NIST has a new draft publication on Wireless Network Security. It is a
good consolidation of 802.11 and bluetooth wireless security.
http://csrc.nist.gov/publications/drafts/draft-sp800-48.pdf
What I would like to call network operator's attention is the checklist of
recommended wireless
NASA has had this out for over a year.
http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html
/Dee
--
W.D.McKinney (Dee)
http://3519098920
You aren't the biggest offender, but how should anyone draw an arbitrary
line for you are polluting too much and you are polluting, but to a
reasonable extent.
The most reasonable and quantitative means I can see is technical; if
there is no network engineering benefit to announcing more
Announce your largest aggregate, and announce more-specifics tagged
no-export to those peers who agree to accept them?
Which is worse than announcing just the more specifics to 2 different
transit providers in 2 different cities.
Worse for those two transit providers, not the
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
Worse for those two transit providers, not the rest of the world.
Why won't the rest of the world see extra hops and increased latency
reaching my network (for the 50% of the time that the wrong transit
provider is picked).
Because you could
On Sat, Jul 27, 2002 at 09:14:35AM -0400, Ralph Doncaster wrote:
[snip]
You could do a deaggregate+no-export method as well, even with your two
different transit providers. You would just need to run ebgp-multihop
to each of them from the opposite network, and announce your
Why won't the rest of the world see extra hops and increased latency
reaching my network (for the 50% of the time that the wrong transit
provider is picked).
Because you could *gasp* be intelligent with your network design and do
things like purchase transit from the same carriers in
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
If you want to run seperate networks, run separate networks. Different
ASes, the whole 9 yards; perhaps a re-reading of rfc1930 is in order?
That brings us back to the discussion of PI space. If de-aggregating my
/20 didn't work, then I'd
If the size of the global routing table is really an important issue, why
not start filtering /24 announcements?
I have more of a legal right to use my /20 since I pay ARIN $2K/yr for
it, vs most /24 owners.
Filtering /24s should cut the size of the global routing table back to
1998 levels.
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
Because you could *gasp* be intelligent with your network design and do
things like purchase transit from the same carriers in both your serving
markets.
I guess you don't consider redundancy to be intelligent. I do. I guess
you can call
Ralph,
I think you're missing the point a bit. Don't expecy to use resources on
other people's networks and routers to do your own traffic engineering
unless you pay them for it.
You must buy transit from the same ISP in each city, and then you can do
your traffic engineering using their
If you want to run seperate networks, run separate networks. Different
ASes, the whole 9 yards; perhaps a re-reading of rfc1930 is in order?
That brings us back to the discussion of PI space. If de-aggregating my
/20 didn't work, then I'd either inefficiently use IP space in order
Because you could *gasp* be intelligent with your network design and do
things like purchase transit from the same carriers in both your serving
markets.
I guess you don't consider redundancy to be intelligent. I do. I guess
you can call me stupid.
Carriers is a plural word..
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
And your assumption about my Ottawa-Toronto link is wrong. I have a 100M
point-to-point ethernet link between the cities. I have a 100M transit
connection to Peer1 in Toronto, and have issued a letter of intent to a
transit provider in Ottawa
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
If the size of the global routing table is really an important issue, why
not start filtering /24 announcements?
By all means, go ahead. You don't need anyone's permission. Report back with
your results.
I have more of a legal right to use my
On Sat, Jul 27, 2002 at 11:17:57AM -0400, Ralph Doncaster wrote:
Carriers is a plural word.. How does that not accomplish redundancy again?
As I pointed out in my last post, I can't. And even if I could the
economics of doing it don't make sense.
If economics don't matter, then the
Off your network, your legal rights are pretty limited. I (and I'm sure
lots of other admins) block at the /24 boundry. Anything you announce
from /25 to /32 will be ignored on my network. Some providers choose to
block according to RIR allocation sizes. To me, that's not worth the
Your economic problems are your own, if you were smart you would learn how
to solve them within the rules of the game.
I know how to solve the problem within the rules. Getting a dozen /24s
in the swamp would solve the problem, but would pollute the global routing
table more than
On Sat, 27 Jul 2002, Ralph Doncaster wrote:
And your assumption about my Ottawa-Toronto link is wrong. I have a 100M
point-to-point ethernet link between the cities. I have a 100M transit
connection to Peer1 in Toronto, and have issued a letter of intent to a
transit provider in
At 10:56 AM -0400 2002/07/27, Andy Dills wrote:
Are you suggesting that either of those (which don't violate any
RFCs) options are better than de-aggregating my /20?
The best solution is just as everybody here has suggested. Use the same
provider for transit at both locations,
If he would buy transit from *2* providers in 2 cities, he'd be fine, as
he could announce the longer prefixes the rest of the internet does not
need to see on either ISP1's backbone or ISP2's backbone or both to
influence how much traffic he takes inbound on each link on each city, and
how
On Sat, 27 Jul 2002, Brad Knowles wrote:
At 10:56 AM -0400 2002/07/27, Andy Dills wrote:
If you buy bandwidth from two different providers at two
different locations, this would seem to me to be a good way to
provide backup in case on provider or one location goes
Tango-Uniform,
At 3:51 PM -0400 2002/07/27, C. Jon Larsen wrote:
But with only 1 ISP link in each city (1 upstream) if he ever loses the
link between the two cities, he has a problem, as there is no way to
transfer traffic bound for city1 that enters city2's connection, and vice
versa.
I
In a recent discussion with a company that owns a /16 and has it broken
down further, the statement was made that there are ISPs that filter
routes at /16 in what was traditional class B space. The example cited
was Verio. Verio web pages state they don't do this any more (the
filter is /21).
A. one can always find different providers. If you are trying to build
something and you don't have the right tools then get new tools. If you
can't afford multiple redundant links between pieces of your own AS and
you want to use an upstream to provide this for you then you must pick a
At 4:04 PM -0400 2002/07/27, Paul Schultz wrote:
If you connect to the same transit(s) in both cities you can announce more
specific networks with no-export set, keep most of your external traffic
off your own network, and not cause the entire world to know about your
more specific
On Sat, 27 Jul 2002, Brad Knowles wrote:
Responsible and overall best: connect to the same 2+ providers in both
locations and announce more specifics locally in each region/city/whatever
with no-export.
As said above, this isn't possible. I'd like to learn what could
be done
No.
If they did, 80% of the internet would not be visible to them today.,
--Phil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Roy
Sent: Saturday, July 27, 2002 4:54 PM
To: [EMAIL PROTECTED]
Subject: Any people still with old filters?
In a recent
On Sat, 27 Jul 2002 23:04:02 +0100 (BST), Stephen J. Wilcox wrote:
I've a feeling that the fact that everyone shares at least the view that a
/24
is minimum helps to contain the routing table. (even if there are still
thousands of /24 announcements)
If a significant number of providers
A nice academic paper looking at the causes of BGP errors. They found
configuration errors are pervasive, with 200-1200 prefixes experienceing
problems due to misconfigurations every day. But they also found the Net
is relatively robust, with only one in twenty-five misconfigurations
affect
On Sat, 27 Jul 2002, David Schwartz wrote:
On Sat, 27 Jul 2002 23:04:02 +0100 (BST), Stephen J. Wilcox wrote:
I've a feeling that the fact that everyone shares at least the view that a
/24
is minimum helps to contain the routing table. (even if there are still
thousands of /24
Im wondering how many of you use Bogon Lists and http://www.dshield.org/top10.htmltype
lists on your routers? Im curious to know if you are an ISP with
customers or backbone provider or someone else? I have a feeling not many
people use these on routers? Im wondering why or why
not?
Ive
Title: Message
I can
comment on the dshield list.
I have
seen this before. I am checking one particular IP on my network that has a
very popular freehost on it. Checking the load balancer IP (connections
cannot be originated from this IP) -- it shows that there were 13 attacks
initiated
33 matches
Mail list logo
