Hi Dan!
> On 21 Feb 2020, at 20:22, Dan Wing wrote:
>
> There are choices, such as making connection initiation, connection
> acceptance, and connection termination parsable by network elements on the
> path so state can be established, maintained, and cleared, DoS can be
> identified, and so
:21, Matthew Petach wrote:
>
>
>
>
>> On Fri, Feb 21, 2020, 13:31 Łukasz Bromirski wrote:
>>
>> [...]
>>
>> Now… once we are aware, the only question is — where we go from here?
>>
>> —
>> ./
>
>
>
> Well, it'
Hugo,
> On 23 Mar 2020, at 01:32, Hugo Slabbert wrote:
>
> I think that's the thing:
> Drop cache boxes inside eyeball networks; fill the caches during off-peak;
> unicast from the cache boxes inside the eyeball provider's network to
> subscribers. Do a single stream from source to each "repl
e real person on the
other side of table and not her/his cert(s), good chat and
questions will remove all doubts. Everyone has to start
somewhere and make those first errors, and being ‘expert’
doesn’t mean you’re not making them anymore.
--
Łukasz Bromirski
CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A
setup similar box with IOS-XR and/or with IPv6.
--
Łukasz Bromirski
CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A
> On 5 Aug 2020, at 03:25, Jared Geiger wrote:
>
> You can also launch a VM in your lab
> https://stubarea51.net/2016/01/21/put-50-bgp-routes-in-
Ah, one more thing:
> On 5 Aug 2020, at 20:01, Łukasz Bromirski wrote:
>
>
> …or you can do next best thing. Which is use AS 65001 and connect your router
> to AS 65000 under 94.246.173.181.
>
> Please note that’s just test instance, and it has conservative timers
Blazej,
> On 5 Aug 2020, at 23:13, Blažej Krajňák wrote:
>
> Hi Lukasz,
>
> your feed is working well. Feed from Poland to me to Slovakia is better than
> expected :) It's my first live BGP full feed ever so I really appreciate you.
> Will this instance run for a longer time?
Yep. I have no r
Aaron,
> On 3 Sep 2020, at 20:05, aar...@gvtc.com wrote:
>
> I have a functional mpls-te test running, seems fine…but, question about
> bandwidth reservations please.
>
> At the Headend router, I set bandwidth on my mpls-te tunnel, but I can’t for
> the life of me, find where in the network i
Mark,
> On 16 Sep 2020, at 10:32, Mark Tinka wrote:
>
> On 15/Sep/20 19:00, aar...@gvtc.com wrote:
>
>> Sorry guys, I'm not aware of much of what you mention as far as agenda,
>> vendor motive, and hardware support, etc
>
> I'm not shy... this would be Cisco.
And that’s fine. The fact t
g times.
[1]. https://www.cyberscoop.com/australia-encryption-backdoors-law-passes/
[2].
https://www.wsj.com/articles/eus-top-court-restricts-personal-data-transfers-to-u-s-citing-surveillance-concerns-11594888385
--
Łukasz Bromirski
CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A
NANOGers,
Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)
Topic is '[#WHB-257-41491]: Re: XX’ where is subject taken
from last e-mail.
I understand there’s
.supp...@csvwebsupport.com’).
Let me unblock them again and see if they’ll continue doing so,
hopefully I’ll be able to help.
I’m sending this email just to (hopefully) trigger the same
behavior, and will follow up with you separately.
Apologies for the noise for the rest of subscribers.
--
Ł
Hi Randy,
> On 22 Sep 2020, at 00:14, Randy Bush wrote:
>
>> I already taught my SpamAssasin and then deleted them
>
> :0
> * ^From:.*@csvwebsupport.com
> | /usr/bin/mail -s 'Screw You' dating.supp...@csvwebsupport.com <
> ~/screw-you.txt
I’m using different technique. I like tarpitting such
Dear NANOGers,
If you’re looking for live, full BGP v4 & v6 feed for your lab or
a bit of testing before going live, I just shared a short post on
how to get it:
https://lukasz.bromirski.net/post/bgp-w-labie-3/
Happy BGPing,
--
Łukasz Bromirski
CCIE R&S/SP #15929, CCDE #2012::17, PG
Dual homing won’t help you if your automation template will do „no router bgp
X” and at this point session will terminate as suddenly advertisement will be
withdrawn…
It won’t you either if the change triggers some obscure bug in your BGP stack.
I bet FB tested the change on smaller scale and
…like a, say, „single pane of glass”? ;)
--
./
> On 5 Oct 2021, at 06:25, Mark Tinka wrote:
>
>
>
>> On 10/4/21 21:55, Nick Hilliard wrote:
>>
>> Nearly 30 years on, this is still the state of the art.
>
> Not an unlike an NMS... still can't walk into a shop and just buy one that
> wo
coded "handmade automation
solutions" will break. And I believe that's closer to what Masataka was trying
to convey.
—
Łukasz Bromirski
> On 9 Feb 2022, at 14:23, Mark Tinka wrote:
>
>> On 2/9/22 15:00, Masataka Ohta wrote:
>>
>>
>> Wrong. It is n
words, the fact that given architecture can’t forward "wire-rate"
of 64B traffic doesn’t mean that it can’t apply QoS for IMIX pattern
at wire-speed. Forwarding engine is usually different part of
hardware than services, more often than not decisions are totally
independent to speed up pr
k. In the 3.10-3.12S era I believe
it was still possible to fit (without the SSO) full tables
in RAM and be fine.
As Nick just responded, it’s faster to source the RAM or modify
the config to cut down on number of BGP prefixes rather than
ping back and forth here discussing all the possibi
Blake,
> On 04 May 2016, at 00:23, Blake Hudson wrote:
>
> Łukasz Bromirski wrote on 5/3/2016 4:13 PM:
>>> On 03 May 2016, at 22:31, William Herrin wrote:
>>>
>>> On Tue, May 3, 2016 at 3:50 PM, Gustav Ulander
>>> wrote:
>>>> Yes I
outside of town called "our current version RFC".
--
Łukasz Bromirski
for any
production deployment,
not to mention rights/licenses to do it.
—
Łukasz Bromirski
teral/switches/catalyst-9500-series-switches/datasheet-c78-738978.html
<https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9500-series-switches/datasheet-c78-738978.html>
Nexus 7k supports MPLS with LDP while Nexus 9k supports MPLS but
with SR (IGP) or BGP-LU (no LDP support
> On 31 Jan 2019, at 20:28, Roel Parijs wrote:
>
> Hello NANOG,
>
> To minimize the impact of DDoS, I have setup RTBH.
> For our own customers, we can set the RTBH community ourselves towards our
> transit suppliers and this works well.
>
> For our BGP customers the problem is more complex.
tering + NetFlow based QoS policies, or shunt to
dedicated DDoS filtering boxes.
Adding state where it’s not needed, is sign of bad design. And just
because a lot of people do that, doesn’t make it any better.
--
"There's no sense in being precise when | Łukasz Bromir
have had happened.
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
signature.asc
Description: Message signed with OpenPGP using GPGMail
atter how many neighbors you have, the FIB
will only contain best paths, so it will be closer to 500k entries in
total rather than N times number of neighbours.
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking |
efixes overall.
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
QFP memory usage that is).
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
down to for example
(I've made this completely up) 200k prefixes and still having
ability to traffic engineer the paths between the source and destination
almost at the levels of having all 4M prefixes in FIB is very compelling
reason to deploy LISP.
--
"There's no sense in being pr
menting it in the hardware) can't change the fundamental
difference - sFlow is really sPacket, as it doesn't deal with flows.
NetFlow, jFlow, IPFIX deal with flows. You can discuss sampling
accuracy and things like that, but working with flows is more accurate.
--
"There's no s
On 7/14/12 11:15 AM, Mikael Abrahamsson wrote:
On Sat, 14 Jul 2012, Łukasz Bromirski wrote:
NetFlow, jFlow, IPFIX deal with flows. You can discuss sampling
accuracy and things like that, but working with flows is more accurate.
If you do 1:1000 sampling with both Netflow and sFlow, why would
> On 31 Dec 2015, at 01:54, Jimmy Hess wrote:
>
>> On Tue, Dec 29, 2015 at 1:29 PM, Mel Beckman wrote:
>> Amazing what the proprietary appropriation of a single Word can do :)
>
> Yes I'm quite bothered by that. As far as I'm concerned "Router
> OS" refers to whatever operating system
can't be aggregated (considering the AS path). Simply
> dropping them would result in less optimal routing.
If you have to filter somewhere on something, I’d rather try to filter
by AS_PATH (neighbors, etc) than prefix lengths.
--
"There's no sense in being precise when |
> On 06 Jun 2015, at 02:26, Jared Mauch wrote:
>
>
>> On Jun 5, 2015, at 7:13 PM, John Fraizer wrote:
>>
>> Head of line for CCIE / JNCIE but knowledge and experience trumps a piece
>> of paper every time!
>
> Can you please put these at the back of the line? My experience is that
> the cis
n it on 2500 and 2600 as they're for long time
End of Life/Engineering/Support/Everything.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end." | http://lukasz.bromirski.net
is
not, but for such discussions it would be better to move to cisco-...@.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end." | http://lukasz.bromirski.net
x27;re doing hardware forwarding
and you're pretty safe [unfortunately often with a lot of caveats,
but still], or you're doing software forwarding and you have
a nice attack vector open for anyone willing)
--
"Everything will be okay in the end. | Łukasz Bromirski
I
ose who subscribe it and did care.
But I see that conspiracy theory looks nicer.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end. | http://lukasz.bromirski.net
s anything special - L3 is all in software).
For both 4948/4948-10GE and 4900M L3 is in hardware. For
4948/4948-10GE IPv6 is in software, for 4900M it's in hardware.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it&#x
k this question again on cisco-nsp@, this isn't
a 'product/vendor selection list'.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end. | http://lukasz.bromirski.net
f to become DDoSed. You can't discuss
the logic of that, you can only throw more capable boxes and of course
fail at some point.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end. | http://lukasz.bromirski.net
poof next-hop, AS, etc. As for the attribute
manipulation, fire up a couple of VMWare/VirtualBox/vimage instances
with quagga/openbgpd to accept the prefixes from bgpsimple and
mangle them in some manner.
Here you go.
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end. | http://lukasz.bromirski.net
t. The question is how
soon 1/8 will have interesting content to serve, as I know at least
one popular hotel chain in Europe using "1.1.1.1".
--
"Everything will be okay in the end. | Łukasz Bromirski
If it's not okay, it's not the end." | http://lukasz.bromirski.net
ral/ex-series-l3-protocols-not-supported.html
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
s for such functionality.
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
rld of hardware-forwarding platforms.
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromir...@jabber.org
about." John von Neumann |http://lukasz.bromirski.net
48 matches
Mail list logo
