However, a good engineer would know there are drawbacks to next-hop-self,
in particular it slows convergence in a number of situations.
There are networks where fast convergence is more important than route
scaling, and thus the traditional design of BGP next-hops being edge
interfaces,
But hey, I get why ISP's don't want to offer 9K MTU clean paths end to
end.
Customers could then buy a VPN appliance and manage their own VPN's
with no vendor lock-in. MPLS VPN revenues would tumble, and customers
would move more fluidly between providers. That's terrible if you're an
Have you considered wireshark or Ettercap? I¹m not entirely certain
they¹ll monitor the throughput, but I know they can open PCAP'sŠ
Jon
On 2/3/14, 11:34 PM, Mike mike-na...@tiedyenetworks.com wrote:
Hello,
I was wondering if anyone could point me in the direction of a tool
capable of
I suggest wireshark also. Not realtime for throughput, but will open pcap files
and you can then get the throughput metrics.
Sent from my Verizon Wireless 4G LTE smartphone
Original message
From: Jonathan Hall jh...@futuresouth.us
Date:02/04/2014 8:49 AM (GMT-05:00)
To:
NTOP can do this is in real time.
I believe Wireshark will also do what you are looking for. You can
capture and analyze or open a .pcap file and analyze. I'm my version,
you would do it be going to the following menu:
Statistics -- Endpoints
On 2/4/2014 12:34 AM, Mike wrote:
Hello,
pmacct
On 2/4/2014 12:34 AM, Mike wrote:
Hello,
I was wondering if anyone could point me in the direction of a
tool capable of sniffing (or reading pcap files), and reporting on lan
station thruput in terms of bits per second. Ideally I'd like to be
able to generate a sorted report of
On the contrary, I encourage all competitors to block protocols
indiscriminately, especially ipv4 UDP. Nothing bad could ever come of that!
-Blake
On Tue, Feb 4, 2014 at 12:29 AM, Doug Barton do...@dougbarton.us wrote:
On 02/03/2014 05:10 PM, Majdi S. Abbas wrote:
NTP works best
On Sun, Feb 2, 2014 at 5:17 PM, Cb B cb.li...@gmail.com wrote:
And, i agree bcp38 would help but that was published 14 years ago.
Howdy,
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per day penalty for sending
packets with source
On Feb 4, 2014, at 11:04 AM, William Herrin b...@herrin.us wrote:
On Sun, Feb 2, 2014 at 5:17 PM, Cb B cb.li...@gmail.com wrote:
And, i agree bcp38 would help but that was published 14 years ago.
Howdy,
If just three of the transit-free networks rewrote their peering
contracts such that
On 1/29/14 5:01 PM, Leslie Nobile lesl...@arin.net wrote:
ARIN would like to share two items of information that may be of interest
to the community.
First, ARIN has recently begun to issue address space from its last
contiguous /8, 104.0.0.0 /8. The minimum allocation size for this /8
will
On Tue, Feb 4, 2014 at 11:23 AM, Jared Mauch ja...@puck.nether.net wrote:
On Feb 4, 2014, at 11:04 AM, William Herrin b...@herrin.us wrote:
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per day penalty for sending
packets with source
On Feb 4, 2014, at 11:52 AM, William Herrin b...@herrin.us wrote:
Those that are up in arms about this stuff seem to not be the ones asking
the vendors for features and fixes.
Like I said, the tier 1's can't be the source of the solution until
they stop being part of the problem.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/4/2014 10:03 AM, Jared Mauch wrote:
Ask your vendors for these features. Ask them to fix the bugs. The
ball rolls uphill here and it's in their lap. Blaming the carriers
is wrongheaded and putting it where it doesn't belong in many
cases.
Why not just provide a public API that lets users specify which of your
customers they want to null route? It would save operators the trouble of
having to detect the flows.. and you can sell premium access that allows the
API user to null route all your other customers at once.
Once everyone
On Tue, 04 Feb 2014 10:09:02 -0800, Paul Ferguson said:
I'd like to echo Jared's sentiment here -- collectively speaking,
service providers need to figure out a way to deal with this issue,
before some congresscritters start to try to introduce legislation
that will force you to to do it in a
On Tue, Feb 4, 2014 at 1:45 PM, Laszlo Hanyecz las...@heliacal.net wrote:
Why not just provide a public API that lets users specify which
of your customers they want to null route?
They're spoofed packets. There's no way for anyone outside your AS to
know which of your customers the packets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/4/2014 10:47 AM, valdis.kletni...@vt.edu wrote:
On Tue, 04 Feb 2014 10:09:02 -0800, Paul Ferguson said:
I'd like to echo Jared's sentiment here -- collectively
speaking, service providers need to figure out a way to deal with
this issue,
On Tue, Feb 4, 2014 at 1:52 PM, William Herrin b...@herrin.us wrote:
On Tue, Feb 4, 2014 at 1:45 PM, Laszlo Hanyecz las...@heliacal.net wrote:
Why not just provide a public API that lets users specify which
of your customers they want to null route?
They're spoofed packets. There's no way for
On Tue, Feb 4, 2014 at 1:03 PM, Jared Mauch ja...@puck.nether.net wrote:
On Feb 4, 2014, at 11:52 AM, William Herrin b...@herrin.us wrote:
Those that are up in arms about this stuff seem to not be the ones asking
the vendors for features and fixes.
Like I said, the tier 1's can't be the
I was joking, I meant that the operator provides an API for attackers, so they
can accomplish their goal of taking the customer offline, without having to
spoof or flood or whatever else. Automatically installing ACLs in response to
observed flows accomplishes almost the same thing. As a
On Tue, Feb 4, 2014 at 2:01 PM, Laszlo Hanyecz las...@heliacal.net wrote:
I was joking,
And I was being a tad obtuse. My apoligies.
Regards,
Bill Herrin
--
William D. Herrin her...@dirtside.com b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
On 02/04/2014 08:04 AM, William Herrin wrote:
On Sun, Feb 2, 2014 at 5:17 PM, Cb B cb.li...@gmail.com wrote:
And, i agree bcp38 would help but that was published 14 years ago.
Howdy,
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per day
Please let us know your results.
Jared Mauch
On Feb 4, 2014, at 1:55 PM, William Herrin b...@herrin.us wrote:
On Tue, Feb 4, 2014 at 1:03 PM, Jared Mauch ja...@puck.nether.net wrote:
On Feb 4, 2014, at 11:52 AM, William Herrin b...@herrin.us wrote:
Those that are up in arms about this
- Original Message -
From: Jared Mauch ja...@puck.nether.net
Ask your vendors for these features. Ask them to fix the bugs. The
ball rolls uphill here and it's in their lap. Blaming the carriers is
wrongheaded and putting it where it doesn't belong in many cases.
Happy to discuss
On Tue, Feb 4, 2014 at 2:08 PM, Doug Barton do...@dougbarton.us wrote:
On 02/04/2014 08:04 AM, William Herrin wrote:
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per day penalty for sending
packets with source addresses the peer should
- Original Message -
From: Valdis Kletnieks valdis.kletni...@vt.edu
Can somebody explain to me why those who run eyeball networks are able
to block outbound packets when the customer hasn't paid their bill,
but can't seem to block packets that shouldn't be coming from that
- Original Message -
From: Paul Ferguson fergdawgs...@mykolab.com
(And yes, I know that in the first case, it urges the customer to
cough up the bucks, and in the second case, it's usually not a
revenue generator)
It's a dichotomy that is... unexplainable for me personally.
On Tue, Feb 4, 2014 at 2:28 PM, William Herrin b...@herrin.us wrote:
On Tue, Feb 4, 2014 at 2:08 PM, Doug Barton do...@dougbarton.us wrote:
On 02/04/2014 08:04 AM, William Herrin wrote:
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per
On Tue, Feb 04, 2014 at 02:28:22PM -0500, William Herrin wrote:
Verizon Business is willing to do settlement-free peering with you but
you won't agree to a reciprocal penalty if either allows its customers
to forge packets? I call that a weed-out factor. Weed out the bad
actors because anyone
On Tue, Feb 4, 2014 at 2:48 PM, Majdi S. Abbas m...@latt.net wrote:
Are you willing to warrant the source, destination and lawful
purpose of every single frame exiting your network?
Yes, no and no respectively. As a BGP leaf node, I can guarantee that
no packets leave my network from a
On Tue, 4 Feb 2014, valdis.kletni...@vt.edu wrote:
On Tue, 04 Feb 2014 10:09:02 -0800, Paul Ferguson said:
I'd like to echo Jared's sentiment here -- collectively speaking,
service providers need to figure out a way to deal with this issue,
before some congresscritters start to try to
I'm curious what tools different organizations are using to provision, manage,
and visually see how constraint based LSP's are routed over your network.
Jim
On 04/02/14 11:35, Jay Ashworth wrote:
It *is in their commercial best interest (read: maximizing shareholder
value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
forced -- it's actually their fiduciary duty not to.
That's short-sighted, but I agree in that that's what
All,
We are planning to experiment with a change in the way personals, a long
standing tradition in the Peering Track, are done and in the Data Center
track at NANOG 60 in Atlanta. The track is being held Monday starting at
4:45 and running through 6:15. Instead of data center operators
In message 977303.7242.1391542533531.javamail.r...@benjamin.baylink.com, Jay
Ashworth writes:
- Original Message -
From: Paul Ferguson fergdawgs...@mykolab.com
(And yes, I know that in the first case, it urges the customer to
cough up the bucks, and in the second case, it's
On Tue, Feb 4, 2014 at 1:47 PM, valdis.kletni...@vt.edu wrote:
Can somebody explain to me why those who run eyeball networks are able
to block outbound packets when the customer hasn't paid their bill,
but can't seem to block packets that shouldn't be coming from that
cablemodem?
The
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per day penalty for sending
packets with source addresses the peer should reasonably have known
were forged, this problem would go away in a matter of weeks.
Won't work because no one will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/4/2014 2:18 PM, John Levine wrote:
If just three of the transit-free networks rewrote their
peering contracts such that there was a $10k per day penalty
for sending packets with source addresses the peer should
reasonably have known were
On Tue, Feb 04, 2014 at 10:18:21PM -, John Levine wrote:
I was at a conference with people from some Very Large ISPs. They
told me that many of their large customers absolutely will not let
them do BCP38 filtering. (If you don't want our business, we can
find someone else who does.) The
On Tue, Feb 4, 2014 at 5:18 PM, John Levine jo...@iecc.com wrote:
I was at a conference with people from some Very Large ISPs. They
told me that many of their large customers absolutely will not let
them do BCP38 filtering. (If you don't want our business, we can
find someone else who does.)
-
We block all outbound UDP for our ~200,000 Users for this very reason
(with the exception of some whitelisted NTP and DNS servers). So far
we have had 0 complaints
-
Because those that might complain switched providers when their
On 04/02/14 14:18, John Levine wrote:
I was at a conference with people from some Very Large ISPs. They
told me that many of their large customers absolutely will not let
them do BCP38 filtering. (If you don't want our business, we can
find someone else who does.) The usual problem is that
Do you really mean “And?” in which case I expect the list would be _VERY_
short, or do you mean “and/or”?
Owen
On Feb 4, 2014, at 1:56 PM, Martin Hannigan hanni...@gmail.com wrote:
All,
We are planning to experiment with a change in the way personals, a long
standing tradition in the
Can somebody explain to me why those who run eyeball networks are able
to block outbound packets when the customer hasn't paid their bill,
but can't seem to block packets that shouldn't be coming from that
cablemodem?
i suspect the non-payment case is solved at a layer below three
randy
Then the need to be made criminally liable for the damage that it causes.
Yes, the directors of these companies need to serve gaol time.
why not just have god send down lightning bolts? quicker and cheaper.
or maybe they will just drown as the level of hyperbole keeps rising.
randy
If ISP has customer A with multiple *known* valid networks --doesn't matter
if ISP allocated them to customer or not-- and ISP lets them all out, but
filters everything else, ISP is still complying with BCP 38.
Of course. The question is how the ISP knows what the customer's address
ranges
On 2/4/2014 5:00 PM, Mark Andrews wrote:
Nope: it's easy to explain; you merely have to be a cynical bastard:
Attack traffic takes up bandwidth.
Providers sell bandwidth.
It *is in their commercial best interest (read: maximizing shareholder
value) *NOT* to filter out DOS, DDOS, and spam
Hello,
For the last several months, we have been tracking a congestion issue
between Cogent - Verizon
Host Loss% Snt Last Avg Best Wrst StDev
1. router.garlic.com 0.0%290.3 6.1 0.2 160.6 29.7
2. vl203.mag03.sfo01.atlas.cogentco.com 0.0%292.2 8.1 2.1
161.1
In message 52f17102.2000...@alvarezp.ods.org, Octavio Alvarez writes:
On 04/02/14 14:18, John Levine wrote:
I was at a conference with people from some Very Large ISPs. They
told me that many of their large customers absolutely will not let
them do BCP38 filtering. (If you don't want our
On Tue, Feb 4, 2014 at 6:24 PM, John R. Levine jo...@iecc.com wrote:
If ISP has customer A with multiple *known* valid networks --doesn't
matter if ISP allocated them to customer or not-- and ISP lets them all out,
but filters everything else, ISP is still complying with BCP 38.
Of course.
On 04/02/14 15:24, John R. Levine wrote:
If ISP has customer A with multiple *known* valid networks --doesn't
matter if ISP allocated them to customer or not-- and ISP lets them
all out, but filters everything else, ISP is still complying with BCP 38.
Of course. The question is how the ISP
Why does it have to be hard? Restricting the filter to addresses which
(A) the customer asserts are theirs
How does the customer do that in a way that scales?
I don't think any of this is rocket science, but it apparently is a
real block to BCP38/84 implementatin.
R's,
John
I also see major congestion from Cogent to VZ. Amongst other major
networks.
http://i.imgur.com/1z2ZGOr.png
On Tue, Feb 4, 2014 at 6:44 PM, Robert Glover robe...@garlic.com wrote:
Hello,
For the last several months, we have been tracking a congestion issue
between Cogent - Verizon
Can somebody explain to me why those who run eyeball networks are able
to block outbound packets when the customer hasn't paid their bill,
but can't seem to block packets that shouldn't be coming from that
cablemodem?
i suspect the non-payment case is solved at a layer below three
In a DOCSIS
I've seen some Cogent-Sprint congestion today also. About 10% PL at the
link.
On 2/4/2014 6:29 PM, Edward Roels wrote:
I also see major congestion from Cogent to VZ. Amongst other major
networks.
http://i.imgur.com/1z2ZGOr.png
On Tue, Feb 4, 2014 at 6:44 PM, Robert Glover
Yep. Major oversub in our area (LA/SD) - worse for us is same with VZ - L3!
James Laszko
Mythos Technology Inc
jam...@mythostech.com
Sent from my iPhone
On Feb 4, 2014, at 3:46 PM, Robert Glover robe...@garlic.com wrote:
Hello,
For the last several months, we have been tracking a
In message 20140205002905.57856.qm...@joyce.lan, John Levine writes:
Why does it have to be hard? Restricting the filter to addresses which
(A) the customer asserts are theirs
How does the customer do that in a way that scales?
You implement SIDR to the extent where you issue your multi
On 04/02/14 16:31, Livingood, Jason wrote:
Can somebody explain to me why those who run eyeball networks are able
to block outbound packets when the customer hasn't paid their bill,
but can't seem to block packets that shouldn't be coming from that
cablemodem?
i suspect the non-payment case is
On 2/4/14, 7:48 PM, Octavio Alvarez alvar...@alvarezp.ods.org wrote:
What I'm failing to understand, and again, please excuse me if I'm
oversimplifying, is what data do you need from researchers,
specifically. What specific actionable data would be helpful? Why does
the lack of the data prevent
I got that same response from Cogent in August and October when we complained
(word for word). Sometimes it's bad, sometimes it's ok.
Happens with Comcast sometimes too, but the peer to Verizon is usually worse.
I can show packet loss with an MTR anytime of day. Today is an ok day
just
Cogent support uses the same response when inquiring about Comcast,
CenturyLink, Tata, ATT etc.
If the Tier 1s are really keeping each other congested, are they not
creating an environment where you have to buy from each of them to have a
chance at congestion free paths? Or peer around them.
- Original Message -
From: John Levine jo...@iecc.com
Subject: Re: BCP38 is hard, was TWC (AS11351) blocking all NTP?
Why does it have to be hard? Restricting the filter to addresses
which
(A) the customer asserts are theirs
How does the customer do that in a way that scales?
I
How does the customer do that in a way that scales?
You implement SIDR to the extent where you issue your multi homed
customers CERTs for the address space you allocated to them. The
customer can then just send signed requests to a automated service
at the other ISPs along with the CERT
In message 52f17931.40...@alter3d.ca, Peter Kristolaitis writes:
On 2/4/2014 5:00 PM, Mark Andrews wrote:
Nope: it's easy to explain; you merely have to be a cynical bastard:
Attack traffic takes up bandwidth.
Providers sell bandwidth.
It *is in their commercial best interest
FYI, here's the latest response from Cogent when I prodded them about
the issue (just received this about 30 minutes ago:
---
The issue on this peer involves a high amount of traffic being sent to
Cogent from the Verizon network. In order to resolve the congestion on
that peer, Verizon needs to
Just to make something clear.I do not own any stock, interest or
have any official relationship with Verizon or Cogent. The
opinions expressed are mine and mine alone as I have come to
understand some of the relationship without the aid of any privileged
information.
On Tue, Feb 4, 2014
No, you write a law requiring something, e.g. BCP 38 filtering by
ISPs, and you audit it. You also make the ISPs directors liable
for the impact that results from spoofed traffic from them.
Making it law puts all the ISP's in the country on a equal footing
with respect to implementation
He received a very similar response from Level3 when we complained to them
about the issue. We have contacted VZ with no response
We see pings go from 8ms to 110ms+ from our office FIOS to one of our data
centers in San Diego
LAX handoffs of FIOS traffic to Cogent Level3 appears the
Is anyone from Verizon available to help me chase down an issue off-list?
Since Sunday morning, we've been seeing what looks to be a bad link
aggregation (10+% packet loss on one IP, 0% on an adjacent IP) to all of
the networks we control (on various providers, various AS's, various
locations)
Sent from my iPad
On Jan 25, 2014, at 1:37 PM, Nick Hilliard n...@foobar.org wrote:
On 25/01/2014 15:48, Sebastian Spies wrote:
To make things worse: even if the IXPs ASN is 2-byte, I would assume,
that RS implementors chose to interpret extended community strings as
always being in the
Sent from my iPad
On Jan 25, 2014, at 5:50 PM, Randy Bush ra...@psg.com wrote:
http://tools.ietf.org/search/draft-raszuk-wide-bgp-communities-03
To me, that draft looks hugely complicated, like everything you
could possibly think of was thrown in.
aol
do we have a chat with robert or
On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
Regulation and audits works well enough for butchers, resturants
etc. Remember once BCP 38 is implemented it is relatively easy to
continue. The big step is getting it turned on in the first place
which requires having the right
Hi All,
Can anyone recommend where to get some 10G SFP+ MMF optics what will work
in a Juno.
Im in San Jose right now and I'm flying back to NZ on friday
replies off list would be appreciated.
thanks in advanced.
davey
On Tue, Feb 4, 2014 at 10:01 PM, valdis.kletni...@vt.edu wrote:
On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
Now if we could get equipement vendors to stop shipping models
without the necessary support it would help but that also may require
government intervention.
A good
Hi there,
I have a Cisco 7606 with this module on it:
WS-SUP32-GE-3B
and I am using its own 8 port like this:
2 Port Layer two ether-channel uplink to my 4900 Cisco Switch and 1 Layer
two uplink to Internet, and near 10 tunnel to my customers for internet
exchange with BGP peering + some
75 matches
Mail list logo
