tag:blogger.com,1999:blog-21036181986858642062023-12-28T17:40:58.564-05:00Marc Blanchet's Blogfindings and hints on IP networkingmarchttp://www.blogger.com/profile/17549217513477569470noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-2103618198685864206.post-73886459659940603522010-08-20T10:33:00.003-04:002010-08-20T14:43:10.970-04:00IPv6 PPPoE on OpenWRT<a href="http://teksavvy.com/">Teksavvy</a>, a canadian provider, is offering <a href="http://www.dslreports.com/forum/remark,23849317">IPv6 service through DSL PPPoE</a>. As an IPv6 oldtimer, I subscribe to their service to give it a try. They gave me an IPv4-only PPPoE service userid/password and an IPv4 and IPv6 PPPoE service userid/password. The IPv6 service includes a /64 for the PPP link and a /56 for the home network. This blog describes how to have OpenWRT (BackFire 10.03.1-RC1) running as the PPPoE end host and advertising and routing the prefix in the home network. Using 2001:db8:1:1::/64 as prefix for PPP link and 2001:db8:2::/56 for home prefix. Choosing 2001:db8:2:1::1/64 out of the /56 for the interface on the LAN side. Only relevant changes in configuration files are shown.<div>Here are the steps:</div><div><br /></div><div>OpenWRT Backfire does not have IPv6 enabled by default: </div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';"># opkg update; opkg install kmod-ipv6</span><br />Configure IPv6 on the WAN and LAN side: </div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';"># cat /etc/config/network</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">config 'interface' 'lan'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><b><span class="Apple-style-span" style="font-family:'courier new';">option 'ip6addr' '2001:db8:2:1::1/64'</span></b></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">config 'interface' 'wan'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">option 'proto' 'pppoe'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">option 'username' 'userid@provider'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">option 'password' 'mypassword'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><b><span class="Apple-style-span" style="font-family:'courier new';">option 'ipv6' '1'</span></b></div><div>Install and Configure the Router Advertisement daemon to advertise the prefix on the home LAN.</div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';"># opkg install radvd</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">#cat /etc/config/radvd</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">config interface</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">option interface 'lan'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><b><span class="Apple-style-span" style="font-family:'courier new';">option ignore 0</span></b></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">config prefix</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">option interface 'lan'</span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><b><span class="Apple-style-span" style="font-family:'courier new';">option prefix '2001:db8:2:1::/64'</span></b></div><div><b><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';">option ignore 0</span></b></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"> </span></span><span class="Apple-style-span" style="font-family:'courier new';"># ln -s /etc/init.d/radvd /etc/rc.d/S50radvd</span></div><div>Reboot</div><div><br /></div><div>The /etc/ppp/ipv6-up and ipv6-down scripts are already configured to create the default IPv6 route to the PPP interface. </div><div><br /><div>It works!</div></div><div><br /></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"># ping6 www.viagenie.ca</span></span></div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">ping6 www.viagenie.ca</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">PING6(56=40+8+8 bytes) 2</span></span><span class="Apple-style-span"><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">001:db8:2:1:5123:35ff:fef4:1234</span></span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> --> 2620:0:230:8000::2</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">16 bytes from 2620:0:230:8000::2, icmp_seq=0 hlim=50 time=55.993 ms</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">16 bytes from 2620:0:230:8000::2, icmp_seq=1 hlim=50 time=56.896 ms</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">16 bytes from 2620:0:230:8000::2, icmp_seq=2 hlim=50 time=56.585 ms</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">^C</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">--- jazz.viagenie.ca ping6 statistics ---</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">3 packets transmitted, 3 packets received, 0.0% packet loss</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">round-trip min/avg/max/std-dev = 55.993/56.491/56.896/0.375 ms</span></span></div><div><br /></div></div><div>Note that there is no IPv6 firewall configured by default.</div>marchttp://www.blogger.com/profile/17549217513477569470noreply@blogger.com3tag:blogger.com,1999:blog-2103618198685864206.post-18397828158074063592010-08-13T15:36:00.006-04:002010-08-14T11:07:38.075-04:00IPv6 PPPoE on MacOSX<a href="http://teksavvy.com/">Teksavvy</a>, a canadian provider, is offering <a href="http://www.dslreports.com/forum/remark,23849317">IPv6 service through DSL PPPoE</a>. As an IPv6 oldtimer, I subscribe to their service to give it a try. They gave me an IPv4-only PPPoE service userid/password and an IPv4 and IPv6 PPPoE service userid/password. This blog describes how to have MacOSX (10.6.4) running as the PPPoE end host.<div>Here are the steps:</div><div><ol><li>Create a new network configuration: Preferences->Network->Configuration->Modify Configurations-> + -> PPPoE</li><li>Select the new network configuration. </li><li>IPv4 Configuration->Create a new PPPoE Service. Enter the PPPoE username and password given by the service provider.</li><li>Enable IPv6: Advanced->Configure IPv6->Automatic</li><li>Connect: Apply the configs, select the PPPoE interface and then Connect.</li></ol><div>IPv4 should be running. IPv6 not quite. In Terminal window, type ifconfig ppp0. You should see something like (IP addresses changed):</div></div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"># ifconfig ppp0</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">ppp0: flags=8051</span><up,pointopoint,running,multicast><span class="Apple-style-span" style="font-size:small;"> mtu 1492</span></up,pointopoint,running,multicast></span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> </span></span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">inet 192.0.2.1 --> 1.2.3.4 netmask 0xffffff00 </span></span></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> </span></span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">inet6 fe80::5123:35ff:fef4:1234%ppp0 prefixlen 64 scopeid 0xa </span></span></div></div><div><br /></div><div>IPv6 link-local addresses were negotiated during the PPP multilink session. See the PPP logs:</div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"># grep IPV6CP /var/log/ppp.log</span></span></div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">... : rcvd [IPV6CP ConfReq id=0x46 </span><addr><span class="Apple-style-span" style="font-size:small;">]</span></addr></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">... : sent [IPV6CP ConfAck id=0x46 </span><addr><span class="Apple-style-span" style="font-size:small;">]</span></addr></span></div></div><div>(Note: you can also view the logs within the Console application.)</div><div><br /></div><div>However, the IPv6 global addresses are now shown anywhere, either in the Network Settings Panel, nor with ifconfig ppp0. The IPv6 PPP specification(<a href="http://www.rfc-editor.org/rfc/rfc5072.txt">RFC5072</a>) says that the global address is obtained by router advertisements on the PPP link or by DHCPv6. </div><div>Inspection of MacOSX shows that router advertisements were not enabled (surprisingly, becauseI'm using IPv6 RA at the office without having to do any change in the kernel config) in the kernel, so I enable them.</div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"># sudo sysctl -w net.inet6.ip6.accept_rtadv=1</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">net.inet6.ip6.accept_rtadv: 0 -> 1</span></span></div><div><br /></div><div><span class="Apple-style-span" style=" ;font-size:15.6px;">And restart the PPP session.</span></div><div>Now I see my global IPv6 address on the PPP interface:</div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">#ifconfig ppp0</span></span></div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">ppp0: flags=8051</span><up,pointopoint,running,multicast><span class="Apple-style-span" style="font-size:small;"> mtu 1492</span></up,pointopoint,running,multicast></span></div><div><span class="Apple-tab-span" style="white-space: pre; "><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> </span></span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">inet 192.0.2.1 --> 1.2.3.4 netmask 0xffffff00 </span></span></div><div><span class="Apple-tab-span" style="white-space: pre; "><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> </span></span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">inet6 fe80::5123:35ff:fef4:1234%ppp0 prefixlen 64 scopeid 0xa </span></span></div></div><div><span class="Apple-tab-span" style="white-space:pre"><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> </span></span></span><b><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">inet6 2001:db8:1234:167:55123:35ff:fef4:1234 prefixlen 64 autoconf </span></span></b></div></div><div><br /></div><div>However, the default IPv6 route is not created. So I did manually pointing to the PPP interface.</div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"># route add -inet6 default -iface ppp0</span></span></div><div><br /></div><div>Now it works!</div><div><br /></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"># ping6 www.viagenie.ca</span></span></div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">ping6 www.viagenie.ca</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">PING6(56=40+8+8 bytes) 2</span></span><span class="Apple-style-span"><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">001:db8:1234:167:55123:35ff:fef4:1234</span></span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;"> --> 2620:0:230:8000::2</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">16 bytes from 2620:0:230:8000::2, icmp_seq=0 hlim=50 time=55.993 ms</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">16 bytes from 2620:0:230:8000::2, icmp_seq=1 hlim=50 time=56.896 ms</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">16 bytes from 2620:0:230:8000::2, icmp_seq=2 hlim=50 time=56.585 ms</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">^C</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">--- jazz.viagenie.ca ping6 statistics ---</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">3 packets transmitted, 3 packets received, 0.0% packet loss</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">round-trip min/avg/max/std-dev = 55.993/56.491/56.896/0.375 ms</span></span></div><div><br /></div></div><div>To automate these steps, I'm using pppd scriptability. From pppd man page, one can create the following files which are executed upon certain actions.</div><div><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="font-family:'courier new';"># sudo echo '/sbin/route add -inet6 default -iface ppp0' > /etc/ppp/ipv6-up</span></span></div><div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="font-family:'courier new';"># sudo echo '/sbin/route delete -inet6 default -iface ppp0' > /etc/ppp/ipv6-down</span></span></div></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="font-family:'courier new';"># sudo chmod +x /etc/ppp/ipv6*</span></span></div><div><br /></div><div>Restarting PPP will execute these scripts when IPv6 will be up and down. One can confirm the execution of the scripts by looking at the logs:</div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style=" ;font-size:small;"># grep Script /var/log/ppp.log</span></span></div><div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">... : </span></span><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">Script /etc/ppp/ipv6-up started (pid 78398)</span></span></div><div><span class="Apple-style-span" style="font-family:'courier new';"><span class="Apple-style-span" style="font-size:small;">... : Script /etc/ppp/ipv6-up finished (pid 78398), status = 0x0</span></span></div></div></div><div><br /></div><div>I'm still looking for a way to integrate the sysctl command in the right script file.</div>marchttp://www.blogger.com/profile/17549217513477569470noreply@blogger.com4tag:blogger.com,1999:blog-2103618198685864206.post-78741759980921370482010-02-07T13:56:00.006-05:002010-02-07T14:44:15.327-05:00Remaining IPv4 /8 prefixes are dirtyAs of January 2010, there is less than <a href="http://www.nro.net/media/less-than-10-percent-ipv4-addresses-remain-unallocated.html">10% of the IPv4 address space</a> remaining for new networks. The current timeline is that <a href="http://ipv4.potaroo.net/">no more address space</a> will be available by 2012. However, the remaining IPv4 address space is not as usable and clean as one may think. <a href="https://www.dns-oarc.net/files/dnsops-2008/Wessels-Unused-space.pdf">Evidence</a> has shown that many unallocated prefixes from the <a href="http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml">IANA pool</a> are used internally by organizations or by <a href="http://en.wikipedia.org/wiki/Hamachi">VPN vendors</a>. Moreover, my company does IP networking consulting and we have seen many times our customer's networks numbered with one of these unallocated prefixes. The <a href="https://www.dns-oarc.net/files/dnsops-2008/Wessels-Unused-space.pdf">top 10 identified</a> were: 1.0.0.0/8 2.0.0.0/8, 5.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 46.0.0.0/8, 100.0.0.0/8, 107.0.0.0/8, 176.0.0.0/8, 111.0.0.0/8. As of writing 1.0.0.0/8 has already been allocated by IANA to APNIC.<div><br /></div><div>I've written a script that parses the IANA IPv4 address registry to find the unallocated prefixes and identify the ones that have been identified as already in use. The result is astonishing. From the ~24 /8 prefixes unallocated (at time of writing), only 2 /8 prefixes are "clean" (not reported to be used internally by organizations) and 22 are "dirty" because they are already in use by some organizations. The "clean" prefixes are: 14.0.0.0/8 and 106.0.0.0/8. </div><div><br /></div><div>However, the level of "dirtiness" is variable. Some such as 1.0.0.0/8, 2.0.0.0/8 and 100.0.0.0/8 are much more used internally in private networks and implementations than others. In fact, the recent allocation of 1.0.0.0/8 by IANA have spurred <a href="http://mailman.nanog.org/pipermail/nanog/2010-January/017402.html">discussions</a> and <a href="http://labs.ripe.net/content/pollution-18">studies</a> on this issue. </div><div><br /></div><div><span class="Apple-style-span" style="font-size:medium;"><b>What happens if I already use one of these "dirty" to-be-allocated prefixes in my network?</b></span></div><div>When the prefix you are using start being announced on the IPv4 Internet, then the sites and networks on the Internet using that prefix will not be reachable from your network and users. It may become a support nightmare if, for example, one of the sites is a well known content site using load-balancing and only some of its servers use the prefix. Therefore, sometimes your users will be able to reach that content, sometimes not: hours of interesting troubleshooting...</div><div><br /></div><div><span class="Apple-style-span" style=" font-weight: bold; font-size:medium;">Is it possible that I'm using these "dirty" prefixes without knowing?</span></div><div>Even you might not know if you are using the dirty prefixes! For example, maybe your VPN vendor is using that "dirty" prefix to avoid collisions with RFC1918 private address space. When your computer setup the VPN connection, the host routing table then contains a route to this prefix through the VPN interface. Therefore, your host won't be able to reach a site on the Internet that has the same prefix. VPN software is often "smart" which means they setup the VPN on demand and disconnect when not in use. That means, similar to the previous paragraph, sometimes you will be able to reach some sites (when VPN is down) and sometimes you will not be able (when VPN is up): hours of interesting troubleshooting...</div><div><br /></div><div><b>What happens if I receive a chunk of these "dirty" to-be-allocated prefixes from my provider?</b></div><div>Your network will become a magnet for packets that, before, went nowhere. Moreover, some end-users on the Internet will not be able to reach your network and sites since they are using the same prefix internally as yours.</div><div><br /></div><div><b>What is the solution?</b></div><div>Well, if you are in the previous situations (already using a to-be-allocated prefix), then you should start planning to renumber. You could try to put more NATs but that become pretty tricky. If you are receiving one of these "dirty" prefixes from your provider, then it will be a rocky road... </div><div><br /></div><div>The best approach, that is future proof, is to start deploying IPv6.</div><div><br /></div>marchttp://www.blogger.com/profile/17549217513477569470noreply@blogger.com8tag:blogger.com,1999:blog-2103618198685864206.post-9266102669049880132007-02-15T16:18:00.000-05:002007-02-15T16:57:23.841-05:00Using Internationalized domain names (idn) with Firefox<a href="http://en.wikipedia.org/wiki/Internationalized_domain_name">Internationalized domain names (idn)</a> is a way to support non-ascii characters in domain names. Most characters in the world can be put in domain names with idn. Technically speaking, an idn (ex: viagénie.com) represented in the <a href="http://www.unicode.org">Unicode character set</a> are encoded in ascii with a prefix (xn--) and saved as is in the DNS. For example, viagénie.com is actually stored as "xn--viagnie-eya.com". It is up to the browser to show it decoded properly (as viagénie.com instead of xn--viagnie-eya.com). <br /><br />There has been some (appropriate) <a href="http://www.icann.org/topics/idn/">concerns on the too large character set available for idn</a>, such as <a href="http://en.wikipedia.org/wiki/IDN_homograph_attack">spoofing domain names</a>. The brute force cure is to show the encoded version (xn--viagnie-eya.com) to the user instead of the decoded version (viagénie.com) of the idn. Therefore, some top-level DNS registries have applied some restrictive rules on the possible set of characters that can be registered in the domain names under their authority, some haven't. There is work currently to update the idn specification to be more restrictive in the use of inappropriate characters in idn.<br /><br />By the principle of precaution, Firefox developers decided to <a href="http://www.mozilla.org/projects/security/tld-idn-policy-list.html">disable the decoding of idn</a> for the TLD registries that do not have sufficient restrictive rules (on the judgement of the developers). The drawback of this is that, by default, for some tlds, idn displays well (i.e. viagénie.biz), for some tlds, idn are displayed un-decoded (ie. xn--viagnie-eya.com). Other browser vendors have different ways: always decode, never decode, ....<br /><br />One of the tld registry in the list of non-decoded idn in Firefox is .com, but .biz is decoded. Type in the url box of your browser: <ul><li>http://www.viagĂ©nie.com<br /></li></ul>And then, after connecting to the site, look at the url box. The .com in Firefox default config should show the xn-- version.<br /><br />To force Firefox to enable IDN and to decode .com idn, do the following:<br /><ol><li>about:config" in the url box.</li><li>filter "idn"</li><li>make sure that network.enableIDN is set to True</li><li>add a new item: "network.IDN.whitelist.com" as a boolean and set it to true. (to add a new item, go to the up-right corner and option click the little icon there: took me a while to find it out!)<br /></li></ol><br />Disclosure Note: I was the co-chair of the <a href="http://www.ietf.org/html.charters/OLD/idn-charter.html">IETF working group on idn</a> and am co-author of some parts of the whole specification<span style="text-decoration: underline;">(</span><a href="http://tools.ietf.org/html/rfc3454" class="external" title="http://tools.ietf.org/html/rfc3454">RFC 3454</a>, <a href="http://tools.ietf.org/html/rfc3491" class="external" title="http://tools.ietf.org/html/rfc3491">RFC 3491</a>). So yes, I'm partly responsible for this not perfect idn solution that needs improvement. But I think that even in the current shape, it is still good enough technology to make the Internet more ready for everybody in any language.<br /><br />Technical references:<br /><ul><li><a href="http://tools.ietf.org/html/rfc3490" class="external" title="http://tools.ietf.org/html/rfc3490">RFC 3490</a> (IDNA)</li><li><a href="http://tools.ietf.org/html/rfc3454" class="external" title="http://tools.ietf.org/html/rfc3454">RFC 3454</a> (Stringprep)</li><li><a href="http://tools.ietf.org/html/rfc3491" class="external" title="http://tools.ietf.org/html/rfc3491">RFC 3491</a> (Nameprep)</li><li><a href="http://tools.ietf.org/html/rfc3492" class="external" title="http://tools.ietf.org/html/rfc3492">RFC 3492</a> (Punycode)</li></ul>marchttp://www.blogger.com/profile/17549217513477569470noreply@blogger.com4tag:blogger.com,1999:blog-2103618198685864206.post-33415680590977669632007-02-15T16:05:00.000-05:002007-02-15T16:16:21.706-05:00Using Firefox 2.0 with IPv6 on MacOS XBy default, Firefox disables IPv6 support on MacOS X but not on other platforms. To enable IPv6 on Firefox, do:<br /><ol><li>"about:config" in the url box.<br /></li><li>filter "ipv6",<br /></li><li>select "network.dns.disableIPv6"<br /></li><li>and set the value to "false". <br /></li></ol>For more information, see <a href="http://kb.mozillazine.org/Network.dns.disableIPv6">mozilla knowledge base</a>.marchttp://www.blogger.com/profile/17549217513477569470noreply@blogger.com1