Re: Egress filters dropping traffic
On (2013-06-30 22:04 +0530), Glen Kent wrote: Under what scenarios do providers install egress ACLs which could say for eg. 1. Allow all IP traffic out on an interface foo if its coming from source IP x.x.x.x/y 2. Drop all other IP traffic out on this interface. Question seems to be 'when do you need to drop packets', I'm sure 10 different people would give 10 different use-cases. One use-case for this particular ACL is that the interface is used for MGMT only, so you allow NMS network and drop everything else. -- ++ytti
Re: /25's prefixes announced into global routing table?
Le 25/06/2013 11:43, Arturo Servin a écrit : And this presentation by Geoff Huston: Thanks ! Funny thing is, the IPv4 table projection looks accurate for now. Does it seem plausible to establish a backpressure model over a longer period now we have some more data about new allocation policies and general behavior ? -- Jérôme Nicolle 06 19 31 27 14
Re: SixXS Contact
[several replies in one (hence cc's) to not clutter the list with non-really-nanog stuff, but it kinda deserves a reply, reply-to set to where these things should be going in the first place] [TLDR: contact = i...@sixxs.net, mail queue is long, human time is limited, if you have lots of users some will feel wronged] On 2013-06-27 16:17, K. M. Peterson wrote: Are there any SixXS admins who read this list? Several, but it is not the contact point. Note that if you had searched the NANOG archives, or googled, or read the SixXS website this would have been clear. But let me nevertheless answer these comments and then return to normal live, real work and then in our spare times processing the request queues and the insane backlog of email. I seem to have committed a faux pas with respect to requesting an account, and I'm not getting any responses to my attempts (to i...@sixxs.net) to clear up the issue. In that mailbox there are currently 6396 unreplied messages, this is spread over the last several years though (and some back-dated spam that passed the filters creeps in there too). We used to have a near real time statistic at http://www.sixxs.net/misc/operstats/ indicating that, due to infrastructure changes though this does not show anymore there though. Your message is thus among those unreplied ones (I quickly see 3 in the mail queue). Unfortunately things that are not automated have to be handled by humans and time is a rather limited resource (and getting good people who help along is a very tricky thing as we have found out; hints appreciated). We would love to have more time for SixXS, but there are unfortunately only 24 hours in a day and many of that is used for real life. Just in case: we make it a point to not prefer handling one persons case over the rest of them. They all get handled in turn. (LIFO style in typical case, and sometimes we then jump back a lot to resolve a few of those too, but pretty much at random) On 2013-06-27 16:47, Anthony Williams wrote: Can I piggy back on that inquiry and request a reset of my ISK points after committing a faux pas with respect to going negative from down v6 tunnels and deleting. Now to create a new tunnel I need positive ISK points and I'm stilling at -10 with no way to boost my numbers. :( Reset Points: AWJ11-SIXXS Oh Pretty please w/sugar on top. :) You deleted the two working tunnels you had, adding a few credits does not resolve your problem as you have been answered in email. Resetting your credit would quite well make the credit system useless as people could then just waste it all, not maintain their connection and then ask for more, but we have other ways of solving problems like this. On 2013-06-27 21:43, Måns Nilsson wrote: Personally, even though I'm on the same IRC channel as one of the admins and could have all support I want Extremely interesting statement. As I am sure you are not on the IRC channel that I do actually idle at... and even if you where, SixXS does not do help on IRC or for specific people, see above and the site. On 2013-06-28 13:48, Måns Nilsson wrote: Apparently I'm not on the same IRC channel as an admin anymore: Just let me state that the day after I quit working with SIXXS I got myself a HE tunnel I am really wondering which admin you mean, and working is impossible as it is just all done in free time. Please read the about page, and you'll realize there are only two people who 'are' SixXS, both of us have lots of native connectivity and for the left-over locations have a wide array of SixXS PoPs to choose out of thus no need for alternates; though in case of throughput/latency being better and the need would be there that would of course be a better and thus logical choice. Also note that anybody who really is with SixXS would write SixXS and not everything in caps as they know the difference in writing style and the reason why it is written that way. (The same trick with people writing TOR which would mean Top Of Rack, not Tor as in Tor Project) On 2013-06-27 22:00, Andrew D Kirch wrote:[..] Yes it's a private service, yes it's run by volunteers, BUT SIXXS is publicly putting themselves forward as ambassadors for IPv6. The main target is to create a common portal to help company engineers find their way with IPv6 networks deploying IPv6 to their customers http://www.sixxs.net/faq/sixxs/?faq=enduser in a rapid and controllable fashion. (Sixxs website) and For whom? For everybody. The average joe and jane can use AICCU so that they can use IPv6 very quick and easy. (SIXXS website about us). That is all correct. And I am actually extremely convinced that we have overreached every single one of the goals that we have set out to achieve: http://www.sixxs.net/faq/sixxs/?faq=why I'm neither Joe nor Jane, nor am I Tom, Dick, or Harry, and quite frankly SIXXS has been abrasive and abusive in my attempt to use their service. Yes, it is really hard for some people to
Ciena MPLS-VPWS
Hi all, I need a little help with MPLS-VPWS configuration on ciena 3916. Could someone knowledgeable in the topic please contact me off-list? Thank you Chris --- -= Amat Victoria Curam =-
EC2 issues starting at about 9am Eastern
Hello, Is anyone seeing any EC2 issues? We started seeing them as of about 9:01am today. The issues are manifesting with different instances sporadically not being able to connect to each other or connect to hosts ourside EC2. Thanks, Alex
Re: www.att.net ipv6 traceroute
On Mon, Jul 1, 2013 at 7:34 AM, David Hill dh...@mindcry.org wrote: Anyone else noticing odd ipv6 traceroutes to www.att.net (2001:1890:1c01:2::40)? For example, the first traceroute originating in Chicago, and if the hostnames are anything to go by: Chicago - Dallas - Atlanta - Miama - NYC - Amsterdam - Frankfurt - France - D.C. - Atlanta... The first 2 traceroutes are on SixXs tunnels and the third is native. From 2604:8800::/32 (Chicago, Sixxs) 2 gw-122.chi-03.us.sixxs.net 25.925 ms 14.816 ms 13.645 ms 3 uschi03.sixxs.net 18.651 ms 15.544 ms 34.06 ms 4 2620:0:6b0:a::1 27.401 ms 15.677 ms 14.83 ms 5 tge6-3.fr3.ord4.ipv6.llnw.net 14.482 ms 18.875 ms 21.112 ms 6 ve8.fr3.ord.ipv6.llnw.net 28.965 ms 24.031 ms 15.947 ms 7 tge2-1.fr3.dal.ipv6.llnw.net 39.672 ms 41.431 ms 49.888 ms 8 tge4-1.fr3.atl1.ipv6.llnw.net 59.908 ms 62.198 ms 72.244 ms 9 tge2-1.fr3.mia1.ipv6.llnw.net 78.641 ms 75.351 ms 74.425 ms 10 2600:804:11f::11 91.243 ms 90.002 ms 87.802 ms 11 2600:802::23 119.804 ms 100.727 ms 100.737 ms 12 ge-0-3-0.IL1.NYC12.ALTER.NET 147.803 ms 145.406 ms 147.878 ms 13 ae1.XT2.AMS2.ALTER.NET 148.699 ms ae1.XT1.AMS2.ALTER.NET 146.322 ms 152.503 ms 14 GigabitEthernet6-0-0.GW5.AMS6.ALTER.NET 145.967 ms 148.903 ms 165.926 ms 15 FastEthernet0-0.6B1.AMS6.ALTER.NET 183.716 ms 156.131 ms 194.141 ms 16 tu3.6B1.FFT4.ALTER.NET 184.867 ms 184.005 ms 170.47 ms 17 ffm-s1-rou-1006.DE.eurorings.net 159.565 ms * 173.012 ms 18 ffm-s1-rou-1102.DE.eurorings.net 200.82 ms 225.979 ms 207.712 ms 19 kehl-s2-rou-1103.DE.eurorings.net 228.884 ms 208.576 ms 203.722 ms 20 nntr-s1-rou-1101.FR.eurorings.net 192.901 ms 210.818 ms 210.279 ms 21 * 2001:680:0:134:222:226:160:1 189.452 ms 171.714 ms 22 2001:1890:c00:c001::1171:ecca 192.306 ms 164.33 ms 192.835 ms 23 2001:1890:c00:c001::ee71:ecca 222.488 ms 218.21 ms 194.537 ms 24 2001:1890:ff::12:122:105:90 214.309 ms 216.21 ms 216.51 ms 25 wswdc22crs.ipv6.att.net 206.215 ms 220.884 ms 202.472 ms 26 attga21crs.ipv6.att.net 213.776 ms 220.918 ms 205.205 ms 27 attga409me3.ipv6.att.net 190.66 ms 228.532 ms 200.606 ms 28 2001:1890:c00:8802::11cc:6c6d 217.65 ms 222.145 ms 210.213 ms From 2a02:2528::/32 (Switzerland, Sixxs) 2 gw-91.gva-01.ch.sixxs.net 28.932 ms 28.415 ms 29.091 ms 3 2a02:2528:ff:1::4 28.082 ms 28.873 ms 41.525 ms 4 ge0-1.gv1.ip-max.sixxs.net 29.546 ms 37.835 ms 29.366 ms 5 ge3-14.ar01.gva253.ip-max.net 30.502 ms 32.925 ms 29.370 ms 6 ae1.cr01.gva253.ip-max.net 45.019 ms 41.335 ms 47.675 ms 7 xe0-0-1.cr01.gva252.ip-max.net 28.903 ms 33.530 ms 41.954 ms 8 po1.br01.gva252.ip-max.net 39.794 ms 34.197 ms 28.843 ms 9 r1gva1.core.init7.net 28.849 ms 32.812 ms 31.988 ms 10 r1zug1.core.init7.net 47.583 ms 42.633 ms 37.785 ms 11 r1glb1.core.init7.net 36.323 ms 56.574 ms 34.909 ms 12 r1zrh1.core.init7.net 50.896 ms 56.617 ms 42.967 ms 13 ae0-12.zur11.ip6.tinet.net 42.462 ms 41.909 ms 41.557 ms 14 xe-0-1-1.nyc20.ip6.tinet.net 128.395 ms xe-0-1-2.nyc20.ip6.tinet.net 127.736 ms xe-0-1-1.nyc20.ip6.tinet.net 120.968 ms 15 nyiix.iij.net 121.285 ms 121.758 ms 120.904 ms 16 nyc002bb10.iij.net 121.436 ms 122.211 ms 120.475 ms 17 abn001bb10.iij.net 121.829 ms 123.181 ms 121.787 ms 18 2600:803:92f::1 143.860 ms 125.196 ms 179.323 ms 19 2600:802::23 139.937 ms 132.728 ms 140.416 ms 20 ge-1-2-0.il1.nyc12.alter.net 130.477 ms ge-0-3-0.il1.nyc12.alter.net 130.349 ms 140.231 ms 21 * * * 22 gigabitethernet6-0-0.gw5.ams6.alter.net 349.594 ms 129.648 ms gigabitethernet7-0-0.gw5.ams6.alter.net 130.583 ms 23 fastethernet0-0.6b1.ams6.alter.net 138.677 ms 169.896 ms 402.511 ms 24 tu3.6b1.fft4.alter.net 379.628 ms 156.939 ms 138.227 ms 25 * * * 26 ffm-s1-rou-1102.de.eurorings.net 219.035 ms 227.354 ms 236.133 ms 27 kehl-s2-rou-1103.de.eurorings.net 228.896 ms 221.190 ms 239.280 ms 28 nntr-s1-rou-1101.fr.eurorings.net 219.410 ms 226.779 ms 230.940 ms 29 2001:680::134:222:226:160:1 247.598 ms 243.938 ms 218.783 ms 30 2001:1890:c00:c001::1171:ecca 217.493 ms 242.119 ms 217.778 ms 31 2001:1890:c00:c001::ee71:ecca 238.297 ms 219.211 ms 218.524 ms 32 2001:1890:ff::12:122:105:90 257.048 ms 250.699 ms 252.160 ms 33 wswdc22crs.ipv6.att.net 248.764 ms 268.970 ms 416.443 ms 34 * attga21crs.ipv6.att.net 239.030 ms 241.492 ms 35 attga409me3.ipv6.att.net 249.902 ms 268.800 ms 253.631 ms 36 2001:1890:c00:8802::11cc:6c6d 260.203 ms 236.484 ms 245.413 ms From 2001:1b60::/32 (Germany, Native) 2 2001:1b60:0:1:0:1:0:1 0.275 ms 0.247 ms 0.237 ms 3 Pironet.FRA-12-eth012-615.v6.lambdanet.net 3.199 ms 3.198 ms 4.578 ms 4 ae5.irt1.fra44.de.v6.as13237.net 6.518 ms 6.499 ms 6.507 ms 5 xe-0-3-0-0.fra21.ip6.tinet.net 6.570 ms 6.563 ms 6.543 ms 6
Re: EC2 issues starting at about 9am Eastern
Il giorno lunedì 1 luglio 2013, ha scritto: Hello, Is anyone seeing any EC2 issues? We started seeing them as of about 9:01am today. The issues are manifesting with different instances sporadically not being able to connect to each other or connect to hosts ourside EC2. Which region? Thanks, Alex -- Alessandro Ratti http://about.me/alessandroratti NOTICE This message is for the named person's use only and it's confidential. If you receive this message in error, please immediately delete it and and notify the sender. Thank you.
Re: www.att.net ipv6 traceroute
On 07/01/2013 07:34 AM, David Hill wrote: Anyone else noticing odd ipv6 traceroutes to www.att.net (2001:1890:1c01:2::40)? For example, the first traceroute originating in Chicago, and if the hostnames are anything to go by: Chicago - Dallas - Atlanta - Miama - NYC - Amsterdam - Frankfurt - France - D.C. - Atlanta... Looks OK from here: (From 2607:4B00::/32 - SF Bay Area, Native): mushroom#traceroute www.att.net Translating www.att.net...domain server (216.139.32.37) [OK] Type escape sequence to abort. Tracing the route to www.att.net (2001:1890:1C01:2::40) 1 2001:550:2:C::2:1 0 msec 4 msec 4 msec 2 2001:550::142 40 msec 2001:550::113 52 msec 2001:550::142 48 msec 3 2001:550::1040 40 msec 2001:550::1041 48 msec 2001:550::1040 48 msec 4 2001:550:4::4C 44 msec 36 msec 44 msec 5 2001:550:3::7A 40 msec 40 msec 44 msec 6 sffca22crs.ipv6.att.net (2001:1890:FF::12:122:86:122) 112 msec 108 msec 112 msec 7 la2ca22crs.ipv6.att.net (2001:1890:FF::12:122:31:133) 104 msec 112 msec 108 msec 8 dlstx22crs.ipv6.att.net (2001:1890:FF::12:122:28:177) 108 msec 104 msec 112 msec 9 attga21crs.ipv6.att.net (2001:1890:FF::12:122:28:173) 108 msec 100 msec 108 msec 10 attga409me3.ipv6.att.net (2001:1890:FF::12:122:120:244) 112 msec 124 msec 100 msec 11 * 2001:1890:C00:8802::11CC:6C6D 108 msec 104 msec 12 * * * 13 * * * 14 * * * -Robert
Re: www.att.net ipv6 traceroute
David Hill writes: Anyone else noticing odd ipv6 traceroutes to www.att.net (2001:1890:1c01:2::40)? David, We see what's going on. It currently affects only a portion of the v6 Internet. Working on a fix... Jay B.
ALTDB question.
Hello, A quick question for all. It's my understanding that the Maintainer object needs to be created first. This is accomplished by sending the template to db-ad...@altdb.net This is not an automated process, but gets done manually. If there is any discrepancy then one gets a reply back with the error . a) Am I correct in my understanding of above ? b) Is there any auto reply to confirm email receipt ? or only replies are after the request is either complete or sent back for missing / incorrect info ? c) What would be the appropriate amount of time to wait for such a reply ? d) Is there a way to check to see if the Maintainer object has been created ? Many thanks in advance. I dealing with Altdb for the first time, so am looking for some base for what to expect and or not to expect. Regards. Faisal Imtiaz Snappy Internet Telecom
Re: ALTDB question.
On Mon, 1 Jul 2013, Faisal Imtiaz wrote: Hello, A quick question for all. It's my understanding that the Maintainer object needs to be created first. This is accomplished by sending the template to db-ad...@altdb.net This is not an automated process, but gets done manually. If there is any discrepancy then one gets a reply back with the error . a) Am I correct in my understanding of above ? b) Is there any auto reply to confirm email receipt ? or only replies are after the request is either complete or sent back for missing / incorrect info ? c) What would be the appropriate amount of time to wait for such a reply ? d) Is there a way to check to see if the Maintainer object has been created ? Once created, your maintainer object will be visible in the whois served by whois.altdb.net. If you're just getting started with IRR, no offense intended towards ALTDB, but I'd suggest using any of the other free ones. ARIN and RIPE are both, AFAIK, free for anyone to use and support better authentication than ALTDB. Also, AFAIK, ALTDB has been a one (or few?) person volunteer effort, and from time to time, there have been service outages, reliant on one or a few people for resolution. ARIN and RIPE are staffed and better financially backed. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_