Re: NTP Md5 or AutoKey?

On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said: > I'm just wondering -- in globak scheme of security issue, is NTP > security a major issue? The biggest problem is that you pretty much have to spoof a server that the client is already configured to be accepting NTP packets from. And *then*

Re: NTP Md5 or AutoKey?

On Nov 4, 2008, at 2:30 PM, Nathan Ward wrote: Anyway, pushing time out of sync seems an interesting way to break services that require stuff to be synced up. Kerberos is one such example. The analytical/forensic fidelity of various forms of telemetry such as NetFlow, syslog, etc. is hig

Re: NTP Md5 or AutoKey?

On 4/11/2008, at 7:23 PM, Paul Ferguson wrote: On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <[EMAIL PROTECTED]> wrote: Hi, I was wondering what most folks use for NTP security? Do they use the low cost, light weight symmetric key cryptographic protection method using MD5 or do folks go in fo

Re: NTP Md5 or AutoKey?

> Date: Mon, 3 Nov 2008 22:23:07 -0800 > From: "Paul Ferguson" <[EMAIL PROTECTED]> > > On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > I was wondering what most folks use for NTP security? > > > > Do they use the low cost, light weight symmetric key cryptog

Re: NTP Md5 or AutoKey?

On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <[EMAIL PROTECTED]> wrote: > Hi, > > I was wondering what most folks use for NTP security? > > Do they use the low cost, light weight symmetric key cryptographic > protection method using MD5 or do folks go in for full digital > signatures and X.509 certi

NTP Md5 or AutoKey?

Hi, I was wondering what most folks use for NTP security? Do they use the low cost, light weight symmetric key cryptographic protection method using MD5 or do folks go in for full digital signatures and X.509 certificates (AutoKey Security)? Thanks, Glen

Re: routing around Sprint's depeering damage

On 11/3/08, Randy Bush <[EMAIL PROTECTED]> wrote: > if anyone is actually saying anything new here, please point it out. > otherwise this seems like a lot of folk rehashing things from 1992 and > every year since, trying to demonstrate how smart they are, which > demonstrates how smart they are

Re: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 8:16 PM, George William Herbert wrote: Patrick writes: 3. Standard transit contracts do not guarantee full connectivity If you are a Cogent customer, it is very unlikely your contract will allow you SLA or other credits for not being able to reach Sprint unless you negotiated

Re: Sprint v. Cogent, some clarity & facts

Patrick writes: >3. Standard transit contracts do not guarantee full connectivity >If you are a Cogent customer, it is very unlikely your contract will >allow you SLA or other credits for not being able to reach Sprint >unless you negotiated something special. I doubt Sprint's standard >co

Re: Any recent predictions for routing table growth?

In order to double on schedule from the point where it hit 250k routes the rate of prefix growth needs to be on the order of 2k prefixes a week... I'm operating under the assumption that I'm going to need 500k dfz fib entries around mid 2010 which oddly is about inline with where we thought we'd b

Re: Any recent predictions for routing table growth?

It doesn't provide you with the breakdown on page 19, but here is the predictions he provides. http://www.potaroo.net/tools/ipv4/fig20.png You can ask him for a breakdown if you like. On Tue, Nov 04, 2008 at 12:43:14AM +, Bradley Freeman wrote: > Thanks for that link Bradley (& Joe who r

Re: Any recent predictions for routing table growth?

Thanks for that link Bradley (& Joe who replied off list), but IPv4 address depletion has been discussed to exhaustion and I was looking more for the speculative sizes of the routing table in 5 to 10+ years time such as on page 19 of this presentation www.vaf.net/prezos/*r*rg-prague.pdf is there a

Re: Any recent predictions for routing table growth?

Geoff Huston's has http://www.potaroo.net/tools/ipv4/ which goes up to the present. On Mon, Nov 03, 2008 at 11:38:58PM +, Brad Freeman wrote: > Hi, > > I am looking for some recent estimates of future IPv4 & IPv6 routing table > growth, the most recent reliable estimate I can find was done by

Any recent predictions for routing table growth?

Hi, I am looking for some recent estimates of future IPv4 & IPv6 routing table growth, the most recent reliable estimate I can find was done by Vince Fuller in his presentation in March 2007, is there any newer or alternative figures out? Thanks Bradley

trans-oceanic dns secondary exchange

hank kilmer and i exchange secondary dns for a small lot of small zones for other old flea scratchers and friends of the family. this last weekend, we had a double failure, where both our servers went down at the same time, i lost a power supply, and hank fried a mobo. so we are seeking a third t

Re: routing around Sprint's depeering damage

> Not all of us have been on the list since 92 or other years. Not all > of us are as informed about these things as you might be. that's why we have it every year. only this year the volume has been radically increased with no increase in content, just pontification. randy

Re: routing around Sprint's depeering damage

Randy Bush wrote: if anyone is actually saying anything new here, please point it out. otherwise this seems like a lot of folk rehashing things from 1992 and every year since, trying to demonstrate how smart they are, which demonstrates how smart they are not. Not all of us have been on the

Re: routing around Sprint's depeering damage

"Justin M. Streiner" <[EMAIL PROTECTED]> wrote: >On Sun, 2 Nov 2008, Matthew Kaufman wrote: >> Ah yes, I suspect we can get all the network operators here to agree that >> any >> customer of another ISP should buy a second connection "just in case". Maybe >> this breakage will turn out to be th

Re: routing around Sprint's depeering damage

if anyone is actually saying anything new here, please point it out. otherwise this seems like a lot of folk rehashing things from 1992 and every year since, trying to demonstrate how smart they are, which demonstrates how smart they are not. randy

Re: routing around Sprint's depeering damage

Adam Rothschild wrote: >On 2008-11-02-10:14:14, Matthew Kaufman <[EMAIL PROTECTED]> wrote: >> But seriously, it shouldn't be necessary to have two connections at >> work [...] > >This is less than clear, and largely dependent on a specific >organization's [in]ability to function if their internet

Re: routing around Sprint's depeering damage

Patrick wrote: >On Nov 3, 2008, at 9:41 AM, HRH Sven Olaf Prinz von CyberBunker- >Kamphuis MP wrote: > >>> No, but the providers who provide those connections should be >>> multihomed. >>> If they're not, I'd consider switching providers. Simple as that. > >> multihomed to whichever parties de

RE: Sprint / Cogent dispute over?

At 06:54 PM 11/2/2008, Daniel Roesen wrote: >On Sun, Nov 02, 2008 at 04:40:20PM -0500, Randy Epstein wrote: > > Problem resolved? > >https://www.sprint.net/cogent.php Since there is active litigation going on over this, it's also possible an attorney said, "hmmm... maybe you should wait until th

Re: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 3:49 PM, Rod Beck wrote: And a 'Tier One' nework is a transit-free network that can reach all end points (end user IP addresses)? A transit free network that has no settlements. Which means no network is strictly "tier one". Read

Re: Sprint v. Cogent, some clarity & facts

Rod Beck wrote: > And a 'Tier One' nework is a transit-free network that can reach all end > points (end user IP addresses) A "Tier One" is best defined as "the ISP the salesman represents." It originally referred to transit-free, settlement-free ISPs, but over time, bigger ISPs began to play wi

RE: Sprint v. Cogent, some clarity & facts

And a 'Tier One' nework is a transit-free network that can reach all end points (end user IP addresses)? Roderick S. Beck Director of European Sales Hibernia Atlantic 13-15, rue Sedaine, 75011 Paris http://www.hiberniaatlantic.com Wireless: 1-212-444-8829. French Landline: 33+1+4355+8224 French

Re: Sprint v. Cogent, some clarity & facts

On Mon, Nov 3, 2008 at 1:34 PM, Nicolas Antoniello <[EMAIL PROTECTED]> wrote: > Sorry for my possible ignorance, but could you explain me what are you > calling "transit-free"? Transit: You pay an ISP to send and receive traffic to and from "the Internet." "The Internet" consists of: his paid cus

Re: Sprint v. Cogent, some clarity & facts

On Mon, Nov 03, 2008 at 04:34:16PM -0200, Nicolas Antoniello wrote: > Sorry for my possible ignorance, but could you explain me what are you > calling "transit-free"? Transit-free means that you don't pay anyone else to reach some 3rd-party network. In other words, if I'm Sprint, I don't pay UUNE

Re: routing around Sprint's depeering damage

On Sunday 02 November 2008 10:28:31 Joe Greco wrote: > previous poster wrote: > > so perhaps look at > > your own setup and decide that you need that 2nd connection to back you > > up when first one fails. This is a simple business logic. > Is it just me, or is this awful logic? Awful or not, th

Re: Sprint / Cogent dispute over?

* Paul Vixie: > if cogent signed a trial peering contract which required payment if sprint > determined after three months that cogent did not qualify, then the court's > open questions are was the contract valid (and thus, does cogent owe sprint > money) and why isn't there some kind of common ca

Re: Sprint v. Cogent, some clarity & facts

* Valdis Kletnieks: > On Mon, 03 Nov 2008 10:26:59 +0100, Florian Weimer said: >> * Patrick W. Gilmore: > >> > 3. Standard transit contracts do not guarantee full connectivity >> >> If this were true, why would end users (or, more generally, not >> significantly multi-homed networks) buy transit

Re: Sprint v. Cogent, some clarity & facts

Sorry for my possible ignorance, but could you explain me what are you calling "transit-free"? I mean, the ISP I work for, has contract for several STM-4 links with Sprint (at least for 8 years now), and for sure they do have transit, at least for us (as we publish our customers ASs to them and the

Re: Peering - Benefits?

On 31 Oct 2008, at 16:56, Paul Stewart wrote: Why does the controversy word keep coming up? You're the third personnow to ask if I was trying to provide controversy and for the third time, NO I AM NOT. Hi, I have no intention of fanning the fire, but I can explain the controversy messa

Re: Peering - Benefits?

On 31 Oct 2008, at 16:56, Paul Stewart wrote: Why does the controversy word keep coming up? You're the third personnow to ask if I was trying to provide controversy and for the third time, NO I AM NOT. Hi, I have no intention of fanning the fire, but I can explain the controversy messa

Re: Sprint v. Cogent, some clarity & facts

Barrett Lyon wrote: Incase this has not hit the list yet: http://www.pcworld.com/businesscenter/article/153194/sprint_reconnects_cogent_but_differences_are_unresolved.html Sprint Reconnects Cogent, but Differences Are Unresolved Mikael Ricknäs, IDG News Service Monday, November 03, 2008 7

Re: Sprint v. Cogent, some clarity & facts

* Patrick W. Gilmore > On Nov 3, 2008, at 10:41 AM, Tore Anderson wrote: > > Another point worth mentioning is that the traffic is going to flow > > between those two ISPs _anyway_. > > I believe the events of 2-3 days ago disproves your assertion. Having partitioned transit-free networks is goin

RE: Sprint / Cogent dispute over?

> -Original Message- > From: Paul Vixie [mailto:[EMAIL PROTECTED] > Sent: Monday, November 03, 2008 11:49 AM > To: Daniel Senie > Cc: [EMAIL PROTECTED] > Subject: Re: Sprint / Cogent dispute over? > > Sprint's > document's wording is careful even if their is not. FWIW, that's the on

Re: Sprint / Cogent dispute over?

Daniel Senie <[EMAIL PROTECTED]> writes: > At 06:54 PM 11/2/2008, Daniel Roesen wrote: >> https://www.sprint.net/cogent.php > > ... > > Also in this document is a complaint that Cogent failed to disconnect. > Excuse me? This was a trial PEERING agreement. That implies one or a > series of point

Re: Sprint v. Cogent, some clarity & facts

Incase this has not hit the list yet: http://www.pcworld.com/businesscenter/article/153194/sprint_reconnects_cogent_but_differences_are_unresolved.html Sprint Reconnects Cogent, but Differences Are Unresolved Mikael Ricknäs, IDG News Service Monday, November 03, 2008 7:50 AM PST On Sunday Spr

Re: Sprint v. Cogent, some clarity & facts

> The FACT is that a point-source sending traffic to distributed > receivers combined with hot-potato routing puts more of the cost on > the receiver. That fact is not in dispute, apparently even you agree. Mmm, that's really not a fact. I like the way you painted it though. When you're loo

Re: Sprint v. Cogent, some clarity & facts

In a message written on Mon, Nov 03, 2008 at 10:40:46AM -0500, Patrick W. Gilmore wrote: > The FACT is that a point-source sending traffic to distributed > receivers combined with hot-potato routing puts more of the cost on > the receiver. That fact is not in dispute, apparently even you agre

Re: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 10:41 AM, Tore Anderson wrote: Another point worth mentioning is that the traffic is going to flow between those two ISPs _anyway_. I believe the events of 2-3 days ago disproves your assertion. Therefore, in many cases the only ones to profit from them not reaching a pee

Re: Sprint v. Cogent, some clarity & facts

* Stephen Sprunk > What it all comes down to is that the majority of eyeballs are on > "residential" connections that are relatively expensive to provide > but for which are sold at a relatively low price (often 1/10th as > much per megabit of capacity). Those eyeball ISPs cannot or will not > ch

Re: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 10:03 AM, David Schwartz wrote: Patrick W. Gilmore wrote: 4. There is a reason behind ratios which has nothing to do with telco "sender-pays" There is an alleged reason. Peering rations were first 'big news' when BBN wanted to de-peer Above.Net, Global Center, and Exodu

Re: Sprint v. Cogent, some clarity & facts

David Schwartz wrote: > The ratio argument is nonsense. If your customers want to receive mostly, > and receiving is expensive, they should pay you more to cover your higher > costs in receiving traffic. If my customers mostly want to send, and sending > is cheap, then I should pay less, since I w

Re: Sprint v. Cogent, some clarity & facts

David Schwartz wrote: Your customers pay you to carry their traffic across your network between them and the next network in the line. There is no reason anyone else should compensate you for doing this. What it all comes down to is that the majority of eyeballs are on "residential" conne

Re: Sprint v. Cogent, some clarity & facts

In a message written on Mon, Nov 03, 2008 at 01:26:14AM -0500, Patrick W. Gilmore wrote: > Having skimmed the Sprint / Cogent threads, I saw multiple errors and > lots of really bad guesses. Instead of replying individually, I > thought I would sum up a few facts so everyone was on the same p

cold.net contact

Could someone who has insight into DNS for it.colt.net please contact me off list. I am having sporadic difficulty resolving a domain you are providing DNS for. Thanks -- Josh Smith KD8HRX email/jabber: [EMAIL PROTECTED] phone: 304.237.9369(c) () ascii ribbon campaign - against html e-mail

Re: Sprint / Cogent dispute over?

On Nov 3, 2008, at 10:01 AM, Daniel Senie wrote: At 06:54 PM 11/2/2008, Daniel Roesen wrote: On Sun, Nov 02, 2008 at 04:40:20PM -0500, Randy Epstein wrote: > Problem resolved? https://www.sprint.net/cogent.php Reading this accounting of Sprint's side of the story reveals something that's no

Re: "Tier 1" vs. all. Was: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 10:02 AM, Eric Van Tol wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2008 8:55 AM Let's put it another 'nother way. Would an end user get better connectivity by buying from a reseller of transit? In other words

Re: routing around Sprint's depeering damage

> No, but the providers who provide those connections should be multihomed. > If they're not, I'd consider switching providers. Simple as that. Am I the only one to whom this sounds really strange? I really doubt that customers going to buy Sprint EVDO service are asking about "are you multihom

RE: Sprint v. Cogent, some clarity & facts

Patrick W. Gilmore wrote: > 4. There is a reason behind ratios which has nothing to do with telco > "sender-pays" There is an alleged reason. > Hot potato routing + very poor ratios puts much more of the cost on > the receiving network. This is a valid, logical, and costly concern > for receivi

"Tier 1" vs. all. Was: Sprint v. Cogent, some clarity & facts

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, November 03, 2008 8:55 AM > > Let's put it another 'nother way. > Would an end user get better connectivity by buying from a > reseller of transit? In other words, buying transit from > a network which

Re: Sprint / Cogent dispute over?

At 06:54 PM 11/2/2008, Daniel Roesen wrote: On Sun, Nov 02, 2008 at 04:40:20PM -0500, Randy Epstein wrote: > Problem resolved? https://www.sprint.net/cogent.php Reading this accounting of Sprint's side of the story reveals something that's not too surprising about Sprint. They've got serious

Re: routing around Sprint's depeering damage

On Nov 3, 2008, at 9:41 AM, HRH Sven Olaf Prinz von CyberBunker- Kamphuis MP wrote: No, but the providers who provide those connections should be multihomed. If they're not, I'd consider switching providers. Simple as that. multihomed to whichever parties decide to generate split ups on

RE: Sprint v. Cogent, some clarity & facts

> Quite frankly, if any potential transit provider tried to make > noises about > being able to *guarantee* full connectivity, I'd show him the door. Let's not make the perfect the enemy of the good. All that's required is that they promise to make a good faith effort to interconnect with anyone

Re: routing around Sprint's depeering damage

> No, but the providers who provide those connections should be multihomed. > If they're not, I'd consider switching providers. Simple as that. > > jms multihomed to whichever parties decide to generate split ups on purpose in the intarrwebbz.. meaning: all of them.. (you can never tell which on

Re: routing around Sprint's depeering damage

On Sun, 2 Nov 2008, Matthew Kaufman wrote: Ah yes, I suspect we can get all the network operators here to agree that any customer of another ISP should buy a second connection "just in case". Maybe this breakage will turn out to be the best way for everyone to double their customer base overni

Re: Sprint / Cogent dispute over?

note that i have friends at both sprint and cogent and i'm not taking sides. "James Hess" <[EMAIL PROTECTED]> writes: > I would say it's a "peering spat", because Cogent's press releases stated > Sprint failed to meet Sprint's "contractual obligation" to peer with them > on a settlement-free basi

RE: Sprint v. Cogent, some clarity & facts

> Put another way, since _every_ network does this, if you do > not want to buy from 'such networks', you cannot buy transit. Let's put it another 'nother way. Would an end user get better connectivity by buying from a reseller of transit? In other words, buying transit from a network which also

Re: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 4:26 AM, Florian Weimer wrote: * Patrick W. Gilmore: 1. Neither Sprint nor Cogent have transit Both Sprint & Cogent are transit-free networks. (Notice how I carefully avoided saying "tier one"?) Whether one or both _should_ have transit is not a fact, and therefore outside

Re: Sprint v. Cogent, some clarity & facts

On Nov 3, 2008, at 2:35 AM, Paul Wall wrote: On Mon, Nov 3, 2008 at 1:26 AM, Patrick W. Gilmore <[EMAIL PROTECTED]> wrote: 1. Neither Sprint nor Cogent have transit Both Sprint & Cogent are transit-free networks. (Notice how I carefully avoided saying "tier one"?) How do you explain Cogen

Re: Sprint v. Cogent, some clarity & facts

>> Does Akamai have peering arrangements with Cogent directly? > > Akamai are self declared peering sluts. So, yes, they have direct > peering arrangements with Cogent. Hrm, so after I posted this, I looked a bit deeper into it and found: 3 vl3493.mpd03.jfk02.atlas.cogentco.com (154.54.5.22

Re: Sprint v. Cogent, some clarity & facts

On Mon, Nov 3, 2008 at 3:35 AM, Paul Wall <[EMAIL PROTECTED]> wrote: > On Mon, Nov 3, 2008 at 1:26 AM, Patrick W. Gilmore <[EMAIL PROTECTED]> wrote: >> 1. Neither Sprint nor Cogent have transit >> Both Sprint & Cogent are transit-free networks. (Notice how I carefully >> avoided saying "tier one"?

Re: Sprint v. Cogent, some clarity & facts

On Mon, 03 Nov 2008 10:26:59 +0100, Florian Weimer said: > * Patrick W. Gilmore: > > 3. Standard transit contracts do not guarantee full connectivity > > If this were true, why would end users (or, more generally, not > significantly multi-homed networks) buy transit from such networks? Quite fr

Re: Sprint v. Cogent, some clarity & facts

* Patrick W. Gilmore: > 1. Neither Sprint nor Cogent have transit > Both Sprint & Cogent are transit-free networks. (Notice how I > carefully avoided saying "tier one"?) Whether one or both _should_ > have transit is not a fact, and therefore outside the scope of this e- > mail, but that neithe