XMPP Service Operators - 2021-06-01

  1. rob

    I might switch registers, not right away but if I can find one that lets my set my own glue and dnssec I'll be happy

  2. rob

    I might switch registrars, not right away but if I can find one that lets my set my own glue and dnssec I'll be happy

  3. Licaon_Kter

    x0n: interesting tidbits regarding bridging on Matrix https://gitlab.com/fdroid/admin/-/issues/224#note_589355557

  4. Харпер

    are there stats of % servers that support IPv6?

  5. moparisthebest

    there aren't even stats on % of servers

  6. Харпер

    🙁

  7. Martin

    You could ask the operators of huge servers how's there percentage of v6 s2s connections.

  8. jonas’

    Martin, I have stats on v4/v6 for sjn

  9. Martin

    Харпер ^

  10. Харпер

    jonas’, do you have a ballpark number?

  11. jonas’

    approximately 50:50 IPv4/IPv6

  12. jonas’

    interestingly, outbound I have more IPv4 than IPv6

  13. jonas’

    but that the connection is established via v4 does not neccessarily mean that v6 is not supported

  14. Харпер

    hmm, thank you

  15. thndrbvr

    If you're looking at s2c stuff as well, or maybe individual' servers, VPNs sometimes block ipv6 and only tunnel through ipv4.

  16. tom

    » <thndrbvr> If you're looking at s2c stuff as well, or maybe individual' servers, VPNs sometimes block ipv6 and only tunnel through ipv4. why?

  17. tom

    that'd seem like the exact opposite of what a cpn company would want to do

  18. tom

    how are they getting all that legacy address space anyhow? It's not like ARIN has anymore to give any everybody else is clutching onto their /24s for dear life

  19. moparisthebest

    NAT

  20. jonas’

    he said the evil world!

  21. jonas’

    he said the evil word!

  22. jonas’

    et ceterum censeo NAT delendam esse

  23. tom

    gosh, that must be expensive to do

  24. tom

    not only do you have all the crypto overhead at gigabit speeds per connection, but you've got a MASSIVE multi-gigabit nat too

  25. tom

    with thousands of users

  26. tom

    also

  27. tom

    wow that' a shitty vpn

  28. tom

    not even getting a publicly rout-able address

  29. jonas’

    tom, high performance NAT is unfortunately a solved issue (carrier grade nat is a thing)

  30. tom

    do you mean hardware offloaded nat?

  31. moparisthebest

    tom, if the entire selling point of your VPN is "privacy" then you WANT all users to share 1 ipv4 with NAT, not each get their own address

  32. tom

    your still going to run out of sports aren't you?

  33. tom

    moparisthebest: I think that's kind of silly

  34. moparisthebest

    tom, I do too but that's what it is

  35. tom

    what's not private about transient but unique publicly routable addressing

  36. tom

    also

  37. tom

    that's really not a long term bussiness solution, and it's causing a massive headache for us infra and server operators as we have to operate our own nats and pay to rent ipv4s from people who still have some

  38. tom

    for ever-increasing prices

  39. tom

    some people paying as high as 10 dollars per v4 now

  40. tom

    i pay about half that, but still

  41. tom

    i've said this before but it ought to be a lot for ISPs to HAVE to provide native ipv6 with any broadband internet service

  42. tom

    otherwise, there's simply no address space left for new businesses and competitors to spring up

  43. tom

    we all have to pay the legacy incumbent feee

  44. jonas’

    tom, no, connections are quadruples (srcip, sport, dstip, dport), not pairs. you cannot run out of sports before the destination runs out of dports :)

  45. jonas’

    tom, no, connections are quadruples (srcip, sport, dstip, dport), not pairs. you cannot run out of sports that easily

  46. tom

    just have your users run bittorrent

  47. tom

    that's what people pay for vpns for anyways right?

  48. tom

    i need to look more into cgnat

  49. tom

    » » +--------------+--------+--------+--------+--------------+----------+ » | Test | Single | Single | Dual | Dual ISP, | Notes | » | Scenario | ISP, | ISP, | ISP, | One HN+One | | » | (per Test | Single | Two | One HN | User on | | » | Plan) | HN, | HN, | with | ISP-A, Two | | » | | Single | Single | One | HN with One | | » | | User | User | User | User on Each | | » | | | on | on | on ISP-B | | » | | | Each | Each | | | » | | | | ISP | | | » +--------------+--------+--------+--------+--------------+----------+ » | Video | Pass | Pass | Pass | Pass | fails | » | streaming | | | | | behind | » | over Netflix | | | | | one | » | | | | | | router | » +--------------+--------+--------+--------+--------------+----------+ » | Video | Pass | Pass | Pass | Pass | | » | streaming | | | | | | » | over YouTube | | | | | | » +--------------+--------+--------+--------+--------------+----------+ as long as youtube and netflix works, nothing else matters right (sarcasm)

  50. moparisthebest

    well and "the internet" right ? (that's "facebook")

  51. qrpnxz

    > et ceterum censeo NAT delendam esse lmfao

  52. qrpnxz

    > well and "the internet" right ? (that's "facebook") my lord, you and jonas should have a show ur killing me

  53. thndrbvr

    > tom wrote: > why? > that'd seem like the exact opposite of what a VPN company would want to do That's sometimes just an option. Either by default or as troubleshooting. Also, many sites / registrars / hosting providers don't support ipv6. At least not without asking.