99 days of freedom

I’m taking part in the “99 days of freedom”, by leaving Facebook for 99 days. I was never a big FB person anyway, this is just a convenient excuse.

I’m actually doing more (useful) things using Google+ and you can still find my #craftbeer posts at Untappd

If you’re really a FB-only person, here’s the countdown until I return :-)

I’m just getting ready to lab some MS Server 2012 and Active Directory stuff to see how it works with IPv6, so that should begin to show up here in a few weeks.

Or how about we connect using the original “social media”, face to face? I’ll be at DEF CON next week.

 

, , ,

Leave a comment

Back soon…

Work projects have kept me super-busy the past month. I’ll be back with more IPv6 (and sysadmin) posts in a few weeks. Thanks for stopping by.

Leave a comment

IPv6 traffic doubles, again

This is encouraging news: Google reports that 3% of its traffic is now IPv6. This means that IPv6 traffic has more than doubled, each of the past four years.

Even if 3% seems small, that’s huge in terms of the number of people involved. Google sees about 12 billion searches each day, and has about 191 million unique visitors each month.

A quick back of the envelope shows that that’s about 5.7 million IPv6 visitors each month, and most of that comes from US carrier Verizon wireless. That’s not surprising, considering that 39% of VZW’s traffic is IPv6.

So while 3% isn’t much as a percentage, it is a lot of traffic, and the rate of change is very good. All this bodes well for IPv6 adoption in the coming 24 months.

Leave a comment

USA! USA! (unless you want affordable high-speed Internet service)

“In comparison with the rest of the developed world, the US has slower broadband speeds and higher broadband prices than just about anybody.”

No surprises here.  US ISPs and cable companies (among many other industries) continue to rock record profits, and instead of investing, just buy back their stock, or sit on the cash.

On the technology front, this means that instead of upgrading backbones, or delivering native IPv6, or a higher quality of service, they are deploying stopgap measures. Some examples of this are Carrier Grade NAT (CGN) instead of native IPv6. “Dumb” DVRs that are less programmable, and less usable than some home grown solutions. No investment in technical support.  Man-in-the-middle ad networks, DNS hijacking, abusive legislation, and other interference with their customers’ data.

As long as the last mile is a de-facto monopoly, that’s just what we’re stuck with.

, , , , ,

Leave a comment

chip and pin! Finally! (maybe)

Since my first trip to Europe 5 years ago, I’ve been trying to get a chip-and-pin credit/debit card. As far as I have been able to find out, other than a single credit union in DC, there is no way to get a chip-and-pin card in the US. American Express and others have chip-and-signature, but that’s not the same, even if they try to tell you that it is. For example, you can’t use chip-and-signature at unattended gas stations, vending machines or many other places in Europe.

It looks like, finally, the American card industry is willing to truly join the EMV card world, and issue chip-and-pin by 2015. It only took 10s of millions of credit cards numbers being stolen within a single month or so, to get them to move.

Almost all of our credit and debit cards were re-issued to us in January, by several credit unions and other financial institutions. That had to be expensive for all of them, and there is talk of the banks suing Target over their breach.

While this won’t end credit card fraud completely, it will definitely make it more difficult.

Just one more thing to think about as I work on my personal privacy…

, ,

2 Comments

Upgrading my personal privacy one small step at a time

I got my start in computer security from the personal privacy side of the equation. Revelations over the past year have made me realize that I have become complacent, and it is time to upgrade some aspects of my personal digital privacy.

My first “paper” on security was an essay that warned that “someday, the government and large corporations will be able to search and manipulate hundred of millions of bytes of information, giving them improper leverage over individuals, who won’t have the same access to computing power or storage”. I got a B. My high school English teacher said the writing was very good, but she couldn’t accept the premise :-( That was in the late 1970′s.

I’ve had, but rarely used PGP/GPG keys for email since the early 1990′s. I have friends who probably encrypt about 10-25% of their email, and sign almost 100%. Others encrypt and sign more, or less. Some are more consistent about this, some less. I felt that this wasn’t necessary for me, as I was a small enough needle in a large enough haystack, that “computational privacy” probably wasn’t needed in my particular case.

I’ve run my own email servers on my own hardware, off and on, for years. I’ve done the same for personal web servers, photo galleries, and other personal storage. Over the past few years, I’ve made much more use of hosted services, like Gmail, and WordPress.com (for this blog) instead of building, maintaining and securing them myself on my own hardware under my own physical control. I’m going to have to re-think some of those decisions, I guess.

The Snowden revelations, coupled with high-profile cases of seizures of data and equipment from hosting providers, and the inability of those service providers to stand against the abuse of certain government powers has led me to believe that it’s time to step things up a bit.

I want to upgrade my personal privacy stance over the next few months. I’m going to have to re-learn lots of the details of encryption, look at products that didn’t exist a few years ago, look into newer encryption algorithms and key search technologies. I expect I’ll need to make changes in the way I use email and the web and in general communicate. There are a lot of good resources out there; I’ll share what I find.

I don’t plan to wear a tinfoil hat, become a crypto-anarchist, bury guns and ammunition in the desert, or buy gold. This isn’t going to be a knee-jerk reaction, just some slow steady Kaizen  to improve my digital privacy.

, , , ,

1 Comment

new GPG Key

With the recent revelations about privacy issues in the United States, and new recommendations about algorithms and key lengths, I’ve generated a new GPG key.

I’m also providing my prior public keys in case anyone still has old email encrypted or signed with those keys.

Here is my most recent key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
mQINBFLspJ8BEAC7NMUlCttCzSOGI9V0+13uhXmd7rMHksBwZIJJ3kFgJpymJMq5
fnshgIn3i59OIjYeDlmpPMjaTpiL3dQ8WgeQm/J2r0aJeaR3D8gnOqDr6W2VkCNE
6u+y10EiY0kF1WQTnAM2U3SkW+fPw1DBR5+KwMx0jrDoJNvbD6dYzd2TCQo4sN8Y
nGr69NZ2xI9OPHvlluPWfBOHuoB5SEUpI5c/8HHRFgXS06iAyEpystu3ebZDUZaA
EuyEovxygqanwwdsOYpP/aZWbz/UnoyRMvVrHnHphgKlsVvNue41Z9IGGqyd6okM
YBkyS9Sh7cfm9gfQpjuS1hpU03i8D7bsml8SonCgJ4FG3thw2aTfjFm0ZJq+gQNk
4qMb0U7EHkIOJgyWwS+/1tJA3teUuoBHqbFRcc2W2qUv1Ezyz0Z99Rp0NwmO0AZq
muxk/ZT5R3d7ihy9qKhLcfWJoyXzE0meHPhjIGldx1o5xtXmCMX5/IgE9j1u7LVo
NsI27KQoj/ORxsolZZFJjfvvARujm9Vdhon2MxvrfR1Bt+1PTQuX+tD0eGIztdaZ
ZhZeALU00DaDLkVYQlTBLGl6QB3Nh2YDDaEIo8sfXbSeGdSrIK6d9tgoh/UE7QaO
YlxwAXCMys7uqijXSgsYbah9qVHL0Sd1tS4HmzJj8/6nzmXwZoIxUuDCAQARAQAB
tDBUb20gRS4gUGVycmluZSAoSmFuMjAxNCkgPHRvbS5wZXJyaW5lQGdtYWlsLmNv
bT6JAjoEEwEKACQCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlLsrhECGQEA
CgkQcMP7B3sV+GVeAQ/5AWXXwyVbR9/n8AO2pAVJeHXz6o3PlI7NsOya7smWrbnT
b/GF8pepG6MJYnJScWTu0x9VGwZEgRjb7r56AkIngstWwa7Xc5TqmkAYM8VilvZp
2idPiw+95Id8YU/GzeyM9kFk4rkNlmj47ePKqZk4wiB0zr6q60UYh4xOHKL9ESMp
pa4vKIKaYRyDjekYlerGTNmgBadW0G5ScxAdHP6XYyYYNKEPdTS9+T3GrdQLIDuR
KrTKoeoJ6PdcCy5LKJOrrYWAvom5MrE16e/NMs8RwubQimRwGEvnCoqLtseW4hpT
RlMH8ey1nY0cGiadVi7cMYBw6R4MdmqwGKC/vu8C1OipWqs7l/Rh7J4G32p6qZ67
6JtFhtpdEYcqTq/G+MvLZTK5qZeXctS/C5Y+kUCqT/nRnuC34crtW3jqvLWSkkRx
gVgXGempUFieGuiDZfImJJMEGL29jETscCzOVPxDnKA6t+Chah7Q2J9rU1+Nbk6e
S3PHiNSGrvoeGgP9/dtfgOb5/8Env6m+dH0BRSnXJXtuZtfyIWswbdTqW0EZkkuF
Y+pzuFnmUpNQKc7GXYo+ZkSWaUb9QeMhWKQmCa5wZ/lPwHk913S387MtXchby425
Xjn+xiuSnTuMVNr11LVmUlZXHk8tQrmProTEWTxgHxLQpfFVXA6X30wlzFDUadmI
RgQQEQoABgUCUuynGQAKCRA+7nd+FwgS4KauAJ0XmwH3449fm6wm2OYFJC6ZbMiV
bwCdFbZ1MBP1Yx2n7G7aijtHLToutua5Ag0EUuyknwEQANMog3yAdVIou/QVIElO
pF/S9H6G1yv2YZTe34W9VnEKj0ImNVOJjkWXqNapC673YSy9l1T8np6l+wNGs2WW
LZp90d6CUJC8DjFkRpWVCfjJaWfrLatVt+HlK6k4kZFy/uH1trYg+gHwBsgEX8SM
Hnqr0GhG6M+lrGYpCcJi7/4y5geV+j2FK5L8RD1hjcev9NC3++ESNiyf3cyL4RY0
69tGJk26T5nmuRRcHGDiKEk91JFpF9mVhnb9zuywuw5lzv5+n9ye0q7hIJWUqJRQ
boVy/HoQMTcJha05Ce0QNdoZoBBmsoMeYu492Hzqgf6FoOMcy9glxvkTgjWpSxMB
6B7y6OH+dFXoqsBSaE6dqf7lWFxjl57LOaUM0ccLLi0eBDdkYmsICVHIm9J+6qaX
0z3eRRa9Fopb0KkaM2etuTeFdNSKlzg/iXvyXi3YWqz7+cgpHR4YmwyhF5ZMby+q
on72Wd+YfNCUD3W27E4i4y8cLRs03U6Amf5iEErM1EW7Bghq0oOQYnkc+NyRDpQi
qp+4Y/74kTAE49BLvRiNsLIuF6TWTqzc7WGFi5flUwifKiNKwJwuOMwBUSiPse2x
5G2nB4sOvMwzCpDqMpaYEPjkwfd6onVIN+L26BXilXP1YgpOnbxilv53ZzJoGcAJ
ZIxihdWIQDwpQnoIdlll2tmdABEBAAGJAh8EGAEKAAkFAlLspJ8CGwwACgkQcMP7
B3sV+GVwYhAAp+06MYAfjazrHdiOCXTJFW9YTO30B6sb/Dkp8k+EJCaMt+DFZLaG
A9gXM4AtC04tv83NTWHoS4qtrnzWeb/FYILHjFZK/cMxl20ou02640aX91rHFYSe
ADT35bL93CwJao13IxkXUm9QvyU/v0N8pJSeJjm4JjBC8P9X0lsL+ntGwwyCj4Px
KqZMzZKAf6pPM1/lI6AkixtxPAnZx7HCHRxCquuhsoZUJ0tn4Z+pETgLj6SDsi7b
aj8rK5d27H37hcrWqn4rN/xlsrTUL0eUVN8p8osTR0Dm53jduYo076rEKYMn5lyj
XUBE2CLcqCcbNLesB/QXn3oDBhr46dMXFqRLyv+SIX+Gis6uSyhVgyTocJnktwnL
Aic0tFqc09bICBCTKSBaHADPyhbboQQzT0IlBcEb2Shhy2r2Hl6mwbG4bbS94dol
ynEzAhc9j2/A5NLnv7Vzpte93hL4dwOQ1V4twyuQH9206RJKqEt+3nbXmMOrkCpO
YXyGkE0H88Nr5KkYgo81ByveW9U39ABSfaxdYdCDO37J0Q9D9Ua9G7ZgFPFfhsAl
fZ8CNfGS/Re5BqVDYZ+b60s4fBQUpY0vXoN8/nsnqXhmaz+NgbAbWuTXuDu6+tMj
ZJZVI7IOPvnfytZXBBqEu1j8EsdQMRR8vreglclfcqynE78evHv1X24=
=SE+1
-----END PGP PUBLIC KEY BLOCK-----

Here is my key from 2006:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
mQGiBEQSETMRBACWXd8/2l0AJqquyaYooKFs+qvrDv6Sa/UJrlFHxiKCTMp3l5Np
Ok7YTcuMY7fzMTv1Hidwcr2qkUHGPtxVbtG/Y3cwrZxzIflO9+5X4j28O8uIxe/8
unC5LsFAl5qDBbjDjQTAXSHdmFhQaKbinV1Yelue6AWFnWXWHyFMM7UqEwCgsrVV
p3TuW8t9/8sCHqt0bE+4OxED/inPmmHYx8PqxuCR7C8Z/NrAYS9lttlq9eY8AapL
T0gpF0V16YJbWpHglAEKRkDVN5/8J9QT8tbc85JpnZ9iG09nKk+ajGiF0n281RkO
0alDnOk8CF3q+BWv3xKrn4p2q0gSryHp8wRwZIMHWvzqgOSOm0Cjm1aAlb3Rfjvv
hHGrA/0Vpu8cQ4zRP5ZXX3p8kdYYXWjX0j4F5TOr/8Ekgq1/OTGNEaLhj2PD28Ao
hpWL3ulffXCVkWF6Pe5N5ik2aYu0deL+ofgHu7cAo5n9gSjpCfGeFK8AZRnX+dvy
8lx+ig70DYrV0v0Peyr00pYnHs8Uaf6/0pkiG4UHyC2LU28PX7QbVG9tIFBlcnJp
bmUgPHRlcEBsb3BzYS5vcmc+iF4EExECAB4CGwMCHgECF4AFAkQSHDwGCwkIBwMC
AxUCAwMWAgEACgkQPu53fhcIEuDbpQCfd/tPxdDqHpXDsV0l0XTsJx61dZoAn0JV
pLJCj72K7OtY6U1XCWzg/PnniJwEEAECAAYFAkQTvXMACgkQpFCQLAnT5k3NnQP+
OhyAkSRgRHeFaYuc+TB/dRJ/lMtVLsbt4qfdEoAUKIauokgGvta6J8HRCZOh7/ko
7R9XDBSpEihw6qYwDD88OlobZJlDvu1QgfVgreft6URbzUUSMq+2blr9A6vrKayn
tyc6Xnrfyb4nn6tEVBjKNBzYr+H6hQH9xC/7uK9To5CIRgQTEQIABgUCRBXQdQAK
CRDdom9SQKd+Jt5oAJ9/OcWut3OQKywQcZkBfz4yr1n/5gCfbFFbyzXNkGRSXeve
om+fIoklGZiIRgQQEQIABgUCRBWI8QAKCRBjG6gPu3lAiU6UAKCpzbs5GFlahheX
HLjlwiRYTZTa/gCguT2R1cQHm7ngSnxm431BEsxXDy2ISgQQEQIACgUCRBYYIAMF
AXgACgkQUfAt06xxHoKUCgCdH7YYl2OrHMAsQ2t6xNrP3iPlKVoAoKP/mM2HPMQq
Sd4symHcxU6WqyJWiF8EExECAB8FAkQSEpECGwMHCwkIBwMCAQMVAgMDFgIBAh4B
AheAAAoJED7ud34XCBLgLqcAoLKtXuz5TO40FHGUfkXl/52wCQ/CAJ4inFwDnXzP
3xu2FbTmuvEmsu9dxLQaVG9tIFBlcnJpbmUgPHRlcEBhcnBhLm5ldD6IWwQTEQIA
GwIeAQIXgAUCRBIcQAYLCQgHAwIDFQIDAxYCAQAKCRA+7nd+FwgS4AvDAKCKxydL
s1IEBh8PF7lT7rC1YlNfLQCfcxrve/6swAKw50OaMFndWbx/aXGInAQTAQIABgUC
RBIRXQAKCRAU0saVnGgBUbsHA/9H59r4Xtsmbaa9RC5UE3jGg8yEd4lGAg9xLKjP
3g/Jpm+Y/D57TXTzGCffbyPjMrnMJzOo1aBxc2cO28+tCV3Dn8Peqh1wJFmD/OGt
YDZnvTH7pGulxg7n6zaFPfzV7vqykbd6d3cLN/kU2LVzOmVR9BQ+1EyyZyCVKf58
H/rmHYicBBABAgAGBQJEE71yAAoJEKRQkCwJ0+ZNw+UD/i5Hj8ZVQ8wzkCmBMgId
rv/oH1pDZSamOuz733lgY0oJ1sol2hKDB7F+tOrv3+BeZ8CoyR5XmD15L+o35lXd
jpgxPfWbwPzBV+b/QLkMRZSUyIqUhl6rJLp0AbouGrQ+vQ1nIkfFNe/S3Ag4L3yb
hg9kgcigfnBAtn/kxZbXhHuyiEYEEBECAAYFAkQTvkwACgkQ5r/NLxCBo3zmPwCe
MfbDozk77VZeydwdBqjz4X+2A54AnR+uGeLSfgEqXvu2BnwebmZ3gAS3iEYEExEC
AAYFAkQV0HIACgkQ3aJvUkCnfiZWagCfXuDf07S42+EEVKxQZwZQRqH9OxIAnRc2
/8S5EXIThxUPK4OwyhjyilADiEYEEBECAAYFAkQViPEACgkQYxuoD7t5QIkAYgCf
X5UliXq7EE6xAE1Rgwmwh2OaPC8AniKyYN5T2mUYQ0xx1EuRBXX8yR4xiEoEEBEC
AAoFAkQWGCADBQF4AAoJEFHwLdOscR6ClfsAoLKgwdwnoDEWLjnFElPno/5N5f3l
AJ47joWAdiYt9YCzIeMw7FKnoQuYrIhcBBMRAgAcBQJEEhEzBwsJCAcDAgEDFQID
AxYCAQIeAQIXgAAKCRA+7nd+FwgS4EPyAJ4+FptOUmrydpLnD9WJdSrP1jXwRwCf
fGV8PkBZ0b13yEtEkYbCqWiZmO+0H1RvbSBQZXJyaW5lIDx0cGVycmluZUBzY2Vh
LmNvbT6IXgQTEQIAHgIbAwIeAQIXgAUCRBIcQAYLCQgHAwIDFQIDAxYCAQAKCRA+
7nd+FwgS4FoJAKCoyxkwEduJgLXjiRvsZmd/5/d32QCdEQhbXVaSt1x9A7vCkQ6a
2BhG8CaIYQQTEQIAIQIbAwIeAQIXgAYLCQgHAwIDFQIDAxYCAQUCRBW5YAIZAQAK
CRA+7nd+FwgS4AEnAKCNpNXpffvHs9LVzDT8RgKCoIdrxgCgnPSOvzp6QWzfF8vh
vCh2J0hqOoeInAQQAQIABgUCRBO9cgAKCRCkUJAsCdPmTTuRBADIr5QfAQlujHyy
KEgalv4XkrfW8J9v5BTE34xFJ7MXhNGah1Bs7rvhSFWeAOw711/W22IpoTdbYqAd
8++LqQKjdoITF8M5lw3Q24zAgd3sEPxSMn18V+X+RPcY9GPvrAlfck+I0g8sdyGV
PSL8Vho/DqS2o33PWYm0Pl+C5xG8BYhGBBMRAgAGBQJEFdB1AAoJEN2ib1JAp34m
GcYAn1XhdRqkyO+UOqeMsELX+bwdHIj8AKCMF6r0HBY4XUCA5MaaYtVBnf4tfYhG
BBARAgAGBQJEFYjxAAoJEGMbqA+7eUCJ65wAoN0MOKv7alZUhlqVH6zT4sU3gKVl
AKDDsua/iPrwuFr53jraEyb/b3vgwYhKBBARAgAKBQJEFhggAwUBeAAKCRBR8C3T
rHEeglsEAJ0WPqMu9ziqGd/LicnVy8XpsNQeIACgqqsywmB+H++yGwhgWDVcxGJX
Ll+IXwQTEQIAHwUCRBISKwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQPu53
fhcIEuDFAwCdHoek533QesV5TLAoUUyXbkNkYdYAn2yZ1xevYyMq1oVu8Sa182vR
47pptCFUb20gUGVycmluZSA8dGVwQGV2aWxtaW5pb25zLmNvbT6IXgQTEQIAHgIb
AwIeAQIXgAUCRBIcQAYLCQgHAwIDFQIDAxYCAQAKCRA+7nd+FwgS4AriAJ41kQev
MJ9PQB/4GZOtPiM/ta+kpQCgqJLEztBwOFfjva4HufR0SCptyaCInAQQAQIABgUC
RBO9cgAKCRCkUJAsCdPmTUUaBACKy5cp7lWmdSaJkevqjMXvlBrCECj1RqLfzVfT
aJQtL7smCb4QKonU77LyO9Ppe3pRCeyEEtwPJYcfWBlpKuCdBzE+teecOp3pSXjp
U2ZR3HPcNOOJvB2JOaOuNZMNS6V+Z2D/oSKGnYgzEd/hlvdUO1y3yDNV7imOqrMC
zhFbAYhGBBMRAgAGBQJEFdB1AAoJEN2ib1JAp34mukoAnid/4xgCA2foC3PPSv6B
MajVLNJaAJ9+k5x/XJNVO7SVkvp/xMbplsXTD4hGBBARAgAGBQJEFYjuAAoJEGMb
qA+7eUCJEcEAoNeSzqICrvXcB+Zs0A9Dq3yOxaoeAKCD0CKiddS1cWHLkfCL5oPl
DqEga4hKBBARAgAKBQJEFhggAwUBeAAKCRBR8C3TrHEegjhWAKCttLLaF8R4K6Yu
8vmE15qNZ3H8xQCdEjcOQ5mSO9qBu/af63fQUkwi7QmIXwQTEQIAHwUCRBISRgIb
AwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQPu53fhcIEuBA+wCcC2+Q69vPGck6
nomHIcXi6cQCe1AAn02Xx2+xRtFSz7Fs/kiHgzOlz23ktBtUb20gUGVycmluZSA8
dGVwQHNkcml3Lm9yZz6IXgQTEQIAHgIbAwIeAQIXgAUCRBIcQAYLCQgHAwIDFQID
AxYCAQAKCRA+7nd+FwgS4C3PAJ0WO/CkgSlStNsbw/ZPFbQzWtGX1wCeO4V4sk9M
O5jxBwv/u4sBQcgjEUOInAQQAQIABgUCRBO9cwAKCRCkUJAsCdPmTVNdA/0ejMoi
B55LDFCaExPOHhLFezVvhCAqAz+Ks87Fhuvv3hHiKTvN0n38zRYrLN+r3Zh48Ih1
OoW8bJqUSsr8y07Alv4GZndCvidE8xWaCUgbk0zBo78ArJ3pcRIuF8hk/uLqmXs/
ATrYBuHsIFd3iOS9tWbf7wCmRWuadyRrNEhKOYhGBBMRAgAGBQJEFdB1AAoJEN2i
b1JAp34mn+IAn2P7M48r5ZMKgyAK2Cjn1jcJZljfAJ4nCXUN3Ab5YQkXVCsvFVGV
0JbF24hGBBARAgAGBQJEFYjxAAoJEGMbqA+7eUCJvnAAoIMpPk3fhxxRTuNBvaWf
LUfkUwP8AKCTzG+wOo+eZ61aRZTf//Run8Fq6IhKBBARAgAKBQJEFhggAwUBeAAK
CRBR8C3TrHEegnMRAJ0TPsy9KWCrr2lUj+79krHXgw2N/gCfdcE+mfhZyN4L+q3J
RuVbjAU2/iKIXwQTEQIAHwUCRBISZwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AA
CgkQPu53fhcIEuAsngCgnnvQ/moMpUzXmepqIblB0CwdikYAn3lKx86ZT9ZuACre
PsfgZWtyS7dgtB1Ub20gUGVycmluZSA8dGVwQHRodWt0dW4ub3JnPoheBBMRAgAe
AhsDAh4BAheABQJEEhxABgsJCAcDAgMVAgMDFgIBAAoJED7ud34XCBLgczoAn0+H
bdwszcpUeC99gXMKT6WTe5lrAKCsTlkEzB6+VzdHXwZjYc73bsK4aYicBBABAgAG
BQJEE71zAAoJEKRQkCwJ0+ZNyyQD/0BrmB8a6Bgib+dJncgzVxgChTJfZFM5W/tV
b/3KYcGgElCxKvgXhYsQJz9IM4npQWi/g9+ESrmRIDdoj/sPQZ2Y+wtbOxXu1T2c
jkUacfMYb5uW1TbTjfDTnABvsYoKu9txQgNqH+tx4K6lBaA4Ja06seuLBz12GB/V
To0gQd0GiEYEExECAAYFAkQV0HUACgkQ3aJvUkCnfiY8+QCfZ3gr3nXzZMklFNen
zMaPbSsdTL4An0tseCWvpdOSz2r2m1rzZ3d4c9bViEYEEBECAAYFAkQViPEACgkQ
YxuoD7t5QIk7PACgvVYeR/JODli1ZeEV8n7GOhUceFQAn1jMUaf9FOWNtYHzFwmK
J4xmHZVPiEoEEBECAAoFAkQWGCADBQF4AAoJEFHwLdOscR6CPEEAn341yon4r1+L
wjMiqSXWtELne0dGAKCnRNLM6JYs6IDPOdzG/qAPFcSjxIhfBBMRAgAfBQJEEhJ1
AhsDBwsJCAcDAgEDFQIDAxYCAQIeAQIXgAAKCRA+7nd+FwgS4Oh/AJ0fsMR8foMb
41/+/YkFikOKV9F6GQCgkNEfvxuyUdiFHeVuQxGGRc2kgoO0LXRvbS5wZXJyaW5l
QGdtYWlsLmNvbSA8dG9tLnBlcnJpbmVAZ21haWwuY29tPohgBBMRAgAgBQJL/rdf
AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQPu53fhcIEuD3QgCeLgk4dIl5
QjSJ4U5afh4aIUtl9lEAnR1xHBxOjBJkJOyUIUQWfJLaVDlguQENBEQSETQQBACV
m8Qta1Sv0Nr2EDUxcUx1/Tuzh1EygSYKFUIiIXDctfe63bIeO/YSu2BKJ1u/IdGa
bT/5wGNdzmxmHqm61ZyCCISM2zmYCCDfVBCam23Xk7QXLnluud5BwLAvnsjdk0y8
N8dvZz/AKBalG/uijEL2O3GWglpcDt+L5qFbin135wADBQP/UsBHpz0ByNgMPV++
LPUUWro2+Rvj0E7wf5g8teAcrIrIsxQ40jnQfHfW0w/mMKS5cfqyMjIkCqM9yUmQ
MVxa7F3OT+7dXa2MoM71J11Mnub8SmzLaNGrnKbwDBYD1Thw/DnwDQcgK+ehNqt+
YB72QVV2fvbduI5rfylqKV0Yj1uIRgQYEQIABgUCRBIRNAAKCRA+7nd+FwgS4ON6
AJ9Cs/Ct+tNugkzqd8DTSU2ETJaAtQCfTOBeR9XFAB902TW361129iPswbE=
=IVpW
-----END PGP PUBLIC KEY BLOCK-----

Here is my original key from 1996:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
mQCNAi2Ax94AAAEEALlglEMTuVebDOrthGmj9wCaHFw/W0m+WVYTjvQk9ct7xJcP
E3dp0Xdq3E/CNJCY8P/zrPcbSvgzaR5WY1xTSihmMFMJFbqJ0FAB4c3lWpoRRXWx
GpsQysXF/jQT5pUXE/wsClXFM83CkqSQNRBE6RBMR0Y65GQNMxTSxpWcaAFRAAUR
tBpUb20gUGVycmluZSA8dGVwQHNkc2MuZWR1PokAlQMFEC9nSh2Nn20OMr4bUQEB
TRgD/00eOvoF3fQFwgfL5jz5N2QGik+AaUPgt+KnujAINcAum0VIoyv+ZtjuccbI
efLqmmlpIxnFxK9m+rqdgrtXw2LL/5fgCwUCYom2WB/d6OmsPMZLOKhsYJ1xNBdF
qYpAH1WD2w3nY5U3VpinLxlvNzKKrbNeGdtPbiHwCoLvz6sbiQCVAwUQLy5kvpME
DvqCGoWtAQHtjQP/RmIGjDf84Bpv0mkDFbbvbhnYdgutFEOkOne6vMKJ+3sJTdsi
EEZdeDytidqvdHpkMtVkiOj/kBWndWmLzbCbxlXisjjzj8jTYxrfoN0IxYYCeVKe
KwTUpRewmhL2/57wJXviMXso3dNLcwP+RSHSchfLPQwpqprHCvf9iauzHuOJAJUC
BRAvHok6bCg0Y9cHbF0BAXFZA/9GXCfMpiEw65CZWgbuJPSkRw0e5FoB3cj5v+Gc
yBwKMmpx/aDzoWA9k/Zlc6/o8XdMgWrAmMIzjTIFcpG6lJJ0dqS6qDYp++bxFqDR
KM7DhpougZ2u0Nxl54F0EfFK2imfOgVMM1hOx2pHu3esbiNv22bM2H7en+mS8CUA
pBT0oYkAlQMFEDPzbb0rYghCgt6juQEB6O4EAJLtH6aiHHPNX8MVLrCj+9cBcmhl
2CK2vjC4BC7Eu98tMRm1hi2QoEZPxPotSl9lrAc6VfCrx1DAuFzy/QvEuH1AZqJt
fEvksXBJV5ufyXhLc73sl9Agt6PkQFNb2Jbizlo7cHwdldIms0KPrqNQIKufTuuQ
XWqXZxDTg+hjf9lRiD8DBRAz4l1iUfAt06xxHoIRAi9yAJ4zgrrsdt0daw9uElG7
1G4zZa/zkQCdFtejMjzRgFcpZ69Wv1/TKiBSCdeJAJUDBRAyHkabgEp1EPeh9ysB
AQggBACUBzGS2ylMymYTZZnEZ7y9zKsS0dOrEZ41NsMVc3hqZ6Q46+rw2vUX/UcR
gMu10A3M2cuIuKd6n1uFTQom9+OLp5qUJ66ecqg10Pwo26I+lLEyRxYE8/4aei/v
iysiW4OhSrmVpxVLRVqxCSnGaN/TO85D/B/TIoMtAWAYfZiTwokAVQIFEDB5HQFn
1gtYHuhxIQEBTokB/1TYp82r7k2UwL3WCCIBtBqFCAjGN2QocNWcZEb3DFz0r1Kz
9KMuNKPy61KvA0wUSuINRsrkZ+oFRN6sKkWPUqKJAJUDBRAwcEIm0WPXZsfOfw0B
AWMbBACpHoslfC0cLhr5H5Sg6Um1/BQ6gGNwrZZH7xZfj6ihGu4h7pJkKxY6lN18
2To55fz6VyBuPdOwURgPHmX2cWSblIfxNjw+foEX6Nr6cLWj0cr6RJFKgn+RqKzx
yxROeUp7dP+HDrsNDxSw4Xfm1zRUELqvAWhMpuwEGuo/XrErAokAlQMFEDBrLwyk
UJAsCdPmTQEBrDwD/RERUTE+Lk4RTHRhHTTjulIWeFY2AoXGEtrqxMirmBgjT4aC
DygrKBrd3qNdbrZIfHMIuPK02VmOF/r1va0PyfuYGFbi68s2oUr6E5nNmMvmjFoF
+GR802v4uZ8CGo1U6Gchi1yLv3ctLsjfgkQY+ESoXqdZueLrdLmgbB+wNeGoiQCV
AwUQMGstM7CxcYNNuhCRAQHAUgP9EKPx4VLZhkR/cEVZD9Tsb5KbPpGwe0MMUJE6
AsBpSEB9f9u4cG52+SGrjlA3YTfEvzIWQ8KMoY9tcGccwut21wS0kYJzSpepqVrO
rPKxYoG5mSO4wJV0Ky8dKCjpQ7UhkXkVdAC/9VvzKBZcjAYSYtERrQf279Ro2+AW
eW1br5aJAJUDBRAwbIbe1eCuZnXGy0kBAdufA/91ahpgcRo/WI0lPMjO0OSNy+Gl
g9x4dpVf5mIvQq4ENN8yrhzOgt1gooL5GSxgg2baMyUdGqEwYKXB0fWjQjU1Y7E+
A4VtgyCCRRlWXVZP3pBYAZ8XppIWjN8nhE3WW4kZsrcMoLiipGKNAFcy9c2IwgVS
b3xv3i9/jgUcoSw/KokBFQMFEDBsJ5t3fs8hRzwYFQEBP3MH/RLXS8Xv4JuNr8U3
ZLiLq4tvdqBIX7bCw8BII9BHacN4tYlS9M6fuUvxRZ5VjdkQJhS6q9DI+viQiJI1
aBrkJRprIZSRf87DczQAQi7s75sDO59jFLMjrOmfGmoCAbYNXHRFV5EIQk8U8ePK
PZ/TSqriiHr7Em067g2LoV1f3Ue6TgDZryMDD2lwdYfWVb+gGNiVQ9DQr6Ntdt7L
Y0ysmGxsdZB53LleUNu4zd2u5Y5rswHzWlVr/WzuaiMwv+n+cjBG403BkZ78PIep
xZqIV/G50wHCv8LyOfheUc9Bw5rnRa3ceBoG7DFjIewuJHBX0Rr6+NTx0HgNJRXY
dNgg9cyJAJUDBRAway9w7O/VJ/p5N+UBASStA/45WcDO2+1wFiNvlFTP4NqqLHD2
yE/nxlzZ4sr4mZwvqh5Ss84fqez/m1tUuI/NT9NmRw90cWx+P9B9coBdu9Bt0daI
UnXwbuUxzPEq/naealT6Hb6LwcL+JqdrDNGWIBxHg/jccN2dia2YJJH3+h2hI+Is
hKxOqtCZG8zsn16etIkAlQMFEDBrBNKvZPwzK6PyvQEBD6oD/jO0hRyioJcfG39c
dtKi8oeL5Gm2IoI7i7FCVCJqQltmDqjUOJI7Ioed6/Tzh+KJSdLlYvYmo5K0Wvgv
Es1PSF9ihCd5fzvDdSljAsqXQ31fLDZd77/Y/h/PkRcEGG0ZHGfP3TNV4zoHdwn4
SCJruI5ExvvEh3FPq0NUdgO8i/beiQCVAwUQMGoe7uI11LPFgBXjAQGrNgP8D2nf
ujoEa0dlX4w7Y0huxPWHpdIoOhMexmtqiWgfyPQLWw4Eq/mnAjdF4KuFlU1C/smd
OnvcJ3n6pIiUurPpw9CPFb8xVPaxCmQgUsxDx0877rTLDRCLfr53cZyR5R2N/5gk
N8r6PiP64Mob5rg9dRD8DbvFKBv6L+FuTgsqzc6JAJUDBRAwafD8Ct9/qBjwLNkB
AZbbA/4h/EqLS2xEbAk3Ifd6brn1ucFzBUGTfhpKJjds/zI62zECObUBy8KJpNUj
HHNYR3IRMhT2ZHHap5aKiATw4ZBrILyvYY1lZA34DHKAo3/QztFHaU5gT9qJiFSY
wqi5q9bjLJdXszaX7wnb6dVqAB3Sbh6bSNd+MFChuR8XHET5BIkAdQMFEDBp78L5
oc+fdQfBNQEBim8C/Al37Ao842+iSsTEJtBY10AUP6r1CmsT1XEaodNvRCijcSpG
5wQHK70JbLJBOGe7NGzAVuAV6qzIZ3/xniZqTOXPFH+DrO04KYq22Br4GAKrd1dq
BCHoJFW3TY3avGOtJIkAlQMFEDBp7KLsTGln+UCrhQEBJ4cD/3xBaYiuzp7t85HO
2gsyv4LiYvY7PkaJhxoeQNv4MimRFX53l7DFvIYrvQs5XqNvELgVzp1OJdaQN09+
ECV3+I+i49dm7cg43nl8dNsBl8Xdk0wEGgx7Z0x2gh6v/JqxUV+GY3tImqxgtxIy
v9A2wOv+OR/XNNRMIVwDHFl8U88piQCVAwUQMGi8R17lrK5my3PdAQGWoQQAlC5D
9UD4NMxga1qHevWNPXk8XcbiKB7r2z50aCnGjs33Z+HFjg90TlRRp3g7uK9AyWYF
7ISUFDQScQ3dbTo82/L+P9D1eRls+BMWElGyibyCEs8N5rs2v/+KsTWKqn947srZ
fGm8O+GecJbua3Pf9VtBQybxw1hu42LkxqUKFlqJAHUDBRAwaY6jm5WgJWLQSkkB
AV2VAv9mc+YEblGLRcrttCMz3PLxOhOIMxrIpcH+kwr7swvhahGBBxucLxJDrGNJ
2ac/1UglYIqa0ju1LdRwgg4JUBxh0tUNi8BMh2qNzFiJQV1bc3N3hYPWj2fa3TNX
wHDXRfOJAJUDBRAwGWMhZXmEuMepZt0BAVi0BACNu/hS3l/Wydz9iOqSlrePEkwb
YhpJwQB8NEPQxOO2XbZPvkaij1w2oOADcH7UsMw01CjADqZVBkPau+Gjs1mAoWQd
E+dVcO8DYlx1H1bek/FCSrle6GuuBfDeNcedFMweHhVEO55EAqS1f5f5QEvrf2P9
QzZONS/j7M6op16mFokAlQMFEDAPRLR4JPhVIxVm3QEBApgD/0VX1UdASMbWTWjg
SFnIo8z16F2dvEpG0f1rSWxB2JCMjbPPhN7mH7Ak/Vd+6D6fnQr2OlSxe6TQnUcf
MPNrIL15CUMx8vAasumNFp8FC5/BQ4yhHgaXTmT8px6TeT/8F6PNPd0c0ciRPUaB
v87RaGEwl8VfQTXjLY0V4U97UNe1iQCVAwUQMA8/cs2oBGsAN8d5AQEpXAP+M1hj
QnK3Eh9GURePQ92wZbHgb/8o59R3nNZCdaCIDpUfJGXMApbRdzjibkexZZONO8W1
UcBWduUAV2gUTj61ghIu1o/5JVIfWW3OlqXJqGnp9xlwREgrhHEESMWgk5nKfnK9
bFpEq0qsyAC4+YxD1Xn/g64CzAS2W/F/6TDPT7+JAJUDBRAubhTjFNLGlZxoAVEB
AXrNA/90ZZ57TgE7TtzFhTmHu++yBmP8KKEqKxM6ec614povixQJvFX+EXb1wUa1
FZUj9FUCVqWD2y/5uvk8HJ7MepvC4c8Irkc7QOLnQNuF1FAtswxhyWBhrYBQXVnb
MWk8OuPKKHq2ESiPyOFuqzcMD4NuZ3EzL5jmwU9NJR3Ylh2NLYkAVAIFEC5s0h4V
rDLOPlxS/QEBoUoB90dpuj4q2Fxu1AsGYEWcPymx3Q0PHrwMcQwPyPB90A0w6QKR
ifHz6V9Hb3ubqqyx2Ovg2MUWoftgwUSnf1wkEokAlQIFEC2bXE5hqrGydnZ6rQEB
nXwD/2mz0CBQM5Pk5fty050LcirZje1Ykx/WZ32nN9wXmOV+Hyq846yacHysyC9N
VjFzPfslyw5W6uzou2gW3B9n6qqm0AiwABgIuTb8tOowZBSvUjmVhuxxPkNuHuqG
Q1I0oUwDmWbnsoZSIuPNiYmxc0uPkC1VsYoH5D7XcEeXonIpiEYEEBECAAYFAjtE
3FIACgkQ5r/NLxCBo3xBhQCfb0/uo1VXAJ4m6q/1OcXdjiI6qoAAoPsnJ/wvG4+N
TkuP1ISfyWLbEVdSiQCVAwUQO0TcffLlZUzmDiptAQEpSwQAjkqg3jYhTDLQ7ztw
K8koz1CorcPue6Cci4twax+2Q6hbChAnTbDvqodPakCYwEfS2up6aXcKpGQa5IPe
RnF5RYQthKBSUE9YWrSLm5ZPYBSTGZLf4Hhn6381I6L3tbvOc6M4Jo+VpI1vXnIn
a8z1MUsfb6QfIuMyKyUhqYJrtZ2IRgQSEQIABgUCQcoR2AAKCRDdom9SQKd+Jtj6
AJ9W/+UaeYQBhDJvhN+mb24GvBAQngCcDe6Eura36S755DRSKZac+GqyQZ2IRgQQ
EQIABgUCNRB0oAAKCRC3BYzpPWXloPUqAJ98UKbWyrkFhcBKIR03v/BzBbLKLQCg
5dpZb0Vr0jsAHb+fC11CRa7KTPqIRgQQEQIABgUCPtutfAAKCRCSAt0MlIMOrUkK
AJ46u1nmmb6MX5ErbCCpB7PEuKqZqQCg0YIwUI38J8Q0qEk/tUACsQ1J+AaIRgQT
EQIABgUCPrg+bAAKCRDYw7lS6Rq5uVJrAJ40TVuPDvpWJaC6unpV2VOKbnCncgCg
r0oF1vMDaKAYhI9puegpZAF9AFyIRgQTEQIABgUCP0uttgAKCRARKrfhNu2SIgxB
AJsGu3VMU55NM6j57FtR5w/GmFK9ngCffiUghFCEx1030DbVDfypDBhkCxKJAJUD
BRA5gHXomGpB7xiMt8kBAcLUBACBoBKdzQboeUW7wGbHHOZ9vR0Di9MpT74/2lNK
WN7G4R6+UAwiZNI3+AJVe56w3EgvOKhIRytgM0PbvS09CCC8gNUTHf1aXRf+0YJM
4zIyn607yPW6wKYgCIyXZXPu4BBm9QHd7VAj3zbZDtHB9JHeKVUWX7XHz0rq9GRm
3K5O7IkBFQMFED0AF/y27RCtRrQFywEBctQIAIuSeYoocMZcCS8WPbXywkY0IdSS
rUyqGgRpd8Iyc4mrl2xCG67jXkIAdnkFTLgNVvZijR2UA2ciVyaY1KXJ0H1bKRxE
7DCwSXC9vqzLNdLBOFGFOWt7IBMcj1UecqJfHTPNl33pKszaPeN3gM2H80sti/0j
pw+DMTp1zULJiDYRSMSyMgpbhAAop2l1cylzNizO43MqFcEXBdPCwuj1x/yd0BCB
dfuEmvrLsYpPrUqjWlYOSmNqpjuwaTnxe9Y4Ftul068uVEmDWe0qMfvuKqQkq3y8
71tgutYJBJoxiw8tSE0mViDv2JJJAy9rAl4wcZJN+3NR4xWiNany3SThRX6JAJUD
BRAvJ+6QjZ9tDjK+G1EBARiIA/4gCuZTfnbzLhQSmAe+tCWf3039F4wyj9mb2QPw
XgItjeKrMxLpbmeHa3568auGlf+XjvD5MFLGw2EJj9MvgYms9GPUIt/qKfuIcmPC
3pG1SgAfVOXWnwHmljpa26m/yoESk1cWhOtBTxN8XWJgXiU+fQQGV2mBte/9D3xj
JbuiGQ==
=ow5q
-----END PGP PUBLIC KEY BLOCK-----

, , , ,

Leave a comment

IPv6 – dealing with unwanted SLAAC addresses on servers

Are your servers getting SLAAC addresses in addition to the addresses you are manually configuring? If so, read on…

You need to find and turn off the “A” bit in the Prefix Length option of your Router Advertisement packets. The “A” bit is on by default on most network routers, and the documentation that describes the interactions between the “M”, “O” and “A” bits is scattered across at least a half dozen RFCs.

When we first set up our IPv6 lab, we went through several phases. Initially we just did client subnets and hosts and let all the stations auto-configure (SLAAC). This all happened “magically” with the default behavior of all the operating systems and network gear we tested.

Then we split the clients and servers onto separate subnets. When we did the split we added a DHCPv6 server and turned ON the M and O bits for the client subnets. For the server subnets, we turned OFF the M and O bits and statically configured the IPv6 (and IPv4) addresses.

The client hosts did everything exactly as expected, gathering IPv6 addresses and other options, exactly as they would have using DHCP and IPv4.

But, we never could quite get the servers to stop creating and configuring SLACC addresses, even with M & O bits turned ON or OFF on their subnets. Making sure that we did NOT have DHCPv6 clients configured on these servers, we tested all  four states with nearly identical results.

In other words, each server would always end up with three IPv6 addresses:

  1. a globally unique (global scoped) static assigned address, the one we configured at boot time
  2. a globally unique (global scoped) SLAAC address, usually based on its MAC address
  3. the usual and expected link-local address (fe80::)

So, what else was going on? Most of the documentation we found (especially RFCs) described these two bits in excruciating and often contradictory fashion! Take a look at RFC 4861 for the format of the Router Advertisements, and you’ll see the M and O bits right there in section 4.2). If there are other option bits that might control this, shouldn’t they be shown here?

By the way, the M and O bits are always OFF by default on all the networking gear we’ve seen so far (Cisco, Juniper and HP).

4.2. Router Advertisement Message Format

   Routers send out Router Advertisement messages periodically, or in
   response to Router Solicitations.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     Type      |     Code      |          Checksum             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Cur Hop Limit |M|O|  Reserved |       Router Lifetime         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                         Reachable Time                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          Retrans Timer                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |   Options ...
     +-+-+-+-+-+-+-+-+-+-+-+-

But in all four combinations of the M and O bits, and IF you aren’t running a DHCPv6 client, you get a SLAAC address in addition to the address you statically (manually) configure.  How do you turn off “auto conf” if it isn’t controlled by flags in the Router Advertisement???

It turns out that there are actually three bits in the RA that control host configuration, not two, and so there are 8 possible cases of M, O and “A”, not four. So where is this mysterious “A” bit hiding?

The “A” bit is “hidden” in a Router Advertisement option (“Prefix Information”), which is described in section 4.6.2, about 10 pages farther along in the RFC. This option’s purpose is to tell you about the length of the valid address prefix that’s available on the current subnet, but it also has “A”  that controls whether or not a station on that subnet should do SLAAC. And unlike M and O, A seems to always be set ON by default.

4.6.2. Prefix Information

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     | Prefix Length |L|A| Reserved1 |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Valid Lifetime                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       Preferred Lifetime                      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                           Reserved2                           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      +                                                               +
      |                                                               |
      +                            Prefix                             +
      |                                                               |
      +                                                               +
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

      Type           3

      Length         4

      Prefix Length  8-bit unsigned integer.  The number of leading bits
                     in the Prefix that are valid.  The value ranges
                     from 0 to 128.  The prefix length field provides
                     necessary information for on-link determination
                     (when combined with the L flag in the prefix
                     information option).  It also assists with address
                     autoconfiguration as specified in [ADDRCONF], for
                     which there may be more restrictions on the prefix
                     length.

      L              1-bit on-link flag.  When set, indicates that this
                     prefix can be used for on-link determination.  When
                     not set the advertisement makes no statement about
                     on-link or off-link properties of the prefix.  In
                     other words, if the L flag is not set a host MUST
                     NOT conclude that an address derived from the
                     prefix is off-link.  That is, it MUST NOT update a
                     previous indication that the address is on-link.

      A              1-bit autonomous address-configuration flag.  When
                     set indicates that this prefix can be used for
                     stateless address configuration as specified in
                     [ADDRCONF].

So, that’s where the mysterious server SLAAC addresses come from. They are caused by the default-on “A” bit that is in the Prefix Information option to the Router Advertisement.  Clear this A bit on your server subnets, and you’ll get only the IPv6 addresses that you configure, and no more SLAAC addresses as an extra bonus.

After I figured out what was going on, I also found these web pages which each shed some light on the situation:

, , , ,

Leave a comment

Beer adventures

My #craftbeer challenge for last year was “never drink the same beer twice”. Even here in San Diego, that wasn’t quite possible. But I tried.

I ended up with “never the same beer twice in a row”, at least.

San Diego is arguably the (a?)  craft brew capital of the US. It’s the epicenter of a movement that combines old-world craftsmanship, tradition, experimentation, sustainability and “slow” (locally sourced) food. There are lots of beer choices here, but unless you are willing to visit all (150+) of the local breweries, brewpubs and beer bars, you are just going to have to repeat once in a while.

As part of our “beer tourism” last year, we also visited Denver, San Francisco, Las Vegas, Santa Monica, Tucson, Seattle, Liverpool, London, Amsterdam and Tokyo. Not that we picked the locations because of the beer, but as long as we were there, we figured we might as well check out the local craft brew scene :-)

Craft beer is now big business, $34 billion industry (US), and $4.7 billion in California alone. That’s why the “corporate yellow fizzy water” companies are trying to convince you that they “are craft”. Really, Budweiser? Really, MillerCoors? This new “we’re small and cool and don’t suck even though our beer has for decades” marketing from the big companies has been labeled “craftwashing” by some, such as Greg Koch of Stone Brewing.

Without further ado, my stats for 2013 from untappd.com

335 beers total, 298 uniques, and 103 badges.

Fortunately, at least 20% of those brews were the 4 oz taster size! Otherwise that would have been 41 gallons (158 liters) of cool frosty beverage!  That’s about twice the US average per capita. I probably would have sprained my liver.

Leave a comment

Do I read too much?

Last year I read 92 books, for a total of 34054 pages. That’s almost as many pages as there are words in a typical novel.

That’s primarily fiction, lots of SF and a little urban fantasy. There’s some non-fiction in there, diving physiology, cryptography and math, etc. That doesn’t count online reading, web pages, training materials, or papers or documents that I wrote.

Apparently I need to read less and write more.

Tomorrow, my untappd stats for 2013 :-(

Leave a comment

Follow

Get every new post delivered to your Inbox.

Join 268 other followers

%d bloggers like this: