Chris Boyd wrote:
On Oct 22, 2009, at 6:14 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
My experience is that port 587 isn't used because ISPs block it
out-of-hand. Or in the case of Rogers in (at least) Vancouver, hijack
it with a proxy that filters out the AUTH parts of the EHLO
Michael Peddemors wrote:
On October 23, 2009, Steve Bertrand wrote:
http://eagle.ca/update/mail/Outlook_Express/index.html
...yes, believe it or not, even with the pictures, they will sometimes
still get it wrong ;)
Years in planning and implementation, but a good, large-scale learning
Sean Donelan wrote:
On Thu, 22 Oct 2009, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
My experience is that port 587 isn't used because ISPs block it
out-of-hand. Or in the case of Rogers in (at least) Vancouver, hijack
it with a proxy that filters out the AUTH parts of the EHLO response,
making
Jon Kibler wrote:
Zhiyun Qian wrote:
Hi all,
What is the common practice for enforcing port blocking policy (or what
is the common practice for you and your ISP)? More specifically, when
ISPs try to block certain outgoing port (port 25 for instance), they
could do two rules:
1). For any
Randy Bush wrote:
sure would be nice if there was a diagnosis before the lynching
If this happened in v4, would customers care 'why' it happened?
Obviously not.
Why should v6 be any different? It either is or is not production
ready. I'm interested in HE's view on that.
many of us
Gary T. Giesen wrote:
FWIW, we use BGP to our multihomed customers (even when we manage the
CPE), using a private AS. OSPF doesn't have the right toolset to
provide protection for inter-network route propogation, and the risk
of some customer's CPE screwing up you routing is just too high to
Ray Burkholder wrote:
Why is is necessary insist that using bits in a fashion that doesn't
require that growth be predicated on requests for additional resources
be considered wasteful?
Don't we still need to subnet in a reasonably small fashion in order to
contain broadcasts, ill-behaved
Dylan Ebner wrote:
I have been working on a project to better illustrate for our manages
the provider path data takes when it flows from one of our customers to
our datacenter. I have tried to use trace routes to illustrate the
number of hops data takes, but when I try to show many sources on
Barry Raveendran Greene wrote:
The best training available on the Net for a small ISP to learn from the
best is available . At www.nanog.org!
All the NANOGs are on VOD. Just go to the presentation archive:
http://www.nanog.org/presentations/archive/. Put in a keyword to search (say
BGP
Joel Jaeggli wrote:
Steve Bertrand wrote:
Stephen Kratzer wrote:
And, they have no plans to support IPv6.
Ouch!
I hope this is a non-starter for a lot of folks.
read the rest of the thread...
...unfortunately, my message was sent out on the 11th, but just received
yesterday
Paul Stewart wrote:
Hi folks...
Looking for some feedback on using Hurricane Electric as an upstream?
Even though I only have tunnel relationships with them for v6 (ie free
transit), I'd have to say that between:
- their excellent automation tools
- their time-to-response
- their level of
Stephen Kratzer wrote:
And, they have no plans to support IPv6.
Ouch!
I hope this is a non-starter for a lot of folks.
Steve
smime.p7s
Description: S/MIME Cryptographic Signature
Justin Krejci wrote:
If the private link between the two sites fails, will BGP allow for us to
access the IP subnets at site 2 from site 1 via the internet given that both
sites are advertising under the same ASN?
No, because your router at site 2 will not accept any prefix with its
own AS in
Chuck Anderson wrote:
On Fri, Jun 05, 2009 at 05:50:28PM -0500, Justin Krejci wrote:
If the private link between the two sites fails, will BGP allow for us to
access the IP subnets at site 2 from site 1 via the internet given that both
sites are advertising under the same ASN?
Maybe.
john.herb...@ins.com wrote:
Depending on your security policies you may want to encrypt said tunnel also.
Other than that, it all depends on it all depends. For example - if you
receive / or have a default route pointing to the ISP, then the fact you have
the same AS and won't receive the
Chuck Anderson wrote:
On Fri, Jun 05, 2009 at 07:40:15PM -0500, john.herb...@ins.com wrote:
This is a good concept but if the ISP route is a Juniper then as I
recall by default it looks ahead, sees the as-path routing loop if
it were to send it to the other router, and doesn't send it. So
Randy Bush wrote:
Have you ever known an ISP to not co-operate when it comes to
requesting a BGP session?
yes. this problem is rampant with colonialist telcos in the poorer
countries.
Yeah, well, I don't live in a poorer country, and I deal with it here.
*cough*
Steve
smime.p7s
Steve Bertrand wrote:
My problem is the noticeable delay for switchover when the fibre happens
to go down (God forbid).
I would like to know if BGP timer adjustment is the way to adjust this,
or if there is a better/different way. It's fair to say that the fibre
doesn't 'flap'. Based
Hi all,
I've got numerous single-site 100Mb fibre clients who have backup SDSL
links to my PoP. The two services terminate on separate
distribution/access routers.
The CPE that peers to my fibre router sets a community, and my end sets
the pref to 150 based on it. The CPE also sets a higher pref
Zaid Ali wrote:
From experience I found that you need to keep all the timers in sync with all
your peers. Something like this for every peer in your bgp config.
neighbor xxx.xx.xx.x timers 30 60
Make sure that this is communicated to your peer as well so that their timer
setting are
Danny McPherson wrote:
On May 22, 2009, at 5:15 PM, Steve Bertrand wrote:
neighbor xxx.xx.xx.x timers 30 60
Make sure that this is communicated to your peer as well so that
their timer setting are reflected the same.
Thankfully at this point, we manage all CPE of any clients who peer
Jack Bates wrote:
Steve Bertrand wrote:
Well, unfortunately, the local PUC owns the fibre, and they have a
switch aggregating all of their fibre in a star pattern. They then trunk
the VLANs to me across two redundant pair. I'm in the process of
persuading them to allow me to put my own gear
Philip Lavine wrote:
To all,
I am sure this has been asked 10 to the 1 millionth power times, however may
be the rules have changed. I am looking to set up a really small ISP with a
few /24's. I want to host DNS as well. Is there any whitepapers/howtos/best
practices on setting up
Jon Lewis wrote:
Still, it's
better to get your config done right than rely on your providers to
ignore what you shouldn't be advertising.
I have to agree completely with Jon here.
As a small SP, it is prudent to do everything you can to be a good 'netizen.
Apply your outbound prefix lists
Hi all,
I have a very quick selfish question...
Is there anyone here who can provide me with an IPv6-listening iperf for
a short time, so I can do some testing through my infrastructure and
over my transit links?
Max bandwidth 60Mb for short bursts (if I'm lucky).
Steve
smime.p7s
Steve Bertrand wrote:
Is there anyone here who can provide me with an IPv6-listening iperf for
a short time, so I can do some testing through my infrastructure and
over my transit links?
I want to thank everyone who responded to my request. The responses
were/are overwhelming.
I've found
Arie Vayner wrote:
You need also to remember that in many cases the DSL link is not provided by
the actual ISP. In many cases this is a wholesale scenario which uses L2TP
to forward the PPP session from the telco/DSL provider to the ISP.
In many cases there would also be another L2TP hop to
I'm still working on trying to get my primary provider to BGP peer with
us, but in the meantime, I'd like to pro-actively publish our objects
and route policy to the IRR.
My primary provider is currently advertising our IPv4 routes for us from
their AS.
Are there any potential dangers of
Joe Provo wrote:
On Mon, Mar 16, 2009 at 12:14:08PM -0400, Steve Bertrand wrote:
[snip]
Are there any potential dangers of publishing our information before we
use it that I may be overlooking?
In case you are worried about folks who filter, recall that the IRR
uniqueeness is based upon
Hi everyone,
Hopefully my question is operational 'enough' to be asked here, as I
don't know of any other place to ask...
Still trying to redesign (as-I-go) our ISP network, I've realized that
we are not large enough to deploy a full three layer approach (core,
dist, acc), so I'm trying to
Francois Menard wrote:
The Coalition of Internet Service Providers has filed a substantial
contribution at the CRTC stating:
1) The CRTC should forbid DPI, as it cannot be proven to be 98.5%
effective at trapping P2P, such as to guarantee congestion relief
2) The CRTC should allow for
Ingo Flaschberger wrote:
this plattform can handle about
100.000pps and 400mbit 1500byte packets with freebsd
http://lannerinc.com/Network_Application_Platforms/x86_Network_Appliance/1U_Network_Appliances/FW-7550
hardware:
4x pci 32bit, 33mhz intel gbit
1gb cf-card
1gb ram
Ryan Harden wrote:
While you could probably build a linux router that is just as fast as a
real hardware router, you're always going to run into the moving pieces
part of the equation.
Not if you boot directly from USB key into memory with no disk drive.
Steve
Daniel Rogers wrote:
The ISP may not support peering BGP with you, but can they publish routes
for you? I find it hard to believe ANY ISP just doesn't support BGP.
It is very possible that the ISP doesn't support BGP, but more likely,
I'd bet that the ISP has never configured BGP on the client
Jason Biel wrote:
The link that goes down will trigger that provider to remove the route,
traffic will swing and start coming in on the backup link.
This is assuming that 'ISP1' has the capability to advertise the OP's
route in the first place.
What if ISP1 is simply a customer of another ISP,
For all the kind folk who have been asking how my project is going, I'll
summarize here.
- I've enabled strict uRPF filtering on all interfaces that I am certain
what the source will be.
- I've implemented a mix of loose uRPF combined with ACL's on interfaces
that I know have multi-homed clients
Nathan Ward wrote:
On 4/02/2009, at 2:33 PM, Steve Bertrand wrote:
- Currently, (as I write), I'm migrating my entire core from IPv4 to
IPv6. I've got the space, and I love to learn, so I'm just lab-ing it up
now to see how things will flow with all iBGP v4 routes being
advertised/routed
Skeeve Stevens wrote:
Agreed. Keeping it separate works very well. Can be the same interface
sure... but do it as a separate session.
Yeah, that's what I thought, and that is exactly what I've been doing
thus far.
I was hoping to have a v6-only core, but in order to get the current
project
Raoul Bhatia [IPAX] wrote:
hello steve,
Steve Bertrand wrote:
I've done much research on RPSL, BCP 38, and other basic filter methods
(and from a systems standpoint, I always follow an
allow,allow,default-deny approach) , and I am willing to follow all
standards and recommended practises
Although I've posted to this list before, I don't want to waste your
time. This is an ops question, so I'm looking for direction, off-list if
necessary.
We are a *very* small I-SP, and am just now being put in the position to
be a backup transit for a client.
Currently, our 'upstream' advertises
Scott Morris wrote:
There aren't sequence numbers with ICMP. And the timeout value is
watched/triggered before the next ICMP is sent, so there shouldn't really be
any ordering problem/interpretation anyway.
FYI, from RFC 792:
Sequence Number
Description
The data received in the
Steve Bertrand wrote:
Scott Morris wrote:
There aren't sequence numbers with ICMP. And the timeout value is
watched/triggered before the next ICMP is sent, so there shouldn't really be
any ordering problem/interpretation anyway.
FYI, from RFC 792:
My apologies. I should have actually used
Matthew Black wrote:
I've had difficulties reaching anyone with a brain
at my DSL provider Verizon California.
I can reliably ping the first hop from my home to
the CO with a 25ms delay. But if I ping any other
location, packets get dropped or significantly
delayed. To me, this sounds like
Iljitsch van Beijnum wrote:
On 27 aug 2008, at 7:58, Paul Wall wrote:
- single loopback/single IP for all peers, or;
- each peer with its own loopback/IP?
You should use caution when using loopback IP addresses and building
external multihop BGP sessions. By permitting external devices to
Iljitsch van Beijnum wrote:
The advantage of a separate loopback address is that if you ever have
any trouble, you can simply remove that address and the trouble is gone,
too. This wouldn't work for the loopback address you also use for iBGP
or a physical interface.
Ok. It probably would
Hi everyone,
This question comes after likely overlooking an IETF document or BCP
that describes what I'm after. Given that I am looking for advice from
someone who is more experienced operationally in this regard than me,
and that this technically is an implementation-neutral question, I
With the time I've had, I've tried my best to keep up with every message
related to the current issue upon us related to DNS.
I am a small op, amongst many that I've met the last few days that may
need assistance. I would like at least someone from a large operation to
read what I've done,
Steve Bertrand wrote:
Hi everyone,
We are experiencing an issue in regards to SMTP MTA relay responses
regarding 'no such user', and it *apparently* appears to be only
occurring when a particular site attempts to deliver email to us.
For the sake of completeness...
The problem has been
Steve Bertrand wrote:
Hi everyone,
We are experiencing an issue in regards to SMTP MTA relay responses
regarding 'no such user', and it *apparently* appears to be only
occurring when a particular site attempts to deliver email to us. Any
advice on how to further troubleshoot my issue would
Frank Bulk - iNAME wrote:
Once you've performed a full capture on port 25, Wireshark does a nice job
of providing an option to extract the relevant conversation by
right-clicking on just one packet in that conversation and choosing
something called Follow the TCP stream, I believe.
Ok. I've
Shane Short wrote:
are you using vpopmail with your qmail install? (I can't seem to load
your errors again, I recall they were chkuser failures)
Yes, vpopmail against MySQL.
I've had this problem before when I've run out of MySQL connections and
vchkuser was then failing.
Thanks for the
Hi everyone,
We are experiencing an issue in regards to SMTP MTA relay responses
regarding 'no such user', and it *apparently* appears to be only
occurring when a particular site attempts to deliver email to us. Any
advice on how to further troubleshoot my issue would be greatly appreciated.
David Coulson wrote:
Jon Kibler wrote:
Not based on any standard, but here is a schema I have used many times:
snip
Where I used to work - ISP. All of the above - Yellow.
Where I work now - Enterprise. All of the above - Grey.
LOL, simplicity via obscurity at its finest ;)
Colour coding
David Coulson wrote:
Steve Bertrand wrote:
LOL, simplicity via obscurity at its finest ;)
Colour coding works great, and it's easy to follow. Then there is that
issue that pops up where *that* cable over there will work!
90% of our movable cable patches (aka stuff that is not hard wired
101 - 154 of 154 matches
Mail list logo
