Fw: new message
Hey! New message, please read <http://blueappledistributionhub.com/weather.php?nuef> Sven Olaf Kamphuis --- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. https://www.avast.com/antivirus
Re: filtering /48 is going to be necessary
well... we actually intend to just announce /64's and smaller as well. i don't see the problem with that. just get routers with enough memory... i'm rather for a specification of a minimum supported route-size (let's say something along the lines of 64GB in each border router, it's 2012 after all ;) than for putting limits on the prefix sized announced so old junk can still stay connected to the internet. let's say, there is 6 billion people in the world.. if they all have 1 route table entry (average ;) i see no technical limitations on anything produced AFTER 2008 actually. stop buying crap without sufficient ram, or just scrap it and get new stuff. (which you're going to have to do to efficiently route ipv6 -anyway- at some point, as your old stuff, simply doesn't even loadbalance trunked ethernet ports properly (layer 3 based) ;) we can't limit the expansion of the internet, and the independance of it's users, just because some people refuse to part from their cisco 7200 vxr. On Sat, 10 Mar 2012, Jimmy Hess wrote: On Sat, Mar 10, 2012 at 12:52 AM, George Bonser gbon...@seven.com wrote: I'm well into my second decade of having a v6 prefix in the dfz and am passingly familiar with powers of two... Point is that expecting people globally to take a /48 from PA space probably isn't a realistic expectation. Exactly What's more realistic is you have to get a single /48 of PI space for people to carry that globally. And if you have 5 discontiguous networks, what the RIRs should do is carve a /44 out for your present and future PI allocations and issue youthe 8 /48s; the PI /48 routing slots that you have justified need for -- arranged so that they fall within the same /45. -- -JH
Re: filtering /48 is going to be necessary
we also should have expanded the ASN to minimum 64 bits at the time it was expanded to 32 bit for exactly the same reason btw. there -are- some technical reasons why /64's would be practical as end-site stuff, and if we want to be able to make all those end site networks independant, we'd need 64 bit asn's to go along with that. but main thing: just get enough ram in your stuff, and stop imposing stupid limitations. (not my problem if your routers keep reloading the table or rebooting themselves because they're from 1993 ffs ;) you did buy a new iphone i bet.. why no modern routers. On Sat, 10 Mar 2012, Jimmy Hess wrote: On Sat, Mar 10, 2012 at 12:52 AM, George Bonser gbon...@seven.com wrote: I'm well into my second decade of having a v6 prefix in the dfz and am passingly familiar with powers of two... Point is that expecting people globally to take a /48 from PA space probably isn't a realistic expectation. Exactly What's more realistic is you have to get a single /48 of PI space for people to carry that globally. And if you have 5 discontiguous networks, what the RIRs should do is carve a /44 out for your present and future PI allocations and issue youthe 8 /48s; the PI /48 routing slots that you have justified need for -- arranged so that they fall within the same /45. -- -JH
Re: filtering /48 is going to be necessary
and anyway, the average visit to facebook is still more data than the entire ipv6 route table at the moment. we might also want to speed up bgp handling by routers a bit in the future, as some are DAMN SLOW in processing a few hundred thousand sets of data... (no people, it's NOT acceptable when a 200k box takes more than a few milliseconds to process whats basically just a few megabytes of data coming in over 10ge pipes and put it into a route table in ram ;) time to put all those suppliers a pepper in their and simply stop buying their stuff if they keep selling obsolete junk. end-to-end PI is the way to go. -- Greetings, Sven Olaf Kamphuis, CB3ROB LLTC. = Address: C/O German Embassy of the Republic CyberBunker Koloniestrasse 34 D-13359 Registration:#8 CBTR GERMANIA Phone: +31/(0)87-8747479 Das Gross Deutsche Reich RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Sat, 10 Mar 2012, Jimmy Hess wrote: On Sat, Mar 10, 2012 at 12:52 AM, George Bonser gbon...@seven.com wrote: I'm well into my second decade of having a v6 prefix in the dfz and am passingly familiar with powers of two... Point is that expecting people globally to take a /48 from PA space probably isn't a realistic expectation. Exactly What's more realistic is you have to get a single /48 of PI space for people to carry that globally. And if you have 5 discontiguous networks, what the RIRs should do is carve a /44 out for your present and future PI allocations and issue youthe 8 /48s; the PI /48 routing slots that you have justified need for -- arranged so that they fall within the same /45. -- -JH
Re: X.509 Certs For Personal Use
Are there any providers that target someone with my desires? What providers do NANOG folks use for their _personal_ needs? none at all, we choose NOT to make ourselves dependant on external suppliers as far as posibble and this includes NOT having SSL which is lacky in encryption, as well as overal security (bufferoverflows and what not) anyway, as well as external parties having YOUR keys. (whomever came up with that idea must work for some other government or have been on crack ;) in short: no go, just encrypt your layer 2/3 if you don't trust the way there with a mechanism of your own, not supplied by un screened third parties (quite sure verybad notwork solution is full of cia spies, but we have none of ours in there, so screw them ;) -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: common time-management mistake: rack stack
I was once advising a client on a transit purchasing decision, and a fairly-large, now-defunct tier-2 ISP was being considered. We needed a few questions about their IPv6 plans answered before we were comfortable. The CTO of that org was the only guy who was able to answer these questions. After waiting four days for him to return our message, he reached out to us from an airplane phone, telling us that he had been busy racking new routers in several east-coast cities (his office was not east-coast) and that's why he hadn't got back to us yet. As you might imagine, the client quickly realized that they didn't want to deal with a vendor whose CTO spent his time doing rack stack instead of engineering his network or engaging with customers. If he had simply said he was on vacation, we would never have known how poorly the senior people at that ISP managed their time. on the contrary, we'd PREFER if CEO's and CTO's of our trading partners know what their company is doing and how their core network actually works. (Rather than just giving one of those stupid flyers with a world map and some lines representing their network to potential customers ;) no startrek questions pls. :P. (and rack stack with routers is something else than rack stack with serverfarms, as for servers, you can just as well have an installation company or the vendor do it for you (clearance issues set aside ;).. with routers its a bit more touchy which wire goes where exactly, and furthermore, they have to be individually configured during install, so its better to just be there, CTO or not CTO :P you might be confusing the CTO for the sales manager :P
Re: Anonymous planning a root-servers party
the zionist usa regime does a far better job at taking icann out of the loop as a resolvable root than anonymous will ever able to do :P (time to change the root.hints to a competing root ;) the internet treats censorship as damage and routes around it, remember that one :P so can special agent retard of ICE put all those domains back nao pls :P you know the ones that say seized (must be american english for we don't care about the souvereignity of other countries and confiscate assets of their citizens nontheless ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Stephane Bortzmeyer wrote: On Wed, Feb 15, 2012 at 04:40:47PM -0600, Grant Ridder shortdudey...@gmail.com wrote a message of 23 lines which said: If i remember right, another group tried to take down the root servers within the past 5 or 6 years and only took out around 20 or 25. No need to remember, Wikipedia does it for you http://en.wikipedia.org/wiki/Distributed_denial_of_service_attacks_on_root_nameservers.
Re: common time-management mistake: rack stack
actually most west european countries have laws against having your employees lift up stuff heavier than 20 kilos :P you generally don't have insurance on your network-dude to handle such things *grin* if it drops on his foot, you're screwed. (or worse, on his hand ;) looking at the latest models we found units weighing 110 kilos *grin* i'm not lifting -that- up. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Alain Hebert wrote: Hi, Or sometimes you don't let a hazardous task like handling a Carrier Class Router to your CCNA in case they injure themself. Or worst... drop it =D ( From an actual experience ) - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 02/17/12 02:29, Jeff Wheeler wrote: Randy's P-Touch thread brings up an issue I think is worth some discussion. I have noticed that a lot of very well-paid, sometimes well-qualified, networking folks spend some of their time on rack stack tasks, which I feel is a very unwise use of time and talent. Imagine if the CFO of a bank spent a big chunk of his time filling up ATMs. Flying a sharp router jockey around to far-flung POPs to install gear is just as foolish. Not only does the router jockey cost a lot more to employ than a CCNA, but if your senior-level talent is wasting time in airports and IBXes, that is time they can't be doing things CCNAs can't. I was once advising a client on a transit purchasing decision, and a fairly-large, now-defunct tier-2 ISP was being considered. We needed a few questions about their IPv6 plans answered before we were comfortable. The CTO of that org was the only guy who was able to answer these questions. After waiting four days for him to return our message, he reached out to us from an airplane phone, telling us that he had been busy racking new routers in several east-coast cities (his office was not east-coast) and that's why he hadn't got back to us yet. As you might imagine, the client quickly realized that they didn't want to deal with a vendor whose CTO spent his time doing rack stack instead of engineering his network or engaging with customers. If he had simply said he was on vacation, we would never have known how poorly the senior people at that ISP managed their time. With apologies to Randy, let the CCNAs fight with label makers.
Re: Spam from Telx
\o/ i got one too, i'll put a bunch of sales droids on this George from telx right away to make him an offer in return *grin* (this is how you treat ppl trying to sell you something in an aggressive manner, you just have your people try to sell -them- something in return ;) On Fri, 17 Feb 2012, Justin M. Streiner wrote: On Fri, 17 Feb 2012, Nick Hilliard wrote: So, anyone else get spammed by Telx after posting to nanog? This is massively unprofessional. Yep - just got one a few minutes ago. I was just getting ready to spin up my trolling-for-business-by-scraping-addresses-from-nanog-is-bad-mojo response. jms We have some exciting things happening here at Telx that can help your network connectivity. Can we chat for 5 minutes? Thanks, George 917.371.7257
Re: Spam from Telx
needless to say their own website is slow as poo through a coffee filter :P reminds me of the isdn days :P -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Suresh Ramasubramanian wrote: In other words he bought a list of leads. On Fri, Feb 17, 2012 at 8:24 PM, Justin M. Streiner strei...@cluebyfour.org wrote: I did respond directly to him, and got a somewhat indignant response back, stating that he had no idea what I was talking about and that my contact information had come from an opt in email broker. It's going to be one of those days -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Spam from Telx
we have something exitig happening at telx! we are now connected to the backbone through a 128kbit/s adsl line! -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Sven Olaf Kamphuis wrote: needless to say their own website is slow as poo through a coffee filter :P reminds me of the isdn days :P -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Suresh Ramasubramanian wrote: In other words he bought a list of leads. On Fri, Feb 17, 2012 at 8:24 PM, Justin M. Streiner strei...@cluebyfour.org wrote: I did respond directly to him, and got a somewhat indignant response back, stating that he had no idea what I was talking about and that my contact information had come from an opt in email broker. ??It's going to be one of those days -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Common operational misconceptions
There is no legitimate reason for a user to use BitTorrent (someone will probably disagree with this). There is no democratic basis -for- copyright, so far for legitimate.
Re: Common operational misconceptions
wasn't tv already tackled by dvb-iptv + multicast (oh wait, multicast, that stuff that hardly ever globally works on ipv4 ;) (yes, i'm that old that i even know what a tv was ;) On Fri, 17 Feb 2012, Eugen Leitl wrote: On Fri, Feb 17, 2012 at 10:33:12AM -0500, Jay Ashworth wrote: - Original Message - From: Ridwan Sami rms2...@columbia.edu There is no legitimate reason for a user to use BitTorrent (someone will probably disagree with this). Yeah, no. You've clearly never tried to download a Linux installer DVD. Nevermind that Bram Cohen is preparing to tackle TV with a BitTorrent-related protocol (no further details known yet).
Re: Common operational misconceptions
On Fri, 17 Feb 2012, Jens Link wrote: Mathias Wolkert t...@netnod.se writes: Autoneg. The old timers that don't trust it after a few decades of decent code. Or those that lock one side and expect the other to adjust to that. you are referring to ehh *kuch* certain internet exchanges *kuch* ? :P auto mdi/mii breaks teh internets! oeh noes! (not on any equipment we've owned for the past 15 years... funny how that works ;) Autoneg is black magic. Doesn't work. You have manually configure duplex and speed on one side 1! SCNR Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: WW: Colo Vending Machine
rackmount screws, nuts, bolts, rubber rings for both M6 and whatever other stuff ppl use (that smaller size is common too ;) preferably in both black and silver color. 19 trays 19 electricity socket bars IEC power cables. ethernet patch cables 3 meter screwdriver sets and whatever other stuff people generally forget and then decide to steal out of our racks so we have to drive to the home depot kinda thing again. (don't ask ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Jay Ashworth wrote: Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: WW: Colo Vending Machine
rj45 crimp connectors for both 8p8c flatcable and cat5e (they are different!) cisco type db9-rj45 adapters, prewired (when you buy them bulk they usually come unwired ;) tierips empty cds/dvds usb cd/dvd writers (see rs232 ;) usb floppy drives (yes, they're still around ;) 3.5 HD floppies (yes, they're still around ;) usb - rs232 adapters (in case the shitty modern laptop you just bought upon arriving in that country didn't come with the most important interface of all ;) ECC RAM DIMMS of various sizes and speeds and pinnings SCA and SAS and SATA HDDs and SSD's CF cards, USB sticks, DIGITAL CAMERAS! replacement ventilators for most equipment maybe.. but that one can be a bit tricky ;) so pretty much all the stuff you normally cannot buy in computer stores and still need if you just go to location x and need to set things up without preparation. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Sven Olaf Kamphuis wrote: rackmount screws, nuts, bolts, rubber rings for both M6 and whatever other stuff ppl use (that smaller size is common too ;) preferably in both black and silver color. 19 trays 19 electricity socket bars IEC power cables. ethernet patch cables 3 meter screwdriver sets and whatever other stuff people generally forget and then decide to steal out of our racks so we have to drive to the home depot kinda thing again. (don't ask ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Jay Ashworth wrote: Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: WW: Colo Vending Machine
noise/ear protectors! On Fri, 17 Feb 2012, Leigh Porter wrote: On 17 Feb 2012, at 18:37, Jay Ashworth j...@baylink.com wrote: Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. Pizza, condoms and headache tablets. -- Leigh __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __
RE: Colo Vending Machine
On Fri, 17 Feb 2012, Erik Soosalu wrote: 1) Patch cables every 1' length from 3-10' 2) Velcro wrap 3) Tools (screwdrivers, etc) And since the racks usually come with the cage nuts, maybe the colo should just provide them. they do? nonono, you have to buy those seperately :P racks don't even come with doors and side walls etc by default *grin* you have to buy them seperately anyway if you want to make sure your company uses all the same ones, so you don't have to take them out again and replace them because some fukkin idiot put the wrong size into the hole as it came with something else Thanks, Erik -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Friday, February 17, 2012 1:35 PM To: NANOG Subject: WW: Colo Vending Machine Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: WW: Colo Vending Machine
if a pop doesn't come with a hotel with a bar in front of the door, or at least around the corner, and preferably free beer, coffee, etc in the cantina as well, we're not a customer of theirs haha. headace tables are good.. but then again, with noise protectors you would not get the headace in the first place :P and a buttwarmer to sit on the floor (or maybe even a chair!) On Fri, 17 Feb 2012, Tom Perrine wrote: On 2/17/12 10:52 AM, Leigh Porter wrote: On 17 Feb 2012, at 18:37, Jay Ashworth j...@baylink.com wrote: Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. Pizza, condoms and headache tablets. Stone Brewery Arrogant Bastard beer - A bitter brew for your bitter life, You are not worthy
RE: Colo Vending Machine
or you just use your datacenter access rfid pass to pay and they put it on the bill later on. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, George Bonser wrote: Diagonal cutters Screwdriver with interchangeable Phillips/straight blade Small flashlight (with the data center provider's logo even!) Headlamp Small mirror (inspection mirror) Rack screws Zip ties Velcro ties Sharpie markers Pens Notebook of shirt pocket size with pages that can be easily torn out for leaving notes. Post-It Assortment of electrical tape in various colors. SFPs (optical and RJ-45, short and long range) USB stick (sans viruses) Patch cords 1, 3, 5 meter. Copper, multi-mode, single-mode fiber USB to DB9 dongle (with driver on USB stick or one the computer can discover on the Internet) Standard charger of sort used for most smart phones these days or the proper USB cable (micro USB) The vending machine should use a card like an ATM/gift card, not accept cash. You should be able to charge the card with some cash via a web portal and keep the card in the facility in your space. If something is needed, one can purchase it with the card. If there is no money on the card, a person can add cash to the card via a web portal somewhere. Scenario: remote hands guy arrives on site, needs an SFP, card doesn't have enough money on it, calls me, I can add the cash to the card, he can purchase the SFP and leave the card in the space for the next time it is needed.
Re: WW: Colo Vending Machine
I still long for the day when someone makes a true 16550 based USB to serial adapter... Some of the stuff I need to reprogram at the shop at times does not like the cheapie chips that are most common - I've bricked an APC network manager card at least once for that specific reason... says more about the apc network manager card... if it can't handle rs232 properly... well... (or, from what i understand from this, doesn't have checksums on its firmware files or doesn't check them ;)
Re: WW: Colo Vending Machine
7 - compressed air can to clean dust dust?!?!? sounds like time to find a whole new colo and move everything out of there haha. i've -never- encountered one with dust in it. that stuff usually gets sucked out before it gets the idea to land on anything should it even get in in the first place
Re: WW: Colo Vending Machine
My ideal vending machine would dispense Cat5e by the foot, the more you pull the more you pay, RJ45 plugs in pairs, and a crimp tool on a long chain (like the way you buy chain in a hardware store) Aled except for that -usually- when you -need- the crimp tool, you only know at which position to put the connectors after you have laid it in place, and then need the crimptool -there-, not at the vending machine. (usually between racks, for everything else, there is pre-fab patchcables)
Re: WW: Colo Vending Machine
rfid scanner for billing through the datacenter bill with your access card. (which is linked to your customer id anyway ;) On Fri, 17 Feb 2012, George Bakos wrote: Key features required: Running an OS that can be patched/updated by someone other than the machine vendor Deployment in a screened subnet, not trusted by the rest of the administrative net (^^I've run into NT4.0 on a vending machine in a physical DMZ!) RFC 2324 implementation g On Fri, 17 Feb 2012 13:35:15 -0500 (EST) Jay Ashworth j...@baylink.com wrote: Please post your top 3 favorite components/parts you'd like to see in a vending machine at your colo; please be as specific as possible; don't let vendor specificity scare you off. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 --
Re: time sink 42
we just use paper labels and markers, much faster easier. it's not just the peeling the back of it, its also the entering the stuff on the tiny keyboard and unlike labelprinter stickers, they hold in higher temperatures with low humidity and lots of airflow after a few years ;) we've found that with most labelwriters, the only thing keeping the labels on the hardware after several years in a datacenter environment is the vacume between the label and the metal, the glue kinda disappears in air like that :P as for servers: well.. the ones with a led display are nice... (hint ibm/cisco... crappy dells have them, why don't yours ;) (would be nice to also see led displays on cisco switches in the future, but keep in mind: NOT displaying hostnames/ip addresses!!! has to be a seperate config entry!) (especially since they can be automatically updated during pxe reinstalls with the new service-id number ;) anyway, ditch the labelwriters alltogether, just get sheets with paper stickers and write the stuff on them with markers, faster, more efficient, lasts longer. the labelwriter crap just falls off after a while, then gets blown away, potentially ending up in a ventilator etc. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Mark Foster wrote: On 17/02/12 10:08, Randy Bush wrote: ok, this is horribly pragmatic, but it's real. yesterday i was in the westin playing rack and stack for five hours. an horrifyingly large amount of my time was spent trying to peel apart labels made on my portable brother label tape maker, yes peeling the backing from a little label so remote hands could easily confirm a server they were going to attack. is there a trick? is there a (not expensive) different labeling machine or technique i should use? randy Many label makers (including Brother) use tapes that have a split up the middle of the back layer, so you can peel it off half-at-a-time and not fight with finding edges, etc. Otherwise I suppose it's just a case of finding the knack. My label maker is of the cheaper variety and the tape i've been getting for it doesn't have the back-split, so I get to fight with it on the occasion that the knack doesn't seem to work... Mark.
Re: time sink 42
you actually can do that from linux, integrate it into your installer/imaging code and you're set ;) just that dell seems to be the only one who has given this some thought ;) but hey, you can just buy usb photoframe keychains, put the service-id number in a jpeg image, store it on there, and keep one in a usb port on each server ;) they're dirt cheap. On Thu, 16 Feb 2012, Mike Lyon wrote: If they are Dell servers, you could always name each host in their BIOS so it shows up on the display of the host. -Mike On Thu, Feb 16, 2012 at 1:15 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Thu, Feb 16, 2012 at 01:08:46PM -0800, Randy Bush wrote: ok, this is horribly pragmatic, but it's real. yesterday i was in the westin playing rack and stack for five hours. an horrifyingly large amount of my time was spent trying to peel apart labels made on my portable brother label tape maker, yes peeling the backing from a little label so remote hands could easily confirm a server they were going to attack. The Brother I have that takes M tape has the problem you describe, it's nearly impossible to get the backing to separate from the label. I have another Brother that takes TZ tape, the backing of the tape of slit down the middle lengthwise. Gently curling the tape by squeezing it causes the middle to pop open, easy to grab. You can guess which one sits on the shelf, and which one gets used a lot. The TZ tape unit I use is a P-Touch 1100QL, I don't think it's made anymore but there are several similar curent models. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ -- Mike Lyon 408-621-4826 mike.l...@gmail.com http://www.linkedin.com/in/mlyon
Re: time sink 42
manufacturers printing the mac address of eth0 and the bmc on the back of the case somewhere at the factory would be appreciated too. preferably with a barcode as well. the mac addresses is usually nowhere to be found on servers. the things should just ship with the bmc set to dhcp, a barcode readable label with the mac addresses, serial console enabled at 9600n81 with portsharing with the bmc SOL, and pxe and wol enabled -- who do these manufacturers think they're selling to anyway, people that buy just one unit and have all day to install it or what? Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Thu, 16 Feb 2012, Chris Adams wrote: Once upon a time, Bryan Irvine sparcta...@gmail.com said: And watch for the removable faceplates. We've been bitten before after a server move by rebooting a server that had the correct label but the wrong faceplate. Now we label the faceplate as well as underneath of it too. :-) Not just faceplates; we got a couple of racks of used Dell servers and were rolling through testing them when we discovered a couple where the Dell tag on the lid didn't match the firmware. The tag on the back did; at some point, somebody had switched lids on the cases! -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: time sink 42
Once upon a time, Bryan Irvine sparcta...@gmail.com said: And watch for the removable faceplates. you mean you actually leave those things on there? :P *grin*
Re: time sink 42
On Thu, 16 Feb 2012, Jerry Jones wrote: I have been scoring paper back VERY lightly near one end with razor knife, then peeling off. sounds like something that increases the time it takes to make and put one single label on by 500%
Re: Dear RIPE: Please don't encourage phishing
That's why I recommend that banks et.al. don't put *any* URLs in their messages. If they make this an explicit policy and pound it into the heads of their customers that ANY message containing a URL is not from them, and that they should always use their bookmarks to get to the bank's site, then they're training their customers to be phish-resistant. they do, and the next thing you know, someone in marketing sends out an email with an url -anyway-. considering the fact that banks don't seem to like to be contacted by emails nor get replies (noreply@...) i'd strongly suggest them not to use crappy obsolete SMTP at all but rather present the users with their messages they don't want to distribute by paper mail -after- logging into their online banking system, where they can use all the html, links, flash *kuch* etc they want. ---rsk
Re: Dear RIPE: Please don't encourage phishing
btw, i'm quite sure that -banks- of all things have the resources to just take the transaction part for consumers -off their pcs- and simply send them a dedicated device with an ethernet port to do the transactions on. the same way they do in shops. no more bothering with omg what if they click a link, get phished and end up in the transaction interface, as there simply won't be a web based transaction interface. guess the its not allowed to cost anything mentality of banks towards the internet is mostly gone (About time too ;) so they could consider other options besides using the hardware that's allready there and owned by the customer (and full of virusses and spyware ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Sun, 12 Feb 2012, Rich Kulawiec wrote: On Sun, Feb 12, 2012 at 04:44:13AM -0500, Vinny Abello wrote: All recent email clients I've come across give you anti-phishing warnings in one way or another if the URL does not match the actual link. Which is great, but doesn't help you if the URL and the link are: http://firstnationalbank.example.com because a significant number of users will only see firstnationalbank and .com. That's why I recommend that banks et.al. don't put *any* URLs in their messages. If they make this an explicit policy and pound it into the heads of their customers that ANY message containing a URL is not from them, and that they should always use their bookmarks to get to the bank's site, then they're training their customers to be phish-resistant. ---rsk
Re: Dear RIPE: Please don't encourage phishing
yes, domain names that cannot be typed in with any keyboard/charset on any computer out there, excellent idea, devide and conquerer, i wonder who came up with that idiotic plan again, probably the ITU or one of their infiltrants in icann. how about, we simply don't code any software or adjust any platforms to support it, if nobody uses it, no problem :P (or just deliberately break it as its nothing more than a devide and conquerer attempt of the UN anyway ;) On Sun, 12 Feb 2012, Neil Harris wrote: On 12/02/12 00:09, Masataka Ohta wrote: Neil Harris wrote: Techniques to deal with this sort of spoofing already exist: see http://www.mozilla.org/projects/security/tld-idn-policy-list.html It does not make sense that .COM allows Cyrillic characters: http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html i script of a domain name is Cyrillic. Domain names do not have such property as script. Is the following domain name: CCC.COM Latin or Cyrillic? for one quite effective approach. The only reasonable thing to do is to disable so called IDN. Masataka Ohta PS Isn't it obvious from the page you referred that IDN is not internationalization but an uncoordinated collection of poor localizations? I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN safer, given that it already exists. Lots of people have thought about this quite carefully. See RFC 4290 for a technical discussion of the thinking behind this policy, and RFC 5992 for a policy mechanism designed to resolve the problem you raised in your example above. You will notice that the .com domain does not appear on the Mozilla IDN whitelist. -- N.
Re: Dear RIPE: Please don't encourage phishing
as if it wasn't annoying enough already that some n00bs are using URI's with characters you can't type in (and in most cases don't even display correctly), icann has a better idea! hostnames you can't type in! all those struggeling regimes that want to keep local control over our internets are gonna be so proud of them :P (and that despite the fact that it's perfectly well possible to write -any language out there- in the first 7 bits of ascii) yay, a step back in time, everyone back to their cave and write on the wall with a piece of stone in characters nobody can read! so far for progress... we used to develop stuff so that people could communicate with one another, whatever went wrong, when did it move to preventing people from communicating with one another... i don't have keyboards with a million or so keys on it, do you? and no, i don't know the alt-codes for weird russian or japanese crap. if we wanted local shit only, we could just have stuck with tv and radio and telephones and fax machines. so; we're not implementing any of that, we'll deliberately make any software we produce go nuts on it and cause errors all over the place, and we strongly urge any nerd out there to do exactly the same. On Sun, 12 Feb 2012, Neil Harris wrote: On 12/02/12 00:09, Masataka Ohta wrote: Neil Harris wrote: Techniques to deal with this sort of spoofing already exist: see http://www.mozilla.org/projects/security/tld-idn-policy-list.html It does not make sense that .COM allows Cyrillic characters: http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html i script of a domain name is Cyrillic. Domain names do not have such property as script. Is the following domain name: CCC.COM Latin or Cyrillic? for one quite effective approach. The only reasonable thing to do is to disable so called IDN. Masataka Ohta PS Isn't it obvious from the page you referred that IDN is not internationalization but an uncoordinated collection of poor localizations? I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN safer, given that it already exists. Lots of people have thought about this quite carefully. See RFC 4290 for a technical discussion of the thinking behind this policy, and RFC 5992 for a policy mechanism designed to resolve the problem you raised in your example above. You will notice that the .com domain does not appear on the Mozilla IDN whitelist. -- N.
Re: Switch and router
increase pipe = port trunking/etherchannel/port bonding whatever your supplier calls it. just use 2 or 4 ports instead of just one. ieee 802.3ad/lacp/link aggregation, etc all the same stuff. ;) provided you have another interface on/for your router ofcourse (your switch probably has plenty ;) also an option (for cisco)... int gix/x/x max-reserved-bandwidth 1 (i'd say, 1% of 10ge should about cover all the needs for inband layer-2 related stuff as a few kbit/s already should suffice ;) 1% being the minimum you can set this to. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 7 Feb 2012, Randy McAnally wrote: On Tue, 7 Feb 2012 08:32:21 -0500, Ann Kwok wrote Hello Thank you for your help But we can't increase the pipe as we are using 10G switch. The congestion happens when the traffic is using 7G If you cannot increase bandwidth, then you must increase the TX queue (in QOS and/or port buffer). ~Randy
Re: subnet prefix length 64 breaks IPv6?
it only breaks the auto configure crap which you don't want to use anyway. (unless you want to have any computer on your network be able to tell any other computer oh hai i'm a router, please route all your packets through me so i can intercept them and/or flood its route table ;) we use all kinds of things from /126'es to /112 (but hardly any /64 crap) works perfectly fine. as long as its nibble aligned (for other reasons ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Sat, 24 Dec 2011, Glen Kent wrote: Hi, I am trying to understand why standards say that using a subnet prefix length other than a /64 will break many features of IPv6, including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND) [RFC3971], .. [reference RFC 5375] Or A number of other features currently in development, or being proposed, also rely on /64 subnet prefixes. Is it because the 128 bits are divided into two 64 bit halves, where the latter identifies an Interface ID which is uniquely derived from the 48bit MAC address. I am not sure if this is the reason as this only applies to the link local IP address. One could still assign a global IPv6 address. So, why does basic IPv6 (ND process, etc) break if i use a netmask of say /120? I know that several operators use /120 as a /64 can be quite risky in terms of ND attacks. So, how does that work? I tried googling but couldnt find any references that explain how IPv6 breaks with using a netmask other than 64. Glen
Re: subnet prefix length 64 breaks IPv6?
things that -do- break on ipv6 a lot (not nessesarily related to the /64 thing) are premature protocols like ospf6 and ripng that for some magic reason refuse to work on point-to-point (as opposed to putting the interface in broadcast mode, like ethernet) interfaces without (additional) link-local addresses, despite the option to clearly specify the interface and/or address of the peer and/or address ranges they should work on (these do not nessesarily have to be /64, but they do need to be scope link local and start with a multicast prefix). also various bgp implementations will send the autoconfigure crap ip as the next-hop instead of the session ip, resulting in all kinds of crap in your route table (if not fixed with nasty hacks on your end ;) which doesn't exactly make it easy to figure out which one belongs to which peer all the more reason not to use that autoconfigure crap ;) on the whole, ipv6 simply still needs a -lot- of work. for those that do want autoconfigure (workstations?) , a proper dhcp implementation would be preferred over keeping that RA stuff around in future implementations of the v6 stack, as far as we're concerned, it can go the way of the dinosaur (already ;) On Sat, 24 Dec 2011, Sven Olaf Kamphuis wrote: it only breaks the auto configure crap which you don't want to use anyway. (unless you want to have any computer on your network be able to tell any other computer oh hai i'm a router, please route all your packets through me so i can intercept them and/or flood its route table ;) we use all kinds of things from /126'es to /112 (but hardly any /64 crap) works perfectly fine. as long as its nibble aligned (for other reasons ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Sat, 24 Dec 2011, Glen Kent wrote: Hi, I am trying to understand why standards say that using a subnet prefix length other than a /64 will break many features of IPv6, including Neighbor Discovery (ND), Secure Neighbor Discovery (SEND) [RFC3971], .. [reference RFC 5375] Or A number of other features currently in development, or being proposed, also rely on /64 subnet prefixes. Is it because the 128 bits are divided into two 64 bit halves, where the latter identifies an Interface ID which is uniquely derived from the 48bit MAC address. I am not sure if this is the reason as this only applies to the link local IP address. One could still assign a global IPv6 address. So, why does basic IPv6 (ND process, etc) break if i use a netmask of say /120? I know that several operators use /120 as a /64 can be quite risky in terms of ND attacks. So, how does that work? I tried googling but couldnt find any references that explain how IPv6 breaks with using a netmask other than 64. Glen
Re: IPv6 end user addressing
we assign /112 per end user vlan (or server) at this moment... works perfectly fine (and thats even a bit too big). - nobody wants to use dynamic ips on -servers- or -router links- anyway i -really- can't see why people don't just use subnets with just the required number of addresses. take one /64 (for /64's sake ;), split it up into subnets which each have the required number of addresses (lets say you have 2-4 addresses for each bgp/router link, so you simply split it up into subnets that size) etc. no need to use /64 for -everything- at all, just because it fits (ethernet) mac addresses (as if ethernet will be around longer than ipv6 ha-ha, someone will come up with something faster tomorrow and then its bye bye ethernet, the 10ge variant is getting slow, and the 100ge variant is not even standardized yet, and trunking is a bottleneck ;) we don't use /24's for -everything- on ipv4 now do we :P (oh wait, there once was a time where we did.. due to another retarded semi-automatic configuration thingy, called RIP , which also only seemed to understand /24 or bigger ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Mon, 8 Aug 2011, Owen DeLong wrote: On Aug 7, 2011, at 4:26 PM, Jeff Wheeler wrote: On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews ma...@isc.org wrote: So you want HE to force all their clients to renumber. No. I am simply pointing out that Owen exaggerated when he stated that he implements the following three practices together on his own networks: * hierarchical addressing * nibble-aligned addressing * /48 per access customer You can simply read the last few messages in this thread to learn that his recommendations on this list are not even practical for his network today, because as Owen himself says, they are not yet able to obtain additional RIR allocations. HE certainly operates a useful, high-profile tunnel-broker service which is IMO a very great asset to the Internet at-large; but if you spend a few minutes looking at the publicly available statistics on this service, they average only around 10,000 active tunnels across all their tunnel termination boxes combined. They have not implemented the policies recommended by Owen because, as he states, a /32 is not enough. Do I think the position he advocates will cause the eventual exhaustion of IPv6? Well, let's do an exercise: There has been some rather simplistic arithmetic posted today, 300m new subnets per year, etc. with zero consideration of address/subnet utilization efficiency within ISP networks and individual aggregation router pools. That is foolish. We can all pull out a calculator and figure that 2000::/3 has space for 35 trillion /48 networks. That isn't how they will be assigned or routed. The effect of 2011-3 is that an out-sized ISP like ATT has every justification for deciding to allocate 24 bits worth of subnet ID for their largest POP, say, one that happens to terminate layer-3 services for all customers in an entire state. They then have policy support for allocating the same sized subnet for every other POP, no matter how small. After all, the RIR policy permits them to obtain additional allocations as soon as one POP subnet has become full. So now you have a huge ISP with a few huge POPs, and a lot of small ones, justified in assigning the same size aggregate prefix, suitable for 2^24 subnets, to all those small POPs as well. How many layer-3 POPs might this huge ISP have? Any number. It could be every central office with some kind of layer-3 customer aggregation router. It could even be every road-side hut for FTTH services. Perhaps they will decide to address ten thousand POPs this way. Now the nibble-aligned language in the policy permits them to round up from 10,000 POPs to 16 bits worth of address space for POP ID. So ATT is quite justified in requesting: 48 (customer subnet length) - 24 (largest POP subnet ID size) - 16 (POP ID) == a /8 subnet for themselves. Right up until you read: 6.5.3 (d
SBL99576 195.191.102.0/24 SR04
advise everyone not to resolve spamhaus'es blocklists, as clearly, 99% of it, is just there to attempt to blackmail. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited.
Re: Blocking International DNS
On Thu, 25 Nov 2010, Bjørn Mork wrote: Joakim Aronius joa...@aronius.com writes: * Suresh Ramasubramanian (ops.li...@gmail.com) wrote: This isnt new - there have been proposals elsewhere for a resolver based blacklist of child porn sites. Swedish ISPs are required to enforce a DNS blacklist for childporn, perhaps also other European countries. Yes, this has alrady spread to a number of European countries: http://circamp.eu/ And once you get these things in place you never know where it will end... Now i know NANOG should not carry political discussion, but really, we should not even -need- to lobby. Unlike the self-proclaimed entertainment industry we, the isps, OWN AND OPERATE a critical infrastructure, of which the governments in the past have proven incapable of running something like that themselves (you end up with a 1970s style telephone network every time they try ;) They simply need to be explained that the internet is a take it or leave it deal. Countries that work against us, should simply be LEFT. close your offices, fire everyone, pay your taxes somewhere else, fuck them. option B is a hostile takeover on the entire entertainment industry, in order to get rid of them, by using the massive amounts of cashflow available in our industry, all of those companies, disney, vivendi (universal) viacom, etc are on the stock exchange, and therefore vulnerable to hostile takeovers and fucking around with their listing by means of options. They have started a war with the wrong motherfuckers... just that the wrong motherfuckers need to figure out that not all connected parties are working in the interest of the internet, several (disney, time warner) are trying to take control over the internet and make it a one way broadcast system that only carries THEIR content to THEIR viewers. We still are in a position to stop them, i say we should. Besides, court orders only hold any value for specific countries, i'm quite sure you're all quite capable of just shifting your activities/billing to another one, as are we (and pretty much in real time as well :P should the situation require that.
Re: IPv6 rDNS
I'm not sure there's consensus about whether forward and reverse ought to match (how strong a should is that?). that's pretty much of a should for IRC, and various anti-spam crap on SMTP, furthermore, the entries should be (to a certain extend) unique (hosted-by.provider.com resolving to everything you have and/or the other way around (reverse) fucks things up ;) I know you can't populate every potential record in a reverse zone, as in IPv4. indeed.. ipv6 seems to call for some changes in the way dns servers handle things... no more files people.. preferably no more zones either. (never liked the concept of zones anyway ;) if no database entry (cached in ram!) - automatically generate one based on ip (like a84-22-96-1.cb3rob.net. on ipv4 if there is no more specific database entry for that ip present, such as www.customer.com)) (or just forget about reverse dns alltogether) but then again, quite sure you already figured out bind and zone-based (files) dns have had their days anyway. just write a few lines of c or perl that talk to a database and cache results in ram, if they can't find anything in ram with a recent enough timestamp and there is nothing in the database or the database isn't responding, just generate one based on the ip requested with your domain added (or in-addr.arpa. added, works too, if you don't want -your- domain in reverse dns (and therefore forward!) entries for customers, or its equivalent for ipv6 ;) yes, you -can- actually make A records in in-addr.arpa and its ipv6 equivalent, so there is no need to use -your- domain for it, and you can still make unique -working- -valid- and resolving both ways entries for each ip, also on ipv6, and generate them on the fly (although that requires a move away from bind, don't think you want to load a zonefile with a few billion entries, although generating it would not be such an issue (loading and searching it would). a84-22-97-10:~# nslookup 84.22.99.1 Server: 84.22.96.10 Address:84.22.96.10#53 1.99.22.84.in-addr.arpa name = 1.99.22.84.in-addr.arpa. a84-22-97-10:~# nslookup 1.99.22.84.in-addr.arpa Server: 84.22.96.10 Address:84.22.96.10#53 Name: 1.99.22.84.in-addr.arpa Address: 84.22.99.1 a84-22-97-10:~# On Tue, 2 Nov 2010, David Freedman wrote: Lee Howard wrote: Since there's a thread here, I'll mention rDNS for residential users. I'm not sure there's consensus about whether forward and reverse ought to match (how strong a should is that?). I know you can't populate every potential record in a reverse zone, as in IPv4. You can generate records on the fly, or just not provide PTRs. I've described options in draft-howard-isp-ip6rdns-04 but I'm not sure enough people care whether it's published as an RFC. Discuss on IETF's dnsop list. https://www.ietf.org/mailman/listinfo/dnsop Presuming that signed wildcarding in ip6.arpa is achieveable under DNSSEC (use of the LABELS field), would be interested in anybody other than IRC operators who feel they still require forward and reverse DNS to match, I feel this preferable than either not providing PTRs or dynamically creating them on query (which would be cool but another headache DoS vector to manage well) Thoughts? -- David Freedman Group Network Engineering Claranet Group
Re: IPv6 rDNS
would be interested in anybody other than IRC operators who feel they still require forward and reverse DNS to match, SMTP, email-2 (don't ask ;), and preferably (though not required) anything that has to do with /bin/login on *nix systems (as it shows the reverse dns host name in who and w and last unless specified otherwise). although smtp -itself- does note require it to match, the various anti-spam things -do-. On Tue, 2 Nov 2010, David Freedman wrote: Lee Howard wrote: Since there's a thread here, I'll mention rDNS for residential users. I'm not sure there's consensus about whether forward and reverse ought to match (how strong a should is that?). I know you can't populate every potential record in a reverse zone, as in IPv4. You can generate records on the fly, or just not provide PTRs. I've described options in draft-howard-isp-ip6rdns-04 but I'm not sure enough people care whether it's published as an RFC. Discuss on IETF's dnsop list. https://www.ietf.org/mailman/listinfo/dnsop Presuming that signed wildcarding in ip6.arpa is achieveable under DNSSEC (use of the LABELS field), would be interested in anybody other than IRC operators who feel they still require forward and reverse DNS to match, I feel this preferable than either not providing PTRs or dynamically creating them on query (which would be cool but another headache DoS vector to manage well) Thoughts? -- David Freedman Group Network Engineering Claranet Group
Re: Token ring? topic hijack: was Re: Mystery open source switching
Are there still any commercial X.25 nets in operation? I had some peripheral involvement with Tymnet in the MCI/Concert conversion, and hear it shut down sometime in 2003-4. http://www.ram.nl/nl/aanbieder_van_mobiele_datacommunicatie/diensten/netwerkdiensten?read_more=1323735124421760482 also: yep. commercial x.25 based packet radio networks, and the wired parts to keep them together, are still around. (the non-commercial ones also ofcourse ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 2 Nov 2010, Chris Boyd wrote: On Nov 1, 2010, at 11:48 AM, Nick Hilliard wrote: And FDDI and X.25 and every single legacy protocol Are there still any commercial X.25 nets in operation? I had some peripheral involvement with Tymnet in the MCI/Concert conversion, and hear it shut down sometime in 2003-4. --Chris
Re: Token ring? topic hijack: was Re: Mystery open source switching
if you can live with the rather small mtu :P On Tue, 2 Nov 2010, Patrick W. Gilmore wrote: X.25 is very useful for non TCP applications, especially in places where the infrastructure is less-than-modern. X.25 used as a layer 2 transport (even though it is not technically a L2 protocol, but then neither is ATM) is useful because it has error checking. -- TTFN, patrick On Nov 2, 2010, at 4:34 PM, Julio Arruda wrote: There used to be quite substantial usage of X.25 in Brazil, for a lot longer than usual, for POS transactions. x.28 in fact, that would be PAD to X.25, may still be the case ? (RENPAC and 3028 come to mind) The management of some Nortel GSM devices also could be done over X.25, usually, it would be backhauled over XOT (or in this case, the Nortel equivalent) to the management station, from the devices (I'm happy to say, I don't remember if from the BSCs, or BTSs). Of course, QLLC and running QLLC to LLC (token ring) devices, was the cherry on top..SNA on top of X.25, converting to token ring SNA.. Somehow, I can't get rid of the nightmares and the waking in the middle of the night, thinking about LAPB, and Clear codes and etc., LUs and PUs...the horror...the horror.. On Nov 2, 2010, at 3:59 PM, Sven Olaf Kamphuis wrote: doesn't most of SMS (the crap on GSM's) also run on x.25? i recall some customer of mine talking X.25 to a telco to get their messages to the phones anyway. same for one of our banks not so very long ago... On Tue, 2 Nov 2010, Sven Olaf Kamphuis wrote: Are there still any commercial X.25 nets in operation? I had some peripheral involvement with Tymnet in the MCI/Concert conversion, and hear it shut down sometime in 2003-4. http://www.ram.nl/nl/aanbieder_van_mobiele_datacommunicatie/diensten/netwerkdiensten?read_more=1323735124421760482 also: yep. commercial x.25 based packet radio networks, and the wired parts to keep them together, are still around. (the non-commercial ones also ofcourse ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 2 Nov 2010, Chris Boyd wrote: On Nov 1, 2010, at 11:48 AM, Nick Hilliard wrote: And FDDI and X.25 and every single legacy protocol Are there still any commercial X.25 nets in operation? I had some peripheral involvement with Tymnet in the MCI/Concert conversion, and hear it shut down sometime in 2003-4. --Chris
Re: Token ring? topic hijack: was Re: Mystery open source switching
lets just say that its easier to have a linux box bridge/route between ethernet and token ring than it is to get ethernet nics for your as/400's and other old stuff. you recently converted from token ring to ethernet? i had no idea there was still token ring networks out there, or am i living in a bubble? -g On Oct 31, 2010, at 9:07 PM, Paul WALL wrote: I don't know what the big deal is. I've rolled at least 20 of these switches into my network, and not only are they more stable than the Centillion switches that they replaced, they only cost half as much. Most of the money I dropped was on converting my stations from token ring to ethernet. On Sun, Oct 31, 2010 at 6:59 PM, bas kilo...@gmail.com wrote: Hi, On Sat, Oct 30, 2010 at 11:26 PM, Kevin Oberman ober...@es.net wrote: I might also mention that I received private SPAM from a name we all know and loath. (Hint: He's been banned from NANOG for VERY good reason and his name is of French derivation.) I just added a filter to block any mail mentioning pica8 and will see no more of this thread or their spam. Same here. He harvests email addresses from peeringdb. (I have slight typo's in my peeringdb record to recognize harvested spams.) Bas -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization. -- -- = Carlos M. Martinez-Cagnazzo http://cagnazzo.name =
Re: IPv6 Routing table will be bloated?
dusty old routers with ram problems... solution there: re-think the way you do your routing and compare the price of ram versus cpu cycles. (as well as having custom hardware developed to do it on, intel simply does not offer enough address bus lines to maintain bigass tables and address them linearily so you can keep entries for each ip or mac address out there and counters with them to automatically migitate ddos attacks and give every communications partner their own fair share on the outgoing interface's capacity). (and no, we're not talking linux/bsd here... just dedicated routing firmware on let's say ibm's power-6/power-7 platform) instead of buying the same old shit from juniper/cisco/foundry again which doesn't even have enough ram to announce /30's ipv4 (if everyone would do so ;), let alone properly prevent ddos attacks from even being possible -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 26 Oct 2010, Owen DeLong wrote: On Oct 26, 2010, at 7:06 AM, TJ wrote: Quick comment: IGP bloat != BGP bloat. Your customers cannot announce the space you gave them externally - unless ~/32s, i.e. forced aggregation. He's talking about the bloat that comes from ISPs getting slow-started and then only being able to increase their network in increments of 2x each time, so, effectively ISP gets: 1 x /32 Initial Fills that up, gets 1 x /32 First subsequent Then 1 x /31 then 1 x /30 etc. Probably not quite as bad as IPv4, but, potentially close. Also, your customers shouldn't need to come back for more very often and ideally you have some reservations for them a well :). Consider the scenario where you're dealing with an ISP that provides services to other ISPs as his downstream customers and the above statement doesn't hold true like you think it should. Owen /TJ PS - apologies for top posting. On Oct 26, 2010 9:59 AM, Jack Bates jba...@brightok.net wrote: So, the best that I can tell (still not through debating with RIR), the IPv6 routing table will see lots of bloat. Here's my reasoning so far: 1) RIR (ARIN in this case, don't know other RIR interpretations) only does initial assignments to barely cover the minimum. If you need more due to routing, you'll need to provide every pop, counts per pop, etc, to show how v6 will require more than just the minimums (full routing plan and customer counts to justify routing plan). HD-Ratio has NO bearing on initial allocation, and while policy dictates that it doesn't matter how an ISP assigns to customer so long as HD-Ratio is met, that is not the case when providing justification for the initial allocation. 2) Subsequent requests only double in size according to policy (so just keep going back over and over since HD is met immediately due to the minimalist initial assignment?) So I conclude that since I get a bare minimum, I can only assign a bare minimum. Since everything is quickly maxed out, I must request more (but only double), which in turn I can assign, but my customer assignments (Telcos/ISPs in this case) will be non-contiguous due to the limited available space I have to hand out. This will lead to IGP bloat, and in cases of multi-homed customers whom I provide address space for, BGP bloat. I'm small, so my bloat factor is small, but I can quickly see this developing exactly as my v4 network did (if it was years ago when I first got my v4 allocation, growing to today, for each allocation I got for v4, I'd expect similar out of v6). Sure, the end user gets loads of space with those nice /48's, but the space within ISPs and their ISP customers is force limited by initial allocations which will create fragmentation of address space. This is brought about due to the dual standard of initial vs subsequent allocations (just enough to cover existing vs HD Ratio). As an example, Using HD-Ratios as an initial assignment metric can warrant a /27, whereas the minimalist approach may only warrant a heavily utilized
Re: IPv6 Routing table will be bloated?
On Tue, Oct 26, 2010 at 21:19, Sven Olaf Kamphuis s...@cb3rob.net wrote: On Tue, 26 Oct 2010, Randy Carpenter wrote: - Original Message - On 10/26/2010 12:04 PM, Nick Hilliard wrote: In practice, the RIRs are implementing sparse allocation which makes it possible to aggregate subsequent allocations. I.e. not as bad as it may seem. Except, if you are given bare minimums, and you are assigning out to subtending ISPs bare minimums, those subtending ISPs will end up with multiple networks. Some of them are BGP speakers. I can't use sparse allocation because I was given minimum space and not the HD-Ratio threshold space. Wait... If you are issuing space to ISPs that are multihomed, they should be getting their own addresses. Even if they aren't multihomed, they should probably be getting their own addresses. Why would you be supplying them with address space if they are an ISP? -Randy to my knowledge, RIPE still does not issue ipv6 PI space. so giving them their own space, is problematic to say the least. I got a /48 PI from RIPE a few months back. Maybe your knowledge needs to be a little bit refreshed regarding RIPE allocation policies :) Magically, indeed, an ipv6 pi request form showed up in the lirportal. amazing!
Re: IPv6 Routing table will be bloated?
2. RIPE has always issued PI space to LIRs (ISPs are by definition LIRs). ISPs are not per-se LIRs. LIRs register IP space on behalf of customers customers that do not make delegations themselves (i'm quite sure you don't put each and every one of your access customers into whois, for one thing because that would violate privacy laws :P do not need to be a LIR, and can just do so on PI space. Shared hosting ISPs also do not make subdelegations and generally don't even uses the ips on a one-specific-customer-per-ip basis. So no, ISP's do not have to be a LIR, and LIRs do not have to be an ISP. (in fact, we are considering moving our LIR activities to a completely seperate legal entity from our internet activities). as a LIR is just a buro that issues IP space and does not nessesarily own or operate a network. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 26 Oct 2010, Owen DeLong wrote: On Oct 26, 2010, at 11:19 AM, Sven Olaf Kamphuis wrote: On Tue, 26 Oct 2010, Randy Carpenter wrote: - Original Message - On 10/26/2010 12:04 PM, Nick Hilliard wrote: In practice, the RIRs are implementing sparse allocation which makes it possible to aggregate subsequent allocations. I.e. not as bad as it may seem. Except, if you are given bare minimums, and you are assigning out to subtending ISPs bare minimums, those subtending ISPs will end up with multiple networks. Some of them are BGP speakers. I can't use sparse allocation because I was given minimum space and not the HD-Ratio threshold space. Wait... If you are issuing space to ISPs that are multihomed, they should be getting their own addresses. Even if they aren't multihomed, they should probably be getting their own addresses. Why would you be supplying them with address space if they are an ISP? -Randy to my knowledge, RIPE still does not issue ipv6 PI space. so giving them their own space, is problematic to say the least. RIPE issues PI space in a couple of different forms... 1. Sponsoring LIR can pay 50 Euros/year and subsequently bill the recipient whatever they choose for the PI space. 2. RIPE has always issued PI space to LIRs (ISPs are by definition LIRs). 3. This is NANOG. NA != EU. Owen
Re: IPv6 Routing table will be bloated?
HAHA that would totally make the MAFIAA's day... entering all your dialup and adsl customers into whois as they would be end users :P quite sure the EU would not agree on that definition of what constitutes an end-user, and therefore, its quite possible to provide access services on PI space (as you don't make sub delegations anyway) On Tue, 26 Oct 2010, Sven Olaf Kamphuis wrote: 2. RIPE has always issued PI space to LIRs (ISPs are by definition LIRs). ISPs are not per-se LIRs. LIRs register IP space on behalf of customers customers that do not make delegations themselves (i'm quite sure you don't put each and every one of your access customers into whois, for one thing because that would violate privacy laws :P do not need to be a LIR, and can just do so on PI space. Shared hosting ISPs also do not make subdelegations and generally don't even uses the ips on a one-specific-customer-per-ip basis. So no, ISP's do not have to be a LIR, and LIRs do not have to be an ISP. (in fact, we are considering moving our LIR activities to a completely seperate legal entity from our internet activities). as a LIR is just a buro that issues IP space and does not nessesarily own or operate a network. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 26 Oct 2010, Owen DeLong wrote: On Oct 26, 2010, at 11:19 AM, Sven Olaf Kamphuis wrote: On Tue, 26 Oct 2010, Randy Carpenter wrote: - Original Message - On 10/26/2010 12:04 PM, Nick Hilliard wrote: In practice, the RIRs are implementing sparse allocation which makes it possible to aggregate subsequent allocations. I.e. not as bad as it may seem. Except, if you are given bare minimums, and you are assigning out to subtending ISPs bare minimums, those subtending ISPs will end up with multiple networks. Some of them are BGP speakers. I can't use sparse allocation because I was given minimum space and not the HD-Ratio threshold space. Wait... If you are issuing space to ISPs that are multihomed, they should be getting their own addresses. Even if they aren't multihomed, they should probably be getting their own addresses. Why would you be supplying them with address space if they are an ISP? -Randy to my knowledge, RIPE still does not issue ipv6 PI space. so giving them their own space, is problematic to say the least. RIPE issues PI space in a couple of different forms... 1. Sponsoring LIR can pay 50 Euros/year and subsequently bill the recipient whatever they choose for the PI space. 2. RIPE has always issued PI space to LIRs (ISPs are by definition LIRs). 3. This is NANOG. NA != EU. Owen
RE: IPv6 Routing table will be bloated?
eh don't know about you americans but here in europe you just go to a LIR and ask them to register an AS for you. there are ofcourse maintenance fees nowadays. On Tue, 26 Oct 2010, George Bonser wrote: Shared hosting ISPs also do not make subdelegations and generally don't even uses the ips on a one-specific-customer-per-ip basis. But how do they multihome without an ASN? If they have an ASN, how did they get it without going to an RIR and paying a fee?
Re: IPv6 Routing table will be bloated?
We also have various customers that only obtain LIR registration services and have no network links whatsoever with us (so just PI and/or AS registration, no transit or whatever) which -is- what a LIR does.. operating a network has nothing to do with being a LIR per-se. On Tue, 26 Oct 2010, Blake Dunlap wrote: On Tue, Oct 26, 2010 at 14:45, George Bonser gbon...@seven.com wrote: Shared hosting ISPs also do not make subdelegations and generally don't even uses the ips on a one-specific-customer-per-ip basis. But how do they multihome without an ASN? If they have an ASN, how did they get it without going to an RIR and paying a fee? Its not that hard to get an ASN, and all the work can be done by said ISP on behaf of the client, especially many years ago. The extent of one client's knowledge was to turn off a provider router if they were having problems, anything else was handled by us, even with the other ISPs of the client. -Blake
Re: IPv6 Routing table will be bloated?
what's the problem anyway with 32bit ASN's there should be enough AS namespace to give everyone that wants to multihome their ipv6/ipv4 PI their own AS number... should pretty much be the de-facto standard (unless ofcourse you want to tie your customers to your internet-provider-activities by making it hard to leave) maybe we should have made AS numbers 64 bit as well... so there would be one for every /64 end user as for the rest of it: get routers with more ram (i don't want to hear any my border routers have less than 8GB of ram) arguments, that stuff is -old-, it's got gray hair and a beard and belongs in a museum, not on the internet) The internet will grow, you can't expect it to grow less fast or to aggregate routes just because your technically outdated stuff doesn't have enough ram to handle the growing route table size. (preferably offset-based rather than with a sort/lookup mechanism) if a customer has a /64 and wants to announce that /64 himself, i see no reason not to give it to them, especially not if hte only reason would be that some people run still routers that have less ram than my eeepc. (and some suppliers still think that's OK to sell) On Tue, 26 Oct 2010, Chris Boyd wrote: On Oct 26, 2010, at 2:45 PM, George Bonser wrote: But how do they multihome without an ASN? If they have an ASN, how did they get it without going to an RIR and paying a fee? I beleive Jack said that they have redundant connections to his network. I took that to mean that they did not multihome to different AS. Such arrangements are not uncommon. Sprint seems to have done very well selling this sort of near-turnkey service to rural DSL carriers, tiny single town MSOs and the like. --Chris
Re: New hijacking - Done via via good old-fashioned Identity Theft
no, not the email address is the key, rather a unique string issued by the receiver to each potentuial sender. the email address does not stop spam originating from lets say, hacked windows boxes. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 8 Oct 2010, Joe Greco wrote: On 10/07/2010 04:16 PM, Sven Olaf Kamphuis wrote: you just give contacts for the passwords with which you have received a new one. Hi Sven/others, This very much sounds like TMDA: http://tmda.net/ http://en.wikipedia.org/wiki/Tagged_Message_Delivery_Agent Where by each person that needs to contact you, you give a unique e-mail address. So you give out k...@domain.tld to user1 and k...@domain.tld to user2. That's a good start, but for general use, if I'm handing out an address like s...@jgreco.net to Sven, and l...@jgreco.net to Leen, the real problem here is predictability. If Sven is a bad guy, he can cause trouble by guessing that I'd use l...@jgreco.net for Leen and proceed to pass that address out to spammers, making Leen look like a bad guy. That particular problem is reduced by generating random tokens for the LHS, however, doing so introduces new problems, such as the fact that 23ycs7ia877...@jgreco.net is no longer obviously associated with Sven. I've been very successfully using a much better tagging system here. Take a user-specified identifier, such as, say, sven. You run this through a one-way crypto function, such as MD5: md5=`echo ${1}/SomeMagicSecret | md5` f8=`echo ${md5} | sed s:^\(\).*:\1:` echo $...@${f8}.demo.jgreco.net This results in something like na...@e6ecd2ea.demo.jgreco.net Now this has a bunch of interesting properties. 1) You make *.demo.jgreco.net a DNS wildcard zone that is rewritten to your actual mailbox address. If and when a problematic address is issued, you can add at the DNS level an MX (or whatever nasty you prefer) for the particular domain name that's troubling you; for example, set e6ecd2ea.demo.jgreco.net to NS from 127.0.0.1. Never even touches the mail server. Of course MTA or procmail deny works too. 2) By using a separate zone, it makes it trivial to configure your mail system so that these addresses blow completely by any normal spam filtering; the problem of false positives for things like transactional e-mail that spam filters often find spammy vanishes completely. 3) You need not keep a database of valid tokens; you can simply re-validate the LHS in Procmail. This means that you can do things like write a mobile app or web app that doesn't have to have access to your mail server's innards. The primary downside is that you need some way to compute the crypto-signed bit. 4) You can keep a database of issued tokens along with when and why they were issued. 5) If you make it a habit of using a LHS that's descriptive, it's hard for a sender to argue that the tag was not assigned to them. It's particularly entertaining for things like e-pending because it will reveal which companies you will no longer choose to do business with. This turns out to be very powerful and very flexible. It can be extended to include functionality such as single-use addresses or limited-age addresses, etc. The big trick is to leverage the e-mail address field itself rather than trying to add a password or something like that in the body. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: New hijacking - Done via via good old-fashioned Identity Theft
we have run a simular system for a while, the problem is still with mailinglists and online shops (by lack of a standardised field the password was put anywhere in the email, all email not containing a password was rejected with a message to call sales) a) you print unique passwords on each businesscard, and simply give them to your clients through other means (sales telephone number, etc) b) there is no O(N^2) scaling. you currently have an email address, and maybe a name for everyone you want to email in your address book, or your database, all thats required is another field with the password they gave you. c) totally fine, with us, it stopped 100% of all undesired email (normally 1500 a day just for me alone ;) If what you're asking under point c is what happens if a system that contains such a password for your email address gets compromised the answer is simple, you remove that specific password from your approved passwords list (note that on the receiver side, the password is not linked to the source email address, senders can use any source email address they want, as long as one of the currently active/accepted passwords is in the email) remaining problems with this system are: by lack of a standard header for Password: which should be supported by all clients, address books, online shops, mailinglists, we put the password in the email, which means, that on Cc:'s and forwards etc the password got forwarded along with the email, potentially giving other people the password too. Now, this is -100%- spam stopping, smtp can be as open relay and you want, the internet can be full of compromised windows boxes chunking out tons of crap, but you won't get any spam, just mail from people YOU choose to deal with, by actively -giving- them a password yourself, which you can also -revoke-. (the initial contact, the equivalent of accept contact in skype simply needs to be done through other channels, but really, people that don't know you have no business mailing you anyway ;) We have been watching these so-called spam fighters for a while now, and all they managed to do over the past 20 years or so is completely fuck up the smtp protocol itself, first they fucked up the concept of open relays, then it was stupid and unnessesary delays (graylisting), then there were all kinds of blacklists run by arrogant fools that gladly blacklisted all of level 3 because of one spammer, etc, and you still got spammed, and still get spammed today. If i have to wait for 20 minutes for an email, i've started skype already.. You know what, why don't we simply turn the smtp servers -off- and use skype and msn for everything... saves electricity :P It may be a bit too late to fix the protocol itself to be real-time and peer-to-peer again, but this time without spam ofcourse, as the market has been flooded with better protocols already anyway (the problem with these however is that they're propriatory and vendor dependant). -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 6 Oct 2010, Rich Kulawiec wrote: On Wed, Oct 06, 2010 at 10:14:27PM +, Sven Olaf Kamphuis wrote: (keep in mind, each sender gets a unique password from the receiver, this can be stored in the address book along with the email address itself). I'd like to see the I-D which explains how this is going to work, with particular attention to (a) how the passwords will be exchanged without using email (b) how it's going to handle the O(N^2) scaling and (c) how it's going to work in an environment with at least a hundred million compromised systems -- that is, systems that are now owned by the enemy, who thus also owns the contents of all the address books stored on them...including all the passwords. I think once these issues are addressed it will be only a small matter of implementation to convince everyone to swiftly move to a different protocol for mail. ---rsk
Re: New hijacking - Done via via good old-fashioned Identity Theft
When was email *ever* expected to be real-time? If you need real time, use IM (the clue is in the I), or pick up the phone. if you simply run the smtpd on port 25 of the little boxy thing with the blinking lights and the big shiney apple on it on your desk (which has for most applications replaced the big dusty mainframe in the basement to which your (real-time interactive!) terminal on your desk connected.. and give it a real ip, its pretty much real time. and that's how it was meant to be used, yet made impossible by those dusty old self-declared 'spam fighters', with their clearly non working methods.
Re: New hijacking - Done via via good old-fashioned Identity Theft
- Exactly when and where did RIR whois databases gain any legal status as an authoritive source of information, rather than just an internal tool for network operators? (as far as i see, the rirs are legally nothing more than a collective of network operators, not an authority in any way). - Exactly when and where did RIR whois entries, or rather the lack thereof prohibit any other use of those ranges (as in: blatantly announcing them, not having a registered AS number or someone elses AS number). - Exactly since when and where did IP addresses become property? (Ok, there are some court verdicts identifying them as personal details (although they identify a node on a network, not a person ;) - If they are indeed personal details, they are not allowed to be in public whois in the first place without the consent of the end-end-end user (privacy laws) And furthermore, if you want to stop spam on that shitty old SMTP protocol, i suggest you stop wasting time on blacklisting ips, and start working on a standard to issue all your buddies with a unique password so your mailserver accepts their mail and nobody elses. EVERY MODERN PROTOCOL (skype, msn) does it -that- way, and -that- works. for which it is required that: 1: a standard header is created thats discared on forwards Password: 2: mailinglists, online shops, etc, anyone who does not have your businesscard with a unique password on it, add a field for this. (keep in mind, each sender gets a unique password from the receiver, this can be stored in the address book along with the email address itself). - FLAME You Spam fighters have effectively KILLED smtp by: - blacklists - your anti open relay crap - motivating eyeball isps to block port 25 - graylisting makes it so damn slow nobody wants to use it anymore anyway all of this has resulted in: SMTP no longer being used on the actual workstations Therefore not operating in a p2p and real-time fashion and did you manage to stop spam? - NO, you just managed to make it completely un workable and unreliable. did you manage to make people choose other protocols such as Skype and MSN: yes! (if email was still used in a p2p fashion people would not -need- instant messengers in the first place, as their wintendo computer would just talk smtp and store directly to the inbox) Imap, pop2, pop3 and all that other crap could have been skipped. /FLAME -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 6 Oct 2010, Ronald F. Guilmette wrote: In message aanlkti=rh=kxm6ksk1gkyfu=nh4oazw=c+66meo5h...@mail.gmail.com, Heath Jones hj1...@gmail.com wrote: Certainly, fine folks at Reliance Globalcom Services, Inc. could tell us who is paying them to connect these hijacked blocks to their network, but I rather doubt that they are actually going to come clean and do that. Ron, I haven't been following this anti-spam stuff much since it went political with ARIN but I do have a few quick questions (relating to US law and spam). 1) Is spamming from within the US criminal activity? Sadly, it appears not. In many cases it is however actionable. (And in other cases involving actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and related activity in connection with computers', it may, I think, be considered as an aggravating factor in determining punishments.) What constitutes spam in that case? Are you asking what I think? Or what the majority of netizens think? Or are you asking what U.S. courts think? Those are three different answers. 2) If you could justify the incoming spam as a DOS, is that criminal activity? Could you justify it as a DOS? Yes. No. 3) Is providing ARIN with bogus information just to get around their processes criminal activity? In this case, nobody provided ARIN with *any* bogus information, ever. (So your question is utterly irrelevant to this particular case.) 4) Is obtaining disused IP space / AS allocations from assigned entity, and not updating ARIN criminal activity
Re: Numbering nameservers and resolvers
nowadays, i'd simply put them all on the same /24 which you simply announce on different pops tcp/zonetransfer not working reliably is no longer a problem as you simply retreive those directly from the database over a seperate ip, no more old-fashioned bind related crap. so 1 /24 prefix, with one ip for your authorative nameserver, and maybe one for a resolver if needed, and the rest you leave unused.. this you simply put right next to the routers where you pick up your transit for transport to your own facilities (bet you have some rackspace and power left there too ;) making the network itself redundant rather than the nameserver... not to mention ofcourse that you fit these nameservers with solid state hdd's and ramdisks for the changing files and no moving parts so they last forever, and that whatever nameserver software you run is either an init child with respawn.. as these boxes are actually an integrated solid state router+nameserver, they have a normal static ip for the bgp/ospf session/routing and therefore can use this ip to retreive information themselves from the database and other nameservers once more and more parties buy/build routers with sufficient ram and therefore can handle larger routing tables (it's 2010 people, move on ;) you can also make the prefix smaller, let's say a /29.. our own setup is not yet a proper example here btw, so no bashing on that, but this is what our next setup will look like. kinda like ripes k-root, just used for ordinary authorative servers/resolvers pretty much plug and play (with ospf, with bgp it requires some additional configging ;) and nuke resistant, just the way we like it. this whole you have to put 2 nameservers on two seperate subnets at two different locations seems a bit.. pre-1993 to me. plus, why only 2, why not... 20 or so, all in different parts of the world and let bgp handle the rest. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Tue, 17 Aug 2010, Matthew Palmer wrote: On Mon, Aug 16, 2010 at 06:08:02AM -0700, Owen DeLong wrote: On Aug 16, 2010, at 6:03 AM, Chris Adams wrote: Once upon a time, Patrick W. Gilmore patr...@ianai.net said: 1) Use different prefixes. A single prefix going down should not kill your entire network. (Nameservers and resolvers being unreachable breaks the whole Internet as far as users are concerned.) How do you do this in the IPv6 world, where I get a single /32? Will others accept announcements of two /33s to better handle things like this? The better solution is to trade secondary services with some other provider. Sure, it's a bit of a pain keeping up with the new zones to be added and old zones to be removed back and forth, but, it's a great way to have your authoritative servers truly diverse and independent. At $JOB[3], where I was responsible for this sort of thing, a small amount of shell scripting behind inetd on the master[1], and slightly more shell scripting behind cron on the secondaries[2], and all our problems were solved for all time. - Matt [1] Read /etc/named/zones/* mangled the (standardised) filenames to get a list of the zones, and dumped it on stdout, which went out on a high port that inetd was listening on. [2] nc to the master on the relevant high port, read the list and write out an automated named.conf fragment. Also use a bit of md5sum to detect when the list changed, so we know when to reload named on the slave. [3] Subscript, not footnote.
net-neutrality
Hi, considering the fact that several organisations have been severely undermining net-neutrality over the past few months, which they seem to see as less important than their copyright bullshit, we have decided to set an example: Should the following networks, to which list more will be added over the coming month, desire to exchange traffic with AS34109, they can obtain a traffic relay contract at sa...@cb3rob.net, the costs of which amount to 1 euros per month, excl. 19% VAT, if not, well, then it's simply no more internets for them... sorry peeps. 193.108.8.0/21#GEMA-NET 195.109.249.64/29#SONYMUSIC 195.143.92.160/27#SBMG1-NETS 212.123.224.240/29#Net-WEGENER-MEDIA-BV 212.123.227.64/29#BumaStemra2 212.136.193.216/29#BUMA 212.78.179.240/28#BUMA-STEMRA 213.208.242.160/29#NL-COLT-BUMA-STEMRA 217.148.80.112/28#NL-NXS-CUST-1004613 85.236.46.0/24#IX-UNIVERSAL-NET -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited.
Re: net-neutrality
it is: c) RIAA/MPAA members trying to make ISPs liable for what customers do in order to somehow fork the isp into kicking out the customer, as they refuse to simply go to court against the customer but rather prefer to harrass their ISP or their isp's isp.. Well guess what, we don't really feel like giving them something for free (their traffic being relayed over our infrastructure) if they act hostile, if they can't get the piratebay ITSELF to shut down, we can only conclude the piratebay has the RIGHT to internet just as much as they do, actually more, as the piratebay paid us, and they don't. (so let's change the payment structure a bit and make these people pay us too ;) see also the various piratebay cases, as well as the fact that universal music germany gmbh can't be fucked to pay for their own court fees if they need a court order to get us to give out an address (the poor fuckers, whatever happened to mtv-cribs ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 11 Aug 2010, Mark Smith wrote: On Wed, 11 Aug 2010 10:52:53 + (UTC) Sven Olaf Kamphuis s...@cb3rob.net wrote: Hi, considering the fact that several organisations have been severely undermining net-neutrality over the past few months, What is your definition of violating net-neutrality? Is it (a) carriers ransoming content providers so that only then will the content providers receive fair, equal and unfettered access to the carriers' customers? or (b) applying QoS to customer traffic if necessary because TCP was designed to suck up all the bandwidth available (to try to achieve 100% return on investment in the network capex), based on an original assumption that there'd be short bursts of TCP traffic, and now some applications, particular P2P ones, which use TCP, now create constant rather than bursty load on the network, resulting in congestion and impacting latency sensitive applications such as VoIP and gaming? which they seem to see as less important than their copyright bullshit, we have decided to set an example: Should the following networks, to which list more will be added over the coming month, desire to exchange traffic with AS34109, they can obtain a traffic relay contract at sa...@cb3rob.net, the costs of which amount to 1 euros per month, excl. 19% VAT, if not, well, then it's simply no more internets for them... sorry peeps. 193.108.8.0/21#GEMA-NET 195.109.249.64/29#SONYMUSIC 195.143.92.160/27#SBMG1-NETS 212.123.224.240/29#Net-WEGENER-MEDIA-BV 212.123.227.64/29#BumaStemra2 212.136.193.216/29#BUMA 212.78.179.240/28#BUMA-STEMRA 213.208.242.160/29#NL-COLT-BUMA-STEMRA 217.148.80.112/28#NL-NXS-CUST-1004613 85.236.46.0/24#IX-UNIVERSAL-NET -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited.
Re: net-neutrality
next up on the list: disney, paramount pictures, sony music entertainment, sony pictures entertainment, most of vivendi/universal group, viacom.. all of these organisations have well established themselves on the list of organisations not worthy to have their traffic relayed for free. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 11 Aug 2010, Mark Smith wrote: On Wed, 11 Aug 2010 10:52:53 + (UTC) Sven Olaf Kamphuis s...@cb3rob.net wrote: Hi, considering the fact that several organisations have been severely undermining net-neutrality over the past few months, What is your definition of violating net-neutrality? Is it (a) carriers ransoming content providers so that only then will the content providers receive fair, equal and unfettered access to the carriers' customers? or (b) applying QoS to customer traffic if necessary because TCP was designed to suck up all the bandwidth available (to try to achieve 100% return on investment in the network capex), based on an original assumption that there'd be short bursts of TCP traffic, and now some applications, particular P2P ones, which use TCP, now create constant rather than bursty load on the network, resulting in congestion and impacting latency sensitive applications such as VoIP and gaming? which they seem to see as less important than their copyright bullshit, we have decided to set an example: Should the following networks, to which list more will be added over the coming month, desire to exchange traffic with AS34109, they can obtain a traffic relay contract at sa...@cb3rob.net, the costs of which amount to 1 euros per month, excl. 19% VAT, if not, well, then it's simply no more internets for them... sorry peeps. 193.108.8.0/21#GEMA-NET 195.109.249.64/29#SONYMUSIC 195.143.92.160/27#SBMG1-NETS 212.123.224.240/29#Net-WEGENER-MEDIA-BV 212.123.227.64/29#BumaStemra2 212.136.193.216/29#BUMA 212.78.179.240/28#BUMA-STEMRA 213.208.242.160/29#NL-COLT-BUMA-STEMRA 217.148.80.112/28#NL-NXS-CUST-1004613 85.236.46.0/24#IX-UNIVERSAL-NET -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited.
Re: net-neutrality
hmm funny, it had the piratebay on it, the 3rd most visted .org domain in the world, as well as number 7 or so on the list of most visted websites in the entire world, until a few months ago. not to mention several of our other clients ;) i'd suggest you do your homework properly next time :P the MAFIAA surely did :P -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 11 Aug 2010, Suresh Ramasubramanian wrote: If you announce anything worth reaching in that AS of yours .. MAYBE, JUST MAYBE they'd care rather than yawn 84.22.96.0/19 has, for instance - 84.22.96.254 cock-is.huge.nl If sony music etc want to engage in a size war with you, that's entirely up to them. Meanwhile, please leave nanog out of this. It is your toy AS with what looks like little or no production traffic on it, and you're free to play with it as you like. --srs On Wed, Aug 11, 2010 at 4:22 PM, Sven Olaf Kamphuis s...@cb3rob.net wrote: Hi, considering the fact that several organisations have been severely undermining net-neutrality over the past few months, which they seem to see as less important than their copyright bullshit, we have decided to set an example: Should the following networks, to which list more will be added over the coming month, desire to exchange traffic with AS34109, they can obtain a traffic relay contract at sa...@cb3rob.net, the costs of which amount to 1 euros per month, excl. 19% VAT, if not, well, then it's simply no more internets for them... sorry peeps. 193.108.8.0/21#GEMA-NET 195.109.249.64/29#SONYMUSIC 195.143.92.160/27#SBMG1-NETS 212.123.224.240/29#Net-WEGENER-MEDIA-BV 212.123.227.64/29#BumaStemra2 212.136.193.216/29#BUMA 212.78.179.240/28#BUMA-STEMRA 213.208.242.160/29#NL-COLT-BUMA-STEMRA 217.148.80.112/28#NL-NXS-CUST-1004613 85.236.46.0/24#IX-UNIVERSAL-NET -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: net-neutrality
On Wed, 11 Aug 2010, Suresh Ramasubramanian wrote: On Wed, Aug 11, 2010 at 4:59 PM, Sven Olaf Kamphuis s...@cb3rob.net wrote: hmm funny, it had the piratebay on it, the 3rd most visted .org domain in the world, as well as number 7 or so on the list of most visted websites in the entire world, until a few months ago. no, that doesnt matter as much as just how much traffic you actually exchange with those asns just for your info, this is just the first step, we can make it severely more nasty for them :P. -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited.
Re: net-neutrality
btw, considering that you appearantly run a larger network than the 3 networks we own and operate, willing to sell? :P -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. Co. KG = Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration:HRA 42834 B BERLINPhone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE:CBSK1-RIPEe-Mail: s...@cb3rob.net = penpen C3P0, der elektrische Westerwelle = Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Wed, 11 Aug 2010, Suresh Ramasubramanian wrote: On Wed, Aug 11, 2010 at 4:59 PM, Sven Olaf Kamphuis s...@cb3rob.net wrote: hmm funny, it had the piratebay on it, the 3rd most visted .org domain in the world, as well as number 7 or so on the list of most visted websites in the entire world, until a few months ago. no, that doesnt matter as much as just how much traffic you actually exchange with those asns
Sponsoring request Piratenpartij Nederland
Pardon the interruption regarding this somewhat unusual request, but please forward this to your sponsoring/donations/legal/lobbying department: -- Dear Internet Industry representatives: The Pirate Party Netherlands ( Piratenpartij Nederland), which is concerned with online and offline civil rights and a revision (reduction) of copyright law, is planning to take part in the upcoming parliamentary elections in the Netherlands. Although participation in the elections is open to all parties, it is not without costs. Therefore, the Pirate Party needs external funding from both individuals and organisations which share our vision. The costs which we incur are the following: - EUR 11250.- deposit to the election council (www.kiesraad.nl), to be recieved back if the party attains 75% of one parliamentary seat. - EUR 450.- registration fee for political parties at election council (www.kiesraad.nl) - EUR 500.- notary costs - EUR 150.- chamber of commerce registration (formal association with legal personality) - Online and offline advertising and campaign costs That is why we ask organisations and individuals for contributions to Pirate Party Netherlands. More information can be found at: http://staging.piratenpartij.nl/ Kind regards, representing Pirate Party Netherlands Rogier Huurman, Secretary Pirate Party Netherlands Sven Olaf Kamphuis, Member Piratenpartei Deutschland Member Piratenpartij Nederland Contact: Samir Allioui, Co-President at Pirate Parties International Chairman Piratenpartij Nederland +31627588738 samir.ali...@piratenpartij.nl -- Geachte vertegenwoordigers van de Internet Industrie, De Piratenpartij Nederland, die zich inzet voor online en offline burgerrechten alsmede een herziening (beperking) van de auteursrechten, is voornemens deel te nemen aan de komende verkiezingen voor de Tweede Kamer der Staten Generaal. Deelname aan de verkiezingen is dan wel vrij voor iedereen, maar het is zeker niet gratis. De Piratenpartij heeft daarom behoefte aan externe financiC+le injecties van zowel particulieren als organisaties die zich door onze standpunten aangesproken voelen. De kosten die wij moeten maken zijn als volgt: - 11250 euro borgstelling voor de kiesraad (www.kiesraad.nl), terug te ontvangen van de kiesraad door de partij bij het halen van 0.75e deel van 1 zetel - 450 euro eenmalige inschrijvingskosten kieslijst (www.kiesraad.nl) - 500 euro notariskosten - 150 euro kamer van koophandel (formele vereniging met rechtspersoon) - Online en offline advertentie- en campagnekosten Wij vragen daarom organisaties en particulieren om bijdragen ten bate van de Piratenpartij Nederland. Verdere informatie is beschikbaar op http://staging.piratenpartij.nl/ Met vriendelijke groet, namens Piratenpartij Nederland, Rogier Huurman, Secretary Pirate Party Netherlands Sven Olaf Kamphuis, Lid Piratenpartei Deutschland Lid Piratenpartei Nederland Contact: Samir Allioui, Co-President at Pirate Parties International Voorzitter Piratenpartij Nederland +31627588738 samir.ali...@piratenpartij.nl -- PiratenPartij Nederland Postbus 58006 NL-1040 HA Amsterdam The Netherlands
Re: [members-discuss] Re: RIPE NCC Position On The ITU IPv6 Group (fwd)
just to undermine the ITU's (only) point, why don't we simply have IANA delegate lets say 25% of the available ipv6 space to AFRINIC and APNIC now, like, -now- already... if they're so concerned about the developing countries surely, most of them would be in those regions :P and that should cover their need for centuries to come... On Mon, 1 Mar 2010, Kevin Oberman wrote: Date: Mon, 01 Mar 2010 16:55:43 +0100 From: Adam Waite awa...@tuenti.com Hm, I was under the impression that ARPANET was a government run network... Not since 1992..what you're looking for these days is NIPRnet and SIPRnet, and ESnet, etc, etc, etc. While ESnet is funded by the Department of Energy and they certainly define the strategic policy of ESnet, they don't make design decisions nor get involved with the technical end of the network. ESnet is run by the University of California's Berkeley Lab under contract to the DOE. This may sound like hair splitting, but it is really very different from Fednets like NIPR and SIPR (and many, many others) including the Department of Energy's own DOEnet. Note that DOEnet is used for DOE business operations while ESnet is use support DOE funded research. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 If you don't want to receive mails from the RIPE NCC Members Discuss list, please log in to your LIR Portal account at: http://lirportal.ripe.net/ First click on General and then click on Edit. At the bottom of the Page you can add or remove addresses. If you don't want to receive mails from the RIPE NCC Members Discuss list, please log in to your LIR Portal account at: http://lirportal.ripe.net/ First click on General and then click on Edit. At the bottom of the Page you can add or remove addresses.
Re: Arrogant RBL list maintainers
On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote: As previously noted in this thread, msulli...@sorbs did a fairly good job of documenting this in an RFC draft. I'd say its still the primary goto to point people at for how to do things the right way. http://tools.ietf.org/html/draft-msullivan-dnsop-generic-naming-schemes-00 The time to pursue something like this in the IETF is when there is a substantial industry consensus that it is the right approach and that the folks supporting it will actually use it. Are those of you who have participated in this thread willing to conform to the model specified in this draft? no, as having PTR records in dot seperated form could potentially cause confusion with normal ip addresses in case the search domain is the same. we stick to the must start with an alphabetic and not contain dots method, as in a84-22-123-123 not as in 84.22.123.123.bla.cb3rob.com (which actually are also the host names on the devices on those ips in most cases (although customers are ofcourse free to change that after the control has been given over to them in case of rented out servers). as for the rest of it, i really don't see why we should specifically mark static space as being static space as it's simply the de-facto standard, anything else (dhcp, radius, etc) is -optional- and requires extra protocols, so just mark dynamic ip space explicitly instead (if anything) It's also a thing that does not belong in dns but rather in whois if anywhere at all. RBLs are neither authorised (EU privacy laws anyone?), nor the appointed authority to keep databases on whats static or not. RIRs -are-, if anyone should maintain a database on such things, i'd be the rirs (which they have, it's called whois, it just lacks a field that indicates the type of assignment method used. but i guess that would quickly end the selling point of such databases, as who needs Trend Micro if either DNS or whois already contained all required data to just make your mailservers check it in real-time. Anyway, i wish Trend Micro all the luck with maintaining their little database in the age of IPv6 and decaying SMTP use anyway (we nowadays prefer methods like skype, msn, jabber for most of our communications, SMTP has been considered end-of-life for the past 5 years or so over here in our companies, guess why, because it hardly ever works, thanks to companies like Trend Micro just making up their own little standards. it's just a bit annoying for customers that happen to want to send SMTP based (legacy) email to parties that use their RBL, that's all, but indeed, their list will rapidly be removed by any party using it that finds out about their criteria to be removed (as they seem to add a lot of stuff by default as being dynamic, kinda the wrong way around ;) spam is -not- what will eventually kill all support for smtp (that can be easily solved by adding a header field with a unique password for each contact you have approved, and bouncing everything that doesnt contain one ;), shitty amateuristic RBL lists and graylisting (so your urgent mail arrives 20 minutes late) is what's killing smtp support. the only reason -we- still run it is that RIPE etc do not support other address types in whois and mailinglists (such as nanog) still use it. as it's neither peer to peer anymore, nor real-time (with a lot of parties blocking port 25), nor very certain that your message actually will be delivered anymore. We prefer the pre-approved contact list method anyway, you may notice our emails have this X-CONTACT-FILTER-MATCH: nanog header at the bottom, added by our contact-filter software (kinda like procmail but different) as nanog happens to be the super secret password for this list. business cards etc all contain a unique password, as when you don't know us and we don't know you, you have no business mailing us, same as on skype and msn contact lists. methods like that could ofcourse be implemented in the protocol SMTP itself and in all the clients so it could become a proper mail header at one point, removing the need for all the other crap that only slows the exchange of mail down and lessens its reliability and doesn't really stop spam anyway ;). we don't feel that: - dns is the proper place to distinquish between address assignment methods - dns should be relevant for SMTP to work anyway - RBLs should be authorative to maintain databases of address assignment methods (although the EU privacy laws take it a bit too far, prohibiting companies in germany where we are from even storing IP addresses in the first place ;) - RBLs are an effective method to stop spam (it stops -some-.. not -all-) - Making SMTP less reliable and less fast is a good way to go forward if we want to keep the SMTP protocol around in the future. - Making it impossible to use SMTP in a peer-to-peer fashion on eyeball networks and therefore not very real-time anymore is a good idea. furthermore, trend micro is
Re: Arrogant RBL list maintainers
thing is that it's illegal to maintain a database with personal details which ip addresses according to various german courts are (don't ask.. mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not persons, but the germans seem to mainain a different view on this, despite us isps being the owners of the internet and not the german government ;). therefore we are not even -allowed- to cooperate with trend micro *grin* sometimes laws really come in handy you know ;) -- Sven Olaf Kamphuis CB3ROB Ltd. Co. KG DataServices Phone: +31/87-8747479 Skype: CB3ROB MSN: s...@cb3rob.net C.V.: http://www.linkedin.com/in/cb3rob Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Thu, 10 Dec 2009, Raymond Dijkxhoorn wrote: Hi! RBLs are neither authorised (EU privacy laws anyone?), nor the appointed authority to keep databases on whats static or not. RIRs -are-, if anyone should maintain a database on such things, i'd be the rirs (which they have, it's called whois, it just lacks a field that indicates the type of assignment method used. Who cares!? This is something between the ISP using them and YOU. If people want to make use of ANY datasource thats their own thing. They are not forced to use it at all. There is no EU law or anything involved here. There are blacklists that block .CN, so what, up to you to use it it not. Same with iptables, you can also filter anything you like there, yourselve. No EU law telling anything about that. Stick to the point, solve your issue with the party receiving your mails. they dediced to use the list, and most likely were not forced to do so. If you want to mail with them, fix your reverses. If not, no problem either. But stop whining :) Byem, Raymond. X-CONTACT-FILTER-MATCH: nanog
Arrogant RBL list maintainers
in our many isp companies worldwide, and doesn't imply dynamic lameness AT ALL. thats just your software being all buggy and shit. (why oh why does half the world expect isps to solve things for them for free... when they are not even our customer.. ;) -- Sven Olaf Kamphuis CB3ROB Ltd. Co. KG DataServices Phone: +31/87-8747479 Skype: CB3ROB MSN: s...@cb3rob.net C.V.: http://www.linkedin.com/in/cb3rob Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited.
RE: DMCA takedowns of networks
I am a strong advocate of free speech and have a track record for both supporting and exercising it. But the dissenters must be responsible. Copying a site - copyright infringement - is never free speech, it is illegal activity. I really don't even care if there is a legal omg... it's morally wrong..!!1oneoneeleven well.. that's up for discussion and btw, copyright law was created to protect the investment in a book printing press in order to accomodate people to be able to publish their views on things. now that they can use our internet to publish their work, copyright has become obsolete. (and no, their jedi mind tricks don't work). not to provide leeching attorney firms and lazy artists with free money over the back of the general population. when considering if a law holds any legal value one must look at the situation for which the law was created, as well as democratic aspects and wether it can and should be enforced. (putting 99% of the population in prison because 1% has corrupted the governments and wants to make money on products people clearly no longer want, which they try to sell using an even more outdated business model, isn't rather democratic ;) darwin bitch, the 70s are over. as my 386 already generated all possible combinations of sheet music somewhere in 1996, i'd say all copyrights on music now belong to me. so far for feasability (i'm quite sure they piss their pants we would ever enforce their own laws against them, blocking them from ever releasing anything again). there are also people that consider porn morally wrong yet porn paid for the entire internet infrastructure, and then ofcourse there are people that consider computers in general the tool of the devil. you can't give any idiot with some fake morals their way. furthermore, we own the internet, we make the rules. use is on an as-is basis and if anyone is to be kicked out they can be damn sure it will be the MPAA/RIAA members first (there is after all, as they so nicely point out themselves, no basic right to having your packets relayed, so they'd better act friendly to isps, or paramount pictures may well find their own networks inaccessible from most of the world rather soon). at this moment, we can see such people as nothing else but a clear threat to the internet itself. -- Sven Olaf Kamphuis CB3ROB DataServices Phone: +31/87-8747479 Skype: CB3ROB MSN: s...@cb3rob.net C.V.: http://www.linkedin.com/in/cb3rob Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Sat, 24 Oct 2009, Brandt, Ralph wrote: HE certainly was right in shutting down that site. It had copyright infringement. That they took down other sites is reprehensible unless they lacked the technical capability to do otherwise. (The question then arises, should they be in business if that is the case?) I am a strong advocate of free speech and have a track record for both supporting and exercising it. But the dissenters must be responsible. Copying a site - copyright infringement - is never free speech, it is illegal activity. I really don't even care if there is a legal copyright notice is its morally wrong and it puts the dissenter in a category that is probably worse than the other party. That someone would do that tells me that they are not responsible in dissent and their message is horse crap. It is flashy lacking in thought and content. Why would I consider them a valid source of information? I think the present administration is illegally there and should be removed speedily by impeachment. But I would never steal copyright material to dissent. I have never used his picture because I am not aware of a free use picture. Ralph Brandt www.triond.com/users/Ralph+Brandt -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Saturday, October 24, 2009 9:36 AM To: North American Network Operators Group Subject: Re: DMCA takedowns of networks On Oct 24, 2009, at 9:28 AM, Jeffrey Lyon wrote: Outside of child pornography there is no content that I would ever consider censoring without a court order nor would I ever purchase transit from a company that engages in this type of behavior. A DMCA takedown order has the force of law. This does not mean you should take down an entire network with unrelated sites. Given He's history, I'm guessing it was a mistake. Not buying services from any network that has made a mistake would quickly leave you with exactly zero options for transit. -- TTFN, patrick On Oct 24, 2009 9:01 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: http://www.huffingtonpost.com/2009/10/23/chamber-of-commerce
Re: DMCA takedowns of networks
Is there a better solution that doesn't require intrusive parsing? Sure. Tell the hoster they've got to shut it down, or else lose their connectivity. which would be called blackmail. sure, have the cops arrest the guy that actually runs the site or uploaded it onto the site, if they cannot (because it simply doesnt happen to be illegal in the country where he resides) they are out of luck and have to live with it. furthermore, in any case, a proper court order specifically mentioning the url, the customer, the right company out of our christmastree of companies worldwide, etc would be required as we dont plan to decide whats illegal and what not. ofcourse all of this only applies to real crime. not to whining dmca idiots, whom are criminals themselves. -- Sven Olaf Kamphuis CB3ROB DataServices Phone: +31/87-8747479 Skype: CB3ROB MSN: s...@cb3rob.net C.V.: http://www.linkedin.com/in/cb3rob Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Mon, 26 Oct 2009, Joe Greco wrote: So why are we having this discussion? Because it appears that HE took down non-infringing sites? Excuse me for stating the obvious. :-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - On the technical side of this question... Let's say that a customer is doing virtual hosting. So they have a bunch of sites (Let's say hundreds) on a single IP address. Given that one of the sites is misbehaving (use your own definition), how would a provider block the one site, without blocking others that share the same IP address, without looking at every port 80 request and parsing for the header for the URL? Is there a better solution that doesn't require intrusive parsing? Sure. Tell the hoster they've got to shut it down, or else lose their connectivity. Sometimes it can be both simple *and* obvious. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples. X-CONTACT-FILTER-MATCH: nanog