>Another misconception. Humans (by and large) count in decimal, base 10.
>IPv4 is not that. It only LOOKS like that. In fact, the similarity to familiar
>decimal numbers is one of the reasons that people who are new to networking
>stumble early on, find CIDR challenging, etc.
Go ahead and read
t I really feel like ipv6 could have
> been made more human friendly and ipv4 interoperable.
>
>> On Oct 2, 2019, at 8:49 PM, Doug Barton wrote:
>>
>>> On 10/2/19 3:03 PM, Naslund, Steve wrote:
>>> The next largest hurdle is trying to explain to your server
In my experience, the biggest hurdle to installing a pure IPv6 has nothing to
do with network gear or network engineers. That stuff I expect to support v6.
This biggest hurdle is the dumb stuff like machinery interfaces, surveillance
devices, the must have IP interface on such and such of an o
It's certainly financial but it's not just companies being cheap. For example
for smaller companies with a limited staff and small margins. They may want to
have v6 everywhere but lack the resources to do it. It would for certain speed
up the process but there would be collateral damage in the p
A few thoughts:
1. What global organization has the ability to impose a tax on any
nation’s citizens?
2. Do you not see an issue with making everyone worldwide get rid of every
device that supports v4? Kind of a burden for a developing country, no? Also,
a bit of an e-waste proble
Just a tip, but you cannot really determine packet loss on an MPLS network with
a traceroute. The nodes between the provider edge routers may not even
represent your real path. Also, provider routers within their network will be
handling pings much differently than they handle your actual traf
So, if ARIN allocates a v6 assignment to ARDC how do you plan to use it without
a router or BGP. Whether it's v4 or v6 you need to route it somewhere. If you
have a PC, you can have a router and if you don't have a PC you probably don't
need to worry about any of this. If your club can't aff
Why bother purchasing space? CGNAT or v6 would both be better ways to go and
future proof. The v4 space you purchase today will be essentially worthless.
Steven Naslund
Chicago IL
>I really just want to know how I can purchase some more of that 44.
>space :)
How about this? If you guys think your organization (club, group of friends,
neighborhood association, whatever...) got screwed over by the ARDC, then why
not apply for your own v6 allocation. You would then have complete control
over its handling and never have to worry about it again. If yo
>I can guarantee you that Akamai is very much run by beancounters in addition
>to engineers. I have first hand experience with that.
>
>I can also assure you that it’s quite unlikely that any of Comcast, Netflix,
>Facebook, Google, AT&T, T-Mobile, or Verizon just to name a few of the biggest
>ar
In defense of John and ARIN, if you did not recognize that ARDC represented an
authority for this resource, who would be? The complaints would have been even
more shrill if ARIN took it upon themselves to “represent” the amateur radio
community and had denied the request or re-allocated the ass
I think the Class E block has been covered before. There were two reasons to
not re-allocate it.
1. A lot of existing code base does not know how to handle those addresses
and may refuse to route them or will otherwise mishandle them.
2. It was decided that squeezing every bit of sp
You might want to check with a company called Transtelco. They are an
alternate fiber provider (outside of Telmex).
Steven Naslund
Chicago IL
From: NANOG On Behalf Of Mehmet Akcin
Sent: Thursday, May 30, 2019 9:20 AM
To: nanog
Subject: Mexico
Hi there
I am looking for dark fibre in several
Agreed, I remember the biggest problem when the Starr Report was released was
that our dial-up PoPs had all lines busy. It was a different Internet then.
Steven Naslund
Chicago IL
> Hey Mike.
>
> Agreed. But the scale of a 400 page document with global interest?
> Should be highly cached with
AKA Too Big To Care. Happens a lot.
Steven Naslund
Chicago IL
On Wed, Jan 30, 2019 at 11:36 AM Mike Hammett
mailto:na...@ics-il.net>> wrote:
Oh, you ordered cross connects for a PNI and they stopped responding
mid-project? Isn't that nice!
-
Mike Hammett
Intelligent Computing Solutions
h
>And apparently fire. I wasn’t going to chime in but one of my >providers
>*just* alerted us to an electrical fire in a Minneapolis pop >causing loads to
>failover to ups. Unknown whether weather >conditions contributed to the
>incident.
Yes, in Chicago we will see an increase in home fires bec
Ironically you don’t really save a lot of energy when it’s this cold because
the loops are running at high speed and the humidification coils are working
overtime to keep the RH up in the room.
People think we can bring in all the outside cold we want but the issue then is
humidity stability.
>Exactly what he said. We actually run cooling and supplemental heating >in
>extreme cold. We need to keep the chiller pulling heat into itself and >pumps
>moving on high to keep the outdoor components from freezing >up. During the
>summer you might run close to or slightly below freezing >on
>To the 'infrastructure' question, I think the biggest concerns would >be power
>related. Although we have a DC in Buffalo that is cooled >on ambient outside
>air that has the opposite problem ; it's TOO cold >at the moment, so we are
>cycling most of the hot server exhaust >back into the comput
The main issue is infrastructure like power, cable damage, and heating/cooling
systems.
Power lines tend to go down because anything weak becomes brittle and any
accident involving a pole tends to cause them to break rather than absorb
impact. Also, conduits and manholes that normally might be
Sorry. Correction.
If it IS RFC compliant they should accept the attribute. If it is NOT, they
should drop (and maybe log it).
Steve
>Contact your hardware vendor. That is not acceptable behavior. If it is not
>RFC compliant they need to accept the attribute, if it's not RFC compliant
>th
Agreed, do you think you will not see that attribute again now that the public
knows that you are vulnerable to this DoS method. Expect to see an attack
based on this method shortly. They just did you a favor by exposing your
vulnerability, you should take it as such. I would be putting in em
Contact your hardware vendor. That is not acceptable behavior. If it is not
RFC compliant they need to accept the attribute, if it's not RFC compliant they
should gracefully ignore it. Now we all know that anyone using that gear is
vulnerable to a DoS attack. Won't be long until anyone else
I hope you are as critical of your hardware vendor that cannot accept BGP4
compliant attributes or have you just not updated your code? You can black
hole anything you want but as long as the “Internet” is sending you an RFC
compliant BGP you better be able to handle it.
Steven Naslund
Chicago
That's right. Check out www.west.com
So, your town will hire someone to put the systems in the 911 center and that
might be a company like West or say you are a local network provider doing VOIP
you could hire west to put in a gateway for you. State and local governments
can hire them to main
There are multiple ways this outage can impact CL 911 service not just related
to IP. Here are a few of them:
1. You have a POTS line and you dial 911 which gets to your central
office but the CO switch had no trunks out, either because they were TDM but
riding one of the optical carrie
So, to explain the whole system…..
1. From your location to the your serving CO would be IP, POTS, Cellular
however your normal phone call route.
2. From your CO to the CO(s) serving your 911 center. Might be a
dedicated trunk or may have high priority to seize channels within the n
This was a product available from the earliest Bell System days. You could
specify a couple of options. One is local path redundancy or diversity -
intended to get you to another central office and not use the same cable as
another specified circuit. A second option is called avoidance where
All true but it is becoming increasingly difficult to determine if a provider
is using another providers infrastructure (all are at some level). For
example, in the SIP world there are several national level carriers that are
using Level 3s core SIP network and if you were not aware of that you
A note for the guys hanging on to those POTS lines…It won’t really help. One
of our sites in Dubuque Iowa had ten CenturyLink PRIs (they are the LEC there)
homed off of a 5ESS switch. These all were unable to process calls during the
CenturyLink problem. The ISDN messaging returned indicated
They shouldn’t need OOB to operate existing lambdas just to configure new ones.
One possibility is that the management interface also handles master timing
which would be a really bad idea but possible (should be redundant and it
should be able to free run for a reasonable amount of time). The
I agree 100%. Now they need to figure out why bricking the management network
stopped forwarding on the optical side. > (Forgive my top posting, not on my
desktop as I’m out of town)
Steven Naslund
Chicago IL
>
>Wild guess, based on my own experience as a NOC admin/head of operations at a
>la
See my comments in line.
Steve
>Hey Steve,
>I will continue to speculate, as that's all we have.
> 1. Are you telling me that several line cards failed in multiple cities in
> the same way at the same time? Don't think so unless the same software fault
> was propagated to all of them. If t
Not buying this explanation for a number of reasons :
1. Are you telling me that several line cards failed in multiple cities in the
same way at the same time? Don't think so unless the same software fault was
propagated to all of them. If the problem was that they needed to be reset,
couldn
We see slow recovery. Dallas data service came back up, Dubuque voice service
still down.
Steven Naslund
Chicago IL
>
>Seems like things have stabilized as of about an hour ago for us.
>
Anyone have any insight to the nationwide CenturyLink issues/outages today?
Just wondering. Know for sure that our connections to them from Florida, Iowa,
and Washington State are all affected. Voice and data.
Steven Naslund
Chicago IL
>Why do you think the network portion needs to be contiguous?
Just because some equipment at one time let you configure a non-contiguous mask
does not make it correct configuration. Please come up with any valid use case
for a non-contiguous network (note NETWORK, not any other purpose) mask.
I am wondering how a netmask could be not contiguous when the network portion
of the address must be contiguous. I suppose a bit mask could certainly be
anything you want but a netmask specifically identifies the network portion of
an address.
Steve
> I seem to remember that before the advent
I will grant you that no customer ever asked for route dampening. I also
realize that RFD is much less important now than in the past. I come from the
ARPANET/DDN ages of the Internet and can tell you that RFD was absolutely
critical in the days of very under powered routers and very unstable
I think you will find that very hard to evaluate since the value of RFD will be
different in different network regions. For example, it is probably good
practice to run RFD toward a customer on an unstable access link. It might not
be a good idea to run it on a major backbone link that could p
I see it more used in terms of firewall operations on what are normally network
routing devices. I suppose someone with Cisco IOS architecture inside
knowledge could tell us why they use that notation with ACLs primarily.
I have never seen a computer want or accept an inverse mask so it is
It is an interesting article but confirms a few things to me.
1. There are only a very small percentage of flapping routes causing an
inordinate amount of BGP processing. Would it be more effective to implement
this route damping mechanism world wide or try to eliminate the source of the
in
Two reasons :
1. Legacy configuration portability, people learned a certain way and all
versions of code understand a certain way. The best way to correct that issue
it to accept either of them.
2. The inverse mask is indeed a pain in the neck but is technically
correct. The subne
Remember always that the local pref is just that, YOUR local preference.
Sending that flapping route upstream does not give your peer the option to
ignore it. In any case, the downside is that you have to process that route
and then choose whether or not to use it. It’s like saying “now that
Mainly because propagating a flapping route across the entire Internet is
damaging to performance of things other your own equipment and that of your
customer. It is just "bad manners" to propagate a flapping route to your peers
and it helps maintain a minimum level of stability that it require
It is a matter of machine readability vs human readability. Remember the IP
was around when routers did not have a lot of horsepower. The dotted decimal
notation was a compromise between pure binary (which the equipment used) and
human readability. VLSM seems obvious now but in the beginning
Yeah there are those.
Steve
-Original Message-
From: Valdis Kletnieks On Behalf Of valdis.kletni...@vt.edu
Sent: Monday, November 12, 2018 2:29 PM
To: Naslund, Steve
Cc: nanog@nanog.org
Subject: Re: IGP protocol
On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said:
I don't know where you heard that but it is probably incorrect. Here is what I
think you will find.
1. Most large networks (service providers) supporting MPLS will be using ISIS
as their IGP. Some will have islands of OSPF because not everything speaks
ISIS.
2. Most corporate networks will
>Make a second account at your bank. One account is
>'storage' and has all your money. You never use
>the 'storage account' ATM card for anything outside
>your bank's ATM machines.
Doubling the service fees from your bank.
>The second one is where you only keep $50-$100 in
>it. When you use y
I see this all the time. Especially in module chassis. It seems like
sometimes it has to do with when each board goes to a ready state as the system
boots. We also see renumbering due to virtual interface and board additions.
While you are running they seem to get the next ifindex available
Remember we are talking about classified intelligence systems and large IT
organization infrastructure (Google, Yahoo, Apple) here (in the original
Supermicro post).
That would be information whose unauthorized disclosure would cause grave or
exceptional grave harm (definition of secret and top
It only proves that you have seen the card at some point. Useless.
Steven Naslund
Chicago IL
>I'm pretty sure the "entire point" of inventing CVV was to prove you
>physically have the card.
Mr Herrin, you are asking us to believe one or all of the following :
1. You believe that it is good security policy to NOT have a default DENY ALL
policy in place on firewalls for DoD and Intelligence systems handling
sensitive data.
2. You managed to convince DoD personnel of that fact and
If there was a waiver issued for your ATO, it would have had to have been
issued by a department head or the OSD and approved by the DoD CIO after
Director DISA provides a recommendation and it is mandatory that it be posted
at https://gtg.csd.disa.mil. Please see this DoD Instruction
http://w
It is good but has several inherent problems (other than almost no one using
it). Your card number is static and so is your pin. If they get compromised,
you are done. Changing token/pin resolve the static number problem completely,
compromise of a used token has no impact whatsoever.
Steven
True and that should be mandatory but does not solve the telephone agent
problem.
Steven Naslund
Chicago IL
> I understand that in some countries the common practice is that the
> waiter or clerk brings the card terminal to you or you go to it at the
> cashier's desk, and you insert or
Sure and with the Exp Date, CVV, and number printed on every card you are open
to compromise every time you stay in the hotel or go to a restaurant where you
hand someone your card. Worse yet, the only option if you are compromised is
to change all your numbers and put the burden on your of not
Having gone through this I know that it's all on you which is why no one really
cares. You have to notice a fraudulent charge (in most cases), you have to
dispute it, you have to prove it was not you that made the charge, and if they
agree then they change all of your numbers at which point you
The entire point of the CVV has become useless. Recently my wife was talking
to an airline ticket agent on the phone (American Airlines) and one of the
things they ask for on the phone is the CVV. If you are going to read that all
out over the phone with all the other data you are completely v
You are free to disagree all you want with the default deny-all policy but it
is a DoD 5200.28-STD requirement and NSA Orange Book TCSEC requirement. It is
baked into all approved secure operating systems including SELINUX so it is
really not open for debate if you have meet these requirements.
I agree 100% and also have noticed that severe weather systems tend to more
severe in rural areas due to either open spaces (the plains) or trees (forested
areas) doing more damage. I can tell you from living the in Midwest that the
storms in Iowa and Nebraska are way worse than the ones that h
I am wondering if this seems common to most of you on here. In my area it
seems that all cellular sites have backup generators and battery backup. Seems
like the biggest issues we see are devices remote from the central offices that
lose power and cause disruptions, like RSTs and SLCs. During
Yet this data gets compromised again and again, and I know for a fact that the
CVV was compromised in at least four cases I personally am aware of. As long
as the processors are getting the money, do you really think they are going to
kick out someone like Macy's or Home Depot? After all, it i
Allowing an internal server with sensitive data out to "any" is a serious
mistake and so basic that I would fire that contractor immediately (or better
yet impose huge monetary penalties. As long as your security policy is
defaulted to "deny all" outbound that should not be difficult to accompl
You just need to fire any contractor that allows a server with sensitive data
out to an unknown address on the Internet. Security 101.
Steven Naslund
>From: Eric Kuhnke
>
>many contractors *do* have sensitive data on their networks with a gateway
>out to the public Internet.
>-
>On 10/5/18 1:53 AM, Mark Andrews wrote:
> If you don’t want fragmented IPv6 UDP responses use
>
> server ::/0 { edns-udp-size 1232; };
>
> That’s 1280 - IPv6 header - UDP header. Anything bigger than that can
> theoretically be fragmented. You will then have to deal with PMTUD
> failur
A few cases come to mind. I also think there are lots of alerts that will not
send people screaming into the streets. 9/11 did not really have that effect
in most places and it took quite some time for word to spread to people who did
not have full time media access. You also have to account
It would be really noticeable. In the secure networks I have worked with
"default routes" were actually strictly forbidden. Also, ACLs and firewall
policy is all written with Deny All policy first. Everything talking through
them is explicitly allowed.
The government especially in the three
Remember it's the data that is classified, not the network. It does not matter
if you have IP connectivity, it matters if the classified data is allowed to
move over the connection. When a government agency talks about a "classified
network" they are talking about a network that has been approv
>> Classified networks do not connect to other networks unless they are
>> equally or higher classified. No internet connection.
>> Period.
Not quite but there are at least application level gateways. For example,
there are usually gateway that can let unclassified email flow into classified
Quite different really. FIREWALK is really an intercept device to get data out
of a firewalled or air gapped network. The exploit Bloomberg describes would
modify or alter data going across a server’s bus. The big difference is the
Bloomberg device needs command and control and a place to dum
I can read but I am really finding it hard to believe that they all agreed to
even comment on it at all. Especially the PRC. Next question would be that if
Bloomberg was calling me for "months to a year" why not get out in front of it
in the first place? The whole story and its responses are
It is definitely more desirable to try and tap a serialized data line than the
parallel lines. The thing that made me most suspicious of the article is why
would anyone add a chip. It requires power and connections that a highly
detectable. Motherboard designs are very complex in the characte
I was wondering about where this chip tapped into all of the data and timing
lines it would need to have access to. It would seem that being really small
creates even more problems making those connections. I am a little doubtful
about the article. It would seem to me better to create a corru
Don't panic though about the 70 meter rise though. According to this article
by National Geographic, it would take around 5000 years to melt that much ice
even assuming the current temperature rise continues.
Steven Naslund
Chicago IL
>Here is a simple question to answer while you are at it.
Here is a simple question to answer while you are at it. Once the arctic ice
and glaciers melt, what will cause the ocean levels to continue to rise at this
incredible rate? The total estimate for sea level rise would be 70 meters if
absolutely all ice on the face of the Earth melted. A radic
Pretty hard to accept 198 inches since NASA's own data shows no more than 250mm
or 9.4 inches since 1888. You would have to assume there are no balancing
factors. If the earth gets warmer then there is also more evaporation of the
oceans which causes more rainfall which helps moderate temperat
There are lots of ways to construct a graph to look scary. Just try to redraw
that graph as the change in overall depth of the ocean. It would be so flat as
to be useless. Wikipedia (might be right or not) says the average depth of the
ocean is 3,688 meters or 12,100 feet. If we take that an
And just to be abundantly clear. I am not denying climate change and I am all
for eliminating pollution and our impact on the planet in general. However I
firmly believe that there will be further climate change regardless of what
humans do. That is the cycle of the planet so far and way befo
I agree with this. I suppose you could take tons of measurements and average
them out to be pretty accurate but I am not sure how you would account for
tidal gravitational effects which vary all the time. Seems like the precision
claimed would be really hard to pull off without knowing exactly
Well, the problem might be that I am an old guy and remember very well in the
70s when the "scientific community" screamed at us about the coming ice age.
Next, we had global warming. Now we just call it climate change because we
just don't know which way it's going to go. Those same anthropo
In 2000 the network runs on completely different infrastructure than it did in
1900 (what little network existed). By 2100 I am pretty sure we will be on
different infrastructure by then. Are you saying there will be no changes in
network topology to account for that? By 2100 neither you or I
If you live near a coast, you are going to experience bigger storms and loss of
power more often than someone that lives inland. If you live in the Himalayas
you are going to get more snow and cold weather. Not my problem if you like
your beach front property. However I have not seen any majo
eck [mailto:rod.b...@unitedcablecompany.com]
>Sent: Thursday, July 26, 2018 12:13 PM
>To: Naslund, Steve; nanog@nanog.org
>Subject: Re: Rising sea levels are going to mess with the internet
>
>Easy way to settle it. Look at Hurricane Sandy and Katrina. If they had no
>effect on terrestr
Chicago IL
>-Original Message-
>From: Valdis Kletnieks [mailto:val...@vt.edu] On Behalf Of
>valdis.kletni...@vt.edu
>Sent: Thursday, July 26, 2018 12:09 PM
>To: Naslund, Steve
>Cc: nanog@nanog.org
>Subject: Re: Rising sea levels are going to mess with the internet
>
&g
I know of tons of manholes that are continuously full of water every time I
have been out to them, I am pretty sure those cables have dealt with the
immersion for quite a number of years.
Steven Naslund
Chicago IL
>I don't have a strong feeling on this matter, but it is not the average
>incr
So, I accept the data. Going back to 1880 I will be generous and say that you
have a 250 mm rise in sea level (which is about 10 inches for us Imperial
types). I think we will probably be ready to outrun that problem. Let's get
back to real network threats like BGP Hijacking which can wipe yo
BTW, I have installed thousands of miles of fiber and been submerged in plenty
of manholes over the years. If you have been in a manhole in the spring you
would know what a non-event you are talking about here. A lot of your Internet
is under water a lot of the time anyway (not even counting a
Almost everyone with a cell phone gets real time alerts too. I am not sure how
many more ways we can make people aware of things around them. Seems like yet
another government mandate to dictate what a device must do.
>People in tornado areas seem to be the most aware that alert radios
>alrea
Since we have been able to cope with train derailments, backhoes, forest fires,
traffic accidents, etc, I am pretty confident that the networks will keep up
with the lightning fast 1/8" per year rise in sea level.
Steven Naslund
Chicago IL
>I'm sure all these companies have legal entities in all countries the operate
>in. So Huawei in US is US company and Huawei products bought in US from US
>Huawei are good,. but bad >when bought from Huawei China?
IANAL however I was a network engineer for the US Air Force for over ten years.
>
> > Yes looks like they are both under pressure. I feel bad for the USA based
> > employees. I know Huawei has quite a few in Plano, Texas.
>
> Feel sorry for US based consumers. Historically protectionism always
> hurts the local economy most. By creating artificial demand on local
> products, o
>Now we're way off-topic, but our constitution acknowledges that is a
>pre-existing right. The constitution didn't grant it to you. (Rights are
>inherent, privileges are granted)
>
>People have the right to speak, write, and publish whatever they want.
>
>-A
Our Constitution does not equal wor
>Steve,
>
>I think you should re-examine the early history of the USA. Anonymous
>pamphleteering was the origin of our rebellion against England,
>with Benjamin Franklin and many of the other founding fathers
>publishing without their identities being registered anywhere. The
>Federalist Papers w
>...in every other form of communication, the phrase "get a warrant" comes to
>mind.
>Except on the internet where we require the information to be public so that
>anyone and their dog can view it without a warrant.
Wrong on several counts. You can publicly access the records of who owns every
I don't see why there should not be a way to know who is publishing data on the
Internet. In almost all other forms of communication, there is some
accountability for the origination of information. Newspaper publishers are
known, radio stations are usually licensed and publicly known, televis
Got it. Do any of those trunks add a new VLAN to the switch that was not
active before? If so, that would cause a BPDU over all trunks that allow that
VLAN. Even if the port is not up yet, by adding the VLAN to ANY trunk you are
implying that it should be active on ALL trunks that are not VLA
It really does not resolve anything it just allows a bad configuration to work.
The guard is there so that if one side is configured as a channel and the
other side is not, the channel gets shut down. Allowing it to remain up can
cause a BPDU loop. Your spanning tree is trying to tell you som
I am kind of confused by your configuration. If the Cisco side is configured
as LACP trunk, then the Juniper side also needs to be configured as LACP
trunks. Spanning-tree would be getting confused because the Cisco is treating
the LACP trunk as a single interface for purposes of spanning-tree
correctly claim that they never called you.
Steven Naslund
Chicago IL
>-Original Message-
>From: Dovid Bender [mailto:do...@telecurve.com]
>Sent: Thursday, April 05, 2018 9:07 AM
>To: Naslund, Steve; NANOG list
>Subject: Re: Are any of you starting to get AI robocalls?
>
>S
1 - 100 of 345 matches
Mail list logo
