Re: IPv6 and CDN's

Marco Davids via NANOG writes: > It turns out that there underlying CDN's with domain names such as > ‘l-msedge.net’ and ‘trafficmanager.net’ (Microsoft) or 'fastly.net', > that reside on authoritative name servers that *only* have an IPv4 > address. Fastly does have IPv6 enabled authoritative

Re: Hand held copper Ethernet testers

Chris Boyd writes: > My old Test-Um Lanscaper died, and I was curious what people liked these > days. Don’t need throughput testing or anything like that, just basic > wire map testing, cable ID, cable length, PoE voltage, and DHCP client. > > What do y’all like? Pocketethernet has already been

Re: Project/Tool to deploy and maintain Edge Servers (VMs) remotely

Douglas Fischer writes: > I was thinking in use something like reverse ssh and ansible. But I > thought that I'm probably reinventing part of the wheel. If your familiar with ansible: ansible-pull? "pulls playbooks from a VCS repo and executes them for the local host"

Re: Quagga for production?

Mark Tinka writes: > On 17/Mar/20 19:39, Jens Link wrote: > >> >> Jens, using frr for quite some time now without any problems > > IS-IS, per chance? Sorry, only BGP for now. Jens -- | Del

Re: WIKI documentation Software?

Craig writes: > Wanted to ask what WIKI software teams are using to save documentation to / > how to's for staff, etc.  On the wiki side: +1 for dokuwiki Given that more and more people are automating stuff and this way ending up git anyway: Write your doku as markdown, put it into git,

Re: Quagga for production?

Dmitry Sherman writes: > Hello, > > Anybody working with Quagga for production peering with multiple peers > and dynamic eBGP/iBGP announcement? https://frrouting.org/ is a quagga fork and most (all) developers of quagga mode to frr. Jens, using frr for quite some time now without any problems

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

Michael Bullut writes: > Hi Ross, > > How would you gauge good DNS performance?  quick and dirty: jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time" ;; Query time: 16 msec jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time" ;; Query time: 3 msec Jens

Re: IPv6 addressing plan spreadsheet issue

Job Snijders writes: Hi, > I made a list of the IPv6 addresses in my home LAN, but have trouble > copy+pasting the list into a cloud spreadsheet. My address list is here: > http://pete.meerval.net/~job/ > > How do other folks do this? Just administrate things in text files?

Re: Companies using public IP space owned by others for internal routing

Ca By writes: > http://jool.mx/en/index.html > > Free open source nat64 And the DNS64 part can be done with powerdns (recursor), unbound, bind, ... All OpenSource Jens -- | Foelderichstr. 40 |

Re: Waste will kill ipv6 too

Lee Howard writes: > I’ve tried several times to come up with a scenario that leads to > depletion in less than 200 years, and I haven’t managed it. Can you do it? Self replicating nano bots. Which will be a good thing (probably): https://xkcd.com/865/ SCNR Jens --

Re: Companies using public IP space owned by others for internal routing

Matt Hoppes writes: > Had a previous employee or I discovered it on the network segment after > we had some weird routing issues and had to get that cleaned up. I don't > know why anyone would do that when there is tons of private IP space. Excuse 1: "We'll

Re: IEEE OUI regauth (search ?) site

Brandon Applegate writes: Hi, > Anyone have any insight on how one can look up an OUI (yes I know about > oui.txt, but I’m asking about a live query site). https://www.wireshark.org/tools/oui-lookup.html ? Jens --

Re: Frontier: Blocking port 22 because of illegal files?

Stephen Satchell l...@satchell.net writes: It's been a while since I did this, but you can select an additional port to accept SSH connections. That's easy: jens@screen:~$ grep Port /etc/ssh/sshd_config Port 22 Port 443 Picking the right port to use is an exercise, though, that will

Re: Scotland ccTLD?

Owen DeLong o...@delong.com writes: On Sep 16, 2014, at 8:55 AM, Majdi S. Abbas m...@latt.net wrote: su is not available. I think it is now, since the break up of the Soviet Union. A friend told me that .su domains are quite common in windows environments after the admins discovered

Re: Scotland ccTLD?

David Conrad d...@virtualized.org writes: A friend told me that .su domains are quite common in windows environments after the admins discovered that .local is not a good choice. ;-) That would be an *exceptionally* bad idea. I agree. On the other hand: People pay me to fix network

Re: It's the end of the world as we know it -- REM

Valdis Kletnieks valdis.kletni...@vt.edu writes: and I feel fine I didn't see any mention of this Tony Hain paper: http://tndh.net/~tony/ietf/ARIN-runout-projection.pdf tl;dr: ARIN predicted to run out of IP space to allocate in August this year. Are you ready? Personally? Yes! Customer

Re: Common operational misconceptions

Mark Grigsby m...@pcinw.net writes: Speaking in the context of configuring an ipsec tunnel.. Once upon a time: Admin: We need Port 50 and Port 51 for the tunnel! Me:You mean IP protocol 50 and 51? Admin: It the same! You have no clue! Jens --

Re: Common operational misconceptions

Mathias Wolkert t...@netnod.se writes: Autoneg. The old timers that don't trust it after a few decades of decent code. Or those that lock one side and expect the other to adjust to that. Autoneg is black magic. Doesn't work. You have manually configure duplex and speed on one side 1!

Re: common time-management mistake: rack stack

Jeff Wheeler j...@inconcepts.biz writes: With apologies to Randy, let the CCNAs fight with label makers. Yeah. And you need do be at last CCNP to switch a module in a router. Had this request last year. I first thought that some troubleshooting / configuration was involved but it was just

Re: Common operational misconceptions

Leo Bicknell bickn...@ufp.org writes: I've repeatedly asked $BIG_COLO_PROVIDERS to offer a vending machine in the lobby next to the one with sodas that sold Cat 5, Fiber, SFP's, USB sticks, and so on. Hmm. http://gearomat.com/ Jens --

Re: WW: Colo Vending Machine

Leo Bicknell bickn...@ufp.org writes: USB-Serial adapters. Preferably selected so they are driverless on both OSX and Windows. :) ^^^ Wahahahaha There is no such thing. I've seen people reinstalling their Windows after trying to use another USB-Serial adapter. I also

Re: Common operational misconceptions

Owen DeLong o...@delong.com writes: 1.When the only tool you have is a hammer, you try to mold every problem into a nail. Ack. 2.When you only know a procedure for doing something and don't understand the fundamentals of why X is supposed to occur at step Y, then when you

Re: WW: Colo Vending Machine

Sven Olaf Kamphuis s...@cb3rob.net writes: 3.5 HD floppies (yes, they're still around ;) Really? I thought Deutsche Bahn was last company using them: Unfortunately we can't display reservation information. Okay, knowing Deutsche Bahn the disks might not be 3,5. ;-) Jens --

Re: wet-behind-the-ears whippersnapper seeking advice on building a nationwide network

valdis.kletni...@vt.edu writes: Does anybody actually *have* a functional 7 track drive? Maybe the people running http://www.cray-cyber.org have one. (If you ever come to Munich, try to visit this museum.) Jens -- - |

Re: Switching Email

William Herrin b...@herrin.us writes: Anyone have a list of MUAs that actually support RFC 2369 with subscription management widgets in the GUI? Surely someone has written one but I can't seem to find any documentation to that effect. Gnus? Jens, Gnus user since 1999 --

Re: Switching Email

William Herrin b...@herrin.us writes: and you have to read the mail in Microsoft Lookout, interspersed with work-oriented messages from your boss and colleagues. With Outlook popping new-message-notifications up on the projector while you try to give a presentation during a meeting, each

Re: Looking for an IPv6 naysayer...

George Bonser gbon...@seven.com writes: In other words, the broadband provider provides a single global IP to the always up CPE. That CPE does DHCP to user stations and hands out 1918 addresses and NATs them to the single global IP. Ah there is the misunderstanding. Same her in good old

Re: Looking for an IPv6 naysayer...

Mark Andrews ma...@isc.org writes: DS-Lite over 6rd using RFC 1918 / multi-use ISP assigned block (I'd love to be able to say class E here) provides a single NAT translation for IPv4 and public IPv6. Okay, it's 10:15 in the morning and I really want a drink know. ;-) Jens --

Re: Strange L2 failure

Jack Bates jba...@brightok.net writes: Hi, a little late, but just catching up the list. Has anyone seen issues with IOS where certain MACs fail? 54:52:00 (kvm) fails out an old 10mbit port on a 7206 running 12.2 SRE. I've never seen anything like this. DHCP worked, ARP worked, and arp

Re: Looking for an IPv6 naysayer...

Jens Link li...@quux.de writes: Okay, it's 10:15 in the morning and I really want a drink know. ;-) s/know/now/ I think I'll need more coffee. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151

Re: Looking for an IPv6 naysayer...

Daniel Roesen d...@cluenet.de writes: And quite important for residential ISPs of some size: have fun teaching your call centers diagnosing double-NAT failure modes. NAT444 is a hell I don't want to visit really. No it's great! It's secure! It's easy to implement! It's the only way to do it

Re: Looking for an IPv6 naysayer...

Scott Helms khe...@ispalliance.net writes: IPv6 for some ISPs will be extraordinarily painful because of legacy layer 2 gear I don't feel sorry for them. We know that IPv6 is coming for how long? 15years? 10year? 5years? Well if you only read the mainstream media you should have read

Re: Top webhosters offering v6 too?

Tim Chown t...@ecs.soton.ac.uk writes: Which of the big boys are doing it? Strato in Germany. They offer IPv6 for dedicated server now. I was told that the implementation for their shared hosting (about one million domains) is almost finished and that they also offer IPv6 for virtual servers

Re: Looking for an IPv6 naysayer...

david raistrick dr...@icantclick.org writes: And at what point during that time did they have any vendor gear they could purchase that -would- support v6? At -best- during the last 5 years, but I'd put money on that even today they can't purchase gear with adequate v6 support. Another

Re: Looking for an IPv6 naysayer...

Jason Bertoch ja...@i6ix.com writes: I'm not sure about your part of the world, but the economy has been terrible in mine. Even in a good economy, DSL margins don't afford the ability to replace your network every two years. Same thing here in Germany. DSL providers fighting for the lowest

Re: Looking for an IPv6 naysayer...

George Bonser gbon...@seven.com writes: While that is true, it is no worse than the situation right now. In the US, the vast majority of users are already behind a NAT (I would say over 90% of them are) so they are already experiencing this breakage. I never thought it was that bad. In

Re: Only 5x IPv4 /8 remaining at IANA

Owen DeLong o...@delong.com writes: All well and good until some of their customers are on IPv6... Then what? Someone will build an appliance to deal with this problem. ;-) Jens -- - | Foelderichstr. 40 | 13595

Re: Only 5x IPv4 /8 remaining at IANA

valdis.kletni...@vt.edu writes: Those people are next on my hit list, after we've finally eliminated those who still talk about class A/B/C addresses. :) You are going to kill about 90% of all net-/sysadmins? SCNR Jens --

Re: Only 5x IPv4 /8 remaining at IANA

valdis.kletni...@vt.edu writes: You are going to kill about 90% of all net-/sysadmins? Do you *really* want somebody working on your network that gets confused by a reference to 213/8 because it's in Class-C space? Don't get me wrong. I like the idea. Especially after the discussion I had

Re: Definitive Guide to IPv6 adoption

Dobbins, Roland rdobb...@arbor.net writes: Eric Vyncke's IPv6 security book is definitely worthwhile, http://www.ciscopress.com/bookstore/product.asp?isbn=1587055945 A good companion to Eric's book is Deploying IPv6 Networks http://www.ciscopress.com/bookstore/product.asp?isbn=1587052105

Re: Looking Glass

James Bensley jwbens...@gmail.com writes: Hmm, Google says you could use http://www.zebra.org/ to set your box up as a route, and then you can just view the routes from there? Aehm, Zebra is dead. Quagga it the successor. Last change date on zebra.org website is 5 years old. Jens --

Re: Other NOGs around the world?

Rogelio scubac...@gmail.com writes: What other network operator groups are there around the world (besides NANOG)? PLNOG, http://www.plnog.pl Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264

Re: Addressing plan exercise for our IPv6 course

Owen DeLong o...@delong.com writes: for NAT. Enterprises of non-trivial size will likely use RFC4193 (and I fear we will notice PRNG returning 0 very often) and then NAT it to provider provided public IP addresses. Why on earth would you do that? Why not just put the provider-assigned

Re: Addressing plan exercise for our IPv6 course

Saku Ytti s...@ytti.fi writes: RFC4193 + NAT quite simply is what they know and are comfortable with. NAT is *not simple*. NAT adds one more layer of complexity. When using multiple NAT things get worse. In most cases people don't want or need NAT they are just used to it and old habits die

Re: Addressing plan exercise for our IPv6 course

Owen DeLong o...@delong.com writes: You know that, I know that and (hopefully) all people on this list know that. But NAT == security was and still is sold by many people. So is snake oil. Ack, but people are still buying snake oil too. After one of my talks about IPv6 the firewall

Re: Addressing plan exercise for our IPv6 course

Owen DeLong o...@delong.com writes: In all reality: 1.NAT has nothing to do with security. Stateful inspection provides security, NAT just mangles addresses. You know that, I know that and (hopefully) all people on this list know that. But NAT == security was and still is sold by

Re: Overseas - Latency

Caleb Tennis caleb.ten...@gmail.com writes: I saw this earlier this morning, not sure if it relates to you or not: http://www.telegeography.com/cu/article.php?article_id=33597 Well that's Africa and most unfortunate for all the soccer fans there. jens --

Re: Overseas - Latency

Rod Beck rod.b...@hiberniaatlantic.com writes: There are several cable systems landing in South Africa. I doubt it will affect television coverage ... TV is not an issue Internet is. At least thats what I read in an article yesterday. According to the article I read many (smaller) providers

Re: Network Documentation

Tarig Yassin tariq198...@hotmail.com writes: First: *PLEASE* do not start a new thread by replying to a mail an changing the subject. There is something called reference header which allows real mail clients (read: not Outlook or Notes) to do threading. This makes it much easier to read large

Re: Recommendation in Australia for ISPs to force user security?

Joel Jaeggli joe...@bogus.com writes: not sure how they propose to enforce that, instrumentation approaches that look inside the home gateway have a non-trivial falsh positive rate and you've got a lot more hosts than ip addresses. Well you force your users to install some software to control

Re: List of a useful tools for network architects

Pavel Dimow paveldi...@gmail.com writes: Hi, I am wondering what tools you consider most valuable when designing big network from scratch or perform a migration? White board and a digital camera to document the drawings. Pen and paper are also a very important tool. For example I would

Re: Literatur hint needed

Matthias Flittner matthias.flitt...@de-cix.net writes: Hi Folks, I'm searching an fundamental book about how to (inter)connect two networks. It should be about how to connect your business network in a secure and reliable way to the internet. The book should contain some theoretical basics

Re: Monitoring Tool

Thorsten Dahm t.d...@resolution.de writes: The usual suspects in the open source world would be nagios, cacti, mrtg, netflow, ... There is no tool called netflow. ;-) To collect and analyze netflow data I'd recommend nfdump.sf.net and nfsen.sf.net as open source solution. Jens --

Re: 1slash8 pollution

Tom bifr...@minions.com writes: DHCPACK from 1.2.1.3 Perhaps someone should mention this to the hotel? :) I've senn DHCPACK from 1.1.1.1 I was told it's the default value of a Cisco WLAN Controller. There are more things broken in most hotel WLANs. Jens --

Re: IP Address Management Tool

D C cassel...@gmail.com writes: I am looking for a better way to manage IP addresses. I am currently using an excel spreadsheet, but this is becoming cumbersome as more and more addresses are being added. Does anyone have any recommendations? Somebody recommended

Re: looking glass

Randy Bush ra...@psg.com writes: is there a decent looking glass package that does not fill my machine with trash? Haven't tried it but what about RANCID? http://www.shrubbery.net/rancid/man/lg_intro.1.html Jens -- - |

Re: Rate of growth on IPv6 not fast enough?

John Levine jo...@iecc.com writes: I'm not saying that NAT is wonderful, but my experience, in which day to day stuff all works fine, is utterly different from the doom and disaster routinely predicted here. Ever tried too troubleshoot networks which where using multiple NAT? Every time I

Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?

John R. Levine jo...@iecc.com writes: Did you run any services? Of course not, it's consumer DSL. I run services on my server which is somewhere else and tunnel in via ssh which, of course, works fine through NAT. Take a look at all those small SOHO storage boxes. They all offer web and

Re: Books for the NOC guys...

Robert E. Seastrom r...@seastrom.com writes: So, what are you having your up-and-coming NOC staff read? http://www.amazon.com/Illustrated-Network-Modern-Kaufmann-Metworking/dp/0123745411/ I think it's quite good and covers many modern topics. One drawback: It mentions ethereal and not

Re: Home CPE choice

Charles N Wyble char...@knownelement.com writes: Should one get a real cisco router? The 877 or something? 871 works very well here. You may find on heap on eBay. But *don't* get an 861. Last time i checked there was no IOS with IPv6 support for this model. My current home router is a cisco

Re: Home CPE choice

Charles N Wyble char...@knownelement.com writes: Have you tried pfsense, or do you find the built in functionality/configuration system to be sufficient? AFAIK IPv6 is not supported via the GUI, but everything else is okay. Jens --

Re: Posting from freebie E-mail Accounts

jim deleskie deles...@gmail.com writes: Hi, I'm betting more then a few of use free mail accts to keep this separate from our work mail. As a positive side effect there are fewer Out of Office replies when people use different accounts for normal work mail and mailing lists. If your

Re: Finding content in your job title

Steve Bertrand st...@ibctech.ca writes: For instance, I like to present myself as a 'network engineer'. I have never taken formal education, don't hold any certifications (well, since 2001), and can't necessarily prove my worth. Hey, network engineer is good. Some time back someone gave me

Re: IPv6 in Education Question

Todd Christell tchrist...@springnet.net writes: So Im giving an introductory talk on IPv6 for a state wide conference for tech coordinators for education. I have the usual catechism of reasons/advantages from the network side but was wondering if there were any good education specific

Re: Network Naming Conventions

Bill Stewart nonobvi...@gmail.com writes: - Tolkien characters (one of the reasons for DNS was that too many people wanted to name their machine frodo or mozart.) Diskworld characters are also quite common. For my own systems I use names of single malts. cheers Je 'typing on Bowmore' ns --

Re: IP4 Space

Owen DeLong o...@delong.com writes: denial anger bargaining depression acceptance--- My dual-stacked network and I are here. So am I. But most IT people I talk to are still at the denial phase. And there is not much one can do about it. Jens, 566 days to go --

Re: IP4 Space

Owen DeLong o...@delong.com writes: I spend much of my time talking to groups of people about this. I have managed to get several members of such groups from denial to bargaining and sometimes eve depression in a single session. I did several presentations about IPv6 basics myself and there

Re: Ticket/Asset Managment system

Brandon Grant bran...@momentous.ca writes: Also, I am hoping to find a tool that can tie in with SNMP software so I can have tickets auto-generated for certain types of SNMP traps or polling failures. Do it the other way round: Use something like Nagios, Zabbix or Icinga for monitoring and if

Re: Using /31 for router links

Florian Weimer f...@deneb.enyo.de writes: Bad. For some systems, such tricks work to some degree only due to lack of input validation, and you get failures down the road (ARP ceases to work, packet filters are not applied properly and other fun). I never had any problems using Cisco to

Re: Using /31 for router links

Chris Costa cco...@cenic.org writes: We recently did a backbone router upgrade and the vendor surprisingly didn't support /31's. Mind dropping a name? Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany |

Re: Foundry CLI manual?

Richard A Steenbergen r...@e-gerbil.net writes: Ironically enough the manuals themselves are accessable without a login, but the list of manuals is not. Outch. Personally I don't like when company's hides documentation or require me to register (or even get a support contract) to read the

Re: Breaking the internet (hotels, guestnet style)

Owen DeLong o...@delong.com writes: I expect my connections to my mail server to actually reach my mail server. I use TLS and SMTP AUTH as well as IMAP/SSL. Many of the just works settings in question break these things badly. One of my customers has an appliance for his WLAN guest access

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

Jorge Amodio jmamo...@gmail.com writes: I guess Cisco's 800's are out of the Consumer Grade price range, but any comments about v6 support on them and how they compare with other options. Once you find the right IOS version they are working great. ;-) I had to upgrade my router @home in

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

Brandon Ewing nicot...@warningg.com writes: Can you comment on what version you got it to work on? I haven't futzed with it much, but with 12.4(24)T2, you can't put an ipv6 address directly on the wireless subinterface. I tried putting it on a BVI interface, but didn't have much luck.

Re: Simple Change Management Tracking

Paul Stewart pstew...@nexicomgroup.net writes: Thanks - we're not really looking for so much a ticketing system as more of a change management approval system I guess. Thats why I suggested OTRS only after RT was mentioned. CheckPoint R70.1 has something like this build in but it's only for

Re: ISP customer assignments

Brian Johnson bjohn...@drtel.com writes: So a customer with a single PC hooked up to their broad-band connection would be given 2^64 addresses? I realize that this is future proofing, but OMG! That’s the IPv4 Internet^2 for a single device! Most people will have more than one device. And

Re: Opensource or Low Cost NMS for Server Hardware / Application Monitoring

Matthew Huff mh...@ox.com writes: Nagios http://www.nagios.org http://www.icinga.org/ - a (very current) fork of Nagios http://software.uninett.no/stager/ - another netflow tool http://nedi.ch - For those with larger campus networks http://nipper.titania.co.uk/ - audit tool for

Re: generic attack on Cisco routers

Steven M. Bellovin s...@cs.columbia.edu writes: http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/ There's also a video of the talk at 25c3: ftp://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2816-en-cisco_ios_attack_and_defense.mp4 cheers, Jens --

Re: Gigabit Linux Routers

Chris ch...@ghostbusters.co.uk writes: I'm hoping someone can offer some advice on suitable hardware and kernel tweaks for using Linux as a router running bgpd via Quagga. There was a talk Towards 10Gb/s open-source routing at this years Linux-Kongress in Hamburg. Here are th slides: