Re: Using IPv6 with prefixes shorter than a /64 on a LAN
Figure I'll throw my 2 cents into this. The way I read the RFCs, IPv6 is not IP space. Its network space. Unless I missed it last time I read through them, the RFCs do not REQUIRE hardware/software manufacturers to support VLSM beyond /64. Autoconfigure the is the name of the game for the IPv6 guys. Subsequently, while using longer prefixes is possible currently, I'd never deploy it because it could be removed from code without mention. Because of the AutoConfigure piece, I consider IPv6 to be NETWORK Space, rather than IP Space like IPv4. I'm issued a /48 which can be comprised of 65536 /64 networks, not some silly number of hosts, which can't exist because they are all duplicates of each other (MAC address = host identifier) Anyway, that's how I see the question that started this whole thing, I'd suggest using link local and RFC 4193 for internal routing and your public space for things that need public access or need to be accessed publicly. Just because they SAY there's infinite space (like they said about IPv4) doesn't mean we have to be stupid and wasteful with our space. -C If I've misread, or completely missed an RFC, I apologize.
Re: Is there such a thing as a 10GBase-T SFP+ transciever
What I want to see is reasonably priced 40G single mode transceivers. I have no idea why 40G and now 100G wasn't rolled out with single mode as the preference. The argument that "there's a large multimode install base" doesn't hold water. For one thing, you're using enormous amounts of MM fiber to get at best 1/4 of the ports than you previously had. The best case is that you could get 12 ports where you used to have 48, but that's messy. The second issue is cost, if you're running and distance, you've got to go to OM4, because MM fiber has very limited range at 10G (you're multiplexing 10G links), and OM4 is insanely expensive. Single Mode on the other hand is 'cheap' in comparison. One pair of SM fiber will handle every speed from 10M to 100G, and over much longer distances than MM, no matter what grade. Unfortunately, since the manufacturers haven't seen fit to push the SM, the optics are extremely expensive, so we're stuck with 4-12 times the amount of installed fiber than we really need. Grumble. On Jan 30, 2014, at 6:25 PM, Chris Balmain wrote: > You may wish to consider twinax for short distance 10G over copper with SFP+ > at both ends > > http://en.wikipedia.org/wiki/Twinaxial_cabling#SFP.2B_Direct-Attach_Copper_.2810GSFP.2BCu.29 > > Typically marketed as "direct-attach" (you can't remove the cables from the > transceivers, it's all integrated) > > On 31/01/14 12:26, james jones wrote: >> I would like to know if anyone has seen one of these? If so where? Also if >> they don't exist why? It would seem to me that it would make it a lot >> easier to play mix and match with fiber in the DC if they did. Would be so >> hard to make the 1G SFPs faster (trying to be funny here not arrogant). >> >> >> -James >
Re: OOB
As far as best practices, I'm not sure. I've generally built an out of band network for the express purpose of saving my behind in the event of an unanticipated traffic problem on the primary network. Secondarily it allows secured access to equipment, and you can monitor (which is often not secure, read snmp) on it as well. However, I've never tried to extend one beyond a facility or campus exactly. Lots depends on the type of network you're talking about and equipment you're using though. E Sent from my iPad which loves to "correct" my typing with interesting results. On Jul 26, 2011, at 7:03 AM, "Paul Stewart" wrote: > We do everything in-band with strict monitoring/policies in place. > > Paul > > > -Original Message- > From: harbor235 [mailto:harbor...@gmail.com] > Sent: Tuesday, July 26, 2011 9:57 AM > To: NANOG list > Subject: OOB > > I am curious what is the best practice for OOB for a core > infrastructure environment. Obviously, there is > an OOB kit for customer managed devices via POTS, Ethernet, etc ... And > there is OOB for core infrastructure > typically a separate basic network that utilizes diverse carrier and diverse > path when available. > > My question is, is it best practice to extend an inband VPN throughout for > device management functions as well? > And are all management services performed OOB, e.g network management, some > monitoring, logging, > authentication, flowdata, etc . If a management VPN is used is it also > extended to managed customer devices? > > What else is can be done for remote management and troubleshooting > capabilities? > > Mike > >
Environmental monitoring options
I'd like to ask the list what products people are using to monitor their environments. By this I'm referring to datacenters, and other equipment. Temperature, humidity, airflow, cameras, dry contacts, door sensors, leak detection, all that sort of thing. I've used Netbotz in the past. Looking to see what else is out there that people like. Thanks E
Re: Environmental monitoring options
Thanks for all the replies everyone. Some good options, though I am surprised by how few options I'm finding that have a good centralized management system. I have to deploy monitoring to a bunch of sites spread around the world, centralized management is key. Thanks for all the suggestions.
Re: facebook spying on us?
did you start your browser before looking at your connection list? However, you're on a window's box, so it wouldn't surprise me if they helpfully started ie for you If you didn't start the browser you use to go to facebook (and its not ie), its fairly interesting. On Sep 29, 2011, at 6:13 AM, Glen Kent wrote: > Hi, > > I see that i have multiple TCP sessions established with facebook. > They come up even after i reboot my laptop and dont login to facebook! > > D:\Documents and Settings\gkent>netstat -a | more > > Active Connections > > Proto Local Address Foreign AddressState > TCPgkent:3974www-10-02-snc5.facebook.com:http ESTABLISHED > TCPgkent:3977www-11-05-prn1.facebook.com:http ESTABLISHED > TCPgkent:3665 > a184-84-111-139.deploy.akamaitechnologies.com:http ESTABLISHED > > [clipped] > > Any idea why these connections are established (with facebook and > akamaitechnologies) and how i can kill them? Since my laptop has > several connections open with facebook, what kind of information is > flowing there? > > I also wonder about the kind of servers facebook must be having to be > able to manage millions of TCP connections that must be terminating > there. > > Glen >
Re: why haven't ethernet connectors changed?
You didn't include RJ11 in your question it goes back further. One reason is that as we push the limits of cable from CAT3 (10meg) to CAT5 (100meg) to 5E (gig) to 6 (not sure what that was for) to 7 (10gig), the cable doesn't get any smaller. We're dealing with higher and higher frequencies of changes on the wire. This makes cross talk and interference a bigger problem, so the twists and insulation are more important to try to protect from those issues (sometimes shielding). So the cable hasn't gotten any smaller. The connector works well enough and allows for these distances to be maintained. Some vendors have found ways to maintain the twists farther into the RJ45 by essentially using traces and not just lining the 8 wires up in parallel but stacking them in a staggered fashion... Obviously, a new connector could have been found, but why haven't we changed the C13 that HP came up with (at least I think they did) back in the 50s? Its still the defacto standard for all computer input power. As a matter of fact, most NEMA specs haven't changed since they were created... If it ain't broke, don't fix it. The only problem with the RJ45 is the hook. E On Fri, Dec 21, 2012 at 7:15 AM, Brielle Bruns wrote: > Some of us still have a stock of legacy gear and cables - things like v35 > cables for connecting to CSU/DSUs, and even the occasional AUI hub. :) > > You wouldn't believe how much people will pay for legacy computer gear > when they need it to keep their business going. > > -- > Brielle > > Sent from my iPhone > > On Dec 21, 2012, at 7:57 AM, Matthew Black > wrote: > > > > http://www.blackbox.com/Store/Detail.aspx/Ethernet-Transceiver-Cable-Office-Environment-PVC-IEEE-802-3-Right-Angle-Connector-3-ft-0-9-m/LCN216%C4%820003 > > > > Only $55.95 for a 3-foot transceiver cable. What was more surprising is > that Black Box is still around. > > > > > > matthew black > > california state university, long beach > > > > > > -Original Message- > > From: Michael Thomas [mailto:m...@mtcc.com] > > Sent: Thursday, December 20, 2012 10:20 AM > > To: NANOG list > > Subject: why haven't ethernet connectors changed? > > > > I was looking at a Raspberry Pi board and was struck with how large the > ethernet > > connector is in comparison to the board as a whole. It strikes me: > ethernet > > connectors haven't changed that I'm aware in pretty much 25 years. Every > other > > cable has changed several times in that time frame. I imaging that if > anybody > > cared, ethernet cables could be many times smaller. Looking at wiring > closets, > > etc, it seems like it might be a big win for density too. > > > > So why, oh why, nanog the omniscient do we still use rj45's? > > > > Mike > > > > > > > > > > > > > > > >
Re: APC In-row Units
I'm turning up a facility With APC gear now. I'll let you Know. On Tuesday, May 21, 2013, Morgan Miskell wrote: > I realize this topic is semi off point so feel free to reply to the list > or to me personally. I am wondering if anyone has any experience using > the APC In-row cooling units in their data centers. I am specifically > looking at the ACRD501. > > Do they work well? How long have you run them? Any maintenance issues? > > Any input would be greatly appreciated. > -- > Morgan A. Miskell > CaroNet Data Centers > 704-643-8330 x206 > > > The information contained in this e-mail is confidential and is intended > only for the named recipient(s). If you are not the intended recipient > you must not copy, distribute, or take any action or reliance on it. If > you have received this e-mail in error, please notify the sender. Any > unauthorized disclosure of the information contained in this e-mail is > strictly prohibited. > > > > >
Anyone seeing traffic flow problems in the SanFrancisco / San Jose areas?
I was working with a vendor down there and couldn't get files in or out to save our lives. Additionally, he was having trouble locally. I didn't see anything on the pulse site.
10gig coast to coast
Greetings I may be needing 10 gig from the West Coast to the East Coast some time in the next year. I've got my ideas on what that would cost, but I don't have anything that big. This could be a leased line, part of a cloud with Verizon, NTT, Sprint, or whoever as the provider, etc. I'm just looking to see what a budget cost for something like this is, and who can provide such service. Your help is greatly appreciated, feel free to respond directly or to the thread. E
Re: 10gig coast to coast
Fair enough Seattle to Boston is the general route, real close. On Monday, June 17, 2013, wrote: > On Mon, 17 Jun 2013 12:51:28 -0700, eric clark said: > > > I may be needing 10 gig from the West Coast to the East Coast > > Might want to be more specific. Catalina Island, CA to Buxton, NC > (home of Cape Hatteras High School) will probably be way different > than downtown LA to downtown Boston. >
Re: 10gig coast to coast
all of these questions are valid. The guys who will use it would love to have line rate on the 10G, for a single conversation, but that's not going to happen. So, there's a certain amount of expectation management. For the purpose we're proposing, this would be an additional link to an existing office, a link for test/lab traffic specifically. We would run the lab management on the existing link (s) and provide some sort of restricted failover as well. Sorry I'm not going into more detail, just trying to balance the need for some info versus ... you know. This link wouldn't need to be 5 Nines, but with the office primary and backup, we can provide the connectivity almost 100% of the time. Thanks for all the comments everyone, they have been helpful. Eric On Jun 17, 2013, at 7:32 PM, George Herbert wrote: > Also, what are reliability and redundancy requirements. > > 10 gigs of bare naked fiber is one thing, but if you need extra paths > redundancy, figure that out now and specify. > > Is this latency, bandwidth, both? Mission critical, business critical, > less priority? 24x7x365, or subset of that, or intermittent only? > > > On Mon, Jun 17, 2013 at 6:48 PM, Carlos Alcantar wrote: > >> It's typically that the last mile portion of the circuit is going to cost >> you the most, so it's important to know those details. >> >> Carlos Alcantar >> Race Communications / Race Team Member >> 1325 Howard Ave. #604, Burlingame, CA. 94010 >> Phone: +1 415 376 3314 / car...@race.com / http://www.race.com >> >> >> >> >> >> -Original Message- >> From: eric clark >> Date: Monday, June 17, 2013 3:22 PM >> To: "valdis.kletni...@vt.edu" >> Cc: "nanog@nanog.org" >> Subject: Re: 10gig coast to coast >> >> Fair enough >> >> Seattle to Boston is the general route, real close. >> >> On Monday, June 17, 2013, wrote: >> >>> On Mon, 17 Jun 2013 12:51:28 -0700, eric clark said: >>> >>>> I may be needing 10 gig from the West Coast to the East Coast >>> >>> Might want to be more specific. Catalina Island, CA to Buxton, NC >>> (home of Cape Hatteras High School) will probably be way different >>> than downtown LA to downtown Boston. >>> >> >> >> >> > > > -- > -george william herbert > george.herb...@gmail.com
Re: 10gig coast to coast
I'm looking for options. With dark fiber, obviously, I have the ultimate in options. However, its the ultimate in cost as you say. The requirement we have is 10gig of actual throughput. Precisely what mechanism is used to transport it isn't all that important, though I'm certain that there will be complaints... :) I'd LOVE to have me some DWDM, always wanted to run some of that gear, but at that point, why stop at 10G On Jun 17, 2013, at 7:42 PM, Jeff Kell wrote: > On 6/17/2013 10:32 PM, George Herbert wrote: >> Also, what are reliability and redundancy requirements. >> >> 10 gigs of bare naked fiber is one thing, but if you need extra paths >> redundancy, figure that out now and specify. >> >> Is this latency, bandwidth, both? Mission critical, business critical, >> less priority? 24x7x365, or subset of that, or intermittent only? > > And are you looking for "dark fiber" or can you deal with a lambda? Can > you supply tuned optics for the passive mux carriers? > > Dark coast-to-coast is going to cost you a few appendages. You may land > a lambda for a reasonable price depending on the endpoints, you'll need > an established carrier with DWDM gear on both ends. > > Jeff > >
Re: PDU recommendations
Raritan has a good line, the usual features, we use a lot of 2U, 208v,30A units with 20xc13 which is a good config these days Their central management software, while not perfect, is excellent for pdu control On Jun 23, 2013, at 8:37 AM, shawn wilson wrote: > We currently use Triplite stuff but they've got an issue where after a few > minutes, they stop accepting new tcp connections. We're adding a new 30A > circuit and I'm thinking of going with APC (ran them in the past and never > had any issues). However, I figured I'd see if there was a better brand / > specific model recommendations for quality or bang / buck? > > Specs: 30A 24+ port 0U, managed (with ssh), lcd use display.
Re: Helix Solutions
I've seen this sort of thing popping up before. Don't quite understand how its going to work. Leasing I understand. So long as you are willing to suffer the revocation of the IP space should the company that was actually ISSUED the IP space looses it for whatever reason... "Buying" I really don't get. IP space that is issued by a registrar is not owned. It is assigned. Sure, its yours until they want it back or you give it back, but its not owned. So, for a person to sell space that was allocated to them, just doesn't make sense. The "provide via GRE or other tunnel" makes me think they're tunneling your traffic to the actual assignee's environment, which would make sense, but then that assignee has to deal with your bandwidth, don't they? Obviously, if you take all of their space, you could physically move it, but if you're only dealing with a portion, and ARIN has it assigned to AS xxx, then you have to be running AS xxx... Sketchy and messy and I don't see how its appropriate. E On Fri, Jul 5, 2013 at 7:05 AM, Clayton Zekelman wrote: > > Sounds sketchy. > > Helix Solutions is a specialized IP technology firm, offering the largest > inventory of IPv4 address space. Our objective is to enable email marketers > to overcome the acute IP shortage and communicate with their target > audiences smoothly and effectively. > > > > At 09:47 AM 05/07/2013, Alessandro Ratti wrote: > >> On Fri, Jul 5, 2013 at 3:38 PM, Eugen Leitl wrote: >> >> > On Fri, Jul 05, 2013 at 03:06:19PM +0200, Alessandro Ratti wrote: >> > > Hi list, >> > > >> > > I have a question for you. >> > > Anyone knows or has had to deal with Helix Solutions? >> > >> > The Swiss guys: http://helix-it.ch/ >> > ? >> > >> >> No seems US company. >> http://www.helixsolutions.net/ >> > > --- > > Clayton Zekelman > Managed Network Systems Inc. (MNSi) > 3363 Tecumseh Rd. E > Windsor, Ontario > N8W 1H4 > > tel. 519-985-8410 > fax. 519-985-8409 > >
Re: The Making of a Router
I also wonder about re-inventing the wheel. The router part is easy, you could even do that with a windows box (that's a joke). Obviously capital cost is part of it, but the man hours involved in doing what you're talking about, especially since you are talking about a telco whatever you come up with has to be pretty darn reliable... Certainly would be interested in a little more information about the use case. Eric On Dec 26, 2013, at 8:46 AM, Faisal Imtiaz wrote: > I am a believer of not having to re-invent the wheel... > > Having said that.. have you looked at 'purpose built appliances' e.g. > > http://www.lannerinc.com/ > http://us.axiomtek.com/ > > If you are looking for a full router > Consider such as these... > http://www.linktechs.net/ > http://www.maxxwave.com/ > > and there are a few others but the concept is the same > > Personally, I am not a believer in making a single device be the do all / end > all of everything.. > While one can do everything on a big server .. however breaking things out > e.g. voip trans-coding and routing make maintenance, availability, and > ability to create redundancy much more practical. > > > Regards > > Faisal Imtiaz > Snappy Internet & Telecom > > > - Original Message - >> From: "Nick Cameo" >> To: nanog@nanog.org >> Sent: Thursday, December 26, 2013 11:33:13 AM >> Subject: The Making of a Router >> >> Hello Everyone, >> >> We are looking to put together a 2u server with a few PCIe 3 x8 >> (recommendations appreciated). The router will take a voip transcoding >> line card, and will act as an edge router for a telecom company. >> >> For things like BGP (Quagga, Zebra, all that lovely stuff!!!), static >> routes, and firewall capabilities we are thinking gentoo linux >> stripped for sure however, what about the BSDs? FreeBSD or OpenBSD. >> Any comments, feedback, does, and don'ts are much appreciated. >> >> Kind Regards, >> >> Nick. >> >> >
Why are we fixated on Multimode fiber for high bandwidth communication?
I've been working with 40 gig for a few years. When I first ordered a switch, one of the first publicly available with full 40 gig, I was appalled that I was going to have to use 4 pair of multimode fiber for each of my connections. I had planned on using single mode because I can do that with 1 pair. Even today, we're still looking at MM fiber instead of SM, even with the horrendous limitations and cost issues of MM. For instance, if you need to go 301 meters or more, you've got to go OM4 which is very expensive. You have to lay 4 times the number of pairs as SM and when we move to 100G, it'll be even worse because they're still doing things in 6,12,etc... SM can do 100G easily, up to 1K with the lower grade fiber, so in the SM 100G world, you'd be installing 1/12 the strands as you would in multi mode. I just can't figure where this makes sense I am aware that single mode has more expensive optics, and I know how much they cost when I first looked at this, but if this were the standard, that price would drop enormously. Anyone know why the industry has their head stuck on MultiMode?
Re: Data Center testing
Most Provider type datacenters I've worked with get a lot of flak from customers when they announce they're doing network failover testing, because there's always going to be a certain amount of chance (at least) of disruption. Its the exception to find a provider that does it I think (or maybe just one that admits it when they're doing it). Power tests are a different thing. As for testing your own equipment, there are a couple ways to do that, regular failover tests (quarterly, or more likely at 6 month intervals), and/or routing traffic so that you have some of your traffic on all paths (ie internal traffic on one path, external traffic on another). The latter doesn't necessarily tell you that your failover will work perfectly, only that all your gear in the 2nd path is functioning. I prefer doing both. When doing the failover tests, no matter how good your setup is, there's always a chance for taking a hit, so I always do this kind of work during a maintenance window, not too close to quarter end, etc. If you have your equipment set up correctly of course, it goes like butter and is a total non-event. For test procedure, I usually pull cables. I'll go all the way to line cards or power cables if I really want to test, though that can be hard on equipment. E On Mon, Aug 24, 2009 at 10:45 AM, Jack Bates wrote: > Dan Snyder wrote: > >> We have done power tests before and had no problem. I guess I am looking >> for someone who does testing of the network equipment outside of just >> power >> tests. We had an outage due to a configuration mistake that became >> apparent >> when a switch failed. It didn't cause a problem however when we did a >> power >> test for the whole data center. >> >> > The plus side of failure testing is that it can be controlled. The downside > to failure testing is that you can induce a failure. Maintenance windows are > cool, but some people really dislike failures of any type which limits how > often you can test. I personally try for once a year. However, a lot can go > wrong in a year. > > Jack > >
Re: BGP or MPLS issue AT&T in New York?
A friend of mine has services on through yieldbook (in new York) that he accesses from Santa Barbara. He noticed he couldn't get to them around 2pm via his Cox cable inet link, dieing after gar9.n54ny.ip.AT&T.net (12.122.131.245), but from his Verizon link, he had no issues. The problem persists currently. On Friday, October 2, 2009, David Hiers wrote: > We're back up now. > > > > On Fri, Oct 2, 2009 at 1:16 PM, Wallace Keith > wrote: >> >> -Original Message- >> From: Christopher J. Pilkington [mailto:christopher.j.pilking...@gmail.com] >> Sent: Friday, October 02, 2009 4:01 PM >> To: nanog@nanog.org >> Subject: BGP or MPLS issue AT&T in New York? >> >> Anyone notice anything bizarre with AT&T in New York? We had our cage >> at 811 10th Avenue (advertised by AS7018) unreachable from several >> other providers for about 20 minutes, it just recently came back. >> >> At the same time, we lost MPLS service (not link, forwarding across >> the cloud) at another site with AT&T. Both issues resolved >> simultaneously. >> >> Just curious... >> Chris >> >> In addition to Verizon Business ip issues, we lost an AT&T private line at >> the same time, but it has come back up. Fiber cut or power somewhere? >> This was at 15:17 Eastern.. >> >> -Keith >> > >
Re: ISP customer assignments
So far, I have only dabbled with IPv6, but my reading of the RFCs is that VLSM for lengths beyond /64 is not required. Subsequently, to use anything longer is an enormous gamble in an enterprise environment. I envision upgrading code one day and finding that your /127 isn't supported any more and they forgot to mention it. I'll stick to /64, though it does seem a horrible waste of space. Someone else might have read the RFC differently though. Eric Clark
Re: IPv6 allocations, deaggregation, etc.
I'm not an expert, but can/should you advertise ARIN IP space on APNIC or RIPE, etc ? You are talking about having recieved ip space from ARIN, tied to an ARIN AS I suppose it's probably more a matter of form than anything else though. On Tuesday, December 22, 2009, Nathan Ward wrote: > The assumption that networks will filter /48s is not the whole story. > > The RIRs giving out /48s do so from a single pool that only contains /48 > assignments. > The RIRs give out /32s from a pool containing /32 or shorter prefixes (ie > /31, /30, etc. etc). > > You will find that most networks filtering /48s allow them from the pool with > only /48s in it. > > The root DNS servers are in /48s. > > If you can justify getting a /32, then I suggest you do so, but if not then > don't worry, a /48 will work just fine. The networks that do filter you will > pretty soon adapt I expect. > > Insert routing table explosion religious war here, with snipes from people > saying that we need a new routing system, etc. etc. > > So with that in mind, do your concerns from your original post still make > sense? > > -- > Nathan Ward > >
Anyone observing latency and dropped packets at peering points in Seattle?
I've been troubleshooting an issue all day. Traffic leaving our site, on Verizon public transport, destined for the Spokane area is routing to Qwest and hitting 400ms rapidly. The offending router seems to be a Verizon router (number 6 here). On top of that, we're seeing this via Level3 coming in from Spokane towards Seattle (targeting our Verizon IPs). 3. 116.atm2-0.xr2.sea4.alter.net 0.0% 81437.4 1.7 1.1 100.6 10.3 4. 0.so-6-0-0.xt2.sea1.alter.net 0.0% 81432.6 4.2 2.1 148.5 14.8 5. pos7-0.br1.sea1.alter.net 0.0% 81422.6 2.2 2.0 38.1 1.6 6. 204.255.169.30 0.0% 8142 431.3 405.0 320.2 469.8 22.2 7. sea-core-01.inet.qwest.net 0.0% 8142 430.5 407.3 324.0 541.3 24.2 8. spk-core-01.inet.qwest.net 0.0% 8142 440.4 414.0 324.9 470.6 22.2 9. spk-edge-04.inet.qwest.net 0.0% 8142 441.1 414.9 323.7 539.6 22.6 Testing on XO looks a lot different. 66.236.9.5.ptr.us.xo.net -1 | 1034 | 1031 |1 | 47 | 112 | 53 | | p6-0-0d0.mar1.seattle-wa.us.xo.net -1 | 1033 | 1030 |1 | 48 | 170 | 50 | | p4-2-0d0.rar1.seattle-wa.us.xo.net -1 | 1033 | 1031 |1 | 47 | 168 | 51 | | te-3-1-0.rar3.seattle-wa.us.xo.net -0 | 1033 | 1033 |2 | 46 | 170 | 54 | | 207.88.13.145.ptr.us.xo.net -1 | 1033 | 1032 |1 | 48 | 113 | 52 | |216.156.100.18.ptr.us.xo.net -0 | 1033 | 1033 |2 | 49 | 297 | 50 | | agg1-sea-p10.bb.spectrumnet.us -0 | 1033 | 1033 |2 | 47 | 239 | 52 | |tierpoint-sea-1000m.demarc.spectrumnet.us -1 | 1033 | 1032 |9 | 54 | 249 | 56 | Any assistance would be appreciated, confirmation would be excellent, this is causing issues. Thank you E ps - I will turn off my MTR shortly, I don't use it much anymore.
Re: ARIN and IPv6 Requests
Don't remember about the v4 part, but 3 years ago they issued me a /48, specifically for my first site and indicated that a block was reserved for additional sites. I can probably dig that up. Sent from my iPad On Feb 10, 2011, at 12:18 PM, Jason Iannone wrote: > It also looks like there isn't a policy for orgs with multiple > multihomed sites to get a /48 per site. Is there an exception policy > somewhere? > > On Thu, Feb 10, 2011 at 12:50 PM, wrote: >> Initial. Documenting IPv4 usage is in the request template. >> >> -- >> Adam Webb >> >> >> >> >> >> From: >> "Nick Olsen" >> To: >> >> Date: >> 02/10/2011 01:45 PM >> Subject: >> re: ARIN and IPv6 Requests >> >> >> >> We requested our initial allocation without any such questions. Is this >> your initial or additional? >> >> Nick Olsen >> Network Operations >> (855) FLSPEED x106 >> >> >> >> From: adw...@dstsystems.com >> Sent: Thursday, February 10, 2011 2:38 PM >> To: nanog@nanog.org >> Subject: ARIN and IPv6 Requests >> >> Why does ARIN require detailed usage of IPv4 space when requesting IPv6 >> space? Seems completely irrelevant to me. >> >> -- >> Adam Webb >> EN & ES Team >> desk: 816.737.9717 >> cell: 916.949.1345 >> --- >> The biggest secret of innovation is that anyone can do it. >> --- >> >> - >> Please consider the environment before printing this email and any >> attachments. >> >> This e-mail and any attachments are intended only for the >> individual or company to which it is addressed and may contain >> information which is privileged, confidential and prohibited from >> disclosure or unauthorized use under applicable law. If you are >> not the intended recipient of this e-mail, you are hereby notified >> that any use, dissemination, or copying of this e-mail or the >> information contained in this e-mail is strictly prohibited by the >> sender. If you have received this transmission in error, please >> return the material received to the sender and delete all copies >> from your system. >> >> >> >
Deploying IPv6 globally
Many North American based organizations operate with their ARIN issued BGP AS distributed globally. When I discussed obtaining IPv6 space from ARIN a few years ago, they told me to submit an individual request for each of my sites (and they'd issue a /48 or larger based on the site). This is the process I've been following, until now, for my North American sites... My question is, has anyone started deploying ARIN IP space to their global offices? If so, how are you registering those sites with ARIN? Or did they tell you something else? Thanks -C
Multi Factor authentication options for wireless networks
Wondering what people are using to provide security from their Wireless environments to their corporate networks? 2 or more factors seems to be the accepted standard and yet we're being told that Microsoft's equipment can't do it. Our system being a Microsoft Domain... seemed logical, but they can only do 1 factor. What are you guys using? Thanks
Re: Multi Factor authentication options for wireless networks
Tokens are an option but I should have been more clear. As we're a windows shop (apologies, but that's the way it is), we were planning on going with user credentials and the machine's domain certificate. Your solution might still be viable, but I'm not certain if I can get at the machine certs with LDAP that way,have to check that. On Thu, Jun 9, 2011 at 3:08 PM, John Adams wrote: > On Thu, Jun 9, 2011 at 3:02 PM, eric clark wrote: > >> Wondering what people are using to provide security from their Wireless >> environments to their corporate networks? 2 or more factors seems to be >> the >> accepted standard and yet we're being told that Microsoft's equipment >> can't >> do it. Our system being a Microsoft Domain... seemed logical, but they can >> only do 1 factor. >> What are you guys using? > > > Move to 802.1X with Radius. > > Connect your APs or AP Controllers to a decent OTP system like > otpd+rlm_otp+freeradius and then connect to the Microsoft domain using LDAP. > Extend the LDAP schema to hold the private keys for the OTP system. > > Many vendors offer this solution, although I suggest that you don't go with > SecurID or any token vendor that does not disclose their algorithm to you. > Go open, and use OATH. > > The work being done on OATH is where future one-time, two-factor systems > are headed: > > http://www.openauthentication.org/ > > -john > >
