In the past couple of years, we deployed CradlePoint IBR650's and
IBR600's (with and without wifi respectively). It's a configurable
mini-router that can also accept wired access. There is an on-board SIM
slot. Downside is that the unit is a bit expensive as a CPE.
Lately we have been deployin
> On Jul 9, 2019, at 9:19 AM, Mark Tinka wrote:
>
>
>
>> On 9/Jul/19 16:18, Ross Tajvar wrote:
>> I think the difficulty lies in appropriately marking the traffic. Like
>> Joe said, the IPs are always changing.
>
> Does anyone know if they are reasonably static in an Express Route scenario?
About a year ago, I switched from a Swissgear to a High Sierra Endeavor wheeled
backpack and been very happy with it. Most of the time I carry < 15 lbs of gear
when I commute to the office on the train, so I’ll have it on my back. But when
I head to the colo with a heavy load, it’s handy (and a
On 2019-11-26 17:11, Ca By wrote:
On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha
wrote:
- On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us
wrote:
[snip]
there is no ROI at this point. In this kind of environment there needs
to
be a strong case to invest the capex to suppo
>> On Nov 27, 2019, at 2:54 PM, Brandon Butterworth
>> wrote:
>>
>> On Wed Nov 27, 2019 at 01:08:04PM -0600, Brian Knight wrote:
>> None of which matters a damn to almost all of my business eyeball
>> customers. They can still get from our networ
> On Nov 27, 2019, at 4:04 PM, Mark Andrews wrote:
>
>
>
>> On 28 Nov 2019, at 06:08, Brian Knight wrote:
>>
>>> On 2019-11-26 17:11, Ca By wrote:
>>> On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha
>>> wrote:
>>>> - On
IPv6 to succeed, really. But the global end game picture looks more and
more bleak to me.
>
> Frankly, I'm surprised anti-IPv6 people still have employment.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest
On 2018-08-08 13:49, Mankamana Mishra (mankamis) via NANOG wrote:
Hi Every one,
Recently we had good discussion over multicast uses in public
internet. From discussion, it was pointed out uses of multicast is
more with in enterprise. Wanted to understand how much % multicast
traffic present in n
Because we had different sources of truth which were written in-house, we wound
up rolling our own template engine in Python. It took about 3 weeks to write
the engine and adapt existing templates. Given a circuit ID, it generates the
full config for copy and paste into a terminal session. It
On Wed, 07 Jun 2017 04:23:33 -0500 <t...@pelican.org> wrote
Hi Brian,
On Tuesday, 6 June, 2017 21:48, "Brian Knight" <m...@knight-networks.com>
said:
> Because we had different sources of truth which were written in-house, we
wound up
> rollin
On 2018-02-03 15:49, Scott Weeks wrote:
Then, you can watch your network in real time
like so (below is all one line):
tail -f /var/log/router.log /var/log/switch.log
| egrep -vi 'term1|term2|termN'
'egrep -v' takes out all the lines you don't
want to see while the syslog messages scroll
across
As the engineer working on that Cisco / IBM issue Erik mentioned... ;)
I was able to get walk-up, same-day access to the building for myself a few
weeks ago (as a customer of DR) and didn’t get my hand slapped for it. DR just
created the access ticket with the building and that was enough. It to
On Tue, Nov 24, 2015 at 6:34 PM, Baldur Norddahl
wrote:
>
> DHCPv6-PD allows multiple PD requests. But did anyone actually implement
> that? I am not aware of any device that will hand out sub delegations on
> one interface, notice that it is out of address space and then go request
> more space f
We recently received an email notice from a group of security
researchers who are looking at the feasibility of attacks using spoofed
traffic. Their methodology, in broad strokes, was to send traffic to
our DNS servers with a source IP that looked like it came from our
network. Their attacks
rticle by
> Juniper:
>
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-unicast-rpf.html
>
>
> -mel beckman
>
>> On Oct 13, 2020, at 3:15 PM, Brian Knight via NANOG wrote:
>
>> We recently received an emai
ops/05-bgp-bcp.pdf
Regards.
El mar., 13 oct. 2020 a las 19:52, Brian Knight via NANOG
() escribió:
Hi Mel,
My understanding of uRPF is:
* Strict mode will permit a packet only if there is a route for the
source IP in the RIB, and that route points to the interface where the
packet was received
use the nameserver to DoS a single /32 endpoint IP
> being targeted, as in common online gaming disputes?
>
> What volume of pps or Mbps would appear as spurious traffic as a result of
> this attack?
>
> On Tue, Oct 13, 2020 at 3:14 PM Brian Knight via NANOG
> wrote:
>
&
CL. I think
that's good for an enterprise network, but as an SP, I'm very hesitant
to include this. Is this included in anyone else's transit / peer / IX
ACL?
Is there anything else that I'm not thinking of?
Thanks,
-Brian
On 2020-10-14 09:25, Brian Knight via NANOG w
f800::/6
fc00::/7
fe00::/9
fec0::/10
exit
Thanks,
-Brian
On 2020-10-14 17:43, Brian Knight wrote:
So I have put together what I think is a reasonable and complete ACL.
From my time in the enterprise world, I know that a good ingress ACL
filters out traffic sourcing from:
* Bogon bl
Randy, thank you for the reminder to look also at what services (L4
ports) should be generally blocked.
As I was implementing a similar rule for logging purposes, I discovered
an oddity with $VENDOR_C_XR ACLs. I created the following:
object-group port TCPUDP-BLOCKED
eq 0
eq sunrpc
eq
As a final update to this thread, we started blocking spoofed and
invalid traffic as of early Thursday morning Nov 19th. So far, knock on
wood, no reports of issues from our customer base.
In addition, I've been able to verify with the security research team's
test tool that we are no longer
On 2021-02-17 13:28, John Kristoff wrote:
On Wed, 17 Feb 2021 14:07:54 -0500
John Curran wrote:
I have no idea what outages were most memorable for others, but the
Stanford transfer switch explosion in October 1996 resulted in a much
of the Internet in the Bay Area simply not being reachable f
On 2021-03-05 12:22, Etienne-Victor Depasquale wrote:
Sure, here goes:
https://www.surveymonkey.com/results/SM-BJ9FCT6K9/
Thanks for sharing these results. We run DPDK workloads (Cisco nee
Viptela vEdge Cloud) on ESXI. Fwiw, a quick survey of a few of our Dell
R640s running mostly vEdge w
On 2021-03-05 15:40, Eric Kuhnke wrote:
For comparison purposes, I'm curious about the difference in wattage
results between:
a) Your R640 at 420W running DPDK
b) The same R640 hardware temporarily booted from a Ubuntu server live
USB, in which some common CPU stress and memory disk/IO bench
On 2021-09-04 23:33, Mark Tinka wrote:
On 9/5/21 04:49, John Levine wrote:
I have asked my ISP about IPv6 and their answer is that that they're
not opposed to
it but since I am the only person who has asked for it, it's quite low
on the list
of things to do.
Supporting the routing and forwa
Also, lots of people out sick with the ‘rona. Fortunately, Omicron seems much
less harmful than other variants.
Hope all are staying safe and well.
-Brian
> On Jan 3, 2022, at 2:06 PM, Josh Luthman wrote:
>
>
> Likely a parallel between vacation, ie people not touching things, and things
>
On 2022-02-10 11:42, John Todd wrote:
"The Prudent Mariner never relies solely on any single aid to
navigation"
It's best to ping multiple targets, and take action only if all targets
do not return replies.
For route tracking a la $VENDOR_C's IP SLA, if possible, we'll ping
next-hop IP, on
Ask your upstream providers for a BGP community tag that lowers localpref below
100 within their network. Set that community tag on any backup routes along
with your (moderate) path prepending.
The backup upstream will then install that route only if there is no other way
to get to your AS.
Th
It seems to say more about fluctuating funding and IT management.I seem to recall an issue with the FAA’s NOTAM / TFR database a few weeks back, one that grounded all flights one fine morning. Wasn’t network-related, but the articles I read about the application’s architecture and fault-tolerance m
On 2023-09-19 09:41, Matthew Petach wrote:
On Tue, Sep 19, 2023 at 7:19AM Mike Hammett wrote:
[...]
I've never understood companies that acquire and don't completely
integrate as quickly as they can.
Ah, spoken with the voice of someone who's never been in the position
of:
a) acquiring
On 2023-11-15 21:47, Christopher Hawker wrote:
Hello everyone,
Aftab Siddiqui is currently exploring the possibility of using Route
Object Authorisations (ROAs) as a potential replacement to LOAs.
Separate to this (and unknowing of Aftab's research), I had started a
discussion on the RPKI Co
On 2024-01-13 04:03, Brett O'Hara wrote:
They have no interest in trying new things or making new technology
work without a solid financial reason and there is none for them
implementing ipv6.
When I left $DAYJOB-1 almost 2 years ago, they had just finished
increasing fees on IPv4 blocks (la
On 2024-02-15 13:10, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
I've said it before, and I'll say it again:
The only thing stopping global IPv6 deployment is
Netflix continuing to offer services over IPv4.
If Netflix dropped IPv4, you would see IPv6 available *everywhere*
within a month.
As
AWS this year. Those who may not be trading address blocks are starting to feel the bite.-BrianOn Feb 15, 2024, at 5:31 PM, Tom Beecher wrote:$/IPv4 address peaked in 2021, and has been declining since. On Thu, Feb 15, 2024 at 16:05 Brian Knight via NANOG <nanog@nanog.org> wrote:On 2024-02-15
What's presently the most commonly used open source toolset for
monitoring AS-to-AS traffic?
I want to see with which ASes I am exchanging the most traffic across my
transits and IX links. I want to look for opportunities to peer so I can
better sell expansion of peering to upper management.
Our
TB of disk, you should expect to keep data for a few years."
Thanks again all,
-Brian
On 2024-03-26 19:04, Brian Knight via NANOG wrote:
> What's presently the most commonly used open source toolset for monitoring
> AS-to-AS traffic?
>
> I want to see with which ASes I
On 2025-02-09 07:43, James Bensley wrote:
* There are no knobs in existing BGP implementations to detect and
limit this behaviour in anyway.
100% agreed. Looked into this a couple weeks ago on our $VENDOR_C gear,
and we saw the prefixes Romain mentioned as well as many others in
Geoff's repo
37 matches
Mail list logo
