NZNOG 06 - Registrations now online.
http://www.nznog.org
The next conference of the New Zealand Network Operators' Group is to
be held in Wellington, New Zealand between 22-24 March 2006. The
conference is on the week before the ICANN meeting in Wellington
so
--On Tuesday, February 28, 2006 14:39:37 -0500 David Nolan
[EMAIL PROTECTED] wrote:
We a couple techniques at Carnegie Mellon, depending on the network
scenario.
The DHCP based technique outlined above requires no extra infrastructure,
just extra configuration, so it is what we use for
David Nolan wrote:
snip
(*): For anyone who doesn't know, URPF is essentially a way to do
automatic acls, comparing the source IP of on an incoming packet to the
routing table to verify the packet should have come from this
interface. With the right hardware this is significantly cheaper
Date: Tue, 28 Feb 2006 18:50:29 + (GMT)
From: Christopher L. Morrow [EMAIL PROTECTED]
To: nanog@merit.edu
Subject: Re: Quarantine your infected users spreading malware
On Tue, 28 Feb 2006, Jim Segrave wrote:
www.quarantainenet.nl
It puts them in a protected environment where they
--On Wednesday, March 01, 2006 07:54:17 -0600 Jack Bates
[EMAIL PROTECTED] wrote:
David Nolan wrote:
snip
(*): For anyone who doesn't know, URPF is essentially a way to do
automatic acls, comparing the source IP of on an incoming packet to the
routing table to verify the packet should
On Wed, 1 Mar 2006, Gadi Evron wrote:
The United States wants to keep the so-called Internet Governance and control
of IP allocation and Internet Naming all to itself. Why should I, or anyone
else for that matter use their system, than? They haven't even been a
benevolent dictator, for that
On 1-Mar-2006, at 02:56, Kevin Day wrote:
On Mar 1, 2006, at 12:47 AM, Joe Abley wrote:
o a small to medium multi-homed tier-n isp
A small-to-medium, multi-homed, tier-n ISP can get PI space from
their RIR, and don't need to worry about shim6 at all. Ditto
larger ISPs, up to and
On Mar 1, 2006, at 1:52 AM, Joe Abley wrote:
Shim6 also has some features which aren't possible with the swamp
-- for example, it allows *everybody* to multi-home, down to people
whose entire infrastructure consists of an individual device, and
to do so in a scaleable way.
Only if
On 1-Mar-2006, at 10:33, John Payne wrote:
On Mar 1, 2006, at 1:52 AM, Joe Abley wrote:
Shim6 also has some features which aren't possible with the swamp
-- for example, it allows *everybody* to multi-home, down to
people whose entire infrastructure consists of an individual
device,
There is
talk at present of whether the protocol needs to be able to
accommodate a site-policy middlebox function to enforce site policy
Certainly, firewalls may be the only point such policy will work
when the hosts are hidden behind them on a corporate lan
10 years of host legacy
On Wed, Mar 01, 2006 at 10:33:51AM -0500, John Payne wrote:
On Mar 1, 2006, at 1:52 AM, Joe Abley wrote:
Shim6 also has some features which aren't possible with the swamp
-- for example, it allows *everybody* to multi-home, down to people
whose entire infrastructure consists of an
--- Joe Abley [EMAIL PROTECTED] wrote:
How about some actual technical complaints about
shim6? The jerking
knees become tedious to watch, after a while.
Okay, if I'm an enterprise with 6 ISPs but don't
qualify for PI space, I'll need to get PA space from
all of them, for Shim6 to work,
On Wed, 1 Mar 2006, JP Velders wrote:
Date: Tue, 28 Feb 2006 18:50:29 + (GMT)
From: Christopher L. Morrow [EMAIL PROTECTED]
To: nanog@merit.edu
Subject: Re: Quarantine your infected users spreading malware
On Tue, 28 Feb 2006, Jim Segrave wrote:
www.quarantainenet.nl
It
On 1-Mar-2006, at 11:22, David Barak wrote:
Also, the current drafts don't support middleboxes,
which a huge number of enterprises use - in fact the
drafts specifically preclude their existence, which
renders this a complete non-starter for most of my
clients.
I have not yet reviewed the
--- Joe Abley [EMAIL PROTECTED] wrote:
I'm just one guy, one ASN, and one content/hosting
network. But I
can tell you that to switch to using shim6 instead
of BGP speaking
would be a complete overhaul of how we do things.
You are not alone in fearing change.
It isn't fearing
--- Joe Abley [EMAIL PROTECTED] wrote:
On 1-Mar-2006, at 11:22, David Barak wrote:
As far as I can tell, the whole reason for these
discussions is the insistence on the strict
PA-addressing model, with no ability to advertise
PA
space to other providers.
The whole reason for
Wanted to know thoughts on the APC Network FM series for cooling datacenters? If this is the wrong place for this topic, I apologize.
Thanks
On Wed, 2006-03-01 at 09:05 -0800, David Barak wrote:
[..]
Is it easier to scale N routers, or scale 1*N
hosts? If we simply moved to an everyone with an ASN
gets a /32 model, we'd have about 30,000 /32s. It
would be a really long time before we had as many
routes in the table as we do
On Wed, Mar 01, 2006 at 09:05:17AM -0800, David Barak wrote:
--- Joe Abley [EMAIL PROTECTED] wrote:
On 1-Mar-2006, at 11:22, David Barak wrote:
As far as I can tell, the whole reason for these
discussions is the insistence on the strict
PA-addressing model, with no
On 1-Mar-2006, at 11:55, David Barak wrote:
--- Joe Abley [EMAIL PROTECTED] wrote:
I'm just one guy, one ASN, and one content/hosting
network. But I
can tell you that to switch to using shim6 instead
of BGP speaking
would be a complete overhaul of how we do things.
You are not alone in
On 1-mrt-2006, at 18:05, David Barak wrote:
Is it easier to scale N routers, or scale 1*N hosts?
Is it easier for the government to make a 5 year plan or for everyone
to spend time and energy finding the best deal for everything?
Every router has to search through its FIB tables for
On 1-mrt-2006, at 17:22, David Barak wrote:
I think that we could spend
our time better in coming up with a different approach
to addressing hierarchy instead.
I agree.
The address space is one dimensional. This means you can encode a
single thing in it in a hierarchical manner for free.
On Mar 1, 2006, at 9:07 AM, Joe Abley wrote:
On 1-Mar-2006, at 02:56, Kevin Day wrote:
If you include Web hosting company in your definition of ISP,
that's not true.
Right. I wasn't; I listed them separately.
It's important to note that even if you are a hosting company who
*does*
On 1-Mar-2006, at 13:32, Kevin Day wrote:
We have peering arrangements with about 120 ASNs. How do we mix
BGP IPv6 peering and Shim6 for transit?
You advertise all your PA netblocks to all your peers.
Ok, I was a bit too vague there...
How do we ensure that peering connections are
--On Wednesday, March 01, 2006 11:42:01 -0600 Jack Bates
[EMAIL PROTECTED] wrote:
Do you find that web redirection actually stems the flow of calls to the
helpdesk? We find that anything out of the normal usually results in a
customer calling the helpdesk just because they weren't
Kevin Day wrote:
If you include Web hosting company in your definition of ISP, that's
not true. Unless you're providing connectivity to 200 or more networks,
you can't get a /32. If all of your use is internal(fully managed
hosting) or aren't selling leased lines or anything, you are not
AFAIK there is no deployed, or even working shim6 code.
As such, it is not an operational issue by any stretch of the
imagination.
There are a number of more apropriate mailing lists for discussion
of issues surrounding the design and operation of shim6.
Coincidentally, I am not subscribed
Hello
As a sort of addendum to the thread of Quarantine your infected users spreading
malware I am curious how other handle contact to the users/clients for network
security incidents.
The question I have is; When someone reports an incident to you about
one of your clients (a user or server
--On March 1, 2006 12:08:21 PM -0800 Matt Ghali [EMAIL PROTECTED] wrote:
AFAIK there is no deployed, or even working shim6 code.
No there isn't
As such, it is not an operational issue by any stretch of the imagination.
There are a number of more apropriate mailing lists for
Please don't mix up addressing and routing. PI addressing as you
mention is addressing. SHIM6 will become a routing trick.
I think that is overly pessimistic. I would say that SHIM6 _MAY_
become a routing trick, but, so far, SHIM6 is a still-born piece
of overly complicated vaporware of
I think you're missing that some people do odd
things with their IPs as well, like have one ASN and 35
different sites where they connect to their upstream Tier69.net
all with the same ASN. This means that their 35 offices/sites
will each need a /32, not one per the entire asn in the
On 3/1/06, Nicole Harrington [EMAIL PROTECTED] wrote:
...
In short, how much information do you pass on to support yourself and when.
We've found that a simple we've received complaints about you and
your machine. Go here (symantec, fsecure, windowsupdate, etc) and
patch your machine. works
On 1-Mar-2006, at 18:29, Randy Bush wrote:
You will note I have glossed over several hundred minor details (and
several hundred more not-so-minor ones). The protocols are not yet
published; there is no known implementation.
possibly this contributes to the sceptisim with which this is
I hesitate to make an analogy, lest the analogy wars begin...
Sometimes I am forced to use a telephone. I periodically get dead air
or a fast busy. Sadly, my phone skills are rusted. Can someone please
tell me how I select the switches and trunks through which my call is
routed? Thanks.
Nicole Harrington wrote:
Hello
As a sort of addendum to the thread of Quarantine your infected users
spreading
malware I am curious how other handle contact to the users/clients for network
security incidents.
The question I have is; When someone reports an incident to you about
one of your
http://www.ecs.soton.ac.uk/~ajf101/irp-ajf101-multihoming.pdf
the money quote:
The lack of a standardised solution to multihoming remains a large issue
frustrating wider-scale deployment of IPv6, as many large sites rely on
multihoming for connection reliability and optimality. The proposed
For those watching and grumbling, I'll move the discussion to a shim6
mailing list, or in private if anyone wants to continue beyond this.
Just make sure you cc: me if you move the discussion somewhere else.
On Mar 1, 2006, at 12:55 PM, Joe Abley wrote:
On 1-Mar-2006, at 13:32, Kevin
--- Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
But the most important thing we should remember is
that currently,
routing table growth is artificially limited by
relatively strict
requirements for getting a /24 or larger. With IPv6
this goes away,
and we don't know how many
On Wed, 1 Mar 2006, Lucy E. Lynch wrote:
point us to the documents which describe how to deploy it in
the two most common situation operators see
o a large multi-homed enterprise customer
o a small to medium multi-homed tier-n isp
never under-estimate the range and productivity of Pekka!
39 matches
Mail list logo