Le 15/01/2014 07:59, Eric A Louie a écrit :
> Ok, so the right way to do it is in iBGP. That pretty much answers the
> question - don't redistribute those ixp-participant prefixes into my IGP.
Yes, using next-hop self (rather than importing IXP routes) as pointed
out earlier in this thread.
>
>
On Tue, 2014-01-14 at 19:06 -0500, Brandon Applegate wrote:
> Just saw this in a message tonight. No idea if this is a transient error
> or not.
Got one too for AS197422 at "Tue, 14 Jan 2014 23:59:01 +0100", resent
the mail at "Wed, 15 Jan 2014 00:03:12 +0100" and it worked so probably
transient
Ok, so the right way to do it is in iBGP. That pretty much answers the
question - don't redistribute those ixp-participant prefixes into my IGP.
I have a lot of iBGP homework to do, to make it work with the 5 POPs that are
all taking full route feeds. I tried once and couldn't get the BGP tabl
On Wed, Jan 15, 2014 at 1:36 AM, Eric A Louie wrote:
> Never mind, I just carefully re-read the point. Right, I'll filter the
> prefix(es) of the IXP LAN(s) that I'm connected to and not let THAT get out,
> no reason to advertise it since no traffic ever goes to it. That still has
> me asking
On Wed, Jan 15, 2014 at 1:22 AM, Eric A Louie wrote:
> Thank you - I will heed the warning. I want to be a good community member
> and make sure we're maintaining the agreed-upon practices (I'll
> re-read/review my agreement with the IXP)
>
>
> So if that is the case, I have to rely on the peer
Never mind, I just carefully re-read the point. Right, I'll filter the
prefix(es) of the IXP LAN(s) that I'm connected to and not let THAT get out, no
reason to advertise it since no traffic ever goes to it. That still has me
asking to how best to advertise the rest of the public prefixes comi
Thank you - I will heed the warning. I want to be a good community member and
make sure we're maintaining the agreed-upon practices (I'll re-read/review my
agreement with the IXP)
So if that is the case, I have to rely on the peering fabric to just return
traffic, since the rest of my networ
On Jan 15, 2014, at 11:41 AM, Patrick W. Gilmore wrote:
> I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
> route. An IXP LAN should not be reachable from any device except those
> directly attached to that LAN. Period.
+1
Again, folks, this isn't theoretical. When
On Jan 14, 2014, at 23:03 , Leo Bicknell wrote:
> On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore wrote:
>
>> So Just Don't Do It. Setting next-hop-self is not just for "big guys", the
>> crappiest, tiniest router that can do peering at an IXP has the same
>> ability. Use it. Stop putting me a
On Jan 14, 2014, at 9:35 PM, Patrick W. Gilmore wrote:
> So Just Don't Do It. Setting next-hop-self is not just for "big guys", the
> crappiest, tiniest router that can do peering at an IXP has the same ability.
> Use it. Stop putting me and every one of your peers in danger because you are
>
Possibly related, a lot of 503 errors are starting to show up in the
javascript served by Google inside Gmail...reminds me of the issue in the
early morning hours (US time)...very similar to what I'm starting to see on
the front end. I've not had any IPv6 emails bounce, but I do have some
that are
FWIW I do know there was a MASSIVE failure last night around 0800 UTC with
Google's DNS system, and it caused their routing to not only go bat shit
insane, but also for the edge nodes that serve their content to return
largely 503 errors (service unavailable) for several hours.
It wasn't until a f
On Jan 14, 2014, at 22:20 , Leo Bicknell wrote:
> On Jan 14, 2014, at 7:55 PM, Eric A Louie wrote:
>
>> I have a connection to a peering fabric and I'm not distributing the peering
>> fabric routes into my network.
>
> There's a two part problem lurking.
>
> Problem #1 is how you handle your
On Jan 14, 2014, at 7:55 PM, Eric A Louie wrote:
> I have a connection to a peering fabric and I'm not distributing the peering
> fabric routes into my network.
There's a two part problem lurking.
Problem #1 is how you handle your internal routing. Most of the "big boys"
will next-hop-self
On Jan 14, 2014 7:13 PM, "Patrick W. Gilmore" wrote:
>
> Pardon the top post, but I really don't have anything to comment below
other than to agree with Chris and say rfc5963 is broken.
>
> NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An
IXP LAN should not be reachable fro
Pardon the top post, but I really don't have anything to comment below other
than to agree with Chris and say rfc5963 is broken.
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP
LAN should not be reachable from any device not directly attached to that LAN.
Period.
D
On Tue, Jan 14, 2014 at 9:09 PM, Cb B wrote:
> On Jan 14, 2014 6:01 PM, "Eric A Louie" wrote:
>>
>> I have a connection to a peering fabric and I'm not distributing the
> peering fabric routes into my network.
>>
good plan.
>> I see three options
>> 1. redistribute into my igp (OSPF)
>>
>> 2. c
On Tue, Jan 14, 2014 at 8:51 PM, Ted Cooper
wrote:
> On 15/01/14 10:06, Brandon Applegate wrote:
>> Off-list replies are fine to minimize noise, and if there is an answer
>> or any meaningful correlation I will reply on-list. Thanks in advance
>> for any info/feedback.
>
brandon, I didn't get yo
On Jan 14, 2014 6:01 PM, "Eric A Louie" wrote:
>
> I have a connection to a peering fabric and I'm not distributing the
peering fabric routes into my network.
>
> I see three options
> 1. redistribute into my igp (OSPF)
>
> 2. configure ibgp and route them within that infrastructure. All the
defa
I have a connection to a peering fabric and I'm not distributing the peering
fabric routes into my network.
I see three options
1. redistribute into my igp (OSPF)
2. configure ibgp and route them within that infrastructure. All the default
routes go out through the POPs so iBGP would see packe
On 15/01/14 10:06, Brandon Applegate wrote:
> Off-list replies are fine to minimize noise, and if there is an answer
> or any meaningful correlation I will reply on-list. Thanks in advance
> for any info/feedback.
I have been running into these a lot also and have so far concluded that
it is an e
In article you write:
>Just saw this in a message tonight. No idea if this is a transient error
>or not.
I saw the same thing, on an IP that has forward and reverse DNS and
mail that passes SPF. Burp, I guess.
Just saw this in a message tonight. No idea if this is a transient error
or not.
---
host gmail-smtp-in.l.google.com
[gmail-smtp-in.l.google.com][2607:f8b0:4002:c01::1a]
said: 550-5.7.1 [2607:ff70:11::11] Our system has detected that this
message does not 550-5.7.1 meet IPv6 sending gui
On (2014-01-14 08:35 -0800), Damian Menscher wrote:
> I see this as a form of BCP38, but imposed on networks by their transit
> providers, rather than done voluntarily. It would be great if it could
> work, but I have doubts due to asymmetric routing announcements intended
> for traffic shaping.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/13/2014 11:18 PM, Saku Ytti wrote:
> On (2014-01-13 21:33 +), Bjoern A. Zeeb wrote:
>
>>> BCP38! I am always surprised when people need crypto if they
>>> fail the simple things.
> Saying that BCP38 is solution to the reflection attacks i
http://www.nanpa.com/nanp1/allutlzd.zip lists NPANXX and Ratecentre.
derek
On Mon, Jan 13, 2014 at 7:33 PM, Paul Timmins wrote:
>
> On Jan 9, 2014, at 2:38 PM, Jay Ashworth wrote:
>
> > - Original Message -
> >>
> >>
> >> Looking to "heat chart" where fraudelent calls are going.
> >
Jared Mauch wrote:
>
> 3) You want to upgrade NTP, or adjust your ntp.conf to include ‘limited’
> or ‘restrict’ lines or both. (I defer to someone else to be an expert
> in this area, but am willing to learn :) )
There is useful guidance for Cisco, Juniper, and Unix here:
https://www.team-cymru
27 matches
Mail list logo
