Re: gmail.com - 550 error for ipv6/PTR ?

>It occurs to me, you may have sent a bounce, where the envelope from is empty, >therefore SPF would work on the domain in the helo/ehlo. People often >forget to put a SPF record there... So there may be no SPF in fact... Nope. In this case, Google was just messed up. R's, John

Re: Proxy ARP detection (was re: best practice for advertising peering fabric routes)

On Wed, Jan 15, 2014 at 10:49 PM, ML wrote: > > Shouldn't ARP inspection be a common feature? > Dynamic ARP inspection is mostly useful only when the trusted ports receive their MAC to IP address mapping from a trusted DHCP server, and the trusted mapping is established using DHCP snooping. Or

Re: Proxy ARP detection (was re: best practice for advertising peering fabric routes)

On 1/15/2014 6:31 PM, Clay Fiske wrote: Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so long. But how can I detect proxy ARP when detecting proxy ARP was patented in 1996? http://www.google.com/patents/US5708654 Seriously though, it’s not so simple. You only

Re: Proxy ARP detection

On Wed, Jan 15, 2014 at 10:21 PM, Patrick W. Gilmore wrote: > Excellent. So all everyone has to do is not buy cisco _or_ juniper. > Or make the LANs IPv6-only adressed, since ARP is not used. And it is probably unlikely that someone will turn on a ND Proxy by "accident". > Wait a minute.

Re: Internet Routing Registries - RADb, etc

Blake, If you find that an RADb maintainer is unresponsive about removing stale/incorrect objects in the RADb, we will review your request and can remove the objects in question. Regards, Larry Blunk Merit - Original Message - > Can someone provide a little guidance on RADb (a

Re: Proxy ARP detection

Excellent. So all everyone has to do is not buy cisco _or_ juniper. Wait a minute -- TTFN, patrick On Jan 15, 2014, at 19:54 , Eric Rosen wrote: > Cisco PIX's used to do this if the firewall had a route and saw a ARP request > in that IP range it would proxy arp. > > - Original Mes

Re: Question re: WordPress

THANK YOU! On Jan 15, 2014, at 8:50 PM, Peter Thimmesch wrote: > http://en.support.wordpress.com/deceased-user/ > > > > On Jan 15, 2014, at 8:09 PM, Ilissa Miller wrote: > >> Wondering if anyone in the community could kindly advise. How can someone >> get a deceased person's blog removed/t

Re: Question re: WordPress

wordpress.com ? On Wed, Jan 15, 2014 at 8:09 PM, Ilissa Miller wrote: > Wondering if anyone in the community could kindly advise. How can someone > get a deceased person's blog removed/taken down from WordPress? > > Please contact me directly offline if you can assist. > > Thank you > Ilissa

Re: gmail.com - 550 error for ipv6/PTR ?

On Jan 14, 2014, at 4:06 PM, Brandon Applegate wrote: > Just saw this in a message tonight. No idea if this is a transient error or > not. > > --- > host gmail-smtp-in.l.google.com > [gmail-smtp-in.l.google.com][2607:f8b0:4002:c01::1a] >said: 550-5.7.1 [2607:ff70:11::11] Our system has d

Re: Proxy ARP detection

Cisco PIX's used to do this if the firewall had a route and saw a ARP request in that IP range it would proxy arp. - Original Message - > > On Jan 15, 2014, at 4:03 PM, Niels Bakker wrote: > > > * c...@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]: > >> This is where theory

Question re: WordPress

Wondering if anyone in the community could kindly advise. How can someone get a deceased person's blog removed/taken down from WordPress? Please contact me directly offline if you can assist. Thank you Ilissa eMail: ili...@imillerpr.com

Re: Proxy ARP detection

On Jan 15, 2014, at 4:03 PM, Niels Bakker wrote: > * c...@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]: >> This is where theory diverges nicely from practice. In some cases the >> offender broadcast his reply, and guess what else? A lot of routers listen >> to unsolicited ARP repl

Re: Proxy ARP detection

* c...@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]: This is where theory diverges nicely from practice. In some cases the offender broadcast his reply, and guess what else? A lot of routers listen to unsolicited ARP replies. I've never seen this. Please name vendor and product,

Re: Proxy ARP detection

On Jan 15, 2014, at 3:47 PM, Niels Bakker wrote: > * c...@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:35 CET]: > [...] >> Seriously though, it’s not so simple. You only get replies if the IP you ARP >> for is in the offender’s route table (or they have a default route). I’ve >> seen diff

Re: Proxy ARP detection

* c...@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:35 CET]: [...] Seriously though, it’s not so simple. You only get replies if the IP you ARP for is in the offender’s route table (or they have a default route). I’ve seen different routers respond depending on which non-local IP was ARPed

Re: OpenNTPProject.org

On Tue, Jan 14, 2014 at 09:18:30AM +0200, Saku Ytti wrote: > DNS, NTP, SNMP, chargen et.al. could trivially change to QUIC/MinimaLT > or compared, getting same 0 RTT penalty as UDP without reflection > potential. I wouldn't say trivial, but QUIC and MinimaLT are hopefully the future. The near fut

Proxy ARP detection (was re: best practice for advertising peering fabric routes)

On Jan 15, 2014, at 12:46 PM, Niels Bakker wrote: > * c...@bloomcounty.org (Clay Fiske) [Wed 15 Jan 2014, 20:34 CET]: >> Semi-related tangent: Working in an IXP setting I have seen weird corner >> cases cause issues in conjunction with the IXP subnet existing in BGP. Say >> someone’s got proxy

RE: Internet Routing Registries - RADb, etc

I 100% agree with Nick. But, in dealing with Level3, you need Level3 Members Remarks in your objects to deal with multiple registries etc. They have an ok system that is a nightmare to pull from different datasources with them and they've churned the ultimately responsible individual a few tim

Re: gmail.com - 550 error for ipv6/PTR ?

> > > Ah yes, the confusion with the separator between IP and ports. > > IPv4:port > IPv6.port > > That gets a lot of regex confused... Especially since IPv4:port works, while IPv6:port usually does not and you usually need [ipv6]:port. Owen

Re: gmail.com - 550 error for ipv6/PTR ?

On Wed, Jan 15, 2014 at 12:05 PM, Darren Pilgrim wrote: > host gmail-smtp-in.l.google.com[2607:f8b0:4002:c01::1a] said: 550-5.7.1 > [2607:fc50:1000:1f00::2 16] Our system has detected that this > 550-5.7.1 message does not meet IPv6 sending guidelines... > I could not reproduce the error du

Re: Internet Routing Registries - RADb, etc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Or perhaps this indicates that no one pays attention to what is in the RAdb, and therefore makes a statement about the RAdb itself? No idea myself... - - ferg On 1/15/2014 1:22 PM, Blake Hudson wrote: > Can someone provide a little guidance on RA

Re: Internet Routing Registries - RADb, etc

On 15/01/2014 21:22, Blake Hudson wrote: > I have emailed Level3 about the incorrect entries in their IRR with no > response. I have also emailed Cogent about their incorrect entry in RADb, > also with no response. > > Should I be concerned about these entries? Do these entries give someone > the

Internet Routing Registries - RADb, etc

Can someone provide a little guidance on RADb (and other IRRs)? Our organization is not a customer of any IRRs, but our ARIN IP allocation is registered in RADb and Level3's IRR. The majority of these entries are incorrect and list other AS#'s (AS's that have never been authorized to announce

Re: gmail.com - 550 error for ipv6/PTR ?

On Jan 15, 2014, at 10:56 AM, Darren Pilgrim wrote: > On 1/15/2014 10:14 AM, Franck Martin wrote: >> >> On Jan 15, 2014, at 10:05 AM, Darren Pilgrim > > >> wrote: >> >>> On 1/14/2014 4:06 PM, Brandon Applegate wrote: Just saw this in a message tonight. No idea

Re: best practice for advertising peering fabric routes

* b...@herrin.us (William Herrin) [Wed 15 Jan 2014, 19:27 CET]: On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote: * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]: So ... RFC1918 addresses for the IXP fabric, then? (Half kidding, but still ) They need to be globall

Re: best practice for advertising peering fabric routes

* c...@bloomcounty.org (Clay Fiske) [Wed 15 Jan 2014, 20:34 CET]: Semi-related tangent: Working in an IXP setting I have seen weird corner cases cause issues in conjunction with the IXP subnet existing in BGP. Say someone’s got proxy ARP enabled on their router (sadly, more common than it shoul

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 10:26 AM, William Herrin wrote: > > Of course working, monitorable and testable are three different > things. If my NMS can't reach the IXP's addresses, my view of the IXP > is impaired. And "the Internet is broken" is not a trouble report that > leads to a successful outcome

Re: best practice for advertising peering fabric routes

On Wed, Jan 15, 2014 at 1:26 PM, William Herrin wrote: > On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote: >> * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]: >> >>> So ... RFC1918 addresses for the IXP fabric, then? >>> >>> (Half kidding, but still ) >> >> They need to

Re: gmail.com - 550 error for ipv6/PTR ?

On 1/15/2014 10:14 AM, Franck Martin wrote: On Jan 15, 2014, at 10:05 AM, Darren Pilgrim mailto:na...@bitfreak.org>> wrote: On 1/14/2014 4:06 PM, Brandon Applegate wrote: Just saw this in a message tonight. No idea if this is a transient error or not. --- host gmail-smtp-in.l.google.com <

Re: best practice for advertising peering fabric routes

On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote: > * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]: > >> So ... RFC1918 addresses for the IXP fabric, then? >> >> (Half kidding, but still ) > > They need to be globally unique. Hi Niels, Actually, they don't. To meet th

Re: best practice for advertising peering fabric routes

On Wed, Jan 15, 2014 at 12:54 PM, Niels Bakker wrote: > * na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]: > >> So ... RFC1918 addresses for the IXP fabric, then? >> >> (Half kidding, but still ) > > > They need to be globally unique. do they? :) also... there is/was an exch

Re: gmail.com - 550 error for ipv6/PTR ?

On Jan 15, 2014, at 10:05 AM, Darren Pilgrim wrote: > On 1/14/2014 4:06 PM, Brandon Applegate wrote: >> Just saw this in a message tonight. No idea if this is a transient error >> or not. >> >> --- >> host gmail-smtp-in.l.google.com >> [gmail-smtp-in.l.google.com][2607:f8b0:4002:c01::1a] >>

Re: gmail.com - 550 error for ipv6/PTR ?

On 1/14/2014 4:06 PM, Brandon Applegate wrote: Just saw this in a message tonight. No idea if this is a transient error or not. --- host gmail-smtp-in.l.google.com [gmail-smtp-in.l.google.com][2607:f8b0:4002:c01::1a] said: 550-5.7.1 [2607:ff70:11::11] Our system has detected that this m

Re: best practice for advertising peering fabric routes

* patr...@ianai.net (Patrick W. Gilmore) [Wed 15 Jan 2014, 04:36 CET]: [..] NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP LAN should not be reachable from any device not directly attached to that LAN. Period. This is correct, and protects both your (ISP) infrastr

Re: best practice for advertising peering fabric routes

* na...@shankland.org (Jim Shankland) [Wed 15 Jan 2014, 18:04 CET]: So ... RFC1918 addresses for the IXP fabric, then? (Half kidding, but still ) They need to be globally unique. -- Niels. -- "It's amazing what people will do to get their name on the internet, which is odd, be

Amazon AWS Engineer

Could an Amazon AWS Engineer contact me off list. We're seeing what is perceived to be performance issues and I'd like to discuss what the expected performance should be. The Amazon AWS support channels don't appear to be meant for network type question. Thanks /Ryan Ryan Harden Senior Network

Re: best practice for advertising peering fabric routes

On 2014-01-15, at 12:04, Jim Shankland wrote: > On 1/14/14, 8:41 PM, Patrick W. Gilmore wrote: >> I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static >> route. An IXP LAN should not be reachable from any device except those >> directly attached to that LAN. Period. > > So

Re: best practice for advertising peering fabric routes

On 1/14/14, 8:41 PM, Patrick W. Gilmore wrote: I repeat: NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP LAN should not be reachable from any device except those directly attached to that LAN. Period. So ... RFC1918 addresses for the IXP fabric, then? (Half kidd

Re: best practice for advertising peering fabric routes

On Wed, Jan 15, 2014 at 10:57 AM, Patrick W. Gilmore wrote: > On Jan 15, 2014, at 10:44 , William Herrin wrote: >> I have to disagree with you. If it appears in a traceroute to >> somewhere else, I'd like to be able to ping and traceroute directly to >> it. When I can't, that impairs my ability t

RE: best practice for advertising peering fabric routes

UUnet once advertised the /24 for MAE-East to me (well, Net99), and because I also had it in my IGP, my network was using UUnet's backbone for west-to-east coast traffic for a couple of days until I noticed and fixed it (with next-hop-self). I agree 100% with Patrick and others on this point.

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 10:52 PM, Leo Bicknell wrote: > (Business class) ISP's don't break PMTU-D, end users break it with the > equipment they connect. Concur 100%. That's my point. > So a smart user connecting equipment that is properly configured should be > able to expect it to work proper

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 10:44 , William Herrin wrote: > On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore > wrote: >> NEVER EVER EVER put an IX prefix into BGP, IGP, or even >> static route. An IXP LAN should not be reachable from any >> device not directly attached to that LAN. Period. >> >> D

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 9:37 AM, "Dobbins, Roland" wrote: > But what I'm saying is that that whether or not they want to use jumbo frames > for Internet traffic, it doesn't matter, because PMTU-D is likely to be > broken either at the place where the traffic is initiated, the place where > the tr

Re: best practice for advertising peering fabric routes

On Tue, Jan 14, 2014 at 10:11 PM, Patrick W. Gilmore wrote: > NEVER EVER EVER put an IX prefix into BGP, IGP, or even > static route. An IXP LAN should not be reachable from any > device not directly attached to that LAN. Period. > > Doing so endangers your peers & the IX itself. It is on the orde

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 10:31 PM, Leo Bicknell wrote: > I am approaching it from a different perspective, 'where is PMTU-D broken for > people who want to use 1500-9K frames end to end?' I understand that perspective, absolutely. But what I'm saying is that that whether or not they want to use j

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 8:49 AM, "Dobbins, Roland" wrote: > Not really. What I'm saying is that since PMTU-D is already broken on so > many endpoint networks - i.e., where traffic originates and where it > terminates - that any issues arising from PMTU-D irregularities in IXP > networks are triv

Re: best practice for advertising peering fabric routes

On (2014-01-15 08:18 -0600), Leo Bicknell wrote: > I know a lot of people push next-hop-self, and if you're a large ISP with > thousands of BGP customers is pretty much required to scale. It's actually the polar opposite. If you are small, there are no compelling reasons to put IXP in IGP. If yo

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 9:18 PM, Leo Bicknell wrote: > However, a good engineer would know there are drawbacks to next-hop-self, in > particular it slows convergence in a number of situations. There are > networks where fast convergence is more important than route scaling, and > thus the tradit

Re: best practice for advertising peering fabric routes

On Jan 15, 2014, at 12:02 AM, "Dobbins, Roland" wrote: > Again, folks, this isn't theoretical. When the particular attacks cited in > this thread were taking place, I was astonished that the IXP infrastructure > routes were even being advertised outside of the IXP network, because of > these

Re: best practice for advertising peering fabric routes

On Wednesday, January 15, 2014 09:57:32 AM Michael Hallgren wrote: > I don't think you need route-reflection in a 5 node iBGP. I'm for doing it now and not worrying about it later. Also, don't originate your routes from your peering router Mark. signature.asc Description: This is a digitall

Re: [VoiceOps] (cross post) VoIP heat charts...

> http://www.nanpa.com/nanp1/allutlzd.zip lists NPANXX and Ratecentre. How does number portability interact with this? What fraction of numbers have been ported? (Where should I look/google to find the answer?) -- These are my opinions. I hate spam.