Re: Large prefix lists/sets on IOS-XR

Hi Ytti, >> Pushing thousands of lines via CLI/expect automation is def not a great >> idea, no. Putting everything into a file, copying that to the device, and >> loading from there is generally best regardless. The slowness you refer to >> is almost certainly just because of how XR handles

Large prefix lists/sets on IOS-XR

Hi, What is the best/most efficient/most convenient way to push large prefix lists or sets to an XR router for BGP prefix filtering? Pushing thousands of lines through the CLI seems foolish, I tried using the load command but it seems horribly slow. What am I missing? :) Cheers! Sander ---

Re: SRv6 Capable NOS and Devices

Hi Randy, > this is quite true, and a serious issue. but it has a good side. if > you run an ipv6 enebled network, you can deploy srv6 without enabling > srv6 everywhere, only at the marking encaps or embed) points. nice for > partial and/or incremental deployment. Yep, that's what I like

Re: SRv6 Capable NOS and Devices

Hi, > No SRv6 is MPLS labeling where label is carried inside IP instead > before the IP header. Layering violation which increases complexity > and cost for no other purpose except dishonest marketing about 'it is > IP, you already understand it, MPLS is hard'. What worries me more is the

Re: strange scam? email claiming to be from the fbi

> Quite a bit of discussion on the outages mailing list. It was an exploited > HTML form on the FBI site. That's a flashback to the '90s :) Sander

Re: Juniper hardware recommendation

Hi! On Sat, 2021-05-15 at 11:38 +0300, Saku Ytti wrote: > Juniper has worked like this since day1 and shockingly the world > doesn't care, people really don't care for accuracy. CLI and SNMP are > both L3. If you want to report L2 'set chassis fpc N pic N > account-layer2-overhead'. > > However,

Re: OVH datacenter SBG2 in Strasbourg on fire 

> Again: all conjecture, which seems to be tolerated here. ;-) It's all good food for thoughts! It's important to learn from these things, because I (and I expect many others) assumed that fire suppression systems would prevent something like this from happening. It is good to think and talk

Re: NDAA passed: Internet and Online Streaming Services Emergency Alert Study

Hi, On Fri, 2021-01-01 at 17:07 -0500, Sean Donelan wrote: > The House on Monday and the Senate on Friday have overriden the > President's veto of the National Defense Authorization Act for > Fiscal Year 2021 passing it into law. > > Among the NDAA's various sections, it includes the Reliable

Re: 100G over 100 km of dark fiber

Hi, On 30-10-2020 15:33, Dale W. Carder wrote: You may also find that 100G PAM4 could work. There are some vendors that sell the optic, and an outboard EDFA + DCF pizza box. We are about to deploy these on a couple of dark fibers:

Re: Disney+ geolocation error for 213.134.224.0/19

Hi, > I had a similar issue here in Sweden. The contact point listed at > http://thebrotherswisp.com/index.php/geo-and-vpn/ > (netad...@disneystreaming.com) helped me with this pretty quickly. Useful link, thanks! Sander

Disney+ geolocation error for 213.134.224.0/19

Hi, Anybody around from Disney+? my main customer (Solcon) is an ISP in the Netherlands. One of our ranges is 213.134.224.0/19 and it seems to be classified as non-Netherlands. The official support channel doesn't get any further than "you must be using a VPN" even though we are the ISP and

Re: questions asked during network engineer interview

> I find there's a strong INVERSE correlation between the quantity of > certificates on an applicant's resume and their ability to do the > job. Never got a certificate, don't want one either :) Sander signature.asc Description: This is a digitally signed message part

Re: Mikrotik RPKI Testing

> Mostly. > > I'm only living without IPv6 for the moment, which is painful... :) OMG!!! Max, I'm so sorry to hear that :'( signature.asc Description: Message signed with OpenPGP

Re: "Is BGP safe yet?" test

Hi, > Removing a resource from the certificate to achieve the goal you describe > will make the route announcement NotFound, which means it will be accepted. > Evil RIR would have to replace an existing ROA with one that explicitly makes > a route invalid, i.e. issue an AS0 ROA for specific

Re: MX10003 rack size

Hi, > here it does fit in 600x1000 racks (APC & Minkels), with everything plugged, > airfilter/frontpanel installed, doors closed. > Front door / front rails / rear rails / rear door: 15cm / 72cm / 12cm I can confirm those measurements. We have installed two MX10003 routers in 100cm racks. As

Re: MAP-E

Hi Lee, > Also but, would that be a Net Neutrality problem, charging less for a service > that has arguably worse access to Amazon, Reddit, Twitter, etc.? Net neutrality as it is here in Europe usually is satisfied when no preferential treatment is given to a limited set of services (Netflix

MX10003 rack size

Hi, Has anyone ever managed to fit a Juniper MX10003 in a 90cm deep rack? Without applying power tools to either the rack or the router ;) Cheers, Sander signature.asc Description: Message signed with OpenPGP

Re: JunOS Fusion Provider Edge

Hi Aaron, > Can I test fusion using vMX and vQFX ? Will it work? I have tried and haven't managed to get it working. It's one of the improvements that I would like to see in vMX and vQFX. #featurerequest Cheers, Sander signature.asc Description: Message signed with OpenPGP

Re: QFX5k question

Hi, > thanks for quick reply. I forgot to mention, 2 x 10G providers with full > routing table on each. Those QFXs won't be able to hold full routing tables:

Re: A Deep Dive on the Recent Widespread DNS Hijacking

> Op 26 feb. 2019, om 10:56 heeft Bill Woodcock het volgende > geschreven: > > We need to get switched over to DANE as quickly as possible, and stop wasting > effort trying to keep the CA system alive with ever-hackier band-aids. +1 Sander signature.asc Description: Message signed with

Re: A Deep Dive on the Recent Widespread DNS Hijacking

Hi Paul, > Reread this and felt I should clarify that I realize that John and Doug > are not the ones saying DNSSEC is useless. I just hate to see the knee > jerk "oh, see, DNSSEC didn't save the day so it's obviously > useless". Let's give the world a better explanation. Security is only as

Re: Last Mile Design

Hi Mark, > My preference, for the home, would be Active-E. But I do understand the > economics that may support PON, and my position on that has softened over the > years. Same for me. I like the architecture where the PON splitters are in powered roadside cabinets (even though the splitter

Re: IP Dslams

Hi, >> How many devices are you looking for? >> Consider ZyXEL 1248: >> https://www.zyxel.com/uk/en/products_services/48-port-Temperature-Hardened-ADSL2--Box-DSLAM-IES-1248-5x-IES-1248-5xA-Series/ > > I had bad experiences with those. My apologies, my problems were with a different Zyxel model

Re: Google Fiber v6 PD only giving /64

Hi, > Anybody here from Google Fiber? When I first got it last year, my IPv6 > setup got a /56 prefix delegated. I now see that no matter what size I > request, I only get a /64. Is this intentional? Sounds broken, especially considering how people like Lorenzo have always fought for giving

Re: IP Dslams

Hi, > How many devices are you looking for? > Consider ZyXEL 1248: > https://www.zyxel.com/uk/en/products_services/48-port-Temperature-Hardened-ADSL2--Box-DSLAM-IES-1248-5x-IES-1248-5xA-Series/ I had bad experiences with those. When testing IPv6 they messed up the data inside the PPP session.

Re: Puerto Rico Internet Exchange

Hi, > In general an IX only makes sense when there are local resources to exchange. > It doesn’t seem like PR has a lot of, if any, content providers of its own, > so most consumer content is coming from offshore anyway. This can also work the other way: once there is a local IXP, it can open

Re: Rising sea levels are going to mess with the internet

Hi, > The available data does not support your speculation. > >> https://data.worldbank.org/indicator/EN.ATM.GHGT.KT.CE?locations=US-EU-CN Maybe it would be more fair to look at CO2 emissions per capita: https://data.worldbank.org/indicator/EN.ATM.CO2E.PC?locations=EU-US-CN Cheers, Sander

Re: Whois vs GDPR, latest news

Hi, >> The way GDPR is written, if you want to collect (and store) so much as >> the IP address of the potential customer who visited your website, you >> need their informed consent and you can’t require that they consent as >> a condition of providing service. > > What we were told is that

Re: Whois vs GDPR, latest news

Hi, >> Thanks for the clarification. But whether that fine will be less than 10M is >> extremely vague and (I guess?) left up to the opinions or whims of a Euro >> bureaucrat or judge panel, or something like that... based on very vague and >> subjective criteria. I've searched and nobody can

Re: Whois vs GDPR, latest news

Hi, > Dne 17/05/2018 v 15:03 Niels Bakker napsal(a): >> * na...@ics-il.net (Mike Hammett) [Thu 17 May 2018, 14:44 CEST]: >>> Agreed. This is garbage, un-needed legislation. >> >> Disagreed. These are great and necessary regulations.> >> I'm loving the flood of convoluted unsubscribe notices

Re: Cogent BCP-38

Hi, > Op 29 aug. 2017, om 15:29 heeft Rob Evans het > volgende geschreven: > >> Well, if you are using public IP addresses for infra you are violating your >> RIR’s policy more than likely. > > [Citation needed.] :) I am pretty confident that I know those policies

Re: Cellular enabled console server

Hi, > NANOG - Are any of you running a console server to access your network > equipment via a serial connection at a remote site? If so, what are you > using and how much do you like it? I have a project where I need to stand > up over 100 remote sites and would like a backdoor to the console

Re: Questions on IPv6 deployment

Hi Bill, > Op 17 jan. 2017, om 22:55 heeft William Herrin het volgende > geschreven: > > I'm always interested in learning something new. Please explain the > DOS vectors you're referring to and how they're mitigated by > allocating a /64 to the point to point link. One thing

Re: Questions on IPv6 deployment

Hi, > Suggest /128's for loopbacks and /124's for point to points, all from > the same /64. This way you don't burn space needlessly, don't open > yourself to neighbor discovery issues on point to points I usually reserve one /64 for loopbacks, reserve a /64 per point-to-point connection and

Re: Bonded VDSL2 / ADSL2+ Modems with 4 or more lines bonded

Hi, > Zyxel SBG3600-N may be another offering you might want to look into? I think those are limited to 2x VDSL + LTE. Cheers, Sander

Re: NANOG67 - Tipping point of community and sponsor bashing?

> So here we are now... Where do we want to go? I think IXPs have indeed become too much like ISPs, providing more services but also increasing complexity and cost. I prefer simple, scalable and cheap solutions! I want to go to an IXP being a nice simple ethernet switch. Add some nice graphs

Re: Netflix banning HE tunnels

Hi, > Op 8 jun. 2016, om 23:39 heeft John Lightfoot het > volgende geschreven: > > How about: > > Dear Netflix network engineer who’s on the NANOG list. Could you please get > Netflix to fall back to ipv4 Just for geolocation please, the streaming works fine over IPv6

Re: small automatic transfer switches

Hi, > There's also WTI, which we use: > http://www.wti.com/c-41-automatic-transfer-switch.aspx And for the small deployments their RSM series is great as well: automatic transfer switch, remote power switching and remote serial console all in one box. Those boxes are more expensive, but if you

Re: Another Big day for IPv6 - 10% native penetration

Hi Vint, > Op 11 jan. 2016, om 12:47 heeft Vint Cerf het volgende > geschreven: > > since google is a major implementor of IPv6, some people might claim this is > an attempt to artificially inflate scores for Google sites. Sigh. Sigh indeed. On the other hand: IPv6 is

Re: Another Big day for IPv6 - 10% native penetration

> Op 11 jan. 2016, om 15:05 heeft Vint Cerf het volgende > geschreven: > > sounds like the Federal Reserve testing the waters with hints of increasing > discount rate... :) signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Another Big day for IPv6 - 10% native penetration

Hi, > We just need Google to announce that IPv6 enabled sites will get a slight > bonus in search rankings. And just like that, there will suddenly be a > business reason to implement IPv6. I already discussed that with them a long time ago, but they weren't convinced. Maybe now is the time to

Re: Nat

Hi Nick, > Unfortunately, this turned into a religious war a long time ago and the > primary consideration with regard to dhcpv6 has not been what's best for > ipv6 or ipv6 users or ipv6 operators, but ensuring that dhcpv6 is > sufficiently crippled as a protocol that it cannot be deployed

Re: Nat

Hi Matthew, > I have multiple sets of clients on a particular subnet; the subnet > is somewhat geographically distributed; I have multiple routers > on the subnet. I currently am able to explicitly associate clients > with the most appropriate router for them in v4. > How can I do this using

Re: Nat

Hi Matthew, > The mix of having to do this crazy thing of gateway announcements > from one place, DNS from somewhere else, possibly auto-assigning > addresses from a router, but maybe getting them over DHCPv6. It's > just confusing and unnecessary and IMHO isn't helpful for > persuading people to

Re: Nat

Hi Jeff, > It's far past time to worry about architectural purity. We need people > deploying IPv6 *NOW*, and it needs to be the job of the IETF, at this > point, to fix the problems that are causing people not to deploy. I partially agree with you. If people have learned how IPv6 works,

Re: Binge On! - And So This is Net Neutrality?

Hi Owen, > To me, net neutrality isn’t as much about what you charge the customer for > the data, it’s about > whether you prioritize certain classes of traffic to the detriment of others > in terms of > service delivery. > > If T-Mobile were taking money from the video streaming services or

Re: IPv6 Irony.

> I bet most money is spent on hiring software developers to change/review all > BSS/NSS systems to adopt to IPv6 ;) You should hire a consultant who can then push the software developers to hire people to change/review [..etc..] ;-) Cheers, Sander

Re: Android and DHCPv6 again

Hi, > SLAAC by default provides the address and default gateway (RA) > If SLAAC managed flag is set, then DHCPv6 is used get the address and other > configs (DNS, etc..) > If SLAAC other flag is set, then SLAAC provides the address, and uses DHCPv6 > to get the other configs (DNS, etc..)

Re: /27 the new /24

Hi, > Op 4 okt. 2015, om 16:52 heeft Mel Beckman het volgende > geschreven: > > If it doesn't support IPSec, it's not really IPv6. Just as if it failed to > support any other mandatory IPv6 specification, such as RA. I think you're still looking at an old version of the

Re: cisco.com unavailable

> Is cisco.com unavailable or it is affected just for > Rostelecom? Works fine here in The Netherlands (ISP: Solcon). Cheers, Sander

Re: internet visualization

> one of my colleagues just posted this visualiation > of the internet from the as_path view of 2914. if you are on > a mobile, you have to physically move your device around. > > http://as2914.net/ > > If you love it, send Job your accolades. If you hate it, > see above

Re: Dual stack IPv6 for IPv4 depletion

Hi, I was hoping to find a solution that maybe utilized some kind of session sync or something of that matter [...] And the session sync is then the weakest link. I have seen a cluster of Nexus switches crash in sync when saving the configuration (which was synced). True redundancy is only

Re: Android (lack of) support for DHCPv6

Hi Lorenzo, It's certainly possible to make Android request N IPv6 addresses via DHCPv6, and not accept the offer if it is offered fewer than N addresses. But that only really makes sense if there's a generally-agreed upon minimum value of N. I'd be happy to work with people on an Internet

Re: Android (lack of) support for DHCPv6

It's not the *only* option. There are large networks - O(100k) IPv6 nodes - that do ND monitoring for accountability, and it does work for them. Many devices support this via syslog, even. As you can imagine, my Android device gets IPv6 at work, even though it doesn't support DHCPv6.

Re: gmail security is a joke

Op 29 mei 2015, om 08:42 heeft Joe Abley jab...@hopcount.ca het volgende geschreven: [...] and around this point, I start to think - I've had enough of this - this is too hard - I don't even remember what I am signing up for at this point - I am going to look for amusing cats on

Looking for Sky UK contact

Hi, If there is anybody from Sky UK here please contact me off-list. Cheers! Sander

Re: v6 deagg

Hi Bill, I don't fully understand the math yet but the algorithm doesn't smell right. As near as I can figure it may only be correct in a static system. If after convergence the disaggregate ceases to be reachable from the aggregate, there doesn't appear to be either enough information in

Re: v6 deagg

Hi Mans, I'm working at one of those organisations who have a /48 and am announcing it into DFZ. We have a situation where I might have another site with separate connectivity to the DFZ (but there is internal networking) which would entitle me to another /48 according to RIR rules. Correct.

Re: TeliaSonera IC Contacts

Hi, Does anyone have a contact for an account manager at TeliaSonera IC? We’ve sent at least 3 requests for a quote through their website over a month or so and haven’t got a single reply except for the automated “we’ve received your query” email. And you still want to buy from them?!?

Re: Transparent hijacking of SMTP submission...

Op 29 nov. 2014, om 19:37 heeft Randy Bush ra...@psg.com het volgende geschreven: i think of it as an intentional traffic hijack. i would be talking to a lawyer. randy, who plans to test next time he is behind comcast I am so glad that our Dutch net neutrality laws state that providers of

Re: TeliaSonera IC Contacts

Hi, It's more of a have to buy from them as opposed to a want to buy from them. I'd much prefer NTT, but they are nowhere near where we are unfortunately. You were talking about Amsterdam, right? There are plenty of transits you can buy from. Cheers, Sander

Re: Industry standard bandwidth guarantee?

Hi, and this industry would perhaps be better off if we called a link that can deliver at best 17 Megabits of Goodput reliably a 15 Megabit goodput +5 service instead of calling it a 20 Megabit service But you don't know what the user is going to do over the link. If the average packet

Re: IPv6 Default Allocation - What size allocation for Loopback Address

Hi, Op 11 okt. 2014, om 23:00 heeft Roland Dobbins rdobb...@arbor.net het volgende geschreven: On Oct 11, 2014, at 2:09 PM, Tim Raphael raphael.timo...@gmail.com wrote: From my research, various authorities have recommended that a single /64 be allocated to router loopbacks with /128s

Re: Here comes iOS 8...

Hi, Do you have a reference? Someone just told me it is more around 5GB. It seems to depend on the device. IIRC my iPhone 4S downloaded ±0.9GB and my iPad Mini ±1.3GB. That might be because the 4S is still a 32-bit device. Cheers, Sander

Re: The Next Big Thing: Named-Data Networking

Hi, How many Youtube subject tags will fit in *your* routers' TCAM? http://tech.slashdot.org/story/14/09/04/2156232/ucla-cisco-more-launch-consortium-to-replace-tcpip [ Can someone convince me this isn't the biggest troll in the history of the internet? Cause it sounds like

Re: Akamai charges for IPv6 support?

Hi Aaron, Is it normal to bill for IPv6 service as a separate product? I was surprised to hear from from my Akamai rep they they do: Hi Aaron, We can add the IPV6 service to the contract at an additional cost of $XXX/month. Please let me know if you would like to go ahead with the service

Re: fire ants

Hi Suresh, Op 13 aug. 2014, om 03:16 heeft Suresh Ramasubramanian ops.li...@gmail.com het volgende geschreven: Needs an Anthill Inside sticker like Hex at the Unseen University. I should have bought one at the Discworld Convention last weekend :) http://www.pjsmprints.com/stickers/index.html

Re: Requirements for IPv6 Firewalls

Hi Bill, Also, I note your draft is entitled Requirements for IPv6 Enterprise Firewalls. Frankly, no enterprise firewall will be taken seriously without address-overloaded NAT. I realize that's a controversial statement in the IPv6 world but until you get past it you're basically wasting

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

Hi Owen, I, for one, would not want to start having to pay RIPE-level fees. ARIN fees are a much better deal than RIPE fees. Only up to Small... The RIPE NCC membership fee is €1750 (±$2400 currently) for everybody. The ARIN fees are between $500 and $32000, with category Small at $2000

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

Hi Owen, Compare and contrast the costs of being a PI holding end-user in the RIPE region to those in the ARIN region and the difference becomes much more noticeable. Yeah, RIPE NCC is definitely much cheaper for PI: no initial registration fee of ≥$500. The maintenance cost is $100/year

Re: ARIN board accountability to network operators

Oops. /me was confused. €50 indeed! Met vriendelijke groet, Sander Steffann Op 28 mrt. 2014 om 15:20 heeft Nick Hilliard n...@foobar.org het volgende geschreven: On 28/03/2014 14:03, Sander Steffann wrote: Yeah, RIPE NCC is definitely much cheaper for PI: no initial registration fee

Re: ipv6 newbie question

Hi, Is it best practice to have the internet facing BGP router's peering ip (or for that matter any key gateway or security appliance) use a statically configured address or use EUI-64 auto config? I have seen comments on both sides and am leaning to EUI-64 (except for the VIP's like

Re: Will a single /27 get fully routed these days?

But more important: which /10 is set aside for this? It is not listed on https://www.arin.net/knowledge/ip_blocks.html I'm not sure it has been determined yet, let alone announced. According to https://www.arin.net/resources/request/ipv4_countdown.html phase one it should have been

Re: Will a single /27 get fully routed these days?

Hi, Op 27 jan. 2014 om 10:49 heeft Tore Anderson t...@fud.no het volgende geschreven: * Sander Steffann But more important: which /10 is set aside for this? It is not listed on https://www.arin.net/knowledge/ip_blocks.html Probably 23.128/10: arin||ipv4|23.128.0.0|4194304

Re: Will a single /27 get fully routed these days?

Hi Owen, Same question… Will people adjust their filters, (even if only for that prefix)? All over the world? I think 'will adjust their filters for XYZ' is highly optimistic, but let's hope it will work, otherwise the ISPs in the ARIN region will have a problem. (Or maybe not: existing

Re: Will a single /27 get fully routed these days?

Hi, On 26/01/2014, at 10:35 pm, Dave Bell m...@geordish.org wrote: But more important: which /10 is set aside for this? It is not listed on https://www.arin.net/knowledge/ip_blocks.html 100.64/10 http://tools.ietf.org/search/rfc6598 Correct me if I am wrong but this is the space

Re: Will a single /27 get fully routed these days?

Hi Randy, i suspect that, as multi-homing continues to grow and ipv4 space fragments to be used in core-facing nat[64]-like things, a decade from now we'll see the boundary move to the right. Maybe, if the equipment can handle the number of routes. I actually see two opposing things: the

Re: Will a single /27 get fully routed these days?

Hi, Yeah, its been a while since I had to get involved in this. We have a customer with their own IPv4 allocation that wants us to announce a /27 for them. Back in the day, it was /24 or larger or all bets were off. Is that still the case now? This is still the case today. I wonder what

Re: Will a single /27 get fully routed these days?

Hi, Op 25 jan. 2014, om 23:05 heeft Jeff Kell jeff-k...@utc.edu het volgende geschreven: (snip) I doubt that anything /24 will ever be eligible as a portable provider independent block. If within a provider, you can slice and dice as you wish. Sure, but the text I quoted is about ARIN

Re: Will a single /27 get fully routed these days?

Hi Jimmy, There aren't any /27 or /28 Allocations from ARIN to an ISP A /28 is longer than the ARIN Minimum allocation block size of /22, and longer than the minimum transfer size of a /24 block. Now: yes. Soon: no. Read https://www.arin.net/policy/nrpm.html#four10 Sander

Re: Will a single /27 get fully routed these days?

Hi Owen, Op 26 jan. 2014, om 05:36 heeft Owen DeLong o...@delong.com het volgende geschreven: On Jan 25, 2014, at 13:59 , Sander Steffann san...@steffann.nl wrote: Hi, […] But, when that happens ARIN will only have the 'Dedicated IPv4 block to facilitate IPv6 Deployment' [1] left

Re: turning on comcast v6

Hi, Op 11 dec. 2013, om 20:46 heeft Kinkaid, Kyle kkink...@usgs.gov het volgende geschreven: I'm curious, do you know of a consumer-grade router which supports DHCPv6-PD? I have tested a whole bunch of them more than a year ago. I can remember seeing IPv6 DHCPv6-PD client support on gear

Re: What routers do folks use these days?

Hi Mikael, Some go for the new Sup2T for the 6500, but I don't know how much more CPU it has compared to your SUP/RSP720, perhaps someone else knows? The Sup2T I worked on has: CPU: MPC8572_E, Version: 2.2, (0x80E80022) CORE: E500, Version: 3.0, (0x80210030) CPU:1500MHz, CCB:600MHz,

Re: Reverse DNS RFCs and Recommendations

Hi, Op 2 nov. 2013, om 12:16 heeft Masataka Ohta mo...@necom830.hpcl.titech.ac.jp het volgende geschreven: Mark Andrews wrote: A cable modem both accepts DHCP packets (for management of the modem) and passes DHCP packets through to the customer device. Even if the CPE does so, which

Re: Reverse DNS RFCs and Recommendations

Hi, Also remember that this thread is on secure rDNS by the ISP, which means you can't expect the ISP operate rDNS very securely even though the ISP operate rest of networking not very securely. You're linking things together that are completely orthogonal... Sander

Re: IPAM

Hi, I'm pretty sure that if 6connect doesn't have an existing tool to import Northstar that they'd work with your client to get it done. +1 on 6connect. Very helpful people there :-) Sander

Re: [c-nsp] VPLS PE Redundancy with Supervisor Engine 2T

Hi, We're trying to implement VPLS PE Redundancy with Supervisor Engine 2T (VSS) as described in http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-663645.html#wp9000139 and constantly failing. It seems so simple: set up a VSS, use LACP or PAgP port-channels

Re: IPV6 in enterprise best practices/white papaers

Hi, I have read many of those ipv6 documents and they are great but I still luck to find something like real word scenario. Keep an eye on Deploy360: http://www.internetsociety.org/deploy360/ipv6/ What I mean is that for example I want to start implementation of ipv6 in my enterprise

Re: CGN fixed/hashed nat question

Hi, There are several conflicting requirements, including: - requirement to run a business which makes money - constraints on IPv4 addresses which mandate NAT - law enforcement requirements, mandating either logging / port tracking - network telemetry law enforcement requirements aren't

Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

Hi, If I have calculated the netmasks right that would mean to set aside: 2001:0DB8:6440::/42 for the use of 6rd service: 2001:0DB8:6440:::/64 = 100.64.0.0 2001:0DB8:647F:::/64 = 100.127.255.255 You probably should add a few extra bits for subnetting behind the 6rd CPE.

Re: Notice: Fradulent RIPE ASNs

Hi, is likely to be following the reporting procedure for the provision of untruthful information to the RIPE NCC at http://www.ripe.net/contact/reporting-procedure, which is a well defined procedure. RIPE NCC will investigate any report submitted though this procedure; there is a flowchart

Re: Notice: Fradulent RIPE ASNs

Hi, I'm having more than a little deja vu here - Romanian LIRs have come up on this list (leave alone nanog, or various other RIPE lists) more than once in this context. In fact Yes, but like I said: talk on lists is not enough There is an apparent pattern of large scale misuse of

Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

Hi, Additionally, we will be actively monitoring usage after the 6 month period to determine when best to terminate the service on the old IP. Good to hear that. The old address, which is in the middle of UMD's network, is going to be black-holed once the change is over. Nothing will be on

Re: Why do some providers require IPv6 /64 PA space to have public whois?

Hi, Ok, so I'll give you that tunneling a really short bit, tunneling isn't too bad, but native is most of the time better. So sad that some companies mess up in such a way that their customers rather tunnel than use their native infra... :-( - Sander

Re: Big day for IPv6 - 1% native penetration

Hi, Again, where're the compelling IPv6-only content/apps/services? To answer your rhetorical question, http://www.kame.net/ has a dancing kame. To my knowledge, that's the most compelling IPv6-only content. Don't forget http://loopsofzen.co.uk/ - that's definitely the most compelling

Re: Big day for IPv6 - 1% native penetration

Hi, So, I assume 6in4 tunnels like HE.net are included in the native percentage? As the traffic is delivered as native traffic to Google I don't think Google can even see that there is a tunnel between them and the user. They might see a lower MTU, but to Google the traffic is native IPv6. -

Re: Long and unabbreviatable IPv6 addresses with random overloaded bits, vs. tunnelbroker

Hi, I've tried contacting them in an effort to receive any kind of a proper IPv6 address without the plaintext IPv4 embedment, but they've given me all sorts of crazy and (IMHO) far-sketched excuses; from not wanting to maintain a separate database of IPv6 addresses/subnets, and from lack of

Re: IPv6 Netowrk Device Numbering BP

Hi Owen, You really shouldn't need to parse these and it's perfectly valid to reject them as invalid input. This really is an output only format [...] I don't agree. I think it's actually the other way around. It's a valid representation of an IPv6 address so you be able to parse them. You

Re: IP tunnel MTU

Hi, Certainly fixing all the buggy host stacks, firewall and compliance devices to realize that ICMP isn't bad won't be hard. Wait till you get started on fixing the security consultants. Ack. I've yet to come across a *device* that doesn't deal properly with packet too big. Lots

Re: Issues encountered with assigning all ones IPv6 /64 address?

Hi, On a separate note, one of my customers discovered over the weekend that if they bring up an all ones IPv6 address in their /64 (2001:db8:1:1::::) then they can't exchange traffic with stuff hosted at hetzner.de such as archives.postgresql.org or 1-media-cdn.foolz.us.

  1   2   >