, the board, staff, or provided feedback
via the contact form on the website, and who knows it could have come from
young women. Those voices do not have to come from the mailing list, to be just
as valid as ours.
Ryan Hamel
From: NANOG on behalf of Paul WALL
Sent
nly hurting yourself. I have yet to come across an
enterprise that uses it between internal VLANs or policies/zones, where the
same threat potential can be, especially in a DMZ.
Ryan Hamel
From: NANOG on behalf of William
Herrin
Sent: Friday, February 16, 202
ing on how it is implemented, with minimal
effort. This video tells the story of NAT and the Cisco PIX, straight from the
creators https://youtu.be/GLrfqtf4txw
Ryan Hamel
From: NANOG on behalf of
sro...@ronan-online.com
Sent: Friday, February 16, 20
Allocating 240/4 only temporarily drives down pricing until it's all assigned,
then we're all back at square one. Ya know what does not put us back square
one, nor waste our time? Implementing IPv6.
Ryan Hamel
From: NANOG on behalf of Christopher
Hawker
Sent
Tim,
How is that Mikrotik a let down?
Ryan
From: NANOG on behalf of Tim Howe
Sent: Tuesday, February 13, 2024 12:04:50 PM
To: nanog@nanog.org
Subject: Re: The Reg does 240/4
Caution: This is an external email and may be malicious. Please take care when
Mike,
The numbers have not bounced back to pre-pandemic levels, and it doesn't help
that NANOG 90 has had some hotel issues.
Ryan
From: NANOG on behalf of Mike
Hammett
Sent: Sunday, February 11, 2024 5:31:02 AM
To: nanog
Subject: NANOG 90 Attendance?
Abraham,
What you are presenting here is a solution looking for a problem. There are
multiple solutions available today that do not require your proposed hacks to
IPv4 space. If your ideas keep getting rejected by the masses, maybe you should
read the room and lookup the phrase "resistance is
, January 12, 2024 3:45:32 AM
To: Ryan Hamel
Cc: nanog@nanog.org ; Michael Butler
; Chen, Abraham Y.
Subject: IPv6? Re: Where to Use 240/4 Re: 202401100645.AYC Re: IPv4 address
block
Caution: This is an external email and may be malicious. Please take care when
clicking links or opening attachments
Abraham,
You may not need permission from the IETF, but you effectively need it from
every networking vendor, hardware vendor, and OS vendor. If you do not have buy
in from key stakeholders, it's dead-on arrival.
Ryan
From: NANOG on behalf of Abraham Y.
Chen
Abraham,
You're arguing semantics instead of the actual point. Residential customers
want Internet access, not intranet access. Again, VRFs are plentiful and so are
CG-NAT firewall appliances or servers to run those VMs.
Save yourself the time and effort on this and implement IPv6.
Ryan
as they can match a MAC
address of the customer router + MAC address of the carrier equipment, to the
DHCP and flow logs.
As along as the carrier implements IPv6, it will cut down on the active NAT
sessions and port forwards the equipment needs to process.
Ryan Hamel
the circuit without a
truck roll.
Ryan Hamel
From: Josh Luthman
Sent: Monday, November 27, 2023 6:41 AM
To: Ryan Hamel
Cc: Christopher Hawker ; North American Network
Operators' Group
Subject: Re: CPE/NID options
Caution: This is an external email and may
The problem with using switches as a CPE device is the lack of RFC2544 (or
equivalent) testing, and monitoring of the complete circuit with TWAMP. Both of
which are used to ensure compliance with an SLA.
Ryan Hamel
From: NANOG on behalf of Josh
Luthman
Sent
Christopher,
A residential customer would be getting their /56 from the providers pool via
RA or DHCPv6. With a /32 aggregate, it can handle 1.6 million /56 delegations,
which can cover a few regions. It all depends on the planning going into
splitting up the aggregate.
A rule of thumb I go
Matt,
Why would HE hijack Cogent's IP space? That would end in a lawsuit and
potentially even more de-peering between them.
Ryan Hamel
From: NANOG on behalf of Matt
Corallo
Sent: Monday, November 13, 2023 11:32 AM
To: Bryan Fields ; nanog@nanog.org
Subject
That's not a good option for bad weather depending on the region. Rain fade and
other effects at 24Ghz and above can hinder a set of links, which is sometimes
better than having no links at all. The encoding and error correcting
capabilities play a crucial part in having a good connection.
Why not place the routers in Dallas, aggregate the transit, IXP, and PNI's
there, and backhaul it over redundant dark fiber with DWDM waves or 400G OpenZR?
Ryan
From: NANOG on behalf of Tim Burke
Sent: Saturday, October 14, 2023 8:45 PM
To: Dave Taht
Cc:
Solid Optics? --
https://www.solid-optics.com/product/edfamux-multiplexer-amplifier-dispersion-compensation-dwdm-mux-edfa/
Ryan
From: NANOG on behalf of Dave Bell
Sent: Friday, October 6, 2023 6:52 AM
To: Mark Tinka
Cc: nanog@nanog.org
Subject: Re: Low to
Matt,
It's not just you or Google, I just got those emails to my Office 365 at the
same time. My guess is that the list admins/moderators got the emails and just
responded without approving the moderated emails.
Ryan
From: NANOG on behalf of Matthew
Petach
things?
Y'all have been making a mountain out of a molehill.
Ryan
From: Tom Beecher
Sent: Saturday, September 9, 2023 9:30:13 AM
To: Martin Hannigan
Cc: Ryan Hamel ; nanog@nanog.org
Subject: Re: Guest Column: Kentik's Doug Madory, Last Call for Upcoming ISOC
Randy,
You're right, the problem is not technical. It's a choice to click the links or
not. NANOG does not have to sanitize links for you. Those emails do not have to
be read, and no one is stopping you from filtering them out. For you to say,
"my privacy has been sold", is simply not true.
Paschal,
It is not supported, nor is it recommended for redundancy in a routed setup.
Please describe your (desired) topology, that way the community can discuss
alternatives.
Thanks,
Ryan Hamel
From: NANOG on behalf of Pascal
Masha
Sent: Monday, August 21
, Level3/Lumen, Zayo, etc.
Juniper's ACX7024 does look interesting as a building demarc/agg device, but
overkill for a single client CPE. It can't hold full tables for transit
handoffs, but the customer can establish multi-hop BGP sessions upstream for
that.
Ryan Hamel
I fully agree here too. That's why I proposed a "smarter" CPE to replace the
standard appliances deployed on site, where the only thing changing is the
configuration on the device itself, not product being handed off.
Ryan Hamel
From: NANOG on beha
s very well.
I also agree with your stance on Broadcom, it's hard to come up with
alternatives that are not ADVA/Ciena/Cisco/RAD.
Ryan Hamel
From: NANOG on behalf of Mark Tinka
Sent: Wednesday, June 14, 2023 10:30 PM
To: nanog@nanog.org
Subject: Re:
The problem with these switch suggestions is the lack of RFC2544 testing, and
jitter + latency monitoring required for meeting SLA. That is why I mentioned
the FPGA solution.
Ryan Hamel
From: NANOG on behalf of Brandon
Price
Sent: Wednesday, June 14, 2023 2
Putting the smart devices on the edge allows for a much-simplified core
topology.
Either way, I was doing research on FPGA-based hardware a couple of weeks ago
and came across this which may tick all the boxes.
https://ethernitynet.com/products/enet-network-appliances/uep-60/ I do not know
Neel,
Carriers rebuild their prefixes lists once or twice in a 24 hour period.
Considering that you just got the block today and is in ReliableSite's
AS-SET, you just got to be patient.
Having announcements propagated immediately either sounds like it
happened a day after you gave them the
Austin,
If you run MTRs or traceroutes through the node, is there any other
additional packet loss seen in the path, and at the destination? What does
the reverse MTR or traceroute look like? The attached image was stripped out
by the mailing list system.
Bufferbloat is controlled at the
.
Ryan Hamel
-Original Message-
From: NANOG On Behalf Of Neel
Chauhan
Sent: Tuesday, January 3, 2023 7:49 PM
To: nanog@nanog.org
Subject: GTT blocking IPv4 address 128.31.0.39
Hi,
I am a customer of ReliableSite in their New Jersey location, and RS uses
GTT as a transit ISP, along
Hello Everyone,
If there is someone on this list from Airbnb who can get an IP address
removed from a block list, please contact me off list.
Thanks!
Ryan Hamel
: AS3356 Announcing 2000::/12
On Thu, Dec 8 2022 at 12:38 PM, Job Snijders mailto:nanog@nanog.org> > wrote:
Hi all,
On Wed, Dec 07, 2022 at 08:24:54PM -0800, Ryan Hamel wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate
covering over 23K pr
These as well:
3257 3356
3491 3356
They probably leaked a hold down route.
Ryan Hamel
-Original Message-
From: Christopher Morrow
Sent: Wednesday, December 7, 2022 8:48 PM
To: r...@rkhtech.org
Cc: nanog@nanog.org
Subject: Re: AS3356 Announcing 2000::/12
On Wed, Dec 7, 2022 at 11:25
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate
covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
Prayers for anyone impacted, the team announcing it, and the team resolving
the issue.
Ryan Hamel
Based on experience, all I can say is good luck. They do not respond to anyone.
Ryan
From: NANOG On Behalf Of James Dexter
Sent: Tuesday, November 29, 2022 8:43 AM
To: nanog@nanog.org
Subject: Sites blocking ISP Addresses
Dear list,
We have address ranges that are being blocked by
RPKI and IRR should be part of the prefix-list generation process, from there
setup rpf-check with a fail-filter pointing to an ACL that allows source
traffic matching the prefix-list and drops the rest. Although at that point you
can just apply said ACL to the L3 interfaces supplying the BGP
Might as well send it to their upstream abuse contacts and state their
customer is unresponsive.
Ryan
From: NANOG On Behalf Of Tim
Burke
Sent: Wednesday, September 7, 2022 1:10 PM
To: nanog@nanog.org list
Subject: AS15960 abuse contact?
Anyone have an abuse contact at AS15960 /
Yes.
Ryan
-Original Message-
From: NANOG On Behalf Of Rubens Kuhl
Sent: Sunday, July 24, 2022 12:36 PM
To: Nanog
Subject: HE.net and BGP Communities
The last mention I found on NANOG about HE.net and BGP communities for traffic
engineering is from April 2021 and said they provided
their block list or
explain what is happening, I would greatly appreciate if you could contact
me off list.
Thank you very much for your time.
Ryan Hamel
It’s already spread to the news -
https://www.rollingstone.com/politics/politics-news/ukraine-icann-russia-internet-runet-disconnection-1314278/
Ryan
From: NANOG On Behalf Of George
Herbert
Sent: Tuesday, March 1, 2022 12:17 AM
To: Nanog
Subject: Ukraine request yikes
Posted by
If it's before committing the changes just run "top" to get back to the
root of the configuration tree, then "rollback 0" to go back to the version
before any changes were made, then just "exit" out.
Ryan
On Fri, Feb 11, 2022, 2:20 PM Lyndon Nerenberg (VE7TFX/VE6BBM) <
lyn...@orthanc.ca> wrote:
Neel,
Sounds like buffer bloat.
Run a speed test, whatever is your maximum for your download and upload take
10% away from it, and setup traffic shaping in OPNsense
(https://docs.opnsense.org/manual/shaping.html) with those values. If the
issue goes away, then you're exceeding the buffer of
Jeroen,
> You people keep on giving money to ISPs that are not providing the
service you want.
Not everyone has the luxury of picking their ISP, and the common consumer
doesn't know or care about IPv6. They want Netflix to work and that's it.
Ryan
On Sat, Sep 4, 2021, 1:47 PM Jeroen Massar
Tomas,
In the bottom left corner, there is an escalation matrix based on priority,
depending on the issue you can work up the chain at a reasonable pace.
Ryan
From: NANOG On Behalf Of Tomas Lynch
Sent: Monday, August 30, 2021 10:21 AM
To: NANOG
Subject: Microsoft peering contact
Hello,
Does anyone know of any US carriers that will accept more specific routes
other than what's required for the DFZ, like "le 31" or "upto /31" (junos
speak) ? I know Zayo supports this internally but would like to know of
other carriers for redundancy.
I am currently dealing with a
At a few sites of mine, I’ve seen Cisco NCS 520 devices for local in-rack
deployments, and NCS 540’s for aggregation and extension handoffs. Looking at
their datasheets real fast, MPLS + EVPN support come in on the 540 series.
Ryan
From: NANOG On Behalf Of Shawn L via
NANOG
Sent:
Hello!
We wouldn’t be able to give any sort of answer without knowing your current and
future requirements. Each model has its own throughput classes, and sometimes a
full on MX router isn’t required.
From: NANOG On Behalf Of Javier
Gutierrez Guerra
Sent: Friday, May 7, 2021 1:55 PM
Mel,
I hope you're not implementing this in an ISP network, it's not net neutral if
a carrier is making a (political) route/filtering decision. (Points to The
Great Firewall of China)
Ryan
-Original Message-
From: NANOG On Behalf Of Mel Beckman
Sent: Saturday, April 24, 2021 4:17 PM
Twitter works for me on desktop and mobile.
From: NANOG On Behalf Of ADNS NetBSD
List Subscriber
Sent: Friday, April 16, 2021 5:23 PM
To: nanog@nanog.org
Subject: Twitter is down (What a shame)
Looks like backend is down – main page loads, no content.
Does this mean we return to a
but that's it.
Do you not understand my issue? I thought that is the real problem with the
online bullies in this thread.
--
Thank You,
Joe
On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel mailto:administra...@rkhtech.org> > wrote:
Joe,
The underlying premise here is, “pick your b
Joe,
The underlying premise here is, “pick your battles”. If you don’t want an IP
address to access your device in anyway, setup a firewall and properly
configure it to accept whitelisted traffic only, or just expose a VPN endpoint.
The Internet is full of both good and bad actors that
They’re saying it’s a fiber cut in Brooklyn.
https://twitter.com/VerizonSupport/status/1354109889572982786 Would be
interesting to see the RFO on this.
Ryan
From: NANOG On Behalf Of Robert Webb
Sent: Tuesday, January 26, 2021 9:14 AM
To: Brian Loveland
Cc: North American Network
Brian,
It’s an overall Verizon issue, they say it’s a fiber cut in Brooklyn
https://twitter.com/VerizonSupport/status/1354109889572982786?s=20, but that
would be a single point of failure. Quite a discussion on the outages mailing
list.
Ryan
From: NANOG On Behalf Of Brian
Loveland
That's Cogent for ya.
Ryan
On Mon, Nov 30, 2020, 10:14 AM Paul Emmons wrote:
>
> You take down a 10g connection and they bill each side $.2 a meg, 95th
>> percintile billing. VLAN between the two sites. Both sites have to have a
>> different AS number. So if you want to move 1g of data, 95th
This same issue happened in Los Angeles a number of years ago, but for IPv4 and
v6. They need to setup sane BGP timers, and/or advocate the use of BFD for BGP
sessions both customer facing and internal.
Ryan
On Nov 15 2020, at 5:58 pm, Matt Corallo wrote:
> Has anyone else experienced issues
I'm curious to know why they would add such a thing, and how you got the
iptables rules from the device. Do these Asus routers provide SSH directly into
the shell?
Ryan
On Oct 28 2020, at 11:33 am, Anurag Bhatia wrote:
> Hello,
>
> Wondering anyone from Asus here or anyone who could connect me
It can handle a few full tables, but the performance of an MX80/MX104 is nearly
the same as the EX4200 switch.
Ryan
On Oct 16 2020, at 4:41 pm, Tony Wicks wrote:
> Well, there is always the MX104 (if you want redundancy) or MX80 if you
> don’t. That will give you 80gig wire speed just don’t
Ytti wrote:
> On Thu, 15 Oct 2020 at 10:28, Ryan Hamel wrote:
>
> > My experience with multiple carriers is that reroutes happen in under a
> > minute but rarely happen, I also have redundant backup circuits to another
> > datacenter, so no traffic is truly lost. If an out
tocol udp;
destination-port [ 3784 3785 4784 ];
source-prefix-list bgp_hosts;
}
then accept;
}
term deny_bfd {
from {
protocol udp;
destination-port [ 3784 3785 4784 ];
}
then discard;
}
Ryan
On Oct 14 2020, at 11:29 pm, Saku Ytti wrote:
> On Thu, 15 Oct 2020 at 09:11, Ryan Hamel (mailto
Yep. Make sure you run BFD with your peering protocols, to catch outages very
quickly.
On Oct 14 2020, at 12:47 pm, Mike Hammett wrote:
> I haven't heard any concerns with reliability, on-net performance (aside from
> 2 gig flow limit) or other such things. Do they generally deliver well in
>
ce
> of SDH with all the functionality of Ethernet. Very popular service.
> Unfortunately, management replaced with Switched Ethernet, which many
> customers distrusted because of potential overbooking issues.
>
>
> From: Ryan Hamel
> Sent: Wednesday, October 14, 2020 8
gt; From: NANOG on
> behalf of Ryan Hamel
> Sent: Wednesday, October 14, 2020 7:54 PM
> To: Mike Hammett
> Cc: nanog@nanog.org
> Subject: Re: Cogent Layer 2
>
>
> Mike,
>
> Layer 2 is fine once it works.
> You will have to put up with whatever VLAN tags they
Mike,
Layer 2 is fine once it works.
You will have to put up with whatever VLAN tags they pick, if you plan on
having multiple virtual circuits on a 10G hub.
They do like to see into the flows of traffic, as they only allow up to
2Gbits/flow, per there legacy infrastructure.
If the circuit
You would get better peering from Equinix IX, which includes free HE IPv4
Peering + IPv6 Transit
Ryan
On Oct 13 2020, at 4:29 pm, Aaron Gould wrote:
> Do y’all like HE for Internet uplink? I’m thinking about using them for
> 100gig in Texas. It would be for my eyeballs ISP. We currently have
There is linux happening in some devices.
https://www.juniper.net/documentation/en_US/junos/topics/concept/evo-overview.html
Ryan
On Thu, Oct 8, 2020, 4:16 PM Matt Harris wrote:
> Matt Harris
> | Infrastructure Lead Engineer
> 816‑256‑5446
> | Direct
> Looking for something?
> *Helpdesk
> "How can I check if my communication against the NextHop of the routes that I
> learn from the route-servers are OK? If it is not OK, how can I remove it
> from my FIB?"
Install a route optimizer that constantly pings next hops, when the drop
threshold is met, remove the routes. No one is
FZ, they have SOME
> responsibility to keep their software from accidentally breaking the internet.
>
> -Matt
>
>
> On Sat, Aug 1, 2020 at 2:30 PM Ryan Hamel (mailto:r...@rkhtech.org)> wrote:
> > Job,
> >
> > I disagree on the fact that it is not fair to
Job,
I disagree on the fact that it is not fair to the BGP implementation ecosystem,
to enforce a single piece of software to activate the no-export community by
default, due to ignorance from the engineer(s) implementing the solution. It
should be common sense that certain routes that should
Hey Constantine,
John came in with a technical issue. If you have nothing worthy to say about it
specifically, it's best to keep quiet.
Thanks!
Ryan
On May 30 2020, at 11:52 am, Constantine A. Murenin wrote:
> When you're not paying for service, you're not the customer, you're the
> product.
>
ion for spanning-tree protocols - Junos OS 15.1X53-D50
Root protection for spanning-tree protocols - Junos OS 15.1X53-D50
Ryan Hamel
On May 26 2020, at 11:09 pm, Phil Lavin wrote:
> > Even the big guys like Juniper fail at basic functionality. Our brand new
> > MX204 fails to select the correct
demonstrating a proof of concept with a couple
of Linux VMs, showing off the client and router changes, and release it for the
community to play around with.
Actions speak louder than words. Just like RIPE votes, and listing your email
address as spam.
Have a good one.
Ryan Hamel
On May 13 2020, at 2
I do not recommend doing that, it's 30 members in a single stack. Mine was only
two, directly connected to each other.
Treat your control plane like your L2, don't extend it farther than necessary.
Ryan
On Feb 25 2020, at 9:00 pm, Tim Požár wrote:
>
> Also, Juniper switches will stack over
How would that work to solve Norman's problem? That sounds like a lot of money
spending, and setup time, for nothing.
Ryan
On Feb 25 2020, at 8:21 pm, Bradley Burch wrote:
>
> Should consider DWDM or GPON and in those look at passive optical
> technologies that can benefit the project.
> > On
I'd say a pair of Juniper switches on each floor, with their virtual-chassis
capability. Terminate the top/bottom floor of fiber 1 into switch 1, and the
other into switch two. Create an LACP bond between each floors switches, tag
the necessary VLANs, and put the VLAN SVIs onto the first pair
Jean,
Do you have facts to support this claim?
Signed,
A happy pfSense user.
On Mon, Feb 3, 2020, 12:42 PM Jean | ddostest.me via NANOG
wrote:
> Netgate bought Pfsense and they already started to destroy it.
>
> You should consider to switch to Opnsense.
>
> On 2020-02-03 14:34, Matt Harris
Just let the old platforms ride off into the sunset as originally planned
like the SSL implementations in older JRE installs, XP, etc. You shouldn't
be holding onto the past.
Ryan
On Tue, Dec 31, 2019, 12:41 AM Constantine A. Murenin
wrote:
> On Tue, 31 Dec 2019 at 02:29, Matt Hoppes <
>
On Mon, Dec 30, 2019, 12:44 PM Job Snijders wrote:
> Dear all,
>
> On Fri, Dec 27, 2019 at 04:06:24PM -0500, Christopher Morrow wrote:
> > If there are AS46844 folk listening around their eggnog ... it'd be
> > nice if you would stop leaking prefixes: https://imgur.com/a/Js0YvP2
> >
> > this
Hey everyone,
Can someone from PayPal who manages their IP ACLs to reach out to me,
offlist? I have an IP address that is acting like its blocked but support
is saying it's not.
Thank you in advance for your time.
Ryan Hamel
Rob,
I am going to assume you want it to spit out 10G clean, what size dirty traffic
are you expecting it to handle?
Ryan
On Nov 17 2019, at 2:18 pm, Rabbi Rob Thomas wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> Hello, NANOG!
> I'm in the midst of rebuilding/upgrading our
Job,
I appreciate the effort and the intent behind this project, but why should
the community contribute to an open source project on GitHub that is mainly
powered by a closed source binary?
Ryan
On Wed, Aug 14, 2019, 10:55 AM Job Snijders wrote:
> Dear NANOG,
>
> Recently NTT investigated
> could network operators do anything to make these sites “not so easy” to be
> found, reached, and used to end innocent lives?
Nope. If they follow the word of the providers and services they use, there is
no reason to terminate the service. CloudFlare terminating 8chan's service was
a one
>
> Do it. I'd name and shame all of them.
Ryan
On Fri, Aug 2, 2019, 4:33 PM Tim Burke wrote:
>
>> We recently received a new ASN from ARIN - you know what that means...
>> the sales vultures come out to play!
>>
>> So far, it has resulted in spam from Cogent (which is, of course, to be
>>
Nowhere near the number as an engineer fat fingering a route. There are ISPs
that accept routes all the way to /32 or /128, for traffic engineering with
ease, and/or RTBH.
Ryan
-Original Message-
From: NANOG On Behalf Of Nick Hilliard
Sent: Tuesday, July 16, 2019 11:04 AM
To: Job
The answers which you seek would be considered secret sauce to these vendors.
But you can start at running MTRs through a VRF per carrier only containing a
default route, and looking at the results.
Ryan
On Tue, Jul 16, 2019 at 6:11 AM -0700, "Dimeji Fayomi"
Java as a dependency this day and age…
-Ryan
From: Jason Kuehl
Sent: Monday, July 08, 2019 6:41 AM
To: Mehmet Akcin
Cc: Ryan Hamel ; Niels Bakker
; nanog@nanog.org
Subject: Re: Must have ISP Open Source & tools
We use https://cbackup.me/en/ over Rancid
--
Sincerely,
Jason W Kuehl
Cell
My List:
Oxidized as a replacement for RANCID
Telegraf + InfluxDB = Tons of Grafana Dashboards
(Open Source Slack Alternative)
Ansible or Python Knowledge with Paramiko or netmiko for network automation.
BGP:
FRRouting - Mimics Cisco CLI
BIRD - Programming style config format.
Exabgp - Mostly
, that way intelligent routing changes can be made much
quicker.
--
Ryan Hamel
Network Administrator
ryan.ha...@quadranet.com | +1 (888) 578-2372
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud
From: NANOG On Behalf Of Tony C
Sent: Friday, April 12, 2019 8:22 PM
To: nanog@nanog.org
an exception on data it doesn’t know to
expect, and rolling back the changes if it’s possible.
--
Ryan Hamel
Network Administrator
ryan.ha...@quadranet.com | +1 (888) 578-2372
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud
When I receive a report, we follow our procedures with the Cyber Tip Line, and
then immediately null route the IP address until the content is removed.
From: NANOG On Behalf Of Suresh Ramasubramanian
Sent: Thursday, December 06, 2018 10:49 PM
To: Mark Seiden
Cc: nanog@nanog.org
Subject: Re:
or /48 through
the carrier that has the filters in place to ensure they get all the traffic.
After post processing the spoofed traffic, it should leave you with flooding to
take care of.
--
Ryan Hamel
Network Administrator
ryan.ha...@quadranet.com | +1 (888) 578-2372
QuadraNet Enterprises, LLC
this to
swing /32's or /128's to said dedicated links so it won't affect your clients
traffic.
--
Ryan Hamel
Network Administrator
ryan.ha...@quadranet.com | +1 (888) 578-2372
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud
-Original Message-
From: NANOG On Behalf Of
Mike
+1 SecureCRT in general, and don’t buy Brocade,
I was happy when I got to pull out the last Foundry.
--
Ryan Hamel
Network Engineer
ryan.ha...@quadranet.com<mailto:ryan.ha...@quadranet.com> | +1 (888) 578-2372
x201
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud
the Jericho chipset or some variant to get
that kind of performance. In the end, your mileage may vary.
--
Ryan Hamel
Network Engineer
ryan.ha...@quadranet.com | +1 (888) 578-2372 x201
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud
-Original Message-
From: NANOG
Confirmed Verizon - Android - Los Angeles.
--
Ryan Hamel
Network Engineer
ryan.ha...@quadranet.com | +1 (888) 578-2372 x201
QuadraNet Enterprises, LLC. | Dedicated Servers, Colocation, Cloud
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Milt Aitken
Sent
of knowledge?
That's crazy.
Ryan Hamel
-Original Message-
From: NANOG On Behalf Of Ryan Woolley
Sent: Monday, October 01, 2018 11:48 AM
To: NANOG
Subject: Re: NANOG Security Track: Route Security
On Mon, Oct 1, 2018 at 8:16 AM Netravnen wrote:
>
> On Mon, 1 Oct 2018 at 14:01, John Kr
Just like how all the email threads on NANOG are archived, all talks should be
archived as well.
Ryan Hamel
From: NANOG On Behalf Of Krassimir Tzvetanov
Sent: Sunday, September 30, 2018 3:31 PM
To: Sam Oduor
Cc: NANOG mailing list
Subject: Re: NANOG Security Track: Route Security
Sam
I just use a Raspberry Pi with USB to Serial adapters or old servers with
PCI(-E) 8 port serial cards. They make it so easy to adapt to any environment,
and it phones home to my conserver (https://www.conserver.com/) gateway. The
total cost for hardware is less than $150.
Ryan
From: NANOG On
is going to offer such filtering services for free
when DDoS mitigation is a cash cow.
Ryan Hamel
From: NANOG On Behalf Of Baldur Norddahl
Sent: Sunday, September 02, 2018 1:42 AM
To: nanog@nanog.org
Subject: Re: automatic rtbh trigger using flow data
This is not true. Some of our transits do RTBH
No ISP is in the business of filtering traffic unless the client pays the hefty
fee since someone still has to tank the attack.
I also don’t think there is destination prefix IP filtering in flowspec, which
could seriously cause problems.
From: NANOG On Behalf Of Baldur Norddahl
Sent:
From experience, sflows are horribly inaccurate for DDoS detection, since the
volume could disrupt the control plane and render the process useless, thus not
giving data to the external system to act upon it. You can't get any better
than mirroring your inbound transit, and sampling the output
1 - 100 of 115 matches
Mail list logo
