Apologies in advance for the top post.
My initial idea was to use a /48, divide it up into /56 nets for each facility
with /64 subnets within each facility. We would announce a /48 to our transit
providers that I would expect them to announce in turn to their peers and we
would also
We're looking at using Comcast's (business) transit and private ethernet
services at several client locations and I wanted to see what experiences
others have had regarding this. Off-list replies are preferred.
Thanks,
-brandon
--
Brandon Galbraith
Mobile: 630.400.6992
Hi All
Morgan Stanley has released a very interesting report on internet business with
some tips to net operators:
http://www.morganstanley.com/institutional/techresearch/mobile_internet_report122009.html
Regards
Takashi Tome
CPqD
www.cpqd.com.br
Hi,
Any idea if folks use AH or ESP to protect IGMP/PIM packets? Wondering
that if they do, then how would snooping switches work?
Affably,
Kent
On Wed, Dec 23, 2009 at 01:58:47AM -0500, Christopher Morrow wrote:
no real arguement, but... 'please provide some set of workable solutions'
The set of workable solutions at this point looks something like null
routes, firewall rules, blacklist entries -- in order to deny traffic
to and from
Glen Kent wrote:
Any idea if folks use AH or ESP to protect IGMP/PIM packets? Wondering
that if they do, then how would snooping switches work?
Would encrypting multicast not fundamentally break the concept of
multicast itself, unless you're encrypting multicast traffic over a
backbone?
Multicast encryption using GDOI works well, although I haven't seen that
implemented on a LAN. If you're trying to provide encryption for LAN listeners
(more accurately to exclude some LAN listeners) you'll probably find more bang
for the buck in implementing this on a per-application basis.
On Dec 23, 2009, at 6:41 PM, Glen Kent wrote:
Any idea if folks use AH or ESP to protect IGMP/PIM packets
What are you trying to 'protect' them against?
---
Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com
Would encrypting multicast not fundamentally break the concept of multicast
itself, unless you're encrypting multicast traffic over a backbone?
No, i wasnt alluding to encrypting the multicast traffic. I was
thinking of using ESP-NULL (AH is optional) for the IGMP/PIM packets.
Affably,
Kent
On Wed, Dec 23, 2009 at 7:46 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Dec 23, 2009, at 6:41 PM, Glen Kent wrote:
Any idea if folks use AH or ESP to protect IGMP/PIM packets
What are you trying to 'protect' them against?
Just integrity protection to ensure that my reports, etc. are
Rich Kulawiec wrote:
On Wed, Dec 23, 2009 at 01:58:47AM -0500, Christopher Morrow wrote:
no real arguement, but... 'please provide some set of workable
solutions'
The set of workable solutions at this point looks something like
null routes, firewall rules, blacklist entries -- in order to
So we're looking to complicate things for the same of complicating
them? Using a predictable security doesn't exactly make things secure
does it?
On the links that you are running PIM or IGMP on, do you not have a
predictable set of clients and therefore problems? Or are we trying to
protect
But IGMP IS the control traffic with users. And PIM IS the control
traffic between multicast routers.
?
Scott
Glen Kent wrote:
On Wed, Dec 23, 2009 at 7:46 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Dec 23, 2009, at 6:41 PM, Glen Kent wrote:
Any idea if folks use AH or ESP
-Original Message-
From: Scott Morris [mailto:s...@emanon.com]
Sent: Wednesday, December 23, 2009 9:27 AM
To: Glen Kent
Cc: nanog@nanog.org
Subject: Re: IGMP and PIM protection
But IGMP IS the control traffic with users. And PIM IS the control
traffic between multicast routers.
On Wed, Dec 23, 2009 at 7:19 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
(again, this seems really off topic, but)
On Tue, Dec 22, 2009 at 7:33 PM, andrew.wallace
andrew.wall...@rocketmail.com wrote:
though Gadi is Israeli and Marcus Sachs Pakistani and couldn't be
marcus is
andrew.wallace wrote:
He was born in Lahore, Pakistan in 1959 and moved to Tallahassee,
Florida with his parents and younger brother in 1961. --Wikipedia.
http://en.wikipedia.org/wiki/Marcus_Sachs
Just like many Americans.
To me its amazing how deep into U.S Intelligence and The White
+BIGINT
The real issues are (a) is this billet actually able to originate
policy, (b) interpret existing policy, (c) at least find the RNC mail
archive, (d) ...
Who the hell cares if the billet is filled by a Soviet Mole (tm) if the
job is decoration?
Eric
On 12/23/09 12:42 PM, William
On Dec 22, 2009, at 11:58 PM, Christopher Morrow wrote:
On Wed, Dec 23, 2009 at 1:12 AM, Paul Ferguson fergdawgs...@gmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Folks should not be so obtuse about these activities. It's almost blatantly
in-your-face, so to speak. These
if anyone has a contact at Orange or is from Orange, can you contact me
off list. need help with some issues originating from the EU.
--
Andrew Young
Webair Internet Development, Inc.
Phone: 1 866 WEBAIR 1 x143
http://www.webair.com
Shift hours:
Greetings,
Just wondering if anyone has had any experience with IPv6 training courses.
A quick search turns up a few results on the subject, but it would be
handy to hear if anyone has any firsthand experiences or recommendations.
We're based in western Canada but don't mind traveling a bit, but
On Wed, Dec 23, 2009 at 12:00:28PM -0800, Marty Anstey wrote:
Greetings,
Just wondering if anyone has had any experience with IPv6 training courses.
A quick search turns up a few results on the subject, but it would be
handy to hear if anyone has any firsthand experiences or
On Dec 23, 2009, at 12:00 PM, Marty Anstey wrote:
Greetings,
Just wondering if anyone has had any experience with IPv6 training courses.
A quick search turns up a few results on the subject, but it would be
handy to hear if anyone has any firsthand experiences or recommendations.
We're
It's actually available for free on the World-Wide Internet at
http://www.morganstanley.com/institutional/techresearch/pdfs/Mobile_Internet_Report_Key_Themes_Final.pdf
, but you can purchase a paper copy if you'd rather. It's pretty slow
going as it's mostly power points, some with lots and
On 12/23/2009 13:03, Mike Leber wrote:
Marty Anstey wrote:
Just wondering if anyone has had any experience with IPv6 training
courses.
A quick search turns up a few results on the subject, but it would be
handy to hear if anyone has any firsthand experiences or
recommendations.
We're
Musing on the idea for a moment, it would surely be 'nice' to somehow
know that PIM v2 joins from some other network were, in fact, 'good'
or somehow well-formed, rate-limited, and/or somehow 'safe' to accept
hold state for. However, it seems as if the OP isn't interested in
inter-domain rp
I think OP meant that he only wants an integrity check of the control
traffic, not confidentiality, hence the statement that he does not want to
encrypt the control traffic.
Yes, thats correct.
Kent
Stefan Fouant
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
On Dec 23, 2009, at 6:11 PM, Richard Bennett wrote:
The authors are pretty well convinced that the demand for more wireless
spectrum will be handled by spectral efficiency improvements and deployment
of more towers, they stress the importance of replacing copper with fiber and
microwave
On Wed, Dec 23, 2009 at 3:01 PM, Scott Weeks sur...@mauigateway.com wrote:
It must be purchased:
Only if you want the dead-tree edition. The others are linked below the
text you've quoted.
Scott.
Maybe we need to pass some laws that ban copper wire outdoors.
On 12/23/2009 4:22 PM, Jared Mauch wrote:
On Dec 23, 2009, at 6:11 PM, Richard Bennett wrote:
The authors are pretty well convinced that the demand for more wireless
spectrum will be handled by spectral efficiency
Mark Pace wrote:
Anyone else having problems resolving DNS from UltraDNS?
I'm seeing this:
$ dig www.ultradns.com @8.8.8.8
Yeah, they went belly up in the last 20 or so. Hard. Looks like it's
hitting some of Amazon's Cloud stuff too. It seems west coast related,
by the way.
--
Oh,
Anyone else having problems resolving DNS from UltraDNS?
I'm seeing this:
$ dig www.ultradns.com @8.8.8.8
Yeah, they went belly up in the last 20 or so. Hard. Looks like it's
hitting some of Amazon's Cloud stuff too. It seems west coast related,
by the way.
On the west coast here.
Anyone else having problems resolving DNS from UltraDNS?
I'm seeing this:
$ dig www.ultradns.com @8.8.8.8
Yeah, they went belly up in the last 20 or so. Hard. Looks like it's
hitting some of Amazon's Cloud stuff too. It seems west coast related,
by the way.
On the west
--- sc...@doc.net.au wrote: --
From: Scott Howard sc...@doc.net.au
On Wed, Dec 23, 2009 at 3:01 PM, Scott Weeks sur...@mauigateway.com wrote:
It must be purchased:
Only if you want the dead-tree edition. The others are linked below the
text you've quoted.
Clarification: www.ultradns.com is back. There are still other problems
afoot, like amazon:
$ dig amazon.com @8.8.8.8
; DiG 9.6.0-P1 amazon.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 56390
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,
Mark Pace wrote:
Anyone else having problems resolving DNS from UltraDNS?
I'm seeing this:
$ dig www.ultradns.com @8.8.8.8
Yeah, they went belly up in the last 20 or so. Hard. Looks like it's
hitting some of Amazon's Cloud stuff too. It seems west coast related,
by the way.
On Wed, Dec 23, 2009 at 05:38:21PM -0800, Shrdlu wrote:
I'm still seeing the DNS servers at udns down, hard. Amazon's cloud will
need a reboot when this is over. Dang, what the heck happened to all
that anycast stuff?
We have some DNS providing type customers (not UltraDNS) receiving a few
There have been several DNS based DDoS observed throughout the day targetting
Ultra as well as a few other companies. They were first observed earlier in
the morning on the East coast.
--Original Message--
From: Richard A Steenbergen
To: Shrdlu
Cc: Nanog
Subject: Re: UltraDNS Failure?
Richard A Steenbergen wrote:
On Wed, Dec 23, 2009 at 05:38:21PM -0800, Shrdlu wrote:
I'm still seeing the DNS servers at udns down, hard. Amazon's cloud will
need a reboot when this is over. Dang, what the heck happened to all
that anycast stuff?
We have some DNS providing type customers
Marty A.,
Not an endorsement, but Aaron Hughes ahug...@bind.com has been doing
training. I mention him because I'm aware that he has a track record,
has done some +NOG presos and generally knowledgeable.
He's also the only person I'm aware of outside of Europe doing
training. Alternatively, I
- Original Message
From: Jared Mauch ja...@puck.nether.net
I know, watching my local incumbent they are not replacing damaged copper with
fiber. I think they must have warehouses of it someplace. I can't imagine
that it is good to replace buried copper w/copper during the wintertime.
1. I grew up at the local airport watching my CFII pop train an
endless stream of pilots.
2. The checklist for my last production gear swap had over 400 steps
and 4 time/task gates (each with a rollback plan). As I did each
sequence of steps, I called it out, and someone read their copy of the
www.subspacecom.com -- gear ++ Shows up @ NANOG, doesn't spam and clue.
Best,
-M
On 12/18/09, Barrett Lyon bl...@blyon.com wrote:
I buy a lot of gear from Peter Giberd at Townsend. I have been
working with him for a good 7 years. It's budded into a friendship,
good people there.
-B
42 matches
Mail list logo