Happy monday all!
Any idea how a traceroute (into my network) could end up this fubar'd?
Discovered this wierd routing while investigating horrendously slow
speeds (albeit no packet loss) to a particular ISP abroad.
It's like - coming into us - the packets are taking every available
path,
cr22.iad01
and propagates all the way down the line. Worse during peak hours,
gone late at night.
After three days of no email response for my ticket, I called and after
an hour of my life I want back, front line support cannot reproduce the
loss. Final conclusion: "Your host is dropping packets".
--
~Randy
is a
> end to end ping, the regular ping command, not mtr.
(understood, however FYI,)
Also reproduced the results with pings walking them down the line up to
and including the actual host. The MTR example provided is simply the
clearest representation of the ping results which show the same.
~Randy
Final conclusion: "Your host is dropping
packets".
--
~Randy
d as before -- basic pinging and
questionable understanding of traceroutes / asymmetrical routing.
It didn't used to be this way.
~Randy
packetloss seen
across the Ashburn area.
The maintenance has not yet been scheduled but we will inform you once
we have a set date.
---
~Randy
On 5/9/2017 2:13 PM, Jason Pope wrote:
All,
I apologize for doing this, but is there anyone on the list with
Spectrum/TimeWarner that would be willing to discuss (via e-mail) an IPv6
routing issue to a cable modem? I can't put more time in with the normal
support gauntlet.
Thanks in advance!
Ja
--- On Tue, 11/2/10, Lynda wrote:
> From: Lynda
> Subject: Re: Token ring? topic hijack: was Re: Mystery open source switching
> To: nanog@nanog.org
> Date: Tuesday, November 2, 2010, 12:51 PM
> On 11/2/2010 12:43 PM, Chris Boyd
> wrote:
> >
> > On Nov 1, 2010, at 11:48 AM, Nick Hilliard wrot
at use these packets (one
> could accomplish
> > a traceroute using port 80 packets in either
> direction...)
> >
> > -- Pete
...or script kiddies port-scanning - sending a syn-ack to a non-existent
session expecting a RST back.
./Randy
got L6-20R's
on the provider side?
--
~Randy
claimer -- I never intended to break any codes, it was an oversight
by me sending the wrong PDU, and onsite staff should have know better
before hooking it up.
--
~Randy
we send our Security
Advisories, and you’re welcome to join if interested:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html#rsvifc
Thanks,
Clay
Touche'!
such is NANOG...a few who post more frequently than most like to umm...
Speak-UP.
./Randy
Your claim Denis Spirin really-stinks!
./randy
--- On Sat, 8/20/11, Arturo Servin wrote:
> From: Arturo Servin
> Subject: Re: Prefix hijacking by Michael Lindsay via Internap
> To: "Denis Spirin"
> Cc: nanog@nanog.org
> Date: Saturday, August 20, 2011, 6:39 PM
>
Yes..and we all owe him a debt of gratitude.
--- On Sat, 10/15/11, Rodney Joffe wrote:
> From: Rodney Joffe
> Subject: 13 years ago today - October 16, 1998...
> To: nanog@nanog.org
> Date: Saturday, October 15, 2011, 7:14 PM
> we lost Jon.
>
> It feels like just yesterday.
>
> http://www.app
...sure it will work...you can advertise any-which-way you want!
What *exactly* are you trying to accomplish?
..and a previous op mentioned: route-views is your friend.
./Randy
--- On Sat, 10/22/11, Christopher Morrow wrote:
> From: Christopher Morrow
> Subject: Re: Can this bgp work
-
Well I want to add my 10 cents,
I am a c++ programmer, and have been waiting for my isp to offer native
ipv6 for ever. I got fed up with waiting and setup a ipv6 over ipv4
tunnel. So once I got that done, I spent only an hour updating my socket
classes to support ipv6. I hadent done so before
I'm hoping to reach out to google's gmail engineers with this message,
Today I noticed that for the past 3 days, email messages from my
personal website's pop3 were not being received into my gmail inbox.
Naturally, I figured that my pop3 service was down, but after some
checking, every thing w
Hi folks,
I am seeing an IPv6-connected host on my network (which is on a HE.net
tunnel) apparently being portscanned by an HE server at
2001:470:0:64::2 for about the last hour or so. It is trying to hit
several different ports four times each before moving on and
eventually repeating itse
Merlin is back; especially for Jay...:-)
./Randy
--- On Tue, 2/19/13, Jonathan Rogers wrote:
> From: Jonathan Rogers
> Subject: Re: Check this out T-Mobile Launches GoSmart Prepaid Service
> Nationally on Phone Scoop
> To: "Grant Ridder"
> Cc: "nanog@nanog.org&
...sure they can but don't want to because *customers* will still come!
Motel 6 on the otherhand, does not have that cachet and have to try-harder!
Just Economics; nothing personal...;-)
./Randy
*received-routes*?
If you still enable soft-reconfig-inbound on your routers(customer-facing
sessions not withstanding), you most certainly hate your routers more than
OP...;-)
./Randy
--- On Tue, 2/26/13, Nick Hilliard wrote:
> From: Nick Hilliard
> Subject: Re: BGP RIB Collectio
work in prefix-lists.
./Randy
--- On Wed, 2/1/12, Ann Kwok wrote:
> From: Ann Kwok
> Subject: Question about prefix list
> To: nanog@nanog.org
> Date: Wednesday, February 1, 2012, 6:32 AM
> Hi
>
> I read this prefix list.
>
> Can I know why there is "le 24"
(on
> average).
>
> --
> -JH
>
I am reminded of: "The mathematical reality of IPv4".
At least that made for interesting bed time reading...
disposition: removed.
./Randy
t of my job: and to $employer, I The "Sr. Network
Architect".
My 02c's worth wrt this thread.
./Randy
--- On Mon, 3/5/12, Alain Hebert wrote:
> From: Alain Hebert
> Subject: Re: Programmers with network engineering skills
> To: nanog@nanog.org
> Date: Monday, Marc
problem is "their-support" of 680k prefixes with
the QUAD-CAM linecards. DUAL-CAM line cards do 512K in theory. Regular ones
don't work because thay support 320K prefifex and "die" around 300K
They have other idiotic-implementations(when to set/NOT set ospf
forwarding-address) buggy vrrp implemtation but I am told "it will be fixed in
the next release of FTOS.
So, NO! the 300i, 600 or 120 are good a good fit as edge/core layer devices.
On a sepatare note.their S50 switches; I have found to be "great" as long
as your l2 environment doesn't require Rapid-PVST.
They do PVST but 802.1W is a single instance.
./Randy
7;t!
Let both ints auto-negotiate speed&duplex.
after having done so, post the output of:
sh int gi x/y and sh int fa x/y
(hardcoding speed/duplex is sometimes required when dealing with brain-dead
CPE. I have also seen other flavors of brain-dead CPE that *only* work when
speed/duplex are set to auto)
./Randy
say/require.
Post a "sh int gix/y" and "sh int fax/y"
If the above outputs are *clean*, I would say a TAC case is called for.
--- On Thu, 3/29/12, Brian R. Watters wrote:
> From: Brian R. Watters
> Subject: Re: Comcast Ethernet Feed
> To: "Randy"
>
Nice Tuesday-Evening humor!
...an escrow-agent..and 150k addresses..note "Currently(as of this writing)"
No doubt the next post will have 250k free.
./Randy
> To: nanog@nanog.org, nanog-annou...@nanog.org
> Date: Tuesday, May 29, 2012, 5:43 PM
> IPv4 is not going away as quic
dedicated link b/w colo and hq (I don't like allow-as in! but
it is another option)
./Randy
--- On Thu, 6/14/12, Philip Lavine wrote:
> From: Philip Lavine
> Subject: Re: best practives multi-homed BGP 2 physical locations
> To: "Mick O'Rourke"
> Cc: "nan
; better? but this is
> border
> Router. We concern it will effect the upstream using
> redistributed
> connect
>
> Please help
>
> Thank you so much
>
Deric-
I don't mean to sound rude but I think it is time you asked $Employer for
routing/switching/best-practices training. It will help you understand what you
do and why you do it.
The labs, and NANOG presentations are a good start.
./Randy
t; to offer in response to that question. Bonus points if you
> discuss MSS
> clamping and RFC 4821.
>
> The less precise answer, path MTU discovery breaks, is just
> fine.
>
> Regards,
> Bill Herrin
Precisely! and if I understand correctly, a non-techinical person within HR is
expected to hear this answer and relay it to you? That is more than a long
shot. Unless of course they have photographic memories, are great typists or
perhaps do "short hand".
./Randy
apologies for top posting.
Everyone, including me have addressed "what/how/by who wrt question at hand.
Bill-
Another poster has already asked this question-
Can you post a sample of the "answers" you have received; which prompted you
the ask this question to begin with.
./Ra
*required*?
2) when is a cross-over cable *required*?
How about another HR-Question:
what do 0.0.0.0/1 and 128.0.0.0.0/1 as static-routes accomplish?
./Randy
--- On Thu, 7/5/12, William Herrin wrote:
> From: William Herrin
> Subject: Re: job screening question
> To: "Randy"
> Cc: "nanog@nanog.org"
> Date: Thursday, July 5, 2012, 7:36 PM
> On Thu, Jul 5, 2012 at 10:10 PM,
> Randy
> wrote:
> > How
--- On Thu, 7/5/12, William Herrin wrote:
> From: William Herrin
> Subject: Re: job screening question
> To: "Randy"
> Cc: nanog@nanog.org
> Date: Thursday, July 5, 2012, 6:33 PM
> > Can you post a sample of the
> "answers" you have received; whi
guous subnet masks were allowed in the pre-CIDR
era. If you so desire, give me about 2 hours since I do not have a scientific
calculator handy; and I will get back to you with the complete-list.
Definitely not 5 words as required from the HR stand point. So I get
disqualified again!
./Randy
r timeouts for networks that encounter
> more instability or user movement.
>
> --Blake
>
IMO, it is a balancing-act(topology/traffic dependant) arp-broadcasts v/s
unknown-unicast-floods.
In some cases I have lowered arp-timeout to match mac-ageing (8mins with dfc,
and default 5 for non-dfc - cisco speak) In other cases, increasing mac-ageing
to match arp-ageing - 4 hrs.
./Randy
question perhaps; historically, interesting:
ISL: I last used in 2005
CET: 2000
./Randy
s (855) FLSPEED x106
>
>
my 2 cents: I would think L3 would announce the /20 and /21's and no-export the
/24
Why announce more-specifics if you can get away with a few shorter-prefixes.
Do you have a setup where you have to announce /24's? If you can do with a /20
and two /21's, that would be the way to go.
./Randy
Veering off this topic's course, Is there any issue with addresses like
this ?
2001:470:1f00:1aa:abad:babe:8:beef < I have a bunch of these type
'addresses' configured for my various machines.
I make it a point to come up with some sort of 'hex' speak address, what
are peoples opinions on th
--- On Sat, 11/3/12, Christopher Morrow wrote:
> From: Christopher Morrow
> Subject: Re: qwest.net dropping packets... wife would like someone to pick
> them up please...
> To: "Randy Bush"
> Cc: "North American Network Operators' Group"
> Date: S
--- On Thu, 11/15/12, William Herrin wrote:
> From: William Herrin
> Subject: Re: MPLS acceptable latency?
> To: "Mikeal Clark"
> Cc: "NANOG [nanog@nanog.org]"
> Date: Thursday, November 15, 2012, 1:23 PM
> On Thu, Nov 15, 2012 at 1:54 PM,
> Mikeal Clark
> wrote:
> > I have some AT&T MPLS sit
ITIVE Question!
Your so called "Freedom-of-Speech" DOES NOT translate to Character-Assasination
on this or any other forum!!
Follow me you ipdog? Find you own bitch to abuse. Don't do it here!!
./Randy
--- On Sun, 11/25/12, Network IPdog wrote:
> From: Network IPdog
> Subject:
NOG!
I do take exception to such garbage; while other's might not.
./Randy
--- On Sun, 11/25/12, Network IPdog wrote:
> From: Network IPdog
> Subject: RE: Adding GPS location to IPv6 header
> To: "'Randy'"
> Date: Sunday, November 25, 2012, 6:43 PM
Contact for God, please reach out to me offlist.
Regards,
-AS666 NOC
curity issue is discovered?
I hope not!
--
~Randy
ting-Table)
Advertised to update-groups:
2
29944 29889, (received & used)
68.86.1.89 (metric 66845) from 68.86.80.4 (68.86.1.4)
Origin IGP, metric 0, localpref 300, valid, internal
Community: 7922:89 7922:2900
Originator: 68.86.1.89, Cluster list: 68.86.1.4, 68.86.1.0
--
~Randy
On 8/27/2015 11:00 PM, Mike Hammett wrote:
08/28/2015 3:08 AM GMT
Event Conclusion Summary
Start: August 27, 2015 13:20 GMT
Stop: August 28, 2015 00:00 GMT
Root Cause: A protocol issue impacted IP services in multiple markets.
Fix Action: Adjustments were made to clear the errors.
Summary:
The
On Thursday March 26th 2015 at 12:18 UTC (and on-going) we are seeing
more specifics on one of our prefixes. Anyone else seeing similar or
is it just us?
198.98.180.0/23 4795 4795 4761 9304 40633 18978 4436 29889
198.98.182.0/23 4795 4795 4761 9304 40633 18978 4436 29889
--
Randy
On 03/26/2015 7:27 am, Christopher Morrow wrote:
is your AS in the path below? (what is your AS so folk can check for
your prefixes/customer-prefixes and attempt to help?)
Sorry, we're 29889.
All,
Info gathered off-list indicates this may be a couple of issues in our
case - possible routing leak by 18978 (check your tables!) and more
specifics on our prefixes from 4795 that we couldn't see before the leak
hence the apparent hijack.
--
~Randy
0633 18978 6939 29889 Active
--
~Randy
I've started to get some message today from google claiming that my
computer or network was sending automated queries, and they are blocking me.
I'm not sending automated queries, Ive logged all of my outbound traffic
and there is only my browser traffic going to google.
I'm not responsible for
On 4/4/2015 3:11 AM, Lou Ashtonhurst wrote:
Randy, you can just use the contact details on their page about it:
https://support.google.com/websearch/contact/ban
Ask them for the netflow or other source of proof. My understanding
was they blocked on /32s not larger subnets which would indicate
and I will get it addressed immediately.
Regards,
Nick Rose
CTO @ Enzu Inc.
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Randy
Sent: Thursday, March 26, 2015 12:14 PM
To: Peter Rocca
Cc: nanog@nanog.org
Subject: RE: More specifics from AS18978 [was: Prefix
.org] On Behalf Of Randy
Sent: Thursday, March 26, 2015 12:14 PM
To: Peter Rocca
Cc: nanog@nanog.org
Subject: RE: More specifics from AS18978 [was: Prefix hijack by
INDOSAT AS4795 / AS4761]
On 03/26/2015 9:00 am, Peter Rocca wrote:
+1
The summary below aligns with our analysis as well.
We&#x
Hello. I work with digitalocean "droplets" or virtual machines for my
home business. While great for running cheap websites and server
applications, I have noticed recently that I keep getting issues with my
other VPN droplet I setup.
Firstly, I kept getting blocked by google, it claims automate
06:00Established
bird> show route all
bird>
--
~Randy
FYI, if the static is moved up within the neighbor definition, it works.
So this is an Exa related issue/feature and not a problem with BIRD.
I'll move the noise to the Exa list if needed.
~Randy
On 07/02/2015 9:13 am, Randy wrote:
Really, it's got to be something dead stupid.
ITHIN neighbors in each group scope.
I also do not believe exa supports any sort of routing policy. It's a
dumb tool for manually injecting routes and piping updates to external
apps.
~Randy
On 07/02/2015 9:44 am, Owen DeLong wrote:
Exactly… It’s not an issue, it’s expected behavior.
I
you want to announce the
route.
Owen
On Jul 2, 2015, at 09:40 , Randy wrote:
FYI, if the static is moved up within the neighbor definition, it
works. So this is an Exa related issue/feature and not a problem
with BIRD.
I'll move the noise to the Exa list if needed.
~Randy
On 0
...yes indeed given smella-vision ;-)
./Randy
--- On Sat, 6/15/13, Mark Gauvin wrote:
> From: Mark Gauvin
> Subject: Re: Prism continued
> To: "Matthew Petach"
> Cc: "nanog@nanog.org"
> Date: Saturday, June 15, 2013, 2:28 PM
> Only victim in all of thi
oute. If you want to generate a type 5 aggregate use
summary-addr as Jon has pointed out. Else, leave static in place, redist static
subnets but remove "area 10 range 172.16.0.0 255.255.0.0" from ospf config.
./Randy
___
> From: Shahab Vahabzadeh
&g
11 prepends is beyond-excessive besides being annoying.
filter please _([0-9]+) _/1_/1_/1_
>
> From: Blake Dunlap
>To: Christopher Karel
>Cc: "nanog@nanog.org"
>Sent: Sunday, August 18, 2013 7:42 PM
>Subject: Re: BGP Route Issues
>
>
>Local Pref (which is c
yes of course..sorry for the typos
>
> From: Fakrul Alam Pappu
>To: Randy
>Cc: Blake Dunlap ; Christopher Karel
>; "nanog@nanog.org"
>Sent: Monday, August 19, 2013 5:27 AM
>Subject: Re: BGP Route Issues
>
>
>
&g
ny!)
I just let the holders of said handles know the implications of what happened
and asked they let everyone else know NOT to use said handle@yahoo
./Randy
-the-pond and I have no doubt that this thread is
being monitored as well by (b) and no; I don't have my tinfoil-hat on.
To answer your question:
Not Much.
./Randy
- Original Message -
> From: Harry Hoffman
> To: Mike Lyon
> Cc: Niels Bakker ; nanog@nanog.org
ve a link cost of 1, 10G - 10, 1G-100, 100M-1000 and 10M-1
A vendor specific list would be a better place to ask.
./Randy
> IOS-XR has duplicate update suppression logic for EBGP sessions
as, i believe, do most all implementations, to protect best path
computation costs.
randy
access to weak devices such as switches, pdus,
ipmi, ...
randy
would love to get to our racks through a back door through equnix
exchange in the informart. our router is at
ipv4 address 206.223.118.94 255.255.254.0
ipv6 address 2001:504:0:5::4128:1/64
asn 4128
thanks!
randy
> would love to get to our racks through a back door through equnix
> exchange in the informart. our router is at
>
> ipv4 address 206.223.118.94 255.255.254.0
> ipv6 address 2001:504:0:5::4128:1/64
> asn 4128
solved
randy
and the /20 are being announced,
as we want things to work. so you will not be able to reproduce.
so, comcast, are you receiving the announcement of the /20 from sprint?
with a good next-hop?
randy
df
lesson: route origin relying party software may cause as much damage as
it ameliorates
randy
> Most folk from various fora suggested Location Services were to
> blame. I turned all of mine off, no joy.
you only *think* you turned off location services. as they are a vital
component of providing a good user experience ...
:(
t; tomorrow https://archive.psg.com/200927.imc-rp.pdf
>>
>> lesson: route origin relying party software may cause as much damage as
>> it ameliorates
>>
>> randy
>
> To clarify this for the readers here: there is an ongoing research
> experiment
* rsa, because it is mti, but chose not to actually
*use* it for validation on odd numbered wednesdays because of my
religious belief that ecdsa is superior?
perhaps go over to your unbound siblings and discuss this analog.
but thanks for your help in getting jtk's imc paper accepted. :)
randy
as the rsync servers can deal with the
> load)
folk try different software, try different configurations, realize that
having their CA gooey exposed because they wanted to serve rrdp and
block, ...
randy, finding the fort rp to be pretty solid!
> - Randy says: "finding the fort rp to be pretty solid!" I'll say that
>if you loaded a fresh Fort and fresh Routinator install, they would both
>have your ROAs.
>- The sense of "stickiness" is local only; hence to my mind the
>protectio
tware you are running can be damaging to your customers and to
others.
randy
> cc.rg.net was unavailable over rsync for several days this week as
> well.
sorry. it was cb and cc. it seems some broken RPs did not have the
ROA needed to get to our westin pop. cf this whole thread.
luckily such things never happen in real operations. :)
randy
> The fact that we haven't been able to identify a factual relationship,
> does not mean that there isn't any.
just wow
and, for all we know, the back side of the moon is green cheese
> Admittedly someone (randy) injected a pretty pathological failure
> mode into the system
really? could you be exact, please? turning an optional protocol off
is not a 'failure mode'.
randy
alternate transport is helpful.
as i do not see rrdp as a critical service, after all it is not mti,
but i am quite aware of whether it is running or not. the problem is
that rotinator seems not to be.
randy
e use rsync."
randy
h pretty much any dynamic [routing] protocol. though i am an is-is
fanboy, i would not blame the protocol. and if they can not manage the
currently deployed protocol, i am not sure i would recommend they try a
delicate transition.
randy
< advertisement >
https://datatracker.ietf.org/doc/draft-ymbk-opsawg-finding-geofeeds/
there is a draft-ietf-opsawg-finding-geofeeds as soon as draft
submission opens
randy
trustd
i am sticking with catatonic
randy
> Our key differentiator is that we encrypt our backbone links.
care to give detail of the tech used?
randy
ctually useful for NOC purposes
> and also something impressive looking for customer tours.
though your message has a current date, its content seems to be at least
15 years old
randy
e for moderating all groups,
>> shouldn’t that same principal apply to platforms like AWS and
>> Twitter?
>
> If this was in the US and it was after the CDA was passed in 1996,
> your lawyers were just wrong.
it is really annoying that you leave not the slightest clue to who the
hell you are replying
randy
> By comparison, that's about what Google makes every 10 days or what
> Apple makes every week. Verisign is a highly profitable fish in a tiny
> pool.
by a very late stage capitalism definition of 'tiny'
randy
rl/7.29.0 PHP/7.4.11"
/var/log/httpd-access.log:185.70.40.57 - - [14/Jan/2021:08:44:42 +]
"GET /.well-known/openpgpkey/hu/pbe8wr5gm5b4gf43adj411yrreqyib6u?l=randy
HTTP/1.1" 200 26027 "-" "GuzzleHttp/6.5.5 curl/7.29.0 PHP/7.4.11"
/var/log/httpd-acces
different than the smtp target.
e.g. the wkd server could have sucky performance.
randy
> due to it being so massive and unused for so long, certain large
> corporations that have run out of RFC1918, etc. space have started
> using it internally.
i first saw that on a traceroute from my hotel at ripe bologna in 2001.
i was told i was lng late to finding it.
randy
> I’m sure we all remember Y2k (well, most of us, there could be some
> young-uns on the list). That day was happening whether we wanted it to
> or not. It was an unchangeable, unmovable deadline.
but i thought 3gpp was gong to force ipv6 adoption
ifferent way
why should i care whether you deploy ipv6, move to dual stack, cgnat,
...? you will do whatever makes sense to the pointy heads in your c
suite. why should i give them or some tech religion free rent in my
mind when i already have too much real work to do?
randy
.
the open resolver finders would seem not to meet our need. but, yes, it
would be nice if they documented the intentional public open resolvers.
randy
suspect are intentionally open, some unintentionally open, and some
>> not open. we are trying to filter that first set, the intentionally
>> open.
i suspect it hinges on what one thinks of as 'public'. i.e. dtag's
servers for its customers is not what i think of as p
Any DNSSEC experts that could help with a question about a specific domain?
Off-list please.
thanks,
-Randy
1 - 100 of 2576 matches
Mail list logo
