Re: Question about DNS naming conventions

On 2/12/2025 2:34 PM, William Herrin wrote: On Wed, Feb 12, 2025 at 9:58 AM Jack Bates wrote: The software has no concept of what the data is Which is why the software shouldn't be making a hard decision about appropriate cryptography. The users on the two ends, the folks who do know wha

Re: Question about DNS naming conventions

On 2/12/2025 8:15 AM, William Herrin wrote: And then of course there's the completely fair question of whether it's sensible to forcibly deprecate older security protocols when accessing information that's also offered over fully unencrypted channels. Confidentiality, Integrity AND Availability.

Re: Best way to have redundancy announcing on separate routers

On 12/23/2024 5:33 PM, Jean Franco wrote: I'm trying to achieve total redundancy on a multihomed environment: ISP 1 <=> Router 1 <= X => Router 2 <=> ISP 2 Where X is my Network. The hardest part can be handling a failure of either of the routers and having X still be able to talk to the ot

Re: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

On 4/24/2018 1:35 PM, Fredrik Korsbäck wrote: Surprised this hasnt "made the news" over at this list yet. In the old days, the list membership would have noticed the hijack. BGP hijacks used to be a somewhat popular topic, but like spammer chasing, I think everyone grew bored of it and the lac

Re: The IPv6 Travesty that is Cogent's refusal to peer Hurricane Electric - and how to solve it

On 1/21/2016 12:44 PM, Matthew D. Hardeman wrote: I’m inclined to agree with you, subject to some caveats: 1. I think more Cogent customers need to be more vocal about it. There hasn’t been an impetus to do so until recently. Now real people (not network engineer sorts) are starting to use

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On 3/2/2015 11:14 PM, Mark Andrews wrote: If the network supported it this would be typical of a household with teenagers. People adapt their usage to the constraints presented. That doesn't mean they are necessarially happy with the constraints. Don't take lack of complaints as indicating peop

Re: Bufferbloat related censorship at Virgin Media

On 3/1/2015 6:14 PM, Dave Taht wrote: It is 100% possible to fix excessive downstream buffering from some misconfigured device with a shaper on the download *on the CPE or home router*. From OP: "However I've recently noticed periods of 500-800ms latency to the CMTS gateway when only using 15

Re: Bufferbloat related censorship at Virgin Media

On 3/1/2015 5:28 PM, Dave Taht wrote: My IP address is apparently now banned from accessing your site at all, for "advertising", on this thread: http://community.virginmedia.com/t5/Up-to-152Mb/Bufferbloat-High-Latency-amp-packet-loss-when-connection/td-p/2773495 I don't see how codel is rel

Re: Verizon Policy Statement on Net Neutrality

On 3/1/2015 10:01 AM, Michael Thomas wrote: They didn't want to give channels for internet bandwidth either. Life would have been *far* more simple had the MSO's not *forced* the hardware designer to use their crappy noisy back channel, such as it was. The move from analog -- which was happe

Re: Verizon Policy Statement on Net Neutrality

On 2/28/2015 7:24 PM, Stephen Satchell wrote: How did I know about the DNS server manipulation? I worked for a Web hosting company with about 3,000 domains being served. Whenever the company renumbered (until it finally got its own IP allocation in order to multi-home) we would have to service

Re: Verizon Policy Statement on Net Neutrality

On 2/28/2015 6:17 PM, Lyndon Nerenberg wrote: Mind you, the truly annoying part of this story (for me) is knowing Telus has fibre pedestals not a block away, with enough bandwidth to serve up IPTV to all the condos in the neighbourhood. But I'm in the marina across the street. Since there are o

Re: Verizon Policy Statement on Net Neutrality

On 2/28/2015 4:38 PM, Barry Shein wrote: Can we stop the disingenuity? Asymmetric service was introduced to discourage home users from deploying "commercial" services. As were bandwidth caps. Hmm, at one point I was going to ask if anyone else remembered a long time ago ISPs having something i

Re: Verizon Policy Statement on Net Neutrality

On 2/28/2015 10:28 AM, Scott Helms wrote: Steve, My point is that for lots and lots of people their uplink is not "so low". Even when I look at users with 25/25 and 50/50, many of the have been at those rates for >3 years we don't see changes in traffic patterns nor satisfaction as compared to u

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 5:32 PM, Naslund, Steve wrote: That's my point. NANOG users are not the average user. For every one of you there are at least a thousand people who just want good Netflix connections and even if they might be backing up stuff remotely they are sending a few selfies and a couple

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 5:09 PM, Måns Nilsson wrote: What people want, at least once thay have tasted it, is optical last mile. And not that PON shit. The real stuff or bust. Yeah. Then they complain when a tornado wipes out their power and they can't make a phone call. It's a real world. Things are n

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On 2/27/2015 4:32 PM, Naslund, Steve wrote: You could do that. The only issue is that you are putting in more intelligent CPE that has to be frequency agile and signal to the head end what is happening. Carriers are very sensitive to CPE costs so I don't think that is likely to happen especi

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On Fri, Feb 27, 2015 at 4:56 PM, Stephen Satchell wrote: On 02/27/2015 01:27 PM, Jack Bates wrote: My 2 cents. I don't design these things, but you'd think people would start realizing that static allocation is kind of limiting. Giving someone 50mb/s with 20mb/s waste is annoying whe

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 3:21 PM, Scott Helms wrote: Talk to someone at Carbonite and ask them how much effort they have to exert to make that work. Also, keep in mind that your game example is not someone running a game server as a residential subscriber, it's a residential subscriber accessing a server ho

Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On 2/27/2015 2:47 PM, Miles Fidelman wrote: Folks, Let's not go overboard here. Can we remember that most corporate and campus (and, for that matter home) networks are symmetric, at least at the edges. Personally, I figure that by deploying PON, the major carriers were just asking for troub

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 1:30 PM, Scott Helms wrote: Even when we look at anomalous users we don't see symmetrical usage, ie top 10% of uploaders. We also see less contended seconds on their upstream than we do on the downstream. These observations are based on ~500k residential and business subscribers ac

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 11:48 AM, Naslund, Steve wrote: How about this? Show me 10 users in the average neighborhood creating content at 5 mbpsPeriod. Only realistic app I see is home surveillance but I don't think you want everyone accessing that anyway. The truth is that the average user does no

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 11:27 AM, Scott Helms wrote: Jack, I don't know what manufacturer you might be thinking of, but from a standards point of view ADSL2 and ADSL2+ both have faster upstream speeds than ADSL (G.dmt or T1.413) Oh, standards wise, that is true. However, the gear they had (AFC) su

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 11:03 AM, Bruce H McIntosh wrote: The REAL evil in the ISP marketplace is, of course, essentially entirely unremarked-upon - ASYMMETRY. For the Internet, as such, truly to live up to its promise to continue to revolutionize the world through free exchange of ideas, information,

Re: Verizon Policy Statement on Net Neutrality

On 2/27/2015 8:55 AM, Mike Hammett wrote: They won't be available for days, weeks, months, etc. After the vote, they are subject to editorial review... which isn't so much editorial as whatever the hell they want. They could just be literally adding commas and capitalizing letters to completel

Re: v6 deagg

On 2/24/2015 6:35 PM, William Herrin wrote: Anyway, I heard back from DRAGON's authors. Paraphrasing: "An aggregate (e.g. 10.0.0.0/8) must be withdrawn if the aggregate's origin loses its direct route to the filterable disaggregate's origin (e.g. 10.2.3.0/24). The withdrawn aggregate is replace

Re: What would you do about questionable domain pointing A record to your IP address?

On 2/20/2015 11:08 AM, Anne P. Mitchell, Esq. wrote: a) just not worry about it and keep an eye on it If they have held the netblock for awhile and are already using the IP Address in question, this is fine. I presume that the servers don't actually respond for that domain (name-based web or do

Re: v6 deagg

On 2/20/2015 4:13 AM, Nikolay Shopik wrote: rfc6115 have good overview and recommendation. IPv6 clearly need separation of identification of endpoints and routing information to that endpoint. I'm not overly familiar, but I'm always good for new things if one process is supported. deagg X

Re: [OT] Re: Intellectual Property in Network Design

On 2/15/2015 8:57 AM, William Herrin wrote: On Sun, Feb 15, 2015 at 12:49 AM, Owen DeLong wrote: This assumes that Copyright is the only IP protection out there. There are actually two distinct realms of IP protection afforded in the US. Actually, there are four: copyright, patent, trademark a

Department of Education contact (BOGON listing)?

ov. ed.gov. 86400 IN NS eduptcdnsp01.ed.gov. ed.gov. 86400 IN NS eduptcdnsp02.ed.gov. dig: couldn't get address for 'eduftcdnsp01.ed.gov' Unable to reach their nameservers from 104/8 networks. Other networks are fine. Jack Bates Paradox Networks

Re: UPDATE: Anyone shed light on Verizon blocking pop3 offnetwork?

whois contact without response. Jack Bates On 10/15/2014 12:55 PM, Jack Bates wrote: I have a customer that left Verizon FIOS when he moved but kept his email address. About a month ago, he says his pop3 quit connecting. I've tested the ports he's using and notice they aren't res

Re: Anyone shed light on Verizon blocking pop3 offnetwork?

I have 5 telephone companies that cannot reach it. :( jack On 10/15/2014 1:22 PM, Spencer Gaw wrote: No issues here coming from Level 3, CenturyLink, Mammoth, or Comcast. Able to telnet to pop.verizon.net on 995 and smtp.verizon.net on 465. Regards, SG On 10/15/2014 11:55 AM, Jack Bates

Anyone shed light on Verizon blocking pop3 offnetwork?

I have a customer that left Verizon FIOS when he moved but kept his email address. About a month ago, he says his pop3 quit connecting. I've tested the ports he's using and notice they aren't responding. He's tried helpdesk and they sent him to the abuse whitelist. He tried the abuse@, which of

Re: [OPINION] Best place in the US for NetAdmins

On 7/27/2014 12:41 PM, Matthew Petach wrote: You wouldn't like it here in the Bay Area. It's horrible, there's pollution all the time, the traffic is terrible, there's no reasonable public transportation, there's no late-night eateries for when you finish that maintenance window at 2am. You def

Re: [OPINION] Best place in the US for NetAdmins

On 7/26/2014 5:55 PM, Scott Weeks wrote: Some work from home well and some don't. It all depends on self-discipline. However, for those that can telecommute successfully (I've done that in the past, so I have experience to speak from) easy communication of various types (text, audio, or a/v wh

Re: ipmi access

I keep 2 vpn servers. ACL's at router to ipmi vlan, plus whatever additional security ipmi happens to have. I'm of the belief that vpn servers should be redundant. Kinda silly to lose one and not have access to your network. :) Jack On 6/2/2014 7:10 AM, Randy Bush wrote: so how to folk prot

Re: BGP route flapping

On 5/14/2014 5:14 PM, Gus Crichton wrote: The route calculations by the upstream tier 1s and 2s handle the route calculations but if I do this too many times consuming their resources, is there a penalty/blackmark on my AS? Is this monitored even by the tier1s and 2s? Generally I don't like

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 4/28/2014 12:05 PM, Lamar Owen wrote: Now, I can either think of it as double dipping, or I can think of it as getting a piece of the action. (One of my favorite ST:TOS episodes, by the way). The network op in me thinks double-dipping; the businessman in me (hey, gotta make a living, no?)

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 4/28/2014 9:18 AM, Phil Bedard wrote: People seem to forget what Comcast is doing is nothing new. People have been paying for unbalanced peering for as long as peering has been around. It's a little different because Netflix doesn't have an end network customer to bill to recoup those charges,

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 4/25/2014 8:23 AM, Patrick W. Gilmore wrote: gulation to protect its monopoly power. I answered in a private message: Microsoft. Kinda obvious if you think about it for, oh, say, 12 microseconds. The government actually had to step in to hinder them, as I recall, though I believe it was poin

Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post

On 4/24/2014 9:59 AM, Patrick W. Gilmore wrote: I think you and I disagree on the definition of "anti-competitive". But that's fine. There is more than one problem to solve. I just figured the FCC thing was timely and operational. I agree with you, Patrick. Double digit/meg pricing needs to d

Re: procmail, was autoresponding to Yahoo DMARC breakage

On 4/9/2014 9:21 PM, George Michaelson wrote: Aside from a horrid config notation. the main problem for me has always been getting sysadmins to include the changes which expose envelope-sender and envelope-recipient to procmail. Thats not procmail, its the way procmail is typically called. Withou

Re: IPv6 Security [Was: Re: misunderstanding scale]

On 3/27/2014 12:19 PM, Luke S. Crawford wrote: This is a very common problem for dedicated hosting providers (and why I give my dedicated hosts a vlan and a routed subnet, wasting IPv4.) Implement what some DSL access providers do. Unnumbered interfaces with /32 routing to the vlan. The last

Re: IPv6 Security [Was: Re: misunderstanding scale]

On 3/26/2014 12:55 PM, Luke S. Crawford wrote: However, DHCPv6 isn't anywhere near as useful for me, as someone who normally deals with IPs that don't change, as DHCPv4 is. My favorite is the RA thing. Years ago I decided that stupid DSLAMs were better than smart ones, so I generally utili

Re: misunderstanding scale, SMTP edition

On 3/26/2014 12:09 PM, John Levine wrote: OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses and there�s not a computer on the planet with enough memory (or probably not even enough disk space) to store that block list. Someti

BiLateral Transit Agreements?

pitfalls to look for or considerations that should be made. Our particular case is high cost transport, so both companies are looking at each having a Tier 1 transit and then supporting the second through their agreement. Jack Bates

Re: IPv6 and HTTPS

On 4/29/2013 12:40 PM, Owen DeLong wrote: What does the CGN cost you per subscriber (equipment, additional staff, etc.?) In my case, very little. Equipment was covered by bandwidth usage which mandated upgrading to higher end routers that support more than I need. It looks like my trios ha

Re: IPv6 and HTTPS

On 4/29/2013 11:11 AM, Owen DeLong wrote: Best of luck with that strategy. I think this ignores the growing IPv4 demand that will be coming from your business customers and assumes that your residential customers are all that you have to stack onto these addresses. The residential currently

Re: IPv6 and HTTPS

On 4/29/2013 3:19 AM, Owen DeLong wrote: Depends. Unless there is sufficient mass of residential subscribers willing to pay the premium for CGN (unlikely in my estimation), it'll make the most sense for residential providers to simply turn off IPv4 services and tell laggard web sites like Amazo

Re: Verizon DSL moving to CGN

On 4/8/2013 9:58 AM, joel jaeggli wrote: That happened a long time ago. I realize the people like to think of wireless providers as different, they really aren't. A big chuck of our mobile gaming customers come to us via carrier operated nat translators. Some of them now come to us via ipv6, mo

Re: Verizon DSL moving to CGN

On 4/8/2013 7:20 AM, Tore Anderson wrote: BTW. It is AIUI quite possible with MAP to provision a "whole" IPv4 address or even a prefix to the subscriber, thus also taking away the need for [srcport-restricted] NAPT44 in the CPE. The problem is NAPT44 in the CPE isn't enough. We are reaching the

Re: Open Resolver Problems

On 3/27/2013 4:49 PM, Tony Finch wrote: Jack Bates wrote: 3) BCP38 (in spirit) That should be deployed as well as RRL. Tony. If BCP38 was properly deployed, what would be the purpose of RRL outside of misbehaving clients or direct attacks against that one server? We already know the

Re: BCP38 - Internet Death Penalty

On 3/27/2013 10:40 AM, William Herrin wrote: Build a web page where a downstream can set the filters on his interface at his convenience. Apply some basic sanity checks against wide-open. Worry about small lies from a forensic after-the-fact perspective. This problem has a trivial technology-on

Re: BCP38 - Internet Death Penalty

On 3/27/2013 10:25 AM, Mark Andrews wrote: Technologies change. Concepts rarely do. BCP38 is technology neutral. If we follow that, we should just state "Don't allow spoofed IP Addresses!" and leave it to the individual to figure it out. BCP38 leaves that premise by mentioning ingress filteri

BCP38 needs advertising

Outside of needing more details and examples, BCP38 could use more advertising. The best option, if they would accept it, is to have all RIRs mention BCP38 as well as require that mention of BCP38 be included in all IP justification requests to customers (so that those who receive netblocks f

Re: BCP38 - Internet Death Penalty

On 3/27/2013 9:23 AM, Jay Ashworth wrote: Is BCP38 *not* well enough though out even for large and medium sized carriers to adopt as contractual language, much less for FCC or someone to impose upon them? If so, we should work on it further. BCP38 could definitely use some work. It is correct

Re: Open Resolver Problems

On 3/27/2013 9:34 AM, William Herrin wrote: On Wed, Mar 27, 2013 at 10:00 AM, Jack Bates wrote: Tracking the clients would be a huge dataset and be especially complicated in clusters. They'd be better off at detecting actual attack vectors rather than rate limiting. I count this amon

Re: Open Resolver Problems

On 3/27/2013 8:47 AM, William Herrin wrote: On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka wrote: Authoritative DNS servers need to implement rate limiting. (a client shouldn't query you twice for the same thing within its TTL). Right now that's a complaint for the mainstream software authors, n

Re: traffic accounting

On 3/12/2013 8:53 AM, Joe Abley wrote: Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC? Joe If you use MPC/trio with appropriate licensing, you might be able to hit 1:1 with ipfix. They were still working on IPv6 and other features when I looked a year a

Re: NYT covers China cyberthreat

On 2/21/2013 12:17 PM, Scott Weeks wrote: I'm not upset. I'm pointing out what Steven Bellovin said in just a few words: "This strongly suggests that it's not their A-team..." The A-team doesn't get caught and detailed. The purpose of the other teams is to detect easy targets, handle easy

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

On 2/21/2013 12:03 AM, Scott Weeks wrote: I would sure be interested in hearing about hands-on operational experiences with encryptors. Recent experiences have left me with a sour taste in my mouth. blech! scott Agreed. I've generally skipped the line side and stuck with L3 side encryptio

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

On 2/20/2013 1:05 PM, Jon Lewis wrote: See thread: nanog impossible circuit Even your leased lines can have packets copied off or injected into them, apparently so easily it can be done by accident. This is especially true with pseudo-wire and mpls. Most of my equipment can filter based m

Re: Our first inbound email via IPv6 (was spam!)

On 6/5/2012 9:29 AM, Raymond Dijkxhoorn wrote: Looking more closely... Is this still work in progress? ;; ANSWER SECTION: comcast.net.358 IN MX 5 mx3.comcast.net. comcast.net.358 IN MX 10 mx1.comcast.net. comcast.net.358 IN

Re: JUNOS forwards IPv6 link-local packets

On 4/27/2012 11:20 AM, Chris Adams wrote: Once upon a time, Jack Bates said: fe80::/65 discard fe80:0:0:0:8000::/65 discard More specifics rule out over connected any day. That would also kill any legitimate link-local traffic though. Perhaps. I'm actually curious on that, as the rule

Re: JUNOS forwards IPv6 link-local packets

On 4/27/2012 9:26 AM, Chris Adams wrote: I don't think that will work, because there's an automatic direct route for fe80::/64 to all interfaces with family inet6 configured. The only way I see around it is to apply a firewall filter to all IPv6 interfaces that blocks anything with a source in

Re: JUNOS forwards IPv6 link-local packets

On 4/27/2012 8:56 AM, Chris Adams wrote: I found out by accident yesterday that JUNOS routers will forward IPv6 packets with a link-local source address, in direct opposition of RFC 4291. To me, this seems to be a security hole that would be useful for DDoS attackers, giving them a way to send t

Re: Squeezing IPs out of ARIN

On 4/26/2012 7:09 PM, Jimmy Hess wrote: ome "show" commands will show DHCP server usage, but not conclusive proof of the utilization of the address space. Because the show commands are not independently verifiable -- for all the RIR knows, someone plugged in a big stack of $10 modems just to re

Re: Squeezing IPs out of ARIN

On 4/26/2012 1:05 AM, Jimmy Hess wrote: If resources are used to provide service to a customer, it is not unreasonable that ARIN require that this to be shown, what customer, etc -- the org. assigning or reallocating the resources is required to have documented this. In addition to this docum

Re: Squeezing IPs out of ARIN

This is the first time I've seen ARIN request actual individual names. I've had them requests SWIP and I've had them request exact user counts, and I generally get much larger allocations than what was being allocated. In addition, all their numbers matched up with all of my numbers and the all

Re: Squeezing IPs out of ARIN

On 4/24/2012 2:00 PM, Owen DeLong wrote: I know that the ARIN process can, on occasion be tricky to navigate if you don't understand the subtleties of how some of the terminology is defined and that people often use terms which have very specific meanings to ARIN staff members to have a much bro

Re: Huawei edge routers..

On 3/7/2012 1:08 PM, valdis.kletni...@vt.edu wrote: On Wed, 07 Mar 2012 10:22:56 CST, Jack Bates said: ]undo ssh server compatible-ssh1x enable Ouch. That's brutal. Is it true that setting isn't listed under 'display ssh server status'? ]ssh server compat enable ]displ

Re: Huawei edge routers..

On 3/7/2012 9:32 AM, Leigh Porter wrote: I liked how ssh is secure-telnet, took bit head scratching to enable ssh. That is, of course, incorrect; there is actually a "secure telnet"; ISTR it's telnet-over-ssl? How do you enable SSH then? It may be incorrect terminology, but it is actually ssh

Re: Huawei edge routers..

On 3/7/2012 4:55 AM, Nick Hilliard wrote: it isn't - if you're large enough that you have an automated provisioning system. Most of us aren't in that category though, and for those who aren't, it's the L3 tech people who will be doing the product evaluation and who will end up loathing the kit

Re: Huawei edge routers..

On 3/6/2012 3:41 PM, Jonathon Exley wrote: I last played with Huawei routers about 10 years ago and it looked very much like IOS. Interesting that they have changed. Also interesting that you don't like Alcatel's TiMOS - I prefer it to IOS, and find it comparable to Junos. I suppose we all have

Re: Huawei edge routers..

On 3/6/2012 4:20 AM, Saku Ytti wrote: I've not looked if they do netconf or whatnot, but that wasn't really my point. My point was, your system doesn't complain to you daily that working with huawei CLI is more annoying than IOS. On the other hand, if you hop into other people's Huawei router

Re: Common operational misconceptions

On 2/17/2012 10:04 AM, John Kristoff wrote: I was waiting for the thread to eventually end Greatest misconception of all. Jack

Re: Common operational misconceptions

On 2/17/2012 9:18 AM, Steve Clark wrote: Having worked with many people over the last 40 years, the good trouble shooters understood how things were suppose to work. This helps immeasurably in determining where to start looking. Ran into this not too long ago with a transport problem. The be

Re: Common operational misconceptions

On 2/17/2012 1:05 AM, Carsten Bormann wrote: On Feb 17, 2012, at 07:50, Paul Graydon wrote: what OSI means Yet another common misconception popping up: -- You can talk about the OSI model in the present tense (That said -- yes, it is still useful as a set of simple terms for certain combin

Re: Common operational misconceptions

On 2/16/2012 7:17 AM, Ray Soucy wrote: There seems to be (even among faculty) a gross misunderstanding of Layer-2. Nearly every textbook starts with IP, and talks about it as if we were 20 years in the past. Understanding all layers and how they can interact stacked within layers is a big iss

Re: Common operational misconceptions

A few for me that come to mind which haven't been covered yet. *) Latency, jitter, etc when pinging a router means packets going through the router suffer the same fate. Never fails that I get a call about the latency changes that occur every 60 seconds, especially on software based routers.

Re: US DOJ victim letter

On 1/27/2012 2:23 PM, Jon Lewis wrote: It's definitely real, but seems like they're handling it as incompetently as possible. We got numerous copies to the same email address, the logins didn't work initially. The phone numbers given are of questionable utility. Virtually no useful information w

Re: Juniper <-> Cisco IPv6 BGP peering

On 12/7/2011 6:53 PM, Randy Carpenter wrote: Tried that. I agree with others that it is an NDP issue. NDP for the GUA is fine, but just not for the link local. Is there something that would block only link local by default? I should add that I have another uplink to a different provider that w

Re: Juniper <-> Cisco IPv6 BGP peering

On 12/7/2011 4:30 PM, Randy Carpenter wrote: BGP is working fine, it is when they are trying to forward the packets back to me. They are seeing the Link-Local as the next-hop, which, for some reason, they cannot get to. Your subject is misleading. It appears to be an NDP problem. Check

Re: New on RIPE Labs: The Curious Case of 128.0/16

On 12/6/2011 9:38 AM, Chris Adams wrote: I believe that Sprint is using Cisco, not Juniper. This is either a manual filter or there is another (unidentified) issue with some Cisco configurations. People are less likely to read an RFC changing the reserved addresses. Even people who didn't f

Re: 128.0.0.0/16 configured as martians in some routers

On 12/5/2011 1:44 PM, Chris Adams wrote: Once upon a time, Alex Le Heux said: Dear Colleagues, The correct prefix and pingable address list for the Debogonising Project is: prefix pinagble address 128.0.0.0/21128.0.0.1 128.0.24.0/24 128.0.24.1 Our apologies for the oversight.

Re: On Working Remotely

On 12/5/2011 11:00 AM, David Radcliffe wrote: I know many people who can work as you and we all adjust to our setting. I just also know people who gravitate to their distractions and need the wall to define work. It's best for me even though I will work as effectively at midnight as in the midd

Re: ARIN-2011-1: ARIN Inter-RIR Transfers - Last Call (expires in one week)

On 11/11/2011 1:11 PM, valdis.kletni...@vt.edu wrote: Would it be*nice* to have RA Guard and DHCP6 snooping in place? Yes. Is it totally impossible to deploy IPv6 until they're fully baked? Not at all - just need to be aware of the issues and be prepared to mitigate. Sure it raises the risk

Re: Firewalls - Ease of Use and Maintenance?

On 11/10/2011 12:24 PM, valdis.kletni...@vt.edu wrote: I think Rich has been around long enough that he gets called a*lot* of things (many of them non-complimentary), but this is the first time this century anybody's called him*naive*...;) Given that all of humankind is naive, it would be redu

Re: Anyone seen this kind of problem? SIP traffic not getting to destination but traceroute does

On 11/9/2011 4:45 PM, Blake Hudson wrote: I'm not sure how an IP transit provider (who should be providing routing/switching) screws up transport layer connections - looks like they are arbitrarily "managing" client data. Just my $0.02. With today's routers, all sorts of weird things can go w

Re: [outages] More notes

On 11/8/2011 12:05 PM, valdis.kletni...@vt.edu wrote: And if JunOS is anything like CIsco IOS, a lot of shops didn't upgrade because the newer release has *other* issues in their environments. Nobody wants to upgrade to fix a once-ever-few-months bug if it also buys them a daily crash in someth

Re: MPLS TE

On 11/4/2011 12:00 PM, harbor235 wrote: I am also looking at FRR which uses a backup tunnel for fast convergence. I did however not think about the dynamic nature of the tunnel and the potential for reestablishment. Even with primary/secondary paths, the secondary path will normally not get us

Re: BGP conf

On 11/2/2011 8:58 PM, Jeff Wheeler wrote: On Wed, Nov 2, 2011 at 8:44 PM, Jack Bates wrote: Now I have the mile long monstrosity that uses BGP communities for everything, and of route-maps/policies with prefix-lists for downstream customers. You have to start somewhere. cymru secure bgp

Re: BGP conf

On 11/2/2011 7:01 PM, Jeff Wheeler wrote: What you are asking your boss/company to do is trust you to put tires on their car without the right tools or knowledge. The result of that is probably how your network will end up: "a wreck." Reminds me of the look on my original boss' face when I sai

Re: Colocation providers and ACL requests

On 11/1/2011 1:22 PM, Kevin Loch wrote: Christopher Pilkington wrote: Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product? We have

Re: Manage an enterprise network? Please fill out my survey - for Science! :-)

On 11/1/2011 12:19 AM, Dobbins, Roland wrote: On Nov 1, 2011, at 11:44 AM, Cameron Byrne wrote: Unfotunately ISPs are deploying many middle boxen, frequently in series, for various reasons...cough cough cgn. This AusNOG presentation touches upon the topic:

Re: Manage an enterprise network? Please fill out my survey - for Science! :-)

On 10/31/2011 11:00 PM, Scott Whyte wrote: But seriously, if you can help her ascertain real middlebox use cases she wants to help improve that segment of networking via useful research, nothing more or less. Would love to see the results, although it definitely is catered more to enterprise

Re: Outgoing SMTP Servers

On 10/31/2011 8:12 PM, Brian Johnson wrote: Sent from my iPad On Oct 31, 2011, at 1:30 PM, "Jack Bates" wrote: On 10/31/2011 11:48 AM, Michael Thomas wrote: I've often wondered the same thing as to what the resistance is to outbound filtering is. I can think of a few po

Re: Outgoing SMTP Servers

On 10/31/2011 11:48 AM, Michael Thomas wrote: I've often wondered the same thing as to what the resistance is to outbound filtering is. I can think of a few possibilities: 1) cost of filtering 2) false positives 3) really _not_ wanting to know about abuse On the other hand, you have 1) cost

Re: Advice on BGP traffic engineering for classified traffic

On 10/24/2011 10:47 PM, Jay Ashworth wrote: - Original Message - From: "Jack Bates" I'm curious if anyone has a pointer on traffic manipulation for classified traffic. Based on the remainder of your post, I'm going to go ahead and assume that you don't mean &q

Advice on BGP traffic engineering for classified traffic

I'm curious if anyone has a pointer on traffic manipulation for classified traffic. Basics, I have a really cheap transit connection that some customers are paying reduced rates to only use that connection (and not my other transits). Though I've considered support for cases where NSP peering

Re: Juniper DOS/Blackhole question

On 10/23/2011 2:18 AM, Saku Ytti wrote: EBGP multihop is kludge to kill this check, but also kludge to kill convergence of your BGP session, due to disabling This is what I was worried about. fall over on linkdown. Proper way to disable this check is JunOS 'accept-remote-nexthop' or IOS 'disa

  1   2   3   4   5   6   7   >