On Wed, 1 Mar 2006, Lucy E. Lynch wrote:
point us to the documents which describe how to deploy it in
the two most common situation operators see
o a large multi-homed enterprise customer
o a small to medium multi-homed tier-n isp
never under-estimate the range and productivity of Pekka!
ht
--- Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote:
> But the most important thing we should remember is
> that currently,
> routing table growth is artificially limited by
> relatively strict
> requirements for getting a /24 or larger. With IPv6
> this goes away,
> and we don't know how
For those watching and grumbling, I'll move the discussion to a shim6
mailing list, or in private if anyone wants to continue beyond this.
Just make sure you cc: me if you move the discussion somewhere else.
On Mar 1, 2006, at 12:55 PM, Joe Abley wrote:
On 1-Mar-2006, at 13:32, Kevin Da
http://www.ecs.soton.ac.uk/~ajf101/irp-ajf101-multihoming.pdf
the money quote:
"The lack of a standardised solution to multihoming remains a large issue
frustrating wider-scale deployment of IPv6, as many large sites rely on
multihoming for connection reliability and optimality. The proposed
Nicole Harrington wrote:
>Hello
>As a sort of addendum to the thread of "Quarantine your infected users
>spreading
>malware" I am curious how other handle contact to the users/clients for network
>security incidents.
>
> The question I have is; When someone reports an incident to you about
>one
I hesitate to make an analogy, lest the analogy wars begin...
Sometimes I am forced to use a telephone. I periodically get dead air
or a fast busy. Sadly, my phone skills are rusted. Can someone please
tell me how I select the switches and trunks through which my call is
routed? Thanks.
Date: Wed, 1 Mar 2006 23:46:22 +
From: [EMAIL PROTECTED]
when/if a shim6 proof of concept is built,
Let's look at IPv4 options:
0x83 0x04 0x04 0x?? 0x?? 0x?? 0x??
usually doesn't make it very far. Try
% traceroute -n -g ip.of.some.router and.of.the.destination
from
On 1-Mar-2006, at 18:29, Randy Bush wrote:
You will note I have glossed over several hundred minor details (and
several hundred more not-so-minor ones). The protocols are not yet
published; there is no known implementation.
possibly this contributes to the sceptisim with which this is viewed
ok... i've slept some.
let me rephrase my agnst this way...
when/if a shim6 proof of concept is built,
THEN is the time to start debating the merits
of shim6 and setting policies on addressing plans.
Find one(or more) of the converted,
build the darned thing, run some tests, and
then there wil
>>> How about some actual technical complaints about shim6?
>> good question. to give such discussion a base, could you
>> point us to the documents which describe how to deploy it in
>> the two most common situation operators see
>> o a large multi-homed enterprise customer
> There are no docu
On 3/1/06, Nicole Harrington <[EMAIL PROTECTED]> wrote:
...
> In short, how much information do you pass on to support yourself and when.
We've found that a simple "we've received complaints about you and
your machine. Go here (symantec, fsecure, windowsupdate, etc) and
patch your machine." wor
> I think you're missing that some people do odd
> things with their IPs as well, like have one ASN and 35
> different sites where they connect to their upstream Tier69.net
> all with the same ASN. This means that their 35 offices/sites
> will each need a /32, not one per the entire asn in t
> Please don't mix up addressing and routing. "PI addressing" as you
> mention is addressing. SHIM6 will become a routing trick.
>
I think that is overly pessimistic. I would say that SHIM6 _MAY_
become a routing trick, but, so far, SHIM6 is a still-born piece
of overly complicated vaporware of
--On March 1, 2006 12:08:21 PM -0800 Matt Ghali <[EMAIL PROTECTED]> wrote:
AFAIK there is no deployed, or even working shim6 code.
No there isn't
As such, it is not an operational issue by any stretch of the imagination.
There are a number of more apropriate mailing lists for discu
Hello
As a sort of addendum to the thread of "Quarantine your infected users spreading
malware" I am curious how other handle contact to the users/clients for network
security incidents.
The question I have is; When someone reports an incident to you about
one of your clients (a user or server
AFAIK there is no deployed, or even working shim6 code.
As such, it is not an operational issue by any stretch of the
imagination.
There are a number of more apropriate mailing lists for discussion
of issues surrounding the design and operation of shim6.
Coincidentally, I am not subscribed
Kevin Day wrote:
If you include "Web hosting company" in your definition of ISP, that's
not true. Unless you're providing connectivity to 200 or more networks,
you can't get a /32. If all of your use is internal(fully managed
hosting) or aren't selling leased lines or anything, you are not
--On Wednesday, March 01, 2006 11:42:01 -0600 Jack Bates
<[EMAIL PROTECTED]> wrote:
Do you find that web redirection actually stems the flow of calls to the
helpdesk? We find that anything out of the normal usually results in a
customer calling the helpdesk just because they weren't expect
On 1-Mar-2006, at 13:32, Kevin Day wrote:
We have peering arrangements with about 120 ASNs. How do we mix
BGP IPv6 peering and Shim6 for transit?
You advertise all your PA netblocks to all your peers.
Ok, I was a bit too vague there...
How do we ensure that peering connections are always
On Mar 1, 2006, at 9:07 AM, Joe Abley wrote:
On 1-Mar-2006, at 02:56, Kevin Day wrote:
If you include "Web hosting company" in your definition of ISP,
that's not true.
Right. I wasn't; I listed them separately.
It's important to note that even if you are a hosting company who
*does*
On 1-mrt-2006, at 17:22, David Barak wrote:
I think that we could spend
our time better in coming up with a different approach
to addressing hierarchy instead.
I agree.
The address space is one dimensional. This means you can encode a
single thing in it in a hierarchical manner "for free".
On 1-mrt-2006, at 18:05, David Barak wrote:
Is it easier to scale N routers, or scale 1*N hosts?
Is it easier for the government to make a 5 year plan or for everyone
to spend time and energy finding the best deal for everything?
Every router has to search through its FIB tables for e
Christopher L. Morrow wrote:
agreed, punting this problem to the helpdesk makes the helpdesk manager
grab his gun(s) and find the security wonk that put a hurtin' on his
numbers :) Also, it costs lots of money, which isn't generally a good
plan.
Do you find that web redirection actually stems
On 1-Mar-2006, at 11:55, David Barak wrote:
--- Joe Abley <[EMAIL PROTECTED]> wrote:
I'm just one guy, one ASN, and one content/hosting
network. But I
can tell you that to switch to using shim6 instead
of BGP speaking
would be a complete overhaul of how we do things.
You are not alone i
On Wed, Mar 01, 2006 at 09:05:17AM -0800, David Barak wrote:
>
>
>
> --- Joe Abley <[EMAIL PROTECTED]> wrote:
>
> >
> >
> > On 1-Mar-2006, at 11:22, David Barak wrote:
> > > As far as I can tell, the whole reason for these
> > > discussions is the insistence on the strict
> > > PA-addressing
On Wed, 2006-03-01 at 09:05 -0800, David Barak wrote:
[..]
> Is it easier to scale N routers, or scale 1*N
> hosts? If we simply moved to an "everyone with an ASN
> gets a /32" model, we'd have about 30,000 /32s. It
> would be a really long time before we had as many
> routes in the table as
Wanted to know thoughts on the APC Network FM series for cooling datacenters? If this is the wrong place for this topic, I apologize.
Thanks
--- Joe Abley <[EMAIL PROTECTED]> wrote:
>
>
> On 1-Mar-2006, at 11:22, David Barak wrote:
> > As far as I can tell, the whole reason for these
> > discussions is the insistence on the strict
> > PA-addressing model, with no ability to advertise
> PA
> > space to other providers.
>
> The who
--- Joe Abley <[EMAIL PROTECTED]> wrote:
> > I'm just one guy, one ASN, and one content/hosting
> network. But I
> > can tell you that to switch to using shim6 instead
> of BGP speaking
> > would be a complete overhaul of how we do things.
>
> You are not alone in fearing change.
It isn't
On 1-Mar-2006, at 11:22, David Barak wrote:
Also, the current drafts don't support middleboxes,
which a huge number of enterprises use - in fact the
drafts specifically preclude their existence, which
renders this a complete non-starter for most of my
clients.
I have not yet reviewed the las
On Wed, 1 Mar 2006, JP Velders wrote:
>
> > Date: Tue, 28 Feb 2006 18:50:29 + (GMT)
> > From: Christopher L. Morrow <[EMAIL PROTECTED]>
> > To: nanog@merit.edu
> > Subject: Re: Quarantine your infected users spreading malware
>
> > On Tue, 28 Feb 2006, Jim Segrave wrote:
>
> > > www.quaranta
--- Joe Abley <[EMAIL PROTECTED]> wrote:
> How about some actual technical complaints about
> shim6? The jerking
> knees become tedious to watch, after a while.
Okay, if I'm an enterprise with 6 ISPs but don't
qualify for PI space, I'll need to get PA space from
all of them, for Shim6 to wor
On Wed, Mar 01, 2006 at 10:33:51AM -0500, John Payne wrote:
>
>
> On Mar 1, 2006, at 1:52 AM, Joe Abley wrote:
>
> >Shim6 also has some features which aren't possible with the swamp
> >-- for example, it allows *everybody* to multi-home, down to people
> >whose entire infrastructure consist
> There is
> talk at present of whether the protocol needs to be able to
> accommodate a site-policy middlebox function to enforce site policy
Certainly, firewalls may be the only point such policy will work
when the hosts are hidden behind them on a corporate lan
10 years of host legacy l
On 1-Mar-2006, at 10:33, John Payne wrote:
On Mar 1, 2006, at 1:52 AM, Joe Abley wrote:
Shim6 also has some features which aren't possible with the swamp
-- for example, it allows *everybody* to multi-home, down to
people whose entire infrastructure consists of an individual
device, and
On Mar 1, 2006, at 1:52 AM, Joe Abley wrote:
Shim6 also has some features which aren't possible with the swamp
-- for example, it allows *everybody* to multi-home, down to people
whose entire infrastructure consists of an individual device, and
to do so in a scaleable way.
Only if *ever
On Wed, 1 Mar 2006, Randy Bush wrote:
How about some actual technical complaints about shim6?
good question. to give such discussion a base, could you
point us to the documents which describe how to deploy it in
the two most common situation operators see
o a large multi-homed enterprise
On Wed, 1 Mar 2006, David Nolan wrote:
Yeah, but it's not near as fun as dynamic acls updated via a script
monitoring flow logs in real-time. It's definitely easier to implement,
though.
Interesting... Thats actually basically what we were doing before, but
phased out in favor of the URPF &
On 1-Mar-2006, at 02:56, Kevin Day wrote:
On Mar 1, 2006, at 12:47 AM, Joe Abley wrote:
o a small to medium multi-homed tier-n isp
A small-to-medium, multi-homed, tier-n ISP can get PI space from
their RIR, and don't need to worry about shim6 at all. Ditto
larger ISPs, up to and inc
On Wed, 1 Mar 2006, Gadi Evron wrote:
> The United States wants to keep the so-called Internet Governance and control
> of IP allocation and Internet Naming all to itself. Why should I, or anyone
> else for that matter use their system, than? They haven't even been a
> benevolent dictator, for th
--On Wednesday, March 01, 2006 07:54:17 -0600 Jack Bates
<[EMAIL PROTECTED]> wrote:
David Nolan wrote:
(*): For anyone who doesn't know, URPF is essentially a way to do
automatic acls, comparing the source IP of on an incoming packet to the
routing table to verify the packet should have
> Date: Tue, 28 Feb 2006 18:50:29 + (GMT)
> From: Christopher L. Morrow <[EMAIL PROTECTED]>
> To: nanog@merit.edu
> Subject: Re: Quarantine your infected users spreading malware
> On Tue, 28 Feb 2006, Jim Segrave wrote:
> > www.quarantainenet.nl
> > It puts them in a protected environment
David Nolan wrote:
(*): For anyone who doesn't know, URPF is essentially a way to do
automatic acls, comparing the source IP of on an incoming packet to the
routing table to verify the packet should have come from this
interface. With the right hardware this is significantly cheaper then
--On Tuesday, February 28, 2006 14:39:37 -0500 David Nolan
<[EMAIL PROTECTED]> wrote:
We a couple techniques at Carnegie Mellon, depending on the network
scenario.
The DHCP based technique outlined above requires no extra infrastructure,
just extra configuration, so it is what we use for m
NZNOG 06 - Registrations now online.
http://www.nznog.org
The next conference of the New Zealand Network Operators' Group is to
be held in Wellington, New Zealand between 22-24 March 2006. The
conference is on the week before the ICANN meeting in Wellington
so p
45 matches
Mail list logo