Re: Sufficient Buffer Sizes

Thus spake Mike Hammett (na...@ics-il.net) on Tue, Jan 02, 2024 at 05:02:22PM -0600: > While attempting to ascertain how big of switch buffers I needed in a 100G > switch, I rediscovered this article where I first learned about switch > buffers. > >

Re: Generally accepted BGP acceptance criteria?

Thus spake Tom Samplonius (t...@samplonius.org) on Mon, Nov 20, 2023 at 07:02:52PM -0800: > > On Nov 17, 2023, at 6:58 AM, Christopher Morrow > > wrote: > > IRR filters provide control over whom is provided reachability through > > a particular peering/path. > > How does that work? IRR

Re: Generally accepted BGP acceptance criteria?

Thus spake Tom Samplonius (t...@samplonius.org) on Thu, Nov 16, 2023 at 04:54:17PM -0800: > > In the world of IRR and RPKI, BGP route acceptance criteria is important to > get right. > > DE-CIX has published a detailed flow chart documenting their acceptance > criteria:

Re: Acceptance of RPKI unknown in ROV

Thus spake Randy Bush (ra...@psg.com) on Thu, Oct 19, 2023 at 03:16:21PM -0700: > > For legacy resource holders it is a problem but then it’s a > > bureaucratic issue rather technical and technology has a solution > > called SLURM. > > has arin not made it easier, lowering the legal insanity, for

Re: maximum ipv4 bgp prefix length of /24 ?

Thus spake Delong.com (o...@delong.com) on Wed, Oct 11, 2023 at 12:44:35PM -0700: > > > > On Oct 11, 2023, at 11:50, Dale W. Carder wrote: > > > > Thus spake Delong.com via NANOG (nanog@nanog.org) on Tue, Oct 10, 2023 at > > 04:52:07PM -0700: > >> How

Re: maximum ipv4 bgp prefix length of /24 ?

Thus spake Delong.com via NANOG (nanog@nanog.org) on Tue, Oct 10, 2023 at 04:52:07PM -0700: > However, IF YY is paying attention, and YY wants to advertise 2001:db8::/32 > as well as allow 2001:db8:8000::/36 and 2001:db8:f000::/36, I would expect AS > YY would generate ROAs for >

Re: Seeing a lot of ROUTING-FIB-3-UPD_MSG_TOO_BIG messages today

Thus spake Drew Weaver (drew.wea...@thenap.com) on Mon, Apr 25, 2022 at 04:21:53PM +: > Hello everyone, > > I've seen this a bit in the past with 1-2 routes, but today it's been > happening basically all morning with several different routes. > > ROUTING-FIB-3-UPD_MSG_TOO_BIG > > I've

Re: SRv6 Capable NOS and Devices

Thus spake Sander Steffann (san...@steffann.nl) on Wed, Jan 12, 2022 at 06:21:25PM +0100: > Hi, > > > No SRv6 is MPLS labeling where label is carried inside IP instead > > before the IP header. Layering violation which increases complexity > > and cost for no other purpose except dishonest

Re: question about enabling RPKI using Hosted mode

Thus spake Edvinas Kairys (edvinas.em...@gmail.com) on Tue, Oct 26, 2021 at 10:11:14AM +0300: > > Also, about ROA expirations is it possible to configure an automatic ROA > extension after it's expires ? Well, you probably hit one of the next biggest operational issues, so congrats ;-). If

Re: Setting sensible max-prefix limits

Thus spake Chriztoffer Hansen (c...@ntrv.dk) on Wed, Aug 18, 2021 at 12:03:51PM +0200: > On Wed, 18 Aug 2021 at 11:33, Lars Prehn wrote: > > I guess for long standing peers one could just eyeball it, e.g., current > > prefix count + some safety margin. How does that work for new peers? sadly,

Re: IPv6 and multicast listener discovery

Are your links or hosts limited in some way or broadcast domains of some unreasonable size? Most of the competent switching or managed wireless products will snoop or otherwise handle this overhead in a sane manner. Otherwise this at best would seem to be an over-optimization. >From my

Re: OVH datacenter SBG2 in Strasbourg on fire 

Thus spake Matt Harris (m...@netfire.net) on Thu, Mar 11, 2021 at 05:06:46AM -0600: > > There are plenty of effective options besides environmentally-destructive > Halon, dangerous-to-equipment water sprinkler, or dangerous-to-personnel > CO2 for fire suppression these days. Some of the most

Re: 100G over 100 km of dark fiber

You may also find that 100G PAM4 could work. There are some vendors that sell the optic, and an outboard EDFA + DCF pizza box. Dale Thus spake Tarko Tikan (ta...@lanparty.ee) on Fri, Oct 30, 2020 at 04:25:58PM +0200: > hey, > > > I need to push 100G over 100 km of dark fiber. Since there

Re: Cogent Layer 2

Thus spake Mike Hammett (na...@ics-il.net) on Wed, Oct 14, 2020 at 12:36:39PM -0500: > > Are any legitimate beefs with Cogent limited to their IP policies, BGP > session charges, and peering disputes? Meaning, would using them for layer 2 > be reasonable? Be sure to ask if your circuit will

Re: AS hijacking (Philosophy, rants, GeoMind)

Thus spake Justin Wilson (Lists) (li...@mtin.net) on Fri, May 29, 2020 at 11:39:46AM -0400: > One of the companies I work for recently had an issue with AS 2 (University > of Delaware) hijacking a prefix. Due to Origin AS, good upstreams, and the > like this has not really affected the traffic

Re: Cisco Crosswork Network Insights - or how to destroy a useful service

Thus spake Job Snijders (j...@ntt.net) on Wed, May 15, 2019 at 12:16:06PM +0200: > > I recognise the issue you describe, and I'd like to share with you that > we're going down another road. Nowadays, RIPE NCC offers a streaming API > ("RIS Live") which has the data needed to analyse and correlate

Re: Pinging a Device Every Second

Thus spake Christian Meutes (christ...@errxtx.net) on Fri, Dec 21, 2018 at 02:41:23PM +0100: > Depending on your requirements and scale - but I read you want history - > it's probably less a demand on CPU or network resources, but more on IOPS. > > If you cache all results before writing to

Re: Confirming source-routed multicast is dead on the public Internet

Thus spake Mankamana Mishra (mankamis) via NANOG (nanog@nanog.org) on Wed, Aug 01, 2018 at 02:43:10AM +: > other than billing problem, is there any other reasons why multicast would > not be viable for public internet ? Hi Mankamana, You can find a reasonable overview here with respect

Re: Blockchain and Networking

Traceroute or any other path diagnostics comes to mind. Dale Thus spake Tom Beecher (beec...@beecher.cc) on Thu, Jan 11, 2018 at 12:22:43PM -0500: > "Blockchain is great at proving chain of custody, but when do you need to do > that in computer networking?" > > This is the most important

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Thus spake Patrick W. Gilmore (patr...@ianai.net) on Sun, Sep 25, 2016 at 05:57:42PM -0400: > On Sep 25, 2016, at 5:50 PM, ryan landry wrote: > > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote: > > >> This is such a golden opportunity for each of you

Re: collectd as alternative to RTG for high-resolution polling and long term storage?

Thus spake Eric Kuhnke (eric.kuh...@gmail.com) on Wed, Mar 16, 2016 at 11:45:26AM -0700: > Would anyone care to share their experience using collectd as an > alternative to rtg for high-resolution polling of interface traffic and > long term storage? > > I am investigating the various options

Re: Internet Exchanges supporting jumbo frames?

Thus spake Jakob Heitz (jheitz) (jhe...@cisco.com) on Fri, Mar 18, 2016 at 09:29:44PM +: > What's driving the desire for larger packets? In our little corner of the internet, it is to increase the performance of a low number of high-bdp flows which are typically dataset transfers. All of our

Re: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Thus spake Andrew (Andy) Ashley (andre...@aware.co.th) on Thu, Feb 11, 2016 at 02:35:51PM +: > Is a control-plane ACL to limit isakmp traffic (UDP/500) to an affected ASA > from desired sources enough to mitigate this attack, until upgrades can be > performed? It's worth noting that is not

Re: SNMP - monitoring large number of devices

Thus spake Dan White (dwh...@olp.net) on Tue, Sep 29, 2015 at 03:37:51PM -0500: > On 09/29/15 22:20 +0200, Pavel Dimow wrote: > >recently I have been tasked with a NMS project. The idea is to pool about > >20 OID's from 50k cable modems in less then 5 minutes (yes, I know it's a > >one million

Re: Android (lack of) support for DHCPv6

Thus spake Paul B. Henson (hen...@acm.org) on Mon, Jun 08, 2015 at 08:14:54PM -0700: We're in the beginning steps of bringing up IPv6 at the fairly large university where I work. Ditto. We plan to use DHCPv6 rather than SLAAC for a variety of reasons. Those reasons should probably be

Re: Routing Insecurity (Re: BGP in the Washington Post)

Thus spake Roland Dobbins (rdobb...@arbor.net) on Tue, Jun 02, 2015 at 03:05:13PM +0700: On 2 Jun 2015, at 11:07, Mark Andrews wrote: If you have secure BGP deployed then you could extend the authenication to securely authenticate source addresses you emit and automate BCP38 filter

Re: Fwd: Interesting problems with using IPv6

Thus spake Scott Weeks (sur...@mauigateway.com) on Sun, Sep 07, 2014 at 12:17:18PM -0700: --- fergdawgs...@mykolab.com wrote: From: Paul Ferguson fergdawgs...@mykolab.com There's been a lot of on-and-off discussion about v6, especially about security and operational concerns about some

Re: Multicast Internet Route table.

Thus spake Mikael Abrahamsson (swm...@swm.pp.se) on Tue, Sep 02, 2014 at 06:05:42PM +0200: On Tue, 2 Sep 2014, Octavio Alvarez wrote: I have never used interdomain multicast but I imagine the global m-routing table would quickly become large. I have set up interdomain routing connecting

Re: ASR9K xml agent vs netconf

Thus spake Jeremy (jba...@gmail.com) on Fri, Aug 01, 2014 at 03:07:19PM -0700: I'm currently working on writing some automation around the ASR9K platform and I've been looking at both the netconf and xml interfaces. Anyone have experience with either? It looks like the XML interface is

Re: ARIN Enters Phase Four of the IPv4 Countdown Plan

Thus spake Paul S. (cont...@winterei.se) on Wed, Apr 23, 2014 at 11:35:20PM +0900: Am I the only one who thinks this 'clench' is rather absurd especially right after one company pretty much got 1/4th of all remaining address space when there's such an insane crunch looming? Deck Chairs. Dale

Re: Managing IOS Configuration Snippets

Thus spake Ryan Shea (ryans...@google.com) on Thu, Feb 27, 2014 at 09:38:33AM -0500: Now, I hand you the 'show run' output and ask you if version 77 of the vty config is on this device. Can you answer the question? Now I hand you the 'show run' from 10,000 more device configs - and 100 more

Re: Managing IOS Configuration Snippets

Thus spake Keegan Holley (no.s...@comcast.net) on Fri, Feb 28, 2014 at 09:49:19AM -0500: I wasn’t saying just fix it. I was saying that router configs don’t lend well to versioning. Um, what? $ rlog r-cssc-b280c-1-core.conf | grep 'total revision' total revisions: 2009; selected

Re: turning on comcast v6

Thus spake Jamie Bowden (ja...@photon.com) on Fri, Dec 20, 2013 at 01:07:27PM +: From: Lee Howard [mailto:l...@asgard.org] On 12/20/13 7:36 AM, Jamie Bowden ja...@photon.com wrote: From: Owen DeLong [mailto:o...@delong.com] I'm almost afraid to ask about the phrase

Re: Wiki for people doing IPv6-only testing

Thus spake Jason Fesler (jfes...@gigo.com) on Wed, Jun 19, 2013 at 04:55:01PM -0700: On a recent IPv6 providers call, there was a desire for participants to share information with each other on what works and what breaks in an IPv6-only environment. I offered to set that up. It was further

Re: ipp.gov and Google DNS (8.8.8.8)

Thus spake Casey Deccio (ca...@deccio.net) on Thu, May 30, 2013 at 11:17:03AM -0700: On Thu, May 30, 2013 at 9:22 AM, Yunhong Gu g...@google.com wrote: Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its authoritative name servers. If there is anyone on this list who

Re: APC In-row Units

Thus spake Morgan Miskell (morgan.misk...@caro.net) on Tue, May 21, 2013 at 09:49:14AM -0400: I realize this topic is semi off point so feel free to reply to the list or to me personally. I am wondering if anyone has any experience using the APC In-row cooling units in their data centers. I

Re: Big day for IPv6 - 1% native penetration

Thus spake Dobbins, Roland (rdobb...@arbor.net) on Tue, Nov 27, 2012 at 03:16:27PM +: On Nov 27, 2012, at 9:50 PM, Randy Bush wrote: the cause is netflix and youtube, with a bit of help from fb and non-youtube gobble. Just because their users can reach popular

Re: IPv6 /64 links (was Re: ipv6 book recommendations?)

Thus spake Chuck Church (chuckchu...@gmail.com) on Wed, Jun 06, 2012 at 10:58:05AM -0400: Does anyone know the reason /64 was proposed as the size for all L2 domains? Some day eui-48 will run out. So, just assume eui-64 now and map into it. Also, as you point out below, not all L2 is

Re: http://www.moduletek.com/ SFP's anyone using them

Hey James, On Mar 22, 2012, at 4:49 PM, James Braunegg wrote: http://www.moduletek.com/ Just wondering if anyone has used moduletek 10gbit SFP's+ and what has your experience been like ? We've used a variety of what they have for 4-5 years now in in lots of flavors of sfp, sfp+, x2, xfp,

Re: Switch designed for mirroring tap ports

Thus spake Jeff Kell (jeff-k...@utc.edu) on Thu, Mar 01, 2012 at 10:22:29AM -0500: How about splitting up a heavy stream (10G) into components (1G) to run through an inline device and reassemble the pieces back to an aggregate afterward? Sounds like a perfect job for a commodity switch that

Re: Choice of address for IPv6 default gateway

Hi Daniel, On Jan 25, 2012, at 8:41 AM, Daniel STICKNEY wrote: I'm having trouble finding authoritative sources on the best common practice (if there even is one) for the choice of address for an IPv6 default gateway in a production server environment (not desktops). For example in IPv4 it is

Re: using ULA for 'hidden' v6 devices?

On Jan 25, 2012, at 9:51 AM, Justin M. Streiner wrote: Is anyone using ULA (RFC 4193) address space for v6 infrastructure that does not need to be exposed to the outside world? I understand the concept of having fc00::/8 being doled out by the RIRs never went anywhere, and using space out

Re: Polling Bandwidth as an Aggregate

Hi Keegan, On Jan 19, 2012, at 9:50 PM, Keegan Holley wrote: Has anyone had to aggregate bandwidth data from multiple interfaces for billing. For example I'd like to poll with an open source tool and aggregate data from multiple interfaces connected to the same customer or multiple customers

Re: IPv6 NPT and NAT for Linux

On Nov 30, 2011, at 2:14 PM, Ray Soucy wrote: For those who missed it, Linux is adding NAT for IPv6 to netfilter: http://www.spinics.net/lists/netfilter-devel/msg19979.html Along with tradition SNAT, and DNAT targets most of us are familiar with, a new NETMAP target is included that

Re: IPv6 version of www.qwest.com/www.centurylink.com has been down for 10 days

Thus spake Leigh Porter (leigh.por...@ukbroadband.com) on Thu, Aug 18, 2011 at 11:47:19AM +: It seems that any IPv6 efforts by organisations are best effort at most with of course some notable exceptions who seem to offer a really very good service (HE for example). It's starting to

Re: Why no IPv6-only day (Was: Protocol-41 is not the only tunneling protocol)

Thus spake Owen DeLong (o...@delong.com) on Tue, Jun 07, 2011 at 05:37:00AM -0700: Things like happy-eyeballs diminish it even with perfect IPv6 connectivity. 100ms rtt doesn't cover the world and to make multi-homed servers (includes dual stack) work well clients will make additional

Re: Ipv6 for the content provider

Thus spake Jack Carrozzo (j...@crepinc.com) on Wed, Jan 26, 2011 at 01:38:48PM -0500: As I understand it, when a client requests a particular domain of yours and gets an A and an , the client will default to the (assuming it's on a v6 network) and attempt to communicate as such.

Re: Ipv6 for the content provider

Thus spake Randy McAnally (r...@fast-serv.com) on Wed, Jan 26, 2011 at 04:50:22PM -0500: On Wed, 26 Jan 2011 10:22:40 -0800, Charles N Wyble wrote For the most part, I'm a data center/application administrator/content provider kind of guy. As such, I want to provide all my web content

Re: RIP Justification

Thus spake Jesse Loggins (jlogginsc...@gmail.com) on Wed, Sep 29, 2010 at 01:20:48PM -0700: This leads to my question. What are your views of when and where the RIP protocol is useful? I most often see RIPv2 used simply to avoid paying vendor license fees to run more sophisticated things

Re: 1G/10G options over 130 km of fiber

On Mar 5, 2010, at 2:36 PM, Justin M. Streiner wrote: My gut tells me that the 2-point loss on the span at 1550nm will be somewhere around 30-35 dB. What's your measured chromatic dispersion? You might need to budget in the hit from compensation too. Some of the super long range optics

Re: Alaska IXP?

On Mar 4, 2010, at 10:33 AM, Jay Hanke wrote: From the looks of the link it looks like there is a bit of traction at the MadIX. One of the other interested carriers has talked to the University of MN and they showed some interest in participating. The trick is getting the first couple of

Re: log parsing tool?

On Feb 22, 2010, at 4:49 PM, fedora fedora wrote: ah, never heard of SEC before and it really looks interesting, Take a look at SLCT, also by Risto Vaarandi: http://ristov.users.sourceforge.net/slct/ SLCT can parse huge amounts of logs very fast. We use it to crunch firewall logs and also to

Re: Using /126 for IPv6 router links

On Jan 27, 2010, at 3:19 PM, Igor Gashinsky wrote: you face 2 major issues with not using /127 for PtP-type circuits: 1) ping-ponging of packets on Sonet/SDH links Let's say you put 2001:db8::0/64 and 2001:db8::1/64 on a PtP interface, and somebody comes along and ping floods

Re: Juniper M120 Alternatives

On Nov 16, 2009, at 9:54 AM, Gary Mackenzie wrote: Having slightly lost track of what everybody is using for peering routers these days, what is the consensus about the best alternative to Juniper M series routers? have you looked at the MX series? Dale

Re: IPv6 Confusion

On Feb 18, 2009, at 3:00 PM, Nathan Ward wrote: On 19/02/2009, at 9:53 AM, Leo Bicknell wrote: Let me repeat, none of these solutions are secure. The IPv4/DHCP model is ROBUST, the RA/DHCPv6 model is NOT. The point I am making is that the solution is still the same - filtering in

Re: BCP for Private OUI / address assignments?

unique (OUI assigned). Cheers, Dale -- Dale W. Carder - Network Engineer University of Wisconsin / WiscNet http://net.doit.wisc.edu/~dwcarder

Re: Network topology [Solved]

(or similar) might be done by Openview's L2 featureset. Dale -- Dale W. Carder - Network Engineer University of Wisconsin / WiscNet http://net.doit.wisc.edu/~dwcarder

Re: SLAAC(autoconfig) vs DHCPv6

Hey Scott, On Aug 18, 2008, at 2:33 PM, Scott Weeks wrote: From: TJ [EMAIL PROTECTED] As a general rule, most clients are following the If we gave them static IPv4 addresses we will give them static IPv6 addresses (infrastructure, servers, etc). The whole SLAAC(autoconfig) vs DHCPv6 is a

Re: [NANOG] DWDM More Details

On Apr 25, 2008, at 12:58 PM, Alex Pilosov wrote: On Fri, 25 Apr 2008, John Lee wrote: I'd be curious to ask reverse question, did anyone *have* real problems deploying duct tape systems, or power jitter chromatic dispersion is vendor mumbo jumbo designed to make you buy their gear?