are just using
stupid UDP. UDP nat is as old as nat itself.
And anyway QUIC is dead and all the development goes now over its
successor - HTTP/3.
--
Grzegorz Janoszka
ern faster connections more likely have IPv6 while old low-bandwidth
circuits may provide v4 only.
Some users may also use VPN which is almost always v4 only. Their VPN
may do funny routing, hair-pinning and similar behavior thus impacting
their performance.
--
Grzegorz Janoszka
On 2021-08-09 17:47, Billy Croan wrote:
How does the community feel about using /24 originations in BGP as a
tactical advantage against potential bgp hijackers?
RPKI is more effective than a competing /24. Unless they hijack you ASn
as well.
--
Grzegorz Janoszka
the remains of our freedom.
Please think twice before you complain for lack of information
filtering. Because the government will surely make you happy.
--
Grzegorz Janoszka
.
If only Equinix portal reflected how your patch panels really look like...
--
Grzegorz Janoszka
L FROM
command)
Of course emails to abuse_rbl go unanswered.
My IP turns clean on https://www.dnsbl.info/ (all green and one blue
timeout).
Anyone had such issues? Any working contacts to AT email?
Any help appreciated.
--
Grzegorz Janoszka
On 01/10/2019 09:22, Brandon Butterworth wrote:
Here are some UKNOF presentations on it -
Also very interesting from NLNOG (but in English):
https://www.youtube.com/watch?v=pjin3nv8jAo
--
Grzegorz Janoszka
On 2019-03-19 21:04, Hansen, Christoffer wrote:
https://github.com/netravnen/well-known-anycast-prefixes/blob/master/list.txt
PR's and/or suggestions appreciated! (Can be turned into $lirDB friendly
format->style RPSL)
Most DNS root servers are anycasted.
--
Grzegorz Janoszka
, it will be them.
--
Grzegorz Janoszka
len 51
His settings showed the DNS server ON with all the queries for the local
network and he actually had a toggle "allow remote queries" on, but his
routers were not open resolvers.
--
Grzegorz Janoszka
popular in this
industry. There are countries where many active users have to use a sort
of VPN to access banned sites.
So they are users, but rather not from Canada.
--
Grzegorz Janoszka
On 2016-07-22 20:20, Phil Rosenthal wrote:
On Jul 22, 2016, at 1:37 PM, Grzegorz Janoszka <grzeg...@janoszka.pl> wrote:
What I noticed a few years ago was that BGP convergence time was faster with
higher MTU.
Full BGP table load took twice less time on MTU 9192 than on 1500.
Of course B
on MTU 9192 than on 1500.
Of course BGP has to be allowed to use higher MTU.
Anyone else observed something similar?
--
Grzegorz Janoszka
On 09/03/2016 15:26, Kurt Kraut via NANOG wrote:
Could anyone share with me Internet Exchanges you know that allow jumbo
frames (like https://www.gr-ix.gr/specs/ does) and how you notice benefit
from it?
Netnod does it in separate vlan's.
--
Grzegorz Janoszka
. There's no firmware update for it supporting ipv6 either. There
would be millions of people in the same boat.
There should be a software for your box which supports IPv6 - DD-WRT or
anything similar. However I agree that it is not a solutions for
millions of Johnny Sixpacks.
--
Grzegorz Janoszka
IPv4 addresses and less income.
Will ISP's still find other profitable usage for v4 addresses? If not,
they will be probably be quite slowly rising IPv4 pricing, not wanting
to overprice it.
Even with $1/IPv4/month - what will be the ROI of a brand new home router?
--
Grzegorz Janoszka
We have just received alert from bgpmon that AS58587 Fiber @ Home
Limited has hijacked most of our (AS43996) prefixes and Hurricane
Electric gladly accepted them.
Anybody see their prefixes hijacked as well?
--
Grzegorz Janoszka
automatically your prefix list.
I remember that Level3 was one of the first carriers to enable that
feature and several years afterwards there were still global networks
(tier1) that could only do static prefix-lists.
--
Grzegorz Janoszka
expensive. They do it because of performance and reliability reasons.
--
Grzegorz Janoszka
Isn't it better actually to use they?
https://en.wikipedia.org/wiki/Singular_they
--
Grzegorz Janoszka
On 2014-12-27 20:35, Clayton Zekelman wrote:
That is why the better pronoun choice would have been 'you', not 'he' or 'she'.
Sent from my iPhone
On Dec 27, 2014, at 1:47 PM, Javier J
haven't tried Windows 7 SP1, maybe it has
been fixed till now. Does anyone have Windows with IPv6 and netmask /64?
--
Grzegorz Janoszka
for one
server can be enough. You can easily automate provisioning and reverse
DNS assuming you assign /112 for each server.
If you block SLAAC and provide connectivity to only the static IP's,
your abuse folks should appreciate it (yes, I know you can spoof v6).
--
Grzegorz Janoszka
On 2014-06-17 22:13, David Conrad wrote:
On Jun 17, 2014, at 12:55 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote:
There are still applications that break with subnet smaller than /64, so all
VPS providers probably have to use /64 addressing.
Wouldn't that argue for /64s?
/64 netmask
in
IGP - say a few % of total routes?
You may always prefer peering routes local to the PoP (giving them the
highest localpref). This way you will not carry so much traffic on your
backbone.
--
Grzegorz Janoszka
to be indeed leaked null
routes.
--
Grzegorz Janoszka
exchange, whatever, but then the page appears after N*RTT, which is
already happening with TCP now.
I am sure Google considered it, so I am really curious how they are
going to solve it.
--
Grzegorz Janoszka
might have explosion of /48's.
I wouldn't be so sure about just 3-5 prefixes/ASN.
--
Grzegorz Janoszka
continue to have more and more ram will it always be /24 the
smallest size?
As the fragmentation will progress and we will be closing to the magic
limit of 500.000, people will filter out /24 and then /23 and so on.
Back to static (default) routing!
--
Grzegorz Janoszka
but
one (like 6704 port with green and no amber), so to be 100% sure one
should always check the console.
--
Grzegorz Janoszka
.
So somewhere the /24 boundary addresses were being dropped.
Just curious if anyone else has seen this before.
Yes, actually there are people over Internet blocking all IP's ending
with 0 or 255 as a kind of bogon or other old wives' tale.
--
Grzegorz Janoszka
filtered prefix (don't we routinely see unintended
announcements in the global BGP table). I realize that is a big IF, but
There was also in the past fec0::/10. For BGP updates you should be safe
to filter out FC00::/6.
--
Grzegorz Janoszka
. Btw - what are the estimates - how
long are we going to be within 2000::/3?
--
Grzegorz Janoszka
.
--
Grzegorz Janoszka
(a connection to internet exchanges went up), you have longer
convergence time because of higher cpu load. MD5 offers no security
advantages and in some cases it causes more downtime by slowing down
convergence.
--
Grzegorz Janoszka
Telia (AS1299) stopped announce some prefixes to us, ie 83.8.0.0/13. Is
it another internet depeering? Do you also see it?
--
Grzegorz Janoszka
On 09-06-11 14:01, Chuck Anderson wrote:
Please don't use /127:
Use of /127 Prefix Length Between Routers Considered Harmful
http://tools.ietf.org/html/rfc3627
Well, this RFC says not to use PREFIX::/127. You are safe to use other
/127's within your prefix.
--
Grzegorz Janoszka
On 24-01-11 13:59, Carlos Friacas wrote:
Using /126s or /127s (or even /120s) is a result of going with the v4
mindset of conservation.
Not only, there are some other advantages of using /126's, like reducing
number of ND requests on the link and the size of neighbor tables.
--
Grzegorz
::1000
ipv6.ycpi.ops.yahoo.net has IPv6 address 2001:4998:f011:1fe::1000
In my bgp I see only the first address, I don't see any path to two
others. Do you have the route to them?
--
Grzegorz Janoszka
a malformed message to all peers, causing them to
close the BGP session.
I think most of the impact was limited to Europe, especially Amsterdam area.
--
Grzegorz Janoszka
of 50-60 GB.
Not only. We don't peer with RIS, but about 8-10 our peers announce to
us RIS. The nasty update we got from completely different AS, not RIS.
You may just check whether you see AS12654 - it is RIS.
--
Grzegorz Janoszka
On 12-4-2010 21:44, Gustavo Santos wrote:
its was an old bug, that had been fixed for a while..
You should still keep in mind Mikrotik is just Linux, with all its
(dis)advantages, plus some scripts and weird CLI.
--
Grzegorz Janoszka
Telecommunications Corporation)
Upstream AS: AS4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
ASpath: 39792 4134 23724 23724
Luckily it had to be limited as only one BGPmon peer saw it. Anyone else
noticed it?
--
Grzegorz Janoszka
more stable.
--
Grzegorz Janoszka
to lack of full
DNSSEC support.
--
Grzegorz Janoszka
are trying to debug, what IPv6 will you
ping to check if the second side is accessible?
--
Grzegorz Janoszka
, so in fact giving him trillions (possible) IP's for one server.
It can be use with autoconfiguration which always has FF:FE in the
middle - you just use some other bits here for your customer
assignments. Thus you identify a customer just by looking at the IP address.
--
Grzegorz Janoszka
. Are they
assigned in any given /8 prefix? If yes, you could easily allow /25's
from given /8.
--
Grzegorz Janoszka
the /17's with the community
no-export, so they will be seen only by your direct ISP, not by the rest
of the world. Or you may try to use some other communities to limit
announcements of your shorter prefixes, only to some part of the world.
--
Grzegorz Janoszka
Yes, but only www records have record, the domain (google.com
without www prefix) is still IPv4 only.
--
Grzegorz Janoszka
with them several peerings, IPv6 native
together with IPv4.
--
Grzegorz Janoszka
, or, is there some
reasonable purpose?
Memory mostly I think. /24 prefixes are ~ the half of all prefixes, but
they cover only a small percent of the address space.
If your router has 6 full BGP sessions, you can filter /24 on half of
them, your memory usage will drop significantly.
--
Grzegorz Janoszka
51 matches
Mail list logo
