On 7/13/12 10:20 PM, Peter Phaal wrote:
1. NetFlow: Packets are decoded on the router, flow keys are extracted
and used to lookup/create an entry in a flow cache which is then
updated based on values in the packet. Records are exported from the
flow cache in the form of Netflow datagrams when
On Sat, 14 Jul 2012, Łukasz Bromirski wrote:
NetFlow, jFlow, IPFIX deal with flows. You can discuss sampling accuracy
and things like that, but working with flows is more accurate.
If you do 1:1000 sampling with both Netflow and sFlow, why would one of
them be more accurate than the other?
On Sat, Jul 14, 2012 at 03:48:47AM +1000, Skeeve Stevens wrote:
I think the effort to moderate this particular list would be far to much
effort.
Most mailing lists allow moderation of new list members by default.
Typically, the moderation is removed after the first non-spam post.
This causes
If it is a hostile lab environment, then pre decide on the address space to be
used by the company and auto include that into all production routers policies
to drop it like a hot potatoes covered in lava.
Brandon Ross br...@pobox.com wrote:
On Fri, 13 Jul 2012, Owen DeLong wrote:
On Jul 13,
So, doing a sh bgp ipv6 uni 2400:cb00::/32 long reveals that CloudFlare are
currently announcing a bunch of /48s to the rest of the internet through
nLayer only - as far as I can see.
Simple suggestion: announce the /32 to the internet from all peering points
like good Netizens and then
So, doing a sh bgp ipv6 uni 2400:cb00::/32 long reveals that
CloudFlare are currently announcing a bunch of /48s to the rest
of the internet through nLayer only - as far as I can see.
gossip is cloudflare has most, of not all, eggs in one basket,
but a pollute commons routing policy. sad to
On Sat, Jul 14, 2012 at 01:06:59AM -0500, Doug McIntyre wrote:
Not sure why you'd be worried about a 10-year renewal, any registrar
transfer just add on time to existing expiration, you don't lose anything.
This isn't true in ICANN-contracted registries. The maximum period is
10 years,
On Sat, 14 Jul 2012 10:14:08 -0400, Andrew Sullivan said:
On Sat, Jul 14, 2012 at 01:06:59AM -0500, Doug McIntyre wrote:
Not sure why you'd be worried about a 10-year renewal, any registrar
transfer just add on time to existing expiration, you don't lose anything.
This isn't true in
On 12-07-14 09:43 AM, valdis.kletni...@vt.edu wrote:
On Sat, 14 Jul 2012 10:14:08 -0400, Andrew Sullivan said:
This isn't true in ICANN-contracted registries. The maximum period is
10 years, absolutely, so if you have 10 years to go and you pay for a
transfer you lose the additional year's
Le 13/07/12 16:38, -Hammer- a écrit :
In the past, with IPv4, we have used reserved or non-routable
I guess non-routable IPv4 translates well to non-routable IPv6, thus
putting Link-Local addresses on top of the list.
Thought you may use th auto-configured addresses for that purpose, you
also
On Jul 14, 2012, at 9:08 AM, Jérôme Nicolle wrote:
Le 13/07/12 16:38, -Hammer- a écrit :
In the past, with IPv4, we have used reserved or non-routable
I guess non-routable IPv4 translates well to non-routable IPv6, thus
putting Link-Local addresses on top of the list.
Thought you may
On 7/14/12 11:15 AM, Mikael Abrahamsson wrote:
On Sat, 14 Jul 2012, Łukasz Bromirski wrote:
NetFlow, jFlow, IPFIX deal with flows. You can discuss sampling
accuracy and things like that, but working with flows is more accurate.
If you do 1:1000 sampling with both Netflow and sFlow, why would
I changed the subject header on this since I'm quite sure most folks
ignored it due to the problem emails. Not only was this one off (and
late by a few hours), but I never saw a sign that the BGP report was
even sent (and it's not in the archives, either).
On 7/13/2012 10:52 PM, Patrick W.
On Saturday 14 July 2012 09:18:48 Owen DeLong wrote:
Given that zone_IDs in my environments consist of terms like:
fxp0
en0
eth0
ge-0/0/0.0
etc.
How, exactly, would you turn those into part of an IPv6 address?
UTF-8? ASCII? if you go with a custom encoding and do 0-9,a-z, plus a few
Guys,
The whole purpose of this is that they do NOT need to be global.
Security thru obscurity. It actually has a place in some worlds. Does that
make sense? Or are such V4-centric approaches a bad thing in v6?
On 7/13/12 8:41 PM, Brandon Ross br...@pobox.com wrote:
On Fri, 13 Jul 2012, Owen
They're a bad thing in IPv6.
The only place for security through obscurity IMHO is a small round
container that sits next to my desk.
Besides, if you don't advertise it, a GUA prefix is just as obscure as a ULA
prefix and provides a larger search space in which one has to hunt for it...
Think
bashes head against wall
Thank you all. It's not the protocol that hurts. It's rethinking the
culture/philosophy around it.
-Hammer-
On 7/14/12 3:20 PM, Owen DeLong o...@delong.com wrote:
They're a bad thing in IPv6.
The only place for security through obscurity IMHO is a small round
On Sat, 2012-07-14 at 09:18 -0700, Owen DeLong wrote:
On Jul 14, 2012, at 9:08 AM, Jérôme Nicolle wrote:
Le 13/07/12 16:38, -Hammer- a écrit :
In the past, with IPv4, we have used reserved or non-routable
I guess non-routable IPv4 translates well to non-routable IPv6, thus
putting
On Sat, 14 Jul 2012 15:14:45 -0500, -Hammer- said:
The whole purpose of this is that they do NOT need to be global.
Security thru obscurity. It actually has a place in some worlds. Does that
make sense? Or are such V4-centric approaches a bad thing in v6?
The fact that your prefix is a
The fact that your prefix is a Secret Sauce that isn't known to the
rest of the world won't matter much to an attacker. One 'ifconfig' on
whatever beachhead machine the attacker has inside your net, and it's
not Secret Sauce anymore, it's just another bottle of Thousand Island
dressing...
On 7/14/12, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote:
[snip]
The fact that your prefix is a Secret Sauce that isn't known to the rest of
the world won't matter much to an attacker. One 'ifconfig' on whatever
beachhead machine the attacker has inside your net, and it's not Secret
Randy Bush wrote:
The fact that your prefix is a Secret Sauce that isn't known to the
rest of the world won't matter much to an attacker. One 'ifconfig' on
whatever beachhead machine the attacker has inside your net, and it's
not Secret Sauce anymore, it's just another bottle of Thousand
On Jul 14, 2012, at 2:04 PM, Laurent GUERBY wrote:
On Sat, 2012-07-14 at 09:18 -0700, Owen DeLong wrote:
On Jul 14, 2012, at 9:08 AM, Jérôme Nicolle wrote:
Le 13/07/12 16:38, -Hammer- a écrit :
In the past, with IPv4, we have used reserved or non-routable
I guess non-routable IPv4
i especially like the one where filtering ula at your border is
thought to be any different than filtering a bit of global at your
border.
There is no difference in the local filtering function, but *IF* all transit
providers put FC00::/7 in bogon space and filter it at every border
and this
Actually, that's one of the most insightful meta-points I've seen on
NANOG in a long time.
There is a HUGE difference between IPv4 and IPv6 thinking. We've all
been living in an austerity regime for so long that we've completely
forgotten how to leave parsimony behind. Even those of us who
BGP Update Report
Interval: 05-Jul-12 -to- 09-Jul-12 (4 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS580021487 2.0% 84.6 -- DNIC-ASBLK-05800-06055 - DoD
Network Information Center
2
26 matches
Mail list logo
