Zayo owns what used to be Abovenet.
In my experience, your experience will vary from market to market,
depending on the network you're based on.
As of late, we've had repeated capacity issues and packet loss in the San
Francisco Bay Area, however other metros have been perfectly stable.
On Wed,
On Wed, Oct 15, 2014 at 12:38 PM, Colton Conor colton.co...@gmail.com wrote:
So based on the response I have received so far it seems cable was a
complicated example with service flows involved. What if we are talking
about something simpler like keeping track of how much data flows in and
out
An Anycasting node. For example, as part of a reliable DNS service.
A /24 is usually the smallest prefix length that is portably accepted.
Also, applications where connections need to appear to be coming from many
source IPs.
On Saturday, July 19, 2014, Suresh Ramasubramanian ops.li...@gmail.com
and Dynamips, or some Linux VMs with Quagga or BIRD.
On Sat, Jul 19, 2014 at 10:06 AM, Jonathan Lassoff j...@thejof.com wrote:
An Anycasting node. For example, as part of a reliable DNS service.
A /24 is usually the smallest prefix length that is portably accepted.
Also, applications
Wow -- be careful playing with public eBGP sessions unless you know
what you're doing. It can affect the entire Internet.
Since you're just connecting to a single upstream ISP, you wont
qualify for a public AS number. So, you'll have to work with your
upstream ISP to agree on a private AS number
On Tue, Jun 24, 2014 at 12:59 AM, Pieter Hulshoff phuls...@aimvalley.nl wrote:
On 24-6-2014 8:37, Saku Ytti wrote:
On (2014-06-23 11:13 +0200), Pieter Hulshoff wrote:
feature and market information for such a device, and I would welcome
some
feedback from interested people. Discussion about
Peter, it's a bit difficult to tell what's going on without seeing the
rest of the syslog-ng configuration and your script's source code.
However, a couple possibilities come to mind:
- Your script is only reading one line at a time. syslog-ng starts a
program() output persistently and expects
For testing, I've had good luck with
https://github.com/titanous/heartbleeder and
https://gist.github.com/takeshixx/10107280
Both are mostly platform-independent, so they should be able to work even
if you don't have a modern OpenSSL to test with.
Cheers and good luck (you're going to need it),
This is going to be tricky to do, as DNS packets don't necessarily contain
entire query values or FQDNs as complete strings due to packet label
compression (remember, original DNS only has 512 bytes to work with).
You can use those u32 module matches to find some known-bad packets if
they're
Here's the FAQ on this topic:
https://support.google.com/websearch/answer/873?hl=en
It links to a contact form where you can ask for some redress.
Cheers,
jof
On Fri, Feb 7, 2014 at 7:20 AM, Praveen Unnikrishnan p...@pmgroupuk.comwrote:
Hi,
We are an ISP based in UK. We have got an ip
I don't understand why vendors and operators keep turning to TACACS. It
seems like they're often looking to Cisco as some paragon of best security
practices. It's a vulnerable protocol, but some times the only thing to
choose from.
One approach to secure devices that can support only TACACS or
The primary point of IPMI for most users is to be able to administer and
control the box when it's not running.
Using the host itself as a firewall is the quickest way to get that BMC
online, but it kinda defeats the purpose.
On Thu, Aug 15, 2013 at 7:46 PM, Jay Ashworth j...@baylink.com wrote:
Are you trying to block flows from becoming established, knowing what
you're looking for ahead of time, or are you looking to examine a
stream of flow establishments, and will snipe off some flows once
you've determined that they should be blocked?
If you know a 5-tuple (src/dst IP, IP protocol,
within a single packet;
this doesn't do L4 stream reconstruction.
You can do some incredibly-parallel stuff with ntop's PF_RING code, if
you blow more traffic through a single core than it can chew through.
It all depends on what you're trying to do.
--j
On Thu, Jun 13, 2013 at 3:11 PM, Jonathan
Logstash and Splunk are both wonderful, in my experience.
What sets them apart from just a plain grep(1) is that they build an
index that points keywords to to logging events (lines).
What if you're looking for events related to a specific interface or LSP?
Not a problem with a modest log
Agreed. I can already pretty much just assume this widespread
surveillance is going on.
The Bluffdale, Utah facility isn't being built to store nothing.
It's happening whether we like it or not.
When I care about my privacy, I know that I have to take matters into
my own hands.
GnuPG and TLS are
I could suggest a few places. Might want to call ahead to make sure
they'll have what you need:
- Central Computer. Has locations in San Francisco and San Mateo. SF
maybe closer, but will take longer with traffic and parking.
-- http://www.centralcomputers.com/commerce/misc/sanfrancisco.jsp
--
Those are some truly perplexing graphs. Quite strange that it appears
linear, as if something is slightly changing over time or
growing/shrinking at a constant-ish rate.
Do you have throughput or PPS graphs for the intermediate links as
well? Any similar correlations in the derivative slope?
My
I'm not sure of your specific application, but it sounds to me like
netflow/sflow exports would be the most scalable way to do this.
For small applications, ntop or bandwidthd can do this.
http://www.ntop.org/products/ntop/
http://bandwidthd.sourceforge.net/
Cheers,
jof
On Mon, Apr 8, 2013 at
Personally, I would just use BGP on a PC to collect this information.
Place some import/input policy on your eBGP sessions on your edge
routers to add communities to the routes such that you can recognize
which peers gave you the route.
Then, use an iBGP session to a BIRD or Quagga instance from
I would think that in such a deployment scenario, microtrenching might
not be the best bet.
Part of the appeal (IMO) of microtrenching in existing pavement is
that once filled, the pavement slab provides for some protection and
rigidity.
If making a small trench into packed dirt, you're much more
My hunch is that this is fallout and repairs from Juniper PR839412.
Only fix is an upgrade. Not sure why they're not able to do a hitless
upgrade though; that's unfortunate.
Specially-crafted TCP packets that can get past RE/loopback filters
can crash the box.
--j
On Tue, Feb 5, 2013 at 7:39
on my part; I don't know their
network from an internal perspective.
--j
Should an upgrade be performed? Yes, but certainly doesn't have to have
right away or without notice to customers.
On Tue, Feb 5, 2013 at 11:23 AM, Jonathan Lassoff j...@thejof.com wrote:
My hunch is that this is fallout
These appear to be an anycasted service, as I reach different destinations
based on my source address.
Hopefully each deployment has unique origin IPs for their recursive queries.
I would recommend against looking at RIR registration data to determine IP
location. There's often little to no
On Tue, Feb 5, 2013 at 1:10 PM, Jonathan Lassoff j...@thejof.com wrote:
These appear to be an anycasted service, as I reach different destinations
based on my source address.
Hopefully each deployment has unique origin IPs for their recursive
queries.
Just confirmed
On Thu, Nov 8, 2012 at 8:13 PM, Mikael Abrahamsson swm...@swm.pp.se wrote:
On Thu, 8 Nov 2012, Phil wrote:
The major vendors have figured it out for the most part by moving to
stateful synchronization between control plane modules and implementing
non-stop routing.
NSR isn't ISSU.
ISSU
On Sun, Oct 14, 2012 at 1:59 PM, Jonathan Rogers quantumf...@gmail.com wrote:
Gentlemen,
An issue has come up in my organization recently with rogue access points.
So far it has manifested itself two ways:
1. A WAP that was set up specifically to be transparent and provided
unprotected
On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson ag4ve...@gmail.com wrote:
in the past, i've done many different things to create entropy -
encode videos, watch youtube, tcpdump -vvv /dev/null, compiled a
kernel. but, what is best? just whatever gets your cpu to peak or are
some tasks better
On Thu, Oct 11, 2012 at 5:20 PM, Jimmy Hess mysi...@gmail.com wrote:
On 10/11/12, shawn wilson ag4ve...@gmail.com wrote:
in the past, i've done many different things to create entropy -
encode videos, watch youtube, tcpdump -vvv /dev/null, compiled a
kernel. but, what is best? just whatever
On Thu, Sep 6, 2012 at 7:55 AM, u...@3.am wrote:
A while back we had a customer colocated vpn router (2911) come in and we put
it
on our main vlan for initial set up and testing. Once that was done, I
created a
separate VLAN for them and a dot1q subinterface on an older, somewhat
On Wed, Jul 18, 2012 at 8:43 AM, Chris Grundemann cgrundem...@gmail.com wrote:
I am currently working on a BCOP for IPv6 Peering and Transit and
would very much appreciate some expert information on why using
PeeringDB is a best practice (or why its not). All opinions are
welcome, but be aware
On Wed, Jul 18, 2012 at 9:59 AM, Zaid Ali z...@zaidali.com wrote:
The goal is Source of truth for any peer to know information at the
Exchange points as well as peering coordinator information. I think it is
a great tool for the peering community and definitely useful. Cons: Will
it be the
On Thu, Jun 28, 2012 at 1:50 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
of course, but you aren't supposed to be doing that on their network
anyway... so says the nice man from sprint 4 nanogs ago.
That, and if you are tunneling in, it's good practice to forward over
any DNS traffic
On Sat, May 19, 2012 at 3:23 AM, Anurag Bhatia m...@anuragbhatia.com wrote:
Was wondering if there's anyone from Server Beach/Peer1 here. We have a
dedicated server with them which we primarily use for DNS. I am adding
support for anycasting on that one but seems like Peer1 is not supporting
On Wed, Apr 25, 2012 at 8:46 AM, Kenneth McRae
kenneth.mc...@dreamhost.comwrote:
I have never provided the names of end users.. How the address space
would be utilized? Definitely.. But not the names of end users...
Probably because you are an end user.
If you're talking about AS26347, I
On Tue, Apr 24, 2012 at 10:32 AM, ad...@thecpaneladmin.com wrote:
Anyone have any tips for getting IPs from ARIN? For an end-user allocation
they are requesting that we provide customer names for existing allocations,
which is information that will take a while to obtain. They are insisting
On Tue, Apr 24, 2012 at 11:14 AM, Owen DeLong o...@delong.com wrote:
That's not entirely true. What you say applies to one possible way for an
ISP to get an allocation. It does not apply at all to end-users.
Even for end-user allocations, they would still need to fulfill the
requirements of
On Sun, Apr 22, 2012 at 9:05 PM, Md.Jahangir Hossain
jrjahan...@gmail.com wrote:
Dear valued member:
Wishes all are fine.
i need suggestion from you about Juniper MX10 router performance. i want
to buy this router for IP Transit provider where i received all global
routes .
Do you
On Sun, Apr 22, 2012 at 9:48 PM, Md.Jahangir Hossain
jrjahan...@gmail.com wrote:
Thanks jonathan for your reply .
Actually i have not specific question , i need suggestion about this product
if i purchase this as IP Transit provider.
Only someone with the knowledge of your business and
On Thu, Mar 29, 2012 at 12:33 PM, Oliver Garraux oli...@g.garraux.net wrote:
I was at Ubiquiti's conference. I don't disagree with what you're
saying. Ubiquiti's take on it seemed to be that 24 Ghz would likely
never be used to the extent that 2.4 / 5.8 is. They are seeing 24 Ghz
as only
On Thu, Mar 29, 2012 at 2:37 PM, Joel jaeggli joe...@bogus.com wrote:
Cost will continue to drop, fact of the matter is the beam width is
rather narrow and they attenuate rather well so you can have a fair
number of them deployed without co-channel interference. if you pack a
tower full of
On Sat, Mar 10, 2012 at 10:45 AM, Bill Woodcock wo...@pch.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mar 10, 2012, at 8:05 AM, Suresh Ramasubramanian wrote:
Sure, if you can find a datacenter that's capable of handling all the
traffic, and has staff who are able to
On Fri, Feb 17, 2012 at 10:35 AM, Jay Ashworth j...@baylink.com wrote:
Please post your top 3 favorite components/parts you'd like to see in a
vending machine at your colo; please be as specific as possible; don't
let vendor specificity scare you off.
This is a riot! I'd love to have something
On Fri, Feb 17, 2012 at 10:55 AM, Leo Bicknell bickn...@ufp.org wrote:
In a message written on Fri, Feb 17, 2012 at 01:35:15PM -0500, Jay Ashworth
wrote:
Please post your top 3 favorite components/parts you'd like to see in a
vending machine at your colo; please be as specific as possible;
On Wed, Feb 15, 2012 at 8:13 PM, Jeremy jba...@gmail.com wrote:
I'm doing some research on 802.11 quality of service, congestion control,
etc. I'm trying to find some information on the Point Coordination
Function, a polling based access control method, but I'm having a hard time
finding much
On Wed, Feb 15, 2012 at 7:50 PM, Faisal Imtiaz fai...@snappydsl.net wrote:
Is that because of Channel Spacing ? or some other reason ?
I would presume channel spacing. In FCC-land, there are only 3
non-overlapping 20 Mhz bandwidths available.
--j
On Wed, Feb 15, 2012 at 8:41 PM, Joel jaeggli joe...@bogus.com wrote:
On 2/15/12 20:14 , Mario Eirea wrote:
This is my guess too, i guess there is some bleed over from their antenna
arrays.
Even the most directional sector antenna in the world has a back lobe...
and there there's the
On Tue, Feb 7, 2012 at 11:19 AM, Arzhel Younsi xio...@gmail.com wrote:
Xirrus say that they can support 640 clients with this device:
http://www.xirrus.com/Products/Wireless-Arrays/XR-Series/XR-4000-Series
I heard about it a couple weeks ago, didn't try it yet.
That's a pretty neat product --
On Tue, Jan 31, 2012 at 10:19 AM, Grant Ridder shortdudey...@gmail.com wrote:
Hi,
What is keeping you from advertising a more specific route (i.e /25's)?
Most large transits and NSPs filter out prefixes more specific than a /24.
Conventionally, at least in my experience, /24's are the
On Tue, Jan 31, 2012 at 10:00 AM, Kelvin Williams
kwilli...@altuscgi.com wrote:
We've been in a 12+ hour ordeal requesting that AS19181 (Cavecreek Internet
Exchange) immediately filter out network blocks that are being advertised
by ASAS33611 (SBJ Media, LLC) who provided to them a forged LOA.
On Mon, Jan 30, 2012 at 12:46 PM, Jim Gonzalez j...@impactbusiness.com wrote:
Hi,
I am looking for a Wireless bridge or Router that will
support 600 wireless clients concurrently (mostly cell phones). I need it
for a proof of concept.
I've had some great luck with a variety
On Mon, Jan 23, 2012 at 12:46 PM, Eric C. Miller e...@ericheather.com wrote:
Hi all,
I'm looking for a best practice sort of answer, plus maybe comments on why
your network may or may not follow this.
First, when running a small ISP with about the equivilent of a /18 or /19 in
different
On Wed, Jan 18, 2012 at 5:58 AM, Deric Kwok deric.kwok2...@gmail.com wrote:
ls it supporting equally multipath in different bgp connections?
Most software routing protocols have support for this in their RIBs,
but the actual forwarding ability of the underlying kernel will
determine the support
On Sun, Jan 15, 2012 at 3:36 PM, Greg Ihnen os10ru...@gmail.com wrote:
Since we're already top-posting…
I've heard a lot of talk on the WISPA (wireless ISP) forum that 802.11g/n
starts to fall apart with more than 30 clients associated if they're all
reasonably active. I believe this is a
On Thu, Jan 12, 2012 at 1:02 PM, Paul Stewart p...@paulstewart.org wrote:
Hey folks. just curious what people are using for automating updates to
Linux boxes?
Today, we manually do YUM updates to all the CentOS servers . just an
example but a good one. I have heard there are some open
On Tue, Jan 10, 2012 at 2:43 PM, Deric Kwok deric.kwok2...@gmail.comwrote:
Hi all
When we get newip, we should let the upstream know to expor it as
there should have rule in their side.
how about upstream provider, does they need to let their all bgp
interconnect to know those our newip?
On Sat, Dec 24, 2011 at 6:48 AM, Glen Kent glen.k...@gmail.com wrote:
SLAAC only works with /64 - yes - but only if it runs on Ethernet-like
Interface ID's of 64bit length (RFC2464).
Ok, the last 64 bits of the 128 bit address identifies an Interface ID
which is uniquely derived from the
The best applications for analyzing paths, that I've seen, have been
in-house development projects. So, admittedly, I don't have much experience
with commercial products for route optimization.
Projects I've seen that analyze best paths to Internet destinations via
multiple ISPs add
On Sat, Dec 10, 2011 at 11:49 AM, NetSecGuy netsec...@gmail.com wrote:
I have a Linode VPS in Japan that I can't access from Verizon FIOS,
but can access from other locations. I'm not sure who to blame.
The host, 106.187.34.33, is behind the gateway 106.187.34.1:
From FIOS to 106.187.34.1
I would argue that collapsing all of your policy evaluation and routing for
a size/zone/area/whatever into one box is actually somewhat detrimental to
stability (and consequently, security to a certain extent).
Cramming every little feature under the sun into one appliance makes for
great glossy
On Mon, Nov 28, 2011 at 10:43 PM, valdis.kletni...@vt.edu wrote:
On Tue, 29 Nov 2011 00:15:02 EST, Jeff Wheeler said:
Owen and I have discussed this in great detail off-list. Nearly every
time this topic comes up, he posts in public that neighbor table
exhaustion is a non-issue. I
On Sat, Nov 19, 2011 at 4:51 PM, Duane Toler deto...@gmail.com wrote:
Hey NANOG!
My employer is deploying CIsco ASA firewalls to our clients
(specifically the 5505, 5510 for our smaller clients). We are having
problems finding a decent log viewer. Several products seem to mean
well, but
On Sat, Nov 19, 2011 at 5:32 PM, Duane Toler deto...@gmail.com wrote:
On Sat, Nov 19, 2011 at 20:04, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Duane Toler deto...@gmail.com
My employer is deploying CIsco ASA firewalls to our clients
(specifically the 5505,
On Sat, Nov 19, 2011 at 5:46 PM, Duane Toler deto...@gmail.com wrote:
On Sat, Nov 19, 2011 at 20:30, Jonathan Lassoff j...@thejof.com wrote:
On Sat, Nov 19, 2011 at 4:51 PM, Duane Toler deto...@gmail.com wrote:
Hey NANOG!
My employer is deploying CIsco ASA firewalls to our clients
On Mon, Nov 14, 2011 at 7:12 AM, Jon Lewis jle...@lewis.org wrote:
On Mon, 14 Nov 2011, Sam (Walter) Gailey wrote:
My question is this; Is there an appropriate standard to specify for
fiber-optic cabling that if it is followed the fiber will be installed
correctly? Would specifying TIA/EIA
On Wed, Nov 9, 2011 at 12:44 PM, Nick Hilliard n...@foobar.org wrote:
On 09/11/2011 19:07, C. Jon Larsen wrote:
put the main portion of the conf in subversion as an include file and
factor out local differences in the configs with macros that are defined
in
pf.conf
Easy.
As I said, it's
On Wed, Nov 9, 2011 at 5:24 AM, Nick Hilliard n...@foobar.org wrote:
On 09/11/2011 12:22, Richard Kulawiec wrote:
You will find it very difficult to beat pf on OpenBSD for efficiency,
features, flexibility, robustness, and security. Maintenance is very
easy: edit a configuration file, reload,
It really depends on what constraints you have. Do you care about:
cost? performance? support?
Personally, for cost-constrained applications of 1 Gbit/s or less
(assuming modestly-sized packets, not all-DNS for example), I like
OpenBSD/pf or Linux/netfilter and generic x86 64-bit servers.
It's
On Mon, May 23, 2011 at 4:39 PM, Ryan Rawdon r...@u13.net wrote:
I've heard some mixed reports of XO's IPv6 availability - some that they have
full deployment/availability, but others like the answer back from our XO
reseller that XO does not offer IPv6 on circuits under 45mbit/s.
What is
Excerpts from John Peach's message of Sun Apr 04 08:17:28 -0700 2010:
On Sun, 4 Apr 2010 11:10:56 -0400
David Andersen d...@cs.cmu.edu wrote:
There are some classical cases of assigning the same MAC address to every
machine in a batch, resetting the counter used to number them, etc.;
Excerpts from Jaren Angerbauer's message of Thu Mar 18 09:22:40 -0700 2010:
Thanks all for the on / off list responses on this. I acknowledge I'm
playing in territory I'm not familiar with, and was a bad idea to jump
to the conclusion that this range was private. I made that assumption
Excerpts from Charles Wyble's message of Thu Dec 03 10:44:49 -0800 2009:
8.8.8.8 6.6.6.6 would have been really really funny. :)
Nice IPs from Level 3, huh?
6.6.6.6 belongs to the US Army.
--j
Excerpts from David Coulson's message of Thu Nov 12 13:07:35 -0800 2009:
You could route /32s within your L3 environment, or maybe even leverage
something like VPLS - Not sure of any TOR-level switches that MPLS
pseudowire a port into a VPLS cloud though.
I was recently looking into this
premium rates, do not.
Cordially
Patrick Giagnocavo
[EMAIL PROTECTED]
--
Jonathan Lassoff
echo thejof | sed 's/^/jof@/;s/$/.com/'
http://thejof.com
GPG: 0xC8579EE5
74 matches
Mail list logo