> If you stay away from getting stuck in the word "cloud", there is lots
> of value for folk that choose to de-risk their infrastructure,
s/de-risk/re-risk/
it's just a different risk
randy
module that presents as 25Gb to the switch, but 1Gb
to the client device?
thanks,
-Randy
- On Jan 31, 2022, at 1:05 PM, Bill Woodcock wo...@pch.net wrote:
> Hey, does anyone know of an SFP28 capable of rate-adapting down from 25G on
> the
> cage side down to 1G on the line side
That particular one seems to be saying it will work in a 1G, 10G, or 25G port,
not necessarily that it will allow different speeds on either end
simultaneously... although their doc is pretty sparse :-)
thanks,
-Randy
- On Jan 31, 2022, at 5:25 PM, Jared Brown nanog-...@mail.com wrote
> I was more here to find ammunition to show someone that they were
> doing something wrong than to build anything myself.
this is just s classic. mind if i quote you?
randy
ble to me in our small town
have been IPv6 for well over a decade. One is Spectrum (formerly Time Warner).
Residential support lagged a bit from our DIA circuits, but has still been
solid for a very long time.
In my specific use case, IPv6 connections from my home to my office are much
faster than IPv4.
-Randy
cartoon comes to mind[0].
otoh, i would likely close such meager services as i provide to russian
use.
randy
---
0 - https://duckduckgo.com/?q=we+have+met+the+enemy+and+he+is+us&t=h_&ia=web
to
folk such as https://razomforukraine.org/ which is focused on medical
support.
randy
osts we incurred
deploying it 25 years ago.
randy
continue to slowly deploy with some lulls and some
spurts. and mailing list religious rants about it will continue
unabated. in parallel, efforts to de-frag the v4 space are worthwhile,
though they will only slightly alleviate the v4 shortage.
we do what we can. i only wish we would make less ineffective noise
about it.
randy
with all this discussion, i have not seen any post of this classic and
most critical explainer https://www.youtube.com/watch?v=k4EUTMPuvHo
you
seem to be proposing is just a different way to represent 128-bit addresses,
which would make them difficult to distinguish from 32-bit addresses. These
issues have long been worked out by many very smart people.
-Randy
> Is this is how the IETF ivory tower residents likes to try and
> suppress debate
the ietf is an echo chamber; and if you are not in it, you do not
count.
https://archive.psg.com/051000.sigcomm-ivtf.pdf
randy
hat, when i am under great pressure to DO SOMETHING,
it's time to step back, go make a cup of tea, and think. the ietf did
not. and here we are, a quarter of a century later, still trying to
clean up the mess.
randy
> Which side are you on?
hint: this is an operators' list. we are forced to be on all 'sides'.
this pain gives us the privilege of whining a lot.
randy
e pain, and our bean counters, $diety bless
'em, did not like what ipv6 deployment cost us.
we are all road kill (a bad pun iff you were there)
randy
r example, it
would still be ludicrously difficult.
Beyond that, I am still not understanding what you are actually trying to
propose here. Your refusal to follow simple mailing list etiquette even after
numerous requests makes it very difficult to decipher what you are saying.
-Randy
> he said I needed to disable PoE because it messes with the Comcast
> modems and he can see "buildups" in his graphs that show power is
> "leaking" to the Comcast modem every 24 hours.
revealing the critical failure with comcast support; they do not share
what th
y?
ISPs expand over time and need more IPs for more customers.
-Randy
- On Mar 30, 2022, at 12:36 PM, Jared Brown nanog-...@mail.com wrote:
> Randy Carpenter wrote:
>> >> >> Owen DeLong via NANOG wrote:
>> >> >> When your ISP starts charging $X/Month for legacy protocol support
>> >> >
>> >>
of cooperation with the dns good list means inbound from them
gets dropped when one of their outbound smtp senders gets badlisted,
which they often do. i do not let that spoil my coffee either.
i would not want to work for goog's email service; too much pain.
randy
i am setting up new app/port monitoring. i like nfsen because i can
zooom in and see who is sending all that port 43 tls between 11:42 and
12:19. is there some other tool at which i should look?
randy
> Does anyone else get email offers like the below?
of course. i presume they signed the lrsa.
randy
could someone who sees 198.180.152.0/24 (as 4128) over equinix infomart
please ping 198.189.152.132 (and trace) and respond to me privately?
thanks.
rand
> could someone who sees 198.180.152.0/24 (as 4128) over equinix infomart
> please ping 198.189.152.132 (and trace) and respond to me privately?
sigh. cat on lap syndrome
s/198.189.152.132/198.180.152.132/
>> could someone who sees 198.180.152.0/24 (as 4128) over equinix infomart
>> please ping 198.189.152.132 (and trace) and respond to me privately?
>
> sigh. cat on lap syndrome
>
> s/198.189.152.132/198.180.152.132/
thanks tim jackson. got what we needed.
randy
itten down.
And it's not useful. -- Jon Postel
randy
> This reads a lot like dsl wars between ilecs and clecs in the late 90s and
> early 2ks.
compounded by a 100+ year old military occupation
> See official apology of the United State to Hawaii
> https://www.govinfo.gov/content/pkg/STATUTE-107/pdf/STATUTE-107-Pg1510.pdf
> which includes these words:
> "apologizes to Native Hawaiians on behalf of the people of the United
> States for the overthrow of the Kingdom of Hawaii on January 17,
r per hour.
seems quite harmless. though i am sure folk who do not really
understand AS_PATH will get their nickers in a twist.
randy
hi adam,
you are correct, it will affect research based on as_path data from the
ris/rv collectors etc. which is why i think these researchers were kind
to warn us so we can remove data for those prefixes from in any
measurements betting on as_path which might be so sensitive so as to be
effected
once upon a time at an ietf in ville de québec, i was out to dinner with
a crew of fellow researchers all french, well one belgian. i can
usually read a french menu, but was having serious problems so sought
help from my dinner companions. they were struggling with the same
parts i was.
randy
> Is setting 'Soft Reconfiguration' enough for me to keep ROV running?
yes, should be.
> If not, is there any other solution?
yes. jakob says he has implemented
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rov-no-rr/, though i
do not known in what xr image(s)
randy
> In the end, the reason for all this RPKI-thingy is to prevent route
> spoofing by malicious actors.
sigh. for my quarterly posting of the same many year old text
To be clear, as people keep calling BGP security 'RPKI',
RPKI
The RPKI is an X.509 based hierarchy [RFC 6481] which is con
would be awesome.
thanks,
-Randy
--
Randy Carpenter
Vice President - IT Services
First Network Group, Inc.
(800)578-6381, Opt. 1
http://www.network1.net
- On May 16, 2022, at 1:10 PM, Kevin Shymkiw kshym...@gmail.com wrote:
> Adam,
> Simply put - No there isn't a way to oversubscrib
- On May 16, 2022, at 2:06 PM, Aled Morris aled.w.mor...@googlemail.com
wrote:
> On Mon, 16 May 2022 at 18:52, Randy Carpenter < [ mailto:rcar...@network1.net
> |
> rcar...@network1.net ] > wrote:
>> My hope for a successor (MX205 ?) would be more flexibility and
, maybe send
> a code to the email address or something else.
i use google authenticator with arin.net
randy
use emerge when enabled. same as it ever was.
randy
the iphone has a
keyboard.
randy
per port, only per chassis.
randy
f port-based
> filtering that happens in networks which isn’t the same in IPv6-land.
uh, is this good news? seeing that v6 often goes directly through to
end hosts, as opposed to being natted, (think soho and home cpe), isn't
port checking even more desirable?
randy
> I recommend taking a look at
> https://github.com/nttgin/BGPalerter
i love it. thanks massimo.
randy
---
ra...@psg.com
`gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com`
signatures are back, thanks to dmarc header butchery
i have been running irrd for some years. am about to dump that
(virtual) server and move from freebsd to bullseye. is there
anything more modern, and _simpler_, than irrd at which i should
take a look?
randy
> At least 32GB RAM
> At least 4 CPU cores
> At least 150GB of disk space (SSD recommended)
h
on - unix philosophy
a good side to a bit of economic contraction might be a side effect of
code bloat and featuritis contraction.
randy, who has a 32G laptop and runs an editor with an rss of ~100MB
ng for vulns
more and more as this poorly tended mess rolls on.
randy
res"."
> -- ken thompson - unix philosophy
>
> a good side to a bit of economic contraction might be a side effect of
> code bloat and featuritis contraction.
to be clearer, i now run a 4GB VM with irrd2, rancid, nfsen, and a wiki.
so i will stick with irrd2.
randy
have the hubris or tools to
think i run a flawless network or servers.
randy
> For example I've gotten email in the past that some of my servers were
> running ntp in a way which makes them vuln to being used for DDoS
> amplification and, I believe, fixed that. I didn't mind.
that was a really well done campaign. i thanked them profusely.
randy
> To what extent and to whom will you authorize to do that? 100 random
> college students? X number of new security firms? At some point it
> will break.
definitely not raging nanog vigilantes :)
randy
> Return-path:
i would have hoped that moderation of the ripe list would have kept such
pathetic and disgusting racist sickenss off list.
randy
most networks prefer customers over peers. a few networks don't, some
large. if they changed, customers would scream at them about the newly
overloaded customer circuit.
we are not required to like this :)
randy
new at eleven
as a fellow researcher said the other week, ROV, ASPA, ... are intended
to provide safety, not security.
randy
iss
them. amusing at best.
randy
> Yes, and the new administration will force more depeering for those
> that peers with Sprint but not with Cogent. So the net result will be
> negative.
if i was as good as you at predicting the future, i would bet on the
horses not work on the internet.
randy
d to match any configured interface address.
randy
> A question Dorian and I discussed but never answered is, how are open
> collisions handled if two speakers, presumably an external AS, happen
> to have the RID?
the uniqueness is supposed to be on the tuple {AS,RID}
so an RID 'collision' with a foreign AS should not be possible
randy
enke and jenny yuan cleaned this up in 6286
randy
> We strongly encourage all legacy resource holders who have not yet
> signed an LRSA to cover their legacy resources to
consult a competent lawyer before signing an LRSA
randy
> You could try suggesting IANA/PTI/ICANN to have a different RPKI trust
> anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir
power players blocked that. so each rir is 0/0. brilliant, eh?
randy
re
> to implement dropping invalid routes.
to remind, ROV is a safety mechanism, not a security mechanism. it is
proving, as intended, to mitigate mistakes. which is very cool. but it
does not mitigate attacks of any sophistication.
randy
is said to be admitting one has a problem.
randy
Malware bytes is blocking all google properties as of 30 min ago.
---
~Randy (K6RP)
On 09/21/2022 8:26 am, Mark Stevens wrote:
Is anyone else getting the following error when trying to access any
of google's services?
SSL_ERROR_RX_RECORD_TOO_LONG
This started about an hour ago and i
ng, ... as
with the other RIRs?
randy
this simple position; just in case there are other mis-matches between
arin's positions and community needs ]
randy
> Randy, did you sign the RPA?
you're kidding, right?
> I did not sign the RPA.
> Am I allowed to use rpki software like this?
> And am I in any way restricted in the use of the produced work below
> from this RP software?
i am not a lawyer and do not play one on the net
randy
> we're thinking to deny all /24s to save the memory
i recommend this to all my competitors
randy
it is a tragedy that cidr and an open market has helped us more than
ipv6 has.
randy
it's been 24 years, and we still live in his shadow and stand on his
shoulders. we try not to stand on his toes.
randy
my favorite is
It's perfectly appropriate to be upset. I thought of it in a slightly
different way--like a space that we were exploring and, in the early days,
we figured out this consistent path through the space: IP, TCP, and so on.
What's been happening over the last few years is that the IETF
space is ungood? -- Randy Bush
Routing unallocated address space is ungood! -- Jon Postel
randy
hint).
randy
and the third giant to have died in october, itojun hagino died on this
day in 2007. ipv6 owes a great debt to itojun; as do a bunch of other
technoogies and many people. a wise and gentle soul.
i dread october.
randy
http://www.itojun.org/itojun.html
http://www.itojun.org/personal.html
https
> Thanks everyone for your inputs. So bottomline setup RPKI and setup ROA's
> for all our subnets being advertised.
if the BGP advertisements are correct, then mirror them in ROAs. most,
if not all, CA UIs make that easy.
randy
for the 312th time. origin validation was never designed to stop
attacks. it was designed to ameliorate mistakes.
if you want to use the rpki to reduce attacks, use bgpsec.
randy
aside from technical reasons for an ROV-supporting AS (RAS) to announce
an ROV invalid prefix, there is an administrative one. the RAS's
customers *pay* RAS to announce the customers' prefixes. so RAS is
configured to propagate their customers' announcements without dropping
invalids.
randy
> ROV belongs on the input path, let's not ROV on the output towards
> customers / route collectors.
8893
randy
We did a few months back and were told that they are no longer officially
supporting it. It may have to do with the volume that is being sent,
particularly from a single IP address.
We moved to using Twilio's API and it has been much more solid.
thanks,
-Randy
- On Nov 17, 2022,
That is the understanding I got when discussing the situation with our
engineering contact there.
thanks,
-Randy
- On Nov 17, 2022, at 12:12 PM, Eric Tykwinski eric-l...@truenet.com wrote:
> As a side note, will the email to text gateways be subject to the FCC's A2P
> 10DLC r
From: PacketVis
Date: Sun, 20 Nov 2022 04:30:44 +
Possible TA malfunction or incomplete VRP file: 73.95% of the ROAs disappeared
from afrinic
See more details about the event:
https://packetvis.com/#/bgp/event/905ec8b7d37e89a2d7b547bca99fd57e-372b0bf3-9056-407e-9e8d-e986567155fc/4f309cb51ba
'detected?' i.e. from what vantage point?
is it safe to assume that your outbound announcements to your two
upstreams are stable?
of course, if you would care to divulge a prefix showing this symptom,
folk might be able to find clues.
randy
---
ra...@psg.com
`gpg --locate-external-key
while i think the announcement is, shall we say, embarrassing, i do not
see how it would be damaging. real/correct announcements would be for
longer prefixes, yes?
randy
s fall over in a receiving large provider.
do not hard code social theories. remember 640k.
randy
darn shame there is no general automatable mechanism for this
randy
>
> darn shame there is no general automatable mechanism for this
too many folk have written to ask. here is the clue by four
https://www.rfc-archive.org/getrfc?rfc=9092
and note that massimo has a collio toolset
https://github.com/massimocandela/geofeed-finder
randy
ucceeded.
and the ops community has paid an insane penalty ere since.
randy
> RFC4364 ... I believe - Arccus has implemented it (Keyur to confirm)
i am not keyur and do not play one on the net, but ...
>> I don't think any ISP would reject an IP that is on the Spamhaus
>> list.
> you, clearly, have been living under several rocks for a very long
> time.
we reject automagically on spamhaus, mail-abuse.org, and sorbs. really
appreciate their services.
randy
this company(s) is in the business of spam. they're just trying to
game nanog. discussing further a waste of pixels.
ranady
> I would say the absence of reverse DNS tells useful info to receiving
> MTAs - to preferably not accept.
yep
> "small mounting shelf"
we use mounting shelves for all sorts of recalcitrant devices
randy
> It's super annoying, and somewhat terrifying to be banging on a rack
> containing a bunch of spinning rust, but all too often it's necessary
we just moved a rack's content from the westin to komo plaza [0] and
only had one questionable drive. terrifying is the right word.
> some ASes may perform RPKI-invalid filtering only at partial
> interfaces (e.g., provider interfaces, customer interfaces, and peer
> interfaces).
i have heard it said that "my customer pays me to propagate their
announcement, so i do not apply rov. let my peers filter it."
randy
into /24s. took uunet
down, but not before it propagated.
does anyone have a useful cite?
randy
thanks aftab
i remember a bit more. the hidden command was there to help debug CEF,
which was new at the time. the CEFlapods wanted a large blob of
prefixes to push the FIB. it kinda pushed the operational FIBs a bit
too far :)
randy
it at recent RIPE and LACNIC conferences. Supposedly all of
> the big geolocation providers support it or are planning on supporting
> it.
we're working on an small update. see
https://datatracker.ietf.org/doc/draft-ymbk-opsawg-9092-update/
randy
let's get to the protein. where is the most reasonable parking near the
venue?
randy, who will soon start driving up from portland
```
% host whois.geektools.com
Host whois.geektools.com not found: 3(NXDOMAIN)
```
i guess i missed the memo :(
randy
> the memo:
> https://web.archive.org/web/20230523204911/http://www.geektools.com/
404
we can round off the rough edges where
they got caught.
randy
---
note that i use the first person plural
301 - 400 of 2576 matches
Mail list logo
