in the comments field:
http://psg.com/as3130/
Regarding strange announcements by AS 3130 of prefixes in
98.128.0.0/16 is in the big headings on the top of that page.
He is no doubt announcing it with an origin AS of 3130 so no person or
router complains about inconsistent origins.
--
Nathan Ward
).
--
Nathan Ward
, as opposed to invalid or untrusted or whatever normally
comes up.
Screenshot of the GUI:
http://don.braintrust.co.nz/~nward/netalyzr.png
--
Nathan Ward
, I'll get an auxiliary ringer.
Does anyone have a phone model that they find to be excellent in a
louder than usual data center?
Not 100% what you asked for, but the noise cancelling Jawbone
bluetooth earpieces are great.
--
Nathan Ward
in how
the outer IPv4 destination is built, taken from the inner IPv6
destination address.
6over4 is different again.
I think someone wrote a draft explaining this a while back.. not sure
where or what it was called.
--
Nathan Ward
:FN2233-RIPE
source: RIPE # Filtered
Dispatch someone from IETF, that is on in Stockholm right now.
Actually, Paul Jakma might be there, dispatch him if it really is a
Quagga bug.
--
Nathan Ward
in to private VLANs on Cisco, or whatever similar feature
exists for your vendor.
--
Nathan Ward
browser's queries, despite what nslookup shows in a
terminal window.
As you are on OS X, have a read of
http://developer.apple.com/documentation/Darwin/Reference/Manpages/man5/resolver.5.html
It lets you do per-domain resolvers, and so on.
--
Nathan Ward
.
--
Nathan Ward
of the network closely, but I'm
sure there are other places higher up the list than FTE..
--
Nathan Ward
tied in to silly
rules, nor do you get IGP bloat.
I have an extensible IP management tool that I've been hacking on
heaps in the last week that does this stuff for you. It should be
ready for people to tinker with in the next few weeks.
--
Nathan Ward
--
Nathan Ward
, there was no
win
to be had in classful.
This is really this basis of my reply, so, I'll just say +1
Read about how sparse allocation/binary chop stuff works. You get the
same amount of routes in your IGP table (or less) but it's much more
flexible.
--
Nathan Ward
this
technique with /44s or /40s, or something.
--
Nathan Ward
for one or two troublesome ASNs as a quick hack at 3am - don't
do it unless you understand why it works and why you shouldn't do it.
--
Nathan Ward
make more sense.
I echo Roland's comment, but I'll make it more specific - stay away
from anything with spanning tree in it.
--
Nathan Ward
in the past several times
and it's *ok*. Now though, I say don't bother, this thing is maybe a
couple hundred dollars, and saves you oodles of time fooling around
making it work reliably.
--
Nathan Ward
be an easy thing to do. On a personal note, I hope
that we DO need to expand IPv6 allocations to ISPs as this thing
finally gets deployed.
My understanding is that the RIRs are doing sparse allocation, as
opposed to reserving a few bits. I could be wrong.
--
Nathan Ward
that are direct customers of Verizon.
What about the small matter of all of the current s for the the
IPv6 enabled root DNS servers?
--
Nathan Ward
good data on this.
--
Nathan Ward
On 14/10/2009, at 3:49 PM, Chris Adams wrote:
Once upon a time, Nathan Ward na...@daork.net said:
On 14/10/2009, at 2:14 PM, Chris Adams wrote:
What about web-hosting type servers? Right now, I've got a group of
servers in a common IPv4 subnet (maybe a /26), with a /24 or two
routed
to each
/2009, at 11:26 PM, Adrian Chadd wrote:
Nathan Ward, please stand up.
Adrian
On Tue, Oct 13, 2009, TJ wrote:
-Original Message-
From: Justin
To go along with Dan's query from above, what are the preferred
methods
that other SPs are using to deploy IPv6 with non-IPv6-capable edge
of people, when in reality it's a solution for a small number of
people.
Thanks for the point about the tunnel brokers though, I missed that,
I'll update this tomorrow with any suggestions I get before then.
--
Nathan Ward
have two sites without a guaranteed
link between them.
This is a bit annoying though, yeah. But, I'm not sure I can think of
a good solution that doesn't involve us changing the routing system so
that we can handle a huge amount of intentional de-aggregates or
something.
--
Nathan Ward
AdvAutonomousFlag?
--
Nathan Ward
in DHCPv6:
http://www.ietf.org/mail-archive/web/dhcwg/current/msg07412.html
--
Nathan Ward
.
Perhaps, but if you're operating a LAN segment you're going to want to
filter rouge RA and DHCPv6 messages from your network, just like you
do with DHCP in IPv4.
Filtering RA and DHCPv6 are done in very similar ways.
--
Nathan Ward
On 18/10/2009, at 9:52 PM, Chuck Anderson wrote:
On Sun, Oct 18, 2009 at 09:29:41PM +1300, Nathan Ward wrote:
Perhaps, but if you're operating a LAN segment you're going to want
to
filter rouge RA and DHCPv6 messages from your network, just like
you do
with DHCP in IPv4.
Filtering RA
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean SLAAC, it just means RA.
--
Nathan Ward
On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean
because there was a bit of confusion.
--
Nathan Ward
often
than you'd sometimes like.
That's why we have Unique Local Addresses.
--
Nathan Ward
On 20/10/2009, at 3:10 PM, bmann...@vacation.karoshi.com wrote:
On Tue, Oct 20, 2009 at 03:07:39PM +1300, Nathan Ward wrote:
On 20/10/2009, at 3:02 PM, Bill Stewart wrote:
plus want the ability to take their address
space with them when they change ISPs (because there are too many
devices
timestamps gives you the latency in
that direction.
I believe a packet is sent, and the target router responds with a
timestamp.
But yeah, timestamps are being compared.
I'm with Perry though - sounds like your clocks are drifting.
--
Nathan Ward
or some type?
I suggest sticking with RT.
I run RT on CentOS by maintaining a separate Perl libs dir for the
cpan modules that are required by RT and keeping it separate from the
OS managed stuff, it works very well.
--
Nathan Ward
if you only
accept signed advertisements.. I don't know if that is the intended
default mode or not.. Need to do some reading I guess.
--
Nathan Ward
I haven't used cacti in a while, but does it let you combine several
RRD files in to one graph? If so that's useful for power stuff,
because you're likely to want to graph an aggregate of several things
across different devices - for example a+b power of a server, or
aggregate power usage
within a current RIR pool, not so much.
--
Nathan Ward
On 28/10/2009, at 2:20 PM, Church, Charles wrote:
This is puzzling me. If it's from non-announced space, at some
point some router should report no route to it. How is the TCP
handshake performed to allow a sync to turn into spam?
Unallocated is not the same as unannounced.
anything on their site that provides a BGP feed of
prefixes allocated by RIRs, which I think is what we're talking about
here.
--
Nathan Ward
Apologies if this message is brief, it is sent from my cellphone.
On 29/10/2009, at 11:33, Walter Keen walter.k...@rainierconnect.net
wrote:
Most aDSL modems if set to PPPoE (I think Actiontec's come this
way by
default) will send the mac as the pppoe un/pw.
David E. Smith wrote:
about
10/100/1000mbit connections, you might want to put something in place
that prevents several people testing at once.
--
Nathan Ward
wireshark's Lua
extension system to write a plugin to do this for you right within
wireshark.
The wireshark/Lua stuff is quite powerful (though not super super
fast), it's a really useful tool to have on hand.
--
Nathan Ward
on the outside?
He is confused, and means 6to4.
Also the airport extreme does not do DHCPv6-PD or anything (as far as
I know, they certainly did not last time I tried), so I don't know
that we'd really call them an IPv6 CPE in the way that I suspect Wade
means.
--
Nathan Ward
.)
Yes it will break auto MDI/MDI-X.
--
Nathan Ward
around this, encourage your ISP to build a 6to4 relay,
which is a couple of commands on a spare Cisco router. For extra
points, get them to build out a Teredo relay as well, which is a few
commands on a spare Linux box.
--
Nathan Ward
gets you best of both
worlds.
--
Nathan Ward
On 13/10/2008, at 3:46 PM, Daniel Senie wrote:
At 06:05 PM 10/12/2008, Nathan Ward wrote:
On 13/10/2008, at 9:53 AM, Stephen Sprunk wrote:
Mikael Abrahamsson wrote:
This brings up an interesting question, should we stop announcing
our 6to4 relays outside of Europe? Is there consensus
to perform poorly.
--
Nathan Ward
On 13/10/2008, at 7:18 PM, Mikael Abrahamsson wrote:
On Mon, 13 Oct 2008, Nathan Ward wrote:
6to4 is enabled by default in Vista - any Vista machine with a non-
RFC1918 address will use 6to4. It is also available in some linksys
routers, and is enabled by default in Apple Airport Extreme
.
--
Nathan Ward
this chicken/egg thing it's not even funny, just do it
already. Well, if you don't it's no problem I suppose, your users are
automatically tunnelling across you already.
If you're only thinking about doing a small IPv6 deployment now,
you're behind the curve.
--
Nathan Ward
network now. That makes it a monetary thing,
something they understand better perhaps..
Yep, this post is going against my best instincts.
--
Nathan Ward
for many people.
--
Nathan Ward
down it, perhaps talk to your L2
service provider and see if they can provide you with this in parallel
to your L2 service.
--
Nathan Ward
on context, and quality degrades during packet loss
before you get silence.
The i stands for Internet - so no surprise it works great in typical
Internet conditions.
--
Nathan Ward
On 16/11/2008, at 5:30 PM, Matthew Moyle-Croft wrote:
Is the spam SMTP meant to be originating from the McColo ranges or
is it being used to control other machines elsewhere?
The latter.
--
Nathan Ward
to be globally
reachable. Maybe to stop uRPF breaking ICMP messages if routers on the
exchange respond from their interface address.. though.. I'd prefer to
make my routers respond from loopback or something.
--
Nathan Ward
[1] Maybe I mean allocated, whatever.
--
Nathan Ward
- it is a
core component of how switching works across the platform.
They really seem to have thrown away a whole bunch of conventional
thinking, and the result is, in my opinion, really quite good.
--
Nathan Ward
[1] I believe that it's the same L2 service that you use when creating
, however when that non-RFC1918 address is
behind NAT, or some sort of packet filter, then it doesn't work so
well, and the client does not have a way to detect that reliably.
--
Nathan Ward
million PCs that aren't going to do their patches.
I still plan to.. hopefully I'll get around to it when I feel a bit
less jaded :-)
--
Nathan Ward
On 20/11/2008, at 11:05 AM, Jack Bates wrote:
Nathan Ward wrote:
The problem here is XPSP2/Vista assuming that non-RFC1918 =
unfiltered/unNATed for the purposes of 6to4.
Well, deeper problem is that they're using 6to4 on an end host I
suppose - it's supposed to be used on routers.
While I
/malik_tcpdump_filters.html
You might also consider using netflow instead of tcpdump, there are
lots of tools available for processing netflow data in ways that are
useful to network operators.
--
Nathan Ward
IN A 68.142.254.15
yf2.yahoo.com. 1800IN A 68.180.130.15
;; Query time: 15 msec
;; SERVER: 68.180.131.16#53(68.180.131.16)
;; WHEN: Wed Dec 3 15:35:07 2008
;; MSG SIZE rcvd: 105
!DSPAM:22,4936edf127844578318734!
--
Nathan Ward
. If anyone knows of some software that works well for this
I would appreciate letting me know.
iPerf.
--
Nathan Ward
with it.
--
Nathan Ward
[1] I only tried with FreeBSD, I'm told OpenBSD is similar.
+!
--
Nathan Ward
, but I've often used this one as being pretty good.
(whois -h whois.radb.net AS3356)
--
Nathan Ward
could find themselves
facing random black holes.
People are filtering /24s without a 0/0 route?
--
Nathan Ward
On 23/12/2008, at 2:39 PM, Joe Provo wrote:
On Tue, Dec 23, 2008 at 02:34:39PM +1300, Nathan Ward wrote:
[snip]
Let me rephrase; Are there people who are filtering /24s received
from
eBGP peers who do not have a default route?
of course.
Curiously, it was really meant as a rhetorical
recursive DNS server addresses that the DHCPv6 server
hands out.
If they are so inclined, they might even re-number dynamically if they
get their prefix using PD.
--
Nathan Ward
advertise v4 prefixes in v6 sessions, keep them separate.
If you do, you have to do set next-hops with route maps and things,
it's kind of nasty.
Better to just run a v4 BGP mesh and a v6 BGP mesh.
--
Nathan Ward
On 4/02/2009, at 2:43 PM, Steve Bertrand wrote:
Nathan Ward wrote:
On 4/02/2009, at 2:33 PM, Steve Bertrand wrote:
- Currently, (as I write), I'm migrating my entire core from IPv4 to
IPv6. I've got the space, and I love to learn, so I'm just lab-ing
it up
now to see how things will flow
is waiting for hosts to do a DHCPv6 query to get a new
address. That is sub-optimal.
--
Nathan Ward
to the 69,000 other NANOG posts on the topic.
--
Nathan Ward
to each customer - if they need
more they ask for it automatically.
--
Nathan Ward
a trade off between 65k ISP server networks, and 65k link nets.
Let's say 32k for each.
--
Nathan Ward
I am told that juniper have just released their E series code to do
hitless failover and ipv6cp at the same time.
If you are not running hitless it has been working for some time.
Apologies if this message is brief, it is sent from my cellphone.
On 5/02/2009, at 17:29, Matthew Moyle-Croft
Apologies if this message is brief, it is sent from my cellphone.
Begin forwarded message:
From: Nathan Ward
On 5/02/2009, at 16:58, Chris Adams cmad...@hiwaay.net wrote:
Since NAT == stateful firewall with packet mangling, it would be much
easier to drop the packet mangling and just use
~1million entries because our hardware-based
routers might run out of TCAM and bring the whole network to a
screeching halt.
Or more than 256k routes on a SUP2, or 192k/239K routes on a SUP720.
We are at 285798 as of last CIDR report.
So, I guess you should be worried.. now :-)
--
Nathan
only requires touching the router sending the RA
messages.
--
Nathan Ward
will run out of food.
--
Nathan Ward
differently for multiple hosts on a single
broadcast domain? There are some people that do that, but as Randy
would say, it is something that I would encourage my competitors to do.
--
Nathan Ward
customer is
listening to RA messages. The problem may very well exist right now.
--
Nathan Ward
their external IPv4 address changes.
--
Nathan Ward
in
to Iljitsch's mouth.
--
Nathan Ward
/fix SLAAC
because you have a problem with it then again, I encourage you to get
involved in the IETF.
--
Nathan Ward
boxes.
...or, until we have another way of getting resolvers that has
widespread adoption..
--
Nathan Ward
this differently.
--
Nathan Ward
IPv4 servers. NAT-PT allowed for the opposite direction, IPv4
clients connecting to IPv6 servers - NAT64 does not.
The server must have an A record in DNS, and the client must use that
name to connect to - just like NAT-PT.
--
Nathan Ward
for
the edge.
--
Nathan Ward
/16, but I could be wrong.
--
Nathan Ward
[1] Yes I know that this is not allowed under current policy at any RIR.
as
well for those of you wanting to use DHCPv6 for addressing - RA is not
giving out addressing information, and is only giving out Use DHCPv6
bits and a router address.
--
Nathan Ward
to a number of problems.
--
Nathan Ward
.
--
Nathan Ward
there are lots of people who want auto configuration in IPv6
but who clearly do not do this in IPv4. That seems strange, to me.
--
Nathan Ward
implementation of DHCPv6 for address assignment does.
Better? :-)
--
Nathan Ward
On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
In a message written on Thu, Feb 19, 2009 at 09:44:38AM +1300,
Nathan Ward wrote:
I guess you don't use DHCP in IPv4 then.
No, you seem to think the failure mode is the same, and it is not.
Let's walk through this:
1) 400 people get
that.
That way, we get DHCPv6 vs. SLAAC selection when a host connects to
the network without having to manually configure, and we get IPv4
DHCP-like behaviour.
--
Nathan Ward
On 19/02/2009, at 10:07 AM, Leo Bicknell wrote:
In a message written on Thu, Feb 19, 2009 at 10:00:48AM +1300,
Nathan Ward wrote:
The point I am making is that the solution is still the same -
filtering in ethernet devices.
No.
I agree that in some enviornments DHCPv4/DHCPv6/RA filtering
some bus architectures know about how multicast
works, and it consumes *less* resources than doing the same thing with
many unicast streams. If the bus does not know about multicast, then
the bus would treat it as 24 unicast streams, surely.
--
Nathan Ward
1 - 100 of 194 matches
Mail list logo
