just curious
do most SPs/IXs actually have the entire BGP routing table with them?
so that every network in the world which is registered is availble to them
in some form or another?
-rgds
Alok
- Original Message -
From: alok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Martin [EMAIL
$author = alok ;
they will charge you a whooping sum for that picking places bit ;o)
... i agree that the best place to actually address such scenarios is the
backbone/peering points/borders where all traffic is seen..rather than
go around tinkering at all edges..but i dont know how RPF
they will charge you a whooping sum for that picking places bit ;o)
... i agree that the best place to actually address such scenarios is the
backbone/peering points/borders where all traffic is seen..rather
than
go around tinkering at all edges..but i dont know how RPF would address
the
$author = alok ;
do most SPs/IXs actually have the entire BGP routing table with them?
how longs that piece of string?
there are many ways to design a network. you can have no BGP feeds (defaults
+ static), you can have no full BGP feeds (maybe customer only feed across
a peering circuit +
Did you already check http://www.euro-ix.net/isp/choosing/search/form.php. This DB
lists all ASN connected to any Euro-IX member (currently 23).
Regards, Arnold
- Original Message -
From: Petri Helenius [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 05, 2002 8:07 AM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On Monday, November 04, 2002 19:22:14 -0500 [EMAIL PROTECTED] wrote:
So, in this vein, is there gear other than old 12000 linecards that
can't do RPF? Is anyone still using 2500's or 4500's?
What non-hardware reasons are there not to do
inline
$author = alok ;
so its a hardware limitation?bigger cores needed
not necessarily. if you do the filtering in the right places you can leave
the core to do it's job of passing packets.
also, the idea of filtering at the edges is designed to reduce the distance
dud packets
$author = alok ;
yup, but its fine if they reach the core as long as they dont go out
of it onto some WAN ($$) link (surely u have enuf on ethernet and pretty
much dont care whats there),... its still not hogging away bandwdithbut
its the ideal point to know everything passing
Last night I saw an issue with connectivity between a domestic site in
Pennsylvania off of Level3's network connecting to a site on UUNet in
Australia - latency was almost triple of what it normally is...
Level3's response was of course We don't see anything - even with
traceroutes showing
We have competitors that are claiming that their network is superior to
ours (salesdroids to customers) because they have fewer L3 hops in their
network. I see this fact pop up in customer questions all the time.
I can see that L3 hops adds latency if a network is built on slow (2meg
for
In a commercial sense hops are seen as bad, points of failure(?) or
'distance from the middle of the internet'?. Who knows
Traceroutes aren't great at seeing whats REALLY going on.
I suspect if everyone removed all their 'hop hiding' technology
traceroutes would be at least 60% longer, the
Does anyone have a nice reference I can point to to once and for all
state
that just because a customer has 6-8 L3 hops within our network (all at
gigabit speeds or higher) that doesnt automatically mean they are getting
bad performance or higher latency.
When I was at Ebone I would sometimes
On Tue, Nov 05, 2002 at 09:07:20AM +0200, Petri Helenius wrote:
Is there a standardized depository of information where lists of which
AS´s are present in which exchange(s)? RADB does not really cut it since
it only lists the participants of the interconnect, not really
identifying the
On Tue, 05 Nov 2002 13:26:04 +0530, alok [EMAIL PROTECTED] said:
=== coz the destination network is there. its still a viable config
isnt it..incase of assymetric uplinks and downlinks? ..wht stops u from
not having a route to the source as routing is destination IP based...
u confused me with that question... who said the destn net was unreachable?
On Tue, Nov 05, 2002 at 06:13:37PM +0100, Mikael Abrahamsson wrote:
We have competitors that are claiming that their network is superior to
ours (salesdroids to customers) because they have fewer L3 hops in their
network. I see this fact pop up in customer questions all the time.
I can
address (as per your scenario). You look up the destination in the routing
table, and don't find it. So we look in RFC792 on page 5:
If, according to the information in the gateway's routing tables,
the network specified in the internet destination field of a
datagram is
On Wed, 06 Nov 2002 01:27:21 +0530, alok [EMAIL PROTECTED] said:
- who does? the source is reachable...via BGP.its a
valid internet address...
Hold that thought for a bit, and remember that at least *some* of us were
discussing whether to drop packets if we *DONT* have a
Of course L3 forwarding is not by itself bad for the packets. However...
If you have a network with excessive hops (for some definition of
excessive), it probably means one or more of the following:
A) you have a poor (or at least non-elegant) network design.
If your L3 topology is well
Anyone want to admit privately (I'll summarize to the list) if they actively
filter certain partitions of APNIC space?
We did a little experiment the past couple of days and saw at 85% of our
port 13[5-9] scans, Code Red/Nimda/formmail attempts, etc. go out the door
by blackholing those networks
On Tue Nov 05, 2002 at 01:09:06PM -0500, Richard A Steenbergen wrote:
On Tue, Nov 05, 2002 at 09:07:20AM +0200, Petri Helenius wrote:
Is there a standardized depository of information where lists of which
AS´s are present in which exchange(s)? RADB does not really cut it since
it only
On Tuesday, Nov 5, 2002, at 15:22 Canada/Eastern, Eric Germann wrote:
Anyone want to admit privately (I'll summarize to the list) if they
actively
filter certain partitions of APNIC space?
We did a little experiment the past couple of days and saw at 85% of
our
port 13[5-9] scans, Code
John Crain [EMAIL PROTECTED] writes:
*PLEASE NOTE*
This is an important Informational Message to the internet community:
November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for dot.
Why is this change being made?
Also:
The change
On Tue, 5 Nov 2002, Eric Germann wrote:
:Anyone want to admit privately (I'll summarize to the list) if they actively
:filter certain partitions of APNIC space?
I realize that you have asked for private replies, but I think
this might be useful to the rest of the list, albeit merely my
Also...
Why is it that the PGP keys with which the root zone cache file is
being signed aren't widely available? The files are signed with keyid
C1D27AF9 which I cannot retrieve from, for instance, the MIT PGP
keyserver. Given the importance of the file it would be nice to verify
the data.
--
What about mapping it by something more relevant to the structure
of the network like say, ASNs?
now _that_ is a reasonable suggestion. it's not like APNIC manages the
routers or traffic emanating with source-addresses from those prefixes.
ASNs typically do.
s.
What about mapping it by something more relevant to the structure
of the network like say, ASNs?
And filtering on ASN-basis is straightforward if you have loose
RPF deployed. Just filter the inbound announcements from a specific
AS and all traffic will be dropped automatically.
Pete
November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for dot.
Why is this change being made?
as a simple step in improving the robustness of the
overall system. back in the day, NSI agreed to act
as guardian for a couple
Once upon a time, Perry E. Metzger [EMAIL PROTECTED] said:
John Crain [EMAIL PROTECTED] writes:
November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for dot.
Why is this change being made?
My guess would be because of the proximity of
Stalk them via DNS... that's as close as it gets. That URL updates once an
hour if people want to use it, but it really needs someone to design a
web interface with an updating list of what's new.
Of course, it'd help if IX operators kept their DNS updated. We're at
7 of the listed IX
On Tue, 5 Nov 2002, Petri Helenius wrote:
If your L3 topology is well aligned with your L1 topology, you usually
end up with more hops. The less intermediate gear, like SONET you
use but do L3 instead, the more L3 hops you have.
This is exactly what we do, we run L3 pretty much directly on
We have had enough regular attacks on our web farm to put together tools
that catalogue the attacks, report them to a central database, and post
them to a website. The data is extracted hourly for the website to cut down
on server / database loading.
You can find our display of this data at:
Around 1340 EST today, all four of our CW connections (1 each of BAR-1
and 2 to both Atlanta/ALD and WashDC/DCK) flapped (physical circuit
down/up) simultaneously, followed by BGP flaps on all four about ten
minutes later.
Anyone else notice CW getting weird? Or could this be related to the
On Tue, 5 Nov 2002 14:25:59 -1000
Michael Painter [EMAIL PROTECTED] wrote:
- Original Message -
From: Daniel Senie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 05, 2002 1:51 PM
Subject: Attacker Data / Wall of Shame
We have had enough regular attacks on
Why is it that the PGP keys with which the root zone cache file is
being signed aren't widely available? The files are signed with keyid
C1D27AF9 which I cannot retrieve from, for instance, the MIT PGP
keyserver. Given the importance of the file it would be nice to verify
the data.
that's
Interesting data.
Do you filter or identify spoofed IP addresses?
Also, any data collected on more direct DoS attacks?
Thanks.
Rajesh.
--- begin message from Daniel Senie ---
We have had enough regular attacks on our web farm to put together tools
that catalogue the attacks, report
Cool, the root checks in BIND work
Nov 5 22:28:35 clifden named[2072]: [ID 295310 daemon.warning]
check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint
records
Nevertheless, BIND 8.X does appear to use the root list returned from the
queried name server
. 517997 IN
On Tue, 5 Nov 2002, Daniel Senie wrote:
We have had enough regular attacks on our web farm to put together tools
that catalogue the attacks, report them to a central database, and post
them to a website. The data is extracted hourly for the website to cut down
on server / database loading.
At 10:29 PM 11/5/2002, Rajesh Talpade wrote:
Interesting data.
Do you filter or identify spoofed IP addresses?
We block packets with source addresses which are obviously bogus (see
recent IANA RFC for the list). Past that, note that these data are all
derived from analysis of HTTP GET
At 10:56 PM 11/5/2002, Christopher L. Morrow wrote:
On Tue, 5 Nov 2002, Daniel Senie wrote:
We have had enough regular attacks on our web farm to put together tools
that catalogue the attacks, report them to a central database, and post
them to a website. The data is extracted hourly for
Where is the edge of the Internet?
here's what i came up with while trying to explain the edge elsewhere.
1 - Connection Taxonomy
1.1. The Internet is a network of networks, where the component
networks are called Autonomous Systems (AS), each having a unique AS
Number (ASN).
On 4 Nov 2002, Paul Vixie wrote:
And remember - Paul Vixie has shown that 10% of the inbound traffic at
c.root-server.net is bogus rfc1918 sourced. Making the addresses public
will serve as a DDoS vector against the root operators
moreover, duane wessels came to eugene last week to
On Wed, 06 Nov 2002 01:27:21 +0530, alok [EMAIL PROTECTED] said:
- who does? the source is reachable...via BGP.its a
valid internet address...
Hold that thought for a bit, and remember that at least *some* of us were
discussing whether to drop packets if we *DONT* have a
$author = alok ;
you can't if its a valid internet address...can you?
depends on what you mean by valid.
- does valid = any 32 bit dotted quad?
- does valid = any IP not in 1918 space?
- does valid = any IP that the routing table has an entry for?
- does valid = packets from this IP came in
here is the scenario
u have a bgp A ---ospf-B - bgpC router setup
what will u do on ospf -B ?
coz transit traffic can flow thru it...
careful selection... :o) well that way u can fill every hole .. no end to
it... and it generates good jobs :o)
but what i was trying to say to Valdiswas
Sean puts this very nicely... I was away today so I missed the rest of the
traffic and looking it over alot of it was not relevant. I'll put in some
comments here though.
On Mon, 4 Nov 2002, Sean Donelan wrote:
On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote:
What about the other large isps?
46 matches
Mail list logo