Any Vidéotron engineer listening?
On your CPE there's a SIP ALG on TCP port 5060 that is causing issues to
our clients with Cisco 79xx phones. I'm referring to the CPE that is used
for business subscribers with static IP addresses.
Please contact me for all the details.
Thanks,
Simon
Le 2016-02-27 20:42, B a écrit :
> Graphite/grafana.
I strongly recommend Graphite to all my competitors! :)
Simon
Le 2014-07-29 13:19, Owen DeLong a écrit :
Usually the window they give is ~ 3-5 seconds so they're pretty specific.
This assumes that your log server and theirs are synchronized to an accurate
time source within 3-5 seconds
Not really, since usually port blocks are not immediately reallocat
Le 2014-06-30 09:05, Roland Dobbins a écrit :
On Jun 30, 2014, at 7:42 PM, Simon Perreault wrote:
Why? Cause that (per-subscriber limits on ports and memory) is exactly what we
recommend in RFC 6888...
<https://app.box.com/s/a3oqqlgwe15j8svojvzl>
I can't tell you how many
Le 2014-06-30 06:12, Roland Dobbins a écrit :
what is needed however is session timeouts.
This can help, but it isn't a solution to the botted/abusive machine problem.
They'll just keep right on pumping out packets and establishing new sessions,
'crowding out' legitimate users and filling up
Le 2014-06-17 17:31, Matthew Petach a écrit :
> Not sure who I'd
> file the bug with, though.
b...@freebsd.org
(Looking at Bjoern with an evil grin...)
Simon
Le 2014-04-19 06:23, Florian Weimer a écrit :
>>> I agree with Bill. You can poopoo NAT all you want, but it's a fact
>>> of most networks and will continue to remain so until you can make a
>>> compelling case to move away from it.
>>
>> Does that mean all IPv6 firewalls should support NAT?
>
>
Le 2014-04-18 14:57, William Herrin a écrit :
> Excluding references and remarks RFC 6888 is 8 pages long with 15
> total requirements. Short.
Given the trend toward ever-fluffier RFCs, I'll take that as a
compliment. :)
> I'll let the firewall document's authors speak for themselves about
> thei
Le 2014-04-18 14:20, William Herrin a écrit :
> On Fri, Apr 18, 2014 at 2:06 PM, Simon Perreault wrote:
>> IMHO, what the IETF can do is recommend a set of behavioural traits that
>> make IPv6 firewalls behave like good citizens in the Internet ecosystem.
>> Meaning that
Le 2014-04-18 14:00, William Herrin a écrit :
> On Fri, Apr 18, 2014 at 1:40 PM, Simon Perreault wrote:
>> Le 2014-04-18 13:35, William Herrin a écrit :
>>> Your document specifies "Enterprise" firewalls. Frankly I think that's
>>> wise. Consumer and ente
Le 2014-04-18 13:35, William Herrin a écrit :
>> Does that mean all IPv6 firewalls should support NAT?
>>
>> Remember, we're aiming for a base set of requirements applying to all
>> IPv6 firewalls.
>
> Your document specifies "Enterprise" firewalls. Frankly I think that's
> wise. Consumer and ente
Le 2014-04-18 13:25, Mike Hale a écrit :
> I agree with Bill. You can poopoo NAT all you want, but it's a fact
> of most networks and will continue to remain so until you can make a
> compelling case to move away from it.
Does that mean all IPv6 firewalls should support NAT?
Remember, we're aimi
Le 2014-04-14 10:38, Matthew Black a écrit :
> Shouldn't a decent OS scrub RAM and disk sectors before allocating them to
> processes, unless that process enters processor privileged mode and sets a
> call flag? I recall digging through disk sectors on RSTS/E to look for
> passwords and other in
Le 2014-02-19 21:48, Randy Bush a écrit :
> as the fix is not yet out, would be cool if someone with more fu than i
> posted a recipe to hack for the moment.
The fix is out now! :D
Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source--> http
Le 2014-02-19 11:28, Dobbins, Roland a écrit :
>> I am late to this train, but it appears no one else has brought this up. It
>> is a DNS tunneling setup, not an attack.
>
> This makes a lot of sense - good insight, will look into this further!
I use this for free wi-fi in airports and such:
Daniel is correct, he gets a cookie! The the others: please learn to
recognize when you have no clue.
We've been having the same problem here for the last three days. I
tracked it down to BAYES_999. Glad to see other people are suffering as
much as I am. :)
Simon
Le 2014-02-19 01:46, Daniel Staa
Le 2013-02-25 09:23, Glen Kent a écrit :
Yahoo, Google, etc applications are running on one server and each
application could be theoretically associated with a unique VXLAN tag. This
way service providers will be able to provide QoS per application (by
effectively providing QoS to the VXLAN carr
Le 2013-01-23 16:37, William Herrin a écrit :
NAT traversal using port prediction is a Worst Current Practice.
In fact, were someone to use those "worst current practices" to build
some generic p2p VPN software, even old games could leverage it to
allow someone behind a CGN to host.
Have a lo
Le 2013-01-23 14:22, William Herrin a écrit :
I thought this was desirable behavior for a CGN since effective port
prediction facilitates p2p nat traversal?
No. NAT traversal using port prediction is a Worst Current Practice.
Simon
Le 2012-09-28 12:15, Jay Ashworth a écrit :
The assumption of a 1-1 correspondence between gender and sex is old
fashioned nowadays.
Mammals have sex.
*Words* (and only words) have gender.
There's an RFC about that! RFC 6350, section 6.2.7, about the GENDER
vCard property:
6.2.7. GENDER
On 2012-06-11 15:05, Owen DeLong wrote:
OK, someone shows you a Quebec driver's license. You ask for a
passport, she says, I don't have one, and points at the blue word Plus
after the words Permis de Conduire at the top of the license. Now
what?
To the best of my knowledge, ICE stopped accept
On 2012-06-08 15:48, Michael Thomas wrote:
* Make sure you update your password on LinkedIn (and any site that you
visit on the Web) at least once every few months.
* Do not use the same password for multiple sites or accounts.
* Create a strong password for your account, one that includes letter
On 2012-05-22 15:02, J.J. Mc Kenna wrote:
http://www.voxel.net/assets/VoxCAST-Whitepaper.pdf
This is not what I would call "BGP support". It's just a CDN.
Thanks,
Simon
-Original Message-----
From: Simon Perreault [mailto:simon.perrea...@viagenie.ca]
Sent: Tuesday, May 22
On 2012-05-19 22:24, Adam Rothschild wrote:
http://www.voxel.net offers web-orderable servers and VMs, with BGP
support (IPv4 and IPv6) available as a paid add-on in all service
locations.
Is this publicly advertised or do you have to ask for it? I can't find
anything about BGP on their web si
On 2012-05-15 19:01, Tom Hill wrote:
On 15/05/12 18:00, Randy Bush wrote:
i run a raw asterisk and would not wish it on my worst enemy.
I've been itching to try Freeswitch
I know FreeSWITCH and Asterisk from the inside out because we ported
both of them to IPv6.
Verdict:
- Asterisk start
Randy Bush wrote, on 01/04/2012 05:10 AM:
> 7.8% is over ipv6 transport
>
> but only 2% of outgoing deliveries are over ipv6.
A consequence of whitelisting?
Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source--> http://ecdysis.viageni
David Israel wrote, on 09/07/2011 04:21 PM:
> In theory, this
> particular performance problem should only arise when the NAT gear insists on
> a
> unique port per session (which is common, but unnecessary)
What you're describing is known as "endpoint-independent mapping" behaviour. It
is good fo
On 2011-08-24 13:37, Jussi Peltola wrote:
>> Just FYI: on OpenBSD you can set the VRF (aka "routing table" or
>> "routing domain") per socket with code like this:
>>
>> int s, table;
>> s = socket(...);
>> table = 123;
>> setsockopt(s, IPPROTO_IP, SO_RTABLE, &table, sizeof(table));
>>
>
>
On 2011-08-24 06:06, Brian Raaen wrote:
> The only issue with this is that the Linux box is not acting as a
> router, but as the egress devices. I'm trying to figure out how to
> properly get my application to 'color' the traffic. standard BSD
> sockets appear to have no concept of 'Labels'.
Jus
On 2011-03-04 08:32, Francois Tigeot wrote:
>> http://ecdysis.viagenie.ca/
>
> What about its integration in upstream software ?
None of it is integrated yet.
> The dns64 part is integrated in the newly released Bind 9.8
That's not our code. ISC made their own DNS64 implementation for Bind 9.8.
On 2011-03-03 15:31, Elliot Finley wrote:
> So as not to re-invent the wheel - if you are currently doing NAT64 in
> production and are willing to share:
>
> What software/hardware are you using?
http://ecdysis.viagenie.ca/
> Why?
Dogfooding.
http://en.wikipedia.org/wiki/Eating_your_own_dog_foo
On 2011-02-03 15:29, Lamar Owen wrote:
> On Thursday, February 03, 2011 02:55:39 pm Jack Bates wrote:
>> Do you think we have to have a standard for them to implement it?
>>
>> If they can ignore the CPE router rules, they can implement NAT66 on
>> their own, too.
>
> See the map66 Sourceforge.ne
On 2011-01-31 12:38, Blake Hudson wrote:
> I was under the impression that the later versions of 5 (e.g. 5.5, 5.6)
> had backported stateful connection tracking. Has anyone tested recently?
The command
# ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
works on CentOS 5.5. And there's n
On 2010-10-14 12:53, Joel Jaeggli wrote:
> you've only got 64511 ports per ip on the box, to use for
> outgoing connections.
As long as you're not connecting to the same destination IP/port pair,
the same source IP/port pair can be reused. So even for outgoing
connections there is virtually no li
On 2010-08-12 08:32, Leland Vandervort wrote:
> I'm looking at server load balancing for IPv6 and specifically need
> DSR (direct server return). Additionally, I need to support both TCP
> and UDP.
This is easily done with OpenBSD. See here for starters:
http://www.undeadly.org/cgi?action=articl
On 2010-07-21 14:47, Marco Hogewoning wrote:
> For a novice ? I wouldn't recommend it. From what I get back 'in the field'
> it's already hard enough to get people familliar to the whole concept of
> hexadecimal without going into bit level. But then again, if you are a fairly
> technical compan
On 2010-07-21 12:57, Alex Band wrote:
> We've been working on an exercise for the IPv6 training course we deliver for
> LIRs. It's aimed at people who are unfamiliar with IPv6, so the goal is to
> get them to the point where once they get their IPv6 /32 allocation, they
> have a good idea how to
On 2010-05-05 10:41, Donald Eastlake wrote:
Does anyone know of good performance comparisons, especially for high
end applications with lots of data/zones and/or high query/update
rates?
Recursive or authoritative?
For recursive, there are pretty good graphs here:
http://unbound.net/documentat
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC picks
up random unused addresses in the lower 64 for each new outbound
connection for anonymity purposes.
That's probably RFC 4941. It's available in pretty much all operating
systems. I
On 04/20/2010 04:51 PM, Jack Bates wrote:
> uPNP at a larger scale? Would require some serious security and
> scalability analysis.
This is the latest proposal. The Security Considerations section needs
some love...
http://tools.ietf.org/html/draft-wing-softwire-port-control-protocol
Simon
--
N
On 2010-04-20 10:53, John Levine wrote:
Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.
http://tools.ietf.org/html/draft-ford-shared-addressing-issues
Simon
On 2010-04-19 13:22, Bryan Fields wrote:
If we look a the total number of translations for 250k users we see 10.5M
entries. As TCP/UDP only has 65,536 ports and about 1025 of them are
unusable, this leaves 64,511 ports to work with per IP. Divided out we need
163 public IP's min just to nat the
On 2010-03-22 17:42, Christopher Morrow wrote:
the current ietf draft for 'simple
cpe security' (draft-ietf-v6ops-cpe-simple-security-09.txt) is
potentially calling for some measures like nat, not nat today but...
This is being reversed as we speak.
Simon
--
NAT64/DNS64 open-source --> http://
On 12/12/2009 01:55 AM, Mark Newton wrote:
Would you be using "Consumer Grade - IPV6 Enabled Router Firewalls" in the
enterprise? 'cos if you would, I think I might have entered the wrong
thread :)
Yeah, I think I did. Sorry for the noise.
Simon
--
DNS64 open-source --> http://ecdysis.viage
Joe Greco wrote, on 2009-12-11 08:36:
> Everyone knows a NAT gateway isn't really a firewall, except more or less
> accidentally. There's no good way to provide a hardware firewall in an
> average residential environment that is not a disaster waiting to happen.
>
> If you make it "smart" (i.e.
valdis.kletni...@vt.edu wrote, on 2009-12-11 08:06:
> On Fri, 11 Dec 2009 07:41:59 EST, Simon Perreault said:
>> Mark Newton wrote, on 2009-12-11 03:09:
>>> You kinda do if you're using a stateful firewall with a "deny
>>> everything that shouldn't be acce
Mark Newton wrote, on 2009-12-11 03:09:
> You kinda do if you're using a stateful firewall with a "deny
> everything that shouldn't be accepted" policy. UPnP (or something
> like it) would have to tell the firewall what should be accepted.
That's putting the firewall at the mercy of viruses, worm
Esposito, Victor wrote, on 2009-10-19 16:01:
> Since there is a lot of conversation about IPv6 flying about, does
> anyone have a document or link to a good high level allocation structure
> for v6?
See RFC 3531 and here:
http://www.ipv6book.ca/allocation.html
Simon
--
DNS64 open-source --> h
48 matches
Mail list logo
