Re: Estonian IPv6 deployment report
On 2014-12-22 16:27, Tarko Tikan wrote: Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is deployed in shared service vlans. IPv6 traffic shares vlan with IPv4. How do you protect customers from each other? There are many nasty IPv6 attacks you can do when on a shared VLAN. /Anders
Re: Estonian IPv6 deployment report
hey, How do you protect customers from each other? There are many nasty IPv6 attacks you can do when on a shared VLAN. Split-horizon (switchport protected in Cisco world). Customers can't send packets directly to each other, all communication has to go via BNG router. Obviously we protect L2 as well like limiting number of MACs per customers, make sure BNG MAC cannot be learned from customer ports etc. We don't use any L3 (both v4 and v6) inspection in ANs, everything happens in BNG. It's actually much better and logical for v6 as it is for v4. In v4 world you have to implement proxy-arp, in v6 world there is no need for customers to send packets to each others link-local WAN addresses and packets sent to PD addresses are by default routed via BNG. -- tarko
Re: Estonian IPv6 deployment report
Hi, On Sat, Dec 27, 2014 at 05:15:13PM +0100, Anders L??winger wrote: On 2014-12-22 16:27, Tarko Tikan wrote: Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is deployed in shared service vlans. IPv6 traffic shares vlan with IPv4. How do you protect customers from each other? There are many nasty IPv6 attacks you can do when on a shared VLAN. true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks. and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs). best Enno /Anders -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey === Blog: www.insinuator.net || Conference: www.troopers.de Twitter: @Enno_Insinuator ===
RE: Estonian IPv6 deployment report
The access boxes and BNG typically have protection mechanisms in place. Also even though customers are in a shared VLAN and IP subnet they aren't typically on the same broadcast domain. In the case of active Ethernet you use things like private Vlans or other access controls. Phil -Original Message- From: Anders Löwinger and...@abundo.se Sent: 12/27/2014 11:17 AM To: nanog@nanog.org nanog@nanog.org Subject: Re: Estonian IPv6 deployment report On 2014-12-22 16:27, Tarko Tikan wrote: Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is deployed in shared service vlans. IPv6 traffic shares vlan with IPv4. How do you protect customers from each other? There are many nasty IPv6 attacks you can do when on a shared VLAN. /Anders
Shapefiles, KMZs, etc.
I am looking for shapefiles, KMZs, etc. for networks primarily in the Midwest, but really throughout the area that is the scope of this list. I am a small ISP that just happens to know more than your average ISP about where people are and how to use GIS tools. I use them to help other ISPs find transport and they may come in handy for some start-up IX work I'm involved with. They would not go public and I would be willing to sign NDAs to get them. I have gotten several form public sources, but I may not have gotten all of the public ones and I have some (but still only a few) private ones. Thank you. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: North Korean internet goes dark (yes, they had one)
Looks like it is still going on. you can make this stuff up: Obama always goes reckless in words and deeds like a monkey in a tropical forest, http://arstechnica.com/tech-policy/2014/12/north-korea-suffers-another-internet-outage-hurls-racial-slur-at-pres-obama/ On Wed, Dec 24, 2014 at 6:26 PM, Keith Medcalf kmedc...@dessus.com wrote: What would be the point in blocking them? They don't even have electricity in the country, what would I worry about coming out of their IP block that wouldn't be more interesting than dangerous. Pretty obvious if it was really them behind the Sony hack, it was outsourced. For the few elite that do have Internet in DPRK it would be 1) a big inconvenience which would annoy them a lot and 2) they have to transmit what they want attacked to the outsourced crew (whoever they might be) somehow. I doubt the outsourced group has a fax#. I am pretty sure that they have fax machines in Washington Dee Cee. --- Theory is when you know everything but nothing works. Practice is when everything works but no one knows why. Sometimes theory and practice are combined: nothing works and no one knows why.
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: Anyone from Cloudflare ? (IPv6 issue)
* Brandon Applegate: Otherwise - if anyone could share a way to get to clue @Cloudflare I would greatly appreciate it. I put a request in through the web support front door, but I got back about what I expected. Did you receive a reply? I tried to notify security@ about some issue, but never heard back from them.
Re: North Korean internet goes dark (yes, they had one)
CCC would not do anything pro-NK. On 27 December 2014 at 19:49, Javier J jav...@advancedmachines.us wrote: Looks like it is still going on. you can make this stuff up: Obama always goes reckless in words and deeds like a monkey in a tropical forest, http://arstechnica.com/tech-policy/2014/12/north-korea-suffers-another-internet-outage-hurls-racial-slur-at-pres-obama/ On Wed, Dec 24, 2014 at 6:26 PM, Keith Medcalf kmedc...@dessus.com wrote: What would be the point in blocking them? They don't even have electricity in the country, what would I worry about coming out of their IP block that wouldn't be more interesting than dangerous. Pretty obvious if it was really them behind the Sony hack, it was outsourced. For the few elite that do have Internet in DPRK it would be 1) a big inconvenience which would annoy them a lot and 2) they have to transmit what they want attacked to the outsourced crew (whoever they might be) somehow. I doubt the outsourced group has a fax#. I am pretty sure that they have fax machines in Washington Dee Cee. --- Theory is when you know everything but nothing works. Practice is when everything works but no one knows why. Sometimes theory and practice are combined: nothing works and no one knows why. -- BaconZombie 55:55:44:44:4C:52:4C:52:42:41 LOAD *,8,1
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
May I share some clue? The OP is probably not a native speaker of English. You don't play PC language games with people who you aren't *certain* are native speakers of English. Why? Because if you do I will show up at your door! I dunno, just don't do it, it's rude and stupid, imagine if you were trying to post in your college Arabic or French or whatever and got hit with subtleties like this instead of a simple answer. -b On December 27, 2014 at 14:35 clay...@mnsi.net (Clayton Zekelman) wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Hello, Let me (the OP) put an end to this : - I'm certainly not a native english speaker, but my english level is good enough to make myself clear / understandable. @Barry : No offense taken ;-) - Maybe this he/she false debate all started with an honnest/innocent mistake. I do not care about / pay attention / give importance about the gender of my fellow estimed networking pairs. @Clayton : Really, all I've asked for when I sent the initial email was a peering contact. Nothing more, nothing less. PERIOD ;-) Now that AS6713 has been publitized (more than they haven't asked for), maybe someone overthere will finally ping back ! After all, it's Xmas, you never know what santa can bring along with him. Wish you all a happy holiday season. Best regards. Le 27 déc. 2014 à 22:20, Barry Shein b...@world.std.com a écrit : May I share some clue? The OP is probably not a native speaker of English. You don't play PC language games with people who you aren't *certain* are native speakers of English. Why? Because if you do I will show up at your door! I dunno, just don't do it, it's rude and stupid, imagine if you were trying to post in your college Arabic or French or whatever and got hit with subtleties like this instead of a simple answer. -b On December 27, 2014 at 14:35 clay...@mnsi.net (Clayton Zekelman) wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Can I share a clue with you? This is a North American English language list. Threatening to show up at someone's door is a pretty douchebag way to make a point. What next? A rumble in the school parking lot at 3:45? The person who taught me about BGP in 1995 worked for a large international carrier at the time, and told me the story of how network technicians in the Middle East would refuse to talk to HER because she couldn't possibly know what SHE was talking about. That story of sexism has stuck with me since then. If it was a language mistake, then I educated the OP on the reason to use the right pronoun. If it was sexism, then I called him out on his bullshit. Either way Barry, if you want to come to my door, be my guest, but it will be at that moment you realize what a huge mistake you made. Sent from my iPhone On Dec 27, 2014, at 4:20 PM, Barry Shein b...@world.std.com wrote: May I share some clue? The OP is probably not a native speaker of English. You don't play PC language games with people who you aren't *certain* are native speakers of English. Why? Because if you do I will show up at your door! I dunno, just don't do it, it's rude and stupid, imagine if you were trying to post in your college Arabic or French or whatever and got hit with subtleties like this instead of a simple answer. -b On December 27, 2014 at 14:35 clay...@mnsi.net (Clayton Zekelman) wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Then it's probably a good thing that the English language has no gender-neutral third person singular pronoun appropriate for referencing a human being. Conventionally, the otherwise male pronoun he is used to refer to any individual whose gender is not known to the speaker. It offers no insult unless the recipient is looking for an excuse. The what if he's a she crack was stale when I was still in diapers and the pedantic follow on discussion about what the gender neutral pronoun should be is just as tedious. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Isn't it better actually to use they? https://en.wikipedia.org/wiki/Singular_they -- Grzegorz Janoszka On 2014-12-27 20:35, Clayton Zekelman wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Just drop it guys...please? :) Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 27, 2014 4:52 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: Isn't it better actually to use they? https://en.wikipedia.org/wiki/Singular_they -- Grzegorz Janoszka On 2014-12-27 20:35, Clayton Zekelman wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
On Sat, Dec 27, 2014 at 4:52 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: https://en.wikipedia.org/wiki/Singular_they https://en.wikipedia.org/wiki/Gender-specific_and_gender-neutral_pronouns#Generic_he To whom it may concern, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Poor form Clayton. This type of response is not helpful or constructive. Kenny Sent from my iPhone On Dec 26, 2014, at 5:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
That would work too! Sent from my iPhone On Dec 27, 2014, at 4:52 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: Isn't it better actually to use they? https://en.wikipedia.org/wiki/Singular_they -- Grzegorz Janoszka On 2014-12-27 20:35, Clayton Zekelman wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
Re: Anyone from Cloudflare ? (IPv6 issue)
On Dec 27, 2014, at 3:48 PM, Florian Weimer f...@deneb.enyo.de wrote: * Brandon Applegate: Otherwise - if anyone could share a way to get to clue @Cloudflare I would greatly appreciate it. I put a request in through the web support front door, but I got back about what I expected. Did you receive a reply? I tried to notify security@ about some issue, but never heard back from them. I did - I worked with some Cloudflare guys offlist and they made some (hopefully temporary) BGP path tweaks to route around where we think the trouble is buried. So kudos to them. If you want - let me know 1:1 and I can let you know who I worked with, although I’m not sure they are security focused. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Singular They! :D On Dec 27, 2014, at 2:35 PM, Clayton Zekelman clay...@mnsi.net wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR !DSPAM:549f0a5f299111688636950!
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
How about Queens English ... Oyi ! Or the American Spoken English ... Yo ! or Spanglish... Oyime ? Give it up ! next we will be discussing how to write emails in dots and dashes ! :) Faisal Imtiaz Snappy Internet Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net - Original Message - From: Meagan darqch...@darqchild.com To: Clayton Zekelman clay...@mnsi.net Cc: nanog@nanog.org Sent: Saturday, December 27, 2014 4:07:46 PM Subject: Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact Singular They! :D On Dec 27, 2014, at 2:35 PM, Clayton Zekelman clay...@mnsi.net wrote: That is why the better pronoun choice would have been 'you', not 'he' or 'she'. Sent from my iPhone On Dec 27, 2014, at 1:47 PM, Javier J jav...@advancedmachines.us wrote: What if they don't identify as a he or a she? On Fri, Dec 26, 2014 at 6:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR !DSPAM:549f0a5f299111688636950!
Re: Shapefiles, KMZs, etc.
If you have KMZ files you have compiled from public sources, can you make them available? This would be very useful to have for project I work on from time to time. On Sat, Dec 27, 2014 at 1:00 PM, Mike Hammett na...@ics-il.net wrote: I am looking for shapefiles, KMZs, etc. for networks primarily in the Midwest, but really throughout the area that is the scope of this list. I am a small ISP that just happens to know more than your average ISP about where people are and how to use GIS tools. I use them to help other ISPs find transport and they may come in handy for some start-up IX work I'm involved with. They would not go public and I would be willing to sign NDAs to get them. I have gotten several form public sources, but I may not have gotten all of the public ones and I have some (but still only a few) private ones. Thank you. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
On Sun, 28 Dec 2014 01:50:57 +, Faisal Imtiaz said: Give it up ! next we will be discussing how to write emails in dots and dashes ! Somebody would *still* find a way to misinterpret it. When I ran a Scouting event for the district a few years ago, I had each competition station give the teams coded clues where the next station was. At one station, the clue was a length of surveyor's twine with knots in it. They had to figure out that overhand knots were dots, and figure eights were dashes, and then decode it with the morse code chart they had acquired along the way. As $DEITY is my witness, I never considered the possibility they'd start at the wrong end of the string pgpKV6Aneifd3.pgp Description: PGP signature
Re: Shapefiles, KMZs, etc.
I'll make sure that Telecom Ramblings gets all public sources I find. They would also have links to maps that aren't in a spatial format ie: PDFs, interactive web sites, etc. I'm looking for spatially enabled maps so I can see them all on the same screen, turn layers on and off, measure builds, and other GIS type work. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Javier J jav...@advancedmachines.us To: Mike Hammett na...@ics-il.net Cc: NANOG list nanog@nanog.org Sent: Saturday, December 27, 2014 8:59:09 PM Subject: Re: Shapefiles, KMZs, etc. If you have KMZ files you have compiled from public sources, can you make them available? This would be very useful to have for project I work on from time to time. On Sat, Dec 27, 2014 at 1:00 PM, Mike Hammett na...@ics-il.net wrote: I am looking for shapefiles, KMZs, etc. for networks primarily in the Midwest, but really throughout the area that is the scope of this list. I am a small ISP that just happens to know more than your average ISP about where people are and how to use GIS tools. I use them to help other ISPs find transport and they may come in handy for some start-up IX work I'm involved with. They would not go public and I would be willing to sign NDAs to get them. I have gotten several form public sources, but I may not have gotten all of the public ones and I have some (but still only a few) private ones. Thank you. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com