On Mon, Jun 21, 2010 at 3:12 PM, Michael Dillon
wrote:
>> I don't think we'll have (nor would we have in 2005 even) gotten an
>> ipv7/8/9/10 up and spec'd/coded/wrung-out before ~2 yrs from now
>> either. So, given the cards we have, ipv6 isn't all bad.
>
> On this we agree.
> The problem is not
>>> P.S. At this point, the IPv6 transition has failed, unlike the Y2K
>>> transition, and
>>
>> For certain values of "fail." The odds of a dual-stack transition as
>> initially
>> envisioned by the IETF are vanishingly small, but IPv6 will be a significant
>> part of the coping strategies once R
On Mon, Jun 21, 2010 at 1:01 PM, Lee Howard wrote:
>> P.S. At this point, the IPv6 transition has failed, unlike the Y2K
>> transition, and
>
> For certain values of "fail." The odds of a dual-stack transition as
> initially
> envisioned by the IETF are vanishingly small, but IPv6 will be a signi
> P.S. At this point, the IPv6 transition has failed, unlike the Y2K
> transition, and
> some level of crisis is unavoidable. In desperate times, people take desparate
> measures, and "adopting" IP address ranges that are not used by others in
> your locality seems a reasonable thing to do when eco
> -Original Message-
> From: Michael Dillon [mailto:wavetos...@googlemail.com]
> Sent: Saturday, June 19, 2010 12:39 PM
> To: Lee Howard
> Cc: Todd Underwood; Christopher Morrow; nanog@nanog.org
> Subject: Re: Todd Underwood was a little late
>
> " "Regi
I see 11.2/16 in my table.
> -Original Message-
> From: deles...@gmail.com [mailto:deles...@gmail.com]
> Sent: Saturday, June 19, 2010 10:10 AM
> To: Michael Dillon; Lee Howard
> Cc: nanog@nanog.org; Todd Underwood
> Subject: Re: Todd Underwood was a little late
>
Wireless Network
>
> -Original Message-
> From: Michael Dillon
> Date: Sat, 19 Jun 2010 17:39:07
> To: Lee Howard
> Cc: ; Todd Underwood
> Subject: Re: Todd Underwood was a little late
>
> " "Registered but unrouted" would include space that is in use
I just checked all those /8's none of them are in the table.
-jim
Sent from my BlackBerry device on the Rogers Wireless Network
-Original Message-
From: Michael Dillon
Date: Sat, 19 Jun 2010 17:39:07
To: Lee Howard
Cc: ; Todd Underwood
Subject: Re: Todd Underwood was a little
" "Registered but unrouted" would include space that is in use in large
> private networks that aren't visible from your standard sources for
> route views, such as U.S. DoD (6, 11, 22, 26, 28, 29, 30 /8) or U.K.
> MoD (25/8).
Have you verified each of these address ranges or are you just a mindle
> -Original Message-
> From: Todd Underwood [mailto:toddun...@gmail.com]
>
> firstly: cgn puts reachability in the hands of a single organization.
> with the PAP System you have a set of distributed choices about
> reachability: different people can assess their different tolerance
> to
On Fri, Jun 18, 2010 at 9:21 AM, Steve Bertrand wrote:
> On 2010.06.18 09:06, William Herrin wrote:
>> On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand wrote:
>
>> I'm not sure what that accomplishes. It doesn't close any doors. With
>> loose-mode RPF he can still forge packets from any address ac
On 2010.06.18 08:49, Chris Adams wrote:
> Once upon a time, Steve Bertrand said:
>> If all IP blocks are tied down to null, and urpf is enabled in loose
>> mode on an interface, it will catch cases where someone is sourcing
>> traffic to you using IPs from the unassigned space that you have in you
On 2010.06.18 09:06, William Herrin wrote:
> On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand wrote:
>> If all IP blocks are tied down to null, and urpf is enabled in loose
>> mode on an interface, it will catch cases where someone is sourcing
>> traffic to you using IPs from the unassigned space
On Fri, Jun 18, 2010 at 8:37 AM, Steve Bertrand wrote:
> On 2010.06.17 17:10, William Herrin wrote:
>> Reverse path filtering + asymmetric routing = epic fail. Jon did say
>> Multihomed customer.
>
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it wi
Once upon a time, Steve Bertrand said:
> If all IP blocks are tied down to null, and urpf is enabled in loose
> mode on an interface, it will catch cases where someone is sourcing
> traffic to you using IPs from the unassigned space that you have in your
> free pools.
That's not true on JUNOS dev
On 2010.06.17 17:10, William Herrin wrote:
> On Thu, Jun 17, 2010 at 12:38 AM, Roy wrote:
>> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>>> With a larger
>>> network, multiple IP blocks, ***numerous multihomed customers***, some of
>>> which
>>> use IP's we've assigned them, it gets a little more co
On 6/17/2010 9:07 PM, Owen DeLong wrote:
> For those that missed the presentation, it was a real eye-opener on just
> how important it is for you to move forward with IPv6 before something like
> this actually starts getting implemented.
>
> Owen
+1
Frank
On Thu, Jun 17, 2010 at 12:38 AM, Roy wrote:
> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>> With a larger
>> network, multiple IP blocks, ***numerous multihomed customers***, some of
>> which
>> use IP's we've assigned them, it gets a little more complicated to do.
>> I could reject at our border, p
christopher, all,
>
> ...nothing to see here, this is CGN's...
>
oh, i think this has several important advantages aver carrier-grade
nat (which i believe to be mostly dead, anyway, no? someone who knows
more can chime in with references to the contrary should this not be
the case).
firstly:
On Thu, Jun 17, 2010 at 1:31 PM, Todd Underwood wrote:
> jon, all,
>
> i've received several questions about the context of this mail, so i
> thought it would be worth posting to clear up the reference.
>
> for those who missed it, i presented a lightning talk at nanog 49 in
> san francisco yester
Hah, given the number of times people I have worked with have said "oh,
I'll just use apnic space if we run out of IPs, i don't need to talk to
them anyway", I think it's humorous that someone in China felt the same
way about ARIN space. :)
-Paul
On 06/16/2010 09:01 PM, Jon Lewis wrote:
I jus
For those that missed the presentation, it was a real eye-opener on just
how important it is for you to move forward with IPv6 before something like
this actually starts getting implemented.
Owen
On Jun 17, 2010, at 10:31 AM, Todd Underwood wrote:
> jon, all,
>
> i've received several questions
jon, all,
i've received several questions about the context of this mail, so i
thought it would be worth posting to clear up the reference.
for those who missed it, i presented a lightning talk at nanog 49 in
san francisco yesterday on some very early conceptual work on a really
interesting strat
urpf doesn't work as well for stopping inbound traffic to your network, because
most people aren't totally defaultless, so the default route makes all traffic
valid.
It works well for outbound traffic.
On Jun 17, 2010, at 12:38 AM, Roy wrote:
> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>> On Th
RFC 2827 anyone?
On Wed, Jun 16, 2010 at 9:38 PM, Roy wrote:
> On 6/16/2010 7:43 PM, Jon Lewis wrote:
>
>> On Thu, 17 Jun 2010, Mark Andrews wrote:
>>
>> Why was this traffic hitting your DNS server in the first place? It
>>> should
>>> have been rejected by the ingress filters preventing spoo
On 6/16/2010 7:43 PM, Jon Lewis wrote:
On Thu, 17 Jun 2010, Mark Andrews wrote:
Why was this traffic hitting your DNS server in the first place? It
should
have been rejected by the ingress filters preventing spoofing of the
local
network.
When I ran a smaller simpler network, I did have in
In message , Jon Lewis write
s:
> On Thu, 17 Jun 2010, Mark Andrews wrote:
>
> > Why was this traffic hitting your DNS server in the first place? It should
> > have been rejected by the ingress filters preventing spoofing of the local
> > network.
>
> When I ran a smaller simpler network, I did
On Thu, 17 Jun 2010, Mark Andrews wrote:
Why was this traffic hitting your DNS server in the first place? It should
have been rejected by the ingress filters preventing spoofing of the local
network.
When I ran a smaller simpler network, I did have input filters on our
transit providers reje
We've been seeing the same thing since 2010-06-10:
22:13:19.687981 IP 72.236.167.197.41789 > 72.236.167.138.domain: 38783+ A?
jkl.cnr.cn. (28)
22:13:19.773076 IP 72.236.167.124.33327 > 72.236.167.138.domain: 38783+ A?
i10.aliimg.com. (32)
22:13:19.855750 IP 72.236.167.169.33381 > 72.236.167.138.
In message , Jon Lewis write
s:
> I just took a closer look at something odd I'd noticed several days ago.
> One of our DNS servers was sending crazy amounts of ARP requests for IPs
> in the /24 its main IP is in. What I've found is we're getting hit with
> DNS requests that look like they're
30 matches
Mail list logo
