Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

On Fri, May 06, 2022 at 08:58:51PM -0400, Amir Herzberg wrote: > Hi NANOGers, > > I have a small question re DNSSEC `proof of non-existence' records: NSEC, > NSEC3 and the (dead?) NSEC5 proposal. > > NSEC3 was motivated as a > method to prevent Zone enumeration, then Berenstein showed its

Question re prevention of enumeration with DNSSEC (NSEC3, etc.)

Hi NANOGers, I have a small question re DNSSEC `proof of non-existence' records: NSEC, NSEC3 and the (dead?) NSEC5 proposal. NSEC3 was motivated as a method to prevent Zone enumeration, then Berenstein showed its defense is pretty weak. RFC7129 (White Lies) prevents this enumeration attack but

RE: 10 Do's + Don'ts for Visiting Québec + Register Now for N85!

I think I have actually heard « tire-toi une bûche » before! But it was as a child, visiting our annual Fête du Voyageur historical re-enactment, and certainly not in any normal day-to-day setting. I’m just happy that an American author (who quite likely has never been to Montreal), writing

Weekly Global IPv4 Routing Table Report

This is an automated weekly mailing describing the state of the Global IPv4 Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG. Daily listings are sent to

Re: 10 Do's + Don'ts for Visiting Québec + Register Now for N85!

On Thu, 5 May 2022 at 08:57, Nanog News wrote: > *10 Do's + Don'ts for Visiting Québec* > *NANOG 85 Meeting Will Take Place Jun. 6 - 8 in Montréal* > > We are delighted to cross international borders in our mission to grow, > inspire + profoundly build the Internet of tomorrow! > > Montréal is

Re: [NANOG] [Mailman List] Strange behavior on the Juniper MX240

It should be "set chassis route-memory-enhanced" for Junos Version 10.4 - "memory-enhanced" was introduced from version 11.2 Start working on your hardware upgrade plan, this is just a work-around to keep you going but consider getting some capable, REs, SCBs, MPCs and perhaps HC PSUs etc

Re: Strange behavior on the Juniper MX240

On 5/6/22 11:26, Saku Ytti wrote: You are always here. You always need to understand your scale and how much resources you have available, what is possible and what is not. Of course, if this was the case with the global Internet, we'd have far fewer problems making it work well than we

Re: Strange behavior on the Juniper MX240

On Fri, 6 May 2022 at 12:17, Mark Tinka wrote: > We have run into issues with platforms that have shipped with FIB's in favour > of IPv4 and less for IPv6 and MPLS labels. Shifted around, you could give up > whatever is left for IPv6 and ACL's to give more to IPv4, but you then end up >

Re: Strange behavior on the Juniper MX240

On 5/6/22 10:09, Saku Ytti wrote: This seems like a strange position. The device has 16MB+16MB jtree segments. The first is IP, the second is filters (Broadly). OP has 16MB of first used. OP has <5MB of second used. What if the platform had originally shipped with a different balance

Re: Strange behavior on the Juniper MX240

On Fri, 6 May 2022 at 10:59, Mark Tinka wrote: > These are the reasons why I was saying that while there may be some commands > to move FIB allocations around, it's a lot of admin. because the DFZ is very > dynamic, and FIB programming issues due to lack of slots that affect > different

Re: Strange behavior on the Juniper MX240

On 5/5/22 21:50, Nick Olsen wrote: His instance drove us crazy for a bit. The device would learn a route, show that it was installed (show routes) but traffic to said prefix would bounce net unreachable. We even pushed a static just for S's and that still didn't resolve it. It was a single

Re: [NANOG] [Mailman List] Strange behavior on the Juniper MX240

Yes Mark it is odd On Thu, May 5, 2022 at 10:09 PM Mark Tinka via NANOG < ad...@community.nanog.org> wrote: > Mark_Tinka4 > May 6 > > Odd, as this said it came alive in Junos 10.4: > juniper.net >