Re: [NANOG] IOS rootkits

2008-05-20 Thread Gadi Evron 
On Mon, 19 May 2008, Deepak Jain wrote:
>
> Wouldn't this level of verification/authentication of running code be a 
> pretty trivial function via RANCID or similar tool?

Absolutely, and it actually makes sense. The problem though is that it is 
one again an escalation war and counter-inventions keep happening. RANCID 
will connect remotely and use the local tools to get results, these local 
tools or their esults can be altered.

> I understand *why* we are worried about rootkits on individual servers. On 
> essentially "closed" platforms this isn't going to be rocket science.
> It may seem odd by today's BCPs, but booting up from "golden" images via 
> write-protected  hardware or TFTP or similar is pretty straightforward -- 
> especially for those of us who run large server farms.

That is a neat idea, you mean something like a magic card?
Well, the rootkit could still hide in memory, or heck, on the video card 
if it likes. While XR is not implemented your best bet is reflashing with 
an updated version, screws up the memory allocations which is apparently a 
difficult problem to overcome.

> A POP or node could certainly keep a few servers around that are a permanent 
> repository of these items for all the devices that get images.
>
> If you can't trust the boot rom, well, that's an entirely separate matter.
>
> I think the issue with rootkits whether server or embedded device is more 
> about infection vector than the maliciousness that could be caused AFTER a 
> compromise has occurred.

Here is very much disagree with you. Imagine what you can do with a Trojan 
horse on a computer, say a server. You could, in effective terms, use it 
as your own. You'd own it. The same is true for a router.

You could sniff the network, steal traffic, use it as a bridge to connect 
to potnetially any part of your network, hide traffic, etc. The potential 
for attackrs is almosy "cool".

Gadi.


>
> Deepak Jain
>
>
> Dragos Ruiu wrote:
>> The question this presentation begs for me... is how many of the folks  on 
>> this list do integrity checking on their routers?
>> 
>> You can no longer say this isn't necessary :-).
>> 
>> I know FX and a few others are working on toolsets for this...
>> 
>> I'll probably have other comments after I see the presentation.
>> This development has all sort of implications for binary signing 
>> requirements, etc...
>> 
>> cheers,
>> --dr
>> 
>> --
>> World Security Pros. Cutting Edge Training, Tools, and Techniques
>> London, U.K.   May 21/22 - 2008http://cansecwest.com
>> pgpkey http://dragos.com/ kyxpgp
>> 
>> 
>> 
>> ___
>> NANOG mailing list
>> NANOG@nanog.org
>> http://mailman.nanog.org/mailman/listinfo/nanog
>> 
>> 
>

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

[NANOG] Fiber Cut at 60 Hudson

2008-05-20 Thread Robert Blayzor 
Does anyone know of any NY fiber cuts going on near/around 60 Hudson  
Street?  I have a Level3 DIA Gig-E that's been out for almost 36 hours  
and each time I call them I get a different answer on what the problem  
is and exactly how much longer this is going to take to be resolved.   
We noticed this go down around 7pm EDT on Sunday and the following  
morning the dark fiber we have going through 60 Hudson took a hit for  
about an hour on one side of our DWDM ring...

Anyone know whats up?

-- 
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/









___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

[NANOG] Unique v6 (video) content

2008-05-20 Thread Michal Krsek 
Hello,
several months ago we have had a discussion about IPv6 content. There has 
been a proposal that having some adult content IPv6 only should be a good 
idea.

I'm not p0rn hoster, but I'm very close to IP content delivery network for 
Czech public TV. They have news channel (unfortunatelly for most of you in 
czech language) running round the clock.

So we made available their content over IPv6 and made available TV 
resolution for IPv6 only. So if you have IPv6, you will get video content at 
http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s). If you 
have old IP only, you will see this content only in 320x240 (bitrate ~400 
Kb/s).

This service is experimental, and if you have any ideas, complains or 
questions, please contact me off the list.

Regards
Michal 


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Max Tulyev 
Hello Michael,

I'm getting the permanent error message:

[EMAIL PROTECTED] ~/temp $ mplayer http://master.nacevi.cz/ct24v6.asp
MPlayer dev-SVN-rUNKNOWN-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU E4500  @ 2.20GHz (Family: 6, Model: 
15, Stepping: 13)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2

Playing http://master.nacevi.cz/ct24v6.asp.
Resolving master.nacevi.cz for AF_INET6...
Connecting to server master.nacevi.cz[2a02:1d0:1:0:217:a4ff:feaa:e6f3]: 
80...
STREAM_ASF, URL: http://master.nacevi.cz/ct24v6.asp
Resolving master.nacevi.cz for AF_INET6...
Connecting to server master.nacevi.cz[2a02:1d0:1:0:217:a4ff:feaa:e6f3]: 
80...
size_confirm mismatch!: 30835 28271
Error while parsing chunk header
Failed, exiting.
Resolving master.nacevi.cz for AF_INET6...
Connecting to server master.nacevi.cz[2a02:1d0:1:0:217:a4ff:feaa:e6f3]: 
80...
Cache size set to 320 KBytes
Cache fill:  0.10% (323 bytes)


Exiting... (End of file)

[EMAIL PROTECTED] ~/temp $ links -dump http://master.nacevi.cz/ct24v6.asp
Ceska televize (c) 2007 Ceska televize (c) 2007

I'm trying from 2a01:d0:9:0:21c:c0ff:fe23:793f.

Michal Krsek wrote:
> Hello,
> several months ago we have had a discussion about IPv6 content. There has 
> been a proposal that having some adult content IPv6 only should be a good 
> idea.
> 
> I'm not p0rn hoster, but I'm very close to IP content delivery network for 
> Czech public TV. They have news channel (unfortunatelly for most of you in 
> czech language) running round the clock.
> 
> So we made available their content over IPv6 and made available TV 
> resolution for IPv6 only. So if you have IPv6, you will get video content at 
> http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s). If you 
> have old IP only, you will see this content only in 320x240 (bitrate ~400 
> Kb/s).
> 
> This service is experimental, and if you have any ideas, complains or 
> questions, please contact me off the list.
> 
> Regards
> Michal 
> 
> 
> ___
> NANOG mailing list
> NANOG@nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog


-- 
WBR,
Max Tulyev (MT6561-RIPE, 2:463/[EMAIL PROTECTED])

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Robert E. Seastrom 

"Michal Krsek" <[EMAIL PROTECTED]> writes:

> Hello,
> several months ago we have had a discussion about IPv6 content. There has 
> been a proposal that having some adult content IPv6 only should be a good 
> idea.
>
> I'm not p0rn hoster, but I'm very close to IP content delivery network for 
> Czech public TV. They have news channel (unfortunatelly for most of you in 
> czech language) running round the clock.
>
> So we made available their content over IPv6 and made available TV 
> resolution for IPv6 only. So if you have IPv6, you will get video content at 
> http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s). If you 
> have old IP only, you will see this content only in 320x240 (bitrate ~400 
> Kb/s).
>
> This service is experimental, and if you have any ideas, complains or 
> questions, please contact me off the list.

So, we've been native v6 here for a number of years.  Figured I'd give
this a shot, only to be greeted with:

   The application VLC quit unexpectedly

   Mac OS X and other applications are not affected.

As long as we're doing forward-looking, brave-new-world stuff, would
it be asking too much to say "use h.264 or something else 'standard'
for the video"?

Best,
---Rob


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Nathan Ward 
On 20/05/2008, at 11:56 PM, Robert E. Seastrom wrote:
> "Michal Krsek" <[EMAIL PROTECTED]> writes:
>
>> Hello,
>> several months ago we have had a discussion about IPv6 content.  
>> There has
>> been a proposal that having some adult content IPv6 only should be  
>> a good
>> idea.
>>
>> I'm not p0rn hoster, but I'm very close to IP content delivery  
>> network for
>> Czech public TV. They have news channel (unfortunatelly for most of  
>> you in
>> czech language) running round the clock.
>>
>> So we made available their content over IPv6 and made available TV
>> resolution for IPv6 only. So if you have IPv6, you will get video  
>> content at
>> http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s).  
>> If you
>> have old IP only, you will see this content only in 320x240  
>> (bitrate ~400
>> Kb/s).
>>
>> This service is experimental, and if you have any ideas, complains or
>> questions, please contact me off the list.
>
> So, we've been native v6 here for a number of years.  Figured I'd give
> this a shot, only to be greeted with:
>
>   The application VLC quit unexpectedly
>
>   Mac OS X and other applications are not affected.


Works fine on VLC/OS X for me - but not with flip4mac - flip4mac does  
IPv4 only it seems.

--
Nathan Ward





___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread GIULIANO (UOL) 
Michal,

I can see the video here from Brazil.

The quality is very good, but I am using the Go6 Tunnel to watch it.

Sometimes we have some interruption, but in general it is ok.

Thanks,

Giuliano


> Hello,
> several months ago we have had a discussion about IPv6 content. There has 
> been a proposal that having some adult content IPv6 only should be a good 
> idea.
> 
> I'm not p0rn hoster, but I'm very close to IP content delivery network for 
> Czech public TV. They have news channel (unfortunatelly for most of you in 
> czech language) running round the clock.
> 
> So we made available their content over IPv6 and made available TV 
> resolution for IPv6 only. So if you have IPv6, you will get video content at 
> http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s). If you 
> have old IP only, you will see this content only in 320x240 (bitrate ~400 
> Kb/s).
> 
> This service is experimental, and if you have any ideas, complains or 
> questions, please contact me off the list.
> 
> Regards
> Michal 
> 
> 
> ___
> NANOG mailing list
> NANOG@nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
> 
> __ Information from ESET NOD32 Antivirus, version of virus signature 
> database 3113 (20080520) __
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Marc Manthey 
hello,

works on videolan osx leopard , just a few seconds then it stops ,  
because my connections is not good enough

15:12:25.779523 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: S 613680145:613680145(0)  
win 65535 
15:12:25.852420 IP6 fe80::20f:66ff:fea7:2d48 > ff02::1:ff79:f1e:  
ICMP6, neighbor solicitation, who has mini.stattfernsehen.com, length 32
15:12:25.852549 IP6 mini.local > fe80::20f:66ff:fea7:2d48: ICMP6,  
neighbor advertisement, tgt is mini.stattfernsehen.com, length 32
15:12:25.853012 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >  
mini.stattfernsehen.com.55362: S 963848731:963848731(0) ack 613680146  
win 16384 
15:12:25.853115 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 1 win 65535
15:12:25.855914 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 1:217(216) ack 1 win  
65535
15:12:25.932982 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >  
mini.stattfernsehen.com.55362: P 1:145(144) ack 217 win 16864
15:12:25.933132 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 145 win 65535
15:12:25.933552 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 217:329(112) ack 145  
win 65535
15:12:26.009816 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >  
mini.stattfernsehen.com.55362: P 145:241(96) ack 329 win 16752
15:12:26.009943 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 241 win 65535
15:12:26.010238 IP6 mini.stattfernsehen.com.55362 >  
2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 329:433(104) ack 241  
win 65535

first time that i ever saw a ipv6 stream by the way 

thank you very much !!!

Marc

>> http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s).  
>> If you
>> have old IP only, you will see this content only in 320x240  
>> (bitrate ~400
>> Kb/s).

--
"Use your imagination not to scare yourself to death
but to inspire yourself to life."
Les enfants teribbles - research and deployment
Marc Manthey - head of research and innovation
Hildeboldplatz 1a D - 50672 Köln - Germany
Tel.:0049-221-3558032
Mobil:0049-1577-3329231
jabber :[EMAIL PROTECTED]
blog : http://www.let.de
ipv6 http://www.stattfernsehen.com
xing : https://www.xing.com/profile/Marc_Manthey
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Michal Krsek 
Dear Marc,
if you (or other users) have not enough capacity for watching 1.5 Mb/s 
stream, you can use lower (comodity) bitrate. You can use comodity URLs:

http://master.nacevi.cz/asx/ct24livewh.asx (400 Kb/s)

http://master.nacevi.cz/asx/ct24livewl.asx (225 Kb/s)

   Regards
 Michal

P.S: Replacing "master" with "master6" will drive you to IPv6 only streams.

P.P.S: Last three RIPE meetings have been broadcasted via IPv6 as well.

> hello,
>
> works on videolan osx leopard , just a few seconds then it stops ,  
> because my connections is not good enough
>
> 15:12:25.779523 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: S 613680145:613680145(0)  
> win 65535  [|tcp]>
> 15:12:25.852420 IP6 fe80::20f:66ff:fea7:2d48 > ff02::1:ff79:f1e:  
> ICMP6, neighbor solicitation, who has mini.stattfernsehen.com, length 32
> 15:12:25.852549 IP6 mini.local > fe80::20f:66ff:fea7:2d48: ICMP6,  
> neighbor advertisement, tgt is mini.stattfernsehen.com, length 32
> 15:12:25.853012 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >  
> mini.stattfernsehen.com.55362: S 963848731:963848731(0) ack 613680146  
> win 16384 
> 15:12:25.853115 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 1 win 65535
> 15:12:25.855914 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 1:217(216) ack 1 win  
> 65535
> 15:12:25.932982 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >  
> mini.stattfernsehen.com.55362: P 1:145(144) ack 217 win 16864
> 15:12:25.933132 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 145 win 65535
> 15:12:25.933552 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 217:329(112) ack 145  
> win 65535
> 15:12:26.009816 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >  
> mini.stattfernsehen.com.55362: P 145:241(96) ack 329 win 16752
> 15:12:26.009943 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 241 win 65535
> 15:12:26.010238 IP6 mini.stattfernsehen.com.55362 >  
> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 329:433(104) ack 241  
> win 65535
>
> first time that i ever saw a ipv6 stream by the way 
>
> thank you very much !!!
>
> Marc
>
>   
>>> http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/s).  
>>> If you
>>> have old IP only, you will see this content only in 320x240  
>>> (bitrate ~400
>>> Kb/s).
>>>   
>
> --
> "Use your imagination not to scare yourself to death
> but to inspire yourself to life."
> Les enfants teribbles - research and deployment
> Marc Manthey - head of research and innovation
> Hildeboldplatz 1a D - 50672 Köln - Germany
> Tel.:0049-221-3558032
> Mobil:0049-1577-3329231
> jabber :[EMAIL PROTECTED]
> blog : http://www.let.de
> ipv6 http://www.stattfernsehen.com
> xing : https://www.xing.com/profile/Marc_Manthey
> ___
> NANOG mailing list
> NANOG@nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
>   

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

[NANOG] An account of the Estonian Internet War

2008-05-20 Thread Gadi Evron 
About a year ago after coming back from Estonia I promised I'd send in an 
account of the Estonian "war". The postmortem analysis and recommendations I 
later wrote for the Estonian CERT are not yet public.

A few months ago I wrote an article for the Georgetown Journal of International 
Affairs, covering the story of what happened there, in depth. The journal owns 
the copyright so I had no way of sending that along either. I wasn't about to 
email saying "go buy a copy".

Mostly silly articles kept popping up with misguided to wrong information about 
what happened in Estonia, and when an Estonian student was arrested for 
participating, some in our community even jumped up to say "it was just some 
student". Ridiculous.

This is the "war" that made politicians aware of cyber security and entire 
countries scared, NATO to "respond" and the US to send in "help". It deserved a 
better understanding for that alone, whatever actually happened there.

I was there to help, but I just deliver the account. The heroes of the story 
are the Estonian ISP and banking security professionals and the CERT (Hillar 
Aarelaid and Aivar Jaakson).

Apparently the Journal made my article available in PDF form by a third party:

Battling Botnets and Online Mobs
Estonia's Defense Efforts during the Internet War

URL: http://www.ciaonet.org/journals/gjia/v9i1/699.pdf

It is not technical, I hope you find it useful.

Gadi Evron.

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Fiber Cut at 60 Hudson

2008-05-20 Thread virendra rode // 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

Robert Blayzor wrote:
> Does anyone know of any NY fiber cuts going on near/around 60 Hudson  
> Street?  I have a Level3 DIA Gig-E that's been out for almost 36 hours  
> and each time I call them I get a different answer on what the problem  
> is and exactly how much longer this is going to take to be resolved.   
> We noticed this go down around 7pm EDT on Sunday and the following  
> morning the dark fiber we have going through 60 Hudson took a hit for  
> about an hour on one side of our DWDM ring...
> 
> Anyone know whats up?
> 
- ---
Possible bad module / fiber. Techs are in route back to Albany site. ETA
1 hr.

On a different note, outages mailing list ([EMAIL PROTECTED]) should be
up / running by this week at the latest. We are finishing up on the last
 pieces (hw/software).


regards,
/virendra
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIMuvypbZvCIJx1bcRAoiSAJwK7wptXgTAxtokgKosCPC3L6fHTwCgjt6u
HKREsGqHELOS0XAmzOMjjuA=
=6kAb
-END PGP SIGNATURE-

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

[NANOG] AUTO: Kamal Mehta is on vacation (returning 05/21/2008)

2008-05-20 Thread Kamal Mehta 


I am out of the office until 05/21/2008.

I am on vacation and will not have access to e-mail.  I will try to reply
to your message on my return.

If you need immediate assistance, please call the IBM AOD Service Center at
877-737-3700.







Note: This is an automated response to your message  "NANOG Digest, Vol 4,
Issue 49" sent on 5/20/08 6:00:02.

This is the only notification you will receive while this person is away.
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

[NANOG] AUTO: Kamal Mehta is on vacation (returning 05/21/2008)

2008-05-20 Thread Kamal Mehta 


I am out of the office until 05/21/2008.

I am on vacation and will not have access to e-mail.  I will try to reply
to your message on my return.

If you need immediate assistance, please call the IBM AOD Service Center at
877-737-3700.







Note: This is an automated response to your message  "NANOG Digest, Vol 4,
Issue 49" sent on 5/20/08 6:00:02.

This is the only notification you will receive while this person is away.
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

[NANOG] Multihoming for small frys?

2008-05-20 Thread William Herrin 
Hi folks,

An administrative question about multihoming:

I have a client who needs to multihome with multiple vendors for
reliability purposes, currently in the Northern Virginia area and
later on with a fail-over site, probably in Hawaii. They have only a
very modest need for bandwidth and addresses (think: T1's and a few
dozen servers) but they have to have BGP multihoming and can afford to
pay for it.

The last I heard, the way to make this happen was: Find a service
provider with IP blocks available in ARIN's set of /8's that permit
/24 announcements (networks 199, 204-207), buy a circuit and request a
/24 for multihoming. Then buy circuits from other providers using that
ISP's /24 and an AS# from ARIN.

Is that still the way to make it happen? Are there alternate
approaches (besides DNS games) that I should consider?

Who should I talk to? Certain well-known companies seem incapable of
discussing service that isn't cookie-cutter.

Thanks,
Bill Herrin

-- 
William D. Herrin  [EMAIL PROTECTED] [EMAIL PROTECTED]
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread david raistrick 
On Tue, 20 May 2008, William Herrin wrote:

> The last I heard, the way to make this happen was: Find a service
> provider with IP blocks available in ARIN's set of /8's that permit

that part isn't required.   Generally any /24 will do in my 
experience except for specific cases.

Other than that, you've got it about right.





---
david raistrickhttp://www.netmeister.org/news/learn2quote.html
[EMAIL PROTECTED] http://www.expita.com/nomime.html


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread Holmes,David A 
If the same /24 is announced from 2 different sites, the problem we have
run into is that using the longest prefix method is the only way to
guarantee that some ISPs will not use some method such as private
peering to cause asymmetric routing back to the small fry. 

-Original Message-
From: david raistrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 20, 2008 12:32 PM
To: William Herrin
Cc: nanog@nanog.org
Subject: Re: [NANOG] Multihoming for small frys?

On Tue, 20 May 2008, William Herrin wrote:

> The last I heard, the way to make this happen was: Find a service
> provider with IP blocks available in ARIN's set of /8's that permit

that part isn't required.   Generally any /24 will do in my 
experience except for specific cases.

Other than that, you've got it about right.





---
david raistrickhttp://www.netmeister.org/news/learn2quote.html
[EMAIL PROTECTED] http://www.expita.com/nomime.html


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Marc Manthey 

Am 20.05.2008 um 16:22 schrieb Michal Krsek:

> Dear Marc,
> if you (or other users) have not enough capacity for watching 1.5 Mb/ 
> s stream, you can use lower (comodity) bitrate. You can use comodity  
> URLs:
>
> http://master.nacevi.cz/asx/ct24livewh.asx (400 Kb/s)
>
> http://master.nacevi.cz/asx/ct24livewl.asx (225 Kb/s)
>
>  Regards
>Michal

exellent Michal

is this multicasted ? what server software you use for ipv6 streaming  ?
is there a way to stream via rtp/ rtsp over ipv6 aswell ;) ?


> P.S: Replacing "master" with "master6" will drive you to IPv6 only  
> streams.
>
> P.P.S: Last three RIPE meetings have been broadcasted via IPv6 as  
> well.

cheers


Marc


>> hello,
>>
>> works on videolan osx leopard , just a few seconds then it stops ,   
>> because my connections is not good enough
>>
>> 15:12:25.779523 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: S  
>> 613680145:613680145(0)  win 65535 > 2,nop,nop,timestamp 603390695 0,sackOK, [|tcp]>
>> 15:12:25.852420 IP6 fe80::20f:66ff:fea7:2d48 > ff02::1:ff79:f1e:   
>> ICMP6, neighbor solicitation, who has mini.stattfernsehen.com,  
>> length 32
>> 15:12:25.852549 IP6 mini.local > fe80::20f:66ff:fea7:2d48: ICMP6,   
>> neighbor advertisement, tgt is mini.stattfernsehen.com, length 32
>> 15:12:25.853012 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >   
>> mini.stattfernsehen.com.55362: S 963848731:963848731(0) ack  
>> 613680146  win 16384 
>> 15:12:25.853115 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 1 win 65535
>> 15:12:25.855914 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 1:217(216) ack 1  
>> win  65535
>> 15:12:25.932982 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >   
>> mini.stattfernsehen.com.55362: P 1:145(144) ack 217 win 16864
>> 15:12:25.933132 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 145 win 65535
>> 15:12:25.933552 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 217:329(112) ack  
>> 145  win 65535
>> 15:12:26.009816 IP6 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming >   
>> mini.stattfernsehen.com.55362: P 145:241(96) ack 329 win 16752
>> 15:12:26.009943 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: . ack 241 win 65535
>> 15:12:26.010238 IP6 mini.stattfernsehen.com.55362 >   
>> 2a02:1d0:2::217:a4ff:feaa:e6e7.ms-streaming: P 329:433(104) ack  
>> 241  win 65535
>>
>> first time that i ever saw a ipv6 stream by the way 
>>
>> thank you very much !!!
>>
>> Marc
>>
>>
 http://master.nacevi.cz/ct24v6.asp in 720x576 (bitrate ~1.5 Mb/ 
 s).  If you
 have old IP only, you will see this content only in 320x240   
 (bitrate ~400
 Kb/s).

>>
>> --
>> "Use your imagination not to scare yourself to death
>> but to inspire yourself to life."
>> Les enfants teribbles - research and deployment
>> Marc Manthey - head of research and innovation
>> Hildeboldplatz 1a D - 50672 Köln - Germany
>> Tel.:0049-221-3558032
>> Mobil:0049-1577-3329231
>> jabber :[EMAIL PROTECTED]
>> blog : http://www.let.de
>> ipv6 http://www.stattfernsehen.com
>> xing : https://www.xing.com/profile/Marc_Manthey
>> ___
>> NANOG mailing list
>> NANOG@nanog.org
>> http://mailman.nanog.org/mailman/listinfo/nanog
>>


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread Robert D. Scott 
The /24 address block has to be portable, an assignment, or the owner needs
to grant the secondary advertiser an LOA to readvertise that block. The LOA
is pretty common, but some ISPs may require you to renumber to get into
address space they will permit you to use and multihome. As always your
mileage may vary. 


Robert D. Scott [EMAIL PROTECTED]
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services  352-392-2061 CNS Receptionist
University of Florida   352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL  32611

-Original Message-
From: david raistrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 20, 2008 3:32 PM
To: William Herrin
Cc: nanog@nanog.org
Subject: Re: [NANOG] Multihoming for small frys?

On Tue, 20 May 2008, William Herrin wrote:

> The last I heard, the way to make this happen was: Find a service 
> provider with IP blocks available in ARIN's set of /8's that permit

that part isn't required.   Generally any /24 will do in my 
experience except for specific cases.

Other than that, you've got it about right.





---
david raistrickhttp://www.netmeister.org/news/learn2quote.html
[EMAIL PROTECTED] http://www.expita.com/nomime.html


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog



___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread Andy Dills 
On Tue, 20 May 2008, William Herrin wrote:

> Hi folks,
> 
> An administrative question about multihoming:
> 
> I have a client who needs to multihome with multiple vendors for
> reliability purposes, currently in the Northern Virginia area and
> later on with a fail-over site, probably in Hawaii. They have only a
> very modest need for bandwidth and addresses (think: T1's and a few
> dozen servers) but they have to have BGP multihoming and can afford to
> pay for it.
> 
> The last I heard, the way to make this happen was: Find a service
> provider with IP blocks available in ARIN's set of /8's that permit
> /24 announcements (networks 199, 204-207), buy a circuit and request a
> /24 for multihoming. Then buy circuits from other providers using that
> ISP's /24 and an AS# from ARIN.
> 
> Is that still the way to make it happen? Are there alternate
> approaches (besides DNS games) that I should consider?

They should just get their own /22 from ARIN.

If the future fail-over site doesn't help them show a /23's worth of 
justification, break out the ultimate fudge factor: SSL.

Yes, I know, some would argue this isn't responsible usage of community 
resources. 

However, if I was representing the interests of a company whose existence 
relies on working connectivity, my biggest concern would be provider 
independance. Altruism is something I encourage my competitors to indulge 
in. In fact, the increasing value and decreasing pool of prefixes should 
motivate any proper capitalist to air on the side of being greedy: just as 
they aren't making any more land, they aren't making any more IP(v4) 
space. 

My gut instinct has been telling me for half a decade that prefixes will 
get commoditized long before IPv6 settles in, and if I was representing 
the interests of a company who was in the situation you describe, I would 
certainly want to prepare for that possibility.

ARIN really should allow direct allocation of /24s to multi-homed 
organizations. It wouldn't increase the table size, and it would reduce 
the wasteful (best common) practice I describe above.

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread Tony Varriale 
AFAIK, ARIN doesn't give out /22s anymore.

Last time I went to the well...it's was a /20 or better.

tv
- Original Message - 
From: "Andy Dills" <[EMAIL PROTECTED]>
To: "William Herrin" <[EMAIL PROTECTED]>
Cc: 
Sent: Tuesday, May 20, 2008 11:05 PM
Subject: Re: [NANOG] Multihoming for small frys?


> On Tue, 20 May 2008, William Herrin wrote:
>
>> Hi folks,
>>
>> An administrative question about multihoming:
>>
>> I have a client who needs to multihome with multiple vendors for
>> reliability purposes, currently in the Northern Virginia area and
>> later on with a fail-over site, probably in Hawaii. They have only a
>> very modest need for bandwidth and addresses (think: T1's and a few
>> dozen servers) but they have to have BGP multihoming and can afford to
>> pay for it.
>>
>> The last I heard, the way to make this happen was: Find a service
>> provider with IP blocks available in ARIN's set of /8's that permit
>> /24 announcements (networks 199, 204-207), buy a circuit and request a
>> /24 for multihoming. Then buy circuits from other providers using that
>> ISP's /24 and an AS# from ARIN.
>>
>> Is that still the way to make it happen? Are there alternate
>> approaches (besides DNS games) that I should consider?
>
> They should just get their own /22 from ARIN.
>
> If the future fail-over site doesn't help them show a /23's worth of
> justification, break out the ultimate fudge factor: SSL.
>
> Yes, I know, some would argue this isn't responsible usage of community
> resources.
>
> However, if I was representing the interests of a company whose existence
> relies on working connectivity, my biggest concern would be provider
> independance. Altruism is something I encourage my competitors to indulge
> in. In fact, the increasing value and decreasing pool of prefixes should
> motivate any proper capitalist to air on the side of being greedy: just as
> they aren't making any more land, they aren't making any more IP(v4)
> space.
>
> My gut instinct has been telling me for half a decade that prefixes will
> get commoditized long before IPv6 settles in, and if I was representing
> the interests of a company who was in the situation you describe, I would
> certainly want to prepare for that possibility.
>
> ARIN really should allow direct allocation of /24s to multi-homed
> organizations. It wouldn't increase the table size, and it would reduce
> the wasteful (best common) practice I describe above.
>
> Andy
>
> ---
> Andy Dills
> Xecunet, Inc.
> www.xecu.net
> 301-682-9972
> ---
>
> ___
> NANOG mailing list
> NANOG@nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog 


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread Nathan Ward 
On 21/05/2008, at 4:31 PM, Tony Varriale wrote:

> AFAIK, ARIN doesn't give out /22s anymore.
>
> Last time I went to the well...it's was a /20 or better.

Interesting..

I've had /24s for customers before, with APNIC's multi-homing  
assignments.

http://www.apnic.net/info/faq/multihoming_faq.html


There is no absolute maximum or minimum assignment size, but please  
note that APNIC cannot guarantee the routability of any assignment it  
makes. Assignments less than /24 are not practical and will generally  
be filtered. If you are close to meeting the minimum allocation size (/ 
21), you may find it more economical to become an APNIC member and  
apply for a portable allocation using the APNIC IPv4 ISP request form.


Note that you must be the end user of the space, as it is assigned not  
allocated.

--
Nathan Ward





___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Unique v6 (video) content

2008-05-20 Thread Michal Krsek 
Hi Marc,

> > if you (or other users) have not enough capacity for watching 1.5 Mb/
> > s stream, you can use lower (comodity) bitrate. You can use comodity
> > URLs:
> >
> > http://master.nacevi.cz/asx/ct24livewh.asx (400 Kb/s)
> >
> > http://master.nacevi.cz/asx/ct24livewl.asx (225 Kb/s)
>
> exellent Michal
>
> is this multicasted ?

No it is not. I have no reliable access to mbone and multicast penetration 
on public Internet here in central europe is "not very wide". So it makes no 
sense to deal with multicast. Rather I'm investing my time to support IPv6, 
this looks like it has more perspective :-)

> what server software you use for ipv6 streaming  ?

Windows Media Server on top of POS (Picture Operating System - WM 2003 
server).

> is there a way to stream via rtp/ rtsp over ipv6 aswell ;) ?

WM is serving data over rtsp as well as over http. ASX file is only pointer 
to the stream. As I understand the technology, server will negotiate with 
your client and they try to use ports in following order 1775 (mms) -> 554 
(rtsp) -> 80 (http).

Regards
Michal 


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [NANOG] Multihoming for small frys?

2008-05-20 Thread Andy Dills 
On Tue, 20 May 2008, Tony Varriale wrote:

> AFAIK, ARIN doesn't give out /22s anymore.
> 
> Last time I went to the well...it's was a /20 or better.

Nah, it's /22 for multi-homed networks, /20 for single-homed.


http://www.arin.net/registration/guidelines/ipv4_initial_alloc.html

4.3.2.2 Multihomed Connection
For end-users who demonstrate an intent to announce the requested space in 
a multihomed fashion, the minimum block of IP address space assigned is a 
/22. If assignments smaller than a /22 are needed, multihomed end-users 
should contact their upstream providers. When prefixes are assigned which 
are longer than /20, they will be from a block reserved for that purpose.




Are there really networks who can justify a /20 that aren't multi-homed? 
The mind boggles.

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog