from:"rw...@ropeguru.com"

Not impressed at all. DO customers have been asking for IPv6 for 
around two years now with responses of, It's coming. Now they are 
getting press because they are rollingit our ONLY in their Singapore 
market which is its newest data center. Those of us here in the US are 
still getting the same ole, It's coming responses.


There are other VPS's out there that are already givinf IPv6 
addresses. I have two with www.peakservers.com where I get one IPv4 
and 8 IPv6 addresses.


On Tue, 17 Jun 2014 07:06:49 -0700
 Ca By cb.li...@gmail.com wrote:
I have not tried it out, this makes it look like DO beat  Azure to 
market

on ipv6

http://venturebeat.com/2014/06/17/digitalocean-ipv6/

Speaking of Azure and ip adresses

http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-microsoft-runs-out-of-us-address-space.html

Re: Credit to Digital Ocean for ipv6 offering

I don't think it is harsh when they lead their customers on with no
progress.

https://www.digitalocean.com/community/questions/is-ipv6-available

digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2639897-ipv6-addresses

Take note of the original post dates and the responses. Original
questions were in 2012 with responses of Q4 2012 to Q1 2013.

Robert

On Tue, 17 Jun 2014 11:17:41 -0400
Jared Mauch ja...@puck.nether.net wrote:
I think that's a bit harsh. I congratulate them for getting the
first step done in the process of making it available for all
customers.

Jared Mauch

On Jun 17, 2014, at 10:35 AM, rw...@ropeguru.com
rw...@ropeguru.com wrote:

Not impressed at all. DO customers have been asking for IPv6 for
around two years now with responses of, It's coming. Now they are
getting press because they are rollingit our ONLY in their Singapore
market which is its newest data center. Those of us here in the US
are still getting the same ole, It's coming responses.

There are other VPS's out there that are already givinf IPv6
addresses. I have two with www.peakservers.com where I get one IPv4
and 8 IPv6 addresses.

On Tue, 17 Jun 2014 07:06:49 -0700
Ca By cb.li...@gmail.com wrote:
I have not tried it out, this makes it look like DO beat Azure to
market

on ipv6
http://venturebeat.com/2014/06/17/digitalocean-ipv6/
Speaking of Azure and ip adresses
http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-microsoft-runs-out-of-us-address-space.html

Re: Credit to Digital Ocean for ipv6 offering

There are other VPS's out there that are already givinf IPv6 
addresses.


Yep, I use rootbsd.net and arpnetworks.com and have been happy with 
both.


I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 
addresses.


Wait. What?  Do you mean 8 /64s?


No, 8 individual IPv6 addresses.

There have also been reports from some DO users of HE tunnels being 
blocked. Not sure what the status of that is.

Re: Credit to Digital Ocean for ipv6 offering


On Tue, 17 Jun 2014 13:25:37 -0400
 valdis.kletni...@vt.edu wrote:

On Tue, 17 Jun 2014 13:14:04 -0400, rw...@ropeguru.com said:


No, 8 individual IPv6 addresses.


Wow. Harsh.  I burn more than that just in my living room.


I don't think that is too harsh as all 8 are assigned to a single 
server. So if I have three VPS's, I have 24 total addresses.

Peak Servers Contact

2014-06-12 Thread rw...@ropeguru.com

Anyone at peak servers on this list? I am seeing major latency and 
packetloss inside your network to both of my vps servers.


Please contact off list.

Robert

Re: Time Warner IPv6 Reverse DNS?

2014-06-12 Thread rw...@ropeguru.com



If your IPv6 subnet is being allocated by TW, then it is up to them 
whether or not to allow the customer to manage their own rDNS.


I have not asked about IPv6 with Comcast Business, but I know with 
IPv4 IP blcks, they will turn the request around pretty quickly once 
asked.


Robert

On Thu, 12 Jun 2014 17:58:08 +0200
 hasser css hasserva...@gmail.com wrote:
Some IPv6 email is not working well for me on my TWC Internet 
connection

due to their IPv6 block not having PTR records.

Is it possible for me to delegate my IPv6 range to my own DNS 
server, or
something similar? I have talked to level 3 support and they were 
pretty
much clueless, so I decide to ask here if anyone has insight or 
similar

issues in the past.

Thanks!

Re: crave your indulgence

2014-05-27 Thread rw...@ropeguru.com



Looks good from here:

Tracing route to 2001:500:84::b over a maximum of 30 hops

  11 ms1 ms1 ms  2601:8:1400:880::1
  2 *** Request timed out.
  310 ms 9 ms 8 ms 
te-9-3-ur01.shadygrove.va.richmond.comcast.net [2001:558:182:fb::1]
  4 9 ms 9 ms 7 ms 
xe-12-0-1-0-ar02.staplesmllrd.va.richmond.comcast.net 
[2001:558:180:25::1]
  524 ms24 ms26 ms 
pos-3-10-0-0-cr01.56marietta.ga.ibone.comcast.net 
[2001:558:0:f6e6::1]

  6 *** Request timed out.
  723 ms24 ms23 ms  2001:559::1056
  823 ms23 ms24 ms  ae-6.r03.atlnga05.us.bb.gin.ntt.net 
[2001:418:0:2000::31]
  942 ms76 ms90 ms  ae-7.r21.dllstx09.us.bb.gin.ntt.net 
[2001:418:0:2000::37d]
 1043 ms41 ms41 ms  ae-0.r20.dllstx09.us.bb.gin.ntt.net 
[2001:418:0:2000::a9]
 1171 ms73 ms90 ms  ae-5.r20.lsanca03.us.bb.gin.ntt.net 
[2001:418:0:2000::295]
 1271 ms72 ms74 ms  ae-1.r05.lsanca03.us.bb.gin.ntt.net 
[2001:418:0:2000::116]

 1373 ms72 ms74 ms  2001:418:1401:1a::2
 1472 ms75 ms72 ms  2001:1878::181:177
 1574 ms71 ms71 ms  2001:500:84::b

On Tue, 27 May 2014 11:28:00 -0700
 manning bill bmann...@isi.edu wrote:
If you wouldn’t mind a quick tracerooute -  Can you confirm 
reachability to the following:


2001:500:84::b

Thanks in advance.

/bill
Neca eos omnes.  Deus suos agnoscet.

Re: Comcast transit problems?

2014-04-22 Thread rw...@ropeguru.com



Looks like they are having issues other than Atlanta.

http://downdetector.com/status/comcast-xfinity/map

On Tue, 22 Apr 2014 09:06:35 -0500
 Blair Trosper blair.tros...@gmail.com wrote:
I'm being inundated with reports from Comcast customers in various 
markets
about their inability to reach anything on AWS.  For example, we 
have a few

people in Atlanta that are all having this issue.

What's more, they're having weird issues reaching things like 
Twitter or

RingCentral (while other sites like Google and CNN work fine).

(RingCentral's support department apparently knows about this and is
telling their customers that use Comcast that they're aware of the 
issue

but don't know what's going on at the present time.)

Calls to the Comcast customer support just yield the everything's 
fine,

you're crazy response from the staff.

Can anyone from Comcast give me some help (or information) off list?

-bt

RE: DMARC - CERT?

2014-04-14 Thread rw...@ropeguru.com

Plus I guarantee that something this SIGNIFICANT would catch the attention of 
many tech news outlets, social sites, and many email lists if they had given 
due notice and allowed people time to digest the change. But, I guess since 
everything except their email has become pretty much irrelevant these days, 
they had to do something to get attention and try to be the big bully again.

I personally run only a couple of small email lists in which the subscribers 
are specifically added by me when someone wants on, and this has caused us, 
because the submitter has a long  time Yahoo email address and will not change, 
a huge headache. The sender has had to resort to sending email from Yahoo 
account multiple time in order to get the emails out to the 180+ subscribers. 
Some people cannot change their email due to having it for so long it is just 
not practical. Only other work around I have for this user is to give them a 
private email list on the email server where he can send from that is not a 
Yahoo address. This causes extra work because every email he wants to forward 
on, he must now first send it to the new private address, then login to the 
private email address web mail, then forward.

I have to agree with this others out there that Yahoo SHOULD, not COULD, have 
handled this a lot better. All the other big ISP's out there should be whipping 
Yahoo's a$$ about right now. But as usual, not a peep!

Robert

-Original Message-
From: Miles Fidelman [mailto:mfidel...@meetinghouse.net]
Sent: Monday, April 14, 2014 5:28 PM
Cc: NANOG
Subject: Re: DMARC - CERT?

Christopher Morrow wrote:
 On Mon, Apr 14, 2014 at 4:44 PM, Scott Howard sc...@doc.net.au wrote:
 On Mon, Apr 14, 2014 at 1:39 PM, Christopher Morrow
 morrowc.li...@gmail.com wrote:
 On Mon, Apr 14, 2014 at 4:34 PM, Matthias Leisi matth...@leisi.net
 wrote:
 They could have communicated, as in listen folks, we are going to
 make a critical change that will affect mailing lists (etc...) in
 four weeks time.
 communicated it where?

 The Internet.
 I was trying, really, to be not-funny with my question.

 if you're going to do something that has the potential to affect (say,
 for example) email to a wide set of people, most of which are NOT your
 direct users, how do you go about making that public?

 'the internet' isn't really a good answer for 'how do you notify'.
 Doug's note that: email mailops is good... but I'm not sure how many
 people that run lists listen to mailops? (I don't ... i don't run any
 big list, but...)

 I also wonder about update cycles for software in this realm? and for
 very larger list operators there's probably some customization and
 such to hurdle over on the upgrade path, eh? so how much leadtime is
 enough? how much is too much? 1yr seems like a long time - people will
 forget, 1wk doesn't seem like enough to avoid firedrills and
 un-intended bugs.

 A blog entry and a post to a few key relevant mailing lists would have
 specifically which mail-lists?



How about the support lists for all the email list packages they could
think of - let's start with mailman, majordomo, listserve, listproc,
sympa, ezmlm, .

Might have been nice if they'd offered some support for patching the
open source ones.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

[no subject]

So I certainly admit I am a basic networking guy and in the past have not had 
to get into the nitty gritty of port statistics.

I am trying to understand some statistics off a switch port in a Nexus 4001i.

All TX and RX counters look normal except on the TX side, I am showing 1107597 
input discards. Last clearing of show counters is 1d8h ago.

I have it in my mind that this particular counter is dropping packets coming in 
from another port inside the switch that are to be transmitted out to the end 
server.

So lets say the interface I am looking at is port 2 on the switch. So server 1 
sends a packet to port 1 on the switch. That packet then traverses to 
backplane, or inside the same ASIC, to port 2 on the switch. It is then dropped 
and not transmitted out to server 2.

Is the scenario I just presented correct? Not looking for the reason in this 
email, just that my logical understanding is correct.

Robert


Sent from my Verizon Wireless 4G LTE smartphone

RE: Switchport Counters




Sent from my Verizon Wireless 4G LTE smartphone

 Original message 
From: rw...@ropeguru.com 
Date:03/27/2014  11:52 AM  (GMT-05:00) 
To: nanog@nanog.org 
Subject:

Switchport Counters - Take two

Apologies to everyone for the original email with no subject. I am 
having some senior email moments today.


Anyway

So I certainly admit I am a basic networking guy and in the past have 
not had to get into the nitty gritty of port statistics.


I am trying to understand some statistics off a switch port in a Nexus 
4001i.


All TX and RX counters look normal except on the TX side, I am showing 
1107597 input discards. Last clearing of show counters is 1d8h ago.


I have it in my mind that this particular counter is dropping packets 
coming in from another port inside the switch that are to be 
transmitted out to the end server.


So lets say the interface I am looking at is port 2 on the switch. So 
server 1 sends a packet to port 1 on the switch. That packet then 
traverses to backplane, or inside the same ASIC, to port 2 on the 
switch. It is then dropped and not transmitted out to server 2.


Is the scenario I just presented correct? Not looking for the reason 
in this email, just that my logical understanding is correct.


Robert

Re:



It is actually a 4001i for an IBM Blade Chassis. Sorry for that.

So in this setup, port a would be a trunk with multiple vlans 
connection back to a 6509. port b would be a switch port in access 
mode that connects to an IBM blade in the chassis.


Not sure that this situation fits either of those scenarios.

Overall problem is that we are seeing performance issues between 
servers. These servers are all AIX based. We believe/know that we have 
some misconfigurations in the environment with jumbo frames and flow 
control. My curiosity about the discards is due to those 
misconfigurations. The port I mentioned in my original email has 
around 480 million output packes to the 1.1 million discards.


We do have IBM and Cisco support engaged, I am just trying to make 
sure I understand enough to be dangerous when I am working with them.


Robert

On Thu, 27 Mar 2014 12:55:46 -0400
 Lee ler...@gmail.com wrote:

On 3/27/14, rw...@ropeguru.com rw...@ropeguru.com wrote:
So I certainly admit I am a basic networking guy and in the past 
have not

had to get into the nitty gritty of port statistics.

I am trying to understand some statistics off a switch port in a 
Nexus

4001i.


Good luck.  I couldn't find anything for a nexus 4000, but did find
this for IOS:
In-Discard - The result of inbound valid frames that were discarded
because the frame did not need to be switched. This can be normal if 
a
hub is connected to a port and two devices on that hub exchange 
data.

The switch port still sees the data but does not have to switch it
(since the CAM table shows the MAC address of both devices 
associated

with the same port), and so it is discarded. This counter can also
increment on a port configured as a trunk if that trunk blocks for
some VLANs, or on a port that is the only member of a VLAN.

so if you've got something like
switch a: switchport trunk allowed vlan 1-5
switch b: switchport trunk allowed vlan 1-4

when switch a sends a frame on vlan 5, switch b counts it as an 
input discard.


Lee



All TX and RX counters look normal except on the TX side, I am
showing 1107597 input discards. Last clearing of show counters is 
1d8h ago.


I have it in my mind that this particular counter is dropping 
packets coming
in from another port inside the switch that are to be transmitted 
out to the

end server.

So lets say the interface I am looking at is port 2 on the switch. 
So server
1 sends a packet to port 1 on the switch. That packet then traverses 
to
backplane, or inside the same ASIC, to port 2 on the switch. It is 
then

dropped and not transmitted out to server 2.

Is the scenario I just presented correct? Not looking for the reason 
in this

email, just that my logical understanding is correct.

Robert


Sent from my Verizon Wireless 4G LTE smartphone

Re: A little silly for IPv6


On Tue, 25 Mar 2014 23:28:04 -0500
 Larry Sheldon larryshel...@cox.net wrote:

According to the Ace of Spades HQ blog:


IPv6 would allow every atom on the surface of the earth to have its
own IP address, with enough spare to do Earth 100+ times.



--
Requiescas in pace o email   Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio  Infallibility, and the ability 
to

learn from their mistakes.
  (Adapted from Stephen 
Pinker)




I want to see HIS source of hpow many atoms are actually on the earth. 
Somehow, I do not think anyone knows that answer. So his comparision 
is a joke.


Robert

Re: IPv6 isn't SMTP


On Wed, 26 Mar 2014 07:45:06 -0500
 Daniel Taylor dtay...@vocalabs.com wrote:

On 03/25/2014 11:18 PM, John Levine wrote:
3.  Arguing about IPv6 in the context of requirements upon SMTP 
connections is playing that uncomfortable game with

one�s own combat boots.  And not particularly productive.

If you can figure out how to do effective spam filtering without
looking at the IP addresses from which mail arrives, you will be in 
a

position to make a whole lot of money.

But, as always, I'm not holding my breath.

R's,
John

PS: Note the word effective.


You look at the IP, and verify forward and reverse DNS.

IPv6 doesn't make this any harder a problem than IPv4, it just means 
that we're going to *have* to reject mail that comes in from IPv6 
addresses that don't have clean DNS.


--
Daniel Taylor  VP OperationsVocal Laboratories, 
Inc.
dtay...@vocalabs.com   http://www.vocalabs.com/ 
  (612)235-5711





Actually, with all the discussion about ipv6 not having rDNS, in most 
cases, would that not make things easier? So those that want to run 
email servers SHOULD be on ISP's that allow for rDNS configuration for 
IPv6. There should be some vetting in the process by the ISP, maybe, 
before allowing this. So in essence, if you are a legitimate email 
host, you will have rDNS configured on IPv6 for your server. Again, as 
others have stated, rDNS should NOT be the only deciding factor in 
whether or not an email is legit. No rDNS, or havinf rDNS, should have 
some weight assigned to it for the overall evaluation of the sender.


Robert

Re: A little silly for IPv6

I would support THIS as a better reference than some of the other 
email responses I have gotten.


Again comparing something like factual numbers of IPv6 addresses the 
the very fuzzy math of guessing how many atoms there are is very silly 
indeed.


On Wed, 26 Mar 2014 13:06:15 +
 Gary Buhrmaster gary.buhrmas...@gmail.com wrote:
On Wed, Mar 26, 2014 at 12:55 PM, rw...@ropeguru.com 
rw...@ropeguru.com wrote:

.
I want to see HIS source of hpow many atoms are actually on the 
earth.
Somehow, I do not think anyone knows that answer. So his comparision 
is a

joke.


Obligatory xkcd ref:  https://xkcd.com/865/

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability



Is this normal for the list to diretly get Cisco security advisories 
or something new. First time I have seen these.


Robert

On Wed, 26 Mar 2014 12:10:00 -0400
 Cisco Systems Product Security Incident Response Team 
ps...@cisco.com wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cisco IOS Software SSL VPN Denial of Service Vulnerability

Advisory ID: cisco-sa-20140326-ios-sslvpn

Revision 1.0

For Public Release 2014 March 26 16:00  UTC (GMT)

Summary
===

A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of 
Cisco IOS Software could allow an unauthenticated, remote attacker to 
cause a denial of service (DoS) condition.


The vulnerability is due to a failure to process certain types of 
HTTP requests. To exploit the vulnerability, an attacker could submit 
crafted requests designed to consume memory to an affected device. An 
exploit could allow the attacker to consume and fragment memory on 
the affected device. This may cause reduced performance, a failure of 
certain processes, or a restart of the affected device.


Cisco has released free software updates that address this 
vulnerability.

There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn

Note: The March 26, 2014, Cisco IOS Software Security Advisory 
bundled publication includes six Cisco Security Advisories. All 
advisories address vulnerabilities in Cisco IOS Software. Each Cisco 
IOS Software Security Advisory lists the Cisco IOS Software releases 
that correct the vulnerability or vulnerabilities detailed in the 
advisory as well as the Cisco IOS Software releases that correct all 
Cisco IOS Software vulnerabilities in the March 2014 bundled 
publication.


Individual publication links are in Cisco Event Response: Semiannual 
Cisco IOS Software Security Advisory Bundled Publication at the 
following link:


http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+
mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i
uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc
X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd
atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn
dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo
RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8
2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ
0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd
EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB
ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7
RF3x0wYuErbbC7N9m1UH
=1Ixo
-END PGP SIGNATURE-

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability