I will be out of the office starting 08/09/2008 and will not return until
08/21/2008.
I'm away from the office, returning 8/21. I will have limited email access
while I am away, but I will attempt to access email when feasible. If you
need to discuss an urgent VCU information security need,
for my own use, i use m4, python and perl, and peval()
m4 is a macro processor that you probably should not bother
learning since you can do everything that it does by using
Python and regular expressions, or one of the Python parsing
modules. For instance PLY supports conditional lexing and
(Without an offline configuration generator, I postulate that
it can't be done.)
Doesn't everyone use an offline config generator these days?
After all, there is a lot more CPU power and database capacity
outside of the routers than there is inside.
--Michael Dillon
On Mon, Aug 18, 2008 at 09:51:20AM +0100, [EMAIL PROTECTED] wrote:
m4 is a macro processor that you probably should not bother
learning since you can do everything that it does by using Python
Oh, Abley is gonna have fun with this... and for the record, my money is
on Joe. He could probably
On Sun, Aug 17, 2008 at 07:57:25PM -0500, Pete Templin wrote:
Tomas L. Byrnes wrote:
Since there are ways to dynamically filter the bogons, using BGP or DNS,
I don't really see the need to stop doing so. If you're managing your
routing and firewall filters manually, you have bigger problems
Jared Mauch wrote:
On a router with full routes (ie: no default) the command
is:
Router(config-if)#ip verify unicast source reachable-via any
None of these suggestions (including the wisecrack ACLs) provide full
filtering:
If a miscreant originates a route in bogon space, their
On 19/08/2008, at 2:01 AM, Sam Stickland wrote:
I think you misunderstand the meaning of the ip verify unicasr
source reachable-via any command. When a packet arrives the router
will drop it if it doesn't have a valid return path for the source.
Since the source is a bogon, and routed to
Once upon a time, Sam Stickland [EMAIL PROTECTED] said:
I think you misunderstand the meaning of the ip verify unicasr source
reachable-via any command. When a packet arrives the router will drop
it if it doesn't have a valid return path for the source. Since the
source is a bogon, and
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addresses-time-for-ipv6-really.html
Well, on reading it, it's more an IPv6: It's great -- ask for
it by name! piece.
Cheers,
-- jra
--
Jay R. Ashworth Baylink [EMAIL PROTECTED]
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addresses-time-for-ipv6-really.html
Well, on reading it, it's more an IPv6: It's great -- ask
for it by name! piece.
IPv6 gives me brain ache. I hear I'm not alone in that. I'd
v6 tomorrow if I didn't have to think
james wrote:
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4-addresses-time-for-ipv6-really.html
Well, on reading it, it's more an IPv6: It's great -- ask
for it by name! piece.
IPv6 gives me brain ache. I hear I'm not alone in that. I'd
v6 tomorrow if I didn't have
-Original Message-
From: Deepak Jain [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 2:19 PM
To: james
Cc: nanog@nanog.org
Subject: Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum
james wrote:
http://arstechnica.com/news.ars/post/20080817-were-running-out-of-ipv4
On Mon, 18 Aug 2008, Deepak Jain wrote:
operational content: Is anyone significantly redesigning the way they
route/etc to take advantage of any hooks that IPv6 provides-for (even if its
a proprietary implementation)? As far as I can tell, most people are just
implementing it as IPv4 with a
Absent any kind of network wide enforcement, why don't you just roll
participation and compliance with this into your peering contracts, with
propagation? Require your peers to have it, and ask that they pass the
requirement on. This isn't rocket science, clearly, because even I
understand it.
Message: 3
Date: Mon, 18 Aug 2008 08:21:38 -0500
From: Pete Templin [EMAIL PROTECTED]
Subject: Re: Is it time to abandon bogon prefix filters?
None of these suggestions (including the wisecrack ACLs) provide full
filtering:
If a miscreant originates a route in bogon space, their transit
On Mon, 18 Aug 2008, Deepak Jain wrote:
operational content: Is anyone significantly redesigning the way they
route/etc to take advantage of any hooks that IPv6 provides-for (even if its
a proprietary implementation)? As far as I can tell, most people are just
implementing it as IPv4 with a
If all you're using is BGP null routes, that's true. I would posit that
BCP include Prefix filtering and ACLs as well, with dynamic updates.
YMMV.
-Original Message-
From: Chris Adams [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 7:30 AM
To: NANOG list
Subject: Re: Is it
On Aug 18, 2008, at 6:33 AM, Jared Mauch wrote:
On a router with full routes (ie: no default) the command
is:
Router(config-if)#ip verify unicast source reachable-via any
Go ahead and try it out. you can view the resulting
drop counter via the 'show ip int x/y' command.
-Original Message-
From: Scott Weeks [mailto:[EMAIL PROTECTED]
-- [EMAIL PROTECTED] wrote:
As a general rule, most clients are following the If we gave them static
IPv4 addresses we will give them static IPv6 addresses (infrastructure,
servers, etc). The whole
Hey Scott,
On Aug 18, 2008, at 2:33 PM, Scott Weeks wrote:
From: TJ [EMAIL PROTECTED]
As a general rule, most clients are following the If we gave them
static
IPv4 addresses we will give them static IPv6
addresses (infrastructure,
servers, etc). The whole SLAAC(autoconfig) vs DHCPv6 is a
-Original Message-
From: Justin M. Streiner [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 3:18 PM
To: nanog@nanog.org
Subject: Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum
On Mon, 18 Aug 2008, Deepak Jain wrote:
operational content: Is anyone significantly
Howard C. Berkowitz wrote:
To try to stay operational about this,
H. I think this is an operational topic, but I can see how it would
be seen as more of a strategic item.
I have a reality testing question
I've used in IPv4 and, for that matter, bridged networks:
I submit that if you
-Original Message-
From: Scott Weeks [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 3:34 PM
To: nanog@nanog.org
Subject: SLAAC(autoconfig) vs DHCPv6
-- [EMAIL PROTECTED] wrote:
From: TJ [EMAIL PROTECTED]
As a general rule, most clients are following the If
-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 3:42 PM
To: nanog@nanog.org
Subject: RE: SLAAC(autoconfig) vs DHCPv6
To try to stay operational about this, I have a reality testing question
I've used in IPv4 and, for that matter,
-Original Message-
From: Dale W. Carder [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 4:24 PM
To: [EMAIL PROTECTED]
Cc: nanog@nanog.org
Subject: Re: SLAAC(autoconfig) vs DHCPv6
Hey Scott,
On Aug 18, 2008, at 2:33 PM, Scott Weeks wrote:
From: TJ [EMAIL PROTECTED]
As a
Jon,
I think we can safely conclude from the information provided that
you're looking at some sort of a misconfigured traffic mirroring or
[un]lawful intercept.
Sadly, as neither Sprint nor your loop provider will fess up, I don't
think you're going to get much further on here.
Probably best to
On 18 aug 2008, at 21:18, Justin M. Streiner wrote:
Just because IPv6 provides boatloads more space doesn't mean that I
like wasting addresses :)
That kind of thinking can easily lead you in the wrong direction.
For instance, hosting businesses that cater to small customers
generally have
On 18 aug 2008, at 22:23, Dale W. Carder wrote:
- really, really, really broken: it didn't support handing out
any DNS info until RFC 5006, thus SLAAC still requires human
intervention on a client to make teh v6 interwebs work.
While I agree that it is bad that the DNS configuration issue
On Mon, Aug 18, 2008 at 12:52:50PM -0700, Scott Weeks wrote:
Seeing Howard's quick response saying To try to stay operational
about this... makes me realize I may have inadvertently invited a
religious flame fest.
I guess that rules me out. :(
Please! Operational content and hands-on
Iljitsch van Beijnum wrote:
On 18 aug 2008, at 22:23, Dale W. Carder wrote:
DHCPv6
- doesn't ship w/ some OS's
Forget about it on XP,
Hmmm. MS says otherwise:
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx
but it's in Vista. You can add it to BSD/Linux without too much
On Mon, 18 Aug 2008, Iljitsch van Beijnum wrote:
On 18 aug 2008, at 21:18, Justin M. Streiner wrote:
Just because IPv6 provides boatloads more space doesn't mean that I like
wasting addresses :)
That kind of thinking can easily lead you in the wrong direction.
For instance, hosting
On 18 aug 2008, at 23:28, Justin M. Streiner wrote:
I don't have a problem with assigning customers a /64 of v6 space. My
earlier comments were focused on network infrastructure comprised of
mainly
point-to-point links with statically assigned interface addresses.
In that case,
-Original Message-
From: Charles Wyble [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 5:28 PM
To: [EMAIL PROTECTED]
Subject: Re: SLAAC(autoconfig) vs DHCPv6
Iljitsch van Beijnum wrote:
On 18 aug 2008, at 22:23, Dale W. Carder wrote:
DHCPv6
- doesn't ship w/ some OS's
Forget
-Original Message-
From: Justin M. Streiner [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 5:29 PM
To: Iljitsch van Beijnum
Cc: nanog@nanog.org
Subject: Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum
On Mon, 18 Aug 2008, Iljitsch van Beijnum wrote:
On 18 aug 2008, at
Nope. XP does not support DHCPv6 - only Vista/Windows Server 2008 (and later)
can do that.
Sean
-Original Message-
From: TJ [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 2:42 PM
To: [EMAIL PROTECTED]
Subject: RE: SLAAC(autoconfig) vs DHCPv6
-Original Message-
From:
Date: Mon, 18 Aug 2008 14:27:56 -0700
From: Charles Wyble [EMAIL PROTECTED]
Iljitsch van Beijnum wrote:
On 18 aug 2008, at 22:23, Dale W. Carder wrote:
DHCPv6
- doesn't ship w/ some OS's
Forget about it on XP,
Hmmm. MS says otherwise:
Sean Siler wrote:
Nope. XP does not support DHCPv6 - only Vista/Windows Server 2008 (and later)
can do that.
Sean
http://internecine.eu/systems/windows_xp-ipv6.html and
http://internecine.eu/software/dibbler_dhcpv6.html discuss how to deploy
dhcpv6 on xp. It's 3rd party but doable.
On Mon, 18 Aug 2008, Charles Wyble wrote:
Forget about it on XP,
Hmmm. MS says otherwise:
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx
None of the XP systems here (even with all the latest service packs
installed) seem to do DHCPv6.
but it's in Vista. You can add it to
Yep - absolutely. I was referring to built-in support from the stack.
Dibbler is the primary third party provider we have seen for DHCPv6 support on
downlevel clients.
Sean
-Original Message-
From: Charles Wyble [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2008 2:55 PM
To:
On Mon, 18 Aug 2008, Charles Wyble wrote:
http://internecine.eu/systems/windows_xp-ipv6.html and
http://internecine.eu/software/dibbler_dhcpv6.html discuss how to deploy
dhcpv6 on xp. It's 3rd party but doable.
Hmmm I'm getting You don't have permission to access
Charles Wyble wrote:
This was especially a question when L2 was in and routing was out:
how do
you ping a MAC address?
l2ping works on bluetooth devices on Linux. Might work for other stuff
as well. Not sure what Cisco offers in this regard.
The ideal solution would be OAM. Of course
On Mon, Aug 18, 2008 at 11:11:16PM +0200, Iljitsch van Beijnum wrote:
Forget about it on XP, but it's in Vista. You can add it to BSD/Linux
without too much trouble (are there good, bugfree implementations for those
yet?)
If anyone is aware of any bugs in ISC dhclient -6, please submit them
On Mon, Aug 18, 2008 at 08:57:27PM +0200, Mikael Abrahamsson wrote:
operational content: Is anyone significantly redesigning the way they
route/etc to take advantage of any hooks that IPv6 provides-for (even if
its a proprietary implementation)? As far as I can tell, most people are
just
http://asert.arbornetworks.com/2008/08/the-end-is-near-but-is-ipv6/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hello All,
I am curious as to the routing polices of the bigger providers such as
ATT, L3, Internap, Qwest, Etc Etc... Is there a standard size
netblock that these providers will accept? For instance, if customer
A gets a /22 from ARIN and his upstream provider is ATT and L3, what
would the
a lot of providers have their bgp/routing policy published somewhere
online/in their community guide
for instance, you can find L3's policy in their irr objects ( whois -h
whois.radb.net as3356)
there are also plenty of community guides available here -
http://www.onesc.net/communities/
Scott,
There are solutions that support both static, quasi-static, also driving DHCPv6
servers and Dynamic DNS updates. There are networks that have deployed IPal to
automate and consolidate their IPv4 and IPv6 block allocations and interface
assignments. Router Prefix delegation, SLAAC and
Your assumption is generally true with most any provider. They may
even accept something smaller, but it won't make it very far if less
than /24. It's also a good idea to announce a covering prefix in case
some peer network filters on IRR minimums.
On 8/18/08, Mike Lyon [EMAIL PROTECTED] wrote:
I'm dealing with Hughsnet and have observed the following issue/
SOA is me for testing 72.169.156.122
Upstream router seems to be a public IP
Number: 15942
Date: 18Aug2008
Time: 23:03:21
Product:FireWall-1
Interface: eth0
Origin:
From: Joe Blanchard [EMAIL PROTECTED]
Date: Mon, 18 Aug 2008 23:50:08 -0400
I'm dealing with Hughsnet and have observed the following issue/
SOA is me for testing 72.169.156.122
Upstream router seems to be a public IP
Number: 15942
Date: 18Aug2008
Time:
Sit up and pay attention, even if you don't now run IPv6, or even if
you don't ever intend to run IPv6.
Your off-net bandwidth is going to increase, unless you put some
relays in.
As a friend of mine just said to me: Welcome to your v6-enabled
transit network, whether you like it or not ;-).
On Mon, Aug 18, 2008 at 10:05 PM, Kevin Blackham [EMAIL PROTECTED] wrote:
Your assumption is generally true with most any provider. They may
even accept something smaller, but it won't make it very far if less
than /24. It's also a good idea to announce a covering prefix in case
some peer
52 matches
Mail list logo