Categories
Austrian ISPs IPV6

ADSL A1.net Dual Stack Support Part2

After switching to Fritzbox 7582 as ADSL modem i might get this year 2020 at my ADSL line. No ETA given.

But on 8.07.2020 02:07 AM somebody switch it on.

2001:871:263:xxx::yyy/64 true Dualstack with a Public still dynamic IPv4 address.

DSL
verbunden, ↓ 41,8 Mbit/s ↑ 10,5 Mbit/s
Internet, IPv4
verbunden seit 08.07.2020, 02:07 Uhr, A1,
IPv4-Adresse: 80.123.28.186
Internet, IPv6
verbunden seit 08.07.2020, 02:07 Uhr, A1,
IPv6-Adresse: 2001:870:263:3a1::a:1, Gültigkeit: 9726/4326s,
IPv6-Präfix: 2001:871:263:xxx::/64, Gültigkeit: 9726/4326s
Genutzte DNS-Server
10.0.0.95 (aktuell genutzt für Standardanfragen) -> Raspi PIHole
fd00::95 (aktuell genutzt für Standardanfragen) -> Raspi PIHole
10.156.0.33 (genutzt für a1.net)
10.156.0.49 (genutzt für a1.net)

https://stat.ripe.net/2001%3A850%3A1%3A2b%3A%3A1#tabId=at-a-glance

But wait, according to A1 Hotline it is still blocked on their end. So now i have a Ipv6 Network but not Ipv6 connectivitiy.

Update: some days later connectivity started without any notice to me.

A1 Guru Service needed to help?

https://www.ripe.net/publications/docs/ripe-690#4–size-of-end-user-prefix-assignment—48—56-or-something-else-

Now asking when A1.ne may use ripe-690 ( Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users – persistent vs non-persistent, and what size to choose Publication date: 16 Oct 2017 ) and assign a /56 with Prefix delegation (PD) instead of /64-

Categories
IPV6

Completing the Transition to Internet Protocol Version 6 (IPv6)

If the federal government can do #IPv6, why can’t you?

https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf announced on 19.Nov. 2020

Develop an IPv6 implementation plan by the end of FY 2021, and update the Information Resources Management (IRM) Strategic Plan  as appropriate, to update all networked Federal information systems (and the IP-enabled assets associated with these systems) to fully enable native IPv6  operation. The plan shall describe the agency transition process and include the following milestones and actions: 12

  1. At least 20% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2023
  2. At least 50% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2024
  3. At least 80% ofIP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2025 and
  4.  Identify and justify Federal information systems that cannot be converted to use IPv6 and provide a schedule for replacing or retiring these systems;

See details in linked pdf

Lets see if that happens as planned

Categories
acme certificates web security web tools

Apple strong-arms entire CA industry into one-year certificate lifespans

 
Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.
Following Apple’s initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers.
Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days
https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/
 
For IT Departments this means we need to invest into automation of the whole certificates process (CSR, install, renew, DH). No email work flows, no manual processes.
Usage of ACME with pre and post installation hooks, dns validation will become now finally mandatory
 
About upcoming limits on trusted certificates
In our ongoing efforts to improve web security for our users, Apple is reducing the maximum allowed lifetimes of TLS server certificates.
What’s changing
TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC must not have a validity period greater than 398 days.
This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS. Additionally, this change will affect only TLS server certificates issued on or after September 1, 2020; any certificates issued prior to that date will not be affected by this change.
Connections to TLS servers violating these new requirements will fail. This might cause network and app failures and prevent websites from loading.
Categories
IPV6

Progess at A1.net AS8447 on A1 Kombi Customers

In Austria you can have wired phone line with ADSL Data.
Normally plain IPv4. But now partly also with Dualstack.
Example: Near Graz/Austria
IPv4: Good, AS12793 – A1-TELEKOM-AT A1 Telekom Austria AG
IPv6: Good, AS8447 – TELEKOM-AT A1 Telekom Austria AG
IPv4 address: 217.149.162.209
IPv6 address: 2001:871:64:ca:b8a6:cb7:2a6b:cbb0

The PCs get IPv6 addresses and get working connection.
Cavats: No working DNS via IPv6
Hotline does not know why it works, nor customer gets information.
DNS servers kdns1.highway.telekom.at, kdns2.highway.telekom.at, kdns3.highway.telekom.at for reverse DNS are IPv4 only.
https://stat.ripe.net/2001%3A871%3A64%3Aca%3Ab8a6%3Acb7%3A2a6b%3Acbb0#tabId=at-a-glance

No way to order that for mine ADSL Kombi, nor to get a product information.

So progress, but to completed

#ipv6 #Österreich #austria  @A1Telekom

Categories
Uncategorized

Homeoffices use more IPv6 then enterprises