Re: The Making of a Router

On the topic of building a software router for an ISP, has anyone tried it using OpenFlow? The idea is to have a Linux server run BGP and a hardware switch to move the packets. The switch would be programmed by the Linux server using the OpenFlow protocol. I am looking at the HP 5400 zl switches

Re: The Making of a Router

fail over, so I will not go down with just one server crash. Poor performance on the servers will not affect customer traffic directly. Regards, Baldur On Fri, Dec 27, 2013 at 2:11 PM, Eugeniu Patrascu eu...@imacandi.netwrote: On Fri, Dec 27, 2013 at 3:05 PM, Baldur Norddahl baldur.nordd

Re: The Making of a Router

On Fri, Dec 27, 2013 at 4:18 PM, Jon Sands fohdee...@gmail.com wrote: On Dec 27, 2013 10:08 AM, Baldur Norddahl baldur.nordd...@gmail.com wrote: We are an upstart and just buying the fancy Juniper switch times two would burn half of my seed capital. Then you didn't ask for nearly enough

Re: The Making of a Router

On Fri, Dec 27, 2013 at 6:48 PM, Justin M. Streiner strei...@cluebyfour.org wrote: If you want to use servers as routers, that's your choice. I think what most people in the thread have been saying is not to use one server (or even a pair of servers) for everything. It's one thing if server

Re: The Making of a Router

On Sat, Dec 28, 2013 at 12:56 AM, Jon Sands fohdee...@gmail.com wrote: Yes, and in that world, one should probably not start up a FTTH ISP when one has not even budgeted for a router, among a thousand other things. And if you must, you should probably figure out your cost breakdown beforehand,

Re: The Making of a Router

On Sat, Dec 28, 2013 at 3:14 AM, Jon Lewis jle...@lewis.org wrote: On Fri, 27 Dec 2013, Baldur Norddahl wrote: Another told Nick Cameo that if he can afford a 10G link, he can afford Juniper. You could not be more wrong. The 10G uplink goes for $0 in initial fee and less than $4k / month

Re: The Making of a Router

On Sat, Dec 28, 2013 at 3:50 AM, Brian Loveland br...@aereo.com wrote: Interested on where you are buying transit at $1750/mo for full 10G ports ($0.175/meg)? I did not that claim that. I said two times $21k divided by 12 = $3500 per month. Try he.net. Regards, Baldur

Re: The Making of a Router

On Sat, Dec 28, 2013 at 4:10 AM, Randy Bush ra...@psg.com wrote: clearly you have a deep understanding of what you are doing, the market, what costs and capabilities are, and where to get what you need. now please remind me of what it was you were asking. randy I asked if anyone here has

Re: The Making of a Router

On Sat, Dec 28, 2013 at 8:09 AM, sten rulz stenr...@gmail.com wrote: Hello Baldur, Your design regarding proxy arp for every VLAN might hit some issues. If you look at the nanog history you will find people having issues with proxy arp for large number of VLANs, what is your requirement for

Re: turning on comcast v6

On Tue, Dec 31, 2013 at 12:24 AM, Leo Bicknell bickn...@ufp.org wrote: Here's what you will soon find: 1) The IPv6 pings on both machines cease to work. That will not actually happen. An IPv6 router is only allowed to announce a prefix by RA if it has a working uplink. Nonetheless you are

Re: turning on comcast v6

On Fri, Jan 3, 2014 at 9:40 AM, Doug Barton do...@dougbarton.us wrote: On 01/02/2014 10:30 PM, TJ wrote: I'd argue that while the timing may be different, RA and DHCP attacks are largely the same and are simply variations on a theme. Utter nonsense. The ability to nearly-instantly switch

Re: turning on comcast v6

On Fri, Jan 3, 2014 at 10:24 AM, Doug Barton do...@dougbarton.us wrote: ... and yet most IPv4 networks are not completely unprotected. We are apparently talking about completely unprotected networks here. Otherwise there is simply no problem. You would be filtering RA and many other things,

Re: turning on comcast v6

On Sat, Jan 4, 2014 at 2:12 AM, Doug Barton do...@dougbarton.us wrote: If you did add default route to DHCPv6, what is then supposed to happen to the other routes, that the client might discover? You would configure the client not to do RS, and to ignore any RAs that it receives. Simple.

BGP multihoming

Apologies for a RIPE question on NANOG, although I believe this issue will soon enough to be relevant for the ARIN region as well. I had a customer ask if we could provide him with BGP such that he could be multihomed. He already has 128 IP addresses from another ISP. Obviously a /25 is a non go

Re: -48VDC supply for home lab?

I am using this: http://www.newark.com/xp-power/jpm160ps48/psu-160w-48v-3-3a/dp/97K2572 Locally it is available here for about $50 USD as new. I found it in a shop selling electronics for disco - don't tell them you are doing networks, that info will multiply the price by 10 :-). Regards,

The somewhat illegal fix for NTP attacks

Hi The following would probably be illegal so do not actually do this. But what if... there are just 4 billion IPv4 addresses. Scanning that address-space for open NTP is trivially done in a few hours. Abusing these servers for reflection attack is as trivial, hence the problem. How can we get

Re: Access hardware for small FTTP deployment

Hi I would use PON or WDM and move the active equipment to a more sane location. We use Zhone which have a one unit four port OLT (MXK-194). Or if you do not mind using GEPON instead of GPON then look at some Chinese suppliers. You can probably get a GEPON switch for about 1000 USD. Another

Re: Verizon Public Policy on Netflix

Hi, Here is a different tale from another small ISP. We quite like Netflix (and HBO Nordic and all the other streaming services). We are a FTTH provider and services like Netflix is why people are buying our service instead of going with 4G LTE or ADSL. Without content we have nothing. Yes we

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

On 15 July 2014 06:21, Brett Glass na...@brettglass.com wrote: Perhaps it's best to think of it this way: I'm outsourcing some backbone routing functions to my upstreams, which (generously) aren't charging me anything extra to do it. In my opinion, that's a good business move. Ah but they

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

On 15 July 2014 17:03, Brett Glass na...@brettglass.com wrote: At 06:49 AM 7/15/2014, Baldur Norddahl wrote: Ah but they are charging you for it. You are paying approximately 40x as much for your bandwidth as you should be (you said you paid 20 USD/Mbps - an outrageous rate). You have a link

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

Brett, you are missing my point. I am no expert on wireless links and the equipment I pointed at might be garbage. But you have a backhaul problem that you need to solve. If not that equipment, then something else. You are balking up the wrong tree with Netflix. People want high bandwidth video

Re: Verizon Public Policy on Netflix

On 17 July 2014 00:57, Owen DeLong o...@delong.com wrote: If Netflix had a closed or limited peering policy, then I'd say shame on Netlfix. If Netflix only peered in an exchange point or two near corporate HQ and didn't have an extensive nationwide network, I'd say shame on Netflix. Reality

Re: BGP per-flow load balancing between eBGP and iBGP learned prefix

Hi, Your problem is that the LB will only deliver traffic to one router. You then want that router to send half of the traffic to the other router via a default route. But that is unsound: The other router would be configured with a similar multipath default route and send half of the traffic

Re: IPv6 Default Allocation - What size allocation are you giving out

We assign a /128 by DHCPv6 (*). And then we assign a /48 by DHCPv6-PD prefix delegation. To everyone no matter what class of customer they are. You are thinking about it wrong. It is not about what the customer need but about what you need. Do you really have a need to use more than 48 bits for

Re: IPv6 Default Allocation - What size allocation are you giving out

On 9 October 2014 19:55, Richard Hicks richard.hi...@gmail.com wrote: The BCOP specfically addresses this in 4b: *b. Point-to-point links should be allocated a /64 and configured with a /126 or /127* Why do people assign addresses to point-to-point links at all? You can just use a host /128

Re: IPv6 Default Allocation - What size allocation are you giving out

On 9 October 2014 22:01, Owen DeLong o...@delong.com wrote: Why do people assign addresses to point-to-point links at all? You can just use a host /128 route to the loopback address of the peer. Saves you the hassle of coming up with new addresses for every link. Same trick works for

Re: IPv6 Default Allocation - What size allocation are you giving out

On 9 October 2014 22:32, Roland Dobbins rdobb...@arbor.net wrote: On Oct 10, 2014, at 3:25 AM, Baldur Norddahl baldur.nordd...@gmail.com wrote: I am sure there are. Tell me about them. This issue has been discussed on all the various operational lists many, many times over the years

Re: IPv6 Default Allocation - What size allocation are you giving out

. It is the correct behavior. Try unplugging the netcable from your computer - you will NOT lose the IP-address unless you have a DHCP daemon that takes it away. Regards, Baldur On 9 October 2014 22:38, Owen DeLong o...@delong.com wrote: On Oct 9, 2014, at 1:25 PM, Baldur Norddahl baldur.nordd

Re: IPv6 Default Allocation - What size allocation are you giving out

On 9 October 2014 23:18, Roland Dobbins rdobb...@arbor.net wrote: On Oct 10, 2014, at 4:13 AM, Baldur Norddahl baldur.nordd...@gmail.com wrote: My colleges wanted to completely drop using public IP addressing in the infrastructure. Your colleagues are wrong. Again, see RFC6752. Yes

Re: IPv6 Default Allocation - What size allocation are you giving out

On 10 October 2014 00:37, Roland Dobbins rdobb...@arbor.net wrote: On Oct 10, 2014, at 5:04 AM, Baldur Norddahl baldur.nordd...@gmail.com wrote: NONE of the problems listed in RFC 6752 are a problem with using unnumbered interfaces. As far as Section 8 goes, you're even worse off than

Re: ARIN / RIR Pragmatism (WAS: Re: RADB)

The RIPE IRR is secure. Why not just copy that for the other regions? Baldur

Re: Is it unusual to remove defunct rr objects?

On 1 November 2014 23:18, Rob Seastrom r...@seastrom.com wrote: Where on the public Internet? Do networks run by organizations such as SITA, ARINC, BT Radianz, UK MOD, and US DOD that use globally unique space and may interconnect with each other in some way (and could hypothetically be

Re: I am about to inherit 26 miles of dark fiber. What do I do with it?

Hi, 26 miles is not a long distance when working with fiber. I would have just one active POPs (or two for redundancy). Use DWDM to expand your 6 strands into as many links as you need. You could also use GPON with splitters, although that will only deliver 1 Gbps (on a shared 2.4 Gbps) at this

Re: I am about to inherit 26 miles of dark fiber. What do I do with it?

Hey come on. Yes it is complex but not impossible to learn on the job. You have absolutely no knowledge of his skills and know almost nothing about the project. How can you say anything about the impossibility of overcoming the challenges ahead? One thing that amazes me about NANOG is that while

Re: A case against vendor-locking optical modules

If they really wanted to lock you in, they would have triangular modules instead of square... Or I suppose the vendors like to be able to shop around for modules, before they relabel and sell them to you at a 10x markup.

How do I handle a supplier that delivered a faulty product?

Hello, We are a small FTTH provider and our main business is selling 1000/1000 internet. Our network is GPON based. We recently made the mistake of buying a large shipment of Zhone 2301 modems (ONU). We did test this device before purchase, but unfortunately we failed to notice a severe fault

Re: Followup: Survey results for the ARIN RPA

We signed our ROAs but we wont be validating anything from the ARIN region. I believe you will find this to be the norm. The tool provided by RIPE also ignores ARIN by default. Someone will probably tell me that I am being arrogant again, but basically you are asking me to help protect your

Re: Followup: Survey results for the ARIN RPA

/2014 23.46 skrev Mark Andrews ma...@isc.org: In message CAPkb-7DmELgaD0F= paxdjzupgi5vqp0pp8ysysl+gkxldmj...@mail.gmail.com , Baldur Norddahl writes: We signed our ROAs but we wont be validating anything from the ARIN region. I believe you will find this to be the norm. The tool provided

Re: How do I handle a supplier that delivered a faulty product?

Hi, Zhone reversed their stance on this and put everything on finding a fix. Now we have a working firmware that moves data at line speed with no need to put limits on downloads. Everyone are happy now. The 2301 with new firmware is performing as expected and seems like a good product for our

Re: How do I handle a supplier that delivered a faulty product?

this: http://www.speedtest.net/my-result/3962524900 - this is good as in reality the speedtest is what people are buying... Regards, Baldur On 16 December 2014 at 18:49, Justin M. Streiner strei...@cluebyfour.org wrote: On Tue, 16 Dec 2014, Baldur Norddahl wrote: Zhone reversed their stance

Re: MPLS VPN design - RR in forwarding path?

Is there a good reason to use actual router hardware for the route reflector role? Even a cheap server has more CPU and memory. If it is not in the forwarding path, this is a computing task - not a move packets at line speed task. Are anyone using Bird, Quagga etc. for this? Regards, Baldur

Re: OT - Small DNS appliances for remote offices.

That option is expensive in power fees... Den 18/02/2015 23.12 skrev Rich Kulawiec r...@gsp.org: Find someone unloading 50 old, physically small desktop PCs. Buy the lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2 live with the leftovers as on-site spares. If one

Re: scaling linux-based router hardware recommendations

I propose the hybrid solution: A device such as the ZTE 5960e with 24x 10G and 2x 40G will set you about USD 6000 back. This thing can do MPLS and L3 equal cost multiple path routing. With that you can load balance across as many software routers as you need. It also speaks BGP and can accept

Re: scaling linux-based router hardware recommendations

10g transceivers are not overly expensive if you buy compatible modules. SFP+ Direct attach cable is $16. SFP+ multimode module is $18. SFP+ singlemode LR module is $48. That is nothing compared to what vendors are asking for a real router. I believe there are many startups that are going for

Re: IPv6 allocation plan, security, and 6-to-4 conversion

Single stacking on IPv6 is nice in theory. In practice it just doesn't work yet. If you as an ISP tried to force all your customers to be IPv6 single stack, you would go bust. Therefore the only option is dual stack. The IPv4 can be private address space with carrier NAT - but you will need to

Re: IPv6 allocation plan, security, and 6-to-4 conversion

Den 30/01/2015 21.23 skrev Tore Anderson t...@fud.no: Kabel Deutschland, T-Mobile USA, and Facebook are examples of companies who have already or are in the process of moving their network infrastructure to IPv6-only. Without going bust. Assuming larger service providers are using MPLS in some

Re: IPv6 allocation plan, security, and 6-to-4 conversion

On 1 February 2015 at 20:10, Tore Anderson t...@fud.no wrote: - Tunneling moves the original layer-4 header into another encapsulation layer, so e.g. an ACL attempting to match an IPv6 HTTP packet using something like next-header tcp, dst port 80 will not work. With translation, it

Re: IPv6 allocation plan, security, and 6-to-4 conversion

. The internal network is not directly connected to the internet, so there is no need. Regards, Baldur Den 30/01/2015 21.23 skrev Tore Anderson t...@fud.no: * Baldur Norddahl Single stacking on IPv6 is nice in theory. In practice it just doesn't work yet. If you as an ISP tried to force all your

Re: booster to gain distance above 60km

on this curcuit... What booster and preamplifier i have to use on it?! I will buy a 8channel simplex ... C21/c51, c22/c52 etc Do you know what a booster and an amplifier i have to buy? Enviado via iPhone  Grupo Connectoway Em 28/03/2015, às 13:51, Baldur Norddahl baldur.nordd

Re: booster to gain distance above 60km

, Baldur Norddahl baldur.nordd...@gmail.com escreveu: Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add

Re: booster to gain distance above 60km

Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add in the DWDM splitter and two boosters. For each end of the

Re: OT: VPS with Routed IP space

You just need to enable proxy ARP on the box to simulate a routed subnet. Den 24/02/2015 19.25 skrev Alex Buie alex.b...@frozenfeline.net: Anybody know of or have recommendations for providers of small VPS-line boxen (or alternative solutions) to serve as GRE endpoints? (for a small amount of

Re: BGP offloading (fixing legacy router BGP scalability issues)

Filtering countries is a bad idea, but it is probably possible to create filters so 99% of your actual traffic is handled by a relatively small subset of global routes and the remaining 1% routed via a default route or via a Linux box. Anyone know of tools and methods to do this? How effective is

Re: How are you doing DHCPv6 ?

This reminds me that we have switches that will tag DHCPv6 packets with the equallent to option 82 however ISC-DHCP has no support for it. The switch will create a DHCP packet with two options, one being the user info and the other is encapsulating the original packet. ISC-DHCP will pick the

Re: Peering and Network Cost

So why is IX peering so expensive? Again if I look at my local IX (dix.dk) they have about 40 networks connected. Each network pays minimum 5800 USD a year. That gives them a budget of 24+ USD a year. But the only service is running an old layer 2 switch. Why do these guys deserve to be

Re: DWDM and EDFA and DCM

First: buy a power meter. They are really cheap and the only way to know for sure how much signal you got. It will also tell you how much launch power you have. The fiberstore modules are listed as 0 to +5 dBm launch power - if you got lucky it might be +5 and if you got a lower end module it

Re: Thousands of hosts on a gigabit LAN, maybe not

The standard 48 port with 2 port uplink 1U switch is far from full depth. You put them in the back of the rack and have the small computers in the front. You might even turn the switches around, so the ports face inwards into the rack. The network cables would be very short and go directly from

Re: Peering and Network Cost

Transit cost is down but IX cost remains the same. Therefore IX is longer cost effective for a small ISP. As an (non US) example, here in Copenhagen, Denmark we have two internet exchanges DIX and Netnod. We also have many major transit providers, including Hurricane Electric and Cogent. Netnod

Re: BGP offloading (fixing legacy router BGP scalability issues)

The SIR approach might not work if your switch does not support selective installing routes. Also the switch might have a very slow CPU and be memory constrained, making downloading a large number of routes impractical even if you do not install all. IX and transit providers are making this

Re: Multi-gigabit edge devices as CPE [TOPIC DRIFT!]

You can do this for free with equal cost multi path routing. You announce the same IP from multiple servers with eg. OSPF. Den 09/04/2015 19.34 skrev Barry Shein b...@world.std.com: On April 9, 2015 at 09:11 raphael.timo...@gmail.com (Tim Raphael) wrote: VyOS is a community fork of Vyatta

Re: Multi-gigabit edge devices as CPE [TOPIC DRIFT!]

such feature. I would use it to load balance the load balancers / web cache / ssl proxy and it should be quite good for that purpose. Regards Baldur Den 09/04/2015 21.48 skrev Barry Shein b...@world.std.com: On April 9, 2015 at 20:50 baldur.nordd...@gmail.com (Baldur Norddahl) wrote: You

Re: Low Cost 10G Router

You can save a ton if you drop the requirement for full routes. Ask for a simple default route and then calculate your most used routes offline and upload that daily to the switch. I believe if you have just a few thousand routes, your outbound will be nearly the same as with full routes. Your

Re: Low Cost 10G Router

ZTE M6000-3S. It is what we use. Works well for us. Just remember to get a memory upgrade to 8 GB memory or you will run out of RIB space. Regards Baldur Den 20/05/2015 18.43 skrev Colton Conor colton.co...@gmail.com: So, from the sounds of it most are saying for low cost, the way to go

Re: Android (lack of) support for DHCPv6

On 10 June 2015 at 14:03, Mikael Abrahamsson swm...@swm.pp.se wrote: On Wed, 10 Jun 2015, Baldur Norddahl wrote: We use DHCPv6 to assign just one IP address to the CPE. This is because otherwise our routers do not know where to route the /48 that is also passed along with DHCPv6-PD

Re: Android (lack of) support for DHCPv6

We use DHCPv6 to assign just one IP address to the CPE. This is because otherwise our routers do not know where to route the /48 that is also passed along with DHCPv6-PD. The routers are stupid I know, but it is what we got. So we simply implemented a variant of static routes for 2001:db8:x::/48

Re: Tunable SFP

Hi, I believe nobody actually answered the original question: is there any tunable SFP module available. Notice the lack of a + in that statement. The datasheets for modules cited in this thread are all 10G modules with minimum speed of 8.5G. Nothing that will work at 1G. But correct me if I am

Re: REMINDER: LEAP SECOND

On 19 June 2015 at 23:58, Harlan Stenn st...@ntp.org wrote: Bad idea. When restarting ntpd your clocks will likely be off by a second, which will cause a backward step, which will force the problem you claim to be avoiding. If you are afraid that your routers will crash due to the

Re: Anycast provider for SMTP?

On 19 June 2015 at 04:18, Larry Sheldon larryshel...@cox.net wrote: On 6/18/2015 16:40, Jonas Björk wrote: The clients speak unicast with one single ip-helper which address is shared by all the servers. They can't choose which ever server to talk to. One of us is confused (and it may

Re: Anycast provider for SMTP?

On 19 June 2015 at 10:39, Mike Meredith mike.mered...@port.ac.uk wrote: On Thu, 18 Jun 2015 15:51:31 -0400, Joe Abley jab...@hopcount.ca may have written: Since DHCP uses broadcast and multicast addresses when a client is discovering a server, it's not obvious why you'd have to. And

Re: Anycast provider for SMTP?

Den 18/06/2015 21.52 skrev Joe Abley jab...@hopcount.ca: On 18 Jun 2015, at 15:43, Jonas Björk wrote: While risking being slightly off topic: Does anyone use anycast dhcp servers? Have you run into any problems considering synching the leases? Since DHCP uses broadcast and multicast

Re: Android (lack of) support for DHCPv6

On 10 June 2015 at 15:53, Mikael Abrahamsson swm...@swm.pp.se wrote: Well, then you're not doing what most people do when they do DHCPv6-PD, you're using something else. This is the first time I have heard of anyone doing what you describe. I mentioned because the Android guy seems to be

Re: Greenfield 464XLAT (In January)

On 12 June 2015 at 07:14, Tore Anderson t...@fud.no wrote: Hi Baldur, MAP is *not* NAT; that's what's so neat about it. The users do get a public IPv4 address (or prefix!) routed to their CPE's WAN interface, towards which they can accept inbound unsolicited connections. True if you are

Re: DMARC in education

We use dmarcian.com to process the reports. Regards Baldur

Re: Android (lack of) support for DHCPv6

Can someone explain to me how Android uses SLAAC to implement tethering? SLAAC allows the Android device to have as many addresses it wants. But how does that allow it to reshare those address to a tethered device? A tethering device that might itself be running SLAAC or DHCPv6. If the tethering

Re: Android (lack of) support for DHCPv6

On 13 June 2015 at 09:11, Mikael Abrahamsson swm...@swm.pp.se wrote: On Fri, 12 Jun 2015, Baldur Norddahl wrote: Can someone explain to me how Android uses SLAAC to implement tethering? https://tools.ietf.org/html/rfc7278 -- I have not read it in detail, but correct me if I am wrong

Re: BGP Multihoming 2 providers full or partial?

Remember this: 1) for inbound traffic there will be no difference at all. 2) routers will ignore a static route if the link is down. If you can get BFD from the providers then even better. So you can emulate 99% of what you get with full routes by loading in static routes. A simple example

Re: BGP Multihoming 2 providers full or partial?

On 1 June 2015 at 15:29, Blake Hudson bl...@ispn.net wrote: Something to point out: Sometimes the device you connect to is up, but has no reachability to the rest of the world. Using static routes is.. well.. static. There are a few cases (such as the one mentioned) where a static route can

Re: BGP Multihoming 2 providers full or partial?

This is only a problem if you use so called tier 1 transit providers. The smaller fish in the pond have multiple transits themselves and will there by always have an alternative route available. Regards Baldur Den 01/06/2015 22.32 skrev William Herrin b...@herrin.us: On Mon, Jun 1, 2015 at

Re: AWS Elastic IP architecture

They could do 6rd by just flipping a switch on one of their routers. Granted it is not native IPv6 but maybe better than nothing. Regards Baldur

Re: Dual stack IPv6 for IPv4 depletion

Hi, Currently IPv4 is rather cheap. The first step is to conserve your resources by deploying schemes to effectively use your IPv4 allocation. You have to drop using a /30 for each customer and instead have your customer on a shared subnet. We group our customers up to 60 customers in a /26. I

Re: Dual stack IPv6 for IPv4 depletion

MAP solves that by splitting NAT into a part that can be done without state (route a port range to a customer) and the actual NAT which is then done on the CPE. It is also the only NAT solution that scales. Regards, Baldur On 5 July 2015 at 21:09, Owen DeLong o...@delong.com wrote: A NAT

Re: Greenfield 464XLAT (In January)

Hi, The price for IPv4 is about $10 per address. I do not expect that to become much more expensive in the short term, especially not in the Arin region where there is such abundance of allocated address space that could be freed for a quick dime. So is $10 one time fee for new users too much?

Re: Help Needed Segmenting Existing Network with Sophos UTM Cisco Catalyst switches and RHEL6 Hypervisors

The answer to this one is easy. Yes, there is very likely a series of steps, that will achieve what you want remotely. But... The data center is a long way away, and any downtime will be catastrophic. The slightest misstep and you will be down until you arrive at the site. So do not even think

Re: Peering + Transit Circuits

On 18 August 2015 at 14:29, Tim Durack tdur...@gmail.com wrote: 4. Don't worry about peers stealing transit. Because both of our transit providers implement source filters. Any packets received with a source IP not in the list of IP ranges registered by us will be dropped by the transit

Re: World's Fastest Internet™ in Canadaland

On 30 June 2015 at 22:32, Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: BTW, initally, Bell limits it to 940mbps. 940 Mbps is what speedtest.net will give you on a linespeed 1 Gbps connection. That sounds more like marketing people trying to understand overhead. Regards, Baldur

Re: RES: Exploits start against flaw that could hamstring huge swaths

Den 04/08/2015 19.18 skrev Christopher Morrow morrowc.li...@gmail.com: On Tue, Aug 4, 2015 at 12:51 PM, Baldur Norddahl baldur.nordd...@gmail.com wrote: On 4 August 2015 at 18:48, Joe Greco jgr...@ns.sol.net wrote: However, the original point was that switching from BIND to Unbound

Re: RES: Exploits start against flaw that could hamstring huge swaths

On 4 August 2015 at 18:48, Joe Greco jgr...@ns.sol.net wrote: However, the original point was that switching from BIND to Unbound or other options is silly, because you're just trading one codebase for another, and they all have bugs. It is equally silly to assume that all codebase are the

Re: Is it possible to roughly estimate network traffic distribution for given ASN?

You may be able to view what routes I announce but you still have no idea what my route policy is like. I might prefer one upstream over another due to pricing, latency, capacity or any other unknown reason. And that is never published. If you can not know my egress, you will not know my ingress

Re: BRAS sugestion

I have a related question. What functionality defines BRAS? I do not think I have any BRAS in my network, but I am not sure :-) Regards, Baldur

Re: Dual stack IPv6 for IPv4 depletion

On 17 July 2015 at 00:29, Joe Maimon jmai...@ttec.com wrote: All I am advocating is that if ever another draft standard comes along to enable people to try and make something of it, lead follow or get out of the way. If I understand correctly you want someone (not you) to write a RFC that

Re: FIB Sizing

On 22 July 2015 at 06:51, William Herrin b...@herrin.us wrote: The IPv4 BGP table has been growing by 10% to 15% per year since CIDR. It appears to be a compounding curve, not linear. IPv4 exhaustion is a new factor which may or may not impact the next 24 months' projection. There are

Re: Overlay broad patent on IPv6?

No 99% of the text is noise. Read the claims and notice the limitations: the patent is about a CPE with IPv6 without IPv4 that somehow acquires IPv4 as soon something does a DNS lookup that results in a reply without . It is a stupid idea if you ask me, so the patent is worthless. Regards,

Re: Dual stack IPv6 for IPv4 depletion

On 15 July 2015 at 01:34, Owen DeLong o...@delong.com wrote: For one thing a /32 is nowhere near enough for anything bigger than a modest ISP today. Many will need /28, /24, or even larger. The biggest ones probably need /16 or even /12 in some cases. What is the definition of a modest and a

Re: Remember Internet-In-A-Box?

On 15 July 2015 at 02:02, Mike mike-na...@tiedyenetworks.com wrote: I am a small provider with a 16 bit asn, a /20 and a /22 of ipv4 and a /32 of v6, but no clue yet how to get from where I am today to where we all should be. The flame wars and vitrol and rhetoric is too much noise for me to

Fwd: Overlay broad patent on IPv6?

Nah what you describe is a different invention. Someone probably already has a patent on that. The browser will do a DNS lookup on slashdot.org and then cache that - forever (or until you restart the browser). Yes it will ignore the TTL (apps don't get the TTL at all, so apps don't know). Same

Re: Overlay broad patent on IPv6?

Too bad it won't actually work. I type Slashdot.org in my browser. The web browser does DNS lookup. The CPE notices there is only an A record available and boots the IPv4 stack. However there is no way to push an IPv4 configuration to my computer. DHCP is pull not push. Even if there was, the web

Re: IGP choice

On 22 October 2015 at 22:57, wrote: > - Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4 > is less than optimal. I believe nowadays several vendors support > OSPFv3 for both IPv4 and IPv6 - but this is not universal. > Our configuration is MPLS VPNv6 for

Re: Updated Ookla Speedtest Server Requirements

On 10 November 2015 at 14:34, Lorell Hathcock wrote: > Good point. There will be no one customer that can get a 10G speedtest > from > us. But there will be hundreds that should be able to get a 1G test. > Should any of them try simultaneously, I want to be ready. Plus I

Re: Updated Ookla Speedtest Server Requirements

The speedtest.net is flash based. Many computers struggle to measure 1g speed and not because the network is slow. I think you will find it very hard to get a 10g measure. If you like us just want to be sure your 1g users get 1g even when other users are running parallel tests, you do not need to

Re: New ISPs getting of the ground without IPv4?

On 2 November 2015 at 12:53, wrote: > Surprisingly enough demand for Internet services did not end when we ran > out of IPv4. I'd like to hear from the guys and gals starting new ISPs how > they are facing this brave new world. > > Is it NATs all the way down? > No NAT. >

  1   2   3   4   5   6   >