https://en.m.wikipedia.org/wiki/Ten_(Pearl_Jam_album)
Pearl Jam are from Seattle...
David Barak
Sent from mobile device, please excuse autocorrection artifacts
> On Jun 4, 2017, at 4:55 PM, Matthew Petach wrote:
>
> So, I've been staring at the NANOG70 tee shirt for
> a bi
ng "vendor X for one layer, vendor Y for adjacent
layer" as a multi-vendor strategy.
David Barak
Sent from mobile device, please excuse autocorrection artifacts
> On Nov 9, 2016, at 6:04 PM, Randy Bush wrote:
>
> vi users prefer ospf
> emacs users prefer is-is
>
So that leaves EIGRP for the nano users?
David Barak
Sent from mobile device, please excuse autocorrection artifacts
Simpler > complex *sometimes*. It turns out that sometimes the complexity is
worth it (eg https://youtu.be/-iiXsbrEv3U ). Perhaps "as simple as possible,
by no simpler" would be reasonable?
David Barak
Sent from mobile device, please excuse autocorrection artifacts
> On Aug
t gets run over it is nobody's business but the person
controlling the end points.
David Barak
Sent from mobile device, please excuse autocorrection artifacts
> On Jun 19, 2016, at 8:30 AM, Patrick W. Gilmore wrote:
>
> Actually, back in the T1/T3 days, colos frequently asked what
Effects of scale apply here in terms of
path dependence for solutions.
David Barak
Sent from mobile device, please excuse autocorrection artifacts
to allow your
> customers to connect to
> everyone.
I think you should s/everyone/everyone they care about/
That roughly explains why there is no particular consumer outcry (which isn't
about speed/bandwidth or mobile coverage, anyway).
David Barak
general point is worth considering - when v4 gear is regularly
being pulled out of commission by large carriers because "who needs it?" and
replaced with v6 only gear, we will have achieved true ubiquity. I think
you'll see v4 for quite a while. Heck, I still run across SNA, T
Hi Jan,
Please define "large scale". Is that by number of endpoints,
throughput, or some other metric? How big is big?
David Barak
when do you think IPv4 is going to go away to the point that it will no
longer be necessary to carry it? We may be using "long-term" to mean different
things, so I'm curious to see what you mean by that.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
I like intermapper for monitoring: it's been very stable, and exports traps and
notifications well. I also like netbrain for troubleshooting and mapmaking,
because its visualization is engineer and manager-friendly.
David Barak
Sent from a mobile device, please forgive autocorrection an
cation-layer encryption on top of that, the value proposition
for sniffing traffic from the network drops a whole lot.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
Don't be lulled into complacency by a private network: all it takes is one
thumb-drive or rogue AP and you have a back door. Private networks reduce but
do not eliminate attackable surface.
David Barak
Sent from a mobile device, please forgive autocorrection.
On Feb 20, 2013, at 2:
> Looking at http://mydeviceinfo.comcast.net you get a choice of wireless
> or IPv6 in Arris.
>
I Wish they would ask which you want before install: I already have better
wireless, and the Arris ones don't let you disable theirs :/
Thank you for the pointer - perhaps a swap is in
who answer the phone in support could direct me to someone who has
heard of this technology. So no, as I said before, Comcast has *not* removed
the v6 barrier here. I'd like it to "just work", please.
David Barak
Sent from a mobile device, please forgive autocorrection.
I've spoken to on the
phone can tell me when or if it will be coming.
I look forward to Comcast giving me native v6 at home.
David Barak
big hassle for
> the
> legitimate users but not really much of a barrier for a
> real
> attacker. A poor trade-off.
+1000
I routinely fail CAPTCHAs, and am certainly less accurate than a decent machine
at the OCR required. Those of us whose eyes don't correct to 20/20 would
On Sep 4, 2012, at 11:45 PM, Suresh Ramasubramanian wrote:
>
> So - now with ipv6 you're going to see "hi, my toto highly
> computerized toilet is trying to make outbound port 25 connections to
> gmail"
>
> http://www.telecoms.com/48734/vodafone-and-ibm-team-up-on-connected-home-appliances/
>
Charms" style of icon generation?
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
(please excuse the top post)
If you want a great analysis of how this happened before, check out
Clanchy's book _From memory to written record_ about the implications of
the spread of literacy as a technology in England in the 1300s.
David Barak
some re-write ORIGIN. Neither of those is "network abuse" - it's
more accurately described as "network routing policy." As has been stated here
before: your network, your rules.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
;s
decision without affecting either B or D, and you ensure that C still learns
both routes to you. It's a more subtle nudge than as-path.
In general, I prefer routinely using attributes that are further down the
algorithm so at the big guns can be saved for when they're needed or for
ector, that can post-pend an ASN and limit the spread of a route
while still allowing the same transitive properties.
David Barak
Sent from a mobile device, please forgive autocorrection.
Netbrain OE does this.
David Barak
Sent from a mobile device, please forgive autocorrection.
On May 1, 2012, at 12:47 PM, Andrey Khomyakov
wrote:
> cacti by use of weather maps?
> Alternatively, Intermapper is pretty good, but commercial. It's more of an
> NMS than a diagr
ble (other than
that you don't want that switch in-line with anything else).
David Barak
nstrating why NAT isn't needed in X or Y use case, and
providing configuration snippets / assistance for non-NAT-based solutions to
those various groups.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
ituations.
David Barak
Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com
It can be used to prevent NAT on an intermediate path, which can be useful
under certain circumstances. I have seen it in the wild, both in Internet and
private networking contexts.
David Barak
ion network. That's probably the one time when you really *can*
overestimate the bandwidth of a station wagon full of hard drives...
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
From: Jeff Wheeler
>Juniper does not support writing via SNMP. I am glad. Hopefully that
>is the first step toward not supporting SNMP at all.
If I recall correctly, wasn't the old FORE CLI implemented via localhost SNMP?
I liked using them, but that's a special case...
Should the HAC be expected to manage the transition to HumorV6?
David
t failure modes than
my
cable service. Whether that's something one wants to purchase is a different
question.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
es of the NAT isn't any worse than having 10/8 on both sides of the
NAT. If it turns out that they start running across the hosts in 2/8 as
customers, those can get NATted into some third block, with probably a lot less
effort and confusion than trying to sort out the chunks of overlapping 10/8s.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
n compared to DHCPv4, and there are not in
fact any good alternatives. The insistence on RA, along with a handwaving
dismissal of all of those folks who have a high reliance on DHCP has done a
tremendous disservice to the uptake of IPv6.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
From: Owen DeLong
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
>If you're determined to destroy IPv6 by bringing the problems of NAT forward
>with you, then, I'm fine with you remaining in your &
t benefit is not huge (and not relevant to the typical home user, who is not
configuring a super-duper scanning proxy server), but it does exist, and it
certainly fuels some of the pro-NAT feeling I've encountered among customers.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
ood swiss-army-knife software router
which supports limited hardware acceleration of specific functions. Is there
anyone who considers the 7206 a "hardware" router?
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
traint (read: necessity), and it
isn't the latter. The end-to-end principle is grand, I agree - but there are
lots of commercial considerations which I find have a higher priority for my
customers.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
cs
> I think IPv6 has not just learnt from the history of IPv4,
> it has also learnt from the history of other protocols.
Sadly, though, it also picked up some of the mistaken optimizations from the
other protocols. The mess that has been made of RA+SLAAC+DHCPv6+DNS is
something which can
enforcement with things like
"long-term undercover investigation" in mind, but your point is well taken. I
think we agree that some things benefit from increased transparency and other
things don't.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
Total transparency in security matters works about as well as it would for law
enforcement: fine for tactical concerns, but not so great for long-term
strategic concerns.
-David Barak
On Fri Mar 19th, 2010 9:44 AM EDT William Pitcock wrote:
>On Fri, 2010-03-19 at 08:31 -0500, John Krist
me, it was a pretty key router in the
> network and sat at the rommon> prompt :)
>I had that down to static somewhere, as it's the only explanation I could find.
Certain serial speed mismatches get interpreted as BREAK - I routinely
use "space bar at 1200" to password crack
ured on a router, not
>just point to point links? Time for glean rate limiting.
This is, of course, one of the reasons why some of us didn't like the
ultra-mega-mega ranges used to address handfuls of hosts, but that ship sailed
long ago.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
ke them less flexible or have
surprising consequences (hence this thread).
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
s available.
This doesn't mean that the provider shouldn't be moving toward a large-scale
fiber rollout - far from it! I just wanted to provide a reason why they might
not want to do said rollout in a piecemeal fashion.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
e far easier ways to provide secure connections. I
believe GDOI is esp-only.
Cisco's term for GDOI is GETVPN.
-David Barak
On Wed Dec 23rd, 2009 7:26 AM EST Peter Hicks wrote:
>Glen Kent wrote:
>> Any idea if folks use AH or ESP to protect IGMP/PIM packets? Wondering
>> that if t
+1.
I know of a network whose owners are far more worried about a replay attack
than about data being revealed to the outside world.
They need to verify the provenance of data (i. e. Make sure that it hasn't
bee Natted), and AH is a simple way to do these precise things.
-David Barak
n cases, and it's already
in all of the production IPSec implementations. Why the hate?
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
me centralized configuration management should
not be considered a feature.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
27;
devices) is not an attractive feature.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
to be with us for quite a while,
so they're worth getting used to.
-David Barak
David Andersen wrote:
> On Oct 5, 2009, at 7:50 PM, Michael Thomas wrote:
>> I'm perplexed. At what size address would people stop worrying about
>> the "finite" address space? 25
FIOS to all of the
neighborhoods of Washington DC
(http://www.bizjournals.com/washington/stories/2008/11/24/daily8.html). I am
envious of many of my suburban-dwelling coworkers and friends who already have
it.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
> > Do you think this is useful? Maybe vendors will
> hear me/us.
> >
> > --
> > Andre
We also need functional remote loop testing, of the "remote hands guy plugs in
a loopback plug" or "I send remote-triggered loop" type.
David
--- On Tue, 6/2/09, Charles Wyble wrote:
> David Barak wrote:
> > Encryption is insufficient - if you let someone have
> physical access for a long enough period, they'll eventually
> crack anything.
>
> Really? I don't think so. I imagine it would be much mo
y
close (< 5km) to major offices of lots of folks who would care deeply about
such matters.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
--- On Tue, 6/2/09, Charles Wyble wrote:
> From: Charles Wyble
> Subject: Re: Fiber cut - response
PREVENT a failure, it would
just give you some warning that a failure may be coming, probably by a matter
of minutes.
In the words of Randy Bush, "I encourage my competitors to do this."
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
1) http://w
consume a lot more resources
than the input rate of the port.
-David Barak
Tom Storey wrote:
>> Not every bit in results in just one bit out. Broadcast, multicast,
>> flooding for unknown MACs (or switching failures), ...
> They were talking about a simple scenario where a bit
If the IPv6 solutions are not going to be 'better' than v4, how about
simply making sure that they are 'as good as' ipv4?
Right now, I'd be hard pressed to think of a v6 function which is
'better' and I can think of a lot which are 'not as good as.'
identification (0 and 127, of course...) - it's too bad that we can't use
either those or class E space while folks {delay | prepare for} ipv6 adoption...
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
addresses which are not uniquely assigned to
you is that there will be an overlap somewhere. Whether the risk is greater
inside or outside of RFC 1918, I leave for others to puzzle out (although it
should be noted that organizational M&A activity makes hash of the best-laid IP
add
eriously argue the ASN owner is somehow
> wrong and keep a straight face? How can anyone else who
> actually runs a network not see that as ridiculous?
Are any providers going to implement ^ASN filtering as a result of this
experiment? This could turn out to be a very inexpensive lesson, which is far
preferable to more expensive lessons...
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
theoretical "because it's ugly" complaint, or is there a reason
why manipulating this particular BGP attribute in this particular way is so
bad? Organizations do filtering and routing manipulation all over the place.
Is there something worse about doing it this way than others?
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
ctim, not the ASN which gets prepended into the
path...
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
Collaborate & Listen
http://xkcd.com/210/
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
--- On Mon, 1/12/09, Nathan Malynn wrote:
> From: Nathan Malynn
> Subject: Re:
> To: "Aaron Imbrock"
> Cc: NANOG@nanog.org
> Date: M
--- On Tue, 1/6/09, Justin Shore wrote:
> David Barak wrote:
> > Consider for a moment a large retail chain, with
> several hundred or a couple thousand locations. How big a
> lab should they have before deciding to roll out a new
> network something-or-other? Should their
-- On Mon, 1/5/09, Roland Dobbins wrote:
> From: Roland Dobbins
> Subject: Re: Ethical DDoS drone network
> To: "NANOG list"
> Date: Monday, January 5, 2009, 6:39 PM
> On Jan 6, 2009, at 7:23 AM, David Barak wrote:
>
> > In my opinion, the real thing yo
urn it off once you experience the failure* and then go figure out
why it broke when it did. This is a lot more pleasant than trying to figure it
out at 2:30 in the morning with insufficient coffee.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
--- On M
al RRd server, and
peering with the public IRRs.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
ths ago; I love facility porn.
>...facility porn...
But is the facility porn available over IPv6?
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
lk
about IPv6-only, what I mean is "no other layer-3
protocols running: no IPv4, no Appletalk, no IPX,
etc."
I get that there is rough consensus. I'm waiting for
the running code.
-David Barak
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
70 matches
Mail list logo