quite a few mentions of such a statement made in
"a public IRC channel with many witnesses".
I was in the IRC channel at the time and saw it. It's real.
I don't support the posting of IRC logs, but can't control that either.
Randy
>> Unknown BGP attribute 92 (flags: 234)
>> Hexdump start---
>> DD 78 FF 71
>> Hexdump end
> This appeared to bite my Level3-connected bandwidth as well.
sigh. is this an attack by a black hat, or by an rir and researchers
who do not know how to say "oops, sorreee!?"
randy
ll, who would want to [ab]use the
services of someone you like to excoriate for doing no harm?
what bullshit!
randy
e boat
> back in the direction of multi-stakeholder discussions.
>
> My prediction: the boat will keep rocking, and the "givmint" folks
> will try again. And again.
s/again/still/
randy
> Personally I think the right answer is to enforce a legal separation
> between the layer 1 and layer 3 infrastructure providers, and require
> that the layer 1 network provide non-discriminatory access to any
> company who wishes to provide IP to the end user.
SE
>> There were streets where you couldn't hardly see the sky because of all
>> the wires on the poles.
> Can you provide a link to a photo of this situation?
come to tokyo. or hcmc. or ... it's an art form.
> http://pinkbunnyears.com/wp-content/uploads/2008/05/telephone-pole.jpg
true beauty that only a perl code maintainer could fully appreciate
o be now in the government masturbation phase, it will pass.
>
> and IP packets keep flowing ... and will keep flowing.
you may want to look at how television and radio were captured and
turned into 500 channels of crap.
randy
n
hell a Comcast customer service rep would respond like that. Not at least
without putting you on hold 5 times and then still, wouldn't know what in
the hell you're talking about. In the end, the service rep would tell you
they need to dispatch someone to your house.
Randy
The result is that the big national CATV provider had incredibly good rates for
a long time, and even after they were more than doubled, are still really good.
-Randy
Carlos,
>Hi,
>I'm facing a problem that is becoming a nightmare.
>Some of our prefixes (ASN 10277) are being redistributed by Level 3 as
>being learned from/originated by Global Crossing.
Care to provide some of the prefixes?
> HE routes missing on Cogents side?
I would guess HE routes missing at Cogent and Cogent routes missing at HE.
Remember the cake?
http://www.datacenterknowledge.com/wp-content/uploads/2009/10/Hurricane-Cake
.jpg
Or was that rectified? Mahtan?
Randy
As previously mentioned, the following FCC petition has been filed in
regards to
Comcast's peering practices (one issue being ratios as a peering criteria)
by a group of NANOG members:
http://fjallfoss.fcc.gov/ecfs/document/view?id=7021024373
Regards,
Randy
/ do it for you (if short range)?
randy
> In my network, I have a router in a middle only speaks OSPF.
> is there any solution (without redistribute BGP into OSPF) for this
> kind of problem?
uh, what exactly is the problem? i.e. what do you want to accomplish?
and do NOT redistribute bgp into ospf.
randy
> take a read on this link
>
> http://www.faqs.org/docs/Linux-HOWTO/Bandwidth-Limiting-HOWTO.html
>
> -beavis
>
Another:
http://djlab.com/2009/10/limiting-bandwidth-in-linux/
--
Randy
the host afnog.org blew a power supply at 12-23-2010 22:26. it is
hosted by afrinic folk. they are in the process of finding a power
supply. no etr.
randy
topped responding was in the same
> VLAN as this newly deployed, and then quickly noticed that Server-
> A¹s MAC address was now on Server-B¹s switch port. ³What the ...²
> was my initial response.
>
Fresh OS install from scratch or did you load an image from an existing server?
What make/model of on-board NICs?
--
Randy M.
omeone set up them the bomb?
>
We filter spam for over 2000 domains and I don't see any noticeable drop in
payload. I have noticed that over the past few months greylisting has become
MUCH more effective than it used to be... looks like spam delivery is moving
more from snowshoe infrastr
ecial needs.
randy
horrific. I would highly
recommend *not* looking at them.
I had not heard of the Commvault solution. We'll have to look into that.
I also be grateful for any other options that people are using.
thanks,
-Randy
--
| Randy Carpenter
| Vice President, IT Services
| Red Hat Certified Engineer
|
borked vmware boot, reset says no opsys found. it's a 4.0 system.
can i do recovery (saving vmfs) using 4.1 cd, or must i use 4.0?
randy
,
-Randy
--
| Randy Carpenter
| Vice President, IT Services
| Red Hat Certified Engineer
| First Network Group, Inc.
| (419)739-9240, x1
- Original Message -
> On Wed, Jan 5, 2011 at 5:40 AM, Neil Robst
> wrote:
> >
> > Asigra?
> >
> > http://www.asigra.
>So has anyone had any contact from ALTDB as to what's going on?
>Thanks!
>--J
I just got off the phone with Steve Rubin. He restarted it 45 minutes ago
and it's back up.
Regards,
Randy
would think it would be
announced and discussed a bit more openly and widely.
randy
f is measured to
take *less* cpu, a lot less, than ACLs
> There is, of course, some risk with this model and we should take the
> time to accept/discuss that as well.
some guidance toward ameliorating the risks are in
.
input from ops into all this stuff would be most welcome.
randy
check on a prefix, 10usec.
that's microseconds.
as chris pointed out, though, one pays for having the data in the trie,
i.e. in ram. but not a lot.
randy
> I think ACLs here means prefix-lists ... or I hope that's what Randy
> meant?
sorry. yes, irr based prefix lists. and, sad to say, data which have
sucked for 15+ years. i was the poster child for the irr, and it just
never took off.
[ irr data are pretty bad except for some is
> I heard about the delay, but not about ARIN possibly not doing RPKI.
there are arin board members, one in particular i am told, that do not
like the rpki. including side contracts to turn the irr pig's ear into
a silk purse.
randy
le origins SHOULD be preferred over
those with invalid origins.
Announcements with invalid origins MAY be used, but SHOULD be less
preferred than those with valid or unknown.
of course, in the US, this will not prevent litigation. nothing will.
it's a mental disease.
randy
ptimal for ops.
if we are listing those who gave good blood for the irr, joe lawrence
and roy alcala, of mci and later level(3), would be at the top of my
list.
randy
-- Original Message ---
From: Jeff Wheeler
Sent: Thu, 6 Jan 2011 21:01:12 -0500
> Are there any large transit networks doing /64 on point-to-point
> networks to BGP customers? Who are they?
Add HE.net to the list.
-Randy
www.fastserv.com
gh to
think that they can force this silliness on the world, use gmail,
hotmail, ...
randy
d be a fool to bet on them).
whether the source of a roa is a user whacking on an arin web page or by
other means, you still attested to the rights to that address space.
but all this is based on inference and rumor. can you please be more
open and direct about this? thanks.
randy
---
ripe-ncc-root.
n by the rir,
unlike in other regions. and i like that there are a number of diverse
rir services in the region. it's healthy.
so i would be perfectly happy if arin discussed operational matters here
on nanog with the rest of us ops. i would not be pleased to see ops
start to be subsumed by the rir here.
randy
>> first, it would really help if the arin bot and management were much
>> more open about these issues and decisions. at the detailed level. we
>> are all not fools out here, present company excepted :). for a radical
>> example, considering that arin is managing a public resource for the
>> co
t/etc.
> on these services and functions (excluding address allocation/policy
> of course).
i will admit to some carry-over from the ietf's old high and mighty
attitude, "we're open, if you want to talk about it, come to our turf."
i am happy to say that this has been changing in recent years.
randy
> the price of changing what ARIN does is, at a minimum: participation.
aha! there we go. the old ietf attitude. you come to the mountain.
well, i'll tell you what i told the ietf. the high and mighty mountain
can bite my ass.
randy
n't shine. but
i sure was relieved, to tell the truth. my mental and physical
health just don't need the arin vigilante high and mighty crap on a
daily basis.
randy
[ vix, apologies for giving you both barrels. you unintentionally
pushed a hot button or two ]
> Randy, what is the model you have in mind for running a routing
> registry infrastructure that is sustainable and trustworthy enough for
> uses such as RPKI, i.e. who could/should be r
For this reason some folks may be
> ok with using a third party, many will choose to hold their fate in
> their own hands.
exactly. but only if the parent runs the up/down ('provisioning')
protocol, does the child have that choice.
randy
IRs, ICANN, ... is that once we form
these organizations, they start thinking like organizations, protect
themselves, look to budgets, look to liability, welcome to real
life. but these realistic organizational things sometimes actually have
conflict with the original goals.
randy
rked closely with a number of other RIRs, sad to say that a lot
still goes on under the table [0]. hence my cspan analogy, shed some
light in the corners. the community should be transparent before
wikileaks gets to us. :)
randy
--
[0] - an old sardonic comment of mine on ripe is that it is a
> Taking your prior language at face value, which you elided, it appears
> that you have no intent of any future participation in ARIN processes.
i am doing so right here and now. you just don't like my choice of
forum and probably my message. tough patooties.
randy
tication, then don't use it, there are plenty
of alternatives, e.g. see $subject.
i agree that running an irr instance with only mail-from is pretty lame.
and there is good free software out there to do it well if you do not
suffer from nih.
so i would advise putting it late in your peval
. and please do not waste time trying to 'fix' the irr,
sad to say it's trying to make a silk purse out of a sow's ear.
and thanks for asking.
randy
nce which
is not used very much. i.e. better to drop it than to spend non-trivial
money to modernize it.
but more to the point, by 'fix' it, i did not mean modernizing the auth
method set. i meant the content, syntax and semantics.
randy
arly since many people are familiar with them.
-Randy
--
| Randy Carpenter
| Vice President, IT Services
| Red Hat Certified Engineer
| First Network Group, Inc.
| (419)739-9240, x1
- Original Message -
> Hello gents:
>
> I wanted to put this out there for all of you. Our
> Well, here it is. Perhaps you might consider getting a gmail or other
> account, and posting on NANOG from there. Either that, or filter Randy
> out. Personally, I find those silly disclaimers annoying, but am far too
> lazy to set up a script such as Randy has.
disclaimer
taken to be shiny and new as we approach the end of the iana
ipv4 free pool. what have people been smoking?
randy
thing longer than a /48 to the outside world.
-Randy
--
| Randy Carpenter
| Vice President - IT Services
| Red Hat Certified Engineer
| First Network Group, Inc.
| (800)578-6381, Opt. 1
- Original Message -
> Hi all,
>
> What IPv6 prefix lengths are people accepting in BG
> Cruzio in Santa Cruz ...
> Their 1U offer comes with limited access to your server, only from 10AM
> to 6 PM. I find that not acceptable.
sheesh d00d, you ever been to cruz?
randy
i'm with jon and the static crew. brutal but simple.
if you want no leakage, A can filter the prefix from it's upstreams,
both can low-pref blackhole it, ...
randy
> My name is Joe, not jon, Randy.
congrats. but i was speaking of jon lewis.
randy
> Are there any good Network Simulators/Trainers out there that support
> IPv6? I want play around with some IPv6 setup.
what are you trying to simulate?
o control plane?
o traffic?
o interfaces and layers 1-3?
o ...
makes a big difference
randy
e are ethernet, I have both
routers connected to both providers. This gives us ultimate redundancy at very
low cost.
-Randy
--
| Randy Carpenter
| Vice President - IT Services
| Red Hat Certified Engineer
| First Network Group, Inc.
| (800)578-6381, Opt. 1
- Original Message -
>
any adaptec bios-level fu out there? if so, please see
http://archive.psg.com/110119.adaptec.pdf
thanks
randy
not, I would highly suggest not using those drives in
a RAID array. Stick with the RAID Edition drives for that. I have had a
multitude of issues with drives (particularly Western Digital) that were not
designed for RAID use.
-Randy
--
| Randy Carpenter
| Vice President - IT Services
| Red Hat
on't need to do this that often.
^ This. You're fighting a loosing battle with such slow links. Given the
limited route capacity of your router you might as well set up statics aimed
at each link and forget about BGP shaping. Just keep a floating default
pointed at each peer.
-Randy
ip route 128.0.0.0 128.0.0.0
Set up SLA tracking on the peer IPs to retract the routes if either peer goes
down.
Either that or get more RAM on your router and go the BGP-only method.
-Randy
tand fearing holding others' private keys and critical data. no
blame there.
but out of curiousity, how reality based are arin's general liability
fears? in the last few years, how many times has arin been a named
defendant in a law suit? how many times a [principal] plaintiff?
randy
hine to 1998
http://tools.ietf.org/html/draft-bates-bgp4-nlri-orig-verif-00
randy
>> https://datatracker.ietf.org/doc/draft-ietf-6man-prefixlen-p2p/
> All of the (mostly religious) arguments about /64 versus any
> smaller subnets aside, I'm curious about why one would choose
> /126 over /127 for P-to-P links?
see above
randy
> And now that DNSSEC is deployed
and you are not sharing what you are smoking
> and DANE is happening
see above
randy
e latter, then you have the problem that the dns trust model is not
congruent with the routing and address trust model.
randy
e easily fixed with trivial tweaks and transitive trust/
> delegation graphs that are, I suspect.
not bloody likely. the folk who sign dns zones are not even in the same
building as the folk who deal with address space. in large isps, not
even in the same town.
randy
would then proceed to create/administer their
> RRs/certs without further day-to-day reference to the DNS folks.
read more carefully. i was responding to danny taking my bait of using
dns keying for resource keys.
randy
would
the router try to do a ND on an address that is not allowed?
-Randy
?
The only issue I've faced is RHEL/CentOS doesn't have stateful connection
tracking for IPv6 - so ip6tables is practically worthless.
~Randy
gt; kernel?
I've worked around it by compiling custom (newer) Kernels on systems that need
it. Apparently support was added some time around 2.6.20, but of course RHEL5
is still in the dark ages of 2.6.18.
~Randy
> Why does this stop the whole thing short?
the devil is in the details and the trust. i am desperately open to
other approaches. but work it out at the detailed level, not just a
troll on nanog. i anxiously await your and danny's draft.
randy
t will accept PGP and CRYPT-PW authentication
> as well as implementing notification support for both the mnt-nfy and notify
> fields by the end of August 2011.
way cool! thank you.
randy
cing on this and make a choice then.
Have you looked into the cross connect cost for your DSL line? They typically
aren't very cheap either.
~Randy
t be happy with using your web
interface no matter how posh.
bottom line: i like your moving ahead. i just wish you were moving more
quickly.
randy
> So, what are peoples' routing policies on RPKI going to be? Are people
> going to drop prefixes with no RPKI record? Or drop prefixes with an
> incorrect RPKI record? Or drop prefixes with a revoked status?
draft-ietf-sidr-rpki-origin-ops-04.txt
randy
> I would hope the response to the USG pressuring ARIN to diddle the RPKI
> db would be disabling of RPKI queries by most BGP speakers.
no need. break down, take a break from typing, and actually read
draft-ietf-sidr-rpki-origin-ops-04.txt
6.42.1.0/24 originating from as 999. are
you implying that it should be marked valid? i sure don't want it to.
an announcement for 666.42.0.0/16 from as 777 would still be valid.
so i am not sure what your point is. please clarify with a concrete
example.
randy
here is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
randy
s from that block which are announced by others (e.g.
customers) have ROAs in play. Otherwise, issuing a ROA for the
super-block will cause the announcements of sub-allocations with no
ROAs to be Invalid.
randy
lying on RPKI data,
routing on Invalid origin validity, though at a low preference, will
likely be prevalent for a long time.
but you configure your routers as you think best.
randy
TABLISHED, ect). For example, you have to open all upper inbound
ports manually if you want to complete outbound connections.
The solution is to manually build your own kernel from a vanilla source, along
with all the problems that entails.
~Randy
that is how i would run my network. but those concerned about
*any* change, might prefer being vulnerable to the youtube accident. we
all have choices.
randy
o. i am in that camp.
others fear rir and black helicopter control of their routing. they may
not want to drop the 'bad' announcement. i tried to document how they
might do so.
we all have choices. the point of the design is to empower the operator
to make those choices, and to do so in a simple and consistent fashion.
randy
signed?
roas, which are signed by resource certificates, bind a prefix to a set
of ASs.
sorry to wax pedantic. but this stuff can get crufty, and getting the
nouns and verbs correct will help us navigate.
randy
> I setup a p2p /127 link and found that BGP would not peer over the
> link;
on whose equipment and image?
randy
s who own the us government shutting off domain names without a
court order.
randy
>>> I setup a p2p /127 link and found that BGP would not peer over the
>>> link;
>> on whose equipment and image?
> This was with a cisco 7200 - IOS 12.4 over a HE tunnel.
/me suspects tunnel
> One cannot be owned by a carrier and remain carrier neutral.
i bet you also don't believe in santa claus
randy
> 039/8 APNIC 2011-01 whois.apnic.net ALLOCATED
> 106/8 APNIC 2011-01 whois.apnic.net ALLOCATED
it's been on most of the lists. sunny will probably post to nanog
shortly. the announcement is really well phrased, but i will not steal
sunny's thunder.
randy
draft-pmohapat-sidr-pfx-validate
randy
with the iana free pool run-out, i guess we won't be getting those nice
graphs any more. might we have one last one for the turnstiles? :-)/2
and would you mind doing the curves now for each of the five rirs?
gotta give us all something to repeat endlessly on lists and in presos.
randy
rules or standards at all, and just let people do
whatever they want. How well would that work?
-Randy
27;ve had ipv4 graphs for over 15 years. we like them.
geoff is mr graph. we like his grphs. heck, you have even used them.
randy
in that particular month.
brilliant! and damned useful!
there's a reason you get the big bucks. thanks. really appreciated.
randy
> In this context, at least, perhaps the NIR should be considered
> superfluous or redundant? What is the operational rationale behind the
> NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
and then, by inference, what is the use of the RIR level?
randy
ke an aggregatable /7.
Not that that really means anything, but is nice for organization ;-)
-Randy
--
| Randy Carpenter
| Vice President - IT Services
| Red Hat Certified Engineer
| First Network Group, Inc.
| (800)578-6381, Opt. 1
- Original Message -
> On Tue, Feb 1, 2011 at
- Original Message -
> On 1 feb 2011, at 23:33, Randy Carpenter wrote:
>
> > That's how I would do it. With the exception of LACNIC, each one
> > neighbors a block that is already allocated to that RIR.
>
> But if they wanted to do that, why give 106/8 to AP
to modrate.
and then, by inference, you can see how people justify the NIRs
randy
> Doesn't really matter who gets what
but conjecturebation is a key role of this mailing list
> because no one is going to route anything larger than a /8 anyway,
i have seen /7s routed. some folk on this list will remember an
exciting day back in about 2000.
randy
anything larger than a /8 anyway,
>
> i have seen /7s routed. some folk on this list will remember an
> exciting day back in about 2000.
Aye. I think there have been worse routing snafus that routing a /7, though.
-Randy
801 - 900 of 2576 matches
Mail list logo
