estination doesn't match any subnet CIDR blocks." You can only assign
the block's IP addresses to subnets or not and then assign addresses
from the subnet to the instances. You can't have more than 256 subnets
in a VPC so why would you need more than a /56 of IPv6 addresses?
Regards,
Bill H
turn broke
everything else, complicating their efforts to access the various
systems including the ones they could have copied and pasted IP
addresses from.
But, to hear Masataka tell it, copy and paste hasn't been invented yet
so we all type IP addresses by hand on our vt100 CRT terminals.
Regards,
Bill H
dom samples.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
Changing that direction to
"treat it like unicast" without ambiguity is not a quibble.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Tue, Nov 23, 2021 at 9:02 PM David Conrad wrote:
> On Nov 23, 2021, at 10:33 AM, William Herrin wrote:
> > 1. Move it from "reserved" to "unallocated unicast" (IETF action)
>
> Or…
>
> 1. IAB or IESG requests the IANA team to delegate one
it as yet-to-be-allocated
unicast has cycled out of use, argue about what to allocate the
addresses to.
Bottom line though is that the IETF has to act before anyone else
reasonably can.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
fence versus a lost padlock key and well into
the zombie apocalypse.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
best to employ.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
resses that required
a block that wasn't unicast. It was politics in the 2000's and the
2010's, as it is today.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
g configuration, removing some
possibly hardcoded filters and in a few cases waiting for silicon to
age out of the system. Changing 224/4 means following a different code
path which does something fundamentally different with the packets --
unicast instead of multicast.
Regards,
Bill Herrin
--
W
be bought and used.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t; for which they are not equipped with the skills to do.
Howdy,
That depends on your timeline. Do you know many non-technical people
still using their Pentium III computers with circa 2001 software
versions? Connected to the Internet?
Regards,
Bill Herrin
--
William Herrin
b...@her
1992 to when the
> first hardware based routing was done. *Anything* that extended the
> address space would have been better.
Obligatory 2007 plug: https://bill.herrin.us/network/ipxl.html
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Fri, Nov 19, 2021 at 8:35 AM Owen DeLong via NANOG wrote:
> I’m all for IPv6 having better implementations than IPv4 rather than mere
> feature parity.
Me too, just not in a dystopian Harrison Bergeron sort of way.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
On Thu, Nov 18, 2021 at 11:20 PM Måns Nilsson wrote:
> Subject: Re: Redploying most of 127/8 as unicast public Date: Thu, Nov 18,
> 2021 at 01:46:04PM -0800 Quoting William Herrin (b...@herrin.us):
> > The detractors for this proposal and those like it make the core claim
> >
er need the result because IPv6 takes over the world but we
should make the change anyway. Because hedging our bets is what
responsible people do.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
what unicast use
they should be put to 20 years from now when ordinary equipment and
software churn has rendered the addresses more or less usable.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
o
decades but if we're still using IPv4 in two decades we'll be glad to
have anything we can scrounge. Why not ask OS authors to start
assigning 127.0.0.1/16 to loopback instead of 127.0.0.1/8?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
m domains that aren't assigned to it.
That it does makes me think it's a good candidate for black-holing in
the routing system.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ls before
old data is discarded. There are a handful of scenarios (e.g.
old-school browser pinning) where stale data can persist for months.
Don't let the domain expire before you renew it. Really don't.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
? The web page doesn't say anything
and Google Maps says the building is closed.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Oct 18, 2021 at 1:47 PM Matthew Petach wrote:
> On Mon, Oct 18, 2021 at 1:17 PM William Herrin wrote:
>> Since peering customers can only reach transit customers, it follows
>> that one of the customers in the equation is a fully-paid transit
>> customer. That
On Mon, Oct 18, 2021 at 11:47 AM Matthew Petach wrote:
> On Mon, Oct 18, 2021 at 11:16 AM William Herrin wrote:
>> On Mon, Oct 18, 2021 at 10:30 AM Baldur Norddahl
>> wrote:
>> > Around here there are certain expectations if you sell a product called IP
>> &g
ll Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t; an SD-WAN device (and/or some firewalls)?
The babel protocol does some of this.
https://datatracker.ietf.org/doc/html/rfc6126
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
tements really mean.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Thu, Oct 7, 2021 at 9:04 PM Masataka Ohta
wrote:
> William Herrin wrote:
> > Facebook withdrawing the BGP
> > routes to its anycasted public DNS servers as they expired made no
> > difference.
>
> If they are not using standard expire mechanism expecting
> inter
On Thu, Oct 7, 2021 at 10:23 AM Masataka Ohta
wrote:
> William Herrin wrote:
> > Facebook's _internal_ DNS, while not anycasted, followed a similar
> > logic: if the data center is isolated and their data goes stale, they
> > stop serving potentially wrong answers.
&
ich more or less everything else depends.
I didn't work for the DNS team when I worked as a production engineer
for Facebook but I worked close enough to understand what happened
from the posted description.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
out not to be an operationally sound
practice. The theory offered in 3258 was wrong.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
the other would cause rather than prevent an outage.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
es itself to be malfunctioning, it withdraws the routes so
that users will reach a different data center that is, in theory,
still functioning.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
use you didn't actually tell it to remove half
the operating system, you have a choice: spin up a fork of chef with a
couple patches to the chef-rpm interaction or just monkey-patch it in
one of your chef recipes.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
dule elsewhere forced air past the various
components including the power supply. Efficient power supplies (which
you really should be using in 24/7 data centers) don't even generate
all that much heat.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
low
implemented in quite a bit of network gear. Side cooling? Pulling air
from the side you know will be facing the hot aisle? Seriously, the
physical build of network equipment is not entirely competent.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
(or at least relate its terms) upon request.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
soline-powered car.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
rning lights that the facility is on emergency
power. It's probably a good idea but I've never seen it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
e DNS name the browser used.
The best answer is: don't do that. If you have such little trust for
your web staff, replace them with trustworthy people.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
r. The users of the ISP can still
reach it via the origin's alternate Internet connection.
Reciprocal peers of the ISP can also reach it via the broader Internet
but can't reach it via the peering connection to the ISP to whom the
origin is not currently connected. If they filter the Internet route,
the path ends up going to the ISP's peering router where it's black
holed.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
so disaggregate the announcement
for the supernet that /24 is a part of, exploding the size of the BGP
table. If they don't, the overlapping announcement is a "lie" because
they don't always have a route to the /24.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Thu, Aug 12, 2021 at 10:39 AM Amir Herzberg wrote:
> On Thu, Aug 12, 2021 at 1:22 PM William Herrin wrote:
>> A originates 10.0.0.0/16 to paid transit C
>> B originates 10.0.1.0/24 also to paid transit C
> Bill, I beg to respectfully differ, knowing that I'm just a researc
On Thu, Aug 12, 2021 at 10:19 AM William Herrin wrote:
> On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher wrote:
> > On 12/08/2021 17:59, William Herrin wrote:
> > > If you prune the routes from the Routing Information Base instead, for
> > > any widely accepted size (
On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher wrote:
> On 12/08/2021 17:59, William Herrin wrote:
> > If you prune the routes from the Routing Information Base instead, for
> > any widely accepted size (i.e. /24 or shorter netmask) you break the
> > Internet.
&g
tle more
power could handle one much larger. It's the FIB which drives the
limits.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ntial /24
> advertisements.
Howdy,
It's not that simple. For example, 224/4 is not a 'reserved' space but
it can't appear in the unicast BGP table either. That alone is a
million routes unaccounted for in your math.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Aug 9, 2021 at 9:24 AM Masataka Ohta
wrote:
> William Herrin wrote:
> > I did some math on this years ago and it worked out to about 8.5
> > million IPv4 routes.
>
> It should be 14M.
Doubtful. Like I said, I did the math. The question I asked at the time was:
If:
I
folks to -undo- the restrictions they
manually enforce on your specific address space is nearly impossible.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
rpose you describe.
Silly question but: for a web crawler, why do you care whether it has
the limited geographically distribution that a cloud service provides?
It's a parallel batch task. It doesn't exactly matter whether you have
minimum latency.
Regards,
Bill Herrin
--
William
metric routing, is not usable. The middle can only
look at its immediate link stats which, when there's a bug, are
misleading.
What would you change to dig us out of this hole?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
stributed virtual server
infrastructure. Basically like what Amazon does under the hood for its
virtual private cloud. Since you're trying to get the machines to
appear on the same subnet, not separate them to different subnets, I
don't think it's what you're looking for.
Regards,
Bill Herrin
macsec using
multiple SCIs at each station so there's a magnification effect of
encrypted multicast packets that the switch can't snoop even if it
wanted to -- all the intermediate equipment sees is an opaque ethernet
frame with the broadcast flag set.
Regards,
Bill Herrin
--
William
hadow war where the FCC's amateur
interference would not be helpful.
I'm also thinking this would make a great plot for a science fiction /
spy novel. Any writers out there?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
hanging it's
footing to adequately operate in that space would likely impair its
core mission. Let security agencies decide when an import should be
banned and let them ban it independent of the FCC's activity.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
only place they could have come from was
Google's server.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sat, Jun 12, 2021 at 10:36 AM Max Harmony via NANOG wrote:
> On 12 Jun 2021, at 10.29, William Herrin wrote:
>> They snuck it on me.
>
> By hiding it right on the "browser features" page?
By silenting defaulting it to enabled, damn right.
Regards,
Bill Herr
u just didn't read the fine print.
I always read the fine print. I'm that guy. I don't always go
searching the menus for bad defaults but I always read everything they
bother to tell me I'm agreeing to.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ing to reuse a
> single password or write them down.
If I had authorized it, it would indeed be just like any other
password managing web site. I did not knowingly authorize it. They
snuck it on me.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ar ,
This would be fine had I intended this behavior. That it magically
happened because I told my phone it could sync my gmail is very very
disturbing.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
y finding Google in possession of passwords I
never intentionally allowed it to have. This sneak around behind my
back stuff means I wasn't in control of my passwords.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
lse is semantics.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Fri, Jun 11, 2021 at 9:38 AM Jan Schaumann via NANOG wrote:
> William Herrin wrote:
> > It turns out that every password I allowed Chrome on Android to
> > remember, it uploaded to Google. In plain text!!
>
> Chrome does not store your passwords in plain text.
>
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
seless), but it won't keep them only on the local
device. If allowed to remember passwords, it uploads them to Google.
No knob to turn sync off.
-Bill
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
. In plain text!! And it could prove it
by displaying the plain text passwords for me on my laptop. And I
can't turn the upload off!
To the google folks on here: Are you INSANE!?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
packets to be repeated.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
with these mysteriously
unexplained packet discards matching no conceivable rule in
iptables... This failure has too often been the bane of my existence
when using Linux for advanced networking.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
tion of
> insanity?
Yes it is, which is why I'm also against subsidizing large carriers to
build out monopoly networks.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
as well as having municipalities pay for roads and
letting people buy their own cars and trucks to use on them.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
very simple:
1. If your IP address is 1.2.3.4 then drop any Internet-bound packets
which purport to be -from- any address which is not 1.2.3.4.
2. If your IP address is 1.2.3.4 then drop any packets FROM the
Internet which purport to be -from- 1.2.3.4.
That's it!
Regards,
Bill Herrin
--
W
you. They have
big enough connections to sink whatever packets the attacker sends
their way. They filter this data and then allow just the legitimate
packets to make their way over a VPN back to you.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
govern technologies many
if not most of us use.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
; me. Item 8:
A major North American Operator goes after some industry boogeymen who
tried to extort them with a router (Networking) patent. Seems pretty
on topic to me.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
dentity dissociated from the Internet activity.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
came into DoD's possession when this was
all still a military project funded by what's now DARPA.
Personally, I think we may have an all time record for the largest
honeypot ever constructed. I'd love to be a fly on that wall.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
hich allow cases to be brought in the
resident's country when the behavior is unlawful in both countries and
at least part of the actual activity happened in the other country.
Fraud abetting some other unlawful behavior is broadly unlawful
itself.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
e service is a VPN relay for addresses which are actually being
used in Estonia then what's the problem? You're just a transit for
those IPs. Report the location where the endpoints are, not the
transits.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t would help.
Hint: carrying around a separate hardware fob for each important
Internet-based service is a non-starter. Users might do it for their
one or two most important services but yours isn't one of them.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ion.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
thing.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
authenticator like SMS is meant
to -enhance- the security of a memorized secret authenticator, not
replace it. If properly used, it does exactly that. If misused, it of
course weakens your security.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
d the shared secret used to generate your TOTP code?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
er that's 500
milliseconds long and then let a TCP connection fill it up, apps which
work poorly in high latency environments (like games and ssh) will
suffer.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t
you've a better chance of winning the lottery or being hit by
lightning than finding those two addresses in use.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
om" address overriding source
address selection for ICMP error messages so that you could just put
RFC1918 on the router to router links instead of wasting global IP
addresses on them.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ou're really clever you can convince the stations that 10.0.0.1 is
the default gateway but convince the router that 10.0.0.1 is upstream
so that the router doesn't even need a dedicated IP address facing the
LAN.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
explicit permission is a zero-tolerance
first-time firing offense at Facebook? I didn't! Seems they got
religion after Cambridge Analytica. They even have strong technical
controls to stop it. They process the heck out of your data but they
do not, do not look.
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
vendor on the main list. Rather than guessing at how to
split up topics, why not confine the effort to the one need that seems
to clearly exist: a place for network engineers to solicit vendors of
the goods and services that network engineers buy?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
bids for X" is certainly not. The "three
year term" statement pushed you solidly into the latter.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
<https://bill.herrin.us/>
https://bill.herrin.us/
dustry, it's not one of the critical
sources of anticompetitive behavior. The two primary sources are
things like the subtle collusion involved in closed peering policies
and product tying where many valuable services like a wavelength on a
last-mile PONS line cannot be purchased independently of the Internet
service lighting that line.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
f the 1990s offers an
interesting case study in driving competition out with extended
below-cost pricing. But this was dialup and DSL service, not backbone
peering.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ually pause anything but saves a little
power by de-pipelining and, if hyperthreading is enabled, releasing
the core to run the alternate thread.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
rate environments where no gains are likely to be realized by
avoiding a busy-wait loop.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
d anycast TCP where packet #2
arrived at a different server than packet #1.
-Bill
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t; Mike
>
>
> > Sent from my iPad
> >
> >> On Feb 16, 2021, at 3:07 PM, Michael Thomas wrote:
> >>
> >>
> >> Basically are there places that you can't get allocations? If so,
> >> what is happening?
> >>
> >> Mike
> >>
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
specified transfer at the RIR
which transfers those addresses to you.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
power plants need water to stay online. Yet
those water facilities froze in the cold temperatures"
https://www.cnn.com/2021/02/16/business/texas-power-energy-nightmare/index.html
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
<https://bill.herrin.us/>
https://bill.herrin.us/
On Mon, Feb 15, 2021 at 7:49 AM Valdis Klētnieks
wrote:
> On Sun, 14 Feb 2021 22:25:56 -0800, William Herrin said:
> > This particular problem could be quickly resolved if the OSes still
> > getting updates were updated to default name resolution to prioritize
> > the I
o each
application individually. Getaddrinfo() is core standard. Fix the
problem in the place that fixes it in every place or else it's never
really fixed.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
fixed.
Prioritizing IPv6 over IPv4 for newly initiated connections is one of
the trifecta of critical design errors that have been killing IPv6 for
two decades. One of the two that if key folks weren't being so
bull-headed about it, it would be trivial to fix.
Regards,
Bill Herrin
--
William Herrin
b...@her
301 - 400 of 1910 matches
Mail list logo