the opt-in confirmation link, then report the confirmation
email as spam. We remove them from the mailing list, then they
complain they aren't getting their list anymore. We reply back
explaining why they were removed, and they report our reply as spam.
-- Kevin
On Apr 7, 2008, at 7:17 AM, Iljitsch van Beijnum wrote:
On 5 apr 2008, at 12:34, Kevin Day wrote:
As long as you didn't drop more packets than SACK could handle
(generally 2 packets in-flight) dropping packets is pretty
ineffective at causing TCP to slow down.
It shouldn't be. TCP
improve the Internet and help with things like video distribution, the
grid is NOT going to replace the web, let alone the Internet.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED
/showfiles.php?group_id=128336
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
state, prioritize the first 2k
of client-server and server-client of HTTP to allow the request and
reply headers to pass uninterrupted. Those made our client happier
than anything else we did, at far far less cost.
-- Kevin
without wasting time on
retransmits.
-- Kevin
We run nortel 5530. They are not exactly cheap by my standards for
24 GE (10k list), but they do have 2x10G. Also they don't play nice
with rstp to cisco, and I still can't figure out how to get it to show
me stp port status. Both vendors in the tree think they're root. CLI
is tolerable, but if
to about 12K routes in the FIB. It's not shipping at this time
and I don't know when FSR is scheduled.
Note that F10 does not do MPLS and neither F10 or Foundry has the
software stability of either C or J, so you will need to look closely at
exactly the features needed.
--
R. Kevin Oberman, Network
you and the tunnel provider breaks, there's not always
anything anyone can do about it.
http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers might be a
good place to start.
-- Kevin
Could someone from AS7018 (ATT) please contact me about a
route you are originating that is hijacking/blackholing traffic?
The route is:
66.235.248.0/22
- Kevin
to remove IPv4
capability from any network or service.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4
. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgptermTVHS5p.pgp
Description
Just for the record, Verizon has a fiber cut in the No. VA-DC area this
morning and the times look similar. I suspect Cogent had bandwidth on
that fiber.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail
to originate it from their ASN(s). You may want to re-apply for an
ASN and explain that you will be announcing your directly assigned
block in section 14 of the template.
- Kevin
.
I think it would be great to be able to do hybrids with RA for other
situations where a shotgun approach is ok but I do not think we will
want to use that in server environments. Hopefully vrrpv6 will work
with RA turned completely off.
- Kevin
Iljitsch van Beijnum wrote:
On 24 dec 2007, at 20:00, Kevin Loch wrote:
RA/Autoconf won't work at all for some folks with deployed server
infra,
That's just IPv4 uptightness. As long as you don't change your MAC
address you'll get the same IPv6 address every time, this works fine
for the
cases described in Section 6.4.4 and for the purposes of measuring
utilization as defined in this document.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone
Date: Wed, 19 Dec 2007 13:28:35 +0100
From: Jeroen Massar [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Kevin Oberman wrote:
[..]
Note that sixxs only deals with commercial providers. Many (most?) of
the major research and education networks around the globe have done
IPv6 in production
://www.civil-tongue.net/clusterf/. It may help at some
point, but many of us see no clear way to get from here to there without
massive growth in both the RIB and the FIB in the process.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National
not
read, but Richard (Rick) Steves writes travel books. TCP/IP Illustrated:
Vol. 1 was written by the late W. Richard Stevens. (Actually, this was
probably a typo and not confusion.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory
I have done this in troubleshooting an OSPF issue where we needed to
immediately grab logs from a buffer that had only limited size when the
adjacency reset due to a dead timer. If you have WildPackets OmniPeek analzyer
its easy if you understand the protocol operations you need to filter on.
I too have received nothing but blank stares from 7018 MIS on this.
Surprising considering the NANOG presentation on how to do community
based bitbuckets was co-authored by someone from ATT (yeah, I know,
mega company and all).
Please post back to list if you get anywhere.
On 11/7/07, [EMAIL
Anyone else seeing issues in Dallas on Bwing/L3 ?
We have an OC12 w/ them that terminates in Dallas and anything past dallas
is extremely latent/lossy...
I'd included a traceroute, but it's ANY destination preferring them for
outbound or inbound and I've since turned down my peer to them.
that is missing most
features needed to provide true, production quality support.
It's even worse in areas like security products and various network
application, monitoring, and analysis devices.
About the only things that is pretty likely fully IPv6 capable is the
end system.
--
R. Kevin Oberman
I'm in Louisiana and just lost my OC12 to Bwing/L3. Circuit didn't die,
actually received a BGP message to terminate the session.
Anyone else seeing anything or got an update? ALL the numbers I have to L3
are busy...
to notice and fix it.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Date: Mon, 17 Sep 2007 18:22:12 -0400
From: Deepak Jain [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On Mon, 17 Sep 2007 14:28:45 PDT, Kevin Oberman said:
I had a router that lost it's NTP servers and was off by about 20
minutes. The only obvious problem was the timestamps in syslog
if you only need 1 IP address:
NPRM 4.2.3.6
This policy allows a downstream customer's multihoming requirement to
serve as justification for a /24 reassignment from their upstream ISP,
regardless of host requirements.
http://www.arin.net/policy/nrpm.html
- Kevin
lot less likely to have a
bad/missing path, and you still have sufficient knobs to engineer most
outbound flows.
-Kevin Blackham
(recently moved from provider to end network using non-XL PFC)
On 9/10/07, Stephen Sprunk [EMAIL PROTECTED] wrote:
Thus spake Kevin Loch [EMAIL PROTECTED]
Stephen
I would never trust SMTP for all the reasons already mentioned. Primarily
if my network is dead, I still want to get paged about it. Relying on the
import policy of another organization in the hostile port 25 environment is
also bad voodoo.
We've used a mix of TAP and SMS for many years with
into question their accuracy. So, I'm
talking with some others right now who have offered some help with
bandwidth and other resources, but it's pushed our timetable back
quite a bit.
Thanks for reminding me to update the page though! :)
-- Kevin
which may or may not be stabilizing or
beneficial.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4
Anyone else seeing congestion / high latency between New York and Ashburn on
Teleglobe ? We've been seeing an extra 50-80ms of latency between the two
on and off throughout the day...
7. 216.140.15.158
1.1% 34.1 40.0 33.9 143.4 19.3
G1-1.rp0.chcg.broadwing.net
216.140.14.110
the router is from a
company that charges substantially extra for IPv6 software licenses. If
the is only limited IPv6 traffic, switching to a central router might
not only be technically the best solution, but the most reasonable
fiscal approach.
--
R. Kevin Oberman, Network Engineer
Energy Sciences
to do with this problem. It is impacting some
traffic between Chicago and New York, though.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Key
.
Almost certainly the fiber cut of last night. Still down after 19
hours. Not a pretty picture for those lacking diversity between Chicago
and points east.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail
.
If someone sabotages a rail to stop a train and the derailment takes out
the fiber that is buried in the right-of-way, is that unintentional
sabotage? At least of the fiber?
Just asking...;-}
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National
the emoticon. Clearly the fiber damage in the
case I gave was collateral damage. It would have been sabotage on the
rail line and the derailed train.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL
We had an OC12 go down on the Broadwing/L3 network, serveral flaps and about
an hour of dead air...
We connect to the Dallas POP...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Robert Boyle
Sent: Wednesday, August 08, 2007 10:44 PM
To: Marshall
mean small companies, either. One of the biggest
issues I have is with one of the countries largest government funded
research labs.
Wonder how often DNSSEC might make non-transfer queries tickle this and
really break things? (Assuming we ever get wide use of DNSSEC.)
--
R. Kevin Oberman, Network
Iljitsch van Beijnum wrote:
How exactly are you going to get out-of-order packets over a single link?
There is a once popular router that has been known to do that in some
configurations due to multiple paths within the device.
- Kevin
techniques that could deal with this.
Vince Fuller, Dave Meyer, Dave Oran, and Dino Farinacci presented an
approach at the last NANOG:
http://www.nanog.org/mtg-0706/Presentations/lightning-farinacci.pdf
They are not the only ones working on resolving this issue.
--
R. Kevin Oberman, Network Engineer
Can someone tell me if there are any tools on the net we can use to
evaluate Cogent as a possible Tier 1 peer. We are looking at adding a 1
or 2 Gig connection to them, but after reading some of the posting I am
not sure this would be a wise move.
Kevin Billings
Sr Network Engineer
Spirit
You only need to worry about vendor MIBs if you're trying to query/monitor
something vendor-specific. Standard stuff like ifInOctets and ifDescr are
included in everything. I like to either read through MIBs by hand, or load
em in a MIB browser (like mbrowse or use vendor C's snmp explorer
On Dec 29, 2006, at 4:19 PM, The Shadow wrote:
Question:
Why is it that every company out there allows connections through
their
firewalls to their web and mail infrastructure from countries that
they
don't even do business in. Shouldn't it be our default to only
allow US
based IP
%4455 54 54 55
10. 4.68.94.1
0%4455 54 55 55
11. www.Level3.com
0%4455 55 55 55
--
W. Kevin Hunt
CCIE #11841
Linux+ SME
There are 10 kinds of people in this world, those that understand
On Oct 15, 2006, at 8:21 PM, John Levine wrote:
In addition to all of the offered AC services others have mentioned,
some planes have power outlets for vacuum cleaners, typically
behind a
small panel next to a door.
ISTR, these AC sockets are airplane flavour 115VAC @ 400Hz.
No. it's
'.' as a delimiter will be somewhat annoying when used in
regular expressions and likely to induce errors. Would '-' be a
better choice?
- Kevin
On Jun 21, 2006, at 12:43 PM, Lionel Elie Mamane wrote:
If the proxy is not at the Tor exit node, how can the tor network
enforce the addition of the this connection went through tor HTTP
header that Kevin Day was asking for? Fundamentally, if you rely on a
program sitting on the user's
On Jun 21, 2006, at 4:08 PM, Todd Vierling wrote:
On 6/21/06, Kevin Day [EMAIL PROTECTED] wrote:
Failing that, having an exit node look at HTTP headers back from the
server that contained a X-No-Anonymous header to say that the host
at that IP shouldn't allow Tor to use it would work
On Jun 17, 2006, at 8:29 AM, Jeremy Chadwick wrote:
Apologies if this has been brought up before.
Being as I'm not a network administrator myself (although I do filter
some stuff using pf and ipfw on my severs), I'm curious what NAs
think of the following technology:
On Jun 6, 2006, at 4:42 PM, Nick Burke wrote:
How many of you have actually use(d) Zebra/Linux as a routing
device (core and/or regional, I'd be interested in both) in a
production (read: 99.999% required, hsrp, bgp, dot1q, other
goodies) environment?
And, if you care to spend this
IP location services are a niche service, they won't work in the broad sense of things. Sites that need to make lawyers happy, such as MLB.com will work well with IP location services. MLB.Com basically says they won't broadcast Dodger home games in the LA area on their website. (Or any team in
On May 15, 2006, at 4:36 PM, Alain Hebert wrote:
Yeap,
I'm moron. You didn't know it yet?
-
Come on...
The way we disperse static IP ain't imagination, its fact...
We spread a /20 on dynamic dialup and dsl over 2 provinces and
since most of the residential services
On Apr 7, 2006, at 6:02 PM, Mark Boolootian wrote:
Its just NTP, I can't imagine that it is *really* enough traffic
to care
all that much.
You're kidding, right? Do you know what happened to wisc.edu:
http://www.cs.wisc.edu/~plonka/netgear-sntp/
Correct me if I'm wrong, but...
end up writing some custom code, but you
could do worse than to build on top of one of the open-source
monitoring tools.
For example, I use a highly customized version of AutoStatus for
up/down alerting, primarily because I like how it handles
dependencies.
Kevin
On Mar 2, 2006, at 4:07 AM, [EMAIL PROTECTED] wrote:
ome.
When I see comments like this I wonder whether people
understand what shim6 is all about. First of all, these
aren't YOUR hosts. They belong to somebody else. If you
are an access provider then these hosts belong to a customer
that is
On Mar 2, 2006, at 7:49 AM, [EMAIL PROTECTED] wrote:
Clearly, it would be extremely unwise for an ISP or
an enterprise to rely on shim6 for multihoming. Fortunately
they won't have to do this because the BGP multihoming
option will be available.
Are you *sure* BGP multihoming will be
On Mar 1, 2006, at 9:07 AM, Joe Abley wrote:
On 1-Mar-2006, at 02:56, Kevin Day wrote:
If you include Web hosting company in your definition of ISP,
that's not true.
Right. I wasn't; I listed them separately.
It's important to note that even if you are a hosting company who
*does
Kevin Day wrote:
If you include Web hosting company in your definition of ISP, that's
not true. Unless you're providing connectivity to 200 or more networks,
you can't get a /32. If all of your use is internal(fully managed
hosting) or aren't selling leased lines or anything, you
For those watching and grumbling, I'll move the discussion to a shim6
mailing list, or in private if anyone wants to continue beyond this.
Just make sure you cc: me if you move the discussion somewhere else.
On Mar 1, 2006, at 12:55 PM, Joe Abley wrote:
On 1-Mar-2006, at 13:32, Kevin
On Feb 28, 2006, at 6:31 AM, Iljitsch van Beijnum wrote:
[Crossposted to shim6 and NANOG lists, please don't make me regret
this... Replies are probably best sent to just one list for people
who don't subscribe to both.]
On 27-feb-2006, at 22:13, Jason Schiller ([EMAIL PROTECTED])
On Feb 28, 2006, at 10:28 AM, Joe Abley wrote:
On 28-Feb-2006, at 11:09, Kevin Day wrote:
Some problems/issues that are solved by current IPv4 TE practices
that we are currently using, that we can't do easily in Shim6:
Just to be clear, are you speaking from the perspective
On Feb 28, 2006, at 1:22 PM, Iljitsch van Beijnum wrote:
On 28-feb-2006, at 17:09, Kevin Day wrote:
4) Being able to do 1-3 in realtime, in one place, without waiting
for DNS caching or connections to expire
How fast is real time?
And are we just talking about changing preferences here
move.
-- Kevin
4.68.97.X addresses.
Thanks,
Kevin Kadow
(P.S. I've been on hold with their technical support line for the past
forty minutes.)
registration, including none.
And this is why, if any money is riding on the service at all, you
have
at least one law talking guy vet all contracts at the front of the process.
Kevin Kadow
On Jan 15, 2006, at 6:02 PM, Sam Stickland wrote:
Replying to my own email..
I've found some sites that suggest it's not possible to disable
auto-negotiation on 1000Base-T since other operational parameters
are negotiated including selection of the master clock signal. I
was aware
a local 6to4 relay for your customers and filter 192.88.99.0/24
to/from your peers.
- Kevin
for how they handle the
clock stopping for a second OR an invalid time of 23:59:60.
If anyone sees anything die at 00:00:00UTC I'd be interested to know.
-- Kevin
around midnight UTC. You may want to check your
NTP status at some point, in case something drifted quite a way off
and won't step itself back now because the difference is too great.
-- Kevin
, 2005, at 4:56 AM, Jeroen Massar wrote:
Kevin Day wrote:
No, the proposed policy says that if you get a /44 you must
advertise
that connectivity through it's single aggregated address assignment.
Get a /48 from your provider? Your provider can only give /48s to
organizations through its
work. I don't think we're
even close to the point where an end-user can go to their provider
and say IPv6 me! and get it working for more hassle than it's worth
to them.
-- Kevin
Kevin Day wrote:
9) Once we started publishing records for a few sites, we started
getting complaints from some users that they couldn't reach the sites.
It is possible that a broken 6to4 relay somewhere was causing problems.
Running your own local 6to4 relay (rfc3068) will improve
On Dec 21, 2005, at 10:13 AM, Kevin Loch wrote:
Kevin Day wrote:
9) Once we started publishing records for a few sites, we
started getting complaints from some users that they couldn't
reach the sites.
It is possible that a broken 6to4 relay somewhere was causing
problems
Kevin Day wrote:
We wouldn't have met the proposed 2005-1
requirements for a /44 (we don't come close to 100,000 devices), and
lose functionality if we're required to advertise it through a single
aggregated address.
The high requirements of the current 2005-1 were so thoroughly
rejected
ad to, but for us we were content with 4 pieces.In IPv6 land, the RIRs are dictating routing policy as well as allocation policy. With the current /44 proposal (with acknowledgment that Kevin Loch says things might be changing), which would be enough for all but the largest enterprise custome
, and
started IPv6 experimentation about 16 weeks ago.
I'll be writing up a paper going into a lot more detail about what
went right, what went wrong, and why the decision was made to revert
back to IPv4 soon, if anyone is interested.
-- kevin
their network so not only do VOIP
connections to their own servers get a higher QoS, but also in a
manner which tends to *induce* jitter and other 'Q'uality degradation
for Skype and Vonage, then it's time for them to lose common carrier
protection.
Kevin Kadow
--
Disclaimer: I no longer am
On Nov 15, 2005, at 9:45 PM, Hannigan, Martin wrote:
www.paypal.com
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server
and hostnames that malware
attempts to connect to or resolve, and looked for accesses in name
server logs and netflow records to get an idea of what percentage of
end-users end up hitting them. I'm willing to bet it's disturbingly
high.
-- Kevin
(And I can't take credit for 404lab, not my
nodes will end up on one or more 31337 host lists.
- Kevin
the illusion of fixed sizes and carry
less risk of unused space. Is that worth the extra RIR effort? Maybe,
maybe not.
- Kevin
stateless
automatic tunneling to solve the IPv6 multihoming/PI problem.
I took a quick hack at it and the result is interesting though
far from perfect:
http://kl.net/ipv6/pi-in-6.txt
- Kevin
, allowing plug-and-play,
at least a decade before the term was invented.
This is not a scientific opinion but I think you can pick a random host
id from 32 bit space on most lans without having to retry very often.
- Kevin
or at the meeting.
- Kevin
probably jump right on it :)
- Kevin
if they made separate arrangements for that or are planning to
make arrangements for phase 2.
- Kevin
or recommendation? I have looked at two. ipplan which is a free open source and TCAM/ECAM by Parabola IP Solutions. Has anyone used either of these two system and what did you think of them.
Thanks
Kevin Billings
Sr Network Engineer
Spirit Telecom
I've been dealing with a data center outage due to this,
and power just came back up a few minutes ago.
Halon dumps are only fun from the outside.
Kevin Kadow
complaints
about their serial console products, nothing either way about KVM.
Kevin Kadow
.
Somebody can and should argue that no central authority
is entitled to stop somebody from expressing their thoughts.
IMHO, it is not the purpose of network operators to make value
judgments regarding the packets that we transport.
Why not just bring back the evil bit as a serious proposal?
Kevin
to
Is there any known use for those bits?
- Kevin
and maintaining identical deployments at two
physically diverse hosting facilities, but did CYA and build a DR site
with just enough horsepower to get the news out, but not enough to keep
the revenue coming in, betting that most outages would be short lived.
Not all bets can be winners.
Kevin Kadow
* ^Received:.*\[(58\.|59\.|60\.|61\.|\
124\.|125\.|126\.|\
202\.|203\.|\
210\.|211\.|\
218\.|219\.|\
220\.|221\.|222\.)
{
/dev/null
}
...Kevin O'Neil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Geoff White
Sent: Wednesday, July 06, 2005 2:50 PM
with networks you don't
control, just like VPN's. Most of the operational problems in IPv6
today involve intentionally broken routing policies, not tunnels.
- Kevin
.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
of a gag order to compel the recipient to outright lie
about the fact that they are under a gag order; when directly questioned
on the subject -- you must refuse to answer. That doesn't mean you go
out of your to reveal the fact of the gag order, as in the above posts.
YMMV, IANAL, etc.
Kevin
are not a typical provider, but I don't see how any
provider doing diffserv can leave TOS bits untouched and diffserv is a
standard part of our operations. I'll concede that it is probably not
common in commercial networks.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O
Has anyone had any experience using Network Mitigation devices like the
Cisco Guard XT 5650? I am looking to install one in our network and would
like to know if anyone has used the Cisco device?
thanks
1 - 100 of 200 matches
Mail list logo
