-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Bertrand wrote:
Jon Kibler wrote:
To answer that question, I would start with ingress and egress filtering by
IP
address, protocol, etc.:
1) Never allow traffic to egress any subnet unless its source IP address
is
within that subnet
WRT Anycast DNS; Perhaps a special-case of ULA, FD00::53?
You want to allow for more than one for obvious fault isolation and
load balancing reasons. The draft suggested using prefix:::1 I
personally would suggest getting a well known ULA-C allocation
assigned to IANA, then use
TJ wrote:
WRT Anycast DNS; Perhaps a special-case of ULA, FD00::53?
You want to allow for more than one for obvious fault isolation and
load balancing reasons. The draft suggested using prefix:::1
FWIW - I think simple anycast fits that bill.
I think for very
WRT Anycast DNS; Perhaps a special-case of ULA, FD00::53?
Needs an acronym ... off the top of my head, something like ASPEN -
Anycast Service Provisioning for Enterprise Networks ... ?
(Although it could be appropriate for an ISP-HomeUser as well ... hmmm,
SPATULA - Service Provisioning -
Jon Kibler wrote:
Steve Bertrand wrote:
Jon Kibler wrote:
To answer that question, I would start with ingress and egress filtering by
IP
address, protocol, etc.:
1) Never allow traffic to egress any subnet unless its source IP address
is
within that subnet range.
Sorry to nit, but
WRT Anycast DNS; Perhaps a special-case of ULA, FD00::53?
You want to allow for more than one for obvious fault isolation and
load balancing reasons. The draft suggested using prefix:::1
FWIW - I think simple anycast fits that bill.
I think for very small/small networks anycast
Owen DeLong wrote:
On Oct 22, 2009, at 4:27 PM, Joe Maimon wrote:
NAT wasnt a component of IPv4 until it was already had widespread
adoption. I remain completely unconvinced that people will not
continue to perceive value in PAT6 between their private and their
public subnets.
People may
The NANOG Steering Committee is pleased to announce that these people
have been chosen to fill the eight open seats on the Program Committee:
- Cathy Aronson
- Jim Cowie
- Barry Greene
- Mohit Lad
- Chris Morrow
- Kevin Oberman
- Dani Roisman
- Sonia Sakovich
With eighteen candidates this
On Oct 23, 2009, at 5:08 AM, Perry Lorier wrote:
WRT Anycast DNS; Perhaps a special-case of ULA, FD00::53?
You want to allow for more than one for obvious fault isolation
and load balancing reasons. The draft suggested using
prefix:::1 I personally would suggest getting a well
On Oct 23, 2009, at 5:45 AM, TJ wrote:
WRT Anycast DNS; Perhaps a special-case of ULA, FD00::53?
You want to allow for more than one for obvious fault isolation
and
load balancing reasons. The draft suggested using
prefix:::1
FWIW - I think simple anycast fits that bill.
Nominations for the Communications Committee (formerly known as the
Mailing List Committee) remain open until October 29. With the recent
charter amendment, this committee has a unique opportunity to help
shape the presence of NANOG on the web, collaboration and social media
platforms,
Once upon a time, Owen DeLong o...@delong.com said:
Please remember that IPv6 DNS is OFTEN not stateless as the replies
are commonly too large for UDP.
Anything that supports IPv6 _should_ also support EDNS0.
--
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet
Owen DeLong wrote:
Blocking ports that the end user has not asked for is bad.
I was going to ask for a clarification to make sure I read your
statement correctly but then again it's short enough I really don't see
any room to misinterpret it. Do you seriously think that a typical
On Oct 22, 2009, at 6:14 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
My experience is that port 587 isn't used because ISPs block it
out-of-hand. Or in the case of Rogers in (at least) Vancouver, hijack
it with a proxy that filters out the AUTH parts of the EHLO response,
making the whole
Chris Boyd wrote:
Once it's set up correctly we've found customers really like it since
their email just works in most places.
We get the same response. The largest 587 usage we have currently,
though, is cell/PDA.
Jack
Chris Boyd wrote:
On Oct 22, 2009, at 6:14 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
My experience is that port 587 isn't used because ISPs block it
out-of-hand. Or in the case of Rogers in (at least) Vancouver, hijack
it with a proxy that filters out the AUTH parts of the EHLO
If there's anyone getting transit of AR2.PHI1 of Global Crossing,
could you kindly drop me an email off-list?
Thanks,
Alex
On October 23, 2009, Steve Bertrand wrote:
http://eagle.ca/update/mail/Outlook_Express/index.html
...yes, believe it or not, even with the pictures, they will sometimes
still get it wrong ;)
Years in planning and implementation, but a good, large-scale learning
exercise and the
I figured was a good candidate since it's already partially in use
for
reserved special addresses.
But in a totally non-routable fashion, as it stands today.
ULA's have the immediate benefit of being routable, but not globally so -
and (hopefully) already being in filter lists to
Michael Peddemors wrote:
On October 23, 2009, Steve Bertrand wrote:
http://eagle.ca/update/mail/Outlook_Express/index.html
...yes, believe it or not, even with the pictures, they will sometimes
still get it wrong ;)
Years in planning and implementation, but a good, large-scale learning
Rogers
says they don't do that, and lots of other people seem to be able to
use port 587 on Rogers (and other ISPs) without problems.
I'm in Calgary right now so I can't check the current behaviour, but
as of June 1st it was still broken. Broken in the sense that any
connection to port 587
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith
On Oct 23, 2009, at 12:15 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
As for outright blockage of port 587, I get this complaint from many
of
my clients while they are on the road. It seems hotels love to block
it.
I travel a bit (used to a lot) and only found one place that proxied
it.
On Fri, Oct 23, 2009 at 12:50:47PM +1300, Perry Lorier wrote:
I've implemented myself a system which firewalled all ARP within the AP and
queried the DHCP server asking for the correct MAC for that lease then sent
the ARP back (as well as firewalling DHCP servers and the like). It's
quite
Isn't blocking any port against the idea of Net Neutrality?
Justin Shore wrote:
Owen DeLong wrote:
Blocking ports that the end user has not asked for is bad.
I was going to ask for a clarification to make sure I read your
statement correctly but then again it's short enough I really don't
Blocking the well known port 25 does not block sending of mail. Or the
message content.
Blocking various well know M$ protocol ports does not block remote
file access. Or control the type of files that can be accessed.
I think the relevant neutrality principle is that traffic is not
BGP Update Report
Interval: 15-Oct-09 -to- 22-Oct-09 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS6389 129479 3.7% 38.7 -- BELLSOUTH-NET-BLK -
BellSouth.net Inc.
2 - AS17488
This report has been generated at Fri Oct 23 21:11:17 2009 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
Dan White wrote:
On 23/10/09 17:58 -0400, James R. Cutler wrote:
Blocking the well known port 25 does not block sending of mail. Or the
message content.
It does block incoming SMTP traffic on that well known port.
Then the customer should have bought a class of service that permits
No, blocking a port does not restrict a customers use of the network
any more than one way streets restrict access to downtown stores. It
just forces certain traffic directions in a bicycle/motorcycle/car/van/
truck neutral manner. Carry anything you want. Others laws restrict
incendiary
The original intent of Net Neutrality laws had nothing to do with
blocking or not on random ports. It had to do with giving an unfair
advantage to the provider in question to sell competing services.
Much like anti-trust legislation doesn't stop a company from cornering
a market, just
On 23/10/09 17:43 -0500, Justin Shore wrote:
It does block incoming SMTP traffic on that well known port.
Then the customer should have bought a class of service that permits
servers.
That justification is a slippery slope. At what point do you draw the line
on what constitutes business
On Oct 23, 2009, at 3:43 PM, Justin Shore wrote:
Dan White wrote:
On 23/10/09 17:58 -0400, James R. Cutler wrote:
Blocking the well known port 25 does not block sending of mail. Or
the
message content.
It does block incoming SMTP traffic on that well known port.
Then the customer should
http://tech.slashdot.org/story/09/10/23/1715235/Peering-Disputes-Migrate-To-IPv6
I wouldn't bother with the comments unless you really need to know how the
analogy between IP peering and two gay guys ends up... (hey, it's Slashdot,
what did you expect?)
Scott
Yes.
Owen
On Oct 23, 2009, at 2:19 PM, Lee Riemer wrote:
Isn't blocking any port against the idea of Net Neutrality?
Justin Shore wrote:
Owen DeLong wrote:
Blocking ports that the end user has not asked for is bad.
I was going to ask for a clarification to make sure I read your
I think for very small/small networks anycast requires a lot of overhead
and understanding. If your big enough to do anycast and/or loadbalancing
it's not hard for you to put all three addresses onto one device.
Anycast isn't really hard - same address, multiple places, routers see
On Fri, Oct 23, 2009 at 5:43 PM, Justin Shore jus...@justinshore.com wrote:
[...] Just because someone bought themselves a
Camry doesn't mean that Toyota is deciding for them that they can't haul
1000lbs of concrete with it. [...]
Server does not necessarily equal business. A server that
37 matches
Mail list logo
