I'm wondering how many operators don't have systems in place to
quickly and efficiently filter problem host systems.
I see a lot of talk of ACL usage, but not much about uRPF and black
hole filtering.
There are a few white papers that are worth a read:
http://www.cisco.com/c/dam/en/us/products/co
You mean, like Bcp38(.info)?
On February 28, 2014 9:02:03 AM EST, Ray Soucy wrote:
>I'm wondering how many operators don't have systems in place to
>quickly and efficiently filter problem host systems.
>I see a lot of talk of ACL usage, but not much about uRPF and black
>hole filtering.
>
>There
On Feb 28, 2014, at 9:11 AM, Ryan Shea wrote:
> Keegan, don't get me wrong, I am not suggesting that even if version numbers
> were happily encoded in robust comments that this would be the same as
> actually digesting the configuration. If the function of checking using
> 'fancy versioning'
On Feb 27, 2014, at 7:38 PM, Keegan Holley wrote:
> Putting aside the fact that snippets aren’t a good way to conceptualize
> deployed router code, my gut still tells me to question the question here.
What I have always wanted is a way to group configuration, in particular by
customer. Ideal
When I was looking at the website before I didn't really see any
mention of uRPF, just the use of ACLs, maybe I missed it, but it's not
encouraging if I can't spot it quickly. I just tried a search and the
only thing that popped up was a how-to for a Cisco 7600 VXR.
http://www.bcp38.info/index.ph
Hi Chris,
Le 23/02/2014 01:43, Chris Laffin a écrit :
> It would be really cool if peering exchanges could police ntp on their
> connected members.
Well, THIS looks like the worst idea ever. Wasting ASIC ressources on
IXP's dataplanes is a wet-dream for anyone willing to kill the network.
IXP's
Hi Royce,
Le 23/02/2014 20:48, Royce Williams a écrit :
> Newb question ... other than retrofitting, what stands in the way of
> making BCP38 a condition of peering?
Good point ! And simple answer : most peers wouldn't support the hassle
yet, thus reducing peering density and interest.
I operate
- Original Message -
> From: "Jérôme Nicolle"
> Le 23/02/2014 01:43, Chris Laffin a écrit :
> > It would be really cool if peering exchanges could police ntp on
> > their connected members.
>
> Well, THIS looks like the worst idea ever. Wasting ASIC ressources on
> IXP's dataplanes is a
* ra...@psg.com (Randy Bush) [Thu 27 Feb 2014, 06:10 CET]:
is there any modern utility in chargen?
No. But as we're not Apple, we don't get to decide what's good for
the end user.
Who knows, when CGNs become commonplace we'll start to run out of
ephemeral ports and we'll have to start usin
- Original Message -
> From: "Ray Soucy"
> When I was looking at the website before I didn't really see any
> mention of uRPF, just the use of ACLs, maybe I missed it, but it's not
> encouraging if I can't spot it quickly. I just tried a search and the
> only thing that popped up was a ho
On 2/28/14, 10:24 , Leo Bicknell wrote:
What I have always wanted is a way to group configuration, in particular by
customer. Ideally with the ability to see it both as a unified view, and also
as a per-customer view.
For instance:
customer A
interface GigabitEthernet1/2/3.10
des
>> It would be really cool if peering exchanges could police ntp on
>> their connected members.
> Well, THIS looks like the worst idea ever.
while i agree that this is an extremely stupid idea, clearly you have
not been reading this list for very long
randy
>> is there any modern utility in chargen?
> Who knows, when CGNs become commonplace we'll start to run out of
> ephemeral ports and we'll have to start using ports < 1024 too.
> Would be a shame if their use were impeded by old ACLs lying around.
woah! i did not suggest acls. i was assuming
Le 28/02/2014 17:00, Jay Ashworth a écrit :
>> From: "Jérôme Nicolle"
>> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
>> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
>> the role of BCP38 offenders within member ports. It's almost like uRPF
>> in a
Hi Randy,
Le 28/02/2014 17:15, Randy Bush a écrit :
> clearly you have not been reading this list for very long
Well... Busted. All things considered, there surelly has been more
stupid proposals.
--
Jérôme Nicolle
+33 6 19 31 27 14
is there any modern utility in chargen?
Who knows, when CGNs become commonplace we'll start to run out of
ephemeral ports and we'll have to start using ports < 1024 too.
Would be a shame if their use were impeded by old ACLs lying
around.
* ra...@psg.com (Randy Bush) [Fri 28 Feb 2014, 17:23 C
On Fri, Feb 28, 2014 at 9:02 AM, Ray Soucy wrote:
> If you have uRPF enabled on all your access routers then you can
> configure routing policy such that advertising a route for a specific
> host system will trigger uRPF to drop the traffic at the first hop, in
> hardware.
note that 'in hardware'
On 28/02/2014 15:42, Jérôme Nicolle wrote:
> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
> the role of BCP38 offenders within member ports. It's almost like uRPF
> in an intelligent and useable form.
On Feb 28, 2014, at 11:52 , Nick Hilliard wrote:
> On 28/02/2014 15:42, Jérôme Nicolle wrote:
>> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
>> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
>> the role of BCP38 offenders within member ports. It's
To all,
I (ASR1001) had an experience recently where the Telco (Juniper) told me that I
was sending them 1000+ routes when I attempted to re-establish a BGP session;
subsequently they would not allow this and they refused the session.
I had no sync on and a prefix list so I was advertising only
Le 28/02/2014 17:52, Nick Hilliard a écrit :
> this will break horribly as soon as you have an IXP member which provides
> transit to other multihomed networks.
It could break if filters are based on announced prefixes. That's
preciselly why uRPF is often useless.
On the other hand, if a member p
On Fri Feb 28, 2014 at 08:58:02AM -0800, Philip Lavine wrote:
> I had no sync on and a prefix list so I was advertising only one route. Even
> though I hard reset the session on my end the Telco for some reason kept
> seeing me send the routes. I finally called them and had them reset their end
> a
On Fri, Feb 28, 2014 at 8:58 AM, Philip Lavine wrote:
> To all,
>
> I (ASR1001) had an experience recently where the Telco (Juniper) told me that
> I was sending them 1000+ routes when I attempted to re-establish a BGP
> session; subsequently they would not allow this and they refused the sessio
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-st...@lists.ap
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222
This report has been generated at Fri Feb 28 21:13:43 2014 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/2.0 for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 20-Feb-14 -to- 27-Feb-14 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS982941608 1.8% 41.4 -- BSNL-NIB National Internet
Backbone
2 - AS84023
Apologies if I slept through prior discussions on the topic.
E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the
following error:
#@YAHOO.COM
Last error: 5.7.9 554 5.7.9 Message not accepted for policy reasons. See
http://postmaster.yahoo.com/errors/postmaster-2
On Saturday, March 1, 2014, Matthew Black wrote:
> Apologies if I slept through prior discussions on the topic.
> E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the
> following error:
Alive and well after the standard evolved. Google DKIM and then DMARC.
I doubt anything
In article
you
write:
>Apologies if I slept through prior discussions on the topic.
Regardless of what various aging web pages and un-upgraded mail
software might say, Domainkeys is as dead as a doornail, even at
Yahoo. Use DKIM, you'll be happier, even at Yahoo.
R's,
John
The IANA AS Numbers registry has been updated to reflect the allocation of 2
blocks to the RIPE NCC in 2014-02-28:
200192-201215
201216-202239
You can find the IANA AS Numbers registry at:
http://www.iana.org/assignments/as-numbers/as-numbers.xml
Regards,
Selina Harrington
**
5.7.4 means "you told us not to accept your mail unless it was validly
signed and it is not".
The solution for this is to make sure that mail with a From: in a domain
that requires this is validly signed.
Yahoo does not care whether you use DKIM or DomainKeys for this purpose;
other people may wel
+1 in my experience uRPF get’s enabled, breaks something or causes confusion
(usually related to multi-homing) and then get’s disabled.
On Feb 28, 2014, at 11:49 AM, Christopher Morrow
wrote:
> On Fri, Feb 28, 2014 at 9:02 AM, Ray Soucy wrote:
>> If you have uRPF enabled on all your access ro
On 2/28/2014 18:36, Suresh Ramasubramanian wrote:
> On Saturday, March 1, 2014, Matthew Black wrote:
>
>> Apologies if I slept through prior discussions on the topic.
>> E-mail from our L-Soft LISTSERV was recently rejected by Yahoo with the
>> following error:
>
>
> Alive and well after the st
Thus spake Ryan Shea (ryans...@google.com) on Thu, Feb 27, 2014 at 09:38:33AM
-0500:
>
> Now, I hand you the 'show run' output and ask you if version 77 of the vty
> config is on this device. Can you answer the question? Now I hand you the
> 'show run' from 10,000 more device configs - and 100 mo
Thus spake Keegan Holley (no.s...@comcast.net) on Fri, Feb 28, 2014 at
09:49:19AM -0500:
> I wasn’t saying just fix it. I was saying that router configs don’t lend
> well to versioning.
Um, what?
$> rlog r-cssc-b280c-1-core.conf | grep 'total revision'
total revisions: 2009; selected revisi
>If your LISTSERV
> -- gets mail from somebody with a domain that requires their mail to be
>validly signed (for instance, via DMARC)
> -- leaves that sender's address in the From: line
> -- and breaks the DKIM signature
Ah, that problem.
I'd strongly suggest a shim in front of
On Mar 1, 2014, at 9:14 AM, Keegan Holley wrote:
> +1 in my experience uRPF get’s enabled, breaks something or causes confusion
> (usually related to multi-homing) and then get’s disabled.
Enabling loose-check - even with allow-default - is useful solely for S/RTBH,
if nothing else.
On Feb 28, 2014, at 9:35 PM, Dale W. Carder wrote:
> Thus spake Keegan Holley (no.s...@comcast.net) on Fri, Feb 28, 2014 at
> 09:49:19AM -0500:
>> I wasn’t saying just fix it. I was saying that router configs don’t lend
>> well to versioning.
>
> Um, what?
>
> $> rlog r-cssc-b280c-1-core.
- Original Message -
> From: eric-l...@truenet.com
> Subject: Any experience with Comcast digital voice for OOB (offlist is fine)
You're asking if a VoIP link could be used with traditional modems to do OOB
management?
I'm pretty sure the answer is a flat no: any modems faster than 1200
40 matches
Mail list logo
