Re: Purpose of spoofed packets ???

>Nmap has an option to "hide" your real IP among either a provides or IP >list of IP addresses. > >" D *<**decoy1**>*[,*<**decoy2**>*][,ME][,...] (Cloak a scan with decoys) > >Causes a decoy scan to be performed, which makes it appear to the remote >host that the host(s) you specify as decoys are

RE: Galaxy S6 is IPv6 on all US National Mobile carriers

pters > 100MB. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC   | Phone: 914-460-4039 aim: matthewbhuff    | Fax:   914-694-5669 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Joel Esl

RE: Galaxy S6 is IPv6 on all US National Mobile carriers

It's much smaller J Other than that, I don't know of anything else. I don't use their router anyway. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff| Fax:

RE: dns on fios/frontier

Well, There are frontier users and there are fios users, and now there are frontier fios users (users that were customers of Verizon, but Verizon sold off part their infrastructure to frontier). Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577

Re: Android (lack of) support for DHCPv6

+1 One IP per device will almost most likely be the preference and implementation in corporate/enterprise deployments. Too much procedure, regulation and other roadblocks prevent any other solution. Authentication, Authorization, Accounting, ACLS, NMS, IDS, IP management, custom software, and

Re: REMINDER: LEAP SECOND

A backward step is a known issue and something that people are more comfortable dealing with as it can happen on any machine with a noisy clock crystal. Having 61 seconds in a minute or 86401 seconds in a day is a different story. > On Jun 23, 2015, at 8:37 PM, Harlan Stenn wrote: > > shawn wi

Re: REMINDER: LEAP SECOND

Yes, the clock has to be bad. Been there, done that, especially early Sun x86 servers. Leap years and DST are both things people and developers are aware of outside of technology, leap seconds, not so much. > On Jun 23, 2015, at 11:33 PM, Harlan Stenn wrote: > > Matthew Huff wri

Re: REMINDER: LEAP SECOND

Does anyone know what the latest that we can run our NTP servers and not distribute the LEAP_SECOND flag to the NTP clients? > On Jun 24, 2015, at 2:33 PM, Tore Anderson wrote: > > * Majdi S. Abbas > >> On Wed, Jun 24, 2015 at 08:33:14AM +0200, Tore Anderson wrote: >>> Leap years and DST ladj

RE: REMINDER: LEAP SECOND

ing to the regulations. We could manually run ntpdate on 100+ servers including 50+ windows servers, but that's not a great solution. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC   | Phone: 914-460-4039 ai

RE: REMINDER: LEAP SECOND

, but to be 100% safe we would need to do that 24 hours before, but that would be a violation of FINRA regulations. It looks like the safest thing for us to do is to keep our NTP servers running and deal with any crashes/issues. That's better than having to deal with FINRA. Matthew

Re: United Airlines is Down (!) due to network connectivity problems

Hmmm, Wall Street Journal and NYSE both down…. WSJ has a static page up… DDOS ??? > On Jul 8, 2015, at 10:51 AM, Patrick W. Gilmore wrote: > > > Lifted as of 0920 EDT. > >

Re: United Airlines is Down (!) due to network connectivity problems

aul Ferguson wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All completely coincidental networking issues, not related to anything > malicious. > > - - ferg > > > On 7/8/2015 9:26 AM, Matthew Huff wrote: > >> Hmmm, >> >>

Re: United Airlines is Down (!) due to network connectivity problems

Given that the technical resources at the NYSE are significant and the lengthy duration of the outage, I believe this is more serious than is being reported. OTOH, the fact that the market is now mostly decentralized and instruments are multiply listed, the impact of the NYSE is much less seriou

Re: United Airlines is Down (!) due to network connectivity problems

...@ronan-online.com>> wrote: I think you are over estimating the technical resources at NYSE. On Jul 8, 2015 1:44 PM, "Matthew Huff" mailto:mh...@ox.com>> wrote: Given that the technical resources at the NYSE are significant and the lengthy duration of the outage, I believe thi

Re: United Airlines is Down (!) due to network connectivity problems

PM, Brett Frankenberger wrote: > > On Wed, Jul 08, 2015 at 01:55:43PM -0400, valdis.kletni...@vt.edu wrote: >> On Wed, 08 Jul 2015 17:42:52 -0000, Matthew Huff said: > >>> Given that the technical resources at the NYSE are significant and >>> the lengthy duration o

Re: United Airlines is Down (!) due to network connectivity problems

or sw updates etc. On Wed, Jul 8, 2015 at 3:02 PM, Matthew Huff mailto:mh...@ox.com>> wrote: Traders on the floor are being told that it's a software glitch from new software that was rolled out Tuesday night. Nothing official has been said. The only thing I know for sure is that if

RE: Dual stack IPv6 for IPv4 depletion

least I have a 6in4 tunnel with he.net). Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC   | Phone: 914-460-4039 aim: matthewbhuff    | Fax:   914-694-5669 -Original Message- From: NANOG [mailto:nanog-boun...@nan

RE: Dual stack IPv6 for IPv4 depletion

the idea of not wanting to not think things through, but IPv6 is how many years old, and we are still arguing about these things? Don’t let the prefect be the enemy of the good. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC

RE: Dual stack IPv6 for IPv4 depletion

;s infancy), no mDNS, etc...Lots of things grew up after the fact. I agree that we can't foresee what will happen in the future, but that to me just proves my point. Worrying about the ability to create complex topologies in home networks that may or may not ever be needed or wanted just

RE: Dual stack IPv6 for IPv4 depletion

on source addresses within a corporate network. In residential networks, it's mostly used for guest networks that can route out to the internet, but not to other local devices. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA

Speaking of NTP...

27;ed within +/- 2 msec. Starting last Friday, we started seeing some remote NTP servers with GPS reference consistently offset by 10 msec. Any one else seeing this? Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC   | Phone

RE: Dual stack IPv6 for IPv4 depletion

n the corporate world). Remember SHIM? Any reasonable size organization that expects reliable internet connections is going to go BGP/PI. Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC   | Phone: 914-460-4039 aim: matthew

SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

. I've tried to reach out to their contacts (webmaster, oig, etc...) but haven't gotten a reply yet. It's possible that I might get a reply eventually, but does anyone have any direct contacts at the SEC? Matthew Huff | 1 Manhattanville Rd Director of Operations  

Re: Speaking of NTP...

- >> From: NANOG [mailto:nanog-bounces+alh-ietf=tndh@nanog.org] On >> Behalf Of Rafael Possamai >> Sent: Thursday, July 16, 2015 8:53 AM >> To: Matthew Huff >> Cc: nanog@nanog.org >> Subject: Re: Speaking of NTP... >> >> Depending on how exa

RE: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

have any clue. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC   | Phone: 914-460-4039 aim: matthewbhuff    | Fax:   914-694-5669 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ro

RE: Did *bufferbloat* cause the 2010 flashcrash?

discontinuously. For example the last valid quote could have been at $95.90, then halted, then re-opened at $82.50. The stop order would sell immediately at $82.50, not the $90 people thought. Then the stock could recover and be trading at $95.05 and you could really feel you were screwed. Bu

RE: verizon trouble ticket NJ DQ04PWR9 -- is verizon blocking FLOKsociety.org by accident or on purpose?

My traceroute goes through, but we don't go through Verizon. However, the web server is returning an error that it is unavailable. It's possible that the destination web server has a geo location plug in that stops access from foreign locations, or that their server is down. [root@lancaster

RE: Cogent packet loss to Verizon in San Jose

e our routing and advertisements to avoid cogent, otherwise, I don't think there is any solution coming within a reasonable timeframe ---- Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 >

RE: turning on comcast v6

monitoring requirement. One of the many challenges of ipv6 in a corporate environment. Matthew Huff | 1 Manhattanville Rd Director of Operations   | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 > -Original Message- > From: Lee Howard [ma

Re: turning on comcast v6

On Dec 20, 2013, at 3:23 PM, Owen DeLong wrote: > > On Dec 20, 2013, at 6:29 AM, Matthew Huff wrote: > >> With RA, what is the smallest interval failover will work? Compare that with >> NHRP such as HSRP, VRRP, etc with sub-second failover. > > RA and VRRP are n

Re: turning on comcast v6

tainly not unless they have a business justification. On Dec 20, 2013, at 4:07 PM, Owen DeLong wrote: > > On Dec 20, 2013, at 12:50 PM, Matthew Huff wrote: > >> >> On Dec 20, 2013, at 3:23 PM, Owen DeLong wrote: >> >>> >>> On Dec 20, 2013, at 6

Re: turning on comcast v6

You can request a fully working IPv6 implementation, but it's not going to stop a purchasing if it doesn't. If you are deciding between two vendors and one is better/cheaper and doesn't have IPv6 and you choose the other, it's likely you will be looking for another job. There is no strong justif

RE: Rate of growth on IPv6 not fast enough?

Golden Age", she also co-invented an early form of spread spectrum communications technology, a key to modern wireless communication.[1] ---- Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:

RE: Hardware for 50Mbs BGP feed.WAS Rate Limiting on Cisco Router

We have something very similar. We have 2 x 7204VXR/NPE-G1 with 1GB RAM each with a 50Mb connection to an upstream provider with full routes. No cpu or other problems at all. -Original Message- From: Chris Gotstein [mailto:ch...@uplogon.com] Sent: Friday, July 09, 2010 1:36 PM To: na

RE: Active Directory requires Microsoft DNS?

that environment. Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > -Original Message- > From: Tom Mikelson [mailto:tmikel...@gmail.com] > Sent: Monday, September

IPv6 tunnel brokers that provide BGP other than HE?

Neither of our upstream providers offer direct ipv6 although both claim deployment in Q1 2011. In the meantime, we have a tunnel with BGP to HE announcing our /48, but we are looking for redundancy. Is there anyone else out there offering services like Hurricane Electric? Matthew Huff

RE: IPv6 tunnel brokers that provide BGP other than HE?

With BGP it does. We are announcing a provider independent /48 address space, and receive the ipv6 bgp routes. Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139

RE: 10-GigE for servers

10GE cards for most hardware and OS platforms. Getting them to run at a fraction of that speed depends on application and IP stack tuning. Even then, there are significant bottlenecks. That's one reason Infiniband for HPC has taken off. Matthew Huff | One Manhattanville Rd OTA Mana

RE: PPP multilink help

-default fair-queue 4096 random-detect dscp-based Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com  | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 -Original Message- From: Rodney Dunn [mailto:rod...@cisco.com] Sent

RE: Unicast Flooding

alue as the ARP timeout ---- Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > -Original Message- > From: Brian Shope [mailto:blackwolf99...@gmail.com] > Sent: Wedne

RE: Is your ISP blocking outgoing port 25?

technical blogs, and even on Microsoft's web site are incorrect. Once it's setup, however, it's great. ---- Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > ---

Opensource or Low Cost NMS for Server Hardware / Application Monitoring

Nagios http://www.nagios.org Zenoss http://zenoss.com OpManager http://www.manageengine.com Orion http://www.solarwinds.com/products/orion/ BigBrother http://bb4.com/ Any others that should be added to the list to eval? Matt

RE: Opensource or Low Cost NMS for Server Hardware / Application Monitoring

use BMC patrol which was a very good system. We moved away from it because it was extremely pricey per-node and BMC absolute rejection of Solaris X86 as a supported platform (We went back and forth between Sun and BMC regarding that for over a year). Matthew Huff   | One Manhattanville Rd

RE: Opensource or Low Cost NMS for Server Hardware / Application Monitoring

owards the original topic. ---- Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > -Original Message- > From: Jens Link [mailto:li...@quux.de] > Sent: Wednesday, Ju

Open Source / Low Cost NMS for Server Hardware / Application Monitoring

s.com/products/orion/ BigBrother http://bb4.com/ Argus http://argus.tcp4me.com/ Xymon http://www.xymon.com Spiceworks http://www.spiceworks.com/ ICINGA http://www.icinga.org Matthew Huff | One Manhattanville R

RE: cisco.com

6395:1 6395:1006 Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -Original Message- > From: Michal Krsek [mailto:mic...@krsek.cz] > Sent: Tuesday, August

RE: cisco.com

during the resolution of this issue. Posted by [4]Cisco PR at 12:00AM PST Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://[5]www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 [cid:image001.jpg

RE: cisco.com

Disregard. This was from 2 years ago. Copied the link and verbage without verifying it. My bad. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://[1]www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139

RE: Reliance globalcom issues in NYC/NJ?

Yeah, we got hit hard too. It's back up, but no RFO yet. NOC was overloaded and not answering. Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > -Original

Invalid prefix announcement from AS9035 for 129.77.0.0/16

ed. I would appreciate if people have time and can double check let me know if any announcements are active except from our AS6128/AS6395 upstreams. If this were to persist, what would be the best course of action to resolve it, especially given that the AS was within RIPE. Matthew

RE: Go daddy mail services admin

tup a score and mark the header, rather than bouncing. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: Jeff Kinz [mailto:[EMAIL PROTECTED]

Level 3 OC-12 cut in SanFran/Hayw

We lost a DS3 out of our downtown SF office around 4 hours ago. The Level 3 master ticket for OC-12 outage is #3020259 and is out of Hayworth. Anyone know anything more about this? Getting any info out of level 3 let alone an ETR has been challenging.

RE: Level 3 OC-12 cut in SanFran/Hayw

call and beat it out of them. I am waiting on a CB from a supervisor right now. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Huff Sent: Wednesday, November 19, 2008 10:45 PM To: NANOG list Subject: Level 3 OC-12 cut in SanFran/Hayw We lo

RE: NANOG Digest, Vol 10, Issue 71

om: Peter Serwe [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2008 4:01 PM To: Matthew Huff Cc: nanog@nanog.org Subject: Re: NANOG Digest, Vol 10, Issue 71 > > Message: 1 > Date: Thu, 20 Nov 2008 09:32:45 -0500 > From: Matthew Huff <[EMAIL PROTECTED]> > Subject: RE: Le

RE: UDP DoS mitigation?

Although the problem we had wasn't DoS, but rather high packet rates for market data, we saw a huge improvement by moving from a 7204VRX to a 7600 platform. Going from a software switched environment to a hardware one help deal with large number of packet drops during peaks of burst activity. W

RE: Leap second tonight

It looks like clepsydra hasn't been updated: address ref clock st when poll reach delay offsetdisp -~192.5.41.40 .USNO.1 194 1024 37741.15.1938.2 -~130.207.244.240 .GPS. 168 1024 37723.1 11.09 1.3 ~127.127.7.1

Tightened DNS security question re: DNS amplification attacks.

y; }; recursion no; additional-from-auth no; additional-from-cache no; zone "." in { type hint; file "db.cache"; }; ... ... since you can't put a "allow-query { none; };" in a hint zone, what can I do to deny the query to the . zone file? Matthe

RE: Private use of non-RFC1918 IP space

issue, but rather a business decision, and it's not going to change. We aren't depending our network resources on an external third-party, especially given their track record. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Pho

RE: Private use of non-RFC1918 IP space

7;s the problem, the problem is that it being tied to an external company. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -Original Message- > From:

Illegal header length in BGP error

o looked at the path mtu issue, and although we haven't had a problem before I disabled bgp mtu path discovery, but have the same issues. Anyone seeing something like this today, and or does anyone have a suggestion on finding out more specific info (which as path for example so I can filter

RE: Illegal header length in BGP error

latest 12.4(15)T image." Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > -Original Message- > From: Renaud RAKOTOMALALA [mailto:ren...@rakotom

RE: Illegal header length in BGP error

We were using PMTUD. However: 1) The link was iBGP and was done via crossever with both having default MTU 2) I tried disabling PMTUD with no difference 3) Cisco admitted it was a known bug, and downreving it to 12.4(15)T resolved the issue. Matthew Huff   | One Manhattanville Rd OTA

RE: The Confiker Virus.

SRI has a detailed analysis of conflicker at http://mtc.sri.com/Conficker/ Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com  | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 -Original Message- From: Joe Blanchard

RE: amazonaws.com?

r illegal activities, I wonder how long it will take companies to realize that if they don't do a good job of self policing, the result will be something they would prefer not to have happen. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 www.otaotr

RE: what problem are we solving? (was Re: ICANN opens up Pandora'sBox of new TLDs)

> that's exactly my point! it's _not_ reliable, but it's the behavior > that the average user has come to expect. If we can't even guarantee > reliability with the small handful of TLDs currently in use, when we > start introducing arbitrary new ones to anybody that can pay, I'm > concerned that it

Line rate gigabit router/switch options

dering what the cost effective options are with other vendors or even other possible cisco solutions. ---- Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139

RE: Line rate gigabit router/switch options

ltime). We use Fluke Network's NetFlow Tracker and it works with sFlow, IPFIX, Netflow and other netflow like protocols, so it looks like almost any of the hardware suggested will work. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 www.otaotr.com

RE: Hardware capture platforms

The Cisco 8 port 10/100/1000 switch (WS-C2960G-8TC-L) supports RSPAN which would allow you to tap all the ports even though it's a switch. It's about $750, so it's not a cheap option, but it's not outrageous either. It's the right size also. Matthew Huff

RE: eigrp and managed ethernet

you want the hello (in seconds) and y is the max hold-down timer. Generally y is = x * 3 http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfeigrp.html Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 www.ox.com| Phone

port scanning from spoofed addresses

uninterested in tracing or blocking them. Is this the new normal? One of my concerns is that if others are seeing probe attempts, they will see them from these addresses and of course, contact us. Any suggestions on what to do next? Or just ignore. Matthew Huff   | One Manhattanville Rd OTA

RE: port scanning from spoofed addresses

The source address appears to be fixed as well as the source port (), scanning different destinations and ports. Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com  | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139

RE: port scanning from spoofed addresses

I'm not at all concerned about door-knob twisting or network scanning. What concerns me is that the source addresses are spoofed from our address range and that our upstream providers aren't willing to even look at the problem. ---- Matthew Huff   | One Manhattanville Rd OTA Mana

RE: Latest Cisco for small dual homed ASN

You can squeeze by with 512MB, but 1GB of ram would be better. A 7204VXR with 1GB of ram will work fine. You can also squeeze by with a 2951 Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax

RE: NTP clock source

http://www.symmetricom.com/ We have two of their S200 syncservers. Works great. Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff  | Fax:   914-460-4139 > -Original Message- > From

RE: Auto MDI/MDI-X + conference rooms + bored == loop

Bpduguard if running cisco. set all the switch ports to bpduguard or enable it globally -Original Message- From: Chuck Anderson [mailto:c...@wpi.edu] Sent: Friday, March 26, 2010 6:09 PM To: nanog@nanog.org Subject: Auto MDI/MDI-X + conference rooms + bored == loop Anyone have suggest

RE: quietly....

There is also another reason for NAT44 or NAT66 in the corporate world that has been missed in these conversations. It is very common to NAT44 when connected via extranets to another company via an b2b provider such as TNS or BTRadianz. Not everything goes over the net. NAT44 (especially "twice-

RE: quietly....

Yes, but unless that ipv6 that isn't globally routed is NAT66 to the outside world, then it wouldn't have external access. > -Original Message- > From: Jon Lewis [mailto:jle...@lewis.org] > Sent: Thursday, February 03, 2011 11:41 AM > To: Iljitsch van Beijnum > Cc: nanog@nanog.org > Subje

RE: quietly....

> Overloaded NAT is too costly to the community to be allowed to promulgate > into IPv6. It is detrimental to: > Application development > Innovation > Security > Auditing > Cost: > Cost of application development > Cost of devices >

RE: quietly....

> In IPv6, the simpler solution is to allocate a /64 to groups of machines that > serve such a function. > If you need to move the group, you can simply move the entire prefix. If we change the prefix, then I have to contact and deal with the bureaucracy of external corporate entities. This is a

RE: quietly....

unity. IPSEC to a NAT/SPI firewall works fine, through it has issues. But then again, rarely do you want that in a corporate network anyway. > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: Thursday, February 03, 2011 2:29 PM > To:

RE: quietly....

.edu [mailto:valdis.kletni...@vt.edu] > Sent: Thursday, February 03, 2011 3:36 PM > To: Matthew Huff > Cc: Owen DeLong; nanog@nanog.org > Subject: Re: quietly > > On Thu, 03 Feb 2011 14:39:15 EST, Matthew Huff said: > > Something like ftp over SSH works well without fix

RE: quietly....

SMTP is definitely not a p2p protocol in most corporate environments. In ours, all email (even ones that you would think should be host2host) go to a central "smarthost" that processes the mail, and archive it for compliance. All internal to external and external to internal email is tightly con

RE: quietly....

would personally prefer scp to sftp, but that isn't what is being deployed by our peers. > -Original Message- > From: Randy Carpenter [mailto:rcar...@network1.net] > Sent: Thursday, February 03, 2011 4:32 PM > To: Matthew Huff > Cc: nanog@nanog.org; Valdis Kletnie

RE: quietly....

In a corporate environment, that's the way it's been for almost 30 years. The feeling I get is that people want to re-litigate that with Ipv6, and make every desktop an end-to-end node. Not going to happen. In most corporate environments, even with sarcasm, you are right. There are clients and t

RE: quietly....

> Seems there's a lot of engineers out there that only want to make sure > last year's protocols work, and are willing to totally ignore next year's. It really is a different universe for University/ISP versus corporate networks. Neither is wrong or right, but both have different needs. My comp

<    1   2