-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I just received reply from Sloan-Park, that they have shutdown that customer
yesterday 6:40pm CET and the customer has been requested to clean-up his config.
BR
Jens
Jason Kalai Arasu schrieb:
> I encountered it yesterday from AS47868.
>
>
* Hank Nussbacher:
> "They" will keep trying and until a vast majority of ISPs implement
> maxas, this will keep happening.
Or enthusiastic prepending will be used more often to override local
preference. Hard to tell.
--
Florian Weimer
BFK edv-consulting GmbH http://www.
On Tue, Feb 17, 2009 at 08:07:36AM +0200, Hank Nussbacher wrote:
> A regular UN of attempts to do this previously:
>
> 24532 - PT. Inet Global Indo, Indonesia
> 43179 - Team Consulting AS, Bosnia and Herzegovina
> 48262 - Noblecom Ltd., Bulgaria
> 6488 - Arizona Macintosh Users Group, USA
> 3962
All,
Looking for a recommendation on DSLAMs to replace our unsupported
Cisco 6015s. Requirements are:
G.SHDSL 2 and 4 wire mode (CPEs are strictly Cisco 828, 878, and small
cisco routers using WIC-1SHDSL and the V2/V3 of them)
QOS would be nice, not a necessity
SNMPv3 and SSHv2 support
IPv
Jared Mauch wrote:
On Tue, Feb 17, 2009 at 08:07:36AM +0200, Hank Nussbacher wrote:
"They" will keep trying and until a vast majority of ISPs implement
maxas, this will keep happening.
Or until people who are still running multi-year old cisco code
actually upgrade? This seems to
On Tue, Feb 17, 2009, Etaoin Shrdlu wrote:
> On the other hand, the fact that various entities have gone out of their
> way to advertise that they're running old hardware/out-of-date software
> has been noted elsewhere. I'd strongly suggest, if you're reading NANOG,
> that you update, before s
My bgp speaking devices are a couple of 7200s running 12.2(40).
Not the newest IOS out there, but it's been doing the job just fine up until
yesterday.
Yesterday, when that malformed announcement hit my routers they didn't crash,
but they did reset bgp sessions (even though I didn't accept the r
On Tue, 17 Feb 2009, Jared Mauch wrote:
Or until people who are still running multi-year old cisco code
actually upgrade? This seems to primarily impact:
1) Old cisco code
2) PC based bgp daemons
Both of which likely just need to be upgraded. I actually suspec
So, I understand the main concepts behind IPv6. Most of my peers understand.
We all have a detailed understanding of most things IPv4. I have Googled and
read RFCs about IPv6 for HOURS. That said, to quickly try to minimize people
thinking I am an idiot who asks before he reads, I need some
On Tue, 17 Feb 2009, Carl Rosevear wrote:
So, I understand the main concepts behind IPv6. Most of my peers understand.
We all have a detailed understanding of most things IPv4. I have Googled and
read RFCs about IPv6 for HOURS. That said, to quickly try to minimize people
thinking I am
>How does IPv6 addressing work?
Short version:
2000::/3The currently active global unicast pool
RIRx::/12 IANA (by default) assigns /12s to RIRs
RIRx:ISPx::/32 RIRs (by default) assign /32s to ISPs
RIRx:ISPx:ORGx::/48 ISPs (by defa
You already have a fair bit of information, but the short answer to
your question is...
Apart from a few special purposes addresses (see RFC 4291), IPv6
addresses are a cross between IPv4-style CIDR addressing and XNS/IPX/
ISO-style network+host addressing. Bits 0..63 of the address are a
I can't help directly with your biggest question, but there's a smaller
point here that seems to come up a lot and I think is important to
address...
On Tue, Feb 17, 2009 at 8:59 AM, Carl Rosevear <
carl.rosev...@demandmedia.com> wrote:
> I can't see why hosts would need any more addresses than t
Mohacsi Janos wrote:
If you are interested about the addressing architecture only, have a
look at RFC 4291: http://tools.ietf.org/html/rfc4291
If you want to have some allocation guidelines from experiences, have a
look at these slides:
http://www.6deploy.org/tutorials/030-6deploy_ipv6_addres
On Feb 17, 2009, at 8:59 AM, Carl Rosevear wrote:
So, I understand the main concepts behind IPv6. Most of my peers
understand. We all have a detailed understanding of most things
IPv4. I have Googled and read RFCs about IPv6 for HOURS. That
said, to quickly try to minimize people think
On Tue Feb 17, 2009, Michael Ulitskiy wrote:
Hello,
CSCee30718 – it removes the default value of bgp max-as from the router.
The solution is introduced in CSCeh13489
BGP shouldn't propogate an update w excessive AS Path > 255
Symptoms: A router may reset its Border Gateway Protocol (BGP) sessio
Thanks to all that responded on and off-list. My confusion is mostly
cleared-up. The points that are unclear at this point are generally unclear to
most people, it seems due to lack of operational experience with IPv6. Feel
free to keep responding to this topic as its all very interesting but
German Martinez wrote:
Workaround: Configure the bgp maxas limit command in such
as way that the maximum length of the AS path is a value below 255. When the
router receives an update with an excessive AS path value, the prefix is
rejected and recorded the event in the log.
This workaround has
On Tue Feb 17, 2009, Mike Lewinski wrote:
> bgp max-as will NOT protect you from this exploit (but if you are not
> vulnerable it should prevent you from propogating it).
Are you trying to say that the receiving bgp speaker will drop the session
no matter what but it won't forward the update?
H
German Martinez wrote:
On Tue Feb 17, 2009, Mike Lewinski wrote:
bgp max-as will NOT protect you from this exploit (but if you are not
vulnerable it should prevent you from propogating it).
Are you trying to say that the receiving bgp speaker will drop the session
no matter what but it won't
According to publicly available bug toolkit, CSCee30718 did not touch the
maxas limit.
The hard-coded maxas-limit in recent IOS releases is 254 (not 75 as
suggested in a previous e-mail).
Classic IOS (I did not test XE, XR or NX) can handle inbound updates with AS
path lengths above 255, but fail
While people frequently claim that auto-config is optional, there are
implementations (including OS-X) that don't support anything else at this
point. The basic message is that you should not assume that the host
implementations will conform to what the network operator would prefer, and
you need t
Ivan Pepelnjak wrote:
Classic IOS (I did not test XE, XR or NX) can handle inbound updates with AS
path lengths above 255, but fails miserably when it has to send an oversized
update (producing invalid BGP UPDATE message), resulting in a flapping BGP
session (anyone who wants to test this behavio
Jack Bates wrote:
Just to reconfirm. The issue arrives with sending an update, not
receiving? So if an ISP does not have a limit and their IOS cannot
handle this, they will send an invalid BGP UPDATE to the downstream
peers causing them to reset regardless of their max as-path settings?
Just
As far as I understand the issues :)
There are two limits: the first one @ 128 AS numbers (where BGP switches to
the 'extended length' of BGP attribute), the other one @ 256 AS numbers
(where BGP has to use two AS_SEQUENCE segments).
Old IOS releases break on the first boundary when processing IN
On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
While people frequently claim that auto-config is optional, there are
implementations (including OS-X) that don't support anything else at
this
point. The basic message is that you should not assume that the host
implementations will conform to
> We were dropping ALL prefixes and the eBGP session was still
> resetting.
Upstream or downstream?
> 1) "bgp maxas-limit 75" had no effect mitigating this problem
> on the IOS we were using. That is: it was previously verified
> to be working just fine to drop paths longer than 75, but
> on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 17, 2009, at 1:50 PM, Ivan Pepelnjak wrote:
As far as I understand the issues :)
There are two limits: the first one @ 128 AS numbers (where BGP
switches to
the 'extended length' of BGP attribute), the other one @ 256 AS
numbers
(where
On Tue Feb 17, 2009, Ivan Pepelnjak wrote:
> According to publicly available bug toolkit, CSCee30718 did not touch the
> maxas limit.
I will double check this with Cisco
pgpeuQs06hcKd.pgp
Description: PGP signature
Ivan,
It is confusing but from what I have tested you have it correct.
The confusing part comes from multiple issues.
a) The documentation about the default maxas limit being 75 appears to be
incorrect. I'll get that fixed.
b) Prior to CSCee30718 there was a hard limit of 255. After that fix
On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
Approach IPv6 as a new and different protocol.
Unfortunately, I gather this isn't what end users or network operators
want or expect. I suspect if we want to make real inroads towards
IPv6 deployment, we'll need to spend a bit more time making
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Feb 17, 2009 at 12:20 PM, David Conrad wrote:
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
>>
>> Approach IPv6 as a new and different protocol.
>
> Unfortunately, I gather this isn't what end users or network operators
> want or expect.
Hi,
On Tue, 17 Feb 2009 11:48:49 -0800
Owen DeLong wrote:
>
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
>
> > While people frequently claim that auto-config is optional, there are
> > implementations (including OS-X) that don't support anything else at
> > this
> > point. The basic mess
On 18/02/2009, at 9:32 AM, Mark Smith wrote:
Here are a couple of implementations of DHCPv6, including one that
also
works under Windows. I played with one of them on my Linux boxes a
while back (I can't remember exactly which one), and it just worked:
https://fedorahosted.org/dhcpv6/
http:/
>do this, but others here do). For example, getting over the stateless
>autoconfig religion (which was never fully thought out -- how does a
>autoconfig'd device get a DNS name associated with their address in a
DNSSEC-
>signed world again?) and letting network operators use DHCP with IPv6 the
way
On Tue, 17 Feb 2009 12:24:26 -0800
Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Feb 17, 2009 at 12:20 PM, David Conrad wrote:
>
> > On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
> >>
> >> Approach IPv6 as a new and different protocol.
> >
> > Unfortunatel
Steven Saner wrote:
What is not yet clear is, what are the definitions of "Old IOS release"
and "New IOS release"? There has been talk of a bug referred to as
CSCdr54230. I have seen statements on another list that this was fixed
in 12.1(4) and 12.0(10)S3, but yet this problem was experienced o
> From: Owen DeLong
> Date: Tue, 17 Feb 2009 11:48:49 -0800
>
>
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
>
> > While people frequently claim that auto-config is optional, there are
> > implementations (including OS-X) that don't support anything else at
> > this
> > point. The basic m
On 18/02/2009, at 8:28 AM, Tony Hain wrote:
One last comment (because I hear "just more bits" a lot in the *nog
community)... Approach IPv6 as a new and different protocol. If you
approach
it as "IPv4 with more bits", you will trip over the differences and be
pissed off. If you approach it as
On Tue, Feb 17, 2009 at 11:28:11AM -0800, Tony Hain wrote:
[snip]
> starts with IP" and runs alongside IPv4 (like we used to do with decnet,
> sna, appletalk...), you will be comforted in all the similarities. You will
This is highly amusing, as for myself and many folks the experience
of these '
On Tue, 17 Feb 2009, Mike Lewinski wrote:
> German Martinez wrote:
> bgp max-as will NOT protect you from this exploit (but if you are not
> vulnerable it should prevent you from propogating it).
>
I can confirm this statement...
(unfortunately)
L.
Owen DeLong wrote:
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
>
> > While people frequently claim that auto-config is optional, there are
> > implementations (including OS-X) that don't support anything else at
> > this
> > point. The basic message is that you should not assume that the host
David Conrad wrote:
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
> > Approach IPv6 as a new and different protocol.
>
> Unfortunately, I gather this isn't what end users or network operators
> want or expect. I suspect if we want to make real inroads towards
> IPv6 deployment, we'll need to s
On Tue Feb 17, 2009, Rodney Dunn wrote:
Hello Rodney,
It will be great if you can share with us your findings. It seems
like we are hitting different bugs in different platforms.
Thanks
German
> Ivan,
>
> It is confusing but from what I have tested you have it correct.
>
> The confusing part
If you want to take this offline send it unicast or we could
move it to cisco-nsp.
What scenarios are you seeing that appear broken other than
when a notification is sent when a > 255 hop update is received?
That's the one I'm working on right now.
Rodney
On Tue, Feb 17, 2009 at 05:31:49PM -0500
Joe Provo wrote:
> This is highly amusing, as for myself and many folks the experience
> of these 'other protocols', when trying to run in open, scalable,
> and commercially-viable deployments, was to encapsulate in IP(v4)
> at the LAN/WAN boundary. It is no wonder that is the natural reaction
> t
In message , David Conrad
writes:
> On Feb 17, 2009, at 11:28 AM, Tony Hain wrote:
> > Approach IPv6 as a new and different protocol.
>
> Unfortunately, I gather this isn't what end users or network operators
> want or expect. I suspect if we want to make real inroads towards
> IPv6 deploym
At Tue, 17 Feb 2009 11:28:11 -0800,
Tony Hain wrote:
>
> While people frequently claim that auto-config is optional, there are
> implementations (including OS-X) that don't support anything else at this
> point. The basic message is that you should not assume that the host
> implementations will c
> Also, a proposal for a different approach is at:
> http://mice.cs.columbia.edu/getTechreport.php?techreportID=560 (PDF)
which has an internet draft, draft-ymbk-aplusp-02.txt
randy
On Wed, 18 Feb 2009 10:55:30 +1100, Mark Andrews said:
> I solve it by give the machine a name. Adding a KEY record
> at that name to the DNS, the private part the machine knows.
I think the issue is that the machine in question may not know its own hostname
to start, much less that d
On Feb 17, 2009, at 1:55 PM, Mark Andrews wrote:
(which was never fully
thought out -- how does a autoconfig'd device get a DNS name
associated with their address in a DNSSEC-signed world again?) and
letting network operators use DHCP with IPv6 the way they do with
IPv4.
David you kno
In message <14076.1234917...@turing-police.cc.vt.edu>, valdis.kletni...@vt.edu
writes:
> --==_Exmh_1234917735_3892P
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, 18 Feb 2009 10:55:30 +1100, Mark Andrews said:
> > I solve it by give the machine a name. Adding a KEY record
> >
In message <33415e7e-23f2-45f2-9281-ab1685dee...@virtualized.org>, David Conrad
writes:
>
> On Feb 17, 2009, at 1:55 PM, Mark Andrews wrote:
> >> (which was never fully
> >> thought out -- how does a autoconfig'd device get a DNS name
> >> associated with their address in a DNSSEC-signed world a
Hi,
I find it a shame that NAT-PT has become depreciated, with people
talking about carrier grade NATS I think combining these with NAT-PT
could help with the transition after we run out of IPv4 space.
ISP gets a chunk of IPv6 address space, sets up customers with it, gets
their big lovely carrie
Mark Andrews wrote:
>> >> (or just pre-populate the DNS with DHCP-2001-9A98-D247-{5more}.ISP.com
>> >> and be
>> >> done with it like many places do for IPv4)
> >
> > Which still leaves the problem of how does the machine get its
> > name in a trusted manner.
> >
I don't know about that,
> I find it a shame that NAT-PT has become depreciated
the ietf has recanted and is hurriedly trying to get this back on
track. of course, to save face, the name has to be changed.
> with people talking about carrier grade NATS I think combining
> these with NAT-PT could help with the transition
On 2/17/09, Randy Bush wrote:
>
> > I find it a shame that NAT-PT has become depreciated
>
> the ietf has recanted and is hurriedly trying to get this back on
> track. of course, to save face, the name has to be changed.
>
> > with people talking about carrier grade NATS I think combining
> > the
> cgn is not a transition tool. it is a dangerous hack to deal with
> the problems of a few very large consumer isps who lack sufficient
> space to number their customer edge.
> Sounds like those consumer ISPs better get started on rolling out
> dual stacks to the CPE.
except that, if
On 18/02/2009, at 3:23 PM, Randy Bush wrote:
I find it a shame that NAT-PT has become depreciated
the ietf has recanted and is hurriedly trying to get this back on
track. of course, to save face, the name has to be changed.
Sort of - except it is only for IPv6 "clients" to connect to named
So we deploy v6 addresses to clients, and save the remaining v4
addresses for servers. Problem solved?
-brandon
On 2/17/09, Nathan Ward wrote:
> On 18/02/2009, at 3:23 PM, Randy Bush wrote:
>
>>> I find it a shame that NAT-PT has become depreciated
>>
>> the ietf has recanted and is hurriedly tr
On 18/02/2009, at 3:04 PM, Steven Lisson wrote:
ISP gets a chunk of IPv6 address space, sets up customers with it,
gets
their big lovely carrier grade NAT device that NAT's from customers
IPv6
address to whatever IPv4 service they need.
I'm probably missing something but does this not seem
Tony,
On Feb 17, 2009, at 12:17 PM, Tony Hain wrote:
This being a list of network engineers, there is a strong bias
toward tools
that allow explicit management of the network. This is a fine
position, and
those tools need to exist. There are others that don't want, or need
to know
about eve
Basically that is what I was thinking, not sure could say problem solved as
would still be using big nat boxes, but if we are going to 'have' to have nat,
why not in a form that encourages adoption of IPv6?
Having have said that, from someone else's comment would have to agree with
them about u
Except for the fact that it's actually not so uncommon for "clients" to act as
servers some of the time. Things have long ago left the days of clients were
only clients and have since moved on to a muddier state of affairs.
- S
-Original Message-
From: Brandon Galbraith [mailto:brando
On 18/02/2009, at 4:13 PM, Brandon Galbraith wrote:
So we deploy v6 addresses to clients, and save the remaining v4
addresses for servers. Problem solved?
I have been suggesting that for a long time.
However I am not suggesting IPv6-only to clients. See my other email
on this from a minute
On Feb 17, 2009, at 3:55 PM, Mark Andrews wrote:
In otherwords ISP's need to enter the 21st century.
Yeah, those stupid, lazy, ISPs. I'm sure they're just sitting around
every day, kicking back, eating Bon Bons(tm), and thinking of all the
new and interesting ways they can burn the vast tr
>You are arguing that ISPs should make changes
>without any obvious mechanism to guarantee some return on the
>investment necessary to pay for those changes.
Nail on the head and the 800 pound gorilla in the room. Japan gave tax
incentives which helped their ISP's to move to IPv6. Find a laz
> Japan gave tax incentives which helped their ISP's to move to IPv6.
i am writing this from my home office in tokyo. i have the latest
fanciest wizbang ftth bflets 100/100 from ntt. native ipv6 is not
offered on it.
if i connect a v6 device to it, it gives me a v6 AC and RA. but
that is for t
Steven Lisson wrote:
Hi,
I find it a shame that NAT-PT has become depreciated, with people
talking about carrier grade NATS I think combining these with NAT-PT
could help with the transition after we run out of IPv4 space.
For me the bigger problem is how do I enable IPv6 on my assorted
CE-fa
In message <6f7ba817-320b-414f-9811-03b476990...@virtualized.org>, David Conrad
writes:
> On Feb 17, 2009, at 3:55 PM, Mark Andrews wrote:
> > In otherwords ISP's need to enter the 21st century.
>
> Yeah, those stupid, lazy, ISPs. I'm sure they're just sitting around
> every day, kicking back
On Tue, 17 Feb 2009 23:08:21 CST, Justin Shore said:
> For me the bigger problem is how do I enable IPv6 on my assorted
> CE-facing edges when management is still buying edge hardware that can
> not and will not ever support IPv6.
Find out if Randy Bush's companies are still buying non-IPv6-cap
On Tue, 17 Feb 2009, Justin Shore wrote:
different vendors, I asked each of them about their IPv6 support and
they all unanimously claimed that there was no demand for it from their
customers.
Well, this is just ignorance or a kind of a lie. There might be few
customers who are willing to tr
On Feb 17, 2009, at 7:40 PM, Mikael Abrahamsson wrote:
Most of the time the vendors don't educate their sales force (both
the droids and the sales engineers) about IPv6 because they
themselves have made the strategic decision that IPv6 isn't
important to them (personal view).
Suggestion: n
On Tue, 17 Feb 2009, David Conrad wrote:
Suggestion: next time you buy equipment from competing vendors, tell the
sales folk from the losing vendors that one deciding factor was (vendor
or product) IPv6 support. That (and perhaps only that) will get their
attention... :-)
Well, considering h
On Wed, Feb 18, 2009, Mikael Abrahamsson wrote:
> >>If any CPE NAT box vendor comes around and has 6to4 with proper IPv6,
^
> >>I'll happily recommend all our customers who want IPv6 to buy that
> >>perticular box.
> >
> >Apple Airport Extreme? (Seems to work, but I don't know how standa
On Wed, 18 Feb 2009, Adrian Chadd wrote:
Oh, so you want the $50 almost-but-not-quite-functional CPE device which
causes headaches for you and your techies, complete with
almost-but-not-quite "upgrade" firmware updates which somewhat-wierdly
subtly break existing functionality for a
small-but
76 matches
Mail list logo
