In message 498bddac.7060...@eeph.com, Matthew Kaufman writes:
Mark Andrews wrote:
WII's should be able to be directly connected to the network
without any firewall. If they can't be then they are broken.
As I'm sure you know, you can tell the difference between an Internet
David W. Hankins david_hank...@isc.org writes:
On Thu, Feb 05, 2009 at 11:42:27PM +0100, Iljitsch van Beijnum wrote:
On 5 feb 2009, at 22:44, Ricky Beam wrote:
I've lived quite productively behind a single IPv4 address for nearly 15
years.
So you were already doing NAT in 1994? Then you
BGP Update Report
Interval: 05-Jan-09 -to- 05-Feb-09 (32 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS7643 132303 2.7% 225.0 -- VNN-AS-AP Vietnam Posts and
Telecommunications (VNPT)
2 -
This report has been generated at Fri Feb 6 21:14:00 2009 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
Paul Vixie vi...@isc.org wrote on 02/06/2009 02:20:01 AM:
the fundamental implication is, forget about address space, it's
paperwork
now, it's off the table as a negotiating item or any kind of constraint.
but the size of the routing table is still a bogeyman, and IPv6 arms
that
bogeyman
Matthew Moyle-Croft wrote:
My comment was regarding customers believing that they were going to, by
default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means) then
the issue is not a major one.
Dynamic or static;
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
Let's also not forget, that many organizations went from multiple
allocations to a single allocation. If we all filter anything longer
than /32,
On Thu, 5 Feb 2009, Paul Timmins wrote:
John Schnizlein wrote:
Maybe upgrades, service packs and updates will make them capable of using
DHCPv6 for useful functions such as finding the address of an available name
server by the time IPv6-only networks are in operation.
And if not,
On Friday 06 February 2009 08:51:04 Jack Bates wrote:
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
Let's also not forget, that many organizations went from multiple
allocations to a single
On Fri, Feb 6, 2009 at 8:51 AM, Jack Bates jba...@brightok.net wrote:
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
Let's also not forget, that many organizations went from multiple
On 6 feb 2009, at 1:15, Ricky Beam wrote:
I see IPv6 address space being carved out in huge chunks for reasons
that equate to little more than because the total space is
inexhaustable. This is the exact same type of mis-management that
plagues us from IPv4's early allocations.
Think of
Tim Durack tdur...@gmail.com wrote on 02/06/2009 09:28:02 AM:
Given that ARIN at least is assigning end-user /48s out of 2620::/23
it would be useful to accept these announcements. If not end-user PI
is dead in the water. Some providers might like that. End-users
probably won't.
That
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
2 times as big, if you believe that routers that need to care about
table size won't do anything about what's past the /64 boundary.
It still
Tim Durack wrote:
Given that ARIN at least is assigning end-user /48s out of 2620::/23 it
would be useful to accept these announcements. If not end-user PI is
dead in the water. Some providers might like that. End-users probably won't.
The ideal solution, I believe, is to support filters
On 6 feb 2009, at 16:02, Joe Loiacono wrote:
Given that ARIN at least is assigning end-user /48s out of 2620::/23
it would be useful to accept these announcements. If not end-user PI
is dead in the water. Some providers might like that. End-users
probably won't.
That range alone is 25 bits of
This is straying from operational to protocol design and implementation,
but as someone who has done a fair bit of both design and implementation...
Iljitsch van Beijnum wrote:
The problem is that DHCP seemed like a good idea at the time but it
doesn't make any sense today. We know that
Five things? Really? My DHCP server hands out the following things to
its clients:
Default Route
DNS Servers
Log host
Domain Name (or, our case, the sub-domain for the office)
NIS Domain
NIS Servers
NTP Server
WINS Servers
SMTP Server
POP Server
NNTP Server
Domain suffix search orders.
All
On Fri, Feb 6, 2009 at 10:22 AM, Jamie Bowden ja...@photon.com wrote:
Five things? Really? My DHCP server hands out the following things to
its clients:
as I've said a few times now, reason #775 that autoconf is a broken
and non-useful 'gadget' for network operators. There is a system today
Seems strange. Had a partial outage on Verizon network this morning around
9:50am EST, then when it came back around 10:05am, google routed via the
Netherlands. My guess is that there's some sort of routing problem making
my fastest or least cost route go to the Netherlands, but I wanted to
On Thu, 5 Feb 2009, Matthew Moyle-Croft wrote:
DHCP(v6). Setting the idea in people's heads that a /64 IS going
to be their own statically is insane and will blow out provider's
own routing tables more than is rational.
Routing table size will be a function of the number of customers -
My comment was regarding customers believing that they were going to,
by default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means)
then the issue is not a major one.
MMC
On 06/02/2009, at 8:56 PM, Paul Jakma wrote:
On Feb 4, 2009, at 2:52 AM, Steve Bertrand wrote:
http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02
If I understand this correctly, there will be a route entered on each
edge router for all sources that are participating in a DDoS attack.
Is anyone worried about TCAM usage if
I want to advertise my /22 to two different ISP on different POP.
I can't use BGP as ISP1 doesn't support it.
Any suggestions ?
Thanks,
Charles
On Fri, Feb 06, 2009 at 12:29:28PM -0400, Charles Regan wrote:
I want to advertise my /22 to two different ISP on different POP.
I can't use BGP as ISP1 doesn't support it.
Get a new ISP and fire whoever signed that contract before getting
the technical details correct.
--
RSUC
Looks ok from Boston-
3 core2.po1-bbnet1.bsn.pnap.net (63.251.128.18) 2.590 ms 3.988 ms
3.181 ms
4 207.88.182.33.ptr.us.xo.net (207.88.182.33) 26.636 ms 7.651 ms
11.977 ms
5 207.88.182.18.ptr.us.xo.net (207.88.182.18) 7.603 ms 8.174 ms
7.405 ms
6 216.239.49.217 (216.239.49.217)
How did you get a /22, and what isp won't run bgp with you?
- Original Message -
From: Charles Regan charles.re...@gmail.com
To: nanog@nanog.org nanog@nanog.org
Sent: Fri Feb 06 11:29:28 2009
Subject: One /22 Two ISP no BGP
I want to advertise my /22 to two different ISP on different
The ISP may not support peering BGP with you, but can they publish routes
for you? I find it hard to believe ANY ISP just doesn't support BGP.
On Fri, Feb 6, 2009 at 10:32 AM, Michael Smith msm...@internap.com wrote:
How did you get a /22, and what isp won't run bgp with you?
- Original
Daniel Rogers wrote:
The ISP may not support peering BGP with you, but can they publish routes
for you? I find it hard to believe ANY ISP just doesn't support BGP.
It is very possible that the ISP doesn't support BGP, but more likely,
I'd bet that the ISP has never configured BGP on the client
I'm OK to that IP as well, but when I query www.google.com, I get multiple
IPs, but here are the ones that in in 147:
DNS Server IP Route (for me)
205.234.170.217 (tiggee)74.125.79.147 Amsterdam
208.67.222.222 (opendns)64.233.183.147 Amsterdam
4.2.2.1
Pick your preferred link in, have them announce your /22, have the other
provider announce the /22, just weighed. That way you are multi-homed with
failover.
After that is configured, find a new ISP to replace the one that will not
let you peer with them.
Jason
On Fri, Feb 6, 2009 at 10:52 AM,
I'll explain. We are a small ISP on a very remote Island.
We have a /22 from ARIN. We have a 20mbits pipe from ISP1 and 20mbits from ISP2.
They are the only two we can get bandwidth.
So we are stuck with ISP1 that doesn't support BGP.
On Fri, Feb 6, 2009 at 12:48 PM, Azinger, Marla
Charles,
As I mentioned earlier, you'll want to have one provider announce the /22
unweighted and the other announce it weighted. Just pick the better of the
two providers as the primary. Don't base it soley off bandwidth, but check
your SLA and any recent outage occurances.
Traffic will flow
Good point on ISP1 Steve, being they are limited already, they might be just
reselling.
On Fri, Feb 6, 2009 at 11:18 AM, Steve Bertrand st...@ibctech.ca wrote:
Jason Biel wrote:
The link that goes down will trigger that provider to remove the route,
traffic will swing and start coming in
The problem is that DHCP seemed like a good idea at the time but it
doesn't make any sense today. We know that parsing complex binary data
formats is asking for security problems.
And parsing complex text data structures is better?
What we need is a simple, fast, efficient way to
The can't do BGP.
They are already advertising two /24 for us. So they will advertise a
/22 if I ask them.
On Fri, Feb 6, 2009 at 1:20 PM, Jason Biel ja...@biel-tech.com wrote:
Good point on ISP1 Steve, being they are limited already, they might be just
reselling.
On Fri, Feb 6, 2009 at
Jason Biel wrote:
The link that goes down will trigger that provider to remove the route,
traffic will swing and start coming in on the backup link.
This is assuming that 'ISP1' has the capability to advertise the OP's
route in the first place.
What if ISP1 is simply a customer of another ISP,
...small isp on a very remote island... Sounds like a nice problem to have... :)
- Original Message -
From: Charles Regan charles.re...@gmail.com
To: nanog@nanog.org nanog@nanog.org
Sent: Fri Feb 06 12:14:52 2009
Subject: Re: One /22 Two ISP no BGP
I'll explain. We are a small ISP on a
It will depend on the source of the traffic and how that peer follows AS
path into your providers.
On Fri, Feb 6, 2009 at 11:31 AM, Charles Regan charles.re...@gmail.comwrote:
What if both annonce my /22 unweighted ?
I know I will loose failover in this scenario.
I am trying to figure out
I would guess that if one of them can't change their announcement when their
link to you is down, then make sure their announcement is the less
preferred.
The ISP that *can* remove their announcement when their link to you is down
should be the preferred path since their path is much more
likely
sth...@nethelp.no wrote:
No, this information must be available in *one* place. It's called a
DHCP server. As an operator, this is clearly what I want, both for IPv4
and IPv6.
DHCP is available, spec'd and implemented on some systems. However,
there are times that DHCP fails (from my
I think this part of the thread is in danger of leaving the realm of
operational relevance, so I will treat these as my closing arguments.
On Fri, Feb 06, 2009 at 03:48:53PM +0100, Iljitsch van Beijnum wrote:
It makes more sense to look at it like this. In the 1990s we had:
No, I think that
DHCP items are end system considerations, not routing network
considerations.
The network operations staff and router configuration engineers do not
generally concern themselves with end systems.
End systems generally are managed quite independently from the routing
network. And, they
Jason Biel wrote:
Charles,
As I mentioned earlier, you'll want to have one provider announce the /22
unweighted and the other announce it weighted. Just pick the better of the
two providers as the primary. Don't base it soley off bandwidth, but check
your SLA and any recent outage
On Fri, Feb 06, 2009 at 11:50:55AM -0600, Jack Bates wrote:
Two routers, 2 default routes. Support for shim6 or other multiple IP
What most people do of course is VRRP.
Barring that, you just specify multiple default routers, and the
client will select the router that still responds to ARP.
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith
Ebgp multi-hop is a great idea.
Have others seen this done for non-bandwidth customers? ...a 'bgp-only'
service...?...
...catalog that right along with v6 and multicast tunnels...
- Original Message -
From: Joe Maimon jmai...@ttec.com
To: Jason Biel ja...@biel-tech.com
Cc:
Hi
I would like to ask your professional experience about switch throughput
I have Gig Switchs eg: H P3400 /3500, cisco c4 948../ dlink
In their spec, they said that it can handles Gig
So far, I couldn't see their ports are used up over 200M in mrtg graph
when I try to transfer 3G size files to
In a message written on Fri, Feb 06, 2009 at 01:14:52PM -0400, Charles Regan
wrote:
I'll explain. We are a small ISP on a very remote Island.
We have a /22 from ARIN. We have a 20mbits pipe from ISP1 and 20mbits from
ISP2.
Perhaps you could post the IP addresses on your end of both of these
Deric Kwok wrote:
Hi
I would like to ask your professional experience about switch throughput
I have Gig Switchs eg: H P3400 /3500, cisco c4 948../ dlink
In their spec, they said that it can handles Gig
So far, I couldn't see their ports are used up over 200M in mrtg graph
when I try to
On Feb 6, 2009, at 1:43 PM, Deric Kwok wrote:
I would like to ask your professional experience about switch
throughput
I have Gig Switchs eg: H P3400 /3500, cisco c4 948../ dlink
In their spec, they said that it can handles Gig
So far, I couldn't see their ports are used up over 200M in mrtg
On Fri, 6 Feb 2009, Peter Beckman wrote:
I'm OK to that IP as well, but when I query www.google.com, I get multiple
IPs, but here are the ones that in in 147:
DNS Server IP Route (for me)
205.234.170.217 (tiggee)74.125.79.147 Amsterdam
208.67.222.222
Randy Bush wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6.
what is nat compliant?
RFC 3235 discusses how to make your application work in the Internet
reality that exists today, with NAT boxes everywhere. The document is
David W. Hankins wrote:
What most people do of course is VRRP.
I agree, and I have done this in the past. However, I am very happy with
the support of IPv6 to do away with requiring VRRP.
Barring that, you just specify multiple default routers, and the
client will select the router that
Peter Beckman wrote:
SO. Who's problem is this to fix? Is it:
1. Me? Am I a dope for using a very reliable but anycasted resolving
name service? Clearly, I could just use the handy dandy easy to
remember because I worked there 198.6.1.x, or is that an Internet
faux
From http://en.wikipedia.org/wiki/Smiley
The two original text smileys, :-) to indicate a joke and :-( to mark
things that are not a joke were invented on September 19, 1982 by Scott
E. Fahlman, a research professor at Carnegie Mellon University's
Department of Computer Science.
On Feb 6, 2009, at 12:37 PM, Jack Bates wrote:
David W. Hankins wrote:
What most people do of course is VRRP.
I agree, and I have done this in the past. However, I am very happy
with the support of IPv6 to do away with requiring VRRP.
If RA does that in your situation, great.
In my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Feb 6, 2009 at 3:51 PM, Tony Rall tr...@almaden.ibm.com wrote:
Maybe you didn't read the thread L3: Google from DC via the Netherlands?
Probably the same issue (your nameserver is now perhaps quite remote from
you).
No, I guess I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Feb 6, 2009 at 3:55 PM, Paul Ferguson fergdawgs...@gmail.com
wrote:
On Fri, Feb 6, 2009 at 3:51 PM, Tony Rall tr...@almaden.ibm.com wrote:
Maybe you didn't read the thread L3: Google from DC via the
Netherlands?
Probably the same
On Fri, Feb 06, 2009 at 12:05:41PM -0500, Peter Beckman wrote:
I'm OK to that IP as well, but when I query www.google.com, I get multiple
IPs, but here are the ones that in in 147:
DNS Server IP Route (for me)
205.234.170.217 (tiggee)74.125.79.147
On 7/02/2009, at 5:20 AM, Brad Fleming wrote:
On Feb 4, 2009, at 2:52 AM, Steve Bertrand wrote:
http://tools.ietf.org/html/draft-kumari-blackhole-urpf-02
If I understand this correctly, there will be a route entered on
each edge router for all sources that are participating in a DDoS
Roger Marquis wrote:
Seth Mattinen wrote:
Far too many people see NAT as synonymous with a firewall so they
think if you take away their NAT you're taking away the security of a
firewall.
NAT provides some security, often enough to make a firewall
unnecessary. It all depends on what's
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks at
major corporations, think a NAT box is a firewall and disabling NAT is
inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently fail-closed because of their
On Feb 6, 2009, at 7:06 PM, Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks
at major corporations, think a NAT box is a firewall and disabling
NAT is inherently less secure. Part of that is factual: NAT (er,
dynamic
Tell ya what Owen,
When you can show me residential grade CPE which has a DECENT stateful
firewall then PLEASE let me know.
Needs to do other things well, not crash, not cost hundreds of
dollars, supportable, does VOIP, WIFI etc are manufacturer supported
etc. Of course, it needs to do
On 7/02/2009, at 10:29 AM, David W. Hankins wrote:
I want built in multiple IP bindings on my hosts. I'd like (Windows 7
I suppose you can individually configure every host to get itself
temporary addresses from RA announcements. This isn't usually a
good default configuration, but OS
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of the
earth's surface, modulo whatever we have set aside for
On 6/02/2009, at 1:01 PM, David W. Hankins wrote:
On Thu, Feb 05, 2009 at 05:12:19PM -0600, Jack Bates wrote:
Operationally, this has been met from my experience. In fact, all
of these
items are handled with stateless DHCPv6 in coordination with SLAAC.
Stateful DHCPv6 seems to be limited
I didn't know where to jump in in the current discussion and what I wanted
to discuss was quite general, so I thought I'd create a new thread
instead.
So, anyone saying IPv6 is ready for prime-time whereever IPv4 is used, has
a very simplified view of the world. Yes, IPv6 works in the
68 matches
Mail list logo