<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>A mix of private vlans and cleverly written ACL’s can fix up that problem, you can then assign all the hosts into the one vlan and know they cannot communicate, but it is a little less “clear” security wise and is definitely going to require a little more effort to get started in the first place as well as some good testing to confirm everything is ok. You’ll also need additional security on the network (things like arp inspection, dhcp snooping if applicable, port sec, etc are some obvious ones)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>On the topic of /31’s, I have found a lot of devices (even some networking gear, my SBC comes to mind) won’t take a /31 even if it’s all legitimate so sometimes /30’s are needed.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I can understand the /64 point of view but in most cases its “easier” to give that to a customer rather than trying to split them all up into insane blocks. While yes, a /64 contains a LOT more IP’s that the older IPv4 ranges would ever have allowed, breaking them up further causes complexity that may not be necessary, as well as the possibility of complicating route tables etc., so there are two sides to that argument.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I can understand either point of view, but it is the new unofficial (or is it actually official now) IPv6 “standard”.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>You should be able to assign /31’s to most servers without any major drama, as long as you don’t require them to use broadcasts etc to communicate with other devices in the subnet (obviously not an issue), my experience has been they will accept it, but always be prepared to need to break that rule for that device that just won’t accept it </span><span style='font-size:11.0pt;font-family:Wingdings;color:#1F497D'>J</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It’s interesting your carrier links are /126’s, generally most providers have seen (admittedly this is not too many yet) have been either /127’s or /64’s. I suspect that comes from a legacy viewpoint more than an actual requirement though I could be wrong.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks,<o:p></o:p></span></p><p class=MsoNormal><b><span style='font-family:"Arial","sans-serif";color:#333333'>Ayden Beeson</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> ausnog-bounces@lists.ausnog.net [mailto:ausnog-bounces@lists.ausnog.net] <b>On Behalf Of </b>Sean K. Finn<br><b>Sent:</b> Thursday, 2 May 2013 10:44 AM<br><b>To:</b> 'Tom Storey'; august forsakov<br><b>Cc:</b> ausnog@lists.ausnog.net<br><b>Subject:</b> Re: [AusNOG] UK server hosting<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>/31’s *<b>ARE</b>* weird in server world. I’m sure not in ISP world, but in server world they are damn weird. You’ve got one IP for your server, an IP for your gateway, and no broadcast or network address. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sure it wastes the two outside IP’s.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If there is a better way to assign a single IP to a server than by assigning a single gateway address, a single server IP address, and burning the other two IP’s, and giving the customer their own VLAN, I’d like to know what it is, and how much easier it is to setup.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Do we need to get clients to install a PPPoE Client on their server to get their IP from their /31?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>My first question is, genuinely, is there a way to achieve this (using a /31 for servers) to help me conserve IP space?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>For the record, I need to burn 5 IP’s for most customers, leaving three usable:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The first IP for physical Router one,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The second IP for physical Router two, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The third IP for the VRRP or HSRP Virtual Router floating IP, which is used as the actual gateway,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Another two burnt for Network address, and Broadcast Address, leaving three usable IP’s from a starting pool of a /29<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>As for IPv6 , school’s still out on assigning /64’s to customers.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’ve got carrier links with IPv6 and for each one, by carriers, I’m assigned a /126 (not a /127), which gives them one IPv6-ip, and me one IPv6-ip. I don’t need a whole /64 to connect to points.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If I’m providing a server to a customer with, lets say, 32 IP’s for hosting, or whatever their requirement, do they really need more than a corresponding 32 IPv6 IP’s to achieve the same goal? <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br>Do I need to assign them four billion IP’s just because I can? Or FourBillion Squared?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>My easiest solution is, if I provide a customer with a /24, then I’ll provide them with a matching /120 of address space, at least for the time being.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It keeps the usage simple to begin with, and also aids in indentifying single hosted compromised sites. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>(Do I REALLY want to figure out which of the four billion IP’s a client is using to host their compromised site on?)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you want a /64, sure, why not, go nuts, do your own thing with it, but it *<b>IS</b>* overkill for non nerdy customers who just-want-their-bloody-hosting-to-work.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Any and all feedback, and any opinions that counter mine are not only welcome, but encouraged, I want to hear what other people think about IP assignements, as I can’t live in a knowledge bubble. (And I’m sure any spectators don’t want to either).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sean.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> ausnog-bounces@lists.ausnog.ne t [mailto:ausnog-bounces@lists.ausnog.net] <b>On Behalf Of </b>Tom Storey<br><b>Sent:</b> Thursday, May 02, 2013 12:20 AM<br><b>To:</b> august forsakov<br><b>Cc:</b> ausnog@lists.ausnog.net<br><b>Subject:</b> Re: [AusNOG] UK server hosting<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>You will get a lot of responses from the UKnof list, competition is quite healthy it seems. I did this myself mid last year and ended up with 3-4 providers to choose from.<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>I have one criticism for Othello. They thought /31's were wierd and that they had "a better system using /30's" and couldnt understand why someone would want a /64 of IPv6 because it was "a *VERY* large block for IPv6" to quote verbatim ... Basically their sales guy gave me the wrong impression about them.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>On the other hand I had a very good conversation with Xifos, they were most accommodating to what I was looking for, so I give them two thumbs up. They are based in Reading, so a bit west of London, but that could also be a good thing if you've ever visited here. :-)<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>On 29 April 2013 09:32, Mark Prior <<a href="mailto:mrp@mrp.net" target="_blank">mrp@mrp.net</a>> wrote:<o:p></o:p></span></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US>On 29/04/13 3:44 PM, august forsakov wrote:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Looking for server hosting in the UK.<br>Needs to be hardware only.<br>We plan to install and manage several VMs to host some of our stuff over<br>there.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US>You might be better off sending the query to the UKNOF list <a href="mailto:uknof@lists.uknof.org.uk" target="_blank">uknof@lists.uknof.org.uk</a><span style='color:#888888'><br><br>Mark.<br><br></span><br>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></div></div>
<P><A title="Charles Sturt University" href="http://www.csu.edu.au/"><IMG
alt="Charles Sturt University"
src="cid:csu-logo78b4.bmp"
border=0></A></P>
<P
style="FONT-SIZE: 8px; COLOR: #c42129; FONT-FAMILY: Arial, Helvetica, sans-serif">| ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO | GOULBURN | MELBOURNE | ONTARIO | ORANGE | PORT
MACQUARIE | SYDNEY | WAGGA
WAGGA |</P>
<HR>
<SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 9px; FONT-FAMILY: Arial, Helvetica, sans-serif">LEGAL
NOTICE</SPAN><BR><SPAN
style="FONT-SIZE: 9px; FONT-FAMILY: Arial, Helvetica, sans-serif">This email
(and any attachment) is confidential and is intended for the use of the
addressee(s) only. If you are not the intended recipient of this email, you must
not copy, distribute, take any action in reliance on it or disclose it to
anyone. Any confidentiality is not waived or lost by reason of mistaken
delivery. Email should be checked for viruses and defects before opening.
Charles Sturt University (CSU) does not accept liability for viruses or any
consequence which arise as a result of this email transmission. Email
communications with CSU may be subject to automated email filtering, which could
result in the delay or deletion of a legitimate email before it is read at CSU.
The views expressed in this email are not necessarily those of CSU.</SPAN>
<P style="FONT-SIZE: 9px; FONT-FAMILY: Arial, Helvetica, sans-serif"><A
style="COLOR: #c42129" href="http://www.csu.edu.au">Charles Sturt University in
Australia</A> The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795
(ABN: 83 878 708 551; CRICOS Provider Numbers: 00005F (NSW), 01947G (VIC),
02960B (ACT)). TEQSA Provider Number: PV12018 <BR><A style="COLOR: #c42129"
href="http://www.charlessturt.ca/">Charles Sturt University in Ontario</A> 860
Harrington Court, Burlington Ontario Canada L7N 3N4 Registration: <A
style="COLOR: #c42129" href="http://www.peqab.ca">www.peqab.ca</A></P><SPAN
style="FONT-SIZE: 9px; FONT-FAMILY: Arial, Helvetica, sans-serif">Consider the
environment before printing this email.</SPAN> <div style="color:#999999;font-size:11px;font-family:verdana"><br>Disclaimer added by <b>CodeTwo Exchange Rules 2007</b><br><a href="http://www.codetwo.com">www.codetwo.com</a></div><br></body></html>