.
Availability of peering is subject to it. So is survival of companies using
RED.
Alex
Alex,
*I* can't make any claims, since that would be making a forward-looking
statement, y'know... and after today's WorldCom events, I can hardly
say that trusting analysts is a good thing, but if you take the time to do
some research on ALGX, you'll probably see things like
, compared to those who come from comparsion
sites.
Alex
we would
have still though of a T1 as of a huge pipe.
Alex
to UUNET at $200 per mbit/sec, your costs will decrease.
Just because the IP is free with peering does not mean that it costs $0 to
peer.
Alex
for a rack/power
a couple cx to $1500/mth.
2 years ago you couldn't build a coast-to-coast backbone and get peering
costs $50/mbit. Now my rough calculations put it at ~$20/mbit if you do
it on the cheap.
D-e-p-r-i-c-i-a-t-i-o-n.
S-a-l-a-r-i-e-s.
Alex
and
the early fiber links having grown them up to
networks capable of today's traffic.
Are you talking about Net99 here?
Alex
can see, unless you are talking about UUNET, Sprint, ATT,
Level3, Q and CW.
Alex
be an enormous expense for a bum on a street, it does
not mean anything for someone who makes $100k per year after taxes.
Alex
Has anybody mentioned the benefits of ISIS as an IGP to them.
Link-state protocols are evil, and when they break, they *really* break.
I still do not see a compeling argument for not using BGP as your IGP.
Alex
a route-reflector, but that would mean if the
route-reflector goes down you're screwed.
Confederations are your friends.
route-map set-igp-community is your friend.
Alex
-Ralph
--
using confederations makes it complicated. In fact, should
a network consist of two or above pops, and has more than one exit point,
confederations are an excellent way to give one ability to fine tune traffic
distribution.
Alex
Link-state protocols are evil, and when they break, they *really* break.
I still do not see a compeling argument for not using BGP as your IGP.
Alex
iBGP is only one half of an IGP. It is the where to go half.
You still need some other igp (isis, ospf, rip, static routes, etc
fare
As you say disable synchronization and try and control the physical reach of
your igp by some mechanism.. areas, summaries, ASes etc
Which is exactly what you are doing when you inject nailed routes into bgp.
So, why do you need IGP such as OSPF again?
Alex
quicker convergence and much much less CPU
requirement on your rotuers
And with nailed BGP routes you dont need additional layer of complexity.
Alex
Which is exactly what you are doing when you inject nailed routes into bgp.
So, why do you need IGP such as OSPF again?
Alex
To carry the bgp next-hops around the network? You could add in statics
for every next-hop on every router, but this kind of configuration is
complex
is hardly failure/meltdown?
How many SECONDS does it take to for your network to meltdown from normal
traffic level?
Alex
--
of the network that were *NOT* affected by the original mess.
Please not that this discussion tends to get restarted whenever we have a
real OSPF (or ISIS) caused mess.
Alex
more
stability on the internet.
As far as BGP would have done the same thing: would you mind desciring a
configuration of BGP where deletion of a network statement in one router
would cause unreachability across paths that do not *realy* on that network
statement?
Alex
failure might be fixed by the time the computation
is about 50% complete.
Again, there is no static net.
Alex
dynamic igp with
static and connected, apples to apples comparison would be:
Can you describe a configuration where removing 1 static route
on 1 router would cause unreachability for other paths?
Again, this is fully dynamic routing.
Alex
whatever it is you
need, the only question is what happens when something goes down.
route-map internal-link permit 10
match blah
set metric +10
do blah
Alex
to do certain things. It is more than
likely that I would have not had such a strong opinion of existing IGPs
(OSPF and ISIS specifically) if those IGPs were following dont tell anyone
anything policy until instructed otherwise.
Thanks,
Alex
I have to second that. Riverstone is definitely a solid box.
Featurewise, routing protocols are excellent, but services are not quite
there. (I.E. it doesn't support any IP tunneling protocol in any shape or
form. GRE is extremely useful under some circumstances, but sadly,
not with
Why in this day and age, 9 years after the invention of CIDR, are we still
refering to class C's?
Because we used up class Bs?
Alex
.
Alex
that can be applied to me is
less clear.
This fails to address how this affects someone who has no problem with legal
ramfications - i.e. a terrorist.
Alex
caught, then he'll do the second.
Even a terrorist that will die to kill will probably not die to
inconvenience.
This presumes he subscribes to the western value system. It had been proven
to be a fatally incorrect presumption.
Alex
.
Lets bring this discussion to a some common ground -
What kind of implact on the global internet would we see should we observe
nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
major known interconnect facilities?
Alex
their paths. Circuit
customers that rely on some equipment located at the affected sites, losing
their circuits.
Alex
facility was in one tower of WTC and backup
facility in another.
Alex
)
Alex
be
not arrogant, but bright - using port TCP 80 is an excellent way to bypass
firewalls. If your firewall performs content analysis, one can simply encode
the data in valid HTML code.
Alex
come up with another method of detecting and
blocking spam, another method is bypassing this defense is going to show up.
Alex
is a great thing, so it wont get anyone busted.
Alex
in valid HTML to tunnel it through a
firewall, it *will* be done. Several years ago, we had implementations of
telnet over email, I am sure modifying it to do telnet over HTML would be a
rather trivial task.
Alex
be broken through in
10-15 minutes. None of the doors of that class is in your house. Why do you
have a door on your house?
Alex
public. Can someone please explain
to me why (apart from relative ease of mounting those attacks) do we care
about attacks mounted via wireless LANs more than attacks mounted over any
other medium?
Alex
[1] The point that the original poster made was that since the WEP is rather
trivial to break
.
Neither would someone standing in front of your door with lockpicks on a
busy streeet. You would be amazed how small those tools are.
The point of the post was that knowledge of the limitations of tools that we
use to protect access does not justify not using those tools at all.
Alex
chipsets
supporting it and quality product.
Yeah, ethernet over what, carrier pigeons?
Alex
permanently shut eyes.
Alex
Is there a more accurate method to determine the country of origin for an
IP than the methods I've described above?
Yes, at least three companies have databases of pretty much all /24s and
above mapped up to a zip code.
Alex
This is an automatic email from Fuckedcompany.com. A new rumor has been
submitted on October 3, 2002 9:37AM that matches your keyword Worldcom.
Huge Worldcom Outages
WorldCom
http://www.uunet.com
UUnet is having a massive network outage. You can't even get through to tech
support -- they
On Thu, 3 Oct 2002, [EMAIL PROTECTED] wrote:
Is there a more accurate method to determine the country of origin for an
IP than the methods I've described above?
Yes, at least three companies have databases of pretty much all /24s and
above mapped up to a zip code.
So far
sure that crypto-card service talks
GSS-API.
Have a GSS-API service provider
Configure all your systems to use GSSAPI interface.
So, why are we re-inventing the wheel again?
Alex
P.S. Dont claim that crypto cards are expensive. If you have 4 Unix
machines, you can AFFORD to give everyone
are a joke. I have /19's that are SWIPed to the billing
office but used in remote POPs. No-one is ever gonna figure out where
they really are.
Wrong answer.
Just because free public dbs dont have that info does not mean that it does
not exist.
Alex
, then
collect money from the saps who believe you...
The really neat things about talking to computer geeks is that they all
operate with the lots of absolutes. They will explain to you why in a
specific case it does not work and forget that those specific cases are
usually exceptions.
ALex
P.S
measure
mileage. Rather whey would flag transactions that make no geographic sense
and pull them for separate processing.
ALex
.
Actually, they do. They get charged less to clear a credit card transaction
that looks squeaky clean compared to the one which is somewhat clean.
Thanks,
Alex
refused to do that something. I shall tell my
router to do what I want it to do. It will follow my direct instruction.
Now either configure a secondary IP on the second router, or create IP
route pointing to the router that knows how to get to the destination.
Alex
that used a single shared inbox for customer
communication regarding BGP filter updates. That company had no concept of a
ticketing system.
Alex
that subnet directly.
If you do not want to do that, configure a dynamic routing protocol or
insert a static route pointing to a router which knows how to reach that
network directly.
Alex
secondary
How does it determine where to send the packets? ARP.
Which is the same as adding the route described above.
No it is not. In this case you defined direct connection. IP does not know
about this direct connection without that. Should you drop that secondary
line.
Alex
little
arp games that someone can play.
Alex
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of Ralph Doncaster
Sent: Monday, October 07, 2002 12:56 AM
To: Jason Lixfeld
Cc: 'Alex Rubenstein'; [EMAIL PROTECTED]
Subject: RE: iBGP next hop
Hello,
If your company or a company that you know of provides dial-tone
service in 215/610/609 area codes and it is not Verizon, could you please
drop me a note off the list.
Should there be interest, I will post a summary.
Thanks,
Alex
--
less. Since their costs are fixed, and
the amount of billable traffic decreases, the break-even price per meg goes
up, not down. They wont filter up until it would be more expensive not to
filter.
Alex
to begin with?
Alex
would be interesting to hear details.
Loss of ICMP packets generated by links with endpoints numbered in
RFC1918
space. Holes in traceroutes, broken PMTU detection.
Why do those links have endpoints in RFC1918 space to begin with?
Alex
Because some administrators
is? Last time I
looked, the Internet looked more like a bunch of spiders having an orgy.
Alex
can report a problem or contact a company.
Alex
, but
getting the majority of large providers to implement one is a good
start.
Brilliant solution - lets stop DDOS attack on the customer by denying
service to the customer is a non-distributed way.
Alex
from
using your network.
If such system is implemented, the DOS attacks will become a lot
harder to trace and chase after, since the attackers will simply trigger
target blackholing.
Alex
and real
depreciation schedules, the Enterprising Co manages to make money hands over
fist because it does not spend $80MM USD to built 15,000 sq. feet of space.
Alex
back.
Unless you did - g,
Not correct. -g specifies loose source routing on the way *there*, not back.
Alex
assumption.
Thanks,
Alex
or does it mean that a principal is broken?
Alex
P.S. In this specific case I am strictly looking at misconfiguration causes
problems implies brokenness of the protocol.
Sounds like you're trying to either shoot yourself in the foot, or design a
new too-clever-by-half way of building a VPN.
It is called a one-way ip over satellite link to places like Australia, New
Zeland or Middle East. So it is not like we are talking about little bit of
traffic.
Alex
using multiple AS numbers? No.
(B) Is there a reason to deaggregate? Absolutely. The biggest being rather
bad internal allocations practiced by networks.
Alex
--
concerned about
it if one has good lawers. Otherwise one would end up in the position Google
and Yahoo ended up in Germany.
Alex
at an international
airport and as opposite to going to vacation in Amsterdam, he will end up in
a lovely jail pending extradition to Spain.
Welcome to the lovely world that you want to ignore.
Alex
through a passport control at an international
airport and as opposite to going to vacation in Amsterdam, he will end up in
a lovely jail pending extradition to Spain.
Welcome to the lovely world that you want to ignore.
Alex
I have a bit of news for you here. Dutch authorities do not recognize
being sued
by one of those Jewish groups for displaying Nazi memorabilia on its auction
site.
Yahoo decided it was better to pull that than deal with the lawsuite.
Alex
would like to review come
from E1 = E2, E = mgh, W = K1 - K2.
Alex
be around before it
falls due the same problem ( dclue/dt 0 on the part of those who run it )
manifesting itself in a different way.
Alex
conference notice and request for participation?
Would that friend be so kind as to name more than a handful places in Africa
with IP connectivity (multinational companies do not count).
Alex
allocated addresses as IP connectivity.
Alex
of the 419 spam
I get from Nigeria, Cote d'Ivoire, Ghana, and other west African
countries originates in cybercafes with satellite links.
Correction... *very* *few* satellite links.
Alex
fit with your preconceptions, so I'll drop it here.
Be sure not to look at
http://directory.google.com/Top/Regional/Africa/Nigeria/Business_and_Economy/Internet/
or you might learn about at least ten ISPs operating in Nigeria.
*yawn*
Have you ever been in Lagos?
Alex
Try finding some IP connectivity while in Nigeria.
do tell us your personal experience and when it was.
The most recent? Lagos, Sep 2002.
Alex
not only US-like internet penetration but also
a US-like legal system.
I would suggest that those who never stepped a foot in the sub-Saharan Africa
refrain from describing how the internet access is setup there.
Alex
be allocated to them (and filter-making folks
dropping filtering).
Smaller registries (APNIC, LACNIC), under this proposal, would request a
/8 when their current /8 is 50% full.
This should reduce frequency of required filter updates to once a year or
less.
-alex
On Fri, 6 Dec 2002, Barry Raveendran
a box like this to analyze and dozen OC-12c(s)? I know that
the sales people for boxes like this right now are really hurting for
business but give us a break.
Alex
of NetFlow or the like.
I have an amazingly simple proposition - as opposite to guesstimating the data
coming up with excuses why not to use NetFlow, get NetFlow data for your own
network.
Alex
will be an intersection of routes announced
by the AS to other AS (including looking glasses).
Alex
?
My total traffic is Z, my traffic to AS X is Px%. My traffic to AS Y is Py%.
Py is 70x Px. I therefore should attempt to get interconnect with y.
Alex
of the routes will be an intersection of routes announced
by the AS to other AS (including looking glasses).
oops, this should be read as by the AS to other AS' (including the data you
can pull of from looking glasses).
Alex
likely. Use them.
Alex
This is a very common situation if you have any decent amount of peering,
and/or if you are considering peering with a provider who has any
reasonable number of multihomed customers. As we've already proved in
previous nanog emails, the top 20 route-announcing
should not be
exposed to 3rd parties.
Yeah, right.
Alex
peering sessions
to control inbounds better?
Because they do not do custom anything.
Alex
- websites tend to send traffic out,
not take traffic in.
Alex
of the inbound link from others being saturated for a
company that provides mostly transit to webhosters is nill to nothing.
Alex
to deal with that would be for cogent to
provide special community that would allow me to direct cogent to prepend
several of their ASN to level3 advertisements.
Cogent doesnot do anything custom.
Alex
IIRC, and I may be wrong, either IS-IS or CLNS (can't remember which)
can look at congestion, and EIGRP can look at load if you tweak the K
parameters.
Silly redistribution of IGP into BGP leads to flapping.
Flapping leads to dampening.
Dampening leads to suffering.
Alex
Sun's hme cards won't go full duplex even though they advertise it to
remote switch, causing immense headaches to anyone with Sun gear...
http://www.eng.auburn.edu/~rayh/solaris/solaris2-faq.html#q4.13
-alex
On Tue, 7 Jan 2003 [EMAIL PROTECTED] wrote:
Heh. Tell that to my Catalyst 3548's
/ It
does happen transparently for most types of sockets, however the attacker
can and will disable ECN with a single syscall.
Alex
to verify that we in fact can perform function that we
have been contracted by you to perform.
Still like it?
Just a thought.
Just an answer.
-Dave
Alex
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
Secure inside network. Has anyone heard of any confirmed cases of this
yet
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote:
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back
difficult than implementing a security
policy for an office with 5 computers that are connected to the Internet.
Alex
. The other designs are not only
more expensive but also less reliable (as we have seen here).
Alex
1 - 100 of 528 matches
Mail list logo
