On 25 mei 2009, at 19:34, Phillip Hallam-Baker wrote:
But I think we need to restate the problem. We don't need to prove
that the information is valid so much as determine whether it is
likely to break things or not.
Not simple. One approach that seems attractive is to still allow
routes
On Sat, May 23, 2009 at 5:52 AM, Iljitsch van Beijnum
iljit...@muada.com wrote:
[belatedly]
On 12 mei 2009, at 21:42, Phillip Hallam-Baker wrote:
As for adding IPSEC to BGP, I would not want to comment on the
competence of the person involved.
We need to replace the MD5 hack with IPsec,
[belatedly]
On 12 mei 2009, at 21:42, Phillip Hallam-Baker wrote:
As for adding IPSEC to BGP, I would not want to comment on the
competence of the person involved.
We need to replace the MD5 hack with IPsec, because MD5 doesn't have
any DoS potection, crypto algorithm agility or key
On Tue, May 12, 2009 at 10:25 PM, Steven M. Bellovin
s...@cs.columbia.edu wrote:
On Tue, 12 May 2009 15:42:26 -0400
When you do run an ISP, let me know how well that actually works.
Well one thing my approach would be a lot less good at would be
forcing upgrades to ludicrously expensive
We can all agree on the fact there is a problem. That does nothing.
What matters to me is if we plan to do something about it before
crunch time comes.
As for adding IPSEC to BGP, I would not want to comment on the
competence of the person involved. I will merely note that maybe the
proposal
Looks to me that we have an obscurity based 'security' system going on there.
The security of the system depends on various net-ops using their
skill and judgment to discriminate between purported updates. Such
systems tend to fail catastrophically once there is an incentive to
attack them.
At
On Tue, 12 May 2009 09:25:07 -0400
Phillip Hallam-Baker hal...@gmail.com wrote:
Looks to me that we have an obscurity based 'security' system going
on there.
Everyone in the business understands that there is a routing security
problem. There is some disagreement about the magnitude of the
On Tue, 12 May 2009 15:42:26 -0400
Phillip Hallam-Baker hal...@gmail.com wrote:
We can all agree on the fact there is a problem. That does nothing.
What matters to me is if we plan to do something about it before
crunch time comes.
As for adding IPSEC to BGP, I would not want to comment on
Subject: Re: Status of the 16-bit AS Number space Date: Tue, May 05, 2009 at
09:02:50PM -0700 Quoting Bill Manning (bmann...@isi.edu):
a thought experiment.
snip
Is the 15ms moritorium excessive?
No. Perhaps even short. A month should be appropriate. Those who update
* Bill Manning:
The question is why there should be moratorium on returned ASNs. I can
think of one reason that could be of dis-service to a new assignee, but
all we have so far is handwaving from the proponents.
___
a thought experiment.
Wed, May 06, 2009 at 08:49:42AM +0200, Mans Nilsson:
Is the 15ms moritorium excessive?
No. Perhaps even short. A month should be appropriate. Those who update
their filters based on RIR data with some support system assistance do
so daily/weekly. Those who have manually updated
* Steve Crocker:
I strongly advise against quick reallocation of returned AS numbers.
Returned AS numbers should stay out of service for a substantial
period of time.
Why?
It seems to be consensus among operators that it's fine to use other
people's ASNs in the global routing table, so such
Tue, May 05, 2009 at 08:22:27PM +0200, Florian Weimer:
* Steve Crocker:
I strongly advise against quick reallocation of returned AS numbers.
Returned AS numbers should stay out of service for a substantial
period of time.
Why?
It seems to be consensus among operators that it's fine
The question is why there should be moratorium on returned ASNs. I can
think of one reason that could be of dis-service to a new assignee, but
all we have so far is handwaving from the proponents.
___
a thought experiment.
John is
...@vigilsec.com wrote:
I thought that the whole community would like to be aware of this
status.
Russ
From: Michelle Cotton michelle.cot...@icann.org
To: i...@ietf.org i...@ietf.org
Date: Wed, 22 Apr 2009 20:52:18 -0700
Subject: Status of the 16-bit AS Number space
Dear IESG,
This is to let you
I thought that the whole community would like to be aware of this status.
Russ
From: Michelle Cotton michelle.cot...@icann.org
To: i...@ietf.org i...@ietf.org
Date: Wed, 22 Apr 2009 20:52:18 -0700
Subject: Status of the 16-bit AS Number space
Dear IESG,
This is to let you know what we now
, would not be reallocated if it were returned. So, in
theory there are far more available than this lets on.
From: Michelle Cotton michelle.cot...@icann.org
To: i...@ietf.org i...@ietf.org
Date: Wed, 22 Apr 2009 20:52:18 -0700
Subject: Status of the 16-bit AS Number space
Dear IESG
of a block.
AS1 for example, would not be reallocated if it were returned. So, in
theory there are far more available than this lets on.
From: Michelle Cotton michelle.cot...@icann.org
To: i...@ietf.org i...@ietf.org
Date: Wed, 22 Apr 2009 20:52:18 -0700
Subject: Status of the 16-bit AS Number
Is there a parallel report on the current usability of 32-bit AS numbers?
--Paul Hoffman, Director
--VPN Consortium
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Thu, Apr 23, 2009 at 11:46:01AM -0400, Steve Crocker:
I strongly advise against quick reallocation of returned AS numbers.
Returned AS numbers should stay out of service for a substantial period
of time.
why? because someone somewhere might have policy with one of these ASNs
hard-coded?
--On Thursday, April 23, 2009 11:46 -0400 Steve Crocker
st...@shinkuro.com wrote:
I strongly advise against quick reallocation of returned AS
numbers. Returned AS numbers should stay out of service for a
substantial period of time.
The same should be true for other deactivated quantities
: Michelle Cotton michelle.cot...@icann.org
To: i...@ietf.org i...@ietf.org
Date: Wed, 22 Apr 2009 20:52:18 -0700
Subject: Status of the 16-bit AS Number space
Dear IESG,
This is to let you know what we now have fewer than 10 blocks of 16-
bit AS Numbers left in the IANA free pool.
Yesterday we
Geoff Huston wrote:
You, and the community, may find these two AS number use reports helpful.
It's quite interesting to see the lack of scalability of multihoming
by routing is destroying the Internet.
The first, http://www.potaroo.net/tools/asn16/ looks at the levels of
consumption of
23 matches
Mail list logo