ll
mail.
Thanks in advance.
Bill Kruchas
Hello,
I am not a heads down network guy, but I have setup a few
firewalls, and have got them to do what I wanted, "eventually". But
mostly through reading and trial and error.
I am struggling with this one, but I think I know the answer, but
want to verify it with some
Hello,
We have Nat setup on our equipment, just a plain vanilla internet
connection.
Here is the pertinent section of the runing config.
!
interface Ethernet0/2
nameif Etherpoint
security-level 0
ip address outside-ip 255.255.255.252
ospf cost 10
!
Hello,
I believe I have setup the appropriate access-lists, even have
created it both ways in case I have the inside and outside reversed.
The packet trace always drops through and hits the implicit rule
which is deny everything. No matter how I have the access list setup
my head against the wall using Nat
instead of Pat, and not sure if Pat would be acceptable.
Anyway, thanks again.
Bill
**
Hey Bill,
I don't think you can do a static NAT translation on a NAT egress IP
address. Have
access-group Etherpoint_access_in in interface Etherpoint
Thanks again list
Bill Kruchas
Below is the full question and details.
*
Hello List,
First let me say I'm not a heads down network guy, but I have s
lease let me
know here or offline.
Thanks a bunch!
Bill
d in March of this year.
-Bill
signature.asc
Description: Message signed with OpenPGP
ght, you’re wrong. 10G home service is great. Everybody I know here
in Paris has it. There’s just no particularly reason to drop down to 1G, for
the EUR 10/month difference.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Jan 7, 2021, at 7:31 PM, Christopher Morrow
> wrote:
> NOC tours seem like a very 1990's thing
Cough, cough *Terremark* cough, cough *disco lights* cough cough.
-Bill
signature.asc
Description: Message signed with OpenPGP
with, and which it listens to.
> So has Twitter now blocked government communication?
Sure. No problem with that. An unregulated, non-monopoly, private party isn’t
required to provide a forum for anyone, government or individual.
-Bill
signature.asc
/2019/10/25/772325133/as-president-trump-tweets-and-deletes-the-historical-record-takes-shape
-Bill
signature.asc
Description: Message signed with OpenPGP
Are all y’all allergic to Wikipedia or something?
https://en.wikipedia.org/wiki/Public_recursive_name_server
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Feb 17, 2021, at 7:41 PM, Sean Donelan wrote:
> Statistics suck, until you attempt to produce your own.
I don’t even know what word you replace “suck” with, when you’re doing it
yourself. What’s suck cubed?
-Bill
signature.asc
Description: M
house_ that concerns me.
-Bill
signature.asc
Description: Message signed with OpenPGP
ailable?
>
> e.nic.so seems to be responding (hosted behind PCH, thanks Woody!).
Our staff contacted AfriNIC staff and got an acknowledgement that they were in
process of resolving it at the time.
-Bill
signature.asc
Description: Message signed with OpenPGP
ur home network?
-Bill
signature.asc
Description: Message signed with OpenPGP
ains in some detail… Things haven’t really changed since
then:
https://www.pch.net/resources/Tutorials/anycast/Anycast-v10.pdf
-Bill
signature.asc
Description: Message signed with OpenPGP
ting slots, and content routing tricks often don’t play well together.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Jul 28, 2021, at 3:21 AM, Mark Tinka wrote:
> On 7/28/21 01:16, Daniel Corbe wrote:
>
>>> This is interesting... I wonder whether Anycast will still have some
>>> failure modes and break TCP connections if routing (configuration) were to
>>> chang
[IPs,
> FQDNs, and Web Services, for a start] for his/her own purpose without asking
> permission.
Sounds like you’re going to be writing a lot of shell scripts and cron jobs.
Welcome to security. Remember to test your backups, that’s always the most
important thing in any security regime.
-Bill
signature.asc
Description: Message signed with OpenPGP
the African Internet community has really
pulled together to defend themselves, and they’ve got a lot less resources than
most of us do.
-Bill
signature.asc
Description: Message signed with OpenPGP
e addresses from AfriNIC, and you need to
be prepared to comply with AfriNIC policy.
-Bill
signature.asc
Description: Message signed with OpenPGP
ing lists, and they’re all
beneficiaries of something called the “Larus Foundation.” So, if you’re not
getting paid to copy and paste that, you might want to look into it:
https://www.larus.foundation
I hear it pays pretty well.
-Bill
signature.asc
De
cquired _more_ than 6.3M IPv4
addresses, and is profiting from their being used in contravention of RIR
policy, I very much encourage you to request that your RIR perform a compliance
audit.
Since, after all, that’s what the RIR’s job is.
-Bill
signature.asc
Des
Last I knew it had pretty much devolved into intra-campus and local A/R&E
interconnection, but our contacts here have retired as well.
-Bill
> On Feb 10, 2020, at 21:15, Matt Peterson wrote:
>
>
> Wondering if SD-NAP is still functional? PeeringDB en
and floor 20, to keep L3 hop-sounds down and provide some redundancy?
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Mar 14, 2020, at 7:05 AM, Brielle wrote:
> I personally like Dokuwiki a lot.
Dokuwiki is definitely my favorite as well. The UI is appropriate to the task,
so you get work done quickly and without a lot of fuss.
-Bill
signature.asc
Descr
G broadband flying along at
an actual, measurable, 10G.
-Bill
signature.asc
Description: Message signed with OpenPGP
r in satellite
bandwidth costs.
UUCP kicks ass.
-Bill
signature.asc
Description: Message signed with OpenPGP
balanced position and I was wondering what is
> the communities position on this topic?
>
>
> Scott
>
--
Bill Blackford
Logged into reality and abusing my sudo privileges.
ht. Now that we
know who won’t be acting AGAINST non-profits, we need ICANN to run the
competitive process again to find who will act FOR non-profits.
-Bill
signature.asc
Description: Message signed with OpenPGP
oment, a hard requirement in the 2002
criteria. Feverish eleventh-hour work by beltway lobbyists got that
restriction removed, last time. It doesn’t need to be removed this time.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On May 1, 2020, at 1:19 PM, Lee wrote:
> On 5/1/20, Bill Woodcock wrote:
>>
>>> On May 1, 2020, at 6:19 AM, Andy Ringsmuth wrote:
>>> https://www.theregister.co.uk/2020/05/01/icann_stops_dot_org_sale/
>>> I know this has been bantered about on the li
fortunately because there are now a
smaller number of really wealthy people who need places to shove all their
extra money. Not how I’d have liked to get here.
-Bill
signature.asc
Description: Message signed with OpenPGP
e’s no provable causality chain here, but it was a concern, we spoke, they
listened, and the problem we were concerned with did not become an issue, so
that’s a success. If only we could do that with public health, we’d be in
great shape.
-Bill
anecdotes, or any
statistics, that would help illustrate or quantify the issue, would make this
easier.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Jun 18, 2020, at 2:28 PM, Saku Ytti wrote:
> No one needs strict priority queues anymore, which was absolutely
> needed at one point in time.
What time was that?
-Bill
signature.asc
Description: Message signed with OpenPGP
ation isn’t the cleanest way to build a network.
-Bill
signature.asc
Description: Message signed with OpenPGP
> without any luck. We also tried reaching out to Paul Emmons via LinkedIn mail
> and never received a response.
Paul is the correct person.
-Bill
signature.asc
Description: Message signed with OpenPGP
lustrator.
-Bill
signature.asc
Description: Message signed with OpenPGP
erk-for-no/vedlegg-f/
Ugh. Policy from 2018. Has anyone reached out to them to get this fixed? .NO
is one of the few ccTLDs we don’t have a relationship with. Looks like they’re
using NetNod and Neustar.
-Bill
signature.asc
Description: Message signed with OpenPGP
an equivalent official part.
>
>
> The application is an ISP upgrading from Nx10G, where one of their fiber
> paths is ~35km and the other is ~60km.
>
>
>
> thanks,
> -Randy
>
--
Bill Blackford
Logged into reality and abusing my sudo privileges.
We did not use an NTA, but we did flush our cache immediately once Slack had
fixed their problem. I think that’s the right balance of carrot and stick.
-Bill
> On Oct 2, 2021, at 7:30 AM, Mark Tinka wrote:
>
> So, that wasn't fun, yesterday:
>
They’re starting to pick themselves back up off the floor in the last two or
three minutes. A few answers getting out. I imagine it’ll take a while before
things stabilize, though.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Oct 4, 2021, at 11:10 PM, Bill Woodcock wrote:
>
> They’re starting to pick themselves back up off the floor in the last two or
> three minutes. A few answers getting out. I imagine it’ll take a while
> before things stabilize, though.
nd we’re back:
WoodyNet-2:
> On Oct 4, 2021, at 11:21 PM, Bill Woodcock wrote:
>
>
>
>> On Oct 4, 2021, at 11:10 PM, Bill Woodcock wrote:
>>
>> They’re starting to pick themselves back up off the floor in the last two or
>> three minutes. A few answers getting out. I imagine
ut the basket.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Oct 4, 2021, at 11:41 PM, Baldur Norddahl
> wrote:
>
>
>
> man. 4. okt. 2021 23.33 skrev Bill Woodcock :
>
>
> > On Oct 4, 2021, at 11:21 PM, Bill Woodcock wrote:
> >
> >
> >
> >> On Oct 4, 2021, at 11:10 PM, Bill Woodcock
> On Oct 5, 2021, at 12:16 AM, Bill Woodcock wrote:
>
>
>
>> On Oct 4, 2021, at 11:41 PM, Baldur Norddahl
>> wrote:
>>
>>
>>
>> man. 4. okt. 2021 23.33 skrev Bill Woodcock :
>>
>>
>>> On Oct 4, 2021, at 11:21 PM,
?
-Bill
signature.asc
Description: Message signed with OpenPGP
o it all themselves, so when they shot themselves in the foot,
they only had the one foot, and nothing left to stand on. Whereas other folks
shoot themselves in the foot all the time, and nobody notices, because they
paid attention to the spirit of RFC 2182.
-
consequence is, as you can see, mass disaster.
Yep. I think we even had a NANOG talk on exactly that specific topic a long
time ago.
https://www.pch.net/resources/Papers/dns-service-architecture/dns-service-architecture-v10.pdf
-Bill
signature.asc
Descripti
d to returning the results to the community.
-Bill Woodcock
Executive Director
Packet Clearing House
signature.asc
Description: Message signed with OpenPGP
> On Oct 29, 2021, at 6:55 PM, Denis Fondras wrote:
> Le Fri, Oct 29, 2021 at 01:47:37PM +0200, Bill Woodcock a écrit :
>> If you’re peering with an MLPA route-server, you’re welcome to include just
>> the route-server’s ASN, if that’s easiest, rather than trying to include e
> On Nov 13, 2021, at 5:02 PM, Glenn McGurrin via NANOG wrote:
>
> I had a bit of an odd one this morning
It’s this:
https://www.engadget.com/fbi-email-server-hack-221052368.html
-Bill
signature.asc
Description: Message signed with OpenPGP
Hey, does anyone know of an SFP28 capable of rate-adapting down from 25G on the
cage side down to 1G on the line side? Can be copper or fiber on the line
side, I don’t care, my interest is in the chip inside.
Thanks,
-Bill
signature.asc
Description: Message
eed to find a chip that does that in
the size/power budget of an SFP, and it seemed like the easiest way to do that
would be to find an SFP28 that did what I needed and bust it open to see what
chip they were using.
I’m sure you can guess why, given recent threads. :-)
-yet-delegated pool, but
not in the other four RIRs.
-Bill
signature.asc
Description: Message signed with OpenPGP
A with such an offer...
Yep. DANE is the correct answer. CAs are not. But that’s been true for a
very long time, and people are still trying to pretend that CAs know what’s
what.
-Bill
signature.asc
Description: Message signed with OpenPGP
nd “strategic autonomy,” as the EU is calling it. And everything it
says has been the law since 2019 anyway.
If I were the administrator in charge of getting government agency IT folks to
clean up their work, I’d sure as hell jump on this opportunity to remind them
that they’re three year
> On Mar 7, 2022, at 9:02 AM, Stephane Bortzmeyer wrote:
>
> On Sun, Mar 06, 2022 at 11:49:54PM +0100,
> Bill Woodcock wrote
> a message of 62 lines which said:
>
>> This applies exclusively to Russian federal government networks, not
>> ISPs or telecom opera
No, that was the original source of the disinformation. I guess she didn’t
actually read it, or didn’t understand it, and in any case, failed to
fact-check. Ask Russian network operators or government IT folks, or a lawyer…
there’s no ambiguity here.
-Bill
> On Ma
,
-Bill
signature.asc
Description: Message signed with OpenPGP
lar.
With a principled constraint that only military and propaganda networks will be
included in the feed, I’m not too worried about this turning into fascism.
-Bill
signature.asc
Description: Message signed with OpenPGP
ours are the same. Pulling the plug
on countries is inappropriate, because it has a lot of unintended consequences
and harms people.
-Bill
signature.asc
Description: Message signed with OpenPGP
things work better than I do. Perhaps you can
explain it to us.
-Bill
signature.asc
Description: Message signed with OpenPGP
disrupt civilian communication
within Russia. Not a good idea.
-Bill
signature.asc
Description: Message signed with OpenPGP
what ratio do people in that business think is reasonable?
10:1? 100:1? 1,000:1?
I’m happy to take private replies and summarize/anonymize back to the list, if
people prefer.
Thanks!
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Apr 1, 2022, at 12:15 AM, Bill Woodcock wrote:
> …in a run-of-the-mill web hoster?
> I’m happy to take private replies and summarize/anonymize back to the list,
> if people prefer.
I asked the same question on Twitter, and got quite a lot of answers in both
places pretty qu
> On Oct 14, 2022, at 12:40 AM, George Toma wrote:
> Does anybody know if it possible to create ARIN ORG ID for non-ARIN region
> company?
I just forwarded this to an appropriate person at ARIN to give you an official
answer.
-Bill
sign
Forwarded to the maintainers.
-Bill
> On Feb 4, 2023, at 6:44 PM, David Bass wrote:
>
> Anyone on here run it? The URL to sign up on the website doesn’t seem to
> work at the moment.
unch-hour.
-Bill
gt; still feel those need to be kept up to date. This is just for the individual
> end user IPs.
I think it’s really useful… but as IPv4 becomes a thing of the past, it
probably needs to be supplied dynamically by a plug-in to your nameserver,
rather than in giant static tables.
-Bill
… it just costs money, now, to buy.
If you’re in the US, just use ARIN. ARIN’s processes aren’t arcane,
particularly compared with RIPE, and fees are predictable and relatively low.
-Bill
> On Jul 6, 2023, at 16:29, Dave Taht wrote:
>
> I have an o
to do that, and thus might consider it a
breach of etiquette for you to do so.
-Bill
signature.asc
Description: Message signed with OpenPGP
od idea, and it’s not stepping on anyone’s toes,
PCH would be happy to host/coordinate.
-Bill
signature.asc
Description: Message signed with OpenPGP
le somewhere, but not all.
I think a combination of the two is probably most useful… people tag with a
well-known community, then those get eBGP-multi-hopped to a common collector,
and published as a clean machine-readable list.
-Bill
signature.asc
Description: Message signed with OpenPGP
ndly
>> format->style RPSL)
>
> Most DNS root servers are anycasted.
Right, yeah, I think he was just showing an example, since he had roughly a
dozen, out of thousands.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On Mar 19, 2019, at 1:55 PM, Frank Habicht wrote:
>
> Hi,
>
> On 19/03/2019 23:13, Bill Woodcock wrote:
>> Generally, static lists like that are difficult to maintain when
>> they’re tracking multiple routes from multiple parties.
>
> agreed.
> and o
.
-Bill
> On Mar 21, 2019, at 09:52, Ross Tajvar wrote:
>
> Not all any-casted prefixes are DNS resolvers and not all DNS resolvers are
> anycasted. It sounds like you would be better served by a list of well-known
> DNS resolvers.
>
>> On Thu, Mar 21, 2019 at 12:35
😳🤣
Sent from my iPhone
> On Apr 7, 2019, at 17:40, Kieran Murphy wrote:
>
> Yeah, it takes a while.
>
> My peering request turned 1 year old on Friday.
> There was cake.
>
>> On Mon, 8 Apr 2019 at 08:36, Ross Tajvar wrote:
>> From what I've heard, their peering department is really behind on
1997.
That’s when PCH began archiving them (and subsequently turned that archive over
to U of O). We weren’t aware of anyone publicly archiving transit routes prior
to that.
-Bill
signature.asc
Description: Message signed with OpenPGP
be happy to publish them.
-Bill
signature.asc
Description: Message signed with OpenPGP
.Org, .pr, and a couple of root letters should be on our Puerto Rico node
already, along with several hundred other TLDs.
-Bill
> On Jul 6, 2019, at 17:00, Rubens Kuhl wrote:
>
>
> It would be interesting if ICANN, Verisign and Afilias were able to join
or-Protection-TP323/dp/B07P3XDXN3/ref=sr_1_6?keywords=apc+PNET1GB&qid=1565722471&s=gateway&sr=8-6
…but I haven’t used it, so can’t specifically recommend.
-Bill
signature.asc
Description: Message signed with OpenPGP
nd you’re testing the combination of your own transit, and the irrelevant and
coincidental transit of the bandwidth test server, not your own.
-Bill
signature.asc
Description: Message signed with OpenPGP
between 6:00 p.m. and
12:00 a.m. local time) for such tests.”
Anybody have a reference for the “FCC-designated IXPs?” And what distinguishes
them from the actual set of IXPs?
-Bill
signature.asc
Description: Message signed with OpenPGP
than other routing
techniques. We and others have published on many or most of the potential
issues and their solutions over the years. That RFC has never actually been a
comprehensive source of information on the topic, and it contains a lot of
scare-mongering.
-Bill
users. I’ve never observed a cable landing site in
the downtown core of a metro area.
-Bill
These are all about as far apart as it’s possible
to get in Hong Kong.
-Bill
signature.asc
Description: Message signed with OpenPGP
Thank you for the authoritative answer. I think we can now consider the
question closed.
-Bill
> On Nov 22, 2019, at 03:36, Che-Hoo CHENG wrote:
>
>
> Some clarifications:
>
> The 2 HKIX core sites (hosting the spine switches and the major leaf
quot;, almost all the other content was
> not available in Africa.
I foresee a new business model:
VPN / streaming bundle. Get all your streaming services bundled together,
proxied and VPNd from their native regions.
-Bill
signature.asc
Description: Message signed with OpenPGP
> On May 4, 2016, at 4:37 PM, Javier J wrote:
>
> If there is a better mailing list please let me know.
outa...@outages.org
-Bill
signature.asc
Description: Message signed with OpenPGP using GPGMail
issues to directly?
>
> Matthew Kaufman
Matthew, haven’t you told your ISP to stop using the dreaded 198 space?
Everyone knows those are magic addresses that belong to NetGear! :-)
-Bill
signature.asc
Description: Message signed with OpenPGP using GPGMail
g, and encouraging the
preference of locally-available content. WAIX was among the first IXPs to do
this well, in my opinion.
-Bill
signature.asc
Description: Message signed with OpenPGP using GPGMail
year’s survey is there because
quite a few of the 2011 respondents asked us to include it this time.
Please respond by replying to this email, before the end of September.
Thank you for considering participating. We very much appreciate it, and we
look forward to returning the results to the com
nd
>>
>> anycast and tcp? the heck you say! :)
>
> People who've tried it say it works fine.
It’s worked fine for 28 years, for me.
-Bill
signature.asc
Description: Message signed with OpenPGP using GPGMail
ith a single quality router (elminiation of complexity),
>> and that if you really need maximum uptime that you had better get
>> a second circuit, on a diverse path, into a different router probably
>> from a different carrier.
>>
>>
>
--
Bill Blackford
Logged into reality and abusing my sudo privileges.
g with Canadian resources at our disposal.
I’ve referred this to the appropriate people at ARIN. You should receive a
reply shortly.
-Bill (with ARIN trustee hat on)
1 - 100 of 587 matches
Mail list logo
