Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?

On 7 March 2017 at 23:27, Dennis Bohn wrote: > > > > > > In addition, IPv6 has link local addresses. > > This one seemingly insignificant detail causes so much code churn > > and is probably responsible for 10 years of the IPv6 drag. > > AFAICT, Cisco V6 HSRP (mentioning that brand only because i

Re: Soliciting your opinions on Internet routing: A survey on BGP convergence

g at a new one. My view on the problem is that if you are failing over frequently enough for a customer to notice and report it, you have bigger problems than convergence times. - Mike Jones

Re: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

> MACs that didnt make it through the switch when running 4.12.3.1: > > 4*:**:**:**:**:** > 6*:**:**:**:**:** > *4:**:**:**:**:** > *6:**:**:**:**:** > **:**:*B:**:6*:** > **:**:*F:**:4*:** Can anyone explain the last 2 for me? I was under the impression that this bug was

Re: BCP38 adoption "incentives"?

. If a network is thinking about it enough to want to block it, they will probably do so by turning knobs on their routers rather than deploying another patch to the CPE. I don't think the CPE is the solution here. - Mike Jones

Re: IPv6 deployment excuses

2 ways of configuring hosts, however if you configure both RA and DHCP then you will cover 100% of IPv6-capible hosts. "Our legal intercept setup does not work with IPv6" If your lawful intercept equipment can't see traffic just because they used an "unknown" protocol then it has a major flaw! - Mike Jones

IPv6 deployment excuses

that I can point people to when they say they don't know how to deploy IPv6 on their networks? :) - Mike Jones

Fw: new message

Hey! New message, please read <http://doctorcatherinebarry.com/act.php?lm> Mike Jones

Re: Cisco/Level3 takedown

On 9 April 2015 at 19:16, Randy Bush wrote: >> It does make one wonder why Cisco or Level 3 is involved, why they >> feel they have the authority to hijack someone else's IP space, and >> why they didn't go through law enforcement. This is especially true >> for the second netblock (43.255.190.0/2

Re: How our young colleagues are being educated....

: MAC Addresses are unique, IP fragments should be blocked for security reasons, and the OSI model only has 7 layers to worry about. All theoretically correct. All wrong. - Mike Jones On 22 December 2014 at 09:13, Javier J wrote: > Dear NANOG Members, > > It has come to my attention, tha

Re: .nyc - here we go...

On 5 July 2013 02:02, Eric Brunner-Williams wrote: > Someone who should know better wrote: > > > Well give that .com thingie is IPv6 accessable and has DNSSEC there > > is nothing we need to let you know. And yes you can get IPv6 > > everywhere if you want it. Native IPv6 is a little bit harder

Re: PRISM: NSA/FBI Internet data mining project

On 8 June 2013 12:12, Jimmy Hess wrote: > On 6/7/13, Måns Nilsson wrote: > > Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun > 07, > > 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): > >> > >> Just wait until we find out dark and lit private fiber is getti

Re: cannot access some popular websites from Linode, geolocation is wrong, ARIN is to blame?

Inline Reply On 2 March 2013 21:58, Constantine A. Murenin wrote: > Dear NANOG@, > > I've had a Linode in Fremont, CA (within 173.230.144.0/20 and > 2600:3c01::/32) for over a year, and, in addition to some development, > I sometimes use it as an ssh-based personal SOCKS-proxy when > travelling a

Re: Muni fiber: L1 or L2?

On 13 February 2013 12:34, Scott Helms wrote: > Using the UK as a model for US and Canadian deployments is a fallacy. I don't believe anyone was looking at the UK model? But now that you mention it the UK has a rather interesting model for fibre deployment, a significant portion of the country ha

Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

On 19 January 2013 04:48, Doug Barton wrote: > No, because NAT-like solutions to perpetuate v4 only handle the client side > of the transaction. At some point there will not be any more v4 address to > assign/allocate to content provider networks. They have seen the writing on > the wall, and many

Re: For those who may use a projector in the NOC

On 18 January 2013 02:19, Eric Adler wrote: > This appears to be an Epson / 3LCD marketing campaign. > > whois shows an admin contact at wintergroup.net. wintergroup.net (on http) > is the home to a marketing agency, their client links below include "Epson" > and "3LCD"; clicking 3LCD brings up a

Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

On 17 January 2013 10:06, . wrote: > i am not network engineer, but I follow this list to be updated about > important news that affect internet stability. > > NAT is already a problem for things like videogames. You want people > to be able to host a multiplayer game, and have his friends to joi

Re: Gmail and SSL

On 1 January 2013 19:04, Keith Medcalf wrote: > Perhaps Googles other "harvesters" and the government agents they sell or > give user credentials to, don't work against privately (not under the > goverment thumb) encryption keys without the surveillance state expending > significantly more reso

Re: Big day for IPv6 - 1% native penetration

On 20 November 2012 16:05, Patrick W. Gilmore wrote: > On Nov 20, 2012, at 08:45 , Owen DeLong wrote: > >> It is entirely possible that Google's numbers are artificially low for a >> number >> of reasons. > > AMS-IX publishes stats too: > > > This is pro

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

On 23 October 2012 14:16, Rob Laidlaw wrote: > RFC 2526 reserves the last 128 host addresses in each subnet for anycast use. IPv4 addresses ending in .0 and .255 can't be used either because the top and bottom addresses of a subnet are unusable. Why would hetzner be making such assumptions about

Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)

On 24 September 2012 21:11, Adrian Bool wrote: > > On 24 Sep 2012, at 17:57, Tore Anderson > wrote: > >> * Tore Anderson >> >>> I would pay very close attention to MAP/4RD. >> >> FYI, Mark Townsley had a great presentation about MAP at RIPE65 today, >> it's 35 minutes you won't regret spending:

Re: Layer2 over Layer3

On 12 September 2012 23:23, Philip Lavine wrote: > To all, > > I am trying to extend a layer2 connection over Layer 3 so I can have > redundant Layer connectivity between my HQ and colo site. The reason I need > this is so I can give the "appeareance" that there is one gateway and that > both d

Re: Finding "Name Servers" (not NS records) of domain name

On 17 August 2012 13:14, Matthew Palmer wrote: > On Wed, Aug 15, 2012 at 06:10:25PM -0400, Anurag Bhatia wrote: >> Now as you would be knowing if I do regular dig with ns, it provides NS >> records. However I was able to find nameservers by digging gTLD root for >> gTLD based domains. This works f

Re: BGPttH. Neustar can do it, why can't we?

On 6 August 2012 16:11, Leo Bicknell wrote: > In a message written on Mon, Aug 06, 2012 at 10:05:30AM -0500, Chris Boyd > wrote: >> Speaking as someone who does a lot of work supporting small business IT, I >> suspect the number is much lower. As a group, these customers tend to be >> extremel

Re: Verizon FiOS - is BGP an option?

On 4 August 2012 04:07, Frank Bulk wrote: > As someone else posted, many FTTH installations are centralized as much as > possible to avoid having non-passive equipment in the plant, allowing for > the practicality of onsite generators. That's what we do. But for those > who have powered nodes in

Re: using "reserved" IPv6 space

On 15 July 2012 16:58, Grzegorz Janoszka wrote: > Allowing 2000::/3 is fine as well. Btw - what are the estimates - how > long are we going to be within 2000::/3? > I expect it to be long enough that we can enjoy lots of discussions about how to deal with broken route filtering and broken softwar

Re: Cool IPs: 1.234.35.245 brute force SSHing

On 26 February 2012 09:46, Richard Barnes wrote: > While you're in Korea, you could talk to Samsung as well about > 123.32.0.0/12 (including 123.45.67.89).  Closer to home, you could > also talk to AT&T about 12.0.0.0/8 (12.34.56.78). > --Richard Or if you don't mind a "little" unsolicited traffi

Re: Question regarding anycasting in CDN setup

On 1 February 2012 20:25, Anurag Bhatia wrote: > Now my question here is - why this setup and not simply using having a A > record for googlehosted.l.googleusercontent.com. which comes from any > anycasted IP address space? Why not anycasting at CDN itself rather then > only at DNS layer? You ar

Re: IP addresses are now assets

On 2 December 2011 20:01, Henry Yen wrote: > On Fri, Dec 02, 2011 at 12:37:29PM -0700, joshua sahala wrote: >> On Thu, Dec 1, 2011 at 10:20 PM, John Curran wrote:[cut] >> > Your subject line (IP addresses are now assets) could mislead folks, >> [cut] >> ianal, but the treatment of ip addresses by

Re: Link local for P-t-P links? (Was: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?)

On 1 December 2011 02:22, Ray Soucy wrote: > I for one get really irritated when my traceroutes and pings are > broken and I need to troubleshoot things. ;-)  But I guess something > has to give. > My home connection gets IPv6 connectivity via a tunnelbroker tunnel, i didn't use the "tunnel inter

Link local for P-t-P links? (Was: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?)

On 1 December 2011 00:55, Jimmy Hess wrote: > Please explain.    What are the better ways that you would propose > of mitigating ND table overflows? > If you can show a rational alternative, then it would be persuasive as > a better option. > Link-Local? For "true" P-t-P links I guess you don't

Re: ATT GigE issue on 11/19 in Kansas City

On 30 November 2011 17:45, Joe Maimon wrote: > > > Brad Fleming wrote: > >>> >> In either case I'm a customer and will likely never be told what went >> wrong. I'm OK with that so long as it doesn't happen again! >> >> > > > Does being told what happened somehow prevent it from happening it again?

Re: Outgoing SMTP Servers

On 28 October 2011 16:41, wrote: > You *do* realize that for all your nice "Thei Internet Is Not A Commons" > ranting, the basic problem is that some people (we'll call them spammers) *do* > think that (a) it's a commons (or at least the exact ownership of a given > chunk is irrelevant), and (b)

Re: Outgoing SMTP Servers

On 26 October 2011 05:44, Owen DeLong wrote: > Mike recommends a tactic that leads to idiot hotel admins doing bad things. > You bet I'll criticize it for that. > > His mechanism breaks things anyway. I'll criticize it for that too. > Just to clarify, I was merely pointing out a possible argument

Re: Outgoing SMTP Servers

On 25 October 2011 20:52, Alex Harrowell wrote: > Ricky Beam wrote: > >>Works perfectly even in networks where a VPN doesn't and the idiot >>hotel >>intercepts port 25 (not blocks, redirects to *their* server.) >> >>--Ricky > > Why do they do that? > My home ISP run an open relay on port 25 with

Re: Open Letters to Sixxs

On 15 September 2011 15:12, Meftah Tayeb wrote: > ok, that's a positive answer. > but let me ask you a question: > do HE.NET peer with cogent? level3? 4 189 ms 134 ms99 ms 10gigabitethernet7-4.core1.nyc4.he.net [2001:470:0:3e::1] 5 131 ms 152 ms 111 ms 2001:470:0:202::2 6

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

On 12 September 2011 18:39, Robert Bonomi wrote: > Seriously, about the only way I see to ameliorate this kind of problem is > for people to use self-signed certificates that are then authenticated > by _multiple_ 'trust anchors'.  If the end-user world raises warnings > for a certificate 'authent

Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

On 11 September 2011 16:55, Bjørn Mork wrote: > You can rewrite that: Trust is the CA business.  Trust has a price.  If > the CA is not trusted, the price increases. > > Yes, they may end up out of business because of that price jump, but you > should not neglect the fact that trust is for sale he

Re: NAT444 or ?

As HTTP seems to be a major factor causing a lot of short lived connections, and several large ISPs have demonstrated that large scale transparent HTTP proxies seem to work just fine, you could also move the IPv4 port 80 traffic from the CGN to a transparent HTTP proxy. As well as any benefits from

Re: VRF/MPLS on Linux

On 23 August 2011 14:45, wrote: > While I have found some information on a project called linux-mpls I am > having a hard time finding any solid VRF framework for Linux.  I have a > monitoring system that needs check devices that sit in overlapping private ip > space, and I was wondering if th