whatever fits your situation
anyway.)
Depends on your routing requirements, for example, you need to rely on a
default or disable as_path checks (or re-write the path) to be able to
see your other clusters (if they do need to communicate)...
--
David Freedman
Group Network Engineering
) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
--
David Freedman
Group Network Engineering
Claranet Group
Dave.
David Freedman wrote:
Has this move completed yet? I'm getting redirect loop:
$ curl -I www.nanog.org
HTTP/1.1 302 Found
Date: Mon, 14 Feb 2011 14:15:04 GMT
Server: Apache/2.2.6 (FreeBSD) mod_ssl/2.2.6 OpenSSL/0.9.8e DAV/2
PHP/5.2.4 with Suhosin-Patch
Location: http
Iljitsch van Beijnum wrote:
On 10 feb 2011, at 0:26, David Freedman wrote:
Unless every packet you emit is ≤ the minimum MTU (1280), then, you need
to be able to receive TOOBIG messages.
Can you think of a packet type I will emit from my publically numbered
backbone interface which may
I think the solution to all of these problems is really to use public
addressing but filter access to it at your edge (yes, even ICMP TOOBIG
can be filtered safely if you have designed things in a sane way)
Dave.
--
David Freedman
Group Network Engineering
Claranet Group
Iljitsch van Beijnum wrote:
On 9 feb 2011, at 18:30, David Freedman wrote:
(yes, even ICMP TOOBIG
can be filtered safely if you have designed things in a sane way)
NO.
Even if you run with 1280-byte MTUs everywhere so you'd think path MTU
discovery wouldn't be needed, this can still
, if I'm getting a TOOBIG in response to my TOOBIG then we all
have bigger problems to worry about :)
Dave.
Owen
--
David Freedman
Claranet
http://www.clara.net
forgotten :)
--
David Freedman
Group Network Engineering
Claranet Group
which doesn't
require any re-subnetting (if you are happy for this address to be
unreachable) and it should have a /32 mask...
--
David Freedman
Group Network Engineering
Claranet Group
support, don't know if it actually
works on anything else)
Dave.
--
David Freedman
Group Network Engineering
david.freed...@uk.clara.net
Tel +44 (0) 20 7685 8000
Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com
Company Registration: 3152737 - Place of registration
but another headache DoS
vector to manage well)
Thoughts?
--
David Freedman
Group Network Engineering
Claranet Group
?
--
David Freedman
Group Network Engineering
Claranet Group
about
this?
--
David Freedman
Claranet
http://www.clara.net
sfou...@shortestpathfirst.net wrote:
Hello,
I have a catalyst 6503 with sup32 and was trying to set a tagged vlan
inside a pvlan. Basically I wanna have the behavior of:
switchport mode access
switchport access vlan 101
switchport protected.
So that other machines connected to the 6503
snip
http://condor.depaul.edu/~jkristof/tdc375/
It is just me that found the location Loop Campus amusing in this context?
Thanks,
John
--
David Freedman
Group Network Engineering
Claranet Group
number infrastructure out of RFC1918 and then permit
internet traceroutes over it are misguided and should consider avoiding
TTL decrement (i.e using mpls without internet TTL propagation) as a
less stressful (for us) alternative to simply filtering.
Dave.
--
David Freedman
Group Network
If you are going to go multi-VLAN data plane (as opposed to multi-label)
then 10A will cause you scaling issues as you'll need multiple BGP peers
(or static routing),
I'd prefer to use
http://tools.ietf.org/html/draft-kulmala-l3vpn-interas-option-d-02
which already has implementations, i.e
Nice to see smaller companies take the time to put up a good April
fool's joke as well.
Carpeted datacenters are no joke, check out Telehouse in London
Docklands, the existing two buildings have been *fully carpeted* in both
the corridors and data floors for some time (but as carpeted
What tools/practices do others use to resolve this issue?
use lsof, should be able to show you consumption of network socket
resources by process (and hence user, hopefully)
Dave.
John Jason Brzozowski wrote:
Folks,
I am emailing you today to share some news that we hope you will find
interesting.
Today we are announcing our 2010 IPv6 trial plans. For more information
please visit the following web site:
I was privileged enough to visit the Comcast DOCSIS3/IPv6
Chris Gotstein wrote:
I think we had to let ARIN know the time frame of deploying IPv6 and how
many customers we expected to put on in the first couple years. They
did not ask for an addressing scheme.
Reading over the RFC's and other IPv6 resources, we have decided to hand
out /56's to
, internal policy)
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Fri 8/14/2009 23:05
To: David Freedman
Cc: Chris Gotstein; Nanog
Subject: Re
I forget who the vendor is now, but their shelves are sealed with a door
which, when opened, turns off all the lasers on the shelf so you can
work on it, yes, a simple provisioning operation causes an outage /
protection switchover!!
Dave.
Deepak Jain wrote:
At what power level do DWDM systems
Randy doing testing again?
Jay Hennigan wrote:
We're getting cyclops[1] alerts that AS13214 is advertising itself as
origin for all of our prefixes. Their anomaly report shows thousands of
prefixes originating there.
Anyone else seeing evidence of this or being affected?
[1]
Christopher Morrow wrote:
On Mon, May 11, 2009 at 12:41 PM, David Freedman
david.freed...@uk.clara.net wrote:
Randy doing testing again?
13214 != 3130
I think, for example, that Juniper is making a mistake by rolling v6
capability into a license that also includes BGP and ISIS on some
platforms. Cisco is guilty of this as well.
I am not necessarily advocating that v6 must be a basic feature on every
new box; but I don't think it is
It's a 128 bit address. Routing is done on VLSM, but, generally for DNS
purposes, these
are expected to be at least on nibble boundaries.
There is an intent to support what is known as EUI-64, which means every
subnet should
be a /64, however, there are people who number smaller
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
Null routing the source isn't going to stop
snip
Except when doing source based blackholing, see
http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02 section #4
Dave.
they choose to implement it.
I would be interested to know what your views on this are with your vendor hat
on :)
Dave.
-Original Message-
From: Mark Tinka [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2008 10:46 AM
To: nanog@nanog.org
Cc: David Freedman
Subject: Re: MPLS
When I thought about it, the IP core (10G links etc) first came to mind,
and there it's fairly easy to roll out (since I guess a lot of us do
WRED already), but what about on slower links? Would it make sense to
have our DSLAMs do this? What about DSL/cable modems (well, vendors
should first
Interesting , I hadn't followed this since draft-ietf-mpls-ecn-00,
, I eagerly await a vendor implementation :)
Dave.
Bjørn Mork wrote:
David Freedman [EMAIL PROTECTED] writes:
Implementing this in an MPLS core is not an easy task, you can really
only do this on the edge, when the MPLS
2. The Internet cannot route around de-peering
I know everyone believes the Internet routes around failures. While
occasionally true, it does not hold in this case. To route around the
failure would require transit. See item #1.
The internet routes around technical failures, not political
Danny McPherson wrote:
On Aug 14, 2008, at 1:09 PM, Jared Mauch wrote:
You're missing a step:
janitor.
No really, the reason for some leaks isn't because so-and-so was
never a customer, they were. 5 years ago. nobody removed the routes
from
the IRR or AS-SET or insert
but, why wouldn't something like formally requiring
customers/peers/transits/etc to have radb objects as a 'requirement'
for peering/customer bgp services
Step 1 : Enforce IRR for customers *now*.
Step 2 : Enforce trusted replacement for IRR when available
Step 3 : Profit
Not progressing
35 matches
Mail list logo
