is latter version, however, is not straightforward. Bugs that escape
QC are quite a bit more likely.
Will Juniper stop with the simplest version of FIB compression where
not much can go wrong? Not if it works and customers like it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Fri, Sep 29, 2023 at 3:26 PM Owen DeLong wrote:
> > On Sep 29, 2023, at 15:14, William Herrin wrote:
> > I'm less assuming it and more reading it from this SIGCOMM paper:
> > https://people.csail.mit.edu/ghobadi/papers/trio_sigcomm_2022.pdf
>
> Fair enough, bu
se CPU. Architecturally I mean. Obviously it's
optimized for a different task than a GPU.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
OMM paper:
https://people.csail.mit.edu/ghobadi/papers/trio_sigcomm_2022.pdf
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
but it's still there.
Compare to a TCAM which uses a tristate ram rather than the normal
two-state sram.
Yes?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
manage 1M to 2M routes in
the hardware-accelerated FIB regardless of the amount of DRAM on the
machine.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Thu, Sep 28, 2023 at 10:29 PM Saku Ytti wrote:
> On Fri, 29 Sept 2023 at 08:24, William Herrin wrote:
> > Maybe. That's where my comment about CPU cache starvation comes into
> > play. I haven't delved into the Juniper line cards recently so I could
> > easily be wro
gnitude.
No free lunch I'm afraid. The exact characteristics differ, but both
approaches grow rapidly in expense with the size of the forwarding
information base (FIB).
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Thu, Sep 28, 2023 at 9:50 PM VOLKAN SALİH wrote:
> multi-homed networks could also do default routing just packet-mark incoming
> interface and then route packets out via same interface..
Take that to its logical conclusion and you'll invent MPLS.
Regards,
Bill Herrin
--
William He
then. Others use an expensive kind of memory
called a TCAM that's very fast but both expensive and power hungry, so
generally not sized for huge numbers of tiny routes.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
oded length 8 (=Option(s) length 4)
Magic-Num 0xd9ab6924
20:16:33.313248 dc:38:e1:cd:4f:7a > 44:1e:a1:44:70:3f, ethertype PPPoE
S (0x8864), length 56: PPPoE [ses 0x4e6] LCP (0xc021), length 10:
LCP, Echo-Reply (0x0a), id 77, length 10
encoded length 8 (=Option(s) length 4)
Magic-Num 0x24a0da14
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
et delay. You start
to have problems with people talking over each other because when they
start they can't yet hear the other person talking. "Sorry, go ahead.
No, you go ahead."
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
r in mind that jitter impacts gaming
as well, and not necessarily in the same way it impacts voip and video
conferencing. Voip can have the luxury of dynamically growing the
jitter buffer. Gaming... often does not.
Just mentioning it so you don't get blind-sided.
Regards,
Bill Herrin
--
William
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Wed, Sep 6, 2023 at 12:23 AM Mark Tinka wrote:
> I recognize what happens in the real world, not in the lab or text books.
What's the difference between theory and practice? In theory, there is
no difference.
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Mon, Sep 4, 2023 at 7:07 AM Masataka Ohta
wrote:
> William Herrin wrote:
> > So, I've actually studied this in real-world conditions and TCP
> > behaves exactly as I described in my previous email for exactly the
> > reasons I explained.
>
> Yes of course, whic
On Mon, Sep 4, 2023 at 12:13 AM Masataka Ohta
wrote:
> William Herrin wrote:
> > That sounds like normal TCP behavior over a long fat pipe.
>
> No, not at all. First, though you explain slow start,
> it has nothing to do with long fat pipe. Long fat
> pipe problem is addres
rds,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
m extreme, but there's a good reason for it.
Regards,
Bill Herrin
p.s. you don't need to copy the Facebook tracking token (that ?fbclid=
bit) when you share URLs.
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
e road that is more or less paved.
Though I am curious about the Paniolo cable landing in Lahaina. Did it
survive? HICS and HIFN land in Kihei instead, right?
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
nternet. You're going to get
time from GPS or the cellular phone network. GPS devices like the one
Mel pointed out are probably cheaper and more accurate.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ent to
Internet NTP, not a replacement.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
der to serve as your
network stratum 2 sources that keep the rest of your machines in sync
with each other.
That last point is key. You don't want your servers in sync with
random Internet time sources. You want them in sync with each other.
Regards,
Bill Herrin
--
William Herrin
b...@herrin
show the routes you consider bogus and the other trimmed to
show the routes you consider legitimate, it would likely answer Ben's
questions. Routeviews has FRR instances you can log in to and fetch
the text output of "show ip bgp" which are outside your network.
Regards,
Bill Her
that "waiver" is the wrong word. It's not a
waiver, it's a discount.
You go calling things waivers that aren't, someone's gonna miss the
asterisk and get rudely surprised.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
o make a difference. Otherwise
it's purposeless paperwork.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
nything to ARIN. And let's face
it, it doesn't get much more edge case than updating a dormant
pre-ARIN (legacy) address block.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
u have your
ducks in a row because whatever you say, you can't take it back.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
he LLC as an org. Once registered, request an AS number.
Show control of the IP block and the two ISP contracts as your
evidence of multihoming. Pay the fee and that should be all there is
to it.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
are located elsewhere.
The addresses are registered at ARIN. Until ARIN recognizes your
friend as the registrant organization, they will remain so. At which
point there's not a lot of benefit to moving them.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
ural and industrial zones don't generally have
noise ordinances. When they do, the ordinances tend to be written as
decibels rather than perceptual disturbance.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
genset tests. Doesn't matter
so much in the middle of an industrial zone but when you do it near
where people live you're going to make them angry.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Thu, Jun 15, 2023 at 7:52 PM Wes Hardaker wrote:
> William Herrin writes:
> > At some point, somebody's going to want to do something with the old
> > /24.
>
> You are correct that we did not state we will or will not be returning
> the address block we have back
vice. The extra
configuration and extra route announcement just don't have a high
enough cost not to.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sun, Jun 4, 2023 at 4:57 PM Mark Andrews wrote:
> > On 5 Jun 2023, at 06:19, William Herrin wrote:
> > At an absolute minimum there's an impact to confidentiality since it
> > causes
> I don’t see a big risk here.
Hi Mark,
I agree. CVEs are nevertheless issued for se
On Sat, Jun 3, 2023 at 8:46 PM Matt Corallo wrote:
> On 6/3/23 4:17 PM, William Herrin wrote:
> > It *is* a security update. After some period of time, the folks running
> > b.root-servers.net should file a CVE against implementations still
> > using the deprecated IP address
On Sat, Jun 3, 2023 at 4:09 PM Michael Thomas wrote:
> How can the RIAA even know? I mean, are they putting up honey pots or
> something?
IIRC, they went after folks sharing the files via bit torrent rather
than folks who only downloaded them.
--
William Herrin
b...@herrin.us
ed. After some period of time, the folks running
b.root-servers.net should file a CVE against implementations still
using the deprecated IP address. The CVE makes it a security issue
compelling vendors of any still-supported software to issue an update.
Regards,
Bill Herrin
--
William Herrin
b...@
ox's behavior was sufficient to waive the
DMCA's liability shield for Internet providers and off they went to
trial.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Sat, Jun 3, 2023 at 2:03 PM Michael Thomas wrote:
> Am I missing something?
That it's old news from 2019? Cox and RIAA are in the appeals process
from the 2019 verdict.
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
."
Anybody still sending queries after that gets what they get and
deserves it -- as long as the time that passes until the final year is
long enough that only the most reckless and incompetent users are
still sending queries.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
last of those 9 years so that
anybody who is truly that far behind on their software updates gets
enough of a spanking to stop sending you packets. You'll have problems
repurposing the address and its subnet until folks stop sending you
DNS query packets, even if you don't respond to them.
Re
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
On Tue, May 16, 2023 at 1:38 PM Christopher Morrow
wrote:
> On Tue, May 16, 2023 at 2:35 PM William Herrin wrote:
> > Ping is used by some versions of traceroute which can help the
>
> I think you mean 'icmp' here. yes. I contend that traceroute (udp or
> icmp or tcp)
> TOWA
't at the server itself.
When working, it also lets the diagnostician know that the site's
firewall administrator didn't ignorantly decide to block all ICMP.
Which so very many ignorant firewall administrators do.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
t the worst idea.
Restricting all ICMPv6 is disastrous. Similar to IPv4, machines
running IPv6 require ICMPv6 packet-too-big messages to successfully
implement path MTU discovery. Without them, many protocols do not work
reliably. This includes TCP.
Regards,
Bill Herrin
--
William Herrin
b...
> Adjusting a single tunable is 'onerous'?
No, but it's brittle. A workaround, not a solution. Likely to break
during future maintenance. "Unpredictable" as Mark put it.
Nothing a routing daemon does should involve the kernel BPF. The next
sysadmin won't be expecting it.
Regards,
RR versus Quagga is that for reasons I
don't follow, the BGP table takes twice as much ram. That's why
there's still some Quagga in my environment.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
tified. That latter bit has happened more than
once.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
://www.arin.net/reference/tools/fraud_report/
https://account.arin.net/public/fraud
It won't quickly fix your practical problem but it might give you some
moral satisfaction.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
g CAIDA for access to Telescope -- that's where
they collect packets on unused IP addresses.
Regards,
Bill Herrin
--
William Herrin
b...@herrin.us
https://bill.herrin.us/
to warm
temperatures and light if any rain.
Regards,
Bill Herrin
On Tue, Mar 28, 2023 at 12:13 PM William Herrin wrote:
>
> Also, beware that downtown Seattle parking spaces are super-tight. If
> you rent a car, get a compact. Really.
>
> Regards,
> Bill Herrin
>
> On Tue,
Also, beware that downtown Seattle parking spaces are super-tight. If
you rent a car, get a compact. Really.
Regards,
Bill Herrin
On Tue, Mar 28, 2023 at 12:10 PM William Herrin wrote:
>
> Some entertainment tips for those of you who plan to attend NANOG 88 in
> Seattle:
>
> 1.
Some entertainment tips for those of you who plan to attend NANOG 88 in Seattle:
1. The Connections Museum is a must-see for telecom enthusiasts (which
I assume you are since you're attending a NANOG meeting). Six
different phone switches (some electromechanical) and a boatload of
other stuff
On Sat, Mar 25, 2023 at 1:54 AM ic wrote:
> Do you all have any idea what I should check / try next?
A good tool for diagnosing BGP problems is:
https://www.routeviews.org/routeviews/
While the problem is occurring, pick some of the collector hosts from
On Mon, Mar 20, 2023 at 7:56 AM Brandon Zhi wrote:
> Well, those prefixes are not for their VPS hosting service
> (which cause a lot of complaint). Just like there are many IP
> addresses under the telecommunication company, the entire
> ASN cannot be "blocked" just because there is a complaint
>
On Sun, Mar 19, 2023 at 2:11 PM J. Hellenthal via NANOG wrote:
> Is there anything beyond this that really adds any real substantial value ?
I would add that mesh networks behave differently than networks where
there's a well defined base station (like a wifi access point). Mesh
networks tend to
On Sat, Mar 18, 2023 at 10:35 PM Brandon Zhi wrote:
> We even haven't started to use, we just announced that... They marked it's a
> criminal network
They do that once they decide you've been broadly inattentive to abuse
reports. It stops folks from shuffling IP addresses to evade
filtering.
On Thu, Mar 9, 2023 at 5:12 PM William Herrin wrote:
> It's trivial to turn a $5 VPS into a disposable VPN head-end that can
> spray TCP SYN packets at a modest rate, and once the packet is on the
> backbone somewhere in the world not only can't you do anything about
> it, it's just
On Thu, Mar 9, 2023 at 4:05 PM Grant Taylor via NANOG wrote:
> On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote:
> > Not this exact scenario, but what we see a lot of in my VPS company is
> > people sending spam by using our VPS' source addresses, but routing
> > outbound via some kind of
On Thu, Mar 9, 2023 at 12:27 PM Aaron1 wrote:
> Sounds like something uRPF would prevent
>
> Does anyone do uRPF ? lol
I would hope folks are implementing uRPF on commodity broadband
connections. That's one place it works great.
Regards,
Bill Herrin
--
For hire.
On Wed, Mar 8, 2023 at 4:35 AM Lukas Tribus wrote:
> Perhaps I should have started this topic with a very specific example:
>
> - ISP A has a residential customer "Bob" in RFC6598 space
> - ISP A CGNATs Bob if the destination is beyond it's own IP space
> - ISP A doesn't CGNAT if the destination
On Tue, Mar 7, 2023 at 3:34 PM Lukas Tribus wrote:
> > A bogon prefix is a route that should never appear in the Internet
> > routing table. A packet routed over the public Internet (not including
> > over VPNs or other tunnels) *should never have an address in a
> > bogon range.* These are
On Tue, Mar 7, 2023 at 2:09 PM Lukas Tribus wrote:
> At the same time folks like team-cymru are picking up this prefix for
> their bogon lists with the following description [2]:
>
> > A packet routed over the public Internet (not including
> > over VPNs or other tunnels) should never have an
On Wed, Feb 8, 2023 at 2:36 PM Eric Kuhnke wrote:
> I would hope that this router's admin "password" interface is only accessible
> from the LAN side.
> This is bad, yes, but not utterly catastrophic.
It means that any compromised device on the LAN can access the router
with whatever
On Mon, Feb 6, 2023 at 7:40 PM Fernando Gont wrote:
> On 7/2/23 00:05, William Herrin wrote:
> > On the one hand, sophisticated attackers already scatter attacks
> > between source addresses to evade protection software.
>
> Whereas in the IPv6 case , you normally have a
On Mon, Feb 6, 2023 at 6:43 PM Fernando Gont wrote:
> On 6/2/23 20:39, Owen DeLong wrote:
> > After all, they’re only collecting addresses to ban at the rate they’re
> > actually being used to send packets.
>
> Yeah, but the whole point of banning is that the banned address is
> actually used by
On Mon, Feb 6, 2023 at 5:53 PM Gary E. Miller wrote:
> On Mon, 6 Feb 2023 15:53:02 -0800
> William Herrin wrote:
> > Has anybody else noticed that when Google Recaptcha falls over to
> > presenting images, their data is of such poor quality that they've
> > misclass
Has anybody else noticed that when Google Recaptcha falls over to
presenting images, their data is of such poor quality that they've
misclassified at least one image in upwards of half the presentations,
rendering them unsolvable?
If y'all aren't going to maintain the service to a production
On Sun, Feb 5, 2023 at 1:14 PM James Jun wrote:
> it is important to contact the property owner and the owner of the wayleave
> (i.e. carrier owning the conduit system on private property) for
> permission/license to enter, and never assume that just because
> a conduit is in private property and
On Sun, Feb 5, 2023 at 10:13 AM James Jun wrote:
> On Sun, Feb 05, 2023 at 11:21:09AM -0600, Mike Hammett wrote:
> > How have you seen empty conduits sold? Entire route only, or is a partial
> > route okay? Twenty years only or less? Price compared to cost of
> > construction? Ongoing
On Sat, Feb 4, 2023 at 10:56 PM Roy wrote:
> > On 2/5/23 07:02, Roy wrote:
> >> My all electric house is in a rural area. The generator that came
> >> with the place is a 20KW Onan, The bad news is in can't handle the
> >> house. I think it is the Aux Heat on the heat pump that is the
> >>
On Fri, Feb 3, 2023 at 10:01 PM Mark Tinka wrote:
> What I mean by "pre-wired" is that, perhaps, the generator is pre-setup
> and wired into the house, but is not in standby mode to manage costs,
> and perhaps, to be reliable since ATS's are often dodgy.
>
> Maybe a manual start is required.
On Fri, Feb 3, 2023 at 9:36 PM Mark Tinka wrote:
> On 2/4/23 07:29, William Herrin wrote:
> > If it's just a little gasoline generator, 30 minutes is about right.
> > It takes 10 minutes to decide the power isn't coming back soon and
> > another 10 to drag the generator out
On Fri, Feb 3, 2023 at 9:05 PM Mark Tinka wrote:
> On 2/3/23 21:11, Sabri Berisha wrote:
> > Living in an area served by PG, I've had my share of power cuts. At home
> > I have a 600va UPS that protects my cable modem, RPI router, and POE switch
> > which serves 2 APs. That lasts about 30
On Sat, Jan 28, 2023 at 11:06 PM Masataka Ohta
wrote:
> William Herrin wrote:
> > Moreover, the DNS does guarantee
> > its information to be correct until the TTL expires, making it
> > unsuitable for communicating address information which may change
> > sooner.
&
On Sat, Jan 28, 2023 at 5:48 PM Masataka Ohta
wrote:
> The following way in my ID:
>
> The easiest way for applications know all the addresses of the
> destination is to use DNS. With DNS reverse, followed by forward,
> lookup, applications can get a list of all the addresses of the
>
On Sat, Jan 28, 2023 at 11:24 AM William Herrin wrote:
> QUIC is better, but it still leaves finding the server's new IP
> address as an exercise for a process outside of the protocol.
Gah, brain spat out the wrong info. Bad brain.
QUIC doesn't allow the server to change its IP address
On Sat, Jan 28, 2023 at 10:15 AM Donald Eastlake wrote:
> Use Multipath TCP
> https://datatracker.ietf.org/group/mptcp/documents/
Doesn't work well. Has security problems (mismatch between reported IP
addresses used and actual addresses in use) and it can't reacquire the
opposing endpoint if an
On Fri, Jan 27, 2023 at 9:49 PM Masataka Ohta
wrote:
> That multihomed sites are relying on the entire Internet
> for computation of the best ways to reach them is not
> healthy way of multihoming.
This was studied in the IRTF RRG about a decade ago. There aren't any
other workable ways of
On Tue, Jan 24, 2023 at 11:04 AM Jon Lewis wrote:
> The "other problem" is, every day more gear receiving full routes gets
> closer to (or farther past) the point where the resources to hold either
> the FIB or RIB just aren't there. For those using these devices, lowering
> the bar and bringing
On Tue, Jan 24, 2023 at 10:19 AM Justin Wilson (Lists) wrote:
> Have there been talks about the best practices to accept things smaller than
> a /24?
Hi Justin,
The short version is: it could happen but it won't. There's no
technical obstacle. It's purely administrative. Tens of thousands of
On Sun, Jan 22, 2023 at 8:54 PM Tom Beecher wrote:
> Yes re: Iridium. Contrary to what the Chief Huckster may say, inter-sat comms
> are not some revolutionary thing that he invented.
1990s Iridium was a modified version of GSM/ATM with the packetization
and routing that implies. I don't know
On Thu, Jan 19, 2023 at 8:09 PM Dan Walters via NANOG wrote:
> Know this is a longshot, any chance anyone from the txt.att.net domain might
> be able to help us with what we believe is a blacklist block or possibly an
> outage?
> We deal with 911 cad dispatching and is affecting first
On Wed, Jan 11, 2023 at 11:16 PM Vasilenko Eduard via NANOG
wrote:
> The comment looks outdated: Who cares now about ATM?
You may have missed the sarcasm. The 1995 Addison Wesley IPng book
spends pages and pages talking about potential IPv6 use in the Navy
and interoperability with ATM before it
On Wed, Dec 21, 2022 at 11:03 PM Saku Ytti wrote:
> On Thu, 22 Dec 2022 at 08:41, William Herrin wrote:
> > Suppose you have a loose network cable between your Linux server and a
> > switch. Layer 1. That RJ45 just isn't quite solid. It's mostly working
> > but not quite rig
On Wed, Dec 21, 2022 at 10:07 PM Saku Ytti wrote:
> I don't really think
> ARP/ND is good candidate like Herring suggested, because it's
> cyclical, instead of exactly single event, but not impossible.
Suppose you have a loose network cable between your Linux server and a
switch. Layer 1. That
On Wed, Dec 21, 2022 at 1:20 PM Dave Taht wrote:
> On Wed, Dec 21, 2022 at 11:58 AM William Herrin wrote:
> > On Wed, Dec 21, 2022 at 9:10 AM Jason Iannone
> > wrote:
> > > Here's a question I haven't bothered to ask until now. Can someone please
> > > help m
On Wed, Dec 21, 2022 at 9:10 AM Jason Iannone wrote:
> Here's a question I haven't bothered to ask until now. Can someone please
> help me understand why I receive a ping reply after almost 5 seconds?
>
> 64 bytes from 4.2.2.2: icmp_seq=398 ttl=54 time=4915.096 ms
> 64 bytes from 4.2.2.2:
On Fri, Dec 16, 2022 at 9:05 AM ic wrote:
> In my experience, threading is done by clients looking for the In-Reply-To:
> header, not subject. Subject is a heuristic fallback, in case In-Reply-To is
> absent.
Correct, they use the In-Reply-To and References headers to thread the
emails.
On Fri, Dec 16, 2022 at 7:05 AM Abraham Y. Chen wrote:
> As you
> can see, my practice of continuously prefixing timestamps to the
> "Subject" line of messages in a thread seems to conform to ThunderBird's
> mechanism!
Ave,
Most email clients assume that a change to the subject line (other
than
On Sun, Nov 27, 2022 at 9:52 PM Pirawat WATANAPONGSE via NANOG
wrote:
> On one of our prefixes, we are detecting continuous “BGP AS-Path Changes” in
> the order of 1,000 announcements per hour---practically one every 3-4 seconds.
> Those paths oscillate between two of our immediate upstreams.
On Thu, Nov 10, 2022 at 10:08 AM Grant Taylor via NANOG wrote:
> I wonder if Feasible Path uRPF or Enhanced Feasible Path uRPF might help
> the situation. However I suspect they both suffer from the FIB != RIB
> problem and associated signaling.
Hi Grant,
That's a fairly good way to think
On Tue, Nov 8, 2022 at 9:08 PM Grant Taylor via NANOG
wrote:
> This thread has made me wonder if there isn't a need for a 3rd type of
> uRPF or comparable filtering wherein the incoming interface is a viable
> route in the RIB even if it's not the best route in the FIB.
Hi Grant,
Two problems
On Tue, Nov 8, 2022 at 5:28 AM Douglas Fischer wrote:
> Another important point to note is that you MUST NOT drop everything else
> that doesn't match this Prefix-List.
> But put a bandwidth and PPS control on what doesn't match the prefix-list,
> and block what exceeds.
> Among other reasons,
On Tue, Nov 8, 2022 at 12:29 PM Mike Hammett wrote:
>> "Reverse path filtering literally says don't accept a packet from
>> somewhere that isn't currently the next hop for that packet's source
>> address."
>
> FIB or RIB?
>
> I knew of uRPF as available over an interface, per the routing table,
On Tue, Nov 8, 2022 at 8:40 AM Grant Taylor via NANOG wrote:
> Maybe it's the lack of caffeine, but would someone please remind /
> enlighten me as to why uRPF is a bad idea on downstream interfaces?
Hi Grant,
Two words: asymmetric routing.
If the downstream network is architected in such a
On Mon, Nov 7, 2022 at 12:30 PM Tony Wicks wrote:
> use prefix lists to prevent your customer networks being received
> anywhere but directly from your customers to prevent them using
> your capacity without paying for it however.
Hi Tony,
Do not do this either as it will render your entire
On Mon, Nov 7, 2022 at 8:47 AM Charles Rumford via NANOG
wrote:
> I'm are currently working on getting BCP38 filtering in place for our BGP
> customers. My current plan is to use the Juniper uRPF feature to filter out
> spoofed traffic based on the routing table. The mentality would be: "If you
>
On Thu, Oct 20, 2022 at 5:13 AM Pirawat WATANAPONGSE via NANOG
wrote:
> I have considered the prepending myself, but dare not implement it yet
> for the fear that BGP (Human) Community will burn me alive, witch-hunt style,
> because of the following reasons:
> 1. I can see from looking glass(es)
101 - 200 of 1903 matches
Mail list logo