I've noticed over the last 3 years or so that TDM, specifically T-1, access
and transport has been in a steady decline. Customers are moving to FTTH
and cable, or going WiMAX and Metro-Ethernet. Ethernet seems to have taken
an even bigger bite out of DS-3. The bigger pipes seem to favor ethernet
/48 down to /54. Any feel for what the "standard" (widely
deployed) IPv6 prefix filter size will be?
Thanks,
On Sat, Mar 13, 2010 at 10:49 PM, Rick Ernst wrote:
>
> A couple of different incantations searching the archive didn't enlighten
> me, and I find it hard to be
A couple of different incantations searching the archive didn't enlighten
me, and I find it hard to believe this hasn't been discussed. Apologies and
a request for pointers if I'm rehashing an old question.
As a small/regional ISP, we got our /32 assigned and it's time to start
moving forward (cu
Right. Some providers allow you to BGP community trigger RTBH. There was a
separate mention of D/DoS-mitigation-providers using DNS and BGP tunneling.
Rick
On Mon, Jan 11, 2010 at 8:14 AM, Stefan Fouant <
sfou...@shortestpathfirst.net> wrote:
> > -Original Message-
&g
I thought I had mentioned outsourcing earlier, but I don't see it in the
thread...
The two mechanisms I've seen for outsources D/DoS are DNS manipulation, or
essentially remote BGP peering with an tunnel back to the local presence.
Even if we are purely hosting, DNS manipulation doesn't do anythi
thing goes wrong, I want my own, local, big-red button."
Rick
On Tue, Jan 5, 2010 at 7:50 AM, Martin Hannigan wrote:
>
>
> On Mon, Jan 4, 2010 at 4:19 PM, Rick Ernst wrote:
>
>> Looking for D/DoS mitigation solutions. I've seen Arbor Networks
>> mentioned
>&
st an extension of RTBH; a scrubber
destination rather than Null0) is an understandable state.
Rick
On Mon, Jan 4, 2010 at 9:34 PM, Stefan Fouant wrote:
> > -Original Message-
> > From: Rick Ernst [mailto:na...@shreddedmail.com]
> > Sent: Tuesday, January 05, 2010 12:
On Mon, Jan 4, 2010 at 9:08 PM, Dobbins, Roland wrote:
>
> On Jan 5, 2010, at 12:05 PM, Rick Ernst wrote:
>
> >
> > A solution preferably that integrates with NetFlow and RTBH. An in-line
> solution obviously requires an appliance, or at least special/additional
>
Not necessarily an appliance, per se. But a "solution". :)
A solution preferably that integrates with NetFlow and RTBH. An in-line
solution obviously requires an appliance, or at least special/additional
hardware.
A software-only solution that sucks in NetFlow data and can speak BGP to
inject /3
Several responses already, and Arbor has poked their head up.
I'm going to start there and keep the other suggestions at-hand.
Thanks,
On Mon, Jan 4, 2010 at 1:19 PM, Rick Ernst wrote:
>
> Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned
> sev
Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned
several times but they haven't been responsive to literature requests (hint,
if anybody from Arbor is looking...). Our current upstream is 3x GigE from
3 different providers, each landing on their own BGP endpoint feeding
Lots of good info, and a nice mind-dump that gives me a whole host of other
things that need to be looked at... Umm. "thanks" :)
On Wed, Oct 21, 2009 at 11:10 PM, Perry Lorier wrote:
> Rick Ernst wrote:
>
>> Resent, since I responded from the wrong address:
>> ---
onstant drift may
be better than both devices trying to walk/correct the time.
Thanks for the input!
On Wed, Oct 21, 2009 at 8:01 PM, Rick Ernst wrote:
> Resent, since I responded from the wrong address:
> ---
> The basic operation of IP SLA is as surmised; payload with timestamps
>
Although the implementation is Cisco-specific, this feels more appropriate
for NANOG.
We've started rolling out a state-wide monitoring system based on Cisco's
"IP SLA" feature set. Out of 5 sites deployed so far (different locations,
different providers), we are consistently seeing one-way laten
Cross-posted from cisco-nsp. We are a (mostly) Cisco shop, but I'm looking
more for BCP and overall design, not provisioning specifics.
-
My Cisco bookshelf isn't helping me much with this...
We currently have a single POP with border/core/aggregation topology.
Upstreams each come in on th
have my support staff start pushing back harder with the
problem almost certainly being outside our network and more specifically
isolated to a geographic location and/or set of network destinations.
Rick
On Tue, Jul 28, 2009 at 8:25 AM, Rick Ernst wrote:
>
> Starting about a week a
Starting about a week ago, I've had sporadic reports of "slow uploads"
(hundreds of kbs, has been 10s of mbs) born out by multiple speed test sites
and application results and also duplicated internally. Downloads are >
50Mbs as expected (OC-3 and GigE uplinks to ATT/UUNET/Level3/Sprint/Qwest,
etc
Pedantry is not necessarily a bad thing, especially when the student doesn't
know the right questions to ask. :)
6in4 is what I was looking for.
Thanks,
On Mon, Jul 13, 2009 at 6:05 PM, Nathan Ward wrote:
> On 14/07/2009, at 4:23 AM, Rick Ernst wrote:
>
> Either they don&
Multiple responses of tunnelbroker.net. Couldn't have been any easier to
setup and get going.
Thanks!
On Mon, Jul 13, 2009 at 9:31 AM, Chad Burnham wrote:
> Rick,
>
> I use this one:
>
> http://www.tunnelbroker.net/
>
> Free!
>
> Chad
>
> -----Or
Either they don't exist, or my Google-fu is particularly bad this morning.
I'm trying to get my toes wet with IPv6. I've established an internal
6to4/4to6 tunnel. I'd also like to have a testbed for access to public v6
sites. I'm also trying to find some clue at my upstreams, but figured I'd
as
Thanks to multiple private/public responses.
I was able to get an iperf test and also a close mirror for a DVD iso.
Time to put live traffic on it and see what happens.
On Wed, March 25, 2009 11:05, Rick Ernst wrote:
>
> Resent from my subscribed address. Hopefully this isn'
s are only as good as the hosts they're hosted on and
> the path by which you reach them.
>
> I use iperf on each end of a link that I'm turning up. I put Linux hosts
> at both endpoints, but I believe iperf comes in a windows flavor too.
>
> -b
> __
can try:
>
> http://www.measurementlab.net/measurement-lab-tools#ndt
>
> -Azher
>
> Rick Ernst wrote:
>> Resent from my subscribed address. Hopefully this isn't a dupe to
>> anybody.
>> ---
>>
>>
>> I'm work
Resent from my subscribed address. Hopefully this isn't a dupe to anybody.
---
I'm working on turning up our first GigE connection (400mbs CIR) and the
various online speedtests I'm aware of choke after about 100Mbs or so.
Does anybody know of testing sites t
Thanks,
Rick
On Fri, December 12, 2008 10:15, Rick Ernst wrote:
>
> We've had an increasing rate of DoS attacks that spew tens-of-thousands of
> small UDP packets to a destination on our network. We are getting roughly
> 2x our entire normal pps across all providers through one in
We've had an increasing rate of DoS attacks that spew tens-of-thousands of
small UDP packets to a destination on our network. We are getting roughly
2x our entire normal pps across all providers through one interface, or
about 4x normal through the individual interface. The Cisco
7206VXR/NPE-G1
If you keep a separate peering/loopback-IP for each peer, you can move
individual peering sessions to other devices if needed.
On Wed, August 27, 2008 05:39, Steve Bertrand wrote:
> Iljitsch van Beijnum wrote:
>
>> The advantage of a separate loopback address is that if you ever have
>> any trou
27 matches
Mail list logo
