good isp's / peers are in no particular order
bt
telstra ex psinet uk/eu
colin
Sent from my iPhone
> On 17 Jul 2015, at 07:52, Jared Geiger wrote:
>
> HE uses Telia for Transit. So you won't gain much redundancy there. I would
> go with Cogent if you have lots of European customers and North A
Ricky Beamwrote:
> On Wed, 15 Jul 2015 22:32:19 -0400, Mark Andrews wrote:
> > You can blame the religious zealots that insisted that everything DHCP
> > does has to also be done via RA's.
>
> I blame the anti-DHCP crowd for a lot of things. RAs are just dumb.
> There's a reason IPv4 can do *ever
Rather than a peer, it might be an okay idea to try out peering at NYIIX
(and if the funds permit to get transport, AMS-IX/DE-CIX).
You'll quickly find that peering is *very* useful in Europe, if you have
any EU bound traffic at all.
On 7/17/2015 午後 04:06, Colin Johnston wrote:
good isp's /
Hibernia (5580) have good latency throughout Europe and are huge on AMS-IX.
Latency is around 18ms from Edinburgh to Amsterdam and 5ms from London via
their network.
Used them for transit and they gave me a circuit onto AMS-IX too which
could be worth you looking into.
Between the route servers
many web sites are gonna have to upgrade ciphers and get rid of flash.
this will take vastly longer than prudence would dictate.
randy
Well, this block also affects people who have old management hardware
around using such ciphers that are for example no longer supported. In my
case for example the old Dell DRAC's. And it seems there is no way to
disable this block.
Ok, it is good to think about security, but not giving you any c
Date: Fri, 17 Jul 2015 15:38:13 +0900
"Paul S." wrote
> I let IIJ know too, hopefully they'll filter it soon.
It seems AS7514 stopped the announcements around 06:54UTC.
I am not sure how BGPmon guesses AS relationships, but it needs
improvements as it shows IIJ as an upstream of AS7514 wrongly.
any idea why error happened ?
what config needs fixing to mitigate mistake?
it was easy to see problem via ripe atlas :)
colin
Sent from my iPhone
> On 17 Jul 2015, at 09:32, Matsuzaki Yoshinobu wrote:
>
> Date: Fri, 17 Jul 2015 15:38:13 +0900
> "Paul S." wrote
>> I let IIJ know too, hopefull
Colin Johnston wrote
> any idea why error happened ?
> what config needs fixing to mitigate mistake?
> it was easy to see problem via ripe atlas :)
I just got brief explanation from a friend in AS7514.
A router in their network suddenly went out of control, and it seems
this somehow generated wr
even if customer router crash fault, should have been filtered via prefix list
blocking to only allow customer network prefixs to be anounced onwards ? as per
best practice
colin
Sent from my iPhone
> On 17 Jul 2015, at 09:55, Matsuzaki Yoshinobu wrote:
>
> Colin Johnston wrote
>> any idea w
Colin Johnston wrote
> even if customer router crash fault, should have been filtered via
> prefix list blocking to only allow customer network prefixs to be
> anounced onwards ? as per best practice
Yes, I agree, and we have done that. How about peering partners -
which is our case this time.
On 17/Jul/15 11:46, Matsuzaki Yoshinobu wrote:
> Yes, I agree, and we have done that. How about peering partners -
> which is our case this time. Is it feasible to maintain strict
> inbound prefix filters for all peering relationships?
To be honest, not really.
Some countries I know do this f
On Wed, Jul 15, 2015 at 4:43 PM, Ricky Beam wrote:
> On Wed, 15 Jul 2015 16:20:11 -0400, Lee Howard wrote:
>>
>> Business Class DOCSIS customers get a prefix automatically (unless you
>> provide your own gateway and DHCPv6 isn¹t enabled).
>
doesn't the last paranthetical here
>
> I looked last
> On 17.07.2015, at 12:03, Mark Tinka wrote:
>
> Some countries I know do this for their exchange points. But
> by-and-large, it is not scalable. Same goes for AS_PATH lists for peering.
it does scale.
We do this for all our routeservers at all exchange points we operate.
In Frankfurt we have 7
On 17/Jul/15 12:47, Wolfgang Tremmel wrote:
> it does scale.
> We do this for all our routeservers at all exchange points we operate.
> In Frankfurt we have 745 peers on our routeservers.
So you have prefix and AS_PATH lists for each of the members you peer
with that strictly define the prefixes
Wolfgang, it's unfair ... you do not have to deal with hardware routers :).
Install AS_PATH ACL and prefix list on a Cisco router (e.g. with an
RSP720-3CXL) and you'll run into lots of pain ...
best regards
Jürgen Jaritsch
Head of Network & Infrastructure
ANEXIA Internetdienstleistungs GmbH
On 7/17/2015 4:26 AM, Alexander Maassen wrote:
Well, this block also affects people who have old management hardware
around using such ciphers that are for example no longer supported. In my
case for example the old Dell DRAC's. And it seems there is no way to
disable this block.
Ok, it is goo
On 7/15/15 9:10 AM, John R. Levine wrote:
>>> It would be nice if it were possible to implement BCP 38 in IPv6,
>>> since this
>>> is the reason it isn't in IPv4.
>>
>> There isn't any technical reason that an organization can't fix its edge
>> so it doesn't urinate bad IPv6 traffic all over the In
After making the about:config changes, no warning is given to the user about
the bad ciphers. Even if you click the SSL lock icon, no warning is given. Only
if you know that the connection being made with
"TLS_RSA_WITH_AES_128_CBC_SHA,128 bit keys, TLS 1.0" is a bad thing would you
have any clu
On 07/17/2015 08:41 AM, Robert Drake wrote:
> I've also got a jetty server (opennms) that broke due to this,
> so I upgraded and fixed the SSL options and it's still broken in some
> way that won't log errors. I have no time to track that down so the
> workaround is to use the unencrypted version
As of 38.0.5, this no longer is even an option, as they removed sslv3
support, see the reviews at
https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
On Fri, July 17, 2015 2:41 pm, Robert Drake wrote:
>
>
> On 7/17/2015 4:26 AM, Alexander Maassen wrote:
>> Well, this block also aff
On 7/17/15, 6:25 AM, "Christopher Morrow" wrote:
>On Wed, Jul 15, 2015 at 4:43 PM, Ricky Beam wrote:
>> On Wed, 15 Jul 2015 16:20:11 -0400, Lee Howard wrote:
>>>
>>> Business Class DOCSIS customers get a prefix automatically (unless you
>>> provide your own gateway and DHCPv6 isn¹t enabled).
To Ramy,
Thank you for the acknowledgement. DDoS Mitigation service providers,
regardless if its pure cloud, hybrid cloud, or CPE only, all face these
challenges when it comes to DDoS Attacks.
Can you restate your question again or rephrase it for the forum? Seems
there is some confusion or maybe
Lee Howard wrote:
>
>
> On 7/16/15, 4:32 PM, "Joe Maimon" wrote:
>
>>
>>
>> Lee Howard wrote:
>>>
>>> So, you would like to update RFC 1112, which defines and reserves Class
>>> E?
>>> That¹s easy enough. If somebody had a use in mind for the space, anybody
>>> can write such a draft assignin
Baldur Norddahl wrote:
On 17 July 2015 at 00:29, Joe Maimon wrote:
All I am advocating is that if ever another draft standard comes along to
enable people to try and make something of it, lead follow or get out of
the way.
If I understand correctly you want someone (not you) to write a RF
Owen DeLong wrote:
On Jul 16, 2015, at 15:29 , Joe Maimon wrote:
All I am advocating is that if ever another draft standard comes along to
enable people to try and make something of it, lead follow or get out of the
way.
Sometimes good leadership is knowing when to say “not just no, but
Dictatorship enabled by consensus == Democratic Republic, Welcome to
America!
On 7/17/15 12:17 PM, Joe Maimon wrote:
Owen DeLong wrote:
On Jul 16, 2015, at 15:29 , Joe Maimon wrote:
All I am advocating is that if ever another draft standard comes
along to enable people to try and make s
On Thu, Jul 16, 2015 at 07:59:14AM +0200, Tore Anderson wrote:
> * Owen DeLong
>
> > > On Jul 15, 2015, at 08:57 , Matthew Kaufman wrote:
> > > This is only true for dual-stacked networks. I just tried to set up
> > > an IPv6-only WiFi network at my house recently, and it was a total
> > > fail
On Fri 2015-Jul-17 12:36:51 -0400, Chuck Anderson wrote:
On Thu, Jul 16, 2015 at 07:59:14AM +0200, Tore Anderson wrote:
* Owen DeLong
> > On Jul 15, 2015, at 08:57 , Matthew Kaufman wrote:
> > This is only true for dual-stacked networks. I just tried to set up
> > an IPv6-only WiFi network
On Fri, Jul 17, 2015 at 10:47:38AM +, Wolfgang Tremmel wrote:
>
> > On 17.07.2015, at 12:03, Mark Tinka wrote:
> >
> > Some countries I know do this for their exchange points. But
> > by-and-large, it is not scalable. Same goes for AS_PATH lists for peering.
>
> it does scale.
> We do this
P
Bob Watson
> On Jul 17, 2015, at 10:14 AM, Dennis B wrote:
>
> To Ramy,
>
> Thank you for the acknowledgement. DDoS Mitigation service providers,
> regardless if its pure cloud, hybrid cloud, or CPE only, all face these
> challenges when it comes to DDoS Attacks.
>
> Can you restate your
FYI, My Note 4, With APN nextgenphone doesn't have IPv6 in Cocoa Florida
(Central Florida region)
Nick Olsen
Network Operations (855) FLSPEED x106
From: "Jared Mauch"
Sent: Wednesday, July 15, 2015 6:38 PM
To: "Jake Khuon"
Cc: "North American
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-st...@lists.apnic.net
For hi
On Wed, 15 Jul 2015 19:54:37 -0400, Joe Maimon said:
> This objection hinges on the assumption that if there is even ONE host
> on the network that will not accept that address, then the entire effort
> was a waste.
"if there's even ONE host" isn't the assertion, so do us a favor and don't
claim
Robert Drake writes:
> On 7/17/2015 4:26 AM, Alexander Maassen wrote:
> > Well, this block also affects people who have old management hardware
> > around using such ciphers that are for example no longer supported. In my
> > case for example the old Dell DRAC's. And it seems there is no way to
>
>making 99% of the web secure is better than keeping an old 1% working
A fine idea, unless for $reason your application is among the 1% .. nevermind
the arrogance of the "I'm sorry Dave" sort of attitude.
As an example .. we have a vendor who, in the current release (last 3 months)
still requir
* michael.holst...@csuohio.edu (Michael O Holstein) [Fri 17 Jul 2015, 21:14
CEST]:
making 99% of the web secure is better than keeping an old 1% working
A fine idea, unless for $reason your application is among the 1% ..
nevermind the arrogance of the "I'm sorry Dave" sort of attitude.
Why do
(Sorry Michael for the duplicate, forgot to press reply all :P)
No problem making the web more secure, but in such cases I think it would
have been better if you could set this behaviour per site, same as with
'invalid/self signed certs'. And in some cases, vendors use weak ciphers
because they al
>Why do you upgrade your management systems asynchronously to your
>applications? You bring this on yourself.
Perhaps, but SaaS "management systems" are out of our control. They TELL us
when they upgrade, they do not ASK. A web browser isn't really an application,
you can't wait to upgrade.
Re
Yes, the config option in FF is global .. I'm sure it could be done with an
extension though.
The 'el cheapo' solution that comes to mind is use a Rasberry Pi with dual
ethernet (second via USB) and run Nginx on it .. secure out the front, insecure
out the back. It'd cost you something like $50
This report has been generated at Fri Jul 17 21:14:51 2015 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/2.0 for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 09-Jul-15 -to- 16-Jul-15 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS9829 216684 5.0% 170.9 -- BSNL-NIB National Internet
Backbone,IN
2 - AS21669
On Fri, 17 Jul 2015 06:25:26 -0400, Christopher Morrow
wrote:
mean that your UBee has to do dhcpv6? (or the downstream thingy from
the UBee has to do dhcpv6?)
The Ubee "router" is in bridge mode. Customers have ZERO access to the
thing, even when it is running in routed mode. So I have no i
On Fri, Jul 17, 2015 at 10:26:22AM +0200, Alexander Maassen wrote:
> Ok, it is good to think about security, but not giving you any chance to
> make exceptions is simply forcing users to use another browser in order to
> manage those devices, or to keep an old machine around that not gets
> updated
On Fri, Jul 17, 2015 at 07:14:17PM +, Michael O Holstein wrote:
> >making 99% of the web secure is better than keeping an old 1% working
>
> A fine idea, unless for $reason your application is among the 1% ..
> nevermind the arrogance of the "I'm sorry Dave" sort of attitude.
First they came
Weak ciphers? Old (insecure) protocol versions? Open security issues? Vendor
will never provide a patch? Trash goes in the trash bin, no exceptions.
46 matches
Mail list logo
