> Pick your RIR and plot its runout date. If it's ARIN, then the first
> ISP is out of IPv4 addresses at most three months later
no. arin is out, not an isp
> Will users be unable to reach your content on $RIR_runout_date + 3?
yes, of course
randy
I would say that the specifics you provide in your email are sufficient for
ARIN to issue you a second ASN. There is really no other feasible way to deal
with 2 separate multi-home sites that I can think of.
-Randy
--
| Randy Carpenter
| Vice President - IT Services
| Red Hat Certified
- Original Message -
> > Doesn't really matter who gets what, because no one is going to
> > route anything larger than a /8 anyway, particularly the RIR
> > allocations. Just kinda fun to think about :-)
> >
> > -Randy
> >
> >
> How ab
> Somebody should probably get a blog instead of sending, *39 and
> counting*, emails to this list in one day.
procmail is your friend
> the prboability distribution with the error bars is a pretty useful
> tool to throw over the wall to management so that they know how long
> they have to get their affairs in order.
i suspect it's more like most folk should save a gif so they can
say "i warned you," when they need a bunch of mon
they are bringing nats of all flavors on themselves.
this would be fine if the rest of us did not also get the dren.
randy
> I don't see ARIN recognizing bogus transfers in the registry -- if the
> transfer policy wasn't followed, then no transfer occurred.
do you share what you are smoking?
i am on the apricot 2014 pc. we do not have a submission on ntp
defense. can someone please do one?
randy
rfc 6164
> I guess as a follow up question. Do you use the EUI-64 address as the
> Default gateway or the link local.
>> rfc 6164
what's link local? does it do vrrp? :)
randy
> Can somebody explain to me why those who run eyeball networks are able
> to block outbound packets when the customer hasn't paid their bill,
> but can't seem to block packets that shouldn't be coming from that
> cablemodem?
i suspect the non-payment case is solved at a layer below three
randy
> Then the need to be made criminally liable for the damage that it causes.
> Yes, the directors of these companies need to serve gaol time.
why not just have god send down lightning bolts? quicker and cheaper.
or maybe they will just drown as the level of hyperbole keeps rising.
randy
SPs along with the CERT which then builds the filters
> based on that information after verifying the CERTs authenticity.
you have done this in your network, the isp for which you are an
engineer?
randy
ng
> with respect to implementation costs.
you have done this in your network, the isp for which you are an
engineer?
randy
> The token to simplify is currently mine. The messy bit was an attempt
> to try to push policy algebra into the packet format.
jeezus!
> Cleaning up the document will take probably another two rounds but a
> terse description of where it should be going is "template based
> structured communitie
> Well when industries don't self regulate governments step in. This
> industry is demonstratably incapble of regulating itself in this
> area despite lots of evidence of the problems being caused for lots
> of years. This has been DOCUMENTED BEST CURRENT PRACTICE for 13.5
> years. Everybody els
fear we really have most of the easy big deployments and all of the
cool kids. we're down to statistically small stubborn do-nothings and
some folk with equipment that will take years to be pushed off net.
randy
itely scream at them and threaten legal action and
lightning strikes from the gods.
randy
> There is a group called PTC
the T stands for telco. no internet peering
etc.
randy
object to
> say that an as-set, route-set or combinations of these ought to be folded
> in when creating the filters.
fwiw, i build filters by running peval() over their as-set
randy
he core of arin's failure.
randy
> I answered it truthfully, I clicked a lot of 1s.
i actually find day-to-day transactions with hostfolk ok. the org just
has no vision of the internet. register, do not regulate. board, ceo,
and AC seem to be dominated by itu wannabes.
randy
in the last 3-4 days, a *massive* amount of spam is making it past
spamassassin to my users and to me. see appended for example. not
all has dkim.
clue?
randy
From: "SmallCapStockPlays"
Subject: Could VIIC be our biggest play in 2014? Check the stock today
To:
Date: Tue, 18 Feb
g?
sa-update has run. and it runs cleanly
randy
valus, at least in this area.
> You could always block their ip in the ...
their? you are presuming a single soure.
> You could also add a rbl query to your mail server config to spamhaus.
have had that for years
randy
> A fix should be in the rules update today or tomorrow - or you can rescore
> it to the same as BAYES_99 (someplace in the 3 range by default, I
> believe). That's what used to catch that mail: it used to mean 99-100%,
> and now means 99-99.9%.
trying the copy 99->999 now. thanks!
randy
see other people are suffering
> as much as I am. :)
as the fix is not yet out, would be cool if someone with more fu than i
posted a recipe to hack for the moment.
randy
score BAYES_999 0 0 4.0 3.7
and this is a replacement for both 999 and 99?
randy
> The correct score has been pushed, as Simon Perreault mentioned. Taking
> out anything you've done and running sa-update should get you a working
> ruleset.
thank you
randy
OpenGear's newer stuff is Gigabit (SFP even).
I've not seen any real switch made in the last decade that has a problem with
100Mb/s connections. Ancient cisco, maybe had issues.
thanks,
-Randy
--
Randy Carpenter
Vice President - IT Services
First Network Group, Inc.
(800)578-63
thwater (excuse the yank idiom)
randy
ds of the unclued zombies they would
take it seriously.
randy
> I only ran the scan once, but had ~130k devices respond.
is there any modern utility in chargen?
>> It would be really cool if peering exchanges could police ntp on
>> their connected members.
> Well, THIS looks like the worst idea ever.
while i agree that this is an extremely stupid idea, clearly you have
not been reading this list for very long
randy
uggest acls. i was assuming that one just disables
the 'service'.
randy
Is there some technical reason that BGP is not an option? You could allow them
to announce their AT&T space via you as a secondary.
-Randy
- Original Message -
> This may sound like dumb question, but... I'm used to asking those.
>
> Here's the scenario
>
&
s has happened.
randy
> I think you have the right of it. That the recipient elects only to
> use the link for a limited set of destinations is an ordinary part of
> transit service. In Randy's example, a peering link was converted to a
> transit link on a short term basis.
you know the term?
> So how do people tend to get around this?
use a sane registry. arin works hard to make their services unusable.
it comes from their confusion of being a regulator as opposed to a nic.
randy
own breaker. If it
doesn't, then your 20A cord could catch on fire before the 30A breaker trips.
Not incredibly likely, but possible.
-Randy
end is $1 for bad Rep $2 for barely used, $3
> for no spam and $4 for legacy.
is this supported by market data, or is it an assertion of what you
think/wish the market should be. if the latter, do you have a track
record in predicting markets?
randy
t home
in tokyo, i pay a bit over USD30/mo for real 100/100.
randy
> don't believe for a moment that v6 to v4 protocol translation is any less
> ugly than CGN.
it can be stateless
randy
one entity. but i suspect you
can get close enough for government work.
randy
one entity. but i suspect you
can get close enough for government work.
randy
e categories of counts
> desired (and each percentage of the total)
that would work, presuming those three categories cover all space, e.g.
us military etc.
randy
> I think the term "owned" is a problem here.
sorry not to get your religious icons correctly. full refund below.
jeezus! get a life.
randy
sorry steve.
was not chasing down the tree. not clear what a useful measurement
would be.
randy
> But perhaps Randy is looking for the number of /24 equivalents
> allocated to legacy resource holders who haven't also received an IPv6
> direct allocation or other IPv4 direct allocation under an RSA?
what percentage of address space is held by members and what percentage
by non
> https://tools.ietf.org/html/rfc6145
> https://tools.ietf.org/html/draft-ietf-softwire-map-t-05
> https://tools.ietf.org/html/draft-anderson-siit-dc-00
derived from 6346
randy
> And all those IPv4 addresses for the 1:1 translation required by the
> stateless version are coming from where exactly?
maybe you should read the documents
this would be a good time to tll your users not to send or open ms word
documents. active 0day
http://arstechnica.com/security/2014/03/zero-day-vulnerability-in-microsoft-word-under-active-attack/
randy
> You propose stateless NAT64 as an viable alternative to CGN.
where do i do that?
> The question stands: where are you planning to get the extra IPv4
> addresses for the static 1:1 mapping?
maybe look at the +P in A+P
randy
olve their problem with CGN, v6 to v4 protocol translation] can
> be stateless."
again, you put words in my mouth which were not there. i did not say v6
to v4 translation.
> Nah, I'm done following bread crumbs for the day.
cool. then we can all go back to reality and whet people actually said.
bye
randy
d
i believe that ripe is actively tearing down barriers to participation).
randy
--
[0] as you know, there has been at least one occasion where the board
election has been rigged. at your encouragement, i once submitted
the whole nomination rig-a-marole to the nomcom. my name did not
app
es were a mistake.
randy, who really needs to go back to work
aughter's kindergarten has better governance.
and they're not even embarrassed. sheesh!
randy
y
> might not be holding that contract very long.
there is no such contract. arin is not the icann or iana.
randy
le
icann is quite competitive, arin does kinda take the cake.
randy
nse of other means.
but i eagerly await the simplification of arin's ts&cs. and get rid of
being able to change them unilateraly and arbitrarily, and get rid the
silly game about legacy rights, and a whole bunch of us might join.
randy
suggest one non-board insider such as cja, so that questions
about internals can be answered.
yes, opening up the game is scary. it darned well should be. it could
change the status quo. but that might be good for arin, good for the
community, and good for the internet.
randy
l the cool kids will be in warsaw. ops vote with our feet.
randy
y point is that what arin does should be of interest to nanog
subscribers. in theory, the ops are the arin community, the registry
serves operations. if it is not of interest to ops, it is not serving
the community.
[ get out of s'pore yet? drc got delayed a day with a missing part for
his plane! ]
randy
to
try to reach hard conclusions or plans. but to open a dialog to explore
what the community gets and wants from these services and how they are
provided.
or pick another key service.
randy
two think that are simple, enforce bcp38 and ntp packet sizes
rndy
Alexander Neilson wrote:
> I wonder if they should be invited to only post a single message with
> the titles and links to the alerts so that people can follow it up.
i would prefer that the header be in blue, the titles in green, and the
urls in magenta, in comic sans, of course
randy
docs/ripe-591
guys, you are following an arin policy weenie's red herring. this was
not about fees. it was about arin's board being it's own governance
review committee and having no term limits, arin forcing folk to sign
contracts with clauses saying arin can change the Ts&Cs unilaterally and
arbitrarily, ...
randy
> But clearly, this is one of those issues where you have a
> good amount of folk on either side of the fence.
and the discussion is about the size of five years of cisco notices and
just as hard to delete
welcome to nanog
randy
ed', ... would seem to
descrive the situation.
and, btw, how many of those whose prefixes were mis-originated had
registered those prefixes in the rpki?
randy
gp.
of course the lack of filtering or origin validation is an endemic
disease.
randy
aldis, and i never make mistakes :)
the point it to engineer the network so we are not affected by the
inevitable mistakes
as chris and i were noting privately, this seems not to have damaged a
lot of traffic, more than compensated for by the traffic on nanog :)
randy
y longer prefixes of an aggregate
> that are not ROA'd.
sadly, my (legacy) address space is in the arin region. and arin does
not see allowing me to protect my prefixes from mis-origination as a
serious goal.
randy
ts of recurrence?
one nice thing about origin validation is that anyone who validates
anywhere on the internet can reject the mis-origination(s).
randy
.
in general, i can not prefix filter N hops away.
randy
tion. sharon goldberg and co-conspirators have done a lot
of work in the area, see her pubs at https://www.cs.bu.edu/~goldbe/.
but the concentration seems to be on bgpsec which deploys quite
differently
randy
> I'm really surprised no one has mentioned this here yet...
we're all to damned busy updating and generating keys
you might like (thanks smb, or was it sra)
openssl s_client -connect google\.com:443 -tlsextdebug 2>&1| grep 'server
extension "heartbeat" (
> Yes, we don't validate those prefixes cause we filter them strict.
in our measurements, an rpki-based origin check is significantly faster
than an acl of non-trivial length.
randy
clued enough to generate ghostbusters (and neither
ripe's nor apnic's software supports gbrs today).
if my customer can not reach foo's customer, will foo's rir be willing
to help? if foo's customer can not reach mine, how to let foo know who
to call/write? do we need conventions?
randy
massive porn spam is making it through spamassassin. new filter oops?
randy, still researching
> It's quite plausible that they watch the changes in open-source
> projects to find bugs. They could do nice diffs and everything.
the point of open source is that the community is supposed to be doing
this. we failed.
randy
o try to lower the probability of a next one by actively
auditing source as our civic duty.
randy
which we could read for enjoyment.
true. also, as someone whacked me, far too many networkers can not read
code at all.
randy
> The NANOG Communications Committee, reachable at adm...@nanog.org, is
> the appropriate place to bring mailing list concerns to.
dear god, please save me from an operational community becoming a
hidebound bureaucrazy
> So arin is ending
no. their job is a registrar, a bookkeeping and information function.
some day they may get back to that.
randy
> I am trying to organize the DNS Track and as usual we would like to
> make this very attractive.
mehmet, i know you're an engineer. screw attractive. how about
technically informative and meaty?
randy
jim,
> To an engineer, that _IS_ attractive.
i am an occasional engineer. i find the recent gl1tz!ficat!on of nanog,
the mass of committees and important positions, ... disgusting.
randy
jim,
> To an engineer, that _IS_ attractive.
i am an occasional engineer. i find the recent gl1tz!ficat!on of nanog,
the mass of committees and important positions, ... embarrassing.
randy
> DNS is Sexy, y'all know it.
no wonder dns geeks seem to have a low birth rate
a good number of us use that kinky /10 behind home nats and encourage
everyone to do so. it was a sick deal and should be treated as such,
just more 1918.
randy
used as such. you wanted an 'owned' allocation that you and your
friends control, you shoulda gone to the rirs.
randy
i
> wonder which route will be the final best route after bgp convergence in
> AS1 and AS3.
this is a bgp wedgie. is it real and caught in the wild? tim would be
cheered.
randy
<$1k
There really does not seem to be anything in that space that is viable and
inexpensive.
thanks,
-Randy
- Original Message -
> We’ve had two of the ER3s in production. One of which has had no problems to
> date, the other one had several issues just staying online. It wo
> I think we have told what happened in enough detail in the 3.5
^your version of
> commentary already posted to this thread.
randy, yet another of the hordes of vrrp users
imiho think vi hart has it down simply and understandable by a lay
person. <http://vihart.com/net-neutrality-in-the-us-now-what/>. my
friends in last mile providers disagree. i take that as a good sign.
randy
jason, thanks for posting from your work address. really appreciated.
i wish others employed on one side or t'other would make their
affiliations clear, when the subject cuts so close to the pockets of
large financial interests.
randy
> Harping on symmetric ratios seems very 1990.
not so much. that kink came in later
randy
other... it's just legacy
> thinking and we're the new guy that has grown rapidly.
>
> Now we both have to pay for traffic to get sent to Europe
> and back. How nice...
which is amusing given you have massive east coast to europe fiber
capacity.
randy
ss to resources that we
> didn't know existed.
>
> Hopefully I'll meet some of you in bellevue next week.
seeing as the web version of the security track is content free, it
would be cool if you held a little open chat.
randy
reconfig the acl. bit of
a pita.
anyone care to share better idea(s)? thanks.
randy
901 - 1000 of 2576 matches
Mail list logo
