It might make sense to just give everyone their own vlan and their own /64;
that would, of course, bring its own problems and complexities (namely that
I've gotta have the capability to deal with more customers than I can have
native vlans - not impossible to get around, but significant ad
On 03/26/2014 11:14 PM, Owen DeLong wrote:
Why not just use private VLAN layer 2 controls for the privacy you describe?
The technology I know of is what cisco calls 'protected ports' - My
understanding is that those simply mean you can't pass traffic to or
from other 'protected ports' - I
On 03/26/2014 03:49 PM, Matt Palmer wrote:
On Wed, Mar 26, 2014 at 10:55:03AM -0700, Luke S. Crawford wrote:
There are many ways to skin this cat; stateless autoconfig looks
like it mostly works, but privacy extensions seem to be the default
in many places; outgoing IPv6 from those random
On 03/24/2014 06:18 PM, Owen DeLong wrote:
DHCPv6 is no less robust in my experience than DHCPv4.
ARP and ND have mostly equivalent issues.
This depends a lot on what you mean by 'robust'
Now, I have dealt with NAT, and I see IPv6 as a technology with the
potential to make my life less unple
On 08/29/2013 07:43 PM, Blake Dunlap wrote:
+10 Good explanation.
This is a lot of why I have someone like Cogent/L3/etc and some random
transit provider in most of my pops I spec, plus a backhaul to another node.
...
One thing to keep in mind is that for major Tier 1s, it's not at all
uncom
I also have had good experience with (used) servertech/century/power
tower (I think all the same brand) - very inexpensive; if you are in
santa clara I have some spare 2u 16 port 208v (20a/c19) units.
Here is something a buddy wrote up when we were wiring them to the
user-accessable power o
On Wed, Jun 06, 2012 at 07:43:42PM -0700, Aaron C. de Bruyn wrote:
> Why haven't we taken this out of the hands of website operators yet?
> Why can't I use my ssh-agent to sign in to a website just like I do
> for about hundred servers, workstations, and my PCs at home?
>
> One local password used
On Sun, May 27, 2012 at 12:34:22PM +1000, Matthew Palmer wrote:
> On Sat, May 26, 2012 at 09:39:16PM -0400, Luke S. Crawford wrote:
> > On Sat, May 26, 2012 at 10:06:03AM +1000, Matthew Palmer wrote:
> > > ... Feel free to turn the process around -- decide what
> > >
On Sat, May 26, 2012 at 10:06:03AM +1000, Matthew Palmer wrote:
> We pay what our providers think they can get away with. Like most pricing
> decisions, they're not based on any "technical logic", they're based on what
> the market will bear. Feel free to turn the process around -- decide what
>
On Thu, May 24, 2012 at 08:50:47AM -0400, not common wrote:
> Hello,
>
> I am looking for some guidance on full packet inspection at the ISP level.
>
> Is there any regulations that prohibit or provide guidance on this?
Unless you are absolutely huge, and maybe even then, you need to worry
more
On Thu, May 03, 2012 at 10:59:47AM -0400, Brandt, Ralph wrote:
> One of the first things cellular companies can do is stop overselling
> cellular. The second is end or raise the price significantly on
> unlimited plans, both voice and data. Go to what the landlines called,
> USS, that is you pay
On Tue, Apr 24, 2012 at 01:32:17PM -0400, ad...@thecpaneladmin.com wrote:
> Anyone have any tips for getting IPs from ARIN? For an end-user
> allocation they are requesting that we provide customer names for
> existing allocations, which is information that will take a while to
> obtain. They ar
On Sun, Apr 15, 2012 at 10:52:51AM -0500, Jimmy Hess wrote:
> Consider that the probability 16GB of SDRAM experiences at least one
> single bit error at sea level,
> in a given 6 hour period exceeds 66% = 1 - (1 - 1.3e-12 * 6)^(16 *
> 2^30 * 8).In any given 24 hour period, the probability of
On Sat, Apr 07, 2012 at 07:25:24PM -0400, Robert E. Seastrom wrote:
> Generally the costs of transit are pushed down by competition. As a
> vendor your costs for bandwidth/transport/port*bw may drop but you are
> unlikely to drop your prices to your customers merely because your
> costs have gone
On Sat, Apr 07, 2012 at 06:16:30PM -0400, Robert E. Seastrom wrote:
> Sometimes making the AS path as short as possible makes a lot of sense
> (e.g. when trying to get an anycast network to do the right thing),
> but assumptions that peering results in lower costs are less true
> every day.
I keep
On Sat, Mar 24, 2012 at 02:42:36PM -0500, Frank Bulk wrote:
> I've been many times where you were, frustrated that I didn't know the dark
> fiber options for a potential opportunity, but you have to remind yourself
> don't have a *right* to know where *private* fiber is. It's not just the
> physic
On Thu, Mar 22, 2012 at 01:31:47PM -0400, Jared Mauch wrote:
> You agree on a price per distance (e.g.: mile/foot/whatnot).
>
> Lets say the cable costs $25k to install for the distance of 5000 feet.
>
> That cable has 144 strands.
>
> You need access to one strand. If you install it yourself,
On Thu, Mar 15, 2012 at 10:41:18PM -0400, Joe Maimon wrote:
> So we have a wiki list of 1U rack hosting.
We do? where? all I see on http://nanog.cluepon.net is spam
> How about a list of SP's willing to configure BGP over whatever you got,
> including tunnels? And willing to allocate you spa
Richard A Steenbergen writes:
>
> You've never seen a single port go bad on a switch? I can't even count
> the number of times I've seen that happen. Not that I'm not suggesting
> the OP wasn't the victim of a human error like unplugging the wrong port
> and they just lied to him, that happens
goe...@anime.net writes:
> On Fri, 8 Aug 2009, Luke S Crawford wrote:
> > 1. are there people who apply pressure to ISPs to get them to shut down
> > botnets, like maps did for spam?
>
> sadly no.
...
Why do you think this might be? Fear of (extralegal) retaliation by
bo
Roland Dobbins writes:
> On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
>
> > 2. is there a standard way to push a null-route on the attackers
> > source IP upstream?
>
> Sure - if you apply loose-check uRPF (and/or strict-check, when you
> can do so) on Cisco
rs source IP
upstream? I know the problem is difficult due to trust issues,
but if I could null route the source, it's just a matter of detecting abusive
traffic, and with this attack, that part was pretty easy.
--
Luke S. Crawford
http://prgmr.com/xen/ - Hosting for the technically adept
http://nostarch.com/xen.htm - We don't assume you are stupid.
ask me. (I imagine
the guys who have to deal with cooling feel differently, but at my
scale, that's all priced into the power.)
--
Luke S. Crawford
http://prgmr.com/xen/ - Hosting for the technically adept
We don't assume you are stupid.
Joe Abley writes:
> What is everybody's favourite combination rack-mount VGA/USB KVM-over-
> IP and serial console concentrator in 2009?
>
> I'm looking for something that will accommodate 8 or so 9600bps serial
> devices and about 12 VGA/USB devices, all reachable over IP via sane
> means (ssh,
bmann...@vacation.karoshi.com writes:
> or - the more modern approach is to let the node (w/ proper authorization)
> do a secure dynamic update of the revserse map - so the forward and reverse
> delegations match. ... a -VERY- useful technique.
I have a question. Is this an abuse problem? som
"Brandon Galbraith" writes:
> But it's definitely not cool when my credit card company cuts off my card
> due to "abnormal charges" when I'm abroad and suddenly can't get ahold of
> customer service via their international phone number. Automation in the
> right places works wonders for both conve
Randy Bush writes:
> > speaking as a small provider, I can tell you that I find running snort
> > against my inbound traffic does reduce the cost of running an abuse desk.
> > I do catch offenders before I get abuse@ complaints, sometimes.
>
> unfortunately snort does not really scale to a large
Randy Bush writes:
> be specific, like "if you run X tools the payoff will be Y."
Yes. And where is the appropriate form for this?I find this
sort of thing quite interesting; and yeah, it doesn't seem like the
sort of thing NANOG is for, but most of the small ISP forms
(like webhostingtalk
[EMAIL PROTECTED] writes:
> Apart from using Bernstein's tinydns, anyone have any scripts
> for looking for problems in zone files or for incrementing the
> serial number reliably?
If you are using BIND, your problem is solved by DDNS and nsupdate.
this has the added advantage of making it signi
Peter Beckman <[EMAIL PROTECTED]> writes:
...snip "use snort" suggestion
> This is what I think we should ALL be doing -- monitoring our own network
> to make sure we aren't the source, via customers, of the spam or DOS
> attacks. All outbound email from your own network should be scann
Peter Beckman <[EMAIL PROTECTED]> writes:
> If you are taking card-not-present credit card transactions over the
...snip "hard to charge fradulent customers" and also "verifying customer
identity annoys the customer"... points-
The goal here is to give abuse a negative expected return.
One w
"Christopher Morrow" <[EMAIL PROTECTED]> writes:
> Oh, how do you know you can trust the VPN folks anymore than the
> cable-modem folks though? eventually the same cost issues are going to
> arise for the VPN folks as did for cable-modem/dsl folks (downward
> pressure on pricing and infra/opex/cape
32 matches
Mail list logo
