On Thu, Dec 16, 2004 at 11:43:12PM -0500, Jared Mauch wrote:
> On Fri, Dec 17, 2004 at 12:42:21AM +0100, Iljitsch van Beijnum wrote:
> >
> > On 17-dec-04, at 0:21, Jerry Pasker wrote:
> >
> > >> ie: does dampening cause more problems than it tries to solve/avoid
> > >>these days.
> >
> > >I do
On Fri, Dec 17, 2004 at 12:42:21AM +0100, Iljitsch van Beijnum wrote:
>
> On 17-dec-04, at 0:21, Jerry Pasker wrote:
>
> >>ie: does dampening cause more problems than it tries to solve/avoid
> >>these days.
>
> >I don't know what takes more router resources; dampening enabled
> >doing the
On Fri, 17 Dec 2004, Iljitsch van Beijnum wrote:
>
> I got some messages from people who weren't exactly clear on how
> anycast works and fails. So let me try to explain...
Nice try.
> Anycast is now deployed for a significant number of root and gtld
> servers. Before anycast, most of those ser
To add, there are also a lot of edge appliances (Company C appliances
that start with P) that block 53/tcp >= 512B by default without admins
realizing, hence EDNS gets actively blocked while normal DNS traffic
works (this is a major issue for Enterprise Windows Admins.)
On Fri, 17 Dec 2004 01:54
On Thu, Dec 16, 2004 at 07:59:58PM -0500, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]>, Crist Clark writes:
> >
> >Iljitsch van Beijnum wrote:
> >
> >> Due to limitations in the DNS protocol, it's not possible
> >> to increase the number of authoritative DNS servers for a zone beyon
Steven M. Bellovin wrote:
In message <[EMAIL PROTECTED]>, Crist Clark writes:
Iljitsch van Beijnum wrote:
Due to limitations in the DNS protocol, it's not possible
to increase the number of authoritative DNS servers for a zone beyond
around 13.
I believe you misspelled, "Due to people who do not
In message <[EMAIL PROTECTED]>, Crist Clark writes:
>
>Iljitsch van Beijnum wrote:
>
>> Due to limitations in the DNS protocol, it's not possible
>> to increase the number of authoritative DNS servers for a zone beyond
>> around 13.
>
>I believe you misspelled, "Due to people who do not understa
Iljitsch van Beijnum wrote:
Due to limitations in the DNS protocol, it's not possible
to increase the number of authoritative DNS servers for a zone beyond
around 13.
I believe you misspelled, "Due to people who do not understand the DNS
protocol being allowed to configure firewalls..."
--
Crist
On 17-dec-04, at 0:21, Jerry Pasker wrote:
ie: does dampening cause more problems than it tries to solve/avoid
these days.
I don't know what takes more router resources; dampening enabled
doing the dampening calculations, or no dampening and constantly
churning the BGP table. I would a
I got some messages from people who weren't exactly clear on how
anycast works and fails. So let me try to explain...
In IPv6, there are three ways to address a packet: one-to-one
(unicast), one-to-many (multicast), or one-to-any (anycast). Like
multicast addresses, anycast addresses are shared
i've been wondering, since most people aren't using a
25xx class router for bgp anymore, and the forwarding planes
are able to cope more when 'bad things(tm)' happen, what the value
of dampening is these days.
ie: does dampening cause more problems than it tries to solve/avoid
these da
On Thu, Dec 16, 2004 at 01:43:25PM -0800, Bill Woodcock wrote:
>
> > If both anycast routes converges to the same broken pod
> somehow(damping?).
> > And troublshooting that when it only happens in AS sounds like it
> > would be a bit more difficult.
>
> That's not an anycast pr
> If both anycast routes converges to the same broken pod somehow(damping?).
> And troublshooting that when it only happens in AS sounds like it
> would be a bit more difficult.
That's not an anycast problem, that's just a misconfiguration.
-Bill
Steve Gibbard wrote:
On Thu, 16 Dec 2004, Iljitsch van Beijnum wrote:
Having just two addresses is the main problem, the fact that they're
also anycast just makes it even worse under certain circumstances.
How does anycast make it worse?
If both anycast routes converges to the same brok
Thank you for mutating this into yet another interminable topic.
matt ghali
On Thu, 16 Dec 2004 [EMAIL PROTECTED] wrote:
On Thu, 16 Dec 2004 12:35:09 PST, just me said:
> is org the sole delegation from .
If you're trying to register in .org, yes.
If you want to claim "but the
On Thu, 16 Dec 2004 12:35:09 PST, just me said:
> is org the sole delegation from .
If you're trying to register in .org, yes.
If you want to claim "but the organization looking to register under .org
can go register under .com or .net or .biz", ask yourself why we bother having
TLD's at all? W
a related problem is having N ip addrs bound to M nics on a host, where N > M.
if an ssl connection fails and debug is needed between the M:N:host and some
other ssl-speaking box, then it makes a difference if the ssl connection is
associated with the primary, or some aliased (set N-1) ip addr. c
On Thu, 16 Dec 2004 12:24:56 PST, just me said:
> So the competing .org provider deploys their better solution and
> survives, how, exactly?
>
>
> Are there not a variety of other registries?
It's not a registry problem.
% dig org. ns
and ponder all the competition.
pgputEARn6nGr
On Thu, 16 Dec 2004 [EMAIL PROTECTED] wrote:
On Thu, 16 Dec 2004 12:24:56 PST, just me said:
> So the competing .org provider deploys their better solution and
> survives, how, exactly?
>
>
> Are there not a variety of other registries?
It's not a registry problem
On Thu, 16 Dec 2004, Bob Martin wrote:
> I've just been hired to fix problems at a small ISP. One of their
> customers has listed several nameservers with a single IP.
> I didn't know this was possible. I thought there was a 1 to 1
> relationship with nameserver names/addresses. I'm trying to
Title: RE: identifying application type of network traffic
I believe NBAR stats are accessible via SNMP, so you can use MRTG to graph application utilization.
http://vermeer.org/display_doc.php?doc_id=6
___
Thanks,
That's called "hosting". There only thing "wrong" with it
is they aren't split across two - which is generally recommended
operationally.
Did you customer say why they thought that was a problem i.e.
"can't reach" "won't resolve" etc.?
ARIN says you own that IP space so I'm not sure what you
On Thu, 16 Dec 2004, Bob Martin wrote:
> I didn't know this was possible. I thought there was a 1 to 1
> relationship with nameserver names/addresses. I'm trying to figure out
> if this is or will be a problem.
Paul Vixie can probably better address this than myself, but I will
mention that with
I've just been hired to fix problems at a small ISP. One of their
customers has listed several nameservers with a single IP.
I didn't know this was possible. I thought there was a 1 to 1
relationship with nameserver names/addresses. I'm trying to figure out
if this is or will be a problem.
Any
On Thu, 16 Dec 2004 10:33:27 PST, just me said:
> and be done with it? Look. Some folks think that $technology is a good
> solution for $application. Some don't. The great thing about teh
> internat is that differing solutions to common problems are embraced.
>
> Better solutions reap their re
On Thu, 16 Dec 2004 [EMAIL PROTECTED] wrote:
On Thu, 16 Dec 2004 10:33:27 PST, just me said:
> and be done with it? Look. Some folks think that $technology is a good
> solution for $application. Some don't. The great thing about teh
> internat is that differing solutions to common pr
On Thu, 16 Dec 2004, Iljitsch van Beijnum wrote:
> Having just two addresses is the main problem, the fact that they're
> also anycast just makes it even worse under certain circumstances.
How does anycast make it worse?
-Steve
On 16-dec-04, at 19:33, just me wrote:
The great thing about teh
internat is that differing solutions to common problems are embraced.
Better solutions reap their rewards, and generally survive.
I wonder how many folks perpetually arguing this point have ever
actually implemented anycasted DNS se
Dear Respected Participants of Nanog
Greetings! I introduce myself as Ananth Chiravuri, a
doctoral student at the University of Wisconsin
Milwaukee. As part of my doctoral dissertation, I am
working on how best to come to a consensus when
capturing knowledge, and am studying the effectiveness
of
On Thu, 16 Dec 2004, Iljitsch van Beijnum wrote:
And that's exactly why UltraDNS' treatment of .org is evil. I really don't
understand why people with .org domains aren't complaining louder about this.
Instead of re-starting this particular perennial thread, can we please
just abbreviate
> Currently, I use (protocol, port_number) as indicator
> of application. Referring to rfc on wellknown protocol
> and port allocation, I can only identity about 50% of
> traffic type.
>
> Is there a complete (protocol, port_number) list ? or
> is there a better way to identify application type
On 16-dec-04, at 12:52, Daniel Karrenberg wrote:
That's definitely true, though it can be used successfully -- if
there's a
very reliable kill-switch to withdraw the advertisement in a moment,
or some
kind of fallback mechanism in place to handle gross failures.
Using this as the *only* remedy f
On 14.12 09:39, Todd Vierling wrote:
>
> That's definitely true, though it can be used successfully -- if there's a
> very reliable kill-switch to withdraw the advertisement in a moment, or some
> kind of fallback mechanism in place to handle gross failures.
Using this as the *only* remedy for u
Hi Joe,
The official port list is:
www.iana.org/assignments/port-numbers
And the unofficial (for special applications) has many versions of
course, one is:
www.practicallynetworked.com/sharing/app_port_list.htm
Cheers,
Ato.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL P
Thanks for all your reply.
My situation is not to apply QoS policy to those
application but to get statistics of applications.
According to netflow records, the traffic across our
egress interface has port number range from 11 to
65534 , there is record for port 0!
So, what are those applicatio
On Thu, 16 Dec 2004 17:41:49 +0800 (CST), Joe Shen
<[EMAIL PROTECTED]> wrote:
>
> My situation is not to apply QoS policy to those
> application but to get statistics of applications.
>
> According to netflow records, the traffic across our
> egress interface has port number range from 11 to
> 6
36 matches
Mail list logo
