Re: Where do your 911 fees go and why does 911 fail

Yeah there wasn't a lack of options for fail over. I suspect there was a lack of care to plan or test for them by many parties. Regardless, I personally have backed off really blaming bell for this one other than the cell towers going down. If you can't happily lose a campus for a week, it's the de

Re: New minimum speed for US broadband connections

The co op electric serving my families house in bfe tn that doesn't have either sewer or cable managed to run hard fiber for dirt cheap to all their subscribers. Its clear from that the problem isnt can't, it's won't. Setting the bar so low that podunk wifi 300k links that barely have more backhaul

Re: massive facebook outage presently

You laugh but that kind of sounds like what happened so far as oops we isolated prod and are scrambling on DR. There was someone supposedly live tweeting from their incident response for a bit before their account panic deleted. On Mon, Oct 4, 2021, 13:42 Baldur Norddahl wrote: > I got a mail th

Re: massive facebook outage presently

If there isn't an undernetwork capable of being backdoored with the proper keys (I'd be shocked if there isn't - the big players have very good infra and DR people), I suspect there will be one soonish. It doesnt do much good to have DR plans and keys otherwise if you can't even get to the locks w

Re: DNS pulling BGP routes?

Yes, it really is common to announce sink routes via bgp from destination services / proxies and to have those announcements be dynamically based on service viability. On Wed, Oct 6, 2021, 12:56 Jared Mauch wrote: > This is quite common to tie an underlying service announcement to BGP > announce

Re: Best Linux (or BSD) hosted BGP?

I'm confused here, are you intentionally running larger MTU interfaces than the packet filter can handle with default config, and not wanting to change the tunable to fix the config for buffer size for the packet filter, or am I misreading? On Wed, May 10, 2023 at 11:51 PM Mark Tinka wrote: > >

Re: CDN, Steam, Origin and NAT.

It really depends on how stupid the nat device is. If the mappings are global you're looking at about 200 per user, if they aren't you're no where near an issue. Either way you're likely fine unless everyone tries to torrent at once On Thu, Apr 21, 2016 at 9:07 AM, Steve Mikulasik wrote: > I do

Re: Major IX bandwidth sharing

Not to mention the sharer's traffic will be impacted by said DoS... On Thu, Apr 21, 2016 at 1:43 PM, Max Tulyev wrote: > They fight with DDoS, so it means every month 95% traffic will be full 100G. > > On 21.04.16 22:40, Pavel Odintsov wrote: >> If they could offer 95th percentile usage no more t

Re: Comcast IPv6 PD Centos

I've tried to get it to work in the past, and finally just switched to a different platform for my "firewall". It's just really really broken in RHEL6/7 derivatives to try to get dhcp-pd to work properly without a lot of jank and external script hooks that are fragile at best without writing someth

Re: DHCPv6-PD -> Lack of route injection in RFC

Isn't this the topic area that the home networking working group was supposed to resolve? On Tue, Sep 26, 2017 at 2:02 PM, Lee Howard wrote: > > > On 9/23/17, 1:51 AM, "nanog-boun...@nanog.org on behalf of > valdis.kletni...@vt.edu" valdis.kletni...@vt.edu> wrote: > >>On Sat, 23 Sep 2017 08:47:3

Re: Google DNS intermittent ServFail for Disney subdomain

And it is believed that sold end user devices wouldn't just be required to implement this blacklist themselves? This is reminding me of the xkcd coming with the encryption and the wrench. On Wed, Oct 25, 2017 at 10:53 AM, Jean-Francois Mezei wrote: > On 2017-10-25 13:05, Matthew Pounsett wrote: >

Re: IPv6 Routing table will be bloated?

On Tue, Oct 26, 2010 at 14:20, George Bonser wrote: > > > > -Original Message- > > From: Jack Bates [mailto:jba...@brightok.net] > > On 10/26/2010 1:01 PM, Randy Carpenter wrote: > > > > > > Wait... If you are issuing space to ISPs that are multihomed, they > > > should be getting their o

Re: IPv6 Routing table will be bloated?

On Tue, Oct 26, 2010 at 14:45, George Bonser wrote: > > > > Shared hosting ISPs also do not make subdelegations and generally > don't > > even uses the ips on a one-specific-customer-per-ip basis. > > But how do they multihome without an ASN? > If they have an ASN, how did they get it without goi

Re: IPv6 Space Management. Tracking, not Allocating

We ended up writing our own package, which we may end up offering commercially when it is polished enough. One of the perks of having a web development branch. -Blake

Re: Earthlink MX from *Earthlink* dynamic IPs blocked?

On Fri, Dec 3, 2010 at 17:29, Michael Thomas wrote: > On 12/03/2010 03:22 PM, Jay Ashworth wrote: > >> I'm trying to get my sister's MythTV DVR to send her a daily email with >> its >> recording schedule. Earthlink is apparently blocking the email because >> it's >> coming from a dynamic address

Re: Over a decade of DDOS--any progress yet?

On Mon, Dec 6, 2010 at 01:50, Sean Donelan wrote: > > February 2000 weren't the first DDOS attacks, but the attacks on multiple > well-known sites did raise DDOS' visibility. > > What progress has been made during the last decade at stopping DDOS > attacks? > > SMURF attacks creating a DDOS from

Re: Collos in Memphis, TN and Louisville, KY?

If you're looking in Memphis, I would at least try WorldSpice, it is an independent based out of Memphis that I have had a good bit of experience with, know the owner, etc. I say try because I have not personally seen their new data facility, so I cannot affirm what the new space looks like. -Blak

Re: TWC (AS11351) blocking all NTP?

On the contrary, I encourage all competitors to block protocols indiscriminately, especially ipv4 UDP. Nothing bad could ever come of that! -Blake On Tue, Feb 4, 2014 at 12:29 AM, Doug Barton wrote: > On 02/03/2014 05:10 PM, Majdi S. Abbas wrote: > >> NTP works best with a diverse set

Re: carrier comparison

I use Cogent as well, no real issues other than I wouldn't single home to them. Personally, I don't understand why someone would depend on a single provider for connectivity however... -Blake On Thu, Feb 6, 2014 at 3:22 PM, Matthew Crocker wrote: > > > IMHO Cogent bandwidth is fine so long as

Re: OpenNTPProject.org

Peer means it considers the other side an equal and they will mutually skew time together. If you have peer on for devices you don't consider your time servers, you're opening yourself up to problems. -Blake On Mon, Feb 17, 2014 at 9:14 AM, Pete Ashdown wrote: > On 2/17/14, 7:26 AM, George, We

Re: OpenNTPProject.org

server ntp.colby.edu minpoll 6 maxpoll 10 iburst > server bonehed.lcs.mit.edu minpoll 6 maxpoll 10 iburst > > > > > > On 2/17/2014 10:28 AM, Blake Dunlap wrote: > > Peer means it considers the other side an equal and they will mutually > skew > > time together. If you have peer on for devices you don't consider your > time > > servers, you're opening yourself up to problems. > > > > -Blake > > >

Re: valley free routing?

The AS I worked at back in the day did to a degree for willing parties. Mostly small ISPs who all knew each other. We had at the time 3 regional hub locations with interlinks, and peered settlement free with 2 - 3 ASs in 1 of the locations, and 1-2 ASs each in the other 2 locations, all of which co

Re: BGP attributes through IGP

Mpls, GRE, line gun... At some point, you want to stop beginning technical designs with "Doctor! Doctor! It hurts when I do this. What can I do?" The answer doesn't generally change, no matter how many times it's asked. -Blake On Thu, Mar 6, 2014 at 6:19 PM, Glen Turner wrote: > > Saku Ytti

RE: Level 3 blames Internet slowdowns on ISPs' refusal to upgrade networks | Ars Technica

I see this argument, and then I remember working for a company that happily sold 6 and 12 meg dsl from a dslam that was backhauled by a 3mb pair of t1s. There needs to be some oversight that it is at least possible / likely to reach a reasonable expectation of normal destinations with the service

Re: BGPMON Alert Questions

Saw this as well on my blocks. Is this malicious or did someone redistribute all of bgp with bad upstream filtering? On Wed, Apr 2, 2014 at 3:16 PM, James Laszko wrote: > I have someone from cat.net.th on the phone and he doesn't speak a lot of > English and I don't speak any Thai. He kne

Re: We hit half-million: The Cidr Report

Just out of curiosity, how does removing port address translation from the equation magically and suddenly make everything exposed, and un-invent the firewall? -Blake On Tue, Apr 29, 2014 at 11:00 PM, Jeff Kell wrote: > On 4/29/2014 11:37 PM, TheIpv6guy . wrote: >> On Tue, Apr 29, 2014 at 7:54 P

Re: US patent 5473599

Except for that whole mac address thing, that crashes networks... -Blake On Wed, May 7, 2014 at 8:03 PM, Constantine A. Murenin wrote: > On 7 May 2014 17:56, wrote: >> On Wed, 07 May 2014 17:10:32 -0700, "Constantine A. Murenin" said: >> >>> Also, would you please be so kind as to finally expl

Re: Observations of an Internet Middleman (Level3) (was: RIP Network Neutrality (was: Wow its been quiet here...

This is a lot of hand waving and self justification to attempt to validate the practice of [Access Network] trying to charge 3rd party entities to deliver the content that [Access Network]'s paying customers have requested over the service they already pay for, instead of [Access Network] having to

Re: Odd syslog-ng problem

I use kibana / elasticsearch -Blake On Sat, May 10, 2014 at 2:15 PM, Anurag Bhatia wrote: > Another off topic (question) - what kind of fronted UI you use with > syslog-ng? I see log analyser based on PHP is common. In my tests it worked > fine but it’s major issue I saw was that I couldn’t so

Re: level3 dia egress filtering?

I would personally look at leaving Level 3 over that kind of response. I consider it basic service to throw a 1 line acl on an interface temporarily in exceptional circumstances. Transit guys can argue if they wish, but it won't change my expectations as a customer. Eventually I'll find a carrier t

Re: Observations of an Internet Middleman (Level3)

And the "unbalanced" peers / transit? -Blake On Thu, May 15, 2014 at 11:41 AM, McElearney, Kevin wrote: > This is a smart group. If if that was true I think every internet site / > service one visits from home would be a negatively impacted. That is not the > case > > As I said before, Comcas

Re: Observations of an Internet Middleman (Level3) (was: RIP Network Neutrality

I agree, and those peers should be then paid for the bits that your customers are requesting that they send through you if you cannot maintain a balanced peer relationship with them. It's shameful that access networks are attempting to not pay for their leeching of mass amounts of data in clear vio

Re: Large DDoS, small extortion

Most of us wish we didn't. There are so much more productive ways to spend the day than fighting a determined and adaptive attacker. -Blake On Thu, May 22, 2014 at 10:20 PM, Roland Dobbins wrote: > > On May 23, 2014, at 3:38 AM, Barry Shein wrote: > >> Some real life experience and results, cas

Re: Verizon Public Policy on Netflix

Last I checked, it is eyeball network responsibility to adequately provision their transit capacity to support the demand of their customers, or find alternate solutions for the customers to be able to receive the service they are paying for (internet bandwidth to/from the sites they choose to visi

Re: Net Neutrality...

Reality has a well-known liberal bias -Blake On Tue, Jul 15, 2014 at 7:35 AM, Graham Donaldson wrote: > On 2014-07-15 13:24, Ray Soucy wrote: >>> >>> My main gripe with Netflix is overly liberal bias. >> >> >> Well that escalated quickly. > > > You're right, I should have kept my mouth shut. So

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

This is a lot of why I have a lot of respect for the wireless guys I know or have met that clearly know their wireless, even if some of them are wingnuts outside of the wireless domain. Wireless is Hard(tm), and doesn't really overlap a lot with other ISP knowledge sets. -Blake On Tue, Jul 15, 20

Re: Muni Fiber and Politics

My power is pretty much always on, my water is pretty much always on and safe, my sewer system works, etc etc... Why is layer 1 internet magically different from every other utility? -Blake On Mon, Jul 21, 2014 at 1:38 PM, William Herrin wrote: > On Mon, Jul 21, 2014 at 10:20 AM, Jay Ashworth

Re: unqualified domains, was ICANN to allow commercial gTLDs

Now I'm tempted to be the guy that gets .mail On Fri, Jun 17, 2011 at 20:47, Jay Ashworth wrote: > - Original Message - > > From: "John Levine" > > > >The notion of a single-component FQDN would be quite a breakage for > > >the basic concept of using both FQDNs and Unqualified names. >

Re: Comcast Bussiness Class and GRE Tunnels

Good luck. My experience with GRE over comcast business was a *nightmare*. The web interface seems like it has a random roll to corrupt the firewall config when doing any GRE config, and you must get level 2 support to fix it each time using a l2 only CLI. -Blake

Re: dynamic or static IPv6 prefixes to residential customers

Or, alternately, don't care what your printer's ridiculously long IPv6 IP is at this moment, (ULA/GUA/assigned: it really doesn't matter) and use mdns like normal people. Otherwise we're ignoring the forest for the trees, I don't expect to try to explain to my grandma how to type in 2001:45ea:344b:

Re: ISP support for use of 4-byte ASNs in peering

Aren't there still community issues with 4 byte ASN space as well that have not been resolved? -Blake

Re: wet-behind-the-ears whippersnapper seeking advice on building a nationwide network

> 'Dear dedicated server customer, we're taking away your IPs, please don't > be angry with us even though it will cost you untold hours of work to hunt > down all the tiny implications of renumbering. Never mind the lost business > it might cause if you miss something.' > > 'Dear internet access

Re: wet-behind-the-ears whippersnapper seeking advice on building a nationwide network

On Sat, Sep 17, 2011 at 12:06, Joel jaeggli wrote: > . > > The ARIN community is easily it's own worst enemy. > > Not to mention the difficulty of actually getting a provider to let you announce their PA IP space to other providers if you already are / want multihoming. I just got turned down by

Re: Writable SNMP

Yes, Site Mangler. Do not stir that nest. Thar be dragons. -Blake On Tue, Dec 6, 2011 at 11:35, Justin M. Streiner wrote: > On Tue, 6 Dec 2011, Jared Mauch wrote: > > I recall some bay networks gear you could only program with the proper OID >> as the cli was basically a SNMP-SET operation on t

Re: "Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications"....

Hadn't thought about it that way before. This was a useful bit of info, thanks. -Blake On Thu, Nov 29, 2012 at 8:55 AM, William Herrin wrote: > On Thu, Nov 29, 2012 at 9:01 AM, Ray Soucy wrote: > > You should store IPv6 as a pair of 64-bit integers. While PHP lacks > > the function set to do

Re: OOB core router connectivity wish list

I absolutely agree that USB is a bad way to go with this, as well as web management. I have no interest in trying to use some terrible web app to bring a network back up when simple 300 baud would suffice. I've got no problem with telnet/ssh, although I hate the idea of needing to know an ip addre

Re: Interesting debugging: Specific packets cause some Intel gigabit ethernet controllers to reset

Wow, you just solved my issue with my firewall. On Wed, Feb 6, 2013 at 2:33 PM, Kristian Kielhofner wrote: > Over the year I've read some interesting (horrifying?) tales of > debugging on NANOG. It seems I finally have my own to contribute: > > http://blog.krisk.org/2013/02/packets-of-death.htm

Re: Any experience with Grandstream VoIP equipment ?

My experience: we called them the princess phones. They were useful for people who wanted really big buttons, and didn't care if the phones worked half the time. I wouldn't use them unless you have a specific reason to. On Fri, Feb 8, 2013 at 7:38 AM, Jay Ashworth wrote: > You should try the v

Re: Any experience with Grandstream VoIP equipment ?

As another reference point, I really liked the sipura atas, they were my personal favorite as far as the gear we used. I don't know how well that translates to after the linksys takeover though, as I haven't done voice gear in a few years. -Blake On Mon, Feb 11, 2013 at 8:13 AM, Nathan Anderson

Re: The 100 Gbit/s problem in your network

You could make far more connecting your awesome prediction software to the stock market, than using it to figure out what specific content people are going to watch to cache before they decide to watch it... And if you don't have said awesome software, then how do you propose to limit the bandwidt

Re: Can the L1 provider offer L2 services?

I don't know, I see FCFS as a bad constraint in a lot of situations... Rather just see true separation between conduit and carrier and not have to worry about it. -Blake On Fri, Feb 15, 2013 at 8:55 PM, Jay Ashworth wrote: > - Original Message - > > From: "Owen DeLong" > > > > With B

Re: Comcast NOC - issues to/from AS13331 (Seattle)

If you search the nanog archives for Comcast, you'll see a long history of discussions like this one, and the suspected/supposed reasons for their behavior in relation to the rest of the net. -Blake

Re: Data Center Installations

On Wed, May 1, 2013 at 7:04 PM, Warren Bailey < wbai...@satelliteintelligencegroup.com> wrote: > Bring your lacing skills Flex cross twist knot flex cross twist flex cross twist knot flex cross twist... -Blake

Re: Headscratcher of the week

I agree with previous poster, table size progression and corresponding increase in search delay, probably related directly to the monitoring itself, or at least a connection state of some kind. On Fri, May 31, 2013 at 7:40 PM, Jake Khuon wrote: > On 31/05/13 17:30, Brett Frankenberger wrote: >

Re: Linux Centralized Administration

I run spacewalk (as mentioned above), and have for some time. Once you get the errata importing set up, it's pretty much full RHN. -Blake

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

On Wed, Feb 1, 2012 at 15:00, George Bonser wrote: > > So, to pose the obvious question: Should there be? > > > > (I honestly don't know the answer is to this question, and am asking in > > earnest for opinions on the subject) > > > > Nathan > > > > > > Well, calling the law on someone is kind of

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

On Wed, Feb 1, 2012 at 15:21, George Bonser wrote: > > The problem is no one will actually blacklist a big ASN because its not > > in the individual best interest, which scales greatly with size. RPKI > > is pretty much the only real fix for this if the chain until the major > > carrier refuses t

Re: The day SORBS goes away ...

Generally when faced with SORBS related blocking, I have found it far more effective to contact the receiving side and show them the ample Google history about SORBS and the effect it has on their ability to receive email their customers/employees have requested, and have them either change their e

Re: Level 3 BGP Advertisements

On Wed, Aug 29, 2012 at 2:56 PM, Nick Olsen wrote: > I hear you guys, It's done that way for a bit of traffic steering. > > If I could get away with just the aggregates I would, Trust me. > > Nick Olsen > Network Operations (855) FLSPEED x106 > > > From:

Re: Level 3 BGP Advertisements

> If you have provided addressing from your aggregate to your customer and > they have indicated that they are multi-homing, you need to preserve their > prefix-length in your outbound advertisements, or the redundant provider > carries the inbound traffic. Is this also frowned on? To me, this is

Re: XO outage in NJ/NY?

I suggest subscribing to outages. They are chatting about such a fiber cut, and are generally the place to look for major outage level events like the below. -Blake On Thu, Aug 30, 2012 at 3:10 PM, chris wrote: > Anyone heard anything about an XO fiber cut in northeast? We have had a > bunch of

Re: Redundant Routes, BGP with MPLS provider

I'd prefer to trust / get the provider to do the right thing over losing the 40 mtu points and all the associated headache therein. -Blake On Fri, Aug 31, 2012 at 11:33 AM, wrote: > I work for an MPLS provider, so I guess I tend to trust them ;) > > Bill > > -Original Message- > Fro

Re: Color vision for network techs

On Fri, Aug 31, 2012 at 1:33 PM, wrote: > On Fri, 31 Aug 2012 11:27:28 -0700, JC Dill said: > > > So if you DO decide to test for color vision, make sure you know your > > rights and responsibilities for handling any employee or applicant who > > fails the test. > > There's something to be said f

Re: IPv6 Ignorance

On Mon, Sep 17, 2012 at 9:55 AM, Adrian Bool wrote: > > I don't really agree with the "IPv6 think" concept - but let's put that > aside for now... > > The default allocation size from an RIR* to an LIR is a /32. For an LIR > providing /48 site allocations to their customers, they therefore have

Re: Anyone from Verizon/TATA on here? Possible Packet Loss

This is not the proper way to interpret traceroute information. Also, 3 pings is not sufficient to determine levels of packet loss statistically. I suggest searching the archives regarding traceroute, or googling how to interpret them in regards to packet loss, as what you posted does not indicate

Re: Eaton 9130 UPS feedback

As a side note, how do you call a UPS "online" if it stays on bypass most of the time, and throws out of "bypass" to go to battery? On Tue, Nov 13, 2012 at 2:27 PM, Mike A wrote: > On Tue, Nov 13, 2012 at 11:59:18AM -0800, Seth Mattinen wrote: > > Does anyone use Eaton 9130 series UPS for anyth

Re: NTP Issues Today

That's what happens when you just follow vendor recommendations blindly. If you do follow that on vm's (which can actually be a good practice), make sure they pull from your own time infrastructure, and not just the world at large, and that those servers behave in a sane fashion with regard to time

Re: A multi-tenant firewall for an MSSP

Since no one else has mentioned it, I'll dive on that fire. Be careful when setting up a multi-tenant security solution that you are not accidentally selling "DoS as a Service" to your clients. State is evil, and state sharing with other targets is dangerous. Target sharing with other targets that

Re: Level(3) ex-twtelecom midwest packet loss (4323)

I'll just leave this here https://honestnetworker.wordpress.com/2013/11/04/the-true-meaning-behind-most-rfos/ On Fri, Aug 28, 2015 at 8:26 AM, Jason Canady wrote: > Mike, I would take it to mean someone screwed something up and they don't > want to admit to it. :-) That's just a guess. > >

Re: improved NANOG filtering

Please stop using this as an opportunity to spam your commercial anti-spam list ffs On Mon, Oct 26, 2015 at 11:38 AM, Rob McEwen wrote: > On 10/26/2015 12:06 PM, Job Snijders wrote: >> >> I expect some protection mechanisms will be implemented, >> rather sooner then later, to prevent this sty

Re: yarr - Yet Another Route Server Implementation [WAS: Euro-IX quagga stable download and implementation]

http://xkcd.com/927/ On Mon, May 4, 2015 at 7:05 AM, Sebastian Spies wrote: > sorry, for the double post. dmarc fuckup... > > Hey there, > > considering the state of this discussion, BIRD seems to be the only > scalable solution to be used as a route server at IXPs. I have built a > large code ba

Re: IP DSCP across the Internet

If there isn't a specific peering agreement which sets up DSCP marks with your Z side, you're going to have a bad time doing anything other than remarking to 0. -Blake On Tue, May 5, 2015 at 6:35 PM, Tim Jackson wrote: > In general there are very few bad actors here in regards to > trusting/acce

Re: Low Cost 10G Router

good, cheap, built by someone else pick 2 On Wed, May 20, 2015 at 9:42 AM, Colton Conor wrote: > So, from the sounds of it most are saying for low cost, the way to go would > be a software router, which I was trying to avoid. To answer the bandwidth > question, we would have three 10G ports

Re: Overlay broad patent on IPv6?

The point is you'd already have a 192 address or something, and it would only grab the external address for a short duration for use as an external PAT address, thus oversubscribing the ip4 pool to users who need it (based on dns). Its still pretty broken, but less broken than you describe. On Mon

Re: net neutrality and peering wars continue

Or alternately: Verizon wishes money to accept data it requested from other vendors, film at 11. It's all in the application of the angular momentum... -Blake On Wed, Jun 19, 2013 at 6:03 PM, Randy Bush wrote: > > Even better by Verizon - > > > http://publicpolicy.verizon.com/blog/entry/unba

Re: net neutrality and peering wars continue

It's only cutting off your nose to spite your face if you look at the internet BU in a vacuum. The issue comes when they can get far more money from their existing product line, than what they get being a dumb bandwidth pipe to their customers. They don't want reasonable or even unreasonable prici

Re: PDU recommendations

Nick, he meant he was using APC PDUs, not APC UPSs with PDU functionality... APC is also the PDU vendor I would recommend. On Sun, Jun 23, 2013 at 6:40 PM, Nick Khamis wrote: > And now for the stupid question. Is there an APC UPS in a U form factor > with sufficient > outlets that can act kin

Re: tools and techniques to pinpoint and respond to loss on a path

Personally I would never expect simple routed connectivity across the public internet to be such a high level of reliability, without at least diverse path tunnels running route protocols internally. While any provider will attempt to fix peer / upstream issues as they can, any SLA you would have

Re: which firewall product?

Well, I guess my first question is: Is this a design you are stuck with for some reason or alternately, is there a good reason for it, and I need to be educated as to real world design? It seems rather odd to put a firewall boundry between a LB and its associated cluster as opposed to in front of t

Re: which firewall product?

ok more to finding a way to make it a truly isolated unit that they could audit personally, instead of a distributed zone with boundaries in the middle. -Blake On Tue, Jul 30, 2013 at 5:39 PM, William Herrin wrote: > On Tue, Jul 30, 2013 at 5:36 PM, Blake Dunlap wrote: > > Well, I g

Re: SNMP DDoS: the vulnerability you might not know you have

This looks like more a security issue with the devices, not border security issues. If you're seeing replies of that size, it means the devices themselves are set up to allow public queries of their information (not secured by even keys), which no one should be comfortable with. People should neve

Re: SNMP DDoS: the vulnerability you might not know you have

nds of devices which respond to the "public" snmp community. > > Thomas > > > > On 13-07-31 10:57 AM, "Blake Dunlap" wrote: > > >This looks like more a security issue with the devices, not border > >security > >issues. > > > >If

Re: SNMP DDoS: the vulnerability you might not know you have

I bet blocking all SYN packets and non related flow UDP packets to customers would be even more effective. Why don't we do that and be done with it instead of playing whack a mole every 3 months when someone finds some new service that was poorly designed so that it can be used to send a flood? Ye

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

I noticed that two of my ASNs are on that list for example with low numbers. I can't fathom how as at least one of them has uRPF implemented on any actual interfaces and no downstreams/peers. -Blake On Thu, Aug 8, 2013 at 12:40 PM, Matthew Petach wrote: > On Thu, Aug 8, 2013 at 10:29 AM, Jared M

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

On a related note, how are you actually getting this data? What you have said previously ( Number of unique IPs that spoofed a packet to me. (eg: I sent a packet to 1.2.3.4 and 5.6.7.8 responded). ) doesn't even make sense. -Blake On Thu, Aug 8, 2013 at 12:51 PM, Jared Mauch wrote: > Oops, I

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

Thanks, this is quite interesting. I never would have expected that kind of behavior. -Blake On Thu, Aug 8, 2013 at 3:37 PM, Jared Mauch wrote: > > On Aug 8, 2013, at 2:07 PM, Blake Dunlap wrote: > > > On a related note, how are you actually getting this data? > &

Re: Looking for a part-time contractor..

The email address you're sending from is for a service that does what you're asking for, and your signature lists you as the CEO, so I guess all I can say is, in the words of Bob: "What would ya say... ya do here?" -Blake On Mon, Aug 12, 2013 at 1:00 PM, Anne P. Mitchell, Esq. wrote: > All, >

Re: How big is the Internet?

I agree, Librarys of Congress / second is the standard notation for bandwidth. -Blake On Thu, Aug 15, 2013 at 11:30 AM, Scott Howard wrote: > You'd almost think this was a technology mailing list given some of the > answers... (ohh.. wait!) > > How about this - the size of the Internet is jus

Re: BGP Route Issues

Local Pref (which is common by the way to be set so customers > peers > transit). AS Path doesn't beat it. You can only request people follow the routes you want ingress, there's nothing you can do to force them to take a path to you short of deaggregation, and that only works until they notice it

Re: Trivium

Without Google, how do you know where anything even *is*? -Blake On Mon, Aug 19, 2013 at 2:38 AM, Larry Sheldon wrote: > http://news.cnet.com/8301-**1023_3-57598978-93/google-** > outage-reportedly-caused-big-**drop-in-global-traffic/

Netscout experiences

Greetings, Anyone out there have experiences with Netscout or any of their nGenius products and wish to share impressions? Currently looking at them in comparison to say Netbrain, NetQoS, smarts, etc. -Blake

Re: TCP Performance

You didn't indicate this, but do you understand how TCP windowing works? This conversation can go two very different ways depending on the answer. To me, it looks like this is what you'd expect, and you need to fix your packet loss issues, which possibly might be QoS settings related (but it's har

Re: IP Fragmentation - Not reliable over the Internet?

And then you have other issues like networks that arbitrarily set DF on all packets passing through them. That burnt a good three days of my life back in the day. -Blake On Tue, Aug 27, 2013 at 9:33 AM, wrote: > On Tue, 27 Aug 2013 00:34:57 -0700, Owen DeLong said: > > That's a lot of question

Re: TCP Performance

This really sounds like you aren't testing the correct flow type in i/jperf, or you have some QoS queues for http traffic but not the perf traffic that are filled. Regardless, your problem looks like either tail drops or packet loss, which you showed originally. The task is to find out where this

Re: TCP Performance

t line rate toward the switch, Which then > buffer overflows sending to the radio on account of it receiving pause > frames? > > > Nick Olsen > Network Operations > (855) FLSPEED x106 > > > > -- > *From*: "Tim Warnock" > *Sen

Re: Evaluating Tier 1 Internet providers

If you don't have secondary connectivity, then I don't suggest going with a Teir 1. Using a peer-only as a transit link is not something I would recommend in general unless you know what you are doing in that regard, and have designed around the inevitable peering issues related to that decision.

Re: Parsing Syslog and Acting on it, using other input too

Since you said you are willing to entertain home grown as well. I would recommend looking at simple event correlator which is a perl script designed to do the kind of thing you are talking about. I've used it in the past to trigger bgp black holing and mail blacklists for example. On Thu, Aug 29,

Re: Evaluating Tier 1 Internet providers

+10 Good explanation. This is a lot of why I have someone like Cogent/L3/etc and some random transit provider in most of my pops I spec, plus a backhaul to another node. On Thu, Aug 29, 2013 at 9:37 PM, Richard A Steenbergen wrote: > On Wed, Aug 28, 2013 at 09:54:28AM -0700, Michael Smith wrote

Re: iOS 7 update traffic

Bit torrent is a way to lighten the load on the originator, and to increase the speed of the acquisition from the receivers. It is not a tool to decrease network load, if anything it does the opposite most of the time. Every now and then, a client will find a local network peer, but its usually an

Re: Filter-based routing table management (was: Re: minimum IPv6 announcement size)

Yes, I was lazy in most of the adaptation, but I think it serves a good starting point for market based suggestions to the route slot problem. Your post advocates a (X) technical ( ) legislative (X) market-based ( ) vigilante approach to fighting spam^H^H^H^H route deaggregation. Your idea will

  1   2   >