RE: Level(3) DNS Spoofing All Domains

2019-11-19 Thread Ryan, Spencer
Are you a CL/L3 customer? Those resolvers have only ever been for “customers” even though they would resolve for anyone. They started injecting NXDOMAIN redirects a while ago for non-customers. From: NANOG On Behalf Of Marshall, Quincy Sent: Monday, November 18, 2019 12:45 PM Subject:

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer
Looks like you’re right. Too many 7xxx model numbers. Either way, same result. The MAC layer in the switch treats it like a QSFP port would be. From: Tim Jackson [mailto:jackson@gmail.com] Sent: Monday, February 5, 2018 9:11 PM To: Ryan, Spencer <sr...@arbor.net> Cc: Hunter Fuller <

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer
2018 2:57 PM To: Ryan, Spencer <sr...@arbor.net> Cc: Marian Ďurkovič <m...@bts.sk>; Baldur Norddahl <baldur.nordd...@gmail.com>; nanog@nanog.org Subject: Re: 40G reforming I suspect that implies that you can just take a 40Gbase-SR4 module and break it out into individual "10G&

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer
Indeed. Arista does (did?) make at least one platform where you can do this. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Marian Durkovic Sent: Monday, February 5, 2018 2:33 PM To: Baldur Norddahl Cc: nanog@nanog.org Subject:

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer
40G is either 4 x 10G over a single pair, or broken out into 8 fibers in the short or parallel versions. Almost all Ethernet platforms support running most or all of their 40G ports as 1 x 40 or 4 x 10. When using the breakout cables though your options are usually more limited. A 1U switch

RADB - aut-num policy question

2018-02-05 Thread Ryan, Spencer
Hello all, I'm a bit out of my element on this one and hoping someone can help. I'm putting together an aut-num entry for RADB and have a question about our Comcast peerings. We peer with AS7922 in several sites, but if you look at the actual pathing via bgp.he.net or just the routes

ATT AVPN BGP Communities

2017-11-29 Thread Ryan, Spencer
Hey All, Does anyone know if AVPN lets end users set/add their own communities to routes? I see that they stamp several on the routes we originate (Community: 13979:2741 13979:2943 13979:5000 13979:6551) and curious if anyone had luck adding their own before I go start mucking around. Thanks!

Re: Two BGP peering sessions on single Comcast Fiber Connection?

2016-10-13 Thread Ryan, Spencer
Run your IPv4 peer to one router and IPv6 to another. Boom, redundancy! Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com

Re: Excessive Netflix DNS Traffic?

2016-10-13 Thread Ryan, Spencer
I was going to point you to the reddit thread about it, but it looks to be your thread :) Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com

Re: charges for prefix filter updates (was Re: Any ISPs using AS852 for IP Transit?)

2016-09-26 Thread Ryan, Spencer
I've used HE's tunnelbroker (BGP) a few times to get our ARIN space to a site while waiting on a local carrier to turn up v6, get the proper LOA, etc. I've received better service from the NOC there for a service I didn't pay for than I have from any ISP I've ever given money. They are doing a

Re: "Defensive" BGP hijacking?

2016-09-13 Thread Ryan, Spencer
What would you have done if the personal harassment didn't stop? What would you have done if they simply switched to a new source range/different set of bots? Seems like a very slippery slope to me. Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor

Re: "Defensive" BGP hijacking?

2016-09-12 Thread Ryan, Spencer
I'm in the "never acceptable" camp. Filtering routes/peers? Sure. Disconnecting one of your own customers to stop an attack originating from them? Sure. Hijacking an AS you have no permission to control? No. Obviously my views and not of my employer. Spencer Ryan | Senior Systems

RE: comcast and msoft ports

2016-09-11 Thread Ryan, Spencer
Having those ports exposed to the Internet is scary. Comcast is right in blocking them. Sent from my Verizon, Samsung Galaxy smartphone Original message From: Randy Bush Date: 9/11/16 2:48 PM (GMT-05:00) To: Ca By Cc: North American

RE: comcast and msoft ports

2016-09-11 Thread Ryan, Spencer
https://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/ Sent from my Verizon, Samsung Galaxy smartphone Original message From: Randy Bush Date: 9/11/16 2:35 PM (GMT-05:00) To: North American Network Operators' Group

Re: Use of unique local IPv6 addressing rfc4193

2016-09-08 Thread Ryan, Spencer
I agree with Karl. We use the ULA space for our internal test labs. The /48's we have in use get routed around internally but have no chance of leaking to the internet. Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks +1.734.794.5033 (d) |

Re: Level 3 voice outage?

2016-08-29 Thread Ryan, Spencer
Ran across this earlier, it sounds bad. https://www.reddit.com/r/networking/comments/504xbo/level_3_voice_outage_global_ticket_being_worked/ Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m)

Re: Managed global low latency network with any to any connectivity

2016-08-24 Thread Ryan, Spencer
AT's AVPN product (Layer 3 VPN/"MPLS") does any-any routing and constantly changes L3 hops for the best pathing. I've used the service at a few jobs and the product itself is quite good. Dealing with them for things like MACD's can be...frustrating. We've never had a location they couldn't

Re: Arista unqualified SFP

2016-08-23 Thread Ryan, Spencer
It won't work. They require the hashed key that support/your AM has to generate for your org. Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com

Re: Arista unqualified SFP

2016-08-18 Thread Ryan, Spencer
All of our X520's don't care if you use Arista or Proline DAC cables (the two brands we have around). Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m)

Re: Arista unqualified SFP

2016-08-17 Thread Ryan, Spencer
Yes, email support and ask for the unlock code, they will make you agree that you know that 3rd party optics may explode the switch and it's not their fault. The command they give you will have a key/hash built into it (but will work on any switch) that ties the "unlock" to your org. Ours

RE: Email to text - vtext.com blacklisting ip

2016-08-16 Thread Ryan, Spencer
I agree. Pay Pager duty or a SMS gateway with a SLA. Relying on the free service for anything critical is asking for trouble. Sent from my Verizon, Samsung Galaxy smartphone Original message From: Josh Luthman Date: 8/16/16 6:09 PM (GMT-05:00)

RE: ARIN Route Registry Issue

2016-08-13 Thread Ryan, Spencer
It says email will be online. Not that anyone will be there to answer them. Sent from my Verizon, Samsung Galaxy smartphone Original message From: Randy Bush Date: 8/13/16 6:30 PM (GMT-05:00) To: Frank Bulk Cc: North American Network

Re: IPv6 Deployment for Mobile Subscribers

2016-07-22 Thread Ryan, Spencer
> I would love to test it, but it will be no surprise that none of the four carriers enabled IPv6. Verizon Wireless has been dual stack for many years, before they ran out of public IPv4 addresses and switched handsets to RFC1918 space for v4. From: NANOG

Re: IPv6 Deployment for Mobile Subscribers

2016-07-22 Thread Ryan, Spencer
As far as I'm aware Android still today does not support DHCPv6. https://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems From: NANOG on behalf of james machado Sent: Friday, July 22, 2016