Heya,
In the US, folks are fighting the RIAA claiming that an IP address isn't
enough to identify a person.
In Europe, folks are fighting the Google claiming that an IP address is
enough to identify a person.
I guess it depends on which side of the pond you are on.
They are
Bill,
[...]
2. Once the limit is reached, excess routes will fail over to software
switching. TAC did not specify how routes are designated as excess.
I'm not sure if the Sup2's handle this case differently from the
Sup720s we were using, but, in our case, when we reached the ceilign
the
Heya,
My understanding is that there are no known algorithms for fast
updates (and particularly withdrawals) on aggregated FIBs, especially
if those FIBs are stored in CIDR form. This is the prime reason why
all those Cisco 65xx/76xx with MSFC2/PFC2 will be worthless junk in a
couple of
Heya,
What should I expect?
I am seeing ~350 from a vendor provided mpls cloud to a site in
Sukhrali Chowk, Gurgaon, Haryana, India
We just did a video conference between Boston and New Delhi, via NYC, and
we were seeing around 250ms. However, VSNL was QoS'ing our traffic across
their
David,
After Wednesdays apparent 'software bug', it looks like Cogent are
broken again.
*Cogent Network Status/DNS Server Status Description: *
Welcome to Cogent Communications’ Network Status Message. Today is
4/27/07 @ 11:11 ET. At this time, we are experiencing a network event.
The
Gadi,
Can you elaborate a bit on what universities have done which would be
relevant to service providers here?
Generally, we've found that most end users don't even know that their systems
are infected - be it with spyware, bots, etc - and are happy when we can help
them clear things up as
Heya,
And the fact that web servers are getting botted is just the cycle of
reincarnation - it wasn't that long ago that .edu's had a reputation of
getting pwned for the exact same reasons that webservers are targets now:
easy to attack, and usually lots of bang-for-buck in pipe size and
Audie,
Sprint technician informed us that there was a power outage in the Baltimore
site on 11/28/06 between 2-3:00 PM EST. During this outage, several our
clients could access our network. This incident re-occured again the next
day between 1:45-4:15 PM.
We peer with Sprint in Boston and
Maciej,
I work at one of the research institutions connected to Abilene and have some
understanding of how various institutions handle their I2 connections.
Of course, in order to perform this kind of studies I need a way to
distinguish between these two worlds. IÂ’ve learnt that Abilene
Heya,
Sorry about continuing this thread... I noticed a few people discussing
this topic and wondering about new ways to look at quarantining hosts.
There's a working group within the US Internet2 community that's been working
on a generalized architecture and set of white-papers that our
Heya,
I'm not sure what's going on, but we were seeing problems on outbound traces
on their DC-JFK-BOS stretch (we're connected to them in Boston) but it looks
like it might have cleared itself up a few mintues ago.
Eric :)
Heya,
Just to make analysis easier: Which prefixes should be missing?
We've got a feed from Cogent out of Boston and we did see a 5 minute
drop by about 5k routes in their annoucements. After that, we look as
though we're only short by around 400 or so prefixes:
11/17/2005 9:30
Robert,
All of our network is now patched for the latest Cisco advisory. We were
already running fixed code on a few routers when the advisory came
out so we knew the code was stable and moved to it on all other
boxes.
I'm not exactly in the know on this one, but the heap-overflow
8% seems high to me as well, I don't think I've ever seen my v6 traffic
over 1% honestly :(
These estimates seem way high and need support. Here is a counter-example.
Netflow on Internet 2 for last week
http://netflow.internet2.edu/weekly/20050829/
has 6.299 Gigabytes being sent
The Internet started out as a pork project.
I'm just sayin'.
I think it was more a research project... which, maybe, is just
pork by another name...
Eric :)
I guess I'm not the only one who thinks that we could benefit from some
fundamental changes to Internet architecture.
http://www.wired.com/news/infostructure/0,1377,68004,00.html?tw=wn_6techhead
Dave Clark is proposing that the NSF should fund a new demonstration
network that
It is about wasting taxpayers money while watching china deploy IPv9.
Though I'm not positive, my impression is that NLR currently being built not by
the NSF but by member institutions - which is to say by research Universities
that are a part of the Internet2 project. Because we're being
Todd,
eric, all, not to pick on eric at all, but since he raised the issue...
I always assume and, frankly hope, that when I post something someone will
pipe up and point out anything thats inaccurate, needs clarification,
is a bad idea, etc.
likely need to make modifications to our IGP/EGP
On Tue, Jun 21, 2005 at 03:16:06PM +0100, Richard Dumoulin wrote:
Hi Eric, what's the reason for migrating to ISIS?
There are currently a few projects that we're doing which prompted us to
take a look at how we're doing routing, both IGP and EGP. We're altering our
border connectivity by
Heya,
We have a situation where multiple organizations are all going to be
sharing a gigabit ethernet based Internet feed. We've each agreed to
purchase a percentage of the cost of the feed. The topology is
roughly:
(Inbound GigE 802.1q Trunk)
Can anyone point me to information on what the top N service providers
are using for their IGP?
Can we expand this to include enterprise networks as well? The University
that I work for is planning to do a switch-over from OSPF to ISIS, but
I'd like to know if we're really a one off.
Eric
Paul,
For any educational institutions on this list - what has been the impact on
your mail services once your ISP started blocking port 25 - what if any was
the backlash - and how difficult was it to provide alternatives ...587,465
etc ...
Our ISPs don't filter our traffic. If they
Heya,
I disagree as this entire event wasn't a planned outage. The planned part
was what you intended to do and, if its anything like the maintenance reports
that I send and receive, you typically state how long you expect the impact
will be and that it will take place within your
http://www.advancedippipeline.com/news/159905772
...In what the company claims is an effort to preserve the performance
of its pre-standard WiMAX network, Clearwire says it reserves the right
to prohibit the use of a wide range of bandwidth-hungry applications, a
list that apparently
Does anyone actually know anyone that has actually used the V-Chip?
Though I've personally never met him, I think Eric Cartman has:
http://members.tripod.com/~JB/southpark/vchip.wav
http://www.moviesounds.com/sp/vchip.mp3
Eric :)
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
Something else to consider. We block TFTP at our border for security reasons
and we've found that this prevents Vonage from
Why block TFTP at your borders? To keep people from loading new versions of
IOS on your routers? ;)
Not trying to be flippant, but what's the basis for this?
This is a really good question :)
In our particular case, it was not to protect the network as others suggested.
We do ACL our
Overall, we typically move around 190/230bbps inbound/outbound from our campus
Oops.. that should read 190/230Mbps...
Eric :)
Hello,
I must admint, I'm really not up on the more subtle aspects of v6 addressing
nor have I read the drafts you posted, but I've never understood why we needed
a new set of RFC1918-like IPv6 space. Wouldn't 0::10.0.0.0/104,
0::192.168.0.0/112, and 0::172.16.0.0/116 (or whatever the
Henry,
So I would like some professional expert opinion to
give her on this issue since it will effect the
copyright inducement bill. Real benefits for
production and professional usage of this technology.
I'm sure you'll hear this from many other people, but one thing that I always
try to
A buncha technically clueless newsgeeks brought infected micro$loth
computers into a convention? Shocking! What's this world coming to???
Sounds like Verizon hired low-end netgeeks if they had to bring the
network down to find these infected computers.
Maybe they could have benifited from
http://www.thebostonchannel.com/news/3561756/detail.html
The event monitor gives all the agencies instant access to any event to
local police, fire officials, the FBI and dozens of law enforcement
representatives working with utility providers. Public safety officials
from our carriers --
Only one customer? There are a couple consulting firms in
particular around here that use arbitrary space on internal
networks. Sometimes a currently-dark IP block is configured, so
it works for us. It gets annoying after a while.
The worst one I've seen so far is Ticketmaster... last
Heya,
I'm spec'ing out a project that involves some large-scale video conferencing
and collaboration amoung several locations. The ones in the US are looking
to use AccessGrid software, which we're anticipating will be about an 11Mbps
peak load. Anyone know if its possible to get a
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding dominion over this business network and
its critical infrastructure, should _definitely_ have a firewall. ;)
By firewall, do you mean dedicated unit that does statefull filtering
In case I every get another job at a University, how do you separate
student areas from administration areas?
When we disable the network in a particular area, if a non-student calls
then its a non-student area ;)
Eric :)
This is a topic I get very soap-boxish about. I have too many problems
with providers who don't understand the college student market. I can
think of one university who requires students to login through a web
portal before giving them a routable address. This is such a waste of
time
Fortunately people with less clue usually have less bandwidth.
Don't be so sure that people with no clue don't have bandwidth, large
companies with enourmouse resources sometimes end up with really clueless
people at the top and similarly clueless network techs.
Most Universities have
Adi,
Reading about the various ways universities deal with ill behaved client
PCs, is there documentation on how to quarantaine devices on a network?
I wrote up a quick note on what we do at:
http://www.roxanne.org/~eric/blaster.html
Eric :)
I think the IAB has a legitimate point.
Network operators rely today on the fact that different services use
different ports, so they can block particular types of access/behavior
by blocking ports.
I think the IAB has a legitimate point and I agree with it 100%.
Unfortunately, I also
Since the latest zone for .net (and maybe .com according to the
announcement) contains data that
* indicates existance for domains that actually do not exist, and
* incorrect addresses for domains that exist, but are not using the
name service of netSOL cum verisign,
it is
To those providers who have started filtering some if not all of the
spoofed traffic, and those have been nuking the zombied hosts.
Please accept my thanks, it seems that enough has been stopped so the
DNS and websites are now available again.
In case you're curious as to how most of the
There is no evidence that the patch does not fix the vulnerability. You
may be getting infected during the patching and cleaning process. Best
bet is to patch, reboot, then clean.
We've found that downloading both the appropriate patches and cleaning tools,
and then disconnecting from the
You don't put battery backup on a kill-all switch
The idea behind it is to kill-all!! (*doh*) If you ever need to press it,
you do so just before the guys-with-foam run in to douse your burning UPS...
People laugh histerically when the evil bad guy in a movie has a button
labeled
I'm still waiting for a P2P system running inside IPsec. With XP
and W2k making inroads on consumer computers there now is a significant
user base with access to luser-friendly systems carrying these
capabilities.
I'm not positive, but I thought Filetopia used SSL transfers on port 443 for
This might explain the (very!) high number of maintenance alerts from
QWest this week, as well
Sprint, L3 and Cogent also announced a series of emergency maintenances.
Ok, fine, don't tell the rest of use what it is, how to detect it, or how
to defend against it. We in the
Am I the only one that thinks IPv6 is a minimum of ten years out before
you see actual non-geek demand?
Well, this probably doesn't fall completely under the non-geeek category,
but larger US Universities are starting to deploy v6 on their campuses as
well as using it for native transit over
So, how does IPv6 go from the shores of Japan and the minds of geeks across
America to being the primary protocol
used on the net?
Free gay porn?
Eric :)
Nearly every customer of mine has required IPv6 in
their RFPs for over a
year, but not a single one has turned it on even for
testing.
Lets say I have a lab with a few machines and I enable native v6 on
my primary v4 network connection. The 300kbps that my lab generates
is fine. What
Comments?
(Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
Will this require any modification to exisiting RFC2321 troubleshooting
agents?
Eric :)
Heya,
We've got a business unit hosted in Allegiance Telecom's boston colo
that's been down for a bit and all they can get out of Allegiance is
um... we're not sure what's going on. I'm guessing that boston.com,
which is also down, is affected by this...
If you go to the Allegiance Telecom
...then if you have a good reason to ask, they'll help you, and if
not, they won't. This should not surprise anybody; that's how NOCCs
are.
I guess we'll have to wait for Allegiance customers leak the
information. The leaks may not be as accurate as if the information
came directly
Ok,
What we really need is something like what NOAA has for space weather:
http://www.maj.com/sun/noaa.html
Currently, the weather is active and unsettled...
Eric :)
Indeed. I've unfortunately had many instances where a company runs 5+ VoIP
calls -- in addition to data traffic -- over a 64k circuit with the line
staying at 95-100% capacity 24x7. It's not easy, but it's doable.
We're not running VoIP, but we did run an OC3 at 100% 24x7 for 6 months and,
my transit traffic doubled (luckily it is the low time of the night for
me) from 10-12ish
I work at a really large east coast University. Our sensors show the problem
starting between 12:30-12:45am this morning...
Eric :)
My thoughts are Cogents primary customers are sites that are looking for
very cheap bandwidth, which most likely is adult content. Therefore they
would look more like a content provider than a transit provider.
Cogent is making in roads at a lot of Universities who want, as we all
know,
Hello,
A friend of mine is working on one of the committees for next years
Supercomputing conference and noticed that, in the past, they'd had
participants from most continents but none from Africa. Does anyone
know of a good organization/group/etc which we could spam with our
conference
Anyone have any idea what really happened :
http://www.boston.com/dailyglobe2/330/science/Got_paper_+.shtml
I know someone who worked on it, but I've avoided asking what
really happened so I don't freak out the day the ambulence drives
me up to their emergency room :) The other day, I did
Joe,
Ipv6 uses 128 bits to provide addressing, routing and identification
information on a computer. The 128-bits are divided into the left-64 and
the right-64. Ipv6 uses the right 64 bits to store an IEEE defined global
identifier (EUI64). This identifier is composed of company id value
Heya...
Anyone know if something is up on Qwest's run from Boston to NYC today?
Eric :)
Related to that, a growing number of Internet2 connectors now do native IPv6
peering with the Abilene backbone (rather than tunnelling their v6
connectivity), including NYSERnet, the Pittsburgh Gigapop, Great Plains,
WiscNet, 6Tap, CUDI, ANS, MAX, Surfnet, and APAN. (see, for example:
:: Said in my best Dr. Evil voice ::
Ok, here is my master plan to take down the Internet. First, we will spend
two weeks writing up several hundred seemingly simple, short questions
and innane statements regarding ORBS, filtering RFC1918 space, Peering, and
all of Nanog's other favorite
http://www.cisco.com/warp/public/707/newsflash.html
There are some limitations as to where uRPF works, SONET only on GSRs for
example (thanks Cisco). I believe it will work on 65xx (SUP1A and SUP2 I
think) regardless of interface type. Impact should be minimal, as it simply
does a lookup
I am looking for any and all research (and perhaps your comments),
references, etc. regarding replacements for the TCP/IP protocol that do
not require centralized authority structures (central authority to assign
network numbers).
Any links, comments, etc., appreciated.
Well,
I don't
64 matches
Mail list logo