if we got rid of or incapacitated the massive botnets that would be a
trickle, manageable, and hardly be worth fussing about, particularly
on an operational list.
this presumes non-inventive spammers, which i fear is not the case. but
it sure would be a good place to start :)
randy
Can we wrap the mail threads up
actually, i am still learning from some of them.
i have a hypothesis to add
nanog list volume is proportional to
S + E
where S is the amount of Slack time the active members have and
E is the existence of a significant Event
in the absence of a
Suresh Ramasubramanian wrote:
On Sat, Apr 12, 2008 at 2:34 AM, Barry Shein [EMAIL PROTECTED]
wrote:
The lesson one should get from all this is that the ultimate harm
of spammers et al is that they are succeeding in corrupting the
idea of a standards-based internet.
huh? i think that, with
[ should this move to nanog-futures? well, it's a quiet saturday ]
Collocation would be a useful idea - save airfare, hotel etc.
immensely difficult. the nanog sc could not even get the nanog
administrative structure to avoid a direct and damaging conflict with
afnog for the next meeting.
for a measurement experiment, i would like O(100k) *headers* from spam
from europe and a similar sample from the states.
this would be a straight sample, before filtering, ip address blocking, etc.
if you can help, please drop me a note and we can discuss how the sample
is taken and how
Rich Kulawiec wrote:
On Thu, Apr 10, 2008 at 06:32:53PM +0900, Randy Bush wrote:
for a measurement experiment, i would like O(100k) *headers* from spam
from europe and a similar sample from the states.
Request for clarification: do you mean spam originating at IP addresses
believed
Request for clarification: do you mean spam originating at IP addresses
believed to be in Europe
yes.
blush a! speaking of non-reading blush
i mean spam arriving at port 25 on a european host. and an unfiltered
unblocked port 25, no dnsbl, ...
it looks like i have a great stateside
this would be a straight sample, before filtering, ip address
blocking, etc.
i realize this is difficult, as all of us go through much effort to
reject this stuff as early as possible. but it will be a sample
unbiased by your filtering techniques.
How do you classify email as spam without
Hey nanog committee, there's an idea. How about an operator's wiki?
http://nanog.cluepon.net/
centralization is not a core feature of the internet :)
randy
as a friend who reads this list but clearly wants to remain anonymous
pointed out
http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/funnies.html#CHANGING-LIGHTBULBS
randy
Donald Stahl wrote:
NANOG is not a general purpose router help mailing list. Issues
discussed here are supposed to be relevant to the North American ISP
community.
excuse? configuring routers is not operational in north america? have
you gone completely layer 2 over there?
randy
http://www.nanog.org/postel-scholarship.html
Overview
NANOG and ARIN have been been unique and successful cooperative fora for
Internet builders in North America and other parts of the world. Senior
practitioners from around the world contribute their time to NANOG and
ARIN as presenters,
Still trying to understand deployment scenarios for nat-pt.
enterprise
native-v6 + v4-nat (as outlined in Michael Sinatra's lightning talk)
i am not unhappy with ms's preso except that enterprise keeps whining
about 1918 conflicts
and Alain Durand's v4v6v4 seem more likely deployment
I believe whoever shows off a functional NAT-PT device at the next NANOG
might get some praise. I heard it was a bit of a disaster.
by the time the show got to apnic/apricot the week after nanog, we had
the cisco implementation of nat-pt and totd working and it worked well.
randy
And the NAT-PT implementation at NANOG (naptd) did seem
to work once some configuration issues were ironed out. Unfortunately,
this was not resolved until the very end of the meeting.
your made heroic efforts with the linux nat-pt, and finally got it. but
do you think it will scale well?
A popular reason from longer ago was enterprises that used
arbitrary addresses for their internal networks,
which was safe because they'd never be connected to the real internet.
RFC1918 has made that problem mostly go away,
but as recently as 1995 I had a customer who was a bank that was
and a large chunk of Asia and Europe are running IPv6 right now.
I keep hearing this, but could you indicate what parts of Asia and
Europe are running IPv6 right now? I'm aware, for example, that NTT is
using IPv6 for their FLETS service, but that is an internal transport
service not
i am moving to a macbook pro, or trying to, from a freebsd/winxp. but
why did they have to 'add value' by mucking with freebsd and breaking my
fingers? and whoever thought the mac screen was good never used my
alienware 1920x1024.
at the ipv4 econ meet on tasman last week, macs were in extreme
definitely agree with supermicro, freebsd, zfs for servers. it rocks!
and i lived through duo, hinote, viao, thinkpad, alienware, and now mac.
i keep the alienware because it has real graphics, 1920x1024, as
opposed to the mac.
on the alienware, i run winxp with cygwin as host, vmware, and
Isn't it the case in the real world that the Internet isn't TCP ECN
compatible?
actually, no. ecn compat is increasing, happy to say.
ARIN has produced the histogram as requested and posted it to our
website. It can be found at
http://www.arin.net/statistics/index.html#ipv4org
leslie,
thank you ever so much. but the way it depects the date kinda obscures
my point. my apologies for being a pita, but could the y axis
dear arin hostfolk. could we please have the histogram for the last few
years where the Y axis is the amount of allocation and the X axis is the
number of organizations with that total size of new allocations during
the period? you'll have to bucket alloc size in some useful way,
probably
is there a ride share wiki or whatever? wiki.cluepon.net seems not to
even have a nanog page this time. like how are we gonna log which
remaining vietnamese restaurant is good?
i'm getting in to sfo from tokyo about noon, by the time i get luggage,
and do not like car rentals.
randy
Adrian Chadd wrote:
http://nanog.cluepon.net/ - start a page?
done. also offered to get a second bed if anyone needs room
thanks for the posting, john. many of us who knew jeanette appreciate it.
randy
Analyzing the Internet Collapse
analysing press sensationalist hyperbole
http://www.technologyreview.com/Infotech/20152/?nlid=854
not bad. but no new insight and facts differ from other reports
(marsailles).
randy
And AFAIK not all kilometers of cables lie on the ocean floor; if the
ocean has high depth on a given part of the cable route, the cable
simply floats on the water on that run. It's just a matter of having
enough pressure to lift it up.
and for the difficult parts, they pump helium in and get
hh no!
info on where to send, e.g. brother george's current address etc, please?
randy
Weight is a bigger issue than most people realize.
perhaps folk would benefit from [re]reading Neal Stephenson's wonderful
classic bit of gonzo journalism in Wired,
http://www.wired.com/wired/archive/4.12/ffglass.html.
randy
Dorn Hetzel wrote:
perhaps my favorite magazine article of all time.
http://www.wired.com/wired/archive/4.12/ffglass.html.
the original came with pictures sigh. i tried the wayback machine,
but could not find a version with them. :(
i guess i should wget the great ones with pics before
Network Solutions appears to have some level of support for RRs
because I am aware of domain names registered through them that have
RRs.
it is pushing glue to the parent zone, com et alia, that is the
problem.
Why don't you just put your DNS servers in some other TLD and
Network Solutions appears to have some level of support for RRs
because I am aware of domain names registered through them that have
RRs.
it is pushing glue to the parent zone, com et alia, that is the
problem.
randy
David Freedman wrote:
Will somebody please, please PLEASE let me know what magic process for
networksolutions are to get glue added, am on the 72nd hour of the
phone game where questions are bouncing between:
as far as i have been able to sort this
o netsol understands glue
o netsol understands glue
REGISTRY part of NetSol here, I think David means the REGISTRAR part no?
wow! people actually pay those prices?
ugly ugly ugly. tucows, wake up and smell the coffee!
yes... :( also Joker, and everyone else :(
how do we move this forward across the board?
And what if NetSol is your registrar that needs to add the glue!?
it hurts when i hit my head with a hammer
then stop hitting your head with a hammer
time to collect a list of registrars who do this well and easily.
randy
and pricing in australia had nothing to do with a monopilist telco with
a rapacious plan highly well articulated and sold to the govt by an
arch-capitalist with a silver tongue?
randy
Standard practice would be to localpref customer routes over peering routes.
unless unusual agreements exist with peers, this is pretty much normal
config everywhere ever since vaf whacked asp and me in '96. otherwise,
if you peer multiple places, the peer sees inconsistent routes, which
Geoff Huston wrote:
Randy Bush wrote:
and pricing in australia had nothing to do with a monopilist telco
with a rapacious plan highly well articulated and sold to the govt by
an arch-capitalist with a silver tongue?
I don't know about that. However, I do know that relatively small
similarly for the root, as rip.psg.com serves some tlds.
The request has to come from a TLD manager (anyone which uses
rip.psg.com)
i can go down the hall to the mirror and ask myself to ask me to do it. :)
but, of course, you would get a more authoritative reply
from IANA.
i am hoping
The .com/.net registry has supported RRs for over five years
(since May, 2002). The issue you may be encountering is that not
every .com/.net registrar supports them.
way cool.
do you happen to know if opensrs registrars have a path to do so?
randy
send url.
get: http://www.iana.org/cctld/cctld-template.txt
yay! that form still exists! thank you! i have had a whack at it and
sent it in. wish me luck.
what i need is the talent to find such things. thanks!
i have this trembling fear that they will have some process where
It's the same process that is used to update a delegation in the root
zone. For ccTLDs I believe there's some kind of web portal to allow such
changes to be requested, but my experience is that the old text form
also still works just fine.
i actually spent 20 minutes on the iana web site.
for those of us who are trying to provide dual stack services, how the
heck do we get v6 glue added to the gtlds? specifically, i want to add
v6 glue for psg.com and rip.psg.com in the com zone.
similarly for the root, as rip.psg.com serves some tlds.
/troll
randy
the folk who actually schedule the meetings use
http://ws.edu.isoc.org/calendar/
note that this is not the normal isoc calendar, rather one they kindly
host for the ops meeting committees.
but few of the national nogs we have seen mentioned here use it.
and it did not prevent nanog
Does this happen to anyone else posting here?
not that i have noticed. i do see massively ( 5x) more ssh dict
attacks on the hosts i have in tokyo than those on other continents.
but the sample size is too small to draw any serious conclusions. but i
would guess there are folk who
Fallback to A should be removed sure sounds like a plan.
great idea. it will only break mail to 42% of the internet.
http://en.wikipedia.org/wiki/Principle_of_least_astonishment
randy
Now instead what I can do is tag my california routes with a
california bgp community, and export only those specific routes to
you there. This way your traffic to me in NY will not go over this
session.
dunno about the community in which you peer. but the big kids have
pretty much
It plausible that if one were to assign a single /64 and reserve a 56 to
delegate per customer
as a provider, where is the win in this for me? the space is 'lost',
i.e. committed, and i increase provisioning hassles, though maybe mildly
if i am skillful. if/when the rirs sober up about ipv6
Ever calculated how many Ethernet nodes you can attach to a single LAN
with 2^46 unicast addresses?
you mean operationally successfully, or just for marketing glossies?
randy
vendors, like everyone else, will do what is in their best interests.
as i am an operator, not a vendor, that is often not what is in my best
interest, marketing literature aside. i believe it benefits the ops
community to be honest when the two do not seem to coincide.
If the ops community
Joel Jaeggli wrote:
equipment makers (as much as randy hates them)
excuse?!?!? that is unjustified and uncalled for.
vendors, like everyone else, will do what is in their best interests.
as i am an operator, not a vendor, that is often not what is in my best
interest, marketing literature
Tony Li wrote:
Randy's attitude that vendor's are all unequivocally evil
please read what i said, and not what joel, very incorrectly, said what
i said. then apologize.
randy
Mohacsi Janos wrote:
There plenty of organisation who has a dedicated team/person for
network management (routers, switches etc.), while another
team/person for system management (dhcp, servers etc.). So
configuring DHCPv6 requires cooperation which takes time, but users
are complaining
There's a tendency to move away from (simulated) shared media networks.
One host per subnet might become the norm.
and, with multiple addresses per interface, the home user surely _might_
need a /32.
sigh
might does not make right
randy
Joel Jaeggli wrote:
Randy Bush wrote:
the but what if they want the toaster on a separate subnet from the
blender gives a new depth to 'reaching.' the one case i can think of
for firewalling/routing within the home is to keep the bathroom scale
from locking the fridge.
If ipv6 subnetting
There is a huge detent at /48
other than the perennial operational pontification from on high by the
gods of the ietf (brought to us by the folk who brought us the wonderful
TLA, NLA, etc. classfulness++), could you elucidate?
randy
There is a huge detent at /48
other than the perennial operational pontification from on high by the
gods of the ietf (brought to us by the folk who brought us the wonderful
TLA, NLA, etc. classfulness++), could you elucidate?
From one angle, last time I looked, the RIRs were converging on
the but what if they want the toaster on a separate subnet from the
blender gives a new depth to 'reaching.' the one case i can think of
for firewalling/routing within the home is to keep the bathroom scale
from locking the fridge.
and if you can't make a reasonable case for it today, then
logic chains which begin with
Now I think there is a chance that
may not be the best way to do engineering. there is a 'chance that'
just about anything.
randy
simon, there are a million chances. and we are notoriously bad at
predicting any of them more than a year or so out.
randy
I work on a network with 100K+ DSL folks and 200+ leased line
customers, plus some other stuff. The leased line customers are
increasing dramatically. I should plan for a /64 for every DSL
customer and a /48 for every leased line customer I expect over the
next 5-7 years?
why not a /56 by
Furthermore, IPv6 simplifies the configuration of devices when connected to
the Internet. It improves data security and supports quality of services.
how does it improve data security exactly?
attackers are daunted by the smoke and mirrors?
sigh this stuff is hard enough to roll without the
1) there is no such a direct link between two routers located in two
Internet eXchange Points-IXPs (even in same city) if they are from
different ASes. For example, a router A belongs to AS x located in
IXP1, and router B belongs to AS y located in IXP2, there is no link
between A and B.
personal opinion
the position that politics, culture, and society have no place in
internet operations is beyond even an ostrich. they bloody *drive* the
car. while we're at it, why not eliminate finances too? sheesh!
randy
aloha michael,
i realize that good practice many not be general practice, but ...
lsr is encouraged at routers bordering with bgp peers for debugging
purposes, i.e. so that A may learn B's routing towards C without
calling/writing/bothering B's engineers.
but lsr really should be blocked at
Frank Bulk wrote:
I would have disagree with your point on centralized AP controllers
you can do so when you have deployed successfully in meeting rooms of
2000 people. joel has.
randy
it seems to be broken in a number of ways. i reported a few hours ago.
randy
at the end of nanog, i sent two messages.
http://www.merit.edu/mail.archives/nanog/msg03741.html was a
minor side note re 204/4 , about which we can all really do nothing
for many years. it engendered the thread from hell.
http://www.merit.edu/mail.archives/nanog/msg03735.html was
regarding
Mail seems to be one of those topics which is of interest to many nanog
subscribers, but simultaneously annoying to many (presumably different)
nanog subscribers.
what large subject does not fall in this category? this is just life
when you have a large community.
randy
The NANOG mailing list has never been in good order.
The NANOG meetings have always had complaints.
The NANOG community is composed of disparate parties with disparate
interests, each convinced that their interests are the only ones of
operation relevance.
it would all be so much simpler
actually, it would be really helpful to the masses uf us who are being
liberal with our delete keys if someone would summarize the two threads,
comcast p2p management and 204/4.
randy
vince,
thanks for your presentation on 240/4. i agree with it all. two points
do not hard-code address boundaries and special addresses, as we are
likely to regret doing so. two sub-lessons, ula and any other bright
ideas. Those who cannot remember the past are condemned to repeat it.
--
Randy pointed out rightly, this is not only your network that needs
upgrading, this is all the networks who communicate with you that needs
upgrading.
So, classifying 240/4 as public use is unrealistic now and will remain
unrealistic in the near future.
agree
Classifying it as private
at nanog san jose, steve bellovin presented a simple proposal for bgp
tcp/md5 re-keying. it is now rfc 4808 Key Change Strategies for
TCP-MD5. this allows us to install and/or roll keys without disturbing
the bgp session. and it is trivial for vendors to implement and for
operators to use.
indeed
and abha is saturday
randy
http://www.networkworld.com/community/node/20390?netht=101107dailynews2nladname=101107dailynews
Credit where credit is due:
http://www.xkcd.com/195/
i guess you did not read the article, eh?
randy
dunce cap on
irrelevant to the mlc action, but ...
as someone just pointed out to me, i was confusing two ex-ceos of qwest,
joe nacchio, who is a convicted felon, with sol trujillo, who is not,
but is currently the ceo of telstra.
apologies.
randy
http://rip.psg.com/~randy/mlc-complaint.mbox
It's not 'law' per se, but having the customer originate their own
announcements is definitely the Right Way to go.
it is interesting, and worrysome, to consider this in light of likely
growth in the routing table (ref ipv4 free pool run out discussion) and
vendors' inability to handle large
AU's infrastructure has a long been a quagmire of political fumbling and
organised chaos.
hey, i thought it was great of you folk to take joe nacio, convicted
felon, off our hands.
randy
5-10% of swedish households have the possiblity to purchase 100/10 over
CAT5 for USD50 a month including 25% sales tax, without any quota, and
they can actually use the speeds. Some even have 100/100.
from japan that seems pretty normal, except for it being available for
such a small
- IPv4 vs IPv6 is completely invisible to the user. I regularly run
netstat or tcpdump to see which I'm using, I doubt many people will do
that. So if IPv6 works and IPv4 doesn't, that will look like random
breakage to the untrained user rather than something they can do
something about.
- If we do NAT-PT and the ALGs are implemented and then the
application workarounds around the ALGs, it's only a very small
step to wide scale IPv6 NAT.
Perhaps it's a perspective issue, but I really don't see a problem
with that. If the network works, who cares?
well, the thing is that
i had a totally different picture in my head, which was of a rolling
outage of routers unable to cope with full routing in the face of
this kind of unaggregated/nonhierarchical table
been there done that
followed by a surge of bankruptcies and mergers and buyouts
and that is not what
and that is not what happened last time, so why should it happen
this time?
In fact, it's reasonable to assume that we will again filter
prefixes.
i agree but fear that it will be harder to find the filter algorithms
this time.
Hopefully, the ISP that is forced into this position will
Now the more interesting question is: Given that we're going
to see NAT-PT in a lot of service provider architectures to make
deploying IPv6 viable, should it be considered a general enough
transition mechanism to be Proposed Standard or just be a very
widely deployed Historic
It's quite ironic and they (Cogent) are quite contradicting themselves.
When their CEO, Dave Schaffer comes out to media and bashes Level3, France
Telecom, AOL, etc (the list goes on), citing Cogent is being unfairly
treated, each and every time Cogent gets depeered, you would think Cogent
an excellent howto from clara.net recently presented at uknof 8 in london
http://www.uknof.org.uk/uknof8/Freedman-IPv6.pdf
randy
or the folk working on http://www.civil-tongue.net/clusterf/. there
seem to be more folk working on v6 wikis than vendors working on fully
functional v6/dual-stack implementations.
at least we'll have good documentation of what people aren't implementing. :)
which one hopes will allow us to
ARIN has set up a wiki at http://www.getipv6.info to publish
information that will help ISPs, large and small in implementing
IPv6 and migrating to an IPv6 Internet.
It might be worth syncing up with the people who are working on
http://ipv6.cluepon.net/, in the interests of concentrating
http://isen.com/blog/uploaded_images/5z6vt4n-720249.jpg
It would be nice to see some new faces in that game -- maybe it
would help leverage the market a bit.
great idea! and we can call it Flag!
oh. sorry. guess it's old idea.
randy
a respected researcher (with a grad student) i trust wants to
obtain trouble ticket logs from different networks to understand the
nature of failures in ISP networks. we hope that this analysis will
help us develop troubleshooting techniques.
they have some data already from abiline and a
Xin Liu wrote:
If a router's clock is off by more than 5 minutes, it cannot forward
packets
this is false. i suggest you do more reading.
randy
i conversed offline with the OP. he was reading a sigcomm research
paper and confusing it with the internet.
randy
anyone have a phone contact number for equinix ashburn dc2? i am in
tokyo and a box in dc2 needs an attitude adjustment. thanks.
randy
thanks! verio noc beat you to it. but thanks!
randy
We have some migrations to do from one space to another and having
the ability to do some /24 advertisements during that period would
be greatly helpful.
Always assume you have no visibility everywhere and that your
squeakiest wheel will have some connection to a site you hadn't
did anyone else see an rv2 outage yesterday?
from Aug 18 04:17:30
to Aug 18 08:21:45
are these logged so longitudinal analysis can do a bit less 'heuristic'
guessing?
randy
Some folks found a command that crashed the CLI on some public
route-views or looking-glass systems this week.
Ettore Bugatti, maker of the finest cars of his day, was once asked why
his cars had less than perfect brakes. He replied something like, Any
fool can make a car stop. It takes a
1 - 100 of 1002 matches
Mail list logo
