Pardon the ignorance
I have to take this a step back. Your neighbor leaves their window open with
a fresh bowl of fish near the window. A bunch of cats show up and start
trying to get in, to no avail do they get in. At the first chance you
discuss this with your neighbor, and warn them of this
From: Paul Vixie vi...@isc.org
Date: Sat, 18 Apr 2009 00:08:04 +
...
i should answer something said earlier: yes there's only 14 bits of tag and
yes 2**14 is 4096. in the sparsest and most wasteful allocation scheme,
tags would be assigned 7:7 so there'd be a max of 64 peers.
i meant
Does anyone have an abuse contact for lease4web that they can contact me off
list about, the normal channels don't seem to be working here in regards to
some pesky hackers.
Regards,
Nick Rose
I have to take this a step back. Your neighbor leaves their window open with
a fresh bowl of fish near the window.
what i do is laugh at the fool and hit delete
stephen, any idea why this hasn't hit the nanog mailing list yet?
it's been hours, and things that others have sent on this thread
has appeared. is it stuck in a mail queue? --paul
re:
To: Deepak Jain dee...@ai.net
cc: Matthew Moyle-Croft m...@internode.com.au,
Arnold Nipper
lol, in a virtual world its always nice to have the delete key (:
-Original Message-
From: Randy Bush [mailto:ra...@psg.com]
Sent: Saturday, April 18, 2009 3:10 AM
To: Jo¢
Cc: 'andrew.wallace'; 'n3td3v'; nanog@nanog.org
Subject: Re: Michael Mooney releases another worm: Law
- kris foster kris.fos...@gmail.com wrote:
painfully, with multiple circuits into the IX :) I'm not advocating
Paul's suggestion at all here
Kris
Totally agree with you Kris.
For the IX scenario (or at least looking in a Public way) it seems Another
Terrible Mistake to me.
IMHO,
On Sat, Apr 18, 2009 at 05:30:41AM +, Stephen Stuart wrote:
Not sure how switches handle HOL blocking with QinQ traffic across trunks,
but hey...
what's the fun of running an IXP without testing some limits?
Indeed. Those with longer memories will remember that I used to
regularly
On 18/04/2009 01:08, Paul Vixie wrote:
i've spent more than several late nights and long weekends dealing with
the problems of shared multiaccess IXP networks. broadcast storms,
poisoned ARP, pointing default, unintended third party BGP, unintended
spanning tree, semitranslucent loops,
lol, in a virtual world its always nice to have the delete key (:
Best invention since packet switching which many said it will never
work.
Regards
Jorge
Date: Sat, 18 Apr 2009 10:09:00 +
From: bmann...@vacation.karoshi.com
... well... while there is a certain childlike obession with the
byzantine, rube-goldburg, lots of bells, knobs, whistles type
machines... for solid, predictable performance, simple clean
Date: Sat, 18 Apr 2009 16:35:51 +0100
From: Nick Hilliard n...@foobar.org
... i just don't care if people use L2 connectivity to get to an exchange
from a router somewhere else on their LAN. They have one mac address to
play around with, and if they start leaking mac addresses towards the
On Sat, Apr 18, 2009 at 04:01:41PM +, Paul Vixie wrote:
Date: Sat, 18 Apr 2009 10:09:00 +
From: bmann...@vacation.karoshi.com
... well... while there is a certain childlike obession with the
byzantine, rube-goldburg, lots of bells, knobs, whistles type
machines...
On Sat, 18 Apr 2009 16:58:24 +
bmann...@vacation.karoshi.com wrote:
i make the claim that simple, clean design and execution is
best. even the security goofs will agree.
Even? *Especially* -- or they're not competent at doing security.
But I hadn't even thought about DELNIs in
On 17/04/2009 15:11, Sharlon R. Carty wrote:
I like would to know what are best practices for an internet exchange. I
have some concerns about the following;
Can the IXP members use RFC 1918 ip addresses for their peering?
Can the IXP members use private autonomous numbers for their peering?
Paul Vixie wrote:
in terms of solid and predictable i would take per-peering VLANs with IP
addresses assigned by the peers themselves, over switches that do unicast
flood control or which are configured to ignore bpdu's in imaginative ways.
Simplicity only applies when it doesn't hinder
Dear Members,
Thanks for your help and valuable information.
Finally the issue resolved after card reset.
Case has been book with Cisco.
I will update you with the outcome of Cisco once they update us...
Thanks
Chandrashakher pawar
On Sat, Apr 18, 2009
I'll get off my soap-box now and let you resume your observations that
complexity as a goal in and of itself is the olny path forward. What
a dismal world-view.
No-one is arguing that complexity is a goal. Opportunities to
introduce gratuitous complexity abound, and
Stephen, that's a straw-man argument. Nobody's arguing against VLANs. Paul's
argument was that VLANs rendered shared subnets obsolete, and everybody else
has been rebutting that. Not saying that VLANs shouldn't be used.
Sent via BlackBerry by ATT
-Original Message-
From: Stephen
I have been looking at ams-ix and linx, even some african internet
exchanges as examples. But seeing how large they are(ams-x linx) and
we are in the startup phase, I would rather have some tips/examples
from anyone who has been doing IXP for quite awhile.
So far all the responses have
On 18.04.2009 21:51 Sharlon R. Carty wrote
I have been looking at ams-ix and linx, even some african internet
exchanges as examples. But seeing how large they are(ams-x linx) and
we are in the startup phase, I would rather have some tips/examples
from anyone who has been doing IXP for
Date: Sat, 18 Apr 2009 13:17:11 -0400
From: Steven M. Bellovin s...@cs.columbia.edu
On Sat, 18 Apr 2009 16:58:24 +
bmann...@vacation.karoshi.com wrote:
i make the claim that simple, clean design and execution is
best. even the security goofs will agree.
Even? *Especially*
On Sat, Apr 18, 2009 at 09:12:24PM +, Paul Vixie wrote:
Date: Sat, 18 Apr 2009 13:17:11 -0400
From: Steven M. Bellovin s...@cs.columbia.edu
On Sat, 18 Apr 2009 16:58:24 +
bmann...@vacation.karoshi.com wrote:
i make the claim that simple, clean design and execution is
Paul Vixie wrote:
if we maximize for simplicity we get a DELNI. oops that's not fast
enough we need a switch not a hub and it has to go 10Gbit/sec/port.
looks like we traded away some simplicity in order to reach our goals.
Agreed.
Security + Efficiency = base complexity
1Q has great
Stephen, that's a straw-man argument. Nobody's arguing against
VLANs. Paul's argument was that VLANs rendered shared subnets
obsolete, and everybody else has been rebutting that. Not saying that
VLANs shouldn't be used.
I believe shared VLANs for IXP interconnect are obsolete. Whether they
- public IP addresses for ipv4 and ipv6
- requirement for all members to use BGP, their own ASN and their own
address space
just to not confuse, that is behind the peering port. the peering port
uses the exchange's ipv4/6 space
- no customer IGPs
- dropping customer bpdus on sight
-
Thanks for talking about your PNIs. Let's see:
Permit Next Increase
Private Network Interface
Private Network Interconnection
Primary Network Interface
and it goes on and on . . .
On 19.04.2009 01:08 Randy Bush wrote
just curious. has anyone tried arista for smallish exchanges, before
jumping off the cliff into debugging extreme, foundry, ...
last time I look at them their products lacked port security or anything
similiar. Iirc it's on the roadmap for thier next
On Apr 19, 2009, at 5:12 AM, Paul Vixie wrote:
many colo facilities now use one customer per vlan due to this
concern?
Haven't most major vendors for years offered features in their
switches which mitigate ARP-spoofing, provide per-port layer-2
isolation on a sub-VLAN basis, as well as
Best solution I ever saw to an 'unintended' third-party
peering was devised by a pretty brilliant guy (who can
pipe up if he's listening). When he discovered traffic
loads coming from non-peers he'd drop in an ACL that
blocked everything except ICMP - then tell the NOC to
route the call to his
Remember when you didn't want to put in ACLs because you'd blow out the cpu on
the router/card?
Ah... That made networking fun!
Deepak
- Original Message -
From: Jeff Young yo...@jsyoung.net
To: Nick Hilliard n...@foobar.org
Cc: Paul Vixie vi...@isc.org; na...@merit.edu
31 matches
Mail list logo
