Re: Force10 Gear - Opinions

Paul Wall wrote: > On Wed, Sep 3, 2008 at 8:29 PM, Jo Rhett <[EMAIL PROTECTED]> wrote: >> On Aug 26, 2008, at 12:26 AM, Paul Wall wrote: >>> Routing n*GE at line rate isn't difficult these days, even with all >>> 64-byte packets and other "DoS" conditions. >>> >>> Linksys, D-Link, SMC, etc are able

Re: Force10 Gear - Opinions

On Sep 3, 2008, at 8:36 PM, Jo Rhett wrote: That's one hell of a caveot, given that you always want strict on your customers and loose on your transit links. Personally I have always avoided combining customers and transit providers on the same routers in ISP environments. Brian

Re: Force10 Gear - Opinions

On Wed, Sep 3, 2008 at 8:29 PM, Jo Rhett <[EMAIL PROTECTED]> wrote: > On Aug 26, 2008, at 12:26 AM, Paul Wall wrote: >> >> Routing n*GE at line rate isn't difficult these days, even with all >> 64-byte packets and other "DoS" conditions. >> >> Linksys, D-Link, SMC, etc are able to pull it off on th

RE: ingress SMTP

If you leave port 587 un-authenticated then spammers just need to move their spambots to try port 587 *and* you're never sure who sent the message. If you're going to have the customer click a few extra buttons to get to port 587, might as well get them to authenticate. Authenticating port 587 is

RE: Why not go after bots? (was: ingress SMTP)

If the service providers spent as much resources implementing systems that automatically erected a walled-garden for botted hosts as they have with bandwidth monitoring, our internet would look at lot cleaner. But apparently the money trail didn't lead them there. Frank -Original Message

Re: ingress SMTP

Nah. There have been plenty. This just happened to be one of the recent ones. But as you've rightly pointed out, the dead horse magically revives itself every once in a while ;) On Thu, Sep 4, 2008 at 10:51 AM, Suresh Ramasubramanian <[EMAIL PROTECTED] > wrote: > you just found one? i think a fe

Re: Why not go after bots? (was: ingress SMTP)

On Wed, Sep 3, 2008 at 5:12 AM, Michael Thomas <[EMAIL PROTECTED]> wrote: > That seems to be the convention wisdom, but the science experiment > as it were in blocking port 25 doesn't seem to be correlated (must > less causated) with any drop in the spam rate. Because so far as I've > heard there i

Re: ingress SMTP

you just found one? i think a few dozen over the last several years. surprised though, i thought this particular horse was finally dead after all the beatings it'd received. srs On Thu, Sep 4, 2008 at 8:13 AM, Ang Kah Yik <[EMAIL PROTECTED]> wrote: > Hmm.. if it helps - here's a link to an arch

ingress SMTP

Hmm.. if it helps - here's a link to an archived discussion on the same issue earlier this year. http://www.mail-archive.com/[EMAIL PROTECTED]/msg52598.html -- Ang Kah Yik (bangky) -- http://blog.bangky.net

RE: ingress SMTP

> iiNet a reasonably sized Aussie ISP has a web page > (specifially part of the 'My Account' page) where > you can, with a simple check box, choose to have > commonly abused ports blocked *for outgoing > connections* or not. That's great, and an excellent solution. Unfortunately many of the larg

BCP blocking list for edge networks? (was: ingress SMTP)

Ok, mine is actualy even edgier than that; no transit at all, to paraphrase Steeley Dan. But does anyone have a pointer to a good set of ports to block in each direction through my Shorewall DNAT setup, preferably annotated? On reflection, that's actually only outbound; the necessity to set up in

Re: Force10 Gear - Opinions

> This statement is patently false. The uRPF failures I dealt with were based > entirely on the recommended settings, and were confirmed by Cisco. Last I > heard (2 months ago) the problems remain. Cisco just isn't being honest > with you about them. Would you mind telling us what is the scenar

Re: ingress SMTP

> >> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote: >> > On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote: > >> > >You're forgetting that 587 *is authenticated, always*. > >> > I'm not sure how that makes much of a difference since the >> > usual spam vector is malware that has (a

Re: Force10 Gear - Opinions

On Wed, Sep 3, 2008 at 5:38 PM, jim deleskie <[EMAIL PROTECTED]> wrote: > This is an awesome thread... in the 18mts I tested F10 vs Juniper vs > Cisco I need see my Cisco sales rep push this hard :) it's easy to push this hard when you have empirical evidence on your side but seriously, this is de

Re: Force10 Gear - Opinions

This is an awesome thread... in the 18mts I tested F10 vs Juniper vs Cisco I need see my Cisco sales rep push this hard :) On Wed, Sep 3, 2008 at 9:32 PM, Jo Rhett <[EMAIL PROTECTED]> wrote: > On Aug 26, 2008, at 9:46 AM, Owen DeLong wrote: >> >> Bottom line, in a few years, everyone carrying fu

Re: Force10 Gear - Opinions

On Sep 3, 2008, at 5:30 PM, James Jun wrote: uRPF was problematic back in PFC2 based platforms (i.e. SUP2) where it is further dependent upon unicast routes in FIB TCAM. uRPF was untenable on SUP2, not problematic. It wasn't possible above ... 3mb/sec? Guys, this isn't SOHO routing here.

ingress SMTP

> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote: > > On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote: > > >You're forgetting that 587 *is authenticated, always*. > > I'm not sure how that makes much of a difference since the > > usual spam vector is malware that has (almost) c

Re: Force10 Gear - Opinions

On Aug 31, 2008, at 11:19 PM, Greg VILLAIN wrote: What I also used to dislike is the lack of verbosity of 'show features' - but that was back a year ago. Much improved in the last 2 years. Btw, you absolutely want to avoid the S series, the CLI is a pain, and is not the same as the E or C

Re: Force10 Gear - Opinions

On Aug 26, 2008, at 9:46 AM, Owen DeLong wrote: Bottom line, in a few years, everyone carrying full tables with F10 gear will probably need to upgrade all of their line cards to quad-cam. Why is this statement being limited to F10? It appears to be true of every vendor. But why quad-cam?

RE: Force10 Gear - Opinions

> > > > Yes. PFC3 inside Supervisor 32, 720 and RSP 720 for Catalyst 6500/ > > Router > > 7600 series perform both of these features in hardware. The article > > mentioned in this thread compares Force10 E against the 6500 series. > > > Sorry, I was on an installation with 6500s and 720s trying

Re: Force10 Gear - Opinions

On Aug 26, 2008, at 12:26 AM, Paul Wall wrote: Routing n*GE at line rate isn't difficult these days, even with all 64-byte packets and other "DoS" conditions. Linksys, D-Link, SMC, etc are able to pull it off on the layer 3 switches sold at Fry's for a couple benjamins a pop. :) Sorry, I thou

Re: Force10 Gear - Opinions

On Aug 26, 2008, at 12:18 AM, Paul Wall wrote: They appear to be nonsense. They were bought and paid for by Cisco, and including nonsense things like "if you leave a slot open the chassis will burn up" as a decrement, which is also true in pretty much every big iron vendor. Current-genera

Re: Force10 Gear - Opinions

On Aug 25, 2008, at 8:29 PM, James Jun wrote: As a box designed with the enterprise datacenter in mind, the E- series looks to be missing several key service provider features, including MPLS and advanced control plane filtering/policing. Ah, because Cisco does either of these in hardware?

Re: Why not go after bots?

Michael Thomas wrote: Charles Wyble wrote: I have SBC / AT&T / Yahoo DSL in Southern California and they block outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL connectivity at that. I'm all for that personally. That seems to be the convention wisdom, but the scien

Why not go after bots? (was: ingress SMTP)

Charles Wyble wrote: I have SBC / AT&T / Yahoo DSL in Southern California and they block outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL connectivity at that. I'm all for that personally. That seems to be the convention wisdom, but the science experiment as it wer

Re: ingress SMTP

- Original Message - From: "Jay R. Ashworth" <[EMAIL PROTECTED]> Date: Thursday, September 4, 2008 5:00 am Subject: Re: ingress SMTP > > Does anyone bother to run an MSA on 587 and *not* require > authentication? Many can be configured that way (example: Sun One/iPlanet mail server ca

Re: ingress SMTP

Justin Scott said: > > Your comment about "exceptions for customers that prove they know how to > lock down" is not based in reality, frankly. Have you ever tried to > have Joe Sixpack call BigISP support to ask for an exception to a port > block on his consumer-class connection with a dynamic I

Re: ingress SMTP

At 12:48 PM 9/3/2008, you wrote: Do you operate your mailserver on a residential cablemodem or adsl rather than a business account? No, we co-lo equipment at a professional facility that our customers on any type of connection need to have access to send mail through, regardless of whether t

Re: ingress SMTP

On Sep 3, 2008, at 4:36 PM, Frank Bulk wrote: I would like to point my customers to port 587, but that kind of configuration is still in its infancy. We're a small managed services provider, and we started doing authenticated SMTP with TLS on port 587 six years ago. It's at least in kind

Re: ingress SMTP

> From [EMAIL PROTECTED] Wed Sep 3 11:58:37 2008 > From: Alec Berry <[EMAIL PROTECTED]> > Subject: Re: ingress SMTP > > Michael Thomas wrote: > > I think this all vastly underrates the agility of the bad guys. So > > lots of ISP's have blocked port 25. Has it made any appreciable > > difference?

RE: ingress SMTP

Mediacom appears to require SSL to POP3 access: http://www.mchsi.com/help/read/publisher_02/2002-01-28.01 "If you are off the Mediacom Online network you can still access your e-mail using your e-mail client. However, you will need to configure your e-mail program to connect to our secure e-mail s

RE: ingress SMTP

I would like to point my customers to port 587, but that kind of configuration is still in its infancy. We ask our employees of our business customers to VPN into work and for everyone else to use our webmail. Frank -Original Message- From: Justin Scott [mailto:[EMAIL PROTECTED] Sent: W

Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or

On Wednesday 03 September 2008 09:24:12 Steven M. Bellovin wrote: > It's in the interest of brevity... > > --Steve Bellovin, http://www.cs.columbia.edu/~smb Two tabs and double dashes is shorter than double-dashes and newline?

Re: ingress SMTP

*Hobbit* wrote: What I'm trying to get a feel for is this: what proportion of edge customers have a genuine NEED to send direct SMTP traffic to TCP 25 at arbitrary destinations? Probably very few. The big providers -- comcast, verizon, RR, charter, bellsouth, etc -- seem to be some of the mo

Re: Is the export policy selective under valley-free?

On 3 sep 2008, at 23:08, [EMAIL PROTECTED] wrote: Cases of partial transit, where B might repeat C's routes to peers but not to upstrem providers are not, AFAIK treated in the model. Ahh... that's the part I was missing. Thanks... (All the scenarios I though of were basically different p

Re: Is the export policy selective under valley-free?

On Wed, 03 Sep 2008 19:42:34 +0200, William Waites said: > Cases of partial transit, where B might repeat C's routes to peers but not > to upstrem providers are not, AFAIK treated in the model. Ahh... that's the part I was missing. Thanks... (All the scenarios I though of were basically differen

Re: ingress SMTP

On Wed, 03 Sep 2008 15:00:15 EDT, "Jay R. Ashworth" said: > Does anyone bother to run an MSA on 587 and *not* require authentication? Presumably only sites that don't care if they end up in half the anti-spam blacklists on the planet. Based on the evidence I have, there's a depressingly large nu

hosting net guest

we have a couple of sharp net engs coming to nanog/arin in la from far less privileged parts of the world. i thought it might be nice if they could stay a few extra days or a week to see how those of us privileged to have larger markets and hence scaled up networks run our shows. would anyone on t

Re: Is the export policy selective under valley-free?

>> i assure you that the actual topology is not valley free. e.g. there >> are many backup or political hack transit paths [0] > Sorry to further impinge on your vacation, but was there a footnote there? apologies. one publicly known (because someone used traceroute) example is mentioned in

Re: ingress SMTP

On 9/3/08 1:04 PM, "Winders, Timothy A" <[EMAIL PROTECTED]> wrote: > On 9/3/08 12:59 PM, "Jason Fesler" <[EMAIL PROTECTED]> wrote: > >>> I agree, it's not the "right way to do things". Running a mail server used >>> to be much easier. Volunteers to help set things up "the right way" are >>> alw

Re: ingress SMTP

On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote: > On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote: > >You're forgetting that 587 *is authenticated, always*. > > I'm not sure how that makes much of a difference since the usual spam > vector is malware that has (almost) complete

Re: ingress SMTP

on Wed, Sep 03, 2008 at 05:15:41PM +, *Hobbit* wrote: > Related question, now that some discussion has started: why the F > does Gmail refuse to put real, identifiable injection-path headers > in mail they relay out? The current "policy" only protects spammer > identities behind a meaningless

Re: ingress SMTP

Wow, lots of responses already. Thanks, good discussion. I should clarify a little, that it's not necessarily about "blanket" port blocking or denying "random" ports as threats are perceived, but where needed in a well thought-out manner and trying to take customer needs [stated or observed] into

Re: ingress SMTP

On Wed, 3 Sep 2008, Alec Berry wrote: > > At the very least, you can run stunnel to allow incoming > mail submission on port 465 (SMTP + SSL). I would be very very careful with that kind of setup. Connections to port 25 from localhost (even if they are from stunnel running on localhost) often bypa

Re: ingress SMTP

On 9/3/08 12:59 PM, "Jason Fesler" <[EMAIL PROTECTED]> wrote: >> I agree, it's not the "right way to do things". Running a mail server used >> to be much easier. Volunteers to help set things up "the right way" are >> always welcome. :-) > > Supporting those clients who can't connect is cheape

Re: ingress SMTP

I agree, it's not the "right way to do things". Running a mail server used to be much easier. Volunteers to help set things up "the right way" are always welcome. :-) Supporting those clients who can't connect is cheaper or more accessible for you?

Re: ingress SMTP

On 9/3/08 12:48 PM, "Alec Berry" <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Winders, Timothy A wrote: > >> We have not setup a port 587 smtp submit server. Our smtp servers run only >> on port 25. > > Sorry to be harsh, but that's just not the "right way t

Re: ingress SMTP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Winders, Timothy A wrote: > We have not setup a port 587 smtp submit server. Our smtp servers run only > on port 25. Sorry to be harsh, but that's just not the "right way to do things" these days. At the very least, you can run stunnel to allow inco

Re: Is the export policy selective under valley-free?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 08-09-03 à 19:26, [EMAIL PROTECTED] a écrit : OK, I'm looking at this, and having a *little* trouble buying that there's exactly zero or one p2p links - consider the case where the last 'c2p' link is to provider A, who peers with B but not C

[NANOG-announce] Important Reminders and Announcement

Dear NANOG Community: Just a few reminders and a news item. The deadline for Steering Committee Nominations is near, Tue 2008-09-09. Complete election information is available on the NANOG website. The new process will work if many are involved... nudge: A great NANOG44 agenda is now posted.

RE: ingress SMTP

Intercepting port 25 traffic of your customers (as an ISP), redirecting it to your own servers, and allowing the connection to complete sounds like a pretty slippery slope of badness to me. Sure, you should be using TLS anyway, but slurping up port 25 traffic begs the question of what is happen

Re: Is the export policy selective under valley-free?

On Wed, 03 Sep 2008 10:36:52 +0200, William Waites said: > Valley-free is a property of AS mesh models that says that, where edges > are classified as peering (p2p) or transit (c2p) that a valid path > contains zero or one peering link and that the peering link occurs > adjacent to the top of the

Re: ingress SMTP

On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote: On Wed, Sep 03, 2008 at 09:40:20AM -0700, Michael Thomas wrote: "Allowing unfiltered public access to port 25 is one of the things that increases everyone's spam load, and your ISP is trying to be a Good Neighbor in blocking access to anyon

Re: ingress SMTP

On Wednesday 03 September 2008 18:07:22 Stephen Sprunk wrote: > > When port 25 block was first instituted, several providers actually > redirected connections to their own servers (with spam filters and/or > rate limits) rather than blocking the port entirely. This seems like a > good compromise f

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

On Wed, Sep 03, 2008 at 10:00:41AM -0400, Christopher Morrow wrote: > On Wed, Sep 3, 2008 at 8:48 AM, <[EMAIL PROTECTED]> wrote: > > On Tue, Sep 02, 2008 at 10:08:10PM -0400, Christopher Morrow wrote: > >> On 9/2/08, Todd Underwood <[EMAIL PROTECTED]> wrote: > >> > >> > checking our current data,

Re: ingress SMTP

On 9/3/08 10:50 AM, "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote: > On Wed, Sep 3, 2008 at 8:46 PM, *Hobbit* <[EMAIL PROTECTED]> wrote: >> >> What I'm trying to get a feel for is this: what proportion of edge >> customers have a genuine NEED to send direct SMTP traffic to TCP 25 >> at arbit

Re: ingress SMTP

Alec Berry wrote: Michael Thomas wrote: But the thing that's really pernicious about this sort of policy is that it's a back door policy for ISP's to clamp down on all outgoing ports in the name of "security". I don't think ISPs have anything to gain by randomly blocking ports. They m

Re: ingress SMTP

On Wed, Sep 3, 2008 at 10:18 PM, Justin Scott <[EMAIL PROTECTED]> wrote: >> Do you operate your mailserver on a residential cablemodem or adsl >> rather than a business account? > > No, we co-lo equipment at a professional facility that our customers on any > type of connection need to have access

Re: ingress SMTP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Thomas wrote: > I think this all vastly underrates the agility of the bad guys. So > lots of ISP's have blocked port 25. Has it made any appreciable > difference? Not that I can tell. If you block port 25, they'll just > use another port and a

Re: ingress SMTP

On Wed, Sep 03, 2008 at 09:40:20AM -0700, Michael Thomas wrote: > >"Allowing unfiltered public access to port 25 is one of the things that > >increases everyone's spam load, and your ISP is trying to be a Good > >Neighbor in blocking access to anyone's servers but their own; many ISPs > >are moving

Re: ingress SMTP

Do you operate your mailserver on a residential cablemodem or adsl rather than a business account? No, we co-lo equipment at a professional facility that our customers on any type of connection need to have access to send mail through, regardless of whether their ISP blocks the standard ports

Re: ingress SMTP

On Wed, Sep 3, 2008 at 9:26 PM, Justin Scott <[EMAIL PROTECTED]> wrote: >> What is preventing this from being an operational no-brainer, >> including making a few exceptions for customers that prove they know >> how to lock down their own mail infrastructure? > > As a small player who operates a ma

Re: ingress SMTP

Jay R. Ashworth wrote: On Wed, Sep 03, 2008 at 11:56:51AM -0400, Justin Scott wrote: As a small player who operates a mail server used by many local businesses, this becomes a support issue for admins in our position. We operate an SMTP server of our own that the employees of these various

Re: ingress SMTP

Why don't you set the alternate ports up as the defaults when the customer signs up? Excellent question and unfortunately I don't have an answer. I will run that one by management as it is an obviously great idea now that you mention it. We use TLS on port 587 and SSL on 465, most mail cli

Re: ingress SMTP

On Wed, Sep 03, 2008 at 11:56:51AM -0400, Justin Scott wrote: > As a small player who operates a mail server used by many local > businesses, this becomes a support issue for admins in our position. We > operate an SMTP server of our own that the employees of these various > companies use from

Re: ingress SMTP

On Wednesday 03 September 2008, Justin Scott <[EMAIL PROTECTED]> wrote: > The problem, however, is that the customer simply cannot understand why > their e-mail worked one day and doesn't the next. In their eyes the > system used to work, and now it doesn't, so that must mean that we broke > it an

Re: ingress SMTP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin Scott wrote: > We, being somewhat intelligent, have a support process in place > to walk the customer through the SMTP port change from 25 to one of our > two alternate ports. Why don't you set the alternate ports up as the defaults when the

Re: ingress SMTP

On Wed, Sep 03, 2008 at 11:52:48AM -0400, Tim Sanderson wrote: > Anybody not wanting to use their ISP email would notice it. I see > filtering 25 FROM the customer as something that is not likely to > happen because of this. When a customer buys bandwidth, they want to > be able to use it for whate

Re: ingress SMTP

What is preventing this from being an operational no-brainer, including making a few exceptions for customers that prove they know how to lock down their own mail infrastructure? As a small player who operates a mail server used by many local businesses, this becomes a support issue for admins

RE: ingress SMTP

Anybody not wanting to use their ISP email would notice it. I see filtering 25 FROM the customer as something that is not likely to happen because of this. When a customer buys bandwidth, they want to be able to use it for whatever they choose. This would be just one more restriction giving comp

Re: ingress SMTP

On Wed, Sep 3, 2008 at 8:46 PM, *Hobbit* <[EMAIL PROTECTED]> wrote: > > What I'm trying to get a feel for is this: what proportion of edge > customers have a genuine NEED to send direct SMTP traffic to TCP 25 > at arbitrary destinations? I'm thinking mostly of cable-modem and Not too many - they

ingress SMTP

I've been blackholing NANOG mail for a while due to other things displacing the time I'd need to read it, so I might be a little out of touch on this, but I did grovel through some of the archives looking for any discussion on this before posting. Didn't find a really coherent answer yet. What I'

Re: Is the export policy selective under valley-free?

On Wed, Sep 3, 2008 at 4:29 AM, William Waites <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Le 08-09-03 à 11:08, Iljitsch van Beijnum a écrit : > >> On 3 sep 2008, at 1:45, Kai Chen wrote: >> >>> Just want to ask a direct question. Will an AS export all it gets f

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

On Wed, Sep 3, 2008 at 8:48 AM, <[EMAIL PROTECTED]> wrote: > On Tue, Sep 02, 2008 at 10:08:10PM -0400, Christopher Morrow wrote: >> On 9/2/08, Todd Underwood <[EMAIL PROTECTED]> wrote: >> >> > checking our current data, that block is not currently routed by any >> > of our peers over the last mo

Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or

On Wed, 3 Sep 2008 08:02:09 -0500 (CDT) Joe Greco <[EMAIL PROTECTED]> wrote: > Steve, it is intriguing that you would make such a statement, since > you clearly believe that your own signature is sufficiently > worthwhile that you do not separate it from the main message with a > signature separat

Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or

> > [SNIP] > > > > Just so that I am clear on your issue here: You believe it is "okay" > > for you to put your linkedin URL in your .sig, but Gadi must not be > > allowed to put it at the top of a post? > > Yes, I think that's exactly right. It's a statement of what the sender > perceives

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

On Tue, Sep 02, 2008 at 10:08:10PM -0400, Christopher Morrow wrote: > On 9/2/08, Todd Underwood <[EMAIL PROTECTED]> wrote: > > > checking our current data, that block is not currently routed by any > > of our peers over the last month (i would assume ripe ris and > > routeviews report similar d

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

well, actually this was the IP address used for l.root-servers.net from 1998-2008. so i guess you could say its never been used for anything. we are not currently routing that prefix and there should currently be nothing at that IP address. --bill On Tue, Sep 02, 2008 at 06:24:21PM -

Re: GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercag e, w hy are we peering with the American RBN?]

On Mon, Sep 01, 2008 at 09:21:24AM -0500, Laurence F. Sheldon, Jr. wrote: > [EMAIL PROTECTED] wrote: > >On Mon, 01 Sep 2008 08:48:12 -, Paul Ferguson said: > > >>Is this an issue that network operations folk don't really care > >>about? > > > >If somebody's paying you $n/megabyte for transit/c

Re: Is the export policy selective under valley-free?

On 3 sep 2008, at 11:40, Randy Bush wrote: I think that yes, the valley-free property is a necessary but not sufficient criteria for generating the set of in-reality-valid paths on the Internet. i assure you that the actual topology is not valley free. e.g. there are many backup or political

Re: Is the export policy selective under valley-free?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08-09-03 at 11:40, Randy Bush on holiday and should not be reading nanog, let alone responding wrote : i assure you that the actual topology is not valley free. e.g. there are many backup or political hack transit paths [0]

Re: Is the export policy selective under valley-free?

> I think that yes, the valley-free property is a necessary but not > sufficient criteria for generating the set of in-reality-valid paths > on the Internet. i assure you that the actual topology is not valley free. e.g. there are many backup or political hack transit paths [0] between otherwise

Re: Is the export policy selective under valley-free?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 08-09-03 à 11:08, Iljitsch van Beijnum a écrit : On 3 sep 2008, at 1:45, Kai Chen wrote: Just want to ask a direct question. Will an AS export all it gets from its customers and itself to its providers? Or even under valley-free, the BGP expo

Re: Is the export policy selective under valley-free?

On 3 sep 2008, at 1:45, Kai Chen wrote: Just want to ask a direct question. Will an AS export all it gets from its customers and itself to its providers? Or even under valley-free, the BGP export policy is also selective? I get the valley-free but not the selective. :-) Iljitsch

Re: Is the export policy selective under valley-free?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 08-09-03 à 02:23, Paul Wall a écrit : That's correct. A network purchasing transit will advertise its internally-originated prefixes, as well as those it's learning from downstream customers, to its provider. I'm not sure what "valley-free" mea