Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

On Mon, 9 Feb 2009, Ricky Beam wrote: On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk wrote: Non-NAT firewalls do have some appeal, because they don't need to mangle the packets, just passively observe them and open pinholes when appropriate. This is exactly the same with NAT and non-NA

Re: Network equipments process utilization

Good morning (from here), lion...@samsung.com (???×?) wrote: > I wonder which percentage is good level of CPU and Memory util of network > equipment ? > In my case, I try to keep under 30% cpu util and 70% memory util. My most > equipment are Cisco product. > I have no technical reference abou

Re: Network equipments process utilization

At 09:39 AM 10-02-09 +0100, Elmar K. Bins wrote: - slow-CPU boxes like everything Cisco with SUPs, since the CPU load _always_ jumps to 100% for short periods of time - BGP needs something calculated ;-) I get interested whenever CPU load _stays_ high Yeah - Cisco would like to k

Re: Network equipments process utilization

h...@efes.iucc.ac.il (Hank Nussbacher) wrote: > > - slow-CPU boxes like everything Cisco with SUPs, since the > >CPU load _always_ jumps to 100% for short periods of > >time - BGP needs something calculated ;-) I get interested > >whenever CPU load _stays_ high > > Yeah - Cisco would

Re: Network equipments process utilization

Elmar K. Bins wrote: h...@efes.iucc.ac.il (Hank Nussbacher) wrote: - slow-CPU boxes like everything Cisco with SUPs, since the CPU load _always_ jumps to 100% for short periods of time - BGP needs something calculated ;-) I get interested whenever CPU load _stays_ high Yeah

Re: Network equipments process utilization

li...@memetic.org (Adam Armstrong) wrote: > >>> CPU load _always_ jumps to 100% for short periods of > >>> time - BGP needs something calculated ;-) I get interested > >>> whenever CPU load _stays_ high > >>> > >>Yeah - Cisco would like to know why as well: > >>http://www.cisco.com/web

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

On Tue, 10 Feb 2009 18:03:40 +1100, Matthew Palmer said: > Considering that RFC1918 says nothing about IPv at all, could that be a > blocker for deployment in general? That'd also make for an interesting > discussion re: other legacy protocols (IPX, anyone?)... I was all set to call shenanigans o

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

>> IPTables is decent firewall code. > >Not really. It's quite complicated for a non-engineer type to manage. >Think of all the unpatched windows xp/vista users of the world. > >> It's free. >... >> Further, since more and more CPE is being built on embedded linux, >> there's no reason that IPTabl

Re: Private use of non-RFC1918 IP space

Just for the record, the original post was in reference to use of non-RFC1918 space on an *air-gapped* network. --Trey >> Let's face it - they're going to have to come up with much more creative >> $200/hour chucklehead consultants to burn through that much anytime soon. >> Anybody feel like sta

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

>> >> > The SOX auditor ought to know better. Any auditor that >> >> > requires NAT is incompenent. >> >> >> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and >> >> RFC1918 addressing ... >> > >> >SOX auditors are incompetent. I've been asked about anti-virus >> >software on UN

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

>However the PCI DSS does contain a "Compensating controls" section, which >allows for the use of functionality which "provide[s] a similar level of >defense" to the stated requirements, where the stated requirements can not >be followed due to "legitimate technical or documented business constrain

RE: IPv6 delivery model to end customers

>> My pleasure, now everyone - feel free to ring up your local >> sales/support rep and "encourage" their product to implement this ... >> please! > >What about "DHCPv6 / DHCPV6-PD" sniffing (and using that info to create L3 >filter rules in L2 devices), is a standard needed or is it obvious to >ve

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

>Considering that RFC1918 says nothing about IPv at all, That may technically be true, but it does explicitly reference IPv4 addresses. Oh, and when RFC1918 (or more correctly, RFC1597) was written, "IP", "TCP/IP", etc. all directly meant IPv4. (RFC1597 @ 03/94 ... RFC1883 @ 12/95)

Re: IPv6 delivery model to end customers

On Feb 10, 2009, at 9:01 AM, TJ wrote: My pleasure, now everyone - feel free to ring up your local sales/support rep and "encourage" their product to implement this ... please! What about "DHCPv6 / DHCPV6-PD" sniffing (and using that info to create L3 filter rules in L2 devices), is a s

New IPv4 blocks allocated to RIPE NCC

[Apologies for duplicate mails] Dear Colleagues, The RIPE NCC received the IPv4 address ranges 109/8 and 178/8 from the IANA in January 2009. We will begin allocating from these ranges in the near future. The minimum allocation size from these two /8s has been set at /21. You may wish to adjus

Is whois.apnic.net down?

I get "Connection timed out" on whois commands to it.

Re: Is whois.apnic.net down?

>I get "Connection timed out" on whois commands to it. Sorry to attempt to answer my own question, but maybe it's the fires in Australia, as the last traceroute hop is a Brisbane.telstra.net domain name.

RE: Is whois.apnic.net down?

Times out for me as well. Last hop in AU. 8 240 ms 238 ms 239 ms 10.14.254.125.unassigned.comindico.com.au [125.254.14.10] -Original Message- From: Dale Carstensen [mailto:d...@lampinc.com] Sent: Tuesday, February 10, 2009 11:45 AM To: nanog@nanog.org Subject: Is whois.apnic.ne

Re: Is whois.apnic.net down?

On 2/10/09, Dale Carstensen wrote: > > >I get "Connection timed out" on whois commands to it. > > Sorry to attempt to answer my own question, but maybe it's the fires > in Australia, as the last traceroute hop is a Brisbane.telstra.net > domain name. > > Backhoe fade I'm used to. But now fire fade

Re: Is whois.apnic.net down?

On Tue, Feb 10, 2009 at 09:48:21AM -0700, Dale Carstensen wrote: > >I get "Connection timed out" on whois commands to it. > > Sorry to attempt to answer my own question, but maybe it's the fires > in Australia, as the last traceroute hop is a Brisbane.telstra.net > domain name. Brisbane's about 2

Re: Is whois.apnic.net down? (IPv6-MW)

On Tue, Feb 10, 2009 at 8:48 AM, Dale Carstensen wrote: > >I get "Connection timed out" on whois commands to it. > > Sorry to attempt to answer my own question, but maybe it's the fires > in Australia, as the last traceroute hop is a Brisbane.telstra.net > Brisbane (where APNIC is) is close to 1

[NANOG-announce] NANOG45 Updates

Dear Community... One more thank you to Terremark for hosting NANOG45, and to all those in the Dominican Republic who made our stay a bit more enjoyable. However, it sure is nice to be home. Before moving on to our next adventure together, a few pieces of closure information for NANOG45 follows

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

On Feb 10, 2009, at 8:52 AM, TJ wrote: Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply tend to omit IPv6 completely, and generally require everything not explicitly called out to be disabled ... thus, no IPv6 on any network that falls under any of these regulations. T

Re: Is whois.apnic.net down? (IPv6-MW)

Quoting Scott Howard : On Tue, Feb 10, 2009 at 8:48 AM, Dale Carstensen wrote: >I get "Connection timed out" on whois commands to it. Sorry to attempt to answer my own question, but maybe it's the fires in Australia, as the last traceroute hop is a Brisbane.telstra.net Brisbane (where APN

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

>> Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply >> tend to omit IPv6 completely, and generally require everything not >> explicitly called out to be disabled ... thus, no IPv6 on any network >> that falls under any of these regulations. > >TJ - You attempted to say that for PC

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

On Mon, 09 Feb 2009 21:11:50 -0500, TJ wrote: Your routers fail frequently? And does your traffic continue to get forwarded? Perhaps through another router? More frequently than the DHCP server, but neither are "frequent" events. Cisco's software is not 100% perfect, and when you plug it

Re: BGP Session Teardown due to AS_CONFED_SEQUENCE in AS4_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Rob, Eloy Paris from the Cisco PSIRT here. Please see below (inline) for some comments regarding the issue you brought up in your email to the cisco-nsp and nanog mailing lists this past Jan. 16th: On Fri Jan 16 07:57:52 2009, Rob Shakir wrote: >

unsolicited name transfers from Godaddy

I have been receiving a high number of unsolicited domain transfer requests from Godaddy and have also written to Godaddy support about unsolicited domain transfer requests. Since I am not a Godaddy customer I got a standard talk to the hand. I have colleagues confirming that some similar chatte

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

>> Your routers fail frequently? And does your traffic continue to get >> forwarded? Perhaps through another router? > >More frequently than the DHCP server, but neither are "frequent" events. >Cisco's software is not 100% perfect, and when you plug it into moderately >unstable things like phone

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

On 10/02/2009, at 3:20 PM, Christopher Morrow wrote: IPv6 it's easier, but you're still limiting the uptime of your system to that of the DHCPv6 server. Router advertisements is much more robust. 'more robust'... except it doesnt' actually get a device into a usable state without admins wal

Re: 97.128.0.0/9 allocation to verizon wireless

Mark Andrews schrieb: > I don't see any reason to complain based on those numbers. > It's just a extremely high growth period due to technology > change over bring in new functionality. OTOH, Verizon is not the only provider of smartphone connectivity in the world. Most of them

Re: 97.128.0.0/9 allocation to verizon wireless

On Feb 10, 2009, at 5:31 PM, Matthias Leisi wrote: Mark Andrews schrieb: I don't see any reason to complain based on those numbers. It's just a extremely high growth period due to technology change over bring in new functionality. OTOH, Verizon is not the only provider

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

On 11/02/2009, at 10:41 AM, Ricky Beam wrote: It's useless. It does NOT provide enough information alone for a host to function. In your own words, you need a DNS server. That is NOT provided by RA thus requires yet another system to get that bit of configuration to the host -- either en

Re: 97.128.0.0/9 allocation to verizon wireless

On Tue, Feb 10, 2009 at 11:31:38PM +0100, Matthias Leisi wrote: > Mark Andrews schrieb: > > I don't see any reason to complain based on those numbers. > > It's just a extremely high growth period due to technology > > change over bring in new functionality. > > OTOH, Verizon is not the

Re: 97.128.0.0/9 allocation to verizon wireless

Chuck Anderson wrote: On Tue, Feb 10, 2009 at 11:31:38PM +0100, Matthias Leisi wrote: Mark Andrews schrieb: I don't see any reason to complain based on those numbers. It's just a extremely high growth period due to technology change over bring in new functionalit

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

On Feb 10, 2009, at 4:30 PM, TJ wrote: But that is my point - Do any of the compliance frameworks / requirements / audit standards today address IPv6, or detail how it could be implemented in such a fashion as to 'pass' an audit (including the "in-house" / consultant-specific audit guidelin

Re: 97.128.0.0/9 allocation to verizon wireless

On Tue, 10 Feb 2009 14:52:52 PST, Dave Temkin said: > Why must it be always "real" versus NAT? 99% of users don't care one > way or another. Would it be so hard for the carrier to provide a switch > between NAT and "real" IP if the user needs or wants it? You're almost always better off not p

Re: 97.128.0.0/9 allocation to verizon wireless

On Feb 10, 2009, at 5:52 PM, Dave Temkin wrote: Chuck Anderson wrote: On Tue, Feb 10, 2009 at 11:31:38PM +0100, Matthias Leisi wrote: Mark Andrews schrieb: I don't see any reason to complain based on those numbers. It's just a extremely high growth period due to technology

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

In message , "Ricky Beam" writes: > On Mon, 09 Feb 2009 21:11:50 -0500, TJ wrote: > > Your routers fail frequently? And does your traffic continue to get > > forwarded? Perhaps through another router? > > More frequently than the DHCP server, but neither are "frequent" events. > Cisco's sof

Re: 97.128.0.0/9 allocation to verizon wireless

Patrick W. Gilmore wrote: On Feb 10, 2009, at 5:52 PM, Dave Temkin wrote: Chuck Anderson wrote: On Tue, Feb 10, 2009 at 11:31:38PM +0100, Matthias Leisi wrote: Mark Andrews schrieb: I don't see any reason to complain based on those numbers. It's just a extremely high growth period d

Re: 97.128.0.0/9 allocation to verizon wireless

On Tue, Feb 10, 2009 at 3:29 PM, Dave Temkin wrote: > Exactly. I've seen this as well in both instances but haven't seen it on > mobile phones. It's something so obscure that you're going to have to > really want it to turn it on. I don't think the Port 25 example holds much > water here. Ma

Re: Is whois.apnic.net down? (IPv6-MW)

On Wed, Feb 11, 2009 at 2:13 AM, wrote: > 933 ms33 ms33 ms 203.119.76.66 > 1036 ms35 ms35 ms whois.apnic.net [202.12.29.13] > > Trace complete. > > It's reachable from where I'm sitting (NSW) Reachable just fine (from my dsl box in India, and from my personal colo nea

World famous cabling disasters?

I'm looking for a couple of pictures of the worst cabling infrastructure ever seem. One Wilshire meet me room comes to mind. Anyone got any links to their photo albums, etc? Joe McGuckin ViaNet Communications j...@via.net 650-207-0372 cell 650-213-1302 office 650-969-2124 fax

Re: World famous cabling disasters?

On Tue, 10 Feb 2009, joe mcguckin wrote: I'm looking for a couple of pictures of the worst cabling infrastructure ever seem. One Wilshire meet me room comes to mind. Anyone got any links to their photo albums, etc? You might find some links in the archives. I've seen a few in person that st

Re: World famous cabling disasters?

On Feb 10, 2009, at 10:16 PM, joe mcguckin wrote: I'm looking for a couple of pictures of the worst cabling infrastructure ever seem. One Wilshire meet me room comes to mind. Anyone got any links to their photo albums, etc? I've always considered this the worst:

RE: World famous cabling disasters?

Joe, >I'm looking for a couple of pictures of the worst cabling >infrastructure ever seem. One Wilshire meet me room comes to mind. >Anyone got any links to their photo albums, etc? The One Wilshire pictures you are referring to were within this Wired article: http://www.wired.com/techbiz/it/mu