Re: Q-In-Q using M7i and CISCO Switch

> We have a client with the following situation: > > v1, v2, v3 > ---| Switch | --| Switch || > Switch|- JUNIPER M7i IQ2E - > > > Carrier offers only 3 vlans to the client. But he wants t

Q-In-Q using M7i and CISCO Switch

People, We have a client with the following situation: v1, v2, v3 ---| Switch | --| Switch || Switch|- JUNIPER M7i IQ2E - Carrier offers only 3 vlans to the client. But he wants to push

Re: Comcast enables 6to4 relays

In message <20100831062203.be89e...@mail.wardenm.net>, "Mitchell Warden" writes : > > The list seems to be showing relays that announce both the IPv4 and the > > IPv6 anycast prefixes. > > > > I have noticed a number of deployments that announce the (in)famous IPv4 > > prefix and then consider the

Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

On 2010-08-31 19:58, Nathan Eisenberg wrote: >> The only thing you can do to help your users is to provide them with proper >> education and to explain them to keep up to date and run the right tools and >> not click anywhere they can and that is a mission which is near >> impossible. > > I t

RE: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

1. I completely agree with Jeroen 2. Jack, if you have specific concerns that Jeroen hasn't answered, feel free to ping me off line. I own Teredo in Windows. Sean from "M$" -Original Message- From: Jeroen Massar [mailto:jer...@unfix.org] Sent: Tuesday, August 31, 2010 10:40 AM To: Jack

RE: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

> The only thing you can do to help your users is to provide them with proper > education and to explain them to keep up to date and run the right tools and > not click anywhere they can and that is a mission which is near > impossible. I thought user education in threat management was long a

Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

On 2010-08-31 19:32, Jack Bates wrote: > Jeroen Massar wrote: >> >> If you have one person setting up ICS on their machine and they have >> enabled IPv6 voila the whole network gets IPv6, that thus does not solve >> your problem either. Or are you monitoring IPv6 RAs etc? > > Setting up ICS with I

Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

Jeroen Massar wrote: If you have one person setting up ICS on their machine and they have enabled IPv6 voila the whole network gets IPv6, that thus does not solve your problem either. Or are you monitoring IPv6 RAs etc? Setting up ICS with IPv6 is user knowledge in my opinion. In addition, th

Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

On 2010-08-31 19:02, Jack Bates wrote: > Jeroen Massar wrote: >> just remember that a lot of people have VPN software, connect from home >> to that VPN and do other weird setups (Skype for instance, BitTorrent) >> where there are possibilities to bypass your "firewall". >> > > I agree. My concern

Re: Comcast enables 6to4 relays

On Tue, 31 Aug 2010 12:02:56 CDT, Jack Bates said: > 6to4 doesn't suffer the same issues. Primarily because RFC1918 > addressing can't be used in 6to4. This means that at a minimum, the > router has to participate or the host behind it must be manually > configured with a 6to4 address (for the

Re: Comcast enables 6to4 relays

Jeroen Massar wrote: just remember that a lot of people have VPN software, connect from home to that VPN and do other weird setups (Skype for instance, BitTorrent) where there are possibilities to bypass your "firewall". I agree. My concern here is that we are dealing with improper firewalls.

RE: UPDATED - Comcast enables 6to4 relays

- S -Original Message- From: John Jason Brzozowski Sent: Tuesday, August 31, 2010 5:57 To: Pekka Savola Cc: NANOG Subject: Re: UPDATED - Comcast enables 6to4 relays On 8/31/10 7:36 AM, "Pekka Savola" wrote: > On Tue, 31 Aug 2010, John Jason Brzozowski wrote: >> Enabled two more 6t

Re: Comcast enables 6to4 relays

On 2010-08-31 18:07, Jack Bates wrote: > Jeroen Massar wrote: >> >> Jack: there are a lot more methods to infect a host than this as there >> are lots and lots of p2p protocols which are being used by C&C botnets. >> And never forgot about this very simple protocol called HTTP(S). >> > > I agree,

Re: Comcast enables 6to4 relays

Jeroen Massar wrote: Jack: there are a lot more methods to infect a host than this as there are lots and lots of p2p protocols which are being used by C&C botnets. And never forgot about this very simple protocol called HTTP(S). I agree, though let's consider HTTP. If a firewall is set to fil

Re: Comcast enables 6to4 relays

On 2010-08-31 16:54, Mikael Abrahamsson wrote: > On Tue, 31 Aug 2010, Jack Bates wrote: > >> Teredo usage isn't common enough on our network to warrant the work. >> Very few apps will activate it is my guess. > > > > As I stated, either your users are usi

Re: Comcast enables 6to4 relays

On Tue, 31 Aug 2010, Jack Bates wrote: Teredo usage isn't common enough on our network to warrant the work. Very few apps will activate it is my guess. As I stated, either your users are using your Teredo server, or they're using someone elses. Not ru

Re: Comcast enables 6to4 relays

Mikael Abrahamsson wrote: End users are using 6to4 and Teredo, if an ISP isn't providing their own relays, someone else is and the performance might be good or bad. Teredo usage isn't common enough on our network to warrant the work. Very few apps will activate it is my guess. Same logic app

RIPE Labs article on the Duke/RIPE NCC BGP experiment

Dear Colleagues, On Friday, 27 August, at 08:41 (UTC), RIPE NCC staff involved in the Routing Information Service (RIS) project conducted an Internet routing experiment in conjunction with a research group from Duke University in the United States. The goal of this experiment was to furth

Re: UPDATED - Comcast enables 6to4 relays

On 8/31/10 7:36 AM, "Pekka Savola" wrote: > On Tue, 31 Aug 2010, John Jason Brzozowski wrote: >> Enabled two more 6to4 relays this morning. :) > > Out of curiousity, what is the aggregate Mbps load on the relays? > Related question is the platform on which these are run. [jjmb] for now I can sa

Re: UPDATED - Comcast enables 6to4 relays

On Tue, 31 Aug 2010, John Jason Brzozowski wrote: Enabled two more 6to4 relays this morning. :) Out of curiousity, what is the aggregate Mbps load on the relays? Related question is the platform on which these are run. -- Pekka Savola "You each name yourselves king, yet the

Re: UPDATED - Comcast enables 6to4 relays

Way to go! more! more! ;) - Original Message - From: "John Jason Brzozowski" To: "NANOG" Sent: Tuesday, 31 August, 2010 6:18:21 PM Subject: UPDATED - Comcast enables 6to4 relays Enabled two more 6to4 relays this morning. :) John

Re: Comcast enables 6to4 relays

I think this http://www.gossamer-threads.com/lists/nsp/ipv6/13537 may answer some of the questions on how to make it work correctly. I like the fact the 6to4 gateway should be on a separate machine that BGP with the main router. If the gateway dies, the routes are withdrawn and clients go and l