Re: Redeploying most of 127/8, 0/8, 240/4 and *.0 as unicast

On 11/19/2021 1:27 PM, William Herrin wrote: On Fri, Nov 19, 2021 at 10:22 AM Zu wrote: One anecdote (the non-technical grandma) illustrates a very real problem that would need to be addressed -- there are non-technical people (of all ages, if your concerned about ageism) which will need

Re: Verizon Routing issue

On 6/24/2019 10:44 AM, Jared Mauch wrote: It was impacting to many networks. You should filter your transits to prevent impact from these more specifics. - Jared https://twitter.com/jaredmauch/status/1143163212822720513 https://twitter.com/JobSnijders/status/1143163271693963266

Re: CenturyLink/Level3 feedback

On 6/6/2019 3:30 PM, Bryan Holloway wrote: On 6/5/19 3:40 PM, Dovid Bender wrote: If the FCC has their way the only place you will see the PSTN in history books. I can only hope that the same happens to faxing. I'm told that the one of the only reasons faxing is still a thing is because

Re: O365 IP space

In the past I've pulled down an XML file that included the IP space for all of the O365 products.  Then I filtered, sorted and aggregated what I wanted for my internal use via a script. On 9/25/2018 12:35 PM, David Bass wrote: Sorry, I should have stated that I have already searched, and have

Re: Impacts of Encryption Everywhere (any solution?)

$100M+ in federal dollars goes a long way. On 5/29/2018 10:17 AM, Mike Hammett wrote: Is that PennRen\Kinber? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Matt Hoppes" To: "Lamar Owen" Cc:

Re: Has Level3 done away with traceroute??

I just performed a few traceroutes. Comcast to 4.2.2.2 5. hu-0-11-0-0-ar03.ivyland.pa.panjde.comcast.net  6. xe-4-0-0.edge1.Toronto.Level3.net  7. ???  8. b.resolvers.Level3.net Comcast to Level3 customer  5. hu-0-11-0-0-ar03.ivyland.pa.panjde.comcast.net  6. xe-4-0-0.edge1.Toronto.Level3.net

Re: Software for network modelling / documentation / GIS

Hi, If you want to go the full stack, start open source and to have the support and com.ext. option you can check iDoIT. Good thing is, it has also a nice API for further automation and you can use it as generall CMDB. https://www.i-doit.org/ Rgds, SJ

Re: Low density Juniper (or alternative) Edge

Hi Mark, Mark Tinka schrieb am So., 28. Feb. 2016 07:13: > > > On 3/Feb/16 09:58, Nick Hilliard wrote: > > > Typically the features that fall by the wayside first are: reasonable > > port buffers, qos knobs and decent lag/ecmp hashing support for mpls > > packets. > >

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

On 7/20/2015 2:57 PM, valdis.kletni...@vt.edu wrote: On Mon, 20 Jul 2015 19:42:39 +0100, Colin Johnston said: see below for china ranges I believe, ipv4 and ipv6 You may believe... but are you *sure*? (Over the years, we've seen *lots* of block China lists that accidentally block chunks

Re: Huawei and ZTE Routers

On 5/7/2015 2:25 PM, Daniel Corbe wrote: Colton Conor colton.co...@gmail.com writes: The other thread about the Alcatel-Lucent routers has been pleasantly delightful. Our organization used to believe that Juniper, Cisco, and Brocade were the only true vendors for carrier grade routing, but now

Re: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761]

Wouldn't it be a BCP to set no-export from the Noction device too? On 3/26/2015 6:20 PM, Nick Rose wrote: Several people asked me off list for more details, here is what I have regarding it. This morning a tier2 isp that connects to our network made an error in their router configuration

Re: Dynamic routing on firewalls.

On 2/5/2015 9:42 AM, Eugeniu Patrascu wrote: On Juniper things tend work OK. Other than this, make sure you don't run into asymmetric routing as connections might get dropped because the firewall does not know about them or packets arrive out of order and the firewall cannot reassemble all of

Re: something strange about bgp community

Also note there is nothing stopping anyone from adding any community they want. The effect and how long the community stays attached to a route is another matter. On 1/7/2015 8:35 AM, Song Li wrote: Hi everyone, Today when I check one route in Routeviews I find something strange as

Re: Private ASNs in the wild

I had resurrected a similar thread last year: http://www.gossamer-threads.com/lists/nanog/users/123155 There are sloppy networks out there. If it was a big enough problem all you'd need is a few key networks drop those prefixes and we'd have a...slightly less sloppy Internet? On

Re: Credit to Digital Ocean for ipv6 offering

On 6/17/2014 3:19 PM, Matthew Petach wrote: On Tue, Jun 17, 2014 at 11:25 AM, Alan Clegg a...@clegg.com wrote: On 6/17/14, 1:29 PM, rw...@ropeguru.com wrote: On Tue, 17 Jun 2014 13:25:37 -0400 valdis.kletni...@vt.edu wrote: On Tue, 17 Jun 2014 13:14:04 -0400, rw...@ropeguru.com said:

Re: We hit half-million: The Cidr Report

At one time Covad stated they announce everything as /24 to make hijacking more difficult. Looks like Covad (now MEGAPATH) hasn't changed that policy. On 4/29/2014 12:29 PM, Kate Gerry wrote: Already working on aggregating as much as I can. I was checking my tables the other day and I

Re: BGPMON Alert Questions

On 4/2/2014 11:30 PM, Barry Greene wrote: Hi Team, Confirmation from my team talking directly to Indosat - self inflected with a bad update during a maintenance window. Nothing malicious or intentional. Barry Did you get any details on what specifically went wrong? I don't recall any

Re: random dns queries with random sources

I couldn't resolve that domain or subdomains that I tried. If that domain did respond, I'd guess it's tailored to be a large junky response. Varying the qname prevents people from using iptables to block specific queries. On 2/18/2014 10:08 PM, Joe Maimon wrote: Hey all, DNS

Re: While on the subject of IRR and route objects

+1 Easiest to use by far. Only thing I see as lacking for easy adoption is canned solution for managing the push to the routers. On 1/31/2014 9:04 AM, Job Snijders wrote: On Fri, Jan 31, 2014 at 08:58:06AM -0500, Alain Hebert wrote: IRRToolset 5.0.1 (rtconfig really) finally gave

Re: Proxy ARP detection (was re: best practice for advertising peering fabric routes)

On 1/15/2014 6:31 PM, Clay Fiske wrote: Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so long. But how can I detect proxy ARP when detecting proxy ARP was patented in 1996? http://www.google.com/patents/US5708654 Seriously though, it’s not so simple. You only

Re: Query: fate of ipdeny.com

On 1/1/2014 4:44 PM, Rich Kulawiec wrote: ipdeny.com provided a highly useful service: IP address allocations on a per-country basis. The site's still live but all (or nearly all) the data files are empty. The blog hasn't been updated, and email via their contact form goes unanswered. I'd

Re: turning on comcast v6

On 12/20/2013 12:30 AM, Owen DeLong wrote: I'd like to encourage people to use prefix-hint=::/48. The router should accept the /60 and deal with it, but it's better to have Comcast's logs show that you requested a proper full-size prefix. I'm almost afraid to ask about the phrase

Re: turning on comcast v6

On 12/11/2013 10:23 PM, Rob Seastrom wrote: Eric Oosting eric.oost...@gmail.com writes: It brings a tear to my eye that it takes: 0) A long standing and well informed internet technologist; 1) specific, and potentially high end, CPE for the res; 2) specific and custom firmware, unsupported

Re: Best practice on TCP replies for ANY queries

On 12/11/2013 1:06 PM, Anurag Bhatia wrote: I am sure I am not first person experiencing this issue. Curious to hear how you are managing it. Also under what circumstances I can get a legitimate TCP query on port 53 whose reply exceeds a basic limit of less then 1000 bytes? I'm not a DNS

Re: Empty messages (was Re: Any computer, anywhere?)

On 12/8/2013 4:59 PM, Larry Sheldon wrote: On 12/8/2013 8:13 AM, Michael Brown wrote: I've been getting several of these (empty messages) from different people and on different subjects but always on the NANOG list. Secret messages? Or is NSA sucking too hard? I confirm I've been seeing

Re: Blocking private AS

On 2/18/2010 2:27 PM, Thomas Magill wrote: I am thinking about implementing a filter to block all traffic with private AS numbers in the path. I see quite a few in my table though so I am concerned I might block some legitimate traffic. In some cases, these are just prefixes with the private

Re: ATT UVERSE Native IPv6, a HOWTO

On 11/23/2013 1:22 AM, Andrew D Kirch wrote: Special thanks to Alexander from ATT's Tier-2 dept, though my suspicion is that that is not where he works, as he seems exceptionally clueful. Additional thanks to Owen DeLong who finally got me off my ass to actually do this, I'll see you in the

Re: FTTH for cable companies

On 10/19/2013 6:35 AM, Jean-Francois Mezei wrote: I need a reality check... For telcos, going from barely twisted copper pair to FTTH presents huge incremental improvement. FTTN is basically a stop gap medium term solution that is more pleasing to some beancounters. However, for a cable

Re: To CCIEs and JNCIEs

On 10/11/2013 7:07 PM, Gary Baribault wrote: Hey, I'm a security guy, I'm paid to be paranoid, the only question is whether I'm paranoid enough .. I don't need another EMail addy Gary Baribault Courriel: g...@baribault.net GPG Key: 0x685430d1 Fingerprint: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35

Re: NANOG 59 - Monday presentations on YouTube

On 10/8/2013 5:41 PM, David Temkin wrote: All, We're proud to announce that all of the recorded presentations from Monday at NANOG 59 in Phoenix have now been posted to Youtube. You may visit the NANOG 59 page at http://www.youtube.com/playlist?list=PLO8DR5ZGla8j7_jnNYY3d8JB0HfdXe85X We

Re: iOS 7 update traffic

On 9/18/2013 1:38 PM, Zachary McGibbon wrote: So iOS 7 just came out, here's the spike in our graphs going to our ISP here at McGill, anyone else noticing a big spike? [image: internet-sw1 - Traffic - Te0/7 - To Internet1-srp (IR Canet) - TenGigabitEthernet0/7] Zachary McGibbon Traffic was

Re: Yahoo is now recycling handles

On 9/3/2013 11:57 PM, Scott Howard wrote: Overall this is nothing new - Hotmail has been doing the same thing for years. Scott When I used to use Hotmail - Your account was dropped after 30-60 days of non-use. Whereas Yahoo kept accounts active forever until recently. Granted it's been

Re: Evaluating Tier 1 Internet providers

On 8/27/2013 5:04 PM, Ben Hatton wrote: - time taken to turn around BGP import filter changes So much This... You don't realize how important this is until your nationwide provider takes 8 WEEKS to add one network to your (already set up and working for 20 other networks) peering. Then

Re: Vancouver IXP - VanTX - BCNet

On 8/23/2013 1:30 PM, Jacques Latour wrote: Bill, not true. Following on our vision for Canada to have an IXP in every major city, specifically for Calgary, CIRA worked with CYBERA to organize a town hall meeting in Calgary, on September 14, 2013. At the meeting, we had interested

Re: A bit of historical news

On 5/31/2013 9:01 AM, David Hubbard wrote: Not holding my breath on that; been complaining to my VZ rep for v6 on fios for two years now since we have it in several remote locations and the most he could find for me as of last month was: Verizon's First Office Application (FOA) is planned

Re: Remote Hands Nation-Wide?

On 5/17/2013 8:00 PM, Aaron C. de Bruyn wrote: I recall a message a while back about a company that offered remote hands nation-wide, but my Google-Fu is failing me. Any pointers? We basically need to find coverage for eastern Washington State and all of Oregon. -A Perhaps Ledcor?

Re: Tier1 blackholing policy?

On 4/30/2013 10:31 AM, Thomas Schmid wrote: Greetings, I know Tier1s are blackholing traffic all the time :) (de-peering, congestion etc.) but did it became a new role for Tier1s to go from transit provider to transit blocker? We received recently customer complaints stating they can't

Re: It's the end of the world as we know it -- REM

On 4/23/2013 5:41 PM, Valdis Kletnieks wrote: I didn't see any mention of this Tony Hain paper: http://tndh.net/~tony/ietf/ARIN-runout-projection.pdf tl;dr: ARIN predicted to run out of IP space to allocate in August this year. Are you ready? Where do the startup ISPs whom didn't qualify

Re: The 100 Gbit/s problem in your network

On 2/11/2013 7:23 AM, Saku Ytti wrote: On (2013-02-11 12:16 +), Aled Morris wrote: I don't see why, as an ISP, I should carry multiple, identical, payload packets for the same content. I'm more than happy to replicate them closer to my subscribers on behalf of the content publishers. How

Re: EQUINIX

On 1/17/2013 4:49 AM, Ryan Finnesey wrote: What's the going rate now a days for a rack within EQUINIX? Cheers Ryan I would imagine this varies greatly by market and maybe even suite within the building.

How are operators using IRR?

How are operators using the data available in the various IRRs? Using an example: AS1 is your customer AS1 has AS2, AS3 and AS4 described as customers in an IRR Also assume AS2 has IRR data describing AS1000 and AS2000 as it's customers. Are operators building AS path regexes such as the

When an ISP should run their own IRR for customers

I'm querying the community on the feasibility of running my own IRR on behalf of customers whom probably aren't/won't register their own objects. I'm going down this path since I don't believe RADB or ARIN would let me register objects on behalf of my customers. I know I'm going to need this

Re: Native IPv6 providers/datacenters list?

On 10/9/2012 11:05 AM, Jared Mauch wrote: On Oct 9, 2012, at 10:42 AM, Ryan Rawdon r...@u13.net wrote: On Oct 9, 2012, at 9:34 AM, Christopher J. Pilkington wrote: I want to make an informed response to a comment made by our CenturyLink rep regarding IPv6, in the context of SAVVIS not being

Internet routing table completeness monitoring?

Has anyone put in place a method to identify if one their BGP peers suddenly withdraws X% of their prefixes? e.g I should expect ~420k prefixes in a complete[1] routing table from a transit peer today. If suddenly I'm only getting 390k prefixes I'd guess a major network was depeered or

Re: Angled Polish Connectors and DWDM

On 9/30/2012 6:14 AM, Aaron Glenn wrote: sent mostly towards the cladding and not the core and therefore. Indeed. I have always held the idea that APC connectors induced greater chromatic and/or polarization mode dispersion -- yet can't find any resources that claim so, nor does that fit in

Re: Angled Polish Connectors and DWDM

On 9/30/2012 12:46 PM, Mikael Abrahamsson wrote: On Sun, 30 Sep 2012, ML wrote: So far our PMD testing has come back clear. How have you done the PMD testing? For verifying PMD and CD through an actual wavelength (not per-fiber, but through all the ADMs etc), I haven't really been able

Pittsburgh IX?

mostly. -ML [1] http://www.pitx.net/

ICMP Redirects from residential customer subnets?

ever seen something like this before? Is there any reason to see ICMP redirects on a single homed residential subnet? I'm considering adding ICMP redirects to my customer edge ACL unless there is a legitimate purpose for these packets. Thanks -ML

Re: [outages] XO Outages

On 4/2/2012 12:27 PM, Jay Ashworth wrote: - Original Message - From: Darren Cusanodcus...@gmail.com Anyone experiencing any XO Outages? In the Philadelphia area our lines are straight to busy. We have some direct PRIs from XO in Tampa FL, and I have no reports from the office of

Re: airFiber

On 3/31/2012 6:12 AM, Andrew McConachie wrote: Is this any different than what GigaBeam tried before they went bankrupt. http://www.globenewswire.com/newsroom/news.html?d=177145 Their website only shows a control panel login now so I think they've gone completely out of business. The only

Re: Outdoor Wireless Access Point

On 3/31/2012 9:41 AM, Faisal Imtiaz wrote: I understand Ubiquity gear is very common, in use and available in Iran ... Look at their unifi product line. Faisal On Mar 31, 2012, at 5:38 AM, Shahab Vahabzadehsh.vahabza...@gmail.com wrote: Hi there, I asked for a wireless solution for a

Re: Outdoor Wireless Access Point

On 3/31/2012 1:09 PM, Oliver Garraux wrote: As far as I know Ubiquiti's UniFi product doesn't yet have a single SSID across multiple APs. Unifi does use the same SSID's across many AP's. It actually does that by default, unless you specifically disable an SSID on a particular AP. Oliver

Re: Anyone have experience with Adconion Direct?

On 03/16/2012 05:51 AM, Suresh Ramasubramanian wrote: If a company has a ROKSO record, you don't want to host them. And spamhaus IS responsive. Yes they don't take spam reports from people - they got their own traps. They ARE responsive to requests for removal where the request checks out and

Re: shared address space... a reality!

On 3/14/2012 2:22 AM, Christopher Morrow wrote: NetRange: 100.64.0.0 - 100.127.255.255 CIDR: 100.64.0.0/10 OriginAS: NetName:SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED Did IANA have to justify this space to ARIN or was it just given to them no questions asked because

IPv6 routing table incomplete!

Not so shocking for people on this list..However after playing around with a single-homed v6 connection to Cogent I was a little surprised to not be missing just HE routes. Apparently Google and Cogent aren't playing nice as I've been unable to reach a number of Google's s for

Digi TS8 serial console server funkiness

Hopefully someone here has wrestled with serial server oddities and can shed some light on this... I've got a serial console server made by Digi (TS8 PortServer) setup in a fairly vanilla mode: 9600-8-N-1telnet to port 500X gets you to port X. Setup for a vt100 terminal type. Other VTs

Re: Fiber outage in Miami

On 01/23/2012 10:02 AM, Jimmy Changa wrote: Was anyone impacted by a botched fiber move in Miami this weekend? I lost 2 pieces of dark fiber for over almost 24 hours due to a fiber move being performed by FiberLight. I'm curious if anyone else was impacted. Sent from mobile device Yes many

Re: US DOJ victim letter

On 01/19/2012 04:01 PM, Michael Hare wrote: AS2381 has also received them, we are no further along in this than you are. On 1/19/2012 2:59 PM, Jay Hennigan wrote: We have received three emails from the US Department of Justice Victim Notification System to our ARIN POC address advising us that

Re: Weekly Routing Table Report

On 10/14/2011 03:21 PM, Routing Analysis Role Account wrote: List of Unregistered Origin ASNs (Global) - Bad AS Designation Network Transit AS Description 15132 UNALLOCATED 12.9.150.0/24 7018 ATT WorldNet Servic 32567

Re: Cogent IPv6

On 6/9/2011 4:39 AM, Tom Hill wrote: On Wed, 2011-06-08 at 23:39 -0400, ML wrote: Did Cogent have the gumption to charge you more for IPv6 too? We have a bit of transit from them (~20Mbit or so) to stay connected to their customers. Getting IPv6 setup was really simple. No extra charges

Re: Cogent IPv6

On 6/8/2011 9:51 AM, Nick Olsen wrote: I'm sure someone here is doing IPv6 peering with cogent. We've got a Gig with them, So they don't do that dual peering thing with us. (They do it on another 100Mb/s circuit we have... I despise it.) Just kind of curious how they go about it. Do they issue

Re: $ 90 million fine for cutting Internet services

On 5/28/2011 12:18 PM, Marshall Eubanks wrote: I remember some discussion of this outage on NANOG, and on what it was costing Egypt. Well, here is an estimate - almost $ 20 million USD / day (which actually sounds low to me). Regards Marshall

Re: IPv6 foot-dragging

On 5/11/2011 11:03 AM, ja...@jamesstewartsmith.com wrote: I have had similar problems with our providers, and these are tier 1 companies that should have already been full deployed. These are also some of the more expensive providers on a per Mb basis. The one provider that was full IPv6

Re: Easily confused...

On 4/18/2011 2:53 PM, Scott Weeks wrote: --- They are testing IPTV on Oahu in preperation for roll-out, so maybe they renumbered in order to more easily identify the segments.(?) Really, I'd have hoped they'd use their two-year-old

Re: Configuration Compliance tools??

On 4/16/2011 3:39 AM, Subba Rao wrote: Hi, I am tasked to analyze the configuration of several Layer 2 Switches for compliance. Most of these switches are from Foundry (now Brocade). What tools are available to perform this task? I could write up a Perl script to parse thru the configuration

Re: Level 3 Agrees to Purchase Global Crossing

On 4/11/2011 10:13 AM, William Allen Simpson wrote: http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut

Re: Long Distance Dark Fiber

On 3/10/2011 12:15 AM, nanog wrote: Good Evening all. I got an odd and somewhat crazy request from our development group for a long haul OC48 connection for testing (they specifically said from their office in Utah to the east coast and back) with minimal jitter. They need to be able to run

Verizon Issues? East Coast US

Seeing some packet loss via Cogent. www.internetpulse.net seems to be lighting up.

Re: Verizon Issues? East Coast US

On 2/28/2011 9:53 PM, ML wrote: Seeing some packet loss via Cogent. www.internetpulse.net seems to be lighting up. Looking at from Level3 via San Jose, NLayer via Chicago, Cogent via NY. Seems like the trouble starts after: 0.ge-5-0-0.CHI01-BB-RTR1.ALTER.NET Substitute CHI for NY, SJC etc.

Re: Cruzio peering

On 2/10/2011 11:37 PM, Jeroen van Aart wrote: A high-speed/high-bandwidth wireless link connects the Cruzio 877 Cedar facility with the Equinix San Jose facility via Mount Umunhum to provide a wireless failover to the fiber in event of a fiber outage. Interesting. Do you know which wireless

Re: Strange L2 failure

On 1/29/2011 10:05 PM, Jack Bates wrote: On 1/29/2011 8:47 PM, ML wrote: I just ran into something like this yesterday. A Belkin router with a MAC of 9444.52dc. was properly learned at the IDF switch but the upstream agg switch/router wouldn't learn it. I even tried to static the MAC

Re: Level 3's IRR Database

On 1/30/2011 4:53 PM, Brandon Butterworth wrote: I think it is too early in the deployment process to start dropping routes based on RPKI alone. We'll get there at some point, I guess. Do we really *want* to get to that point? I thought that was the point and the goal of securing the routing

Re: Strange L2 failure

On 1/29/2011 4:24 PM, Jack Bates wrote: Has anyone seen issues with IOS where certain MACs fail? 54:52:00 (kvm) fails out an old 10mbit port on a 7206 running 12.2 SRE. I've never seen anything like this. DHCP worked, ARP worked, and arp debugging showed responses for arp to the MAC, however,

Re: IPv6: numbering of point-to-point-links

On 1/24/2011 4:20 PM, Ray Soucy wrote: That said. By not using the 64-bit boundary you may be sacrificing performance optimizations with today's processors that lack operations for values larger than 64-bits. Is this an issue for any known vendors today?

Re: Auto ACL blocker

On 1/18/2011 6:48 PM, Thomas Magill wrote: Also, have you considered just using the spamhaus DROP list? They even have code to have the list pushed to IOS available. You could simply substitute your file for their list if you only want to use IPs caught by your honeypot.

Re: Authentication using Microsoft 2008 Active directory for Cisco RADIUS login

On 1/18/2011 4:15 PM, Michael Ruiz wrote: Hello all, I am having some trouble getting my Cisco routers to use Active directory to authenticate users. I have searched on Google and so far I am coming up dry on good documentation that will work. I know $myemployer Uses

[***** SPAM 5.8 *****] Re: Request Spamhaus contact

On 1/17/2011 6:55 PM, Raymond Dijkxhoorn wrote: Hi! 1) The sites were already null routed. The problem is with Spamhaus' inability to contact me prior to impacting other legitimate customers. Null routed? Its up! [root@master tmp]# host www.viagra-shopping.com www.viagra-shopping.com

Re: Is NAT can provide some kind of protection?

On 3/21/2007 6:25 AM, Tarig Ahmed wrote: In fact our firewall is stateful. This is why I thought, we no need to Nat at least our servers. Tarig Yassin Ahmed On Jan 12, 2011, at 4:59 PM, Nick Hilliard n...@foobar.org wrote: On 21/03/2007 09:41, Tarig Ahmed wrote: Is it true that NAT can

Re: IPv6 prefix lengths

On 1/12/2011 10:49 PM, Richard Barnes wrote: Hi all, What IPv6 prefix lengths are people accepting in BGP from peers/customers? My employer just got a /48 allocation from ARIN, and we're trying to figure out how to support multiple end sites out of this (probably around 10). I was thinking

Problems with removing NAT from a network

I've got a customer that is looking to multihome with upstreams in two POPs. Currently they multihome in one POP and utilize a single edge router for some one to one NAT and some PAT for their users. Before they turn up the BGP peer in the new POP I've advised them to abolish NAT once and

Re: Router only speaks IGP in BGP network

On 12/25/2010 3:36 AM, Mark Tinka wrote: On Friday, December 24, 2010 07:26:43 am Randy Bush wrote: and do NOT redistribute bgp into ospf. This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to

Re: IPv6 BGP table size comparisons

On 12/21/2010 7:10 PM, Mike Tancsa wrote: On 12/21/2010 5:18 PM, Frank Bulk wrote: There are 4,035 routes in the global IPv6 routing table. This is what one provider passed on to me for routes (/48 or larger prefixes), extracted from public route-view servers. ATT AS7018: 2,851 (70.7%)

Re: Some truth about Comcast - WikiLeaks style

On 12/21/2010 10:49 AM, Owen DeLong wrote: Obviously, this probably won't happen. The Telcos in the US have far too powerful a lobbying force snip Owen Sad that we can admit this fact so freely.

Re: Some truth about Comcast - WikiLeaks style

According to: http://en.wikipedia.org/wiki/Comcast Comcast has 15.930 million high-speed internet customers If a 10G port for transit is paid by comcast $30/Mbit/s monthly that's 0.19 cent/internet customer/month for a new 10G port to properly desaturate this particular link. Did I compute

Cogent announcing more specific prefixes?

Anyone else get alerts from their BGP monitoring system (In my case Cyclops) saying Cogent briefly announced some more specific prefixes? AS path as reported by Cyclops: 7575 46135 174 174 /20s broken into /23s /23s became /24s Also saw alerts for one to one (/23 announced has /23) All

Re: Register.com DNS outages

this. Maybe other DNS hosting companies do... -Original Message- From: ML [mailto:m...@kenweb.org] Sent: Sunday, November 14, 2010 10:59 PM To: nanog@nanog.org Subject: Re: Register.com DNS outages On 11/14/2010 10:20 PM, John Lightfoot wrote: My company uses register.com for DNS hosting

Re: Register.com DNS outages

On 11/13/2010 11:11 AM, David Ulevitch wrote: Good morning, Does anyone have any updates they can share on the register.com outage that has been happening since sometime yesterday? They don't seem to have any sort of explanation or status page (aside from the note on their homepage). Is there

Re: Register.com DNS outages

On 11/14/2010 10:20 PM, John Lightfoot wrote: My company uses register.com for DNS hosting and we were hit by its troubles this weekend. I know there are companies that offer backup DNS services, but those seem to be aimed at companies that host their own DNS, which we're not really interested

Re: Current trends in capacity planning and oversubscription

On 11/10/2010 12:26 AM, Sean Donelan wrote: While the answer is always it depends, I was wondering what the current rules of thumb university network engineers are using for capacity planning and oversubscription for resnets and admin networks? For K-12, SETDA

Re: Only 5x IPv4 /8 remaining at IANA

And +1 on the pioneers comment too. Paul. IPv6 Hipsters..Doing it before it was cool.

Re: Only 5x IPv4 /8 remaining at IANA

IPv6 isn't going to make class-based routing obsolete... is it? *ducks* cheers! Andrew Of course not. My users are already asking for some Class G networks (/56) to use.

Re: large icmp packet issue

On 9/25/2010 10:57 PM, fedora fedora wrote: I am having problem getting ping to work to a specific destination host when using large size icmp packet and i am hoping someone here can offer some suggestion. With regular ping, i can ping this remote host without any problem, but if i crank up the

Re: Real ops talking to future ops

On 8/23/2010 7:54 PM, Dave CROCKER wrote: On 8/23/2010 3:38 PM, John Kristoff wrote: many of the other instructors they come into contact with are focusing only on class A, B, C addressing wow. I'm just as surprised as you are. They left out AppleTalk.

Re: DNSSEC and SSL

On 8/22/2010 2:38 AM, Mikael Abrahamsson wrote: No, because DNSSEC isn't secured all the way from the DNS server to the application, only to the resolver. Both systems have problems, I'd imagine the best security is when they work together. Is a DNSSEC capable stub resolver not in the cards?

on network monitoring and security - req for monitoring tools

Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions... http://www.subspacefield.org/security/security_concepts.html Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others? Any summaries of when one is better than the other? Any

DNSSEC and SSL

Would a future with a ubiquitous DNSSEC deployment eliminate the market for commercial CAs? Would functioning DNSSEC + self signed certs be more secure/trustworthy than our current system of trusted CAs chosen by OS/browser developers?

Re: Question of privacy with reassigned resources

On 8/5/2010 8:04 AM, William Herrin wrote: On Thu, Aug 5, 2010 at 4:25 AM, Steven Bellovin s...@cs.columbia.edu wrote: Clearly, the apartment complex owners could do that if they so choose. I'm not sure who you suggest should buy a box from mail boxes etc. yourself and set up mail forwarding

Question of privacy with reassigned resources

generic, local POP address or local corporate office, just enough for rough geolocation accuracy? I realize what ARIN prefers, this is more of an opinion gathering. -ML

wanted: WAN connectivity statistics

Hey all, I was wondering if anyone can direct me to information about WAN connectivity statistics. I'd like to get an idea of the typical frequency and length of outages, distribution (is it gaussian?) and any relevant confounding factors (routing stabilization times, network topology issues,

DWDM hardware recommendations

I'm in the process of researching DWDM equipment for a new ring I'm about to light. Only two dark fibers to start. My only experience with WDM is a ring lit with MRV CWDM equipment by another provider. The MRV equipment hasn't failed once in the years I've had the service. Good/bad/ugly

  1   2   >