On 3 Jun 2012, at 23:20, Jimmy Hess wrote:
> On 6/3/12, Jeroen Massar wrote:
>> If one is so stupid to just block ICMP then one should also accept that one
>> loses functionality.
> ICMP tends to get blocked by firewalls by default
Which firewall product does that?
> ; There are
> legitimate r
On 3 Jun 2012, at 22:41, Masataka Ohta wrote:
> Joe Maimon wrote:
>
>> So IPv6 fixes the fragmentation and MTU issues of IPv4 by how exactly?
>
> Completely wrongly.
Got a better solution? ;)
>> Or was the fix incorporating the breakage into the basic design?
>
> Yes.
>
> Because IPv6 requi
On 6/3/12, Jeroen Massar wrote:
> If one is so stupid to just block ICMP then one should also accept that one
> loses functionality.
ICMP tends to get blocked by firewalls by default; There are
legitimate reasons to block ICMP, esp w V6. Security device
manufacturers tend to indicate all the "l
Joe Maimon wrote:
> So IPv6 fixes the fragmentation and MTU issues of IPv4 by how exactly?
Completely wrongly.
> Or was the fix incorporating the breakage into the basic design?
Yes.
Because IPv6 requires ICMP packet too big generated against
multicast, it is designed to cause ICMP implosions,
On 3 Jun 2012, at 20:40, Jimmy Hess wrote:
> On 6/3/12, Cameron Byrne wrote:
>> On Sun, Jun 3, 2012 at 6:38 PM, Joe Maimon wrote:
> [snip]
>> #5 According to the IETF, MSS hacks do not exist and neither do MTU
>> issues http://www.ietf.org/mail-archive/web/v6ops/current/msg12933.html
>
> They
> This may result in mixed signals if a site on a SLD under .SECURE
> is actually compromised, which is more harmful than having no UI
> declaration.
The greatest advantage of .SECURE is that it will help ensure that all the
high-value targets are easy to find.
---
() ascii ribbon campaign
Note that you've misquoted; that was a reply to my post, possibly 2 levels deep.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Jimmy Hess wrote:
On 5/31/12, Jay Ashworth wrote:
> HTTP redirects funneling connections towards the appropriate TLS-encrypted
> site), use DN
On 6/3/12, Cameron Byrne wrote:
> On Sun, Jun 3, 2012 at 6:38 PM, Joe Maimon wrote:
[snip]
> #5 According to the IETF, MSS hacks do not exist and neither do MTU
> issues http://www.ietf.org/mail-archive/web/v6ops/current/msg12933.html
They couldn't be more wrong. MTU issues still exist, and no
On 2012-06-03 20:26, bmann...@vacation.karoshi.com wrote:
> On Sun, Jun 03, 2012 at 10:05:40PM -0400, Joe Maimon wrote:
[..]
> actually, to be safe, 1220.
That will work really well with the minimum IPv6 MTU being 1280 ;)
Greets,
Jeroen
On Sun, Jun 03, 2012 at 10:05:40PM -0400, Joe Maimon wrote:
>
>
> Joe Maimon wrote:
>
> >Looks like a tunnel mtu issue. I have not as of yet traced the
> >definitive culprit, who is (not) sending ICMP too big, who is (not)
> >receiving them, etc.
> >
>
> The culprit is the v6 tunnel, which wand
In message <4fcc11b2.2090...@ttec.com>, Joe Maimon writes:
> Well, IPv6 day isnt here yet, and my first casualty is the browser on
> the wife's machine, firefox now configured to not query .
>
> Now www.facebook.com loads again.
>
> Looks like a tunnel mtu issue. I have not as of yet traced
No. Let's go the opposite direction and make DNS a decentralized trust model. :)
> Digress.
On 5/31/12, Jay Ashworth wrote:
> HTTP redirects funneling connections towards the appropriate TLS-encrypted
> site), use DNSSEC, and deploy DomainKeys Identified Mail (DKIM) for spam
The "Except for HTTP redirects" part is a gigantonormous hole. A
MITM attacker on a LAN can intercept traffic t
On Jun 3, 2012, at 7:38 PM, Joe Maimon wrote:
> www.arin.net works and worked for years. www.facebook.com stopped June 1.
>
> So IPv6 fixes the fragmentation and MTU issues of IPv4 by how exactly?
It doesn't fix the fragmentation issues. It assumes working PMTU.
For what it's worth, I also us
Cameron Byrne wrote:
#1 don't tunnel unless you really need to.
Tunnels are ipv4 only now?
#2 see #1
#3 use happy eyeballs, http://tools.ietf.org/html/rfc6555, Chrome has
a good implementation, but this does not solve MTU issues.
Because the initial connections are made just fine.
Joe Maimon wrote:
Looks like a tunnel mtu issue. I have not as of yet traced the
definitive culprit, who is (not) sending ICMP too big, who is (not)
receiving them, etc.
The culprit is the v6 tunnel, which wanders into v4 ipsec/gre tunnels,
which means the best fix is ipv6 mtu 1280 on the
On Sun, Jun 3, 2012 at 6:38 PM, Joe Maimon wrote:
> Well, IPv6 day isnt here yet, and my first casualty is the browser on the
> wife's machine, firefox now configured to not query .
>
> Now www.facebook.com loads again.
>
> Looks like a tunnel mtu issue. I have not as of yet traced the definit
Well, IPv6 day isnt here yet, and my first casualty is the browser on
the wife's machine, firefox now configured to not query .
Now www.facebook.com loads again.
Looks like a tunnel mtu issue. I have not as of yet traced the
definitive culprit, who is (not) sending ICMP too big, who is (no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Jun 3, 2012, at 12:35 PM, Anurag Bhatia wrote:
> I tried doing anycasting with 3 nodes, and seems like it didn't worked well
> at all. It seems like ISPs prefer their own or their customer route (which
> is our transit provider) and there is almo
Hello everyone
Thought to re-open to this thread and discuss couple of doubts I have in
mind regarding the same.
I tried doing anycasting with 3 nodes, and seems like it didn't worked well
at all. It seems like ISPs prefer their own or their customer route (which
is our transit provider) and t
..I was waiting for Ren to shut this thread Down. :)
Nabil: reply to Ren directly, off list. You'll be in good hands.
j
On Jun 3, 2012 10:44 AM, "Ren Provo" wrote:
> What is your ASN Nabil so I can find out what you submitted for a
> request, including scope and term. -ren
>
> On Sat, Jun 2, 20
What is your ASN Nabil so I can find out what you submitted for a
request, including scope and term. -ren
On Sat, Jun 2, 2012 at 5:08 PM, Nabil Sharma wrote:
>
> Dear NANOG:
> I seek pricing on Comcast AS7922 paid peer at following commit level:
> 1G
> 10G
> 100G
> Please reply in private and I w
Hello NANOG 55'ers,
Welcome to Vancouver. On behalf of the NANOG Program Committee, I'm pleased to
announce that we're accepting Lightning Talk submissions via our tool at
https://pc.nanog.org/. Log in, submit a talk, and wait. We'll be announcing the
first round of LTs late this evening.
How d
On Sun, 3 Jun 2012, Nabil Sharma wrote:
I am not allowed to sign NDA, can someone please send me sample pricing
in private mail?
Since it's not entirely clear if you're asking about SFI or not...
Entering into something like an SFI agreement with a large national
network is typically somethi
On Sun, 3 Jun 2012, Nabil Sharma wrote:
I am not allowed to sign NDA, can someone please send me sample pricing
in private mail?
I didn't see any requirement to sign an NDA for their dedicated
non-transit product, which is essentially what you were asking for. If
you want to do SFI (assumin
On Sunday, June 03, 2012 06:41:34 AM Nabil Sharma wrote:
> I am not allowed to sign NDA, can someone please send me
> sample pricing in private mail?
Then find someone in your company who will and use that
channel, Nabil.
Alternatively, have you tried to find out whether Comcast
could actually
26 matches
Mail list logo
