensive than server memory
[05:17] <G> toddf: you mean 'ipv6 unicast-routing'?
[05:17] <G> oh wait, I get you now
[05:18] <G> yeah, you want ipv6 unicast-routing, but you don't want the RA's
[05:19] <G> toddf: tried http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/ipv6_f.html#wp1056151 ?
[05:30] <toddf> ipv6 nd suppress-ra
[05:30] <toddf> nice
[05:30] *** nuke` has quit IRC (Read error: Operation timed out)
[05:31] *** shmget_ has joined #arpnetworks
[05:31] <toddf> danka
[05:32] *** nukefree has joined #arpnetworks
[05:32] *** shmget has quit IRC (Read error: Operation timed out)
[05:33] <toddf> Failover does not support IPv6. The ipv6 address command does not support setting standby addresses
[05:33] <toddf> for failover configurations. The failover interface ip command does not support using IPv6 addresses
[05:33] <toddf> on the failover and Stateful Failover interfaces.
[05:33] <toddf> hah!
[05:34] <G> toddf: oh gosh
[05:47] <toddf> carp(4) to the rescue!
[05:51] <LT> I had a feeling cisco fixed that in a later version... or maybe that was only ASA and not FWSM
[05:52] *** nerdd_ has joined #arpnetworks
[05:52] *** Nigel_ has joined #arpnetworks
[05:52] *** freedomcode has joined #arpnetworks
[05:53] *** milki_ has joined #arpnetworks
[05:54] *** nerdd has quit IRC (*.net *.split)
[05:54] *** milki has quit IRC (*.net *.split)
[05:54] *** reardencode has quit IRC (*.net *.split)
[05:54] *** G has quit IRC (*.net *.split)
[05:55] *** Nigel_ is now known as G
[06:19] *** shmget_ has quit IRC (Read error: Connection reset by peer)
[06:24] *** ziyourenxiang has joined #arpnetworks
[06:26] *** shmget has joined #arpnetworks
[06:29] *** crazed has quit IRC (Read error: Connection reset by peer)
[06:29] *** crazed has joined #arpnetworks
[06:29] *** crazed has quit IRC (Changing host)
[06:29] *** crazed has joined #arpnetworks
[06:40] *** kingedgar has quit IRC (Quit: Ex-Chat)
[07:28] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[08:41] *** ivan-kanis has joined #arpnetworks
[08:49] *** LT has quit IRC (Quit: Leaving)
[08:50] *** ziyourenxiang has joined #arpnetworks
[08:54] *** ivan-kan` has joined #arpnetworks
[08:54] *** ivan-kan` has quit IRC (Remote host closed the connection)
[09:08] *** ivan-kan` has joined #arpnetworks
[09:20] *** freedomcode is now known as reardencode
[09:37] *** ivan-kan` has quit IRC (Remote host closed the connection)
[09:44] *** cubelogic has joined #arpnetworks
[09:56] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[09:56] *** HighJinx has quit IRC (Ping timeout: 250 seconds)
[10:31] *** HighJinx has joined #arpnetworks
[10:43] *** ivan-kan` has joined #arpnetworks
[10:45] *** ivan-kan` has quit IRC (Remote host closed the connection)
[10:49] *** RandalSchwartz has quit IRC (Ping timeout: 248 seconds)
[10:49] *** ivan-kanis has quit IRC (Remote host closed the connection)
[13:15] *** phreak has joined #arpnetworks
[15:21] *** ikariW has left 
[16:04] *** milki_ is now known as milki
[17:10] *** RandalSchwartz has joined #arpnetworks
[17:10] *** RandalSchwartz has quit IRC (Changing host)
[17:10] *** RandalSchwartz has joined #arpnetworks
[18:12] *** cubelogic has quit IRC (Ping timeout: 276 seconds)
[18:52] *** HighJinx has quit IRC (Ping timeout: 246 seconds)
[19:02] *** baklava has quit IRC (Ping timeout: 258 seconds)
[20:28] *** HighJinx has joined #arpnetworks