On Sat, Mar 12, 2011 at 7:27 PM, William Herrin b...@herrin.us wrote:
That must be my mistake then, because I thought the exercise was
building it in a way that it stays built for the maximum practical
number of years. When it has to be touched again (or tweaked if it
So when you upgrade a
On Thu, Mar 10, 2011 at 10:51 PM, George Bonser gbon...@seven.com wrote:
And I say making them /127s may not really make any difference. Say you
make all of those /127s, at some point you *are* going to have a network
someplace that is a /64 that has hosts on it and that one is just as
On Fri, Mar 11, 2011 at 1:07 PM, valdis.kletni...@vt.edu wrote:
Feel free to explain how SLAAC should work on a /96 with 32 bits of host
address
(or any amount smaller than the 48 bits most MAC addresses provide). Remember
in your answer to deal with collisions.
Why should SLAAC dictate
On Fri, Mar 11, 2011 at 6:33 PM, Owen DeLong o...@delong.com wrote:
Yes, you can bring as much of the pain from IPv4 forward into IPv6
as you like. You can also commit many other acts of masochism.
This is the problem with Fundamentalists, such as yourself, Owen.
You think that fixing things
On Wed, Mar 9, 2011 at 9:11 PM, Chris Woodfield rek...@semihuman.com wrote:
I think this is the point where I get a shovel, a bullwhip and head over to
the horse graveyard that is CAM optimization...
The classic problem with any sort of FIB optimization is that you
can't optimize every figure
On Thu, Mar 10, 2011 at 1:52 PM, George Bonser gbon...@seven.com wrote:
What I have done on point to points and small subnets between routers is
to simply make static neighbor entries. That eliminates any neighbor
table exhaustion causing the desired neighbors to become unreachable. I
also
On Wed, Mar 9, 2011 at 2:19 AM, George Bonser gbon...@seven.com wrote:
The ipv4-ipv6-2 CAM profile in 5.1 gives 768K v4 routes and 64k v6
routes which should be good for quite a while. That is provided you
How many IPv6 BGP routes are folks typically planning for in the DFZ
before a hardware
I guess I'll plug this Wikipedia page again:
http://en.wikipedia.org/wiki/Comparison_of_IPv6_support_by_major_transit_providers
--
Jeff S Wheeler j...@inconcepts.biz
Sr Network Operator / Innovative Network Concepts
On Mon, Feb 28, 2011 at 6:28 PM, Leigh Porter
leigh.por...@ukbroadband.com wrote:
Exactly the point I made earlier. POTS is simple, it does what it does and it
is pretty good at it. Now, in the background, you have a whole lot of
engineering. But I would trust a DMS100 far more than any of
On Sun, Feb 27, 2011 at 5:16 PM, Ray Soucy r...@maine.edu wrote:
This seems to have upset at least one Apple engineer who dropped the
NDA bomb on me; while he didn't confirm it was there, he did imply it,
and it did make me have people give a second look. (I tried to get him
to admit it but
On Tue, Feb 22, 2011 at 4:55 PM, Jack Carrozzo j...@crepinc.com wrote:
Maybe I read your question wrong, but null-routing things at your border is
often not very useful if the traffic is flooding your transit links. Most
transits publish their community lists - you just need to tag the prefix
On Fri, Feb 18, 2011 at 10:34 AM, Zed Usser zzu...@yahoo.com wrote:
Reduce, yes. Remove, no. Without a global cutoff date for the IPv6
transition, it's not like IPv4 is going to disappear overnight. Furthermore,
without any IPv4/IPv6 translation, the first IPv6 only networks are going to
On Fri, Feb 18, 2011 at 1:14 PM, George Bonser gbon...@seven.com wrote:
One thing they can do, and I would live to see some popular destination
site do this, is to say something like:
we have this really cool new thing we are rolling out but, sorry, it is
available only via IPv6 or we will
On Sun, Jan 30, 2011 at 12:40 PM, Owen DeLong o...@delong.com wrote:
Because they publish data you have signed. They don't have the ability
to modify the data and then sign that modification as if they were you if
they aren't holding the private key. If they are holding the private key,
then,
On Thu, Jan 27, 2011 at 10:00 PM, John Curran jcur...@arin.net wrote:
Based on the ARIN's IRR authentication thread a couple of weeks ago, there
were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR
system. ARIN has looked at the integration issues involved and has
Richard's employer is exactly the kind of organization that has not
been able to effectively multi-home their discrete branch-offices on
the IPv4 Internet, because RIR allocation policy set the bar for
receiving IPv4 addresses for those small locations just high enough to
steer us away from that
On Mon, Jan 10, 2011 at 12:37 PM, Jon Lewis jle...@lewis.org wrote:
On Sun, 9 Jan 2011, Charles N Wyble wrote:
I am simply suggesting it is dangerous and irresponsible to run an IRR
with only MAIL-FROM authentication, and quite easy to also support
CRYPT-PW. ARIN should either support
On Sun, Jan 9, 2011 at 1:09 PM, John Curran jcur...@arin.net wrote:
Please suggest your preferred means of IRR authentication to the ARIN
suggestion process: https://www.arin.net/participate/acsp/index.html
Alternatively, point to a best practice document from the operator
community for
On Sun, Jan 9, 2011 at 6:27 PM, Randy Bush ra...@psg.com wrote:
Do you: 1) want IRR services, and if so, with what features?
2) believe IRR services should be provided by ARIN?
the irr is slightly useful today. so, iff it is cheap and easy, arin
providing an open and free
On Sun, Jan 9, 2011 at 6:48 PM, Randy Bush ra...@psg.com wrote:
jeff, i do not disagree that running an irr instance with only mail-from
is s 1980s. and, as mans points out, there is free software out
there to do it (i recommend irrd). but i do not see good cause for arin
to spend
On Sun, Jan 9, 2011 at 7:33 PM, John Curran jcur...@arin.net wrote:
My reason for responding is simply to make sure that ARIN is doing
what the community wants. I won't deny that this may take some time
depending on exactly what is involved, but in my mind that is far
better than not fixing
On Sun, Jan 9, 2011 at 10:47 PM, John Curran jcur...@arin.net wrote:
Jeff - ARIN does indeed have folks who worry about whether the policy
development process is being followed. We also have folks who actually
implement the policy and issue number resources.
And we all agree that this is
On Sat, Jan 8, 2011 at 2:47 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
I don't think rr.arin.net and RPKI have anything to do with each
other. I think the direction the RPKI should/is taking is to have the
I at least think that whatever future and time-table is planned for
RPKI, this
On Thu, Jan 6, 2011 at 2:42 AM, Joel Jaeggli joe...@bogus.com wrote:
icmp6 rate limiting both reciept and origination is not rocket science.
The attack that's being described wasn't exactly dreamed up last week,
is as observed not unique to ipv6, and can be mitigated.
That does not solve the
On Thu, Jan 6, 2011 at 7:34 AM, Robert E. Seastrom r...@seastrom.com wrote:
I continue to believe that the allocate the /64, configure the /127
as a workaround for the router vendors' unevolved designs approach,
As a point of information, I notice that Level3 has deployed without
doing this,
On Thu, Jan 6, 2011 at 5:00 PM, Deepak Jain dee...@ai.net wrote:
As far as I can tell, this crippling of the address space is completely
reversible, it's a reasonable step forward and the only operational loss is
you can't do all the address jumping and obfuscation people like to talk
On Thu, Jan 6, 2011 at 8:04 PM, Jimmy Hess mysi...@gmail.com wrote:
It is advisable to look for much stronger reasons than With
IPv4 we did it or With IPv4 we ran into such and such
problem due to unique characteristics of IPv4 addressing
or other IPv4 conventions that had to continue to
On Thu, Jan 6, 2011 at 8:47 PM, Owen DeLong o...@delong.com wrote:
1. Block packets destined for your point-to-point links at your
borders. There's no legitimate reason someone should be
Most networks do not do this today. Whether or not that is wise is
questionable, but I don't
On Thu, Jan 6, 2011 at 9:31 PM, Owen DeLong o...@delong.com wrote:
You must understand that policing will not stop the NDCache from
becoming full almost instantly under an attack. Since the largest
existing routers have about 100k entries at most, an attack can fill
that up in *one second.*
On Thu, Jan 6, 2011 at 9:24 PM, Joe Greco jgr...@ns.sol.net wrote:
With today's implementations of things? Perhaps. However, you
show yourself equally incapable of grasping the real problem by
looking at the broader picture, and recognizing that problematic
issues such as finding hosts on a
On Wed, Jan 5, 2011 at 3:31 AM, Mohacsi Janos moha...@niif.hu wrote:
Do you have some methods in your mind to resolve ARP/ND overflow
problem? I think limiting mac address per port on switches both efficient on
IPv4 and IPv6. Equivalent of DHCP snooping and Dynamic ARP Inspection should
On Wed, Jan 5, 2011 at 9:39 AM, Iljitsch van Beijnum iljit...@muada.com wrote:
that a lot of smart people agree is a serious design flaw in any IPv6
network where /64 LANs are used
It's not a design flaw, it's an implementation flaw. The same one that's in
ARP (or maybe RFC 894 wasn't
On Wed, Jan 5, 2011 at 11:26 AM, Jon Lewis jle...@lewis.org wrote:
Anyone here use AltDB? It seems their servers have been down for two days.
Can anyone from Level3 say how this will impact customer BGP filters. Will
L3 keep working with the last data sync they got from altdb? I'm guessing
On Wed, Jan 5, 2011 at 12:04 PM, Joel Jaeggli joe...@bogus.com wrote:
no it isn't, if you've ever had your juniper router become unavailable
because the arp policer caused it to start ignoring updates, or seen
systems become unavailable due to an arp storm you'd know that you can
abuse arp on
On Wed, Jan 5, 2011 at 12:26 PM, Phil Regnauld regna...@nsrc.org wrote:
Jeff Wheeler (jsw) writes:
Not good, but also does not affect any other interfaces on the router.
You're assuming that all routing devices have per-interface ARP tables.
No, Phil, I am assuming that the routing
On Wed, Jan 5, 2011 at 1:02 PM, TJ trej...@gmail.com wrote:
Many would argue that the version of IP is irrelevant, if you are permitting
external hosts the ability to scan your internal network in an unrestricted
fashion (no stateful filtering or rate limiting) you have already lost, you
How
On Wed, Jan 5, 2011 at 8:57 PM, Joe Greco jgr...@ns.sol.net wrote:
This is a much smaller issue with IPv4 ARP, because routers generally
have very generous hardware ARP tables in comparison to the typical
size of an IPv4 subnet.
no it isn't, if you've ever had your juniper router become
On Thu, Jan 6, 2011 at 12:17 AM, Joe Greco jgr...@ns.sol.net wrote:
However, that's not the only potential use! A client that initiates
each new outbound connection from a different IP address is doing
something Really Good.
No, Joe, it is not doing anything Good. This would require the
On Thu, Jan 6, 2011 at 12:54 AM, Joe Greco jgr...@ns.sol.net wrote:
I'm starting off with the assumption that knowledge of the host
address *might* be something of value. If it isn't, no harm done.
If it is, and the address becomes virtually impossible to find, then
we've just defeated an
On Tue, Jan 4, 2011 at 11:35 PM, Kevin Oberman ober...@es.net wrote:
The PDF is available at:
I notice that this document, in its nearly 200 pages, makes only
casual mention of ARP/NDP table overflow attacks, which may be among
the first real DoS challenges production IPv6 networks, and
On Wed, Dec 22, 2010 at 2:24 AM, Pekka Savola pek...@netcore.fi wrote:
'Maximum Prefix Length' may be an over-simplifying metric. FWIW, we're
certainly not a major transit provider, but we do allow /48 in the
designated PI ranges but not in the PA ranges. So the question is not
necessarily
I could not find this information on any Wikis, but this is the sort
of thing that would be nice to be able to find out without posting on
the list or asking around (obviously.) I have quickly made a couple
of entries with simple enough formatting that anyone can go onto
Wikipedia, click Edit,
On Sun, Dec 19, 2010 at 8:48 PM, Richard A Steenbergen r...@e-gerbil.net
wrote:
Running a wire to everyone's house is a natural monopoly. It just
doesn't make sense, financially or technically, to try and manage 50
different companies all trying to install 50 different wires into every
house
On Fri, Dec 17, 2010 at 12:15 PM, Benson Schliesser
bens...@queuefull.net wrote:
I have no direct knowledge of the situation, but my guess: I suspect the
proposal was along the lines of longest-path / best-exit routing by Level(3).
In other words, if L(3) carries the traffic (most of the
On Fri, Dec 17, 2010 at 12:48 PM, Richard A Steenbergen
r...@e-gerbil.net wrote:
advertising MEDs, or by sending inconsistent routes. The fact that the
existing Level3/Comcast routing DOESN'T make Level 3 haul all of the
bits to the best exit mean it's highly likely that Comcast agreeing to
On Thu, Dec 16, 2010 at 12:15 PM, Dave Temkin dav...@gmail.com wrote:
I disagree. Even at $1/Mbit and 6Tbit of traffic (they do more), that's
still $72M/year in revenue that they weren't recognizing before. Given that
that traffic was actually *costing* them money to absorb before, turning
On Thu, Dec 16, 2010 at 1:53 PM, Dave Temkin dav...@gmail.com wrote:
I do. And yes, they are happy to fuck with a billion dollar a month
revenue stream (that happens to be low margin) in order to set a precedent
so that when traffic is 60Tbit instead of 6Tbit, across the *same* customer
We
On Fri, Dec 17, 2010 at 12:26 AM, Jay Ashworth j...@baylink.com wrote:
the 80s when that practice got started -- having to account for each
individual subscriber pushed the complexity up, in much the same way
that flat rate telecom services are popular equally because customers
prefer them,
Invisible Hand Networks was really meant to be a spot market. The
same problem exists with bandwidth spot markets that always has
existed, the cost of ports to maintain sufficient capacity to the
exchange, and the lack of critical mass, meaning that the spot
bandwidth is either pretty expensive,
On Wed, Dec 15, 2010 at 5:47 PM, Adam Rothschild asr+na...@latency.net wrote:
I don't see how this point, however valid, should factor into the
discussion. Missing from this thread is that Comcast's topology and
economics for hauling bits between a neutral collocation facility and
broadband
A read through this New York Times article on derivatives clearing,
and the exclusivity that big banks seek to maintain, would look very
much like an article on large-scale peering, to someone who is not
expert in both topics. The transit-free club and the derivatives
dealers club may have other
Could someone from Videotron contact me off-list?
--
Jeff S Wheeler j...@inconcepts.biz
Sr Network Operator / Innovative Network Concepts
How many networks already leak numerous unnecessary /24s to their
transit providers, who accept them (not having been asked to do
anything else), and contribute to table bloat? Quite a lot of
networks do this.
Imagine if there are many possible inter-domain routes that are being
filtered by
On Thu, Dec 2, 2010 at 3:38 PM, Seth Mattinen se...@rollernet.us wrote:
On 12/2/10 12:28 PM, Owen DeLong wrote:
You are assuming the absence of any of the following optimizations:
1. Multicast
Multicast is great for simulating old school broadcasting, but I don't
see how it can apply to
On Tue, Nov 30, 2010 at 9:12 PM, Richard A Steenbergen r...@e-gerbil.net
wrote:
uncongested access. This is the kind of action that virtually BEGS for
government involvement, which will probably end badly for all networks.
This depends on the eventual regulatory mechanism and the goals it
On Mon, Nov 29, 2010 at 11:20 PM, Leo Bicknell bickn...@ufp.org wrote:
I will be the first to advocate the government use minimal to no
regulation where there is active competition and consumer choice,
and thus folks can vote with their dollars.
Broadband in the US is not in that boat. Too
101 - 156 of 156 matches
Mail list logo