Linux-running SFPs [Was: Re: ONTs]

On 14/1/22 2:45 am, Dave Taht wrote: Thx. I started a thread over on the cerowrt-devel mailing list on this, it was cool to find several linux based SFPs worth playing with, Finding a set of "common" ONTs worth configuring in a way more suited for an fq_codel'd router (and especially not using

Re: Fiber Network Equipment Commercial Norms

On 23/9/21 3:01 am, Grant Taylor via NANOG wrote: > On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote: >> Half-penny pinching “mah powah” landlords are especially annoying in a >> cosmic sense > > I know someone who had a bit of a different experience. > > Someone, purportedly

Re: Malicious SS7 activity and why SMS should never by used for 2FA

On 19/4/21 2:36 pm, Mark Tinka wrote: > On 4/19/21 05:05, Eric Kuhnke wrote: [...] >> In the pre covid19 era when people were actually traveling places, >> imagine you've had reason to go somewhere weird and need access to a >> thing (such as your online banking, perhaps?) protected by SMS 2FA,

Re: Time to validate the TLS configuration on your SMTP servers (was: Re: AS5 ipv6 hijack?)

A slightly nicer tool than just using "openssl s_client" is testssl.sh, handles STARTTLS and some other non-trivial cases. https://testssl.sh/ Back when I first used it I did read the source, these days at ~650k of shell script, that's a little less practical. On 12/4/21 10:58 pm, Bjørn Mork

Re: BGP over TLS

On 22/10/19 5:42 am, Jakob Heitz (jheitz) via NANOG wrote: > The article linked says no mainstream BGP implementation supports TCP-AO. > IOS-XE and IOS-XR support it. > > While I do not represent the Cisco view, personally I like the idea of BGP > over TLS. Excellent, that's news to me. I had

Re: BGP over TLS

On 22/10/19 4:04 am, Jared Mauch wrote: > > >> On Oct 21, 2019, at 12:30 PM, Joe Abley wrote: >> >> On 21 Oct 2019, at 12:05, Keith Medcalf wrote: >> >>> On Monday, 21 October, 2019 09:44, Robert McKay wrote: >>> The MD5 authentication is built into TCP options.. not obvious how you

Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing")

On 21/10/19 6:30 pm, Bjørn Mork wrote: > Christopher Morrow writes: > >> isn't julien's idea more akin to DOT then DOH ? > > Yes, and I really like Julien's proposal. It even looks pretty > complete. There are just a few details missing around how to make the > MD5 => TLS transition

Re: "Using Cloud Resources to Dramatically Improve Internet Routing"

On 20/10/19 11:08 pm, Bjørn Mork wrote: > Hank Nussbacher writes: >> On 07/10/2019 17:42, Stephane Bortzmeyer wrote: >>> On Fri, Oct 04, 2019 at 03:52:26PM -0400, >>> Phil Pishioneri wrote >>> a message of 9 lines which said: >>> Using Cloud Resources to Dramatically Improve Internet

Re: looking for hostname router identifier validation

On 30/4/19 10:38 am, Chris Adams wrote: > I still refer to ASes by companies that haven't existed in ages... 701 > is UUNet, 3561 is MCI, 1 is BBN, etc. :) I don't handle name changes > well (I also refer to one of the main roads where I live by a name it > hasn't had in close to 20 years). This

Re: Did IPv6 between HE and Google ever get resolved?

On 1/4/19 11:25 pm, Robert Webb wrote: > Maybe I am just a tad bit illiterate on the the way a word on that cake > can be spelled/used, but maybe Cogent doesn't want to peer with a > provider that cannot spell  :-\ I like that theory. Explains why they don't peer with Google ("googol" being

Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

On 27/2/19 3:10 am, John Levine wrote: > In article you write: >> We need to get switched over to DANE as quickly as possible, and stop >> wasting effort trying to keep the CA system alive with >> ever-hackier band-aids. > > What's the DANE version of a green-bar cert? You mean the EV

Re: Calling LinkedIn, Amazon and Akamai @ DE-CIX NY

On 1/2/19 1:31 pm, Niels Bakker wrote: > * br...@shout.net (Bryan Holloway) [Fri 01 Feb 2019, 02:00 CET]: >> What do IXes do (or can do) to enforce the completion of a renumbering? > - Be ready to move ports to a quarantine VLAN when they haven't > renumbered in time, despite those previously

Re: Calling LinkedIn, Amazon and Akamai @ DE-CIX NY

On 31/1/19 7:08 pm, Mark Tinka wrote: > I believe most exchange points maintain both route servers and route > collectors. > > Generally, most peers will connect to the RS, but not all. As you > mention, some may connect but not send any routes. > > However, I believe all peers will connect to

Re: Brocade SLX Internet Edge

On 01/11/18 09:55, Brandon Martin wrote: > On 10/31/18 6:37 PM, Christopher Morrow wrote: >> If you buy brocade, be sure to also by a license for securecrt so that >> backspace works over ssh... >> also, just don't do brocade... ever. > > Works fine for me using OpenSSH in most Linux-y terminal

Re: Proving Gig Speed

On 19/07/18 00:27, Mark Tinka wrote: > All the peering in the world doesn't help if the latency is well over > 100ms+. That's what we need to fix. Living in Australia this is an every day experience, especially for content served out of Europe (or for that matter, Africa). TCP & below are rarely

Re: Internet topology resources

On 27/04/18 04:33, Timothy Manito via NANOG wrote: > Is this some sort of BGP AS Path Visualization like what ThousandEyes are > doing? I wrote something like that last year using all AS15169 peerings, sourcing data from BMP, then rendering out all the various paths just using graphviz. The most

Re: AS Numbers unused/sitting for long periods of time

Internet Exchange route servers would be another case that would appear unused to the broader internet, but shouldn't use a private ASN. On 03/01/18 14:40, Christopher Morrow wrote: > On Tue, Jan 2, 2018 at 5:46 PM, James Breeden wrote: > >> >> I'm amazed at the number of

Re: aggregate6 - a fast versatile prefix list compressor

On 01/12/17 07:27, Job Snijders wrote: > Someone suggested I should clarify what 'aggregate6' actually does :-) > > aggregate6 takes a list of IPv4 and/or IPv6 prefixes in conventional > format, and performs two optimisations to attempt to reduce the length > of the prefix list. > > The first

Re: Best way to San Jose Fairmont from SFO?

On 29/09/17 06:47, Bob Evans wrote: > Train and Bus travel is not worth considering. However, there are airport > shuttle van services like supershuttle 4-5 passengers being dropped off on > your way south. I'm arriving on Sunday morning, so have plenty of time, and will take Caltrain down (BART

Re: Verizon 701 Route leak?

On 28/08/17 18:34, Job Snijders wrote: > Finally, it may be worthwhile exploring if we can standardize and > promote maximum prefix limits applied on the the _sending_ side. This > way you protect your neighbor (and the Internet at large) by > self-destructing when you inadvertently announce more

Re: phone fun, was GeoIP database issues and the real world consequences

On 27/04/16 09:16, Owen DeLong wrote: > One thing I always found particularly amusing was that it used to be a toll > call to call from San Jose East (408238) to Sunnyvale (I forget the NPA/NXX), > but that there were several prefixes in San Jose West (e.g. 408360 IIRC) > where it was free to

Re: Peering Exchange

On 27/01/16 06:30, Mike Hammett wrote: Google or Facebook are exactly who you would want to connect with and I'm fairly sure they're on the route servers. Google (AS15169) should be present on route servers at all exchanges they're present at that have them. Generally as missing cases are

Re: NTP versions in production use?

On 12/07/15 13:17, Harlan Stenn wrote: Dovid, Thanks, and I'm kinda stunned that folks are running such ancient versions of NTP. https://support.ntp.org/bin/view/Dev/ReleaseTimeline 4.2.0 was EOL'd in June of 2006, and we've fixed about 3,000 issues in the codebase since then. Juniper have

Re: Hotels/Airports with IPv6

On 11/07/15 08:25, Shane Ronan wrote: 1.1.1.1 is usually a good bet Sadly yes, even though it's valid public IP space Cisco still have it documented as their suggested captive portal address. Despite it (and 1.2.3.0/24) being advertised by $ORK for years at this point on behalf of APNIC.

Re: Carrier Grade NAT

On 29/07/14 22:22, Owen DeLong wrote: On Jul 29, 2014, at 4:13 PM, Mark Andrews ma...@isc.org wrote: In message 20140729225352.go7...@hezmatt.org, Matt Palmer writes: On Wed, Jul 30, 2014 at 09:28:53AM +1200, Tony Wicks wrote: 2. IPv6 is nice (dual stack) but the internet without IPv4 is not a

Re: Verizon Public Policy on Netflix

On 15/07/14 10:39, Matt Palmer wrote: On Mon, Jul 14, 2014 at 10:25:22AM -0400, Jay Ashworth wrote: - Original Message - From: Matthew Petach mpet...@netflight.com It's now called Any2 Denver: Annoyingly enough, I can't find a street address for it anywhere among their literature.

Re: IPv6 at 50% for VZW (Re: NAT IP and Google)

On 23/05/14 11:21, Jared Mauch wrote: You can't cater to everyones broken network. I can't reach 1.1.1.1 from here either, but sometimes when I travel I can, even with TTL=1. At some point folks have to fix what's broken. 1.1.1.1 is not private IP space. BGP routing table entry for

Re: Pluggable Coherent DWDM 10Gig

On 26/04/14 16:02, Mikael Abrahamsson wrote: On Sat, 26 Apr 2014, Julien Goodwin wrote: But you'd never send it all the waves anyway, that's far too much loss across the band. Please elaborate. At 3dB loss per split you'd very quickly need additional amplification, at which point

Re: Pluggable Coherent DWDM 10Gig

On 26/04/14 14:00, Mikael Abrahamsson wrote: On Fri, 25 Apr 2014, Phil Bedard wrote: What are you trying to do? Why do you need the receive side to be tuned to a specific narrowband wavelength? Because he doesn't want to use filters. A coherent receiver s like a FM radio, you can tune

Re: Recommendation on NTP appliances/devices

On 04/04/14 17:29, Saku Ytti wrote: On (2014-04-03 21:25 -0700), Will Orton wrote: There are commercially available NTP servers with GPS + Rb oscillators... for NTP use you could basically let it sync up a couple days, disconnect the GPS and let it freerun. You'd still be within a

Re: Recommendation on NTP appliances/devices

On 04/04/14 10:16, Majdi S. Abbas wrote: On Thu, Apr 03, 2014 at 06:55:02PM -0400, David Hubbard wrote: Anyone have recommendations on NTP appliances; i.e. make, model, gps vs cell, etc.? Roof/outdoor/window access not available. Would ideally need to be able to handle bursts of up to a few

Re: Recommendation on NTP appliances/devices

On 04/04/14 21:48, Saku Ytti wrote: On (2014-04-04 20:37 +1100), Julien Goodwin wrote: Meinberg[0] pegs rubidium at ±8ms per year, if you need NTP to do say single direction backbone SLA measurement you want to have microsecond precision. Those two statements don't go together. Point I

Re: AW: 80 km BiDi XFPs

On 06/04/13 21:50, Thomas Weible - FLEXOPTIX wrote: Matt Addison [mailto:matt.addi...@lists.evilgeni.us] wrote: How much spare margin do you have? Could you roll your own with a pair of mismatched (C|D)WDM XFPs and a mux on each end? Typically you have 23dB powerbudget for the ZR (CWDM or

Re: Verizon DSL moving to CGN

On 07/04/13 12:11, Constantine A. Murenin wrote: On 6 April 2013 18:24, cb.list6 cb.li...@gmail.com wrote: Interesting. http://www22.verizon.com/support/residential/internet/highspeedinternet/networking/troubleshooting/portforwarding/123897.htm blockquote ... ...CGN will not impact the

Re: Device specifically made for high capacity GRE tunnels for dozens of sites

Another (somewhat cheaper) Juniper option if you meet its limits is the EX[34]200's which now do GRE in hardware: http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/gre-tunnel-services.html On 19/01/13 05:36, PC wrote: mx80 (or similar) or ASR. The MX would probably be my

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

On 15/12/12 06:03, Jean-Francois Mezei wrote: There are also a number of much older systems which no longer get software updates (such as VAX-VMS) so it is good practice to manually maintain the root.hints files so that over time, you don't accumulate more than a couple of disused root server

Re: Are people still building SONET networks from scratch?

On 07/09/12 02:38, Will Orton wrote: Having much more experience with ethernet/packet/MPLS setups, we are trying to get the client to admit that 1g/10g waves running ethernet with QoS would be as good as or better in terms of latency, jitter, and loss for their packet data. So far

Re: Network Storage

On 13/04/12 06:25, Maverick wrote: Can you please comment on what is best solution for storing network traffic. We have been graciously granted access by our network administrator to capture traffic but the one Tera byte disk space is no match with the data that we are seeing, so it fills up

Re: Cheap Juniper Gear for Lab

On 12/04/12 09:47, Robert E. Seastrom wrote: We tried running on 9.3 but - surprise - 9.3 won't do 32 bit ASNs. That came in 10.1 or something. As a member of the ARIN Advisory Council, I felt compelled to eat the same dog food that I was selling, and we found ourselves at an impasse. Er, I

Re: Cheap Juniper Gear for Lab

On 10/04/12 14:31, Steven King wrote: I am tasked with replacing an old linux router setup with Juniper gear in the near future. Though I am a Cisco guy myself. Does anyone know of any older cheap Juniper gear I might find on Ebay so that I may build a home lab without going broke? A

Re: Outdoor Wireless Access Point

On 01/04/12 09:49, valdis.kletni...@vt.edu wrote: On Sat, 31 Mar 2012 15:48:37 -0700, Network IP Dog said: I'm utterly amazed how many people give away free consultant work. A lot of us are quite busy with $DAYJOB and not in a position to take on a consulting engagement - and there's no good

Re: do not filter your customers

On 25/02/12 13:12, Dobbins, Roland wrote: On Feb 25, 2012, at 8:59 AM, Christopher Morrow wrote: max-prefix already exists... sometimes it works, sometimes it's a burden. Some sort of throttle - i.e., allow only X number of routing updates within Y number of [seconds? milliseconds? BGP

Re: WW: Colo Vending Machine

On 18/02/12 18:42, Matthew Palmer wrote: On Fri, Feb 17, 2012 at 05:39:34PM -0800, Owen DeLong wrote: In such cases, I will occasionally stop by the colo without going home to retrieve the laptop. 90% of the time it works out OK. 10% of the time I end up leaving the colo, going home,

Re: juniper mx80 vs cisco asr 1000

On 25/01/12 02:50, Matt Craig wrote: Actually something as an alternative to both I am researching is the Brocade MLX series. They have different, more efficient, and refreshing architecture; and phenomenal cost (half the cost of ASR1000/MX or less). Gonna do a trial shortly to see if it all

Re: Internet Edge Router replacement - IPv6 route table size considerations

On 09/03/11 11:57, Chris Enger wrote: I did look at a Juniper J6350, and the documentation states it can handle 400k routes with 1GB of memory, or 1 million with 2GB. However it doesn’t spell out how that is divvyed up between the two based on a profile setting or some other mechanism.

Re: Internet Edge Router replacement - IPv6 route table size considerations

On 09/03/11 12:08, Julien Goodwin wrote: On 09/03/11 11:57, Chris Enger wrote: I did look at a Juniper J6350, and the documentation states it can handle 400k routes with 1GB of memory, or 1 million with 2GB. However it doesn’t spell out how that is divvyed up between the two based

Re: Switch with 10 Gig and GRE support in hardware.

On 19/02/11 01:37, Jeffrey Lyon wrote: On Fri, Feb 18, 2011 at 9:30 AM, Matt Newsom matt.new...@rackspace.com wrote: I am looking for a switch with a minimum of 12 X 10GE ports on it, that can has routing protocol support and can do GRE in hardware. Does anyone have a

Re: NIST IPv6 document

On 06/01/11 16:01, John Levine wrote: Still, the idea that nobody will scan a /64 reminds me of the days when 640K ought to be enough for anybody, ... We really need to wrap our heads around the orders of magnitude involved here. If you could scan an address every nanosecond, which I think

Re: Token ring? topic hijack: was Re: Mystery open source switching

On 03/11/10 13:11, Express Web Systems wrote: The network I am using to compose and post this message right now is a coaxial Ethernet. MS Thick or Thin? Bonus points for 10-Base-5. Super bonus points (and presumably therapy) for 10-broad-36.

Re: Only 5x IPv4 /8 remaining at IANA

On 20/10/10 01:52, Matthew Walster wrote: No, and neither can anyone else... What's more is that they'll not use .0, .255, .1 (because apparently only routers are supposed to use that), .254 (who knows...) There's actually a good reason for that. MS Windows (at least 2k3 server) will simply

Re: RIP Justification

On 30/09/10 13:42, Mark Smith wrote: One of the large delays you see in OSPF is election of the designated router on multi-access links such as ethernets. As ethernet is being very commonly used for point-to-point non-edge links, you can eliminate that delay and also the corresponding network

Re: MPLS for IPv6

On 10/11/08 17:36, Miya Kohno wrote: with my vendor hat off... If we consider the phases in terms of IPv6 deployment, Ph-0: IPv4 only Ph-1: IPv4/v6 dual stack + v4/v6 coexistence technologies Ph-2: IPv6 only Hmm, not quite. I'd say: v4 only v4/v6 dual stack, with v4 being

Re: Open Source CA / PKI

On 19/08/08 19:23, Jon Kibler wrote: I am looking at deploying an open source CA/PKI for a client. It would be only for internal users and systems. It would have to manage a few hundred certificates against the organization's self-signed root cert. It would be installed on a CentOS 5.x

Re: Australian Co-Lo

On 24/06/08 01:04, Martin Barry wrote: $quoted_author = Bernard Becker ; Looking for recommendations for carrier neutral co-lo facility for Melbourne Australia. Our searches so far seem to turn up sites either on Telstra or Optus affiliated co-lo facilities. We need to be in a carrier neutral