On Mon, 19 Apr 2010, Leen Besselink wrote:
I actually think the razor thin margins make it less likely.
If I'm not mistaken, one of the reasons firmware updates are not
available from a number of vendors/products, is because the small
boxes don't have enough ROM and/or RAM.
The ROM is to
I prefer Junos as screenOS except for one thing :
HA is a hell to configure with Junos whereas it's really easy to do it with
screenOS, at least last time I tried a couple of months ago.
Anyway, ScreenOS cli really sucks compared to JunOS cli.
Pierre-Yves
2010/4/20 seph
> I'm with Owen. I have
Count me in as well. I ditched my personal Netscreens and replaced with SRXs
and we have done so as well at my day job. Other than a few quirky things, they
are very nice. V6 support is still somewhat limited though, but I am using an
SRX210H with ADSL2 PIM as my main router at home and it has b
On Mon, Apr 19, 2010 at 08:32:47PM -0400, Jeffrey Negro wrote:
> Has anyone on Nanog had any hands on experience with the lower end of the
> new SRX series Junipers? We're looking to purchase two new firewalls, and
> I'm debating going with SSG series or to make the jump to the SRX line. Any
> in
On Mon, Apr 19, 2010 at 06:56:43AM +0200, Mikael Abrahamsson wrote:
> On Mon, 19 Apr 2010, Franck Martin wrote:
>
> >Anybody has better projections? What's the plan?
>
> My guess is that end user access will be more and more NAT444:ed (CGN)
> while at the same time end users will get more and mo
no, but I will give it a go now, thanks for the suggestion.
Martin
On 19 Apr 2010, at 21:13, Seth Mattinen wrote:
> On 4/19/2010 04:09, Martin Rushworth wrote:
>> Hi,
>>
>> can someone that handles Earthlink blacklist/zombie settings please contact
>> me off-list?
>>
>> we have a recently all
* Bryan Fields:
> Yes, but I was showing what a great DDOS attack method it would be
> too ;)
The beauty of flow-based forwarding (with or without NAT) is that
several types of denial-of-service attacks tend to hurt close to the
packet sources, and not just close to the victim. As far as the who
On Apr 20, 2010, at 1:11 AM, Cian Brennan wrote:
> On Mon, Apr 19, 2010 at 08:32:47PM -0400, Jeffrey Negro wrote:
>> Has anyone on Nanog had any hands on experience with the lower end of the
>> new SRX series Junipers? We're looking to purchase two new firewalls, and
>> I'm debating going with S
On Tue, Apr 20, 2010 at 04:18:11AM -0700, Owen DeLong wrote:
>
> Interesting. My SRXes have been rock solid since upgrading to
> 10.0R1.8.
Not so much here. My basement SRX210 starts dropping bgp sessions over
an IPSEC tunnel every 30 secs or so after around 1-1.5 days of uptime,
and won't stop u
On Tue, Apr 20, 2010 at 12:24:57PM +1000, Mark Andrews wrote:
>
> In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
> > > That'd be easy if you were just starting up an ISP. What do you do with
> > > your existing customer base? If their current service includes a
> > > dy
Hi,
Could someone from PeeringDB contact me off-list please. Or if anyone
has any contact details other than the supp...@peeringdb.com address
that would be much appreciated.
Thanks
Patrick
On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
>
> > You are charmingly naive about how "the law" actually works in the USA -
> > that is IMHO.
>
> Yes, things vary around the world. You failed to state "In the
> USA". There is plenty of case law in Australia about companies
> at
mailop was the place to ask, thanks again.
> Have you tried asking mailop or spam-l ?
>
> ~Seth
>
I will admit I have the same issue with a both my BGP sessions over GRE as
well, which is really annoying, but I only use this for remote hopping over to
my other lab, not for anything I would ever do in production so I haven't
bothered opening a case on it yet. Glad to know I am not the only on
> In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
> > > That'd be easy if you were just starting up an ISP. What do you do with
> > > your existing customer base? If their current service includes a
> > > dynamic public IPv4 address, you can't gracefully take it away, wit
In message <20100420121646.ge15...@vacation.karoshi.com.>, bmann...@vacation.ka
roshi.com writes:
> On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
> >
> > > You are charmingly naive about how "the law" actually works in the USA -
> > > that is IMHO.
> >
> > Yes, things vary around
Hi Patrick,
On 20.04.2010 14:14 Patrick Sumby wrote
> Could someone from PeeringDB contact me off-list please. Or if anyone
> has any contact details other than the supp...@peeringdb.com address
> that would be much appreciated.
>
does supp...@peeringdb.com not work for you?
Best regards,
Arn
Hi Arnold,
Sadly not, I've sent a number of emails to supp...@peeringdb.com and had
no reply :( which is why I'm here!
Cheers
Patrick
Arnold Nipper wrote:
Hi Patrick,
On 20.04.2010 14:14 Patrick Sumby wrote
Could someone from PeeringDB contact me off-list please. Or if anyone
has any con
On Apr 20, 2010, at 5:40 AM, Joe Greco wrote:
>> In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
That'd be easy if you were just starting up an ISP. What do you do with
your existing customer base? If their current service includes a
dynamic public IPv4 a
On Mon, 19 Apr 2010 19:57:04 -0700
Owen DeLong wrote:
>
> On Apr 19, 2010, at 3:10 PM, Florian Weimer wrote:
>
> > * Leo Bicknell:
> >
> >> I know of no platform that does hardware NAT. Rather, NAT is a CPU
> >> function. While this is another interesting scaling issue, it means
> >> this da
[Sent to multiple lists; apologies for the duplicates]
On behalf of the North American Network Operators' Group (NANOG) and the
American Registry for Internet Numbers (ARIN), I would like to take this
opportunity to draw your attention to the 2010 Postel Network Operator's
Scholarship.
The Poste
On Tue, 20 Apr 2010 12:16:46 +
bmann...@vacation.karoshi.com wrote:
> On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
> >
> > > You are charmingly naive about how "the law" actually works in the USA -
> > > that is IMHO.
> >
> > Yes, things vary around the world. You failed to
In message <201004201240.o3kcehl4074...@aurora.sol.net>, Joe Greco writes:
> > In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
> > > > That'd be easy if you were just starting up an ISP. What do you do with
> > > > your existing customer base? If their current service in
Joe Greco wrote:
And what'll you do for your customers when you have no more IPv4
addresses?
IPv6, request IPv4 from my transit providers, buy a small ISP that has
IPv4 address, consolidate my own IP addressing much tighter, butchering
the clean allocations and routing table.
Quit selling
On Tue, 20 Apr 2010 23:02:26 +0930, Mark Smith said:
> access like you used to. You guys sue over hot coffee (of both
> kinds)!
Well.. yeah. When it causes 3rd degree burns, you start thinking about suing.
http://www.lectlaw.com/files/cur78.htm
"McDonalds also argued that consumers know coffee
Mark Smith wrote:
On Mon, 19 Apr 2010 19:57:04 -0700
Owen DeLong wrote:
Pushing functions as closer to the edge of the network usually makes
them easier to scale and more robust and resilient to failure.
There might be more chance of failure, but there is less consequence.
Specific to CGN/
Patrick (et al.)
On 20.04.2010 15:04 Patrick Sumby wrote
> Sadly not, I've sent a number of emails to supp...@peeringdb.com and had
> no reply :( which is why I'm here!
>
if you run into the same problem pls feel free to contact anyone listed
as peeringDB admin (see e.g.
http://www.menog.net/s
On Tue, Apr 20, 2010 at 10:45:02PM +1000, Mark Andrews wrote:
>
> In message <20100420121646.ge15...@vacation.karoshi.com.>,
> bmann...@vacation.ka
> roshi.com writes:
> > On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
> > >
> > > > You are charmingly naive about how "the law" act
>But regardless of what it is called people usually know what they
>signed up for and when what has worked for the 5-6 years suddenly
>breaks ...
If a consumer ISP moved its customers from separate IPs to NAT, what
do you think would break? I'm the guy who was behind a double NAT for
several mont
On 2010-04-20 10:53, John Levine wrote:
Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.
http://tools.ietf.org/html/draft-ford-shared-addressing-issues
Simon
John Levine wrote:
Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that d
On Apr 20, 2010, at 7:53 AM, John Levine wrote:
>> But regardless of what it is called people usually know what they
>> signed up for and when what has worked for the 5-6 years suddenly
>> breaks ...
>
> If a consumer ISP moved its customers from separate IPs to NAT, what
> do you think would br
We are in the process of replacing some SSGs (and NSes) with SRXes. The
biggest issues so far that we've faced are:
1. Although the devices can be used at the core you can't enable
"multifunction" IDP (i.e. you can only enable the filters for HTTP or
Fileserver etc, not all at the same time or the
Did you use Yahoo IM, AIM, or Skype?
Yes, yes, and yes. Works fine.
Did you use any of those for
Video Chat and/or to transfer files?
Skype video chat, all the time, works fine. Don't remember about file
transfer.
Did you do any peer to peer filesharing?
Yeah, I got the latest Freebs
IPv4 Options now Deprecated - Header Length Always 5 (0101) - 160 Bits=32x5
http://www.ietf.org/mail-archive/web/rrg/current/msg06481.html
n...@t box firmware updates ensure no IPv4 Options are sent Upstream.
IPv4 TTL fields should now be 3+1+4 with the left-most 3 bits Deprecated
(Re-Purposed)
On Tue, Apr 20, 2010 at 11:31 AM, IPv16.com wrote:
> IPv4 Options now Deprecated - Header Length Always 5 (0101) - 160 Bits=32x5
that's not what the message says at all, thanks for playing, pls don't
spray the list with meaningless content.
-chris
On Tue, 20 Apr 2010, John R. Levine wrote:
Skype video chat, all the time, works fine. Don't remember about file
transfer.
Whenever I am behind NAT and talk to someone else who is behind NAT skype
seems to lower the quality, my guess it's because it now bounces traffic
via another non-NATed
On 4/20/10 6:38 PM, Mikael Abrahamsson wrote:
On Tue, 20 Apr 2010, John R. Levine wrote:
Skype video chat, all the time, works fine. Don't remember about
file transfer.
Whenever I am behind NAT and talk to someone else who is behind NAT
skype seems to lower the quality, my guess it's beca
Owen DeLong wrote:
The hardware cost of supporting LSN is trivial. The management/maintenance
costs and the customer experience -> dissatisfaction -> support calls ->
employee costs will not be so trivial.
Interesting opinion but not backed up by experience.
By contrast John Levine wrote:
My
On Apr 20, 2010, at 10:29 AM, Roger Marquis wrote:
> Owen DeLong wrote:
>> The hardware cost of supporting LSN is trivial. The management/maintenance
>> costs and the customer experience -> dissatisfaction -> support calls ->
>> employee costs will not be so trivial.
>
> Interesting opinion but
Simon Perreault wrote:
http://tools.ietf.org/html/draft-ford-shared-addressing-issues
The Ford Draft is quite liberal in its statements regarding issues with
NAT. Unfortunately, in the real-world, those examples are somewhat fewer
and farther between than the draft RFC would lead you to believ
Roger Marquis wrote:
Considering how many end-users sit behind NAT firewalls and non-firewall
gateways at home, at work, and at public access points all day without
issue, this is a particularly good example of the IETF's ongoing issues
with design-by-committee, particularly committees short on s
On 4/20/2010 10:29 AM, Roger Marquis wrote:
Interesting how the artificial roadblocks to NAT66 are both delaying the
transition to IPv6 and increasing the demand for NAT in both protocols.
Nicely illustrates the risk when customer demand (for NAT) is ignored.
This is really tiresome. IPv4 NAT e
On 2010-04-20, at 14:59, joel jaeggli wrote:
> On 4/20/2010 10:29 AM, Roger Marquis wrote:
>> Interesting how the artificial roadblocks to NAT66 are both delaying the
>> transition to IPv6 and increasing the demand for NAT in both protocols.
>> Nicely illustrates the risk when customer demand (fo
On Apr 20, 2010, at 11:56 AM, Jack Bates wrote:
> Roger Marquis wrote:
>> Considering how many end-users sit behind NAT firewalls and non-firewall
>> gateways at home, at work, and at public access points all day without
>> issue, this is a particularly good example of the IETF's ongoing issues
>
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat traversal (either doesn't support it, or big corp A refuses to
Greetings,
This may seem like a stupid question, but in IPV4 there are a few
"reserved" bits which I've not seen used, but perhaps I am behind the times.
With regard to these, what if one was to use such to delegate a second venue
of IP space? In otherwords flip a bit in the flags reser
Once upon a time, Roger Marquis said:
> Address conservation aside, the main selling point of NAT is its filtering
> of inbound
> session requests. NAT _always_ fails-closed by forcing inbound connections
> to pass
> validation by stateful inspection. Without this you'd have to depend on
> le
On 2010-04-20, at 15:31, Roger Marquis wrote:
> If this were really an issue I'd expect my nieces and nephews, all of whom
> are big
> game players, would have mentioned it. They haven't though, despite being
> behind
> cheap NATing CPE from D-Link and Netgear.
I have heard it said before tha
You're literally talking about modifying code on every computer, router,
printer,
and other device with an IP address as well as updating every application,
routing protocol, etc. Pretty much the same set of requirements for deploying
IPv6, but, with IPv6, we've at least already done the code on m
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
> Jack Bates wrote:
>> .01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
>> programs that dislike multiple connections from a single IP, and the
>> crap load of vpn clients that appear on the network and do not support
>> n
All:
In the process of requesting a block of IP's for a client, ARIN requested
that we list Reverse DNS Servers for the block. I've never done this
before, nor have I ever thought it through.
What is the purpose for this besides resolving name-based reverse lookups?
Are there any definitive guid
On Apr 20, 2010, at 12:55 PM, Joe Abley wrote:
>
> On 2010-04-20, at 15:31, Roger Marquis wrote:
>
>> If this were really an issue I'd expect my nieces and nephews, all of whom
>> are big
>> game players, would have mentioned it. They haven't though, despite being
>> behind
>> cheap NATing C
> What is the purpose for this besides resolving name-based reverse lookups?
Resolving the reverse lookups IS the reason they need the nameservers
- how else do you reckon queries on one of your IPs would end up
finding the correct answer? In the same manner that you tell your
domain registrar whe
On Tue, 20 Apr 2010, James Martin wrote:
What is the purpose for this besides resolving name-based reverse lookups?
Are there any definitive guides out there on how this works (besides the
ARIN site)?
It's for resolving address-based lookups. When ARIN allocates address
space to you, you now
On 04/20/2010 09:31 PM, Roger Marquis wrote:
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat traversal (eithe
On 4/20/2010 15:26, Antonio Querubin wrote:
> On Tue, 20 Apr 2010, James Martin wrote:
>
>> What is the purpose for this besides resolving name-based reverse lookups?
>> Are there any definitive guides out there on how this works (besides the
>> ARIN site)?
>
> It's for resolving address-based lo
Hello.
Can someone at Intrado contact me sometime soon? Your voicemails are
not being returned, as with your emails.
I'd love to give you money, but without details, I can't .
Joe
Roger Marquis wrote:
If this were really an issue I'd expect my nieces and nephews, all of
whom are big
game players, would have mentioned it. They haven't though, despite
being behind
cheap NATing CPE from D-Link and Netgear.
Disable the uPNP (some routers lack it, and yes, it breaks and mi
All (and apologies for the slight off-topic-ness),
I need to get hold of a config file for a Cisco 9971 handset that has been
generated by Cisco Call Manager (or, rather Cisco Unified Communications
Manager) release 7.1(3b)SU1 or higher.
Does anyone have access to such a system and would be prep
On Tue, 20 Apr 2010 18:38:33 +0200 (CEST)
Mikael Abrahamsson wrote:
> On Tue, 20 Apr 2010, John R. Levine wrote:
>
> > Skype video chat, all the time, works fine. Don't remember about file
> > transfer.
>
> Whenever I am behind NAT and talk to someone else who is behind NAT skype
> seems to
On Tue, 20 Apr 2010 10:29:02 -0700 (PDT)
Roger Marquis wrote:
> Owen DeLong wrote:
> > The hardware cost of supporting LSN is trivial. The management/maintenance
> > costs and the customer experience -> dissatisfaction -> support calls ->
> > employee costs will not be so trivial.
>
> Interestin
On Tue, 20 Apr 2010 10:38:17 -0700
Owen DeLong wrote:
>
> On Apr 20, 2010, at 10:29 AM, Roger Marquis wrote:
>
> > Owen DeLong wrote:
> >> The hardware cost of supporting LSN is trivial. The management/maintenance
> >> costs and the customer experience -> dissatisfaction -> support calls ->
> >
On 04/20/2010 04:51 PM, Jack Bates wrote:
> uPNP at a larger scale? Would require some serious security and
> scalability analysis.
This is the latest proposal. The Security Considerations section needs
some love...
http://tools.ietf.org/html/draft-wing-softwire-port-control-protocol
Simon
--
N
Just a follow-up: Amazon posted a response at
https://aws.amazon.com/security/ which discusses the issue and what they're
doing to improve things.
Frank
-Original Message-
From: Erik L [mailto:erik_l...@caneris.com]
Sent: Monday, April 12, 2010 11:52 AM
To: nanog@nanog.org
Subject: RE: S
Simon Perreault wrote:
This is the latest proposal. The Security Considerations section needs
some love...
http://tools.ietf.org/html/draft-wing-softwire-port-control-protocol
Nice read. IF it ever makes it into all the necessary clients, then
perhaps it might be a bit more feasible. That is
On 20/04/2010, at 1:28 PM, Mark Andrews wrote:
> Changing from a public IP address to a private IP address is a big
> change in the conditions of the contract. People do select ISP's
> on the basis of whether they will get a public IP address or a
> private IP address.
Seems to me your objectio
On Tue, 20 Apr 2010 12:59:32 -0700
Owen DeLong wrote:
>
> On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
>
> > Jack Bates wrote:
> >> .01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
> >> programs that dislike multiple connections from a single IP, and the
> >> crap
Dear janes
as I know many services use reverse lookup as a sender authentication technique.
e.g. Email server using this technique to reduce spams.( if the ip adress of
sending smtp server has no reverse lookup it's messages will be considered
spam).
regards,
> Date: Tue, 20 Apr 2010 16:08:04
On Tue, 20 Apr 2010 18:03:09 EDT, Simon Perreault said:
> This is the latest proposal. The Security Considerations section needs
> some love...
I may be the only one that finds that unintentionally hilarious.
In any case, to a first-order approximation, it doesn't even matter all that
much securi
Jack Bates wrote:
Disable the uPNP (some routers lack it, and yes, it breaks and microsoft
will tell you to get uPNP capable NAT routers or get a new ISP).
Thing is, neither of these cheap CPE has UPNP enabled, which leads me to
question whether claims regarding large numbers of serverless mult
In message <67d28817-d47b-468f-9212-186c60531...@internode.com.au>, Mark Newton
writes:
>
> On 20/04/2010, at 1:28 PM, Mark Andrews wrote:
>
> > Changing from a public IP address to a private IP address is a big
> > change in the conditions of the contract. People do select ISP's
> > on the ba
On 4/20/2010 2:59 PM, Mark Smith wrote:
>
> Customers never asked for NAT. Ask the non-geek customer if they went
> looking for a ISP plan or modem that supports NAT and they'll look at
> you funny. Ask them if they want to share their Internet access between
> multiple devices in their home,
with
Roger Marquis wrote:
Thing is, neither of these cheap CPE has UPNP enabled, which leads me to
question whether claims regarding large numbers of serverless multi-user
game users are accurate.
I'd say it's a question for m$. I've seen it break, I've had to
reprogram older cpe's that didn't have
valdis.kletni...@vt.edu wrote:
(Yes, defense in depth is a Good Thing. But that external firewall isn't
doing squat for your security if it actually accepts uPNP from inside.)
In this case we are referring to uPNP functionality at a LSN level. uPNP
as it sits will not work at all, and securit
Once upon a time, valdis.kletni...@vt.edu said:
> In any case, to a first-order approximation, it doesn't even matter all that
> much security wise. I mean - let's be *honest* guys. After XP SP2 got any
> significant market penetration, pretty much everybody had a host-based
> firewall
> that d
On Tue, 20 Apr 2010, Chris Adams wrote:
than PCs all the time, such as network printers (which have a very
spotty security record, especially on the cheap end) and disk servers.
Network devices like that _can't_ just block all access.
Windows XP SP2 and later has the concept of different "zon
On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
> On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
> > NAT _always_ fails-closed
> Stateful Inspection can be implemented fail-closed.
Not to take issue with either statement in particular, but I think there
needs to be some consideration of
On 4/20/2010 6:34 PM, Karl Auer wrote:
On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
NAT _always_ fails-closed
I love this statement particularly in the context of enterprise networks...
When you pop the label off an l3 vpn or pseudo
Once upon a time, Mikael Abrahamsson said:
> Windows XP SP2 and later has the concept of different "zones" (or whatever
> it's called) where it'll allow things from the local subnet but not from
> outside of it, if you tell it so. I know people who configure their
> network printers without def
> Frankly, when you hear people strongly using the argument stateful
> firewalling == NAT, you start to wonder if they've ever seen a stateful
> firewall using public addresses.
I'd hazard a guess that the number of hosts behind NAT gateways is an order
of magnitude -- probably two-- greater than
>
> Frankly, when you hear people strongly using the argument stateful
> firewalling == NAT, you start to wonder if they've ever seen a stateful
> firewall using public addresses.
>
I've run several of them.
Why do you ask?
Owen
On Apr 20, 2010, at 6:34 PM, Karl Auer wrote:
> On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
>> On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
>>> NAT _always_ fails-closed
>> Stateful Inspection can be implemented fail-closed.
>
> Not to take issue with either statement in particul
and a very pleasant evening.
a few questions.
IPv6 on your radar?
Looking at options for addressing your future v6 needs?
Have you looked at the IETF/ID in the subject line?
if you think something like this is a good idea, worth
persuing, I'd like to hear from you.
--bill
On Tue, Apr 20, 2010 at 3:08 PM, James Martin wrote:
> All:
> In the process of requesting a block of IP's for a client, ARIN requested
> that we list Reverse DNS Servers for the block. I've never done this
> before, nor have I ever thought it through.
The Reverse DNS zone is for mapping interne
In message , Owen DeLong write
s:
>
> On Apr 20, 2010, at 6:34 PM, Karl Auer wrote:
>
> > On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
> >> On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
> >>> NAT _always_ fails-closed
> >> Stateful Inspection can be implemented fail-closed.
> >
>
Why don't they use IPv6 instead of uPnP?
They control the consumer box (and PS3, XBOX, are not cheap boxes) and
they control the gaming servers.
Look at the feature back to my mac., it opens when possible an IPv6 over IPv4
toredo tunnel, so that apple servers can easily contact back the de
On 4/20/2010 6:34 PM, Karl Auer wrote:
On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
NAT _always_ fails-closed
I love this statement particularly in the context of enterprise networks...
When you pop the label off an l3 vpn or pseudo
On Apr 20, 2010, at 3:55 PM, Joe Abley wrote:
>
> On 2010-04-20, at 15:31, Roger Marquis wrote:
>
>> If this were really an issue I'd expect my nieces and nephews, all of whom
>> are big
>> game players, would have mentioned it. They haven't though, despite being
>> behind
>> cheap NATing CP
While I think this is an improvement, unless the distribution of ULA-C is no
cheaper
and no easier to get than GUA, I still think there is reason to believe that it
is likely
ULA-C will become de facto GUA over the long term.
As such, I still think the current draft is a bad idea absent appropri
I see a need for stable, permanent blocks of addresses within an organization.
For example, a branch office connecting to a central office over VPN: firewall
rules need to be predictable. If the branch office' IPv6 block changes, much
access will break. This is directly analogous to how RFC1918
On Tue, 2010-04-20 at 21:27 -0700, Owen DeLong wrote:
> I believe we are talking about the case where some engineer
> fat-fingers a change and Roger's claim is that a stateful inspection
> without NAT box will permit unintended traffic while a NAT box will
> not.
Possibly restating Mark's point, b
http://www.os-bc.de/home.php
--
Charles Morris
cmor...@cs.odu.edu,
cmor...@occs.odu.edu
Network Security Administrator,
Software Developer
Office of Computing and Communications Services,
CS Systems Group Old Dominion University
http://www.cs.odu.edu/~cmorris
On Tue, Apr 20, 2010 at 10:26:17AM -1000, Antonio Querubin wrote:
> On Tue, 20 Apr 2010, James Martin wrote:
> >What is the purpose for this besides resolving name-based reverse lookups?
> >Are there any definitive guides out there on how this works (besides the
> >ARIN site)?
>
> It's for resolvi
94 matches
Mail list logo
