Hello,
On 10.6.2014 19:04, Blake Hudson wrote:
> I haven't seen anyone bring up this point yet, but I feel like I'm
> missing something...
> I receive a full BGP table from several providers. They send me ~490k
> *prefixes* each. However, my router shows ~332k *subnets* in the routing
> table. As I
There's one tiny detail: Published on Apr 1, 2012...
It's April fool... :-)
- Daniel
On 12/07/2012 12:53 AM, Otis L. Surratt, Jr. wrote:
> Yep. But you know I wouldn't be surprised if Google entered that market.
> That's why I was asking. You never know these days.
>
> From: Suresh Ramasubram
Hello,
we discovered, that at least Hurricane Electric (HE, AS 6939) does
rewrite BGP origin attribute unconditionally in all routes traversing
their network. This mandatory, but probably not widely known/used
attribute should not be changed by any speaker except originating router
(RFC 4271, sect
On 05/31/2012 07:06 PM, Saku Ytti wrote:
> On (2012-05-31 08:46 -0700), David Barak wrote:
>
>> On what precisely do you base the idea that a mandatory transitive attribute
>> of a BGP prefix is a "purely advisory flag which has no real meaning"? I
>> encourage you to reconsider that opinion -
On 06/01/2012 07:38 PM, Joe Provo wrote:
> You clearly did not read the previous posts involving actual historical
> evidence [and apparently ongoing] of remote networks attempting action
> at a distance knowing that many overlook this part of the decision tree.
> Preventing your company from ble
On 06/02/2012 02:42 AM, Richard A Steenbergen wrote:
> On Fri, Jun 01, 2012 at 08:03:50PM +0200, Daniel Suchy wrote:
>> By overwriting origin field, there's no warranty that someone improves
>> performance at all - it's just imagination. In extreme cases,
>> p
On 06/02/2012 02:53 AM, Joe Provo wrote:
> Cost and performance were merely two reasons someone may wish to prevent
> remote parties from using origin to influence outbound traffic from my
> network.
As I mentioned already, it will influence that by another way. And this
costs *you* more money -
On 06/02/2012 12:43 PM, Joe Provo wrote:
> Last post on this topic for me. You seem to wish to argue
> against the lessons of history and the reality of running
> a network on the global Internet.
Based on observations from routeviews / RIPE RIS / other public sources,
overwriting BGP origin isn'
Hello,
for approx. last 14 days we're seeing problems with video playing from
youtube (page loads without problems, but player shows error), and also
other applications like maps are having problems. As these problems were
only for some of prefixes announced out of AS 8251, we recognised that
as pr
It's not only about TCAM (and it's price), but also about convergence
times...
On 2.10.2015 17:48, Matthew Kaufman wrote:
> Cheaper than buying everyone TCAM
>
> Matthew Kaufman
smime.p7s
Description: S/MIME Cryptographic Signature
Hello,
ask your customers, if they had VTY access secured properly. Brute-force
password attacks against management interface (telnet, SSH) aren't rare
these days and once you have management access, you can do anything
independently on known code vulnerabilies.
With regards,
Daniel
On 13.4.2015
On 06/22/2013 12:27 AM, Jakob Heitz wrote:
>> Date: Fri, 21 Jun 2013 16:14:07 -0400
>> From: "Majdi S. Abbas"
>> The forwarding hardware is generally going to be the limit, and
>> that's going to be painful enough as we approach a half million
>> prefixes.
>
> There are techniques to fix th
On 1.12.2013 11:49, Randy Bush wrote:
>>> Using a 1/10th of a second interval is rather anti-social.
>>> I know we rate-limit ICMP traffic down, and such a
>>> short interval would be detected as attack traffic,
>>> and treated as such.
>> For what it is worth, I used to think the same, until I saw
Hello,
there's exactly *one* blackhole well-known community, which should be
used for this purpose - 65535:666 (standardised in RFC 7999). There's no
reason to use even "ASN:666" format these days...
- Daniel
On 8/4/21 3:28 PM, Sriram, Kotikalapudi (Fed) via NANOG wrote:
There is an old NANO
Hello,
On 3/1/22 21:08, David Conrad wrote:
- Shutdown the root server instances operated by ICANN that are within
Russia
ICANN could conceivably do this unilaterally, but there are a lot more
root server instances operated by other RSOs (including RIPE NCC,
Verisign, ISC, and NASA).
It's al
On 5/8/22 19:48, Warren Kumari wrote:
If zone enumeration was not a real concern, NSEC3 would not exist.
Ackchyually, that's only partly true — a significant amount of the
driver (some would say hte large majority) behind NSEC3 was that it
supports "opt-out". This was important in very l
16 matches
Mail list logo
