Marco Davids via NANOG writes:
> It turns out that there underlying CDN's with domain names such as
> ‘l-msedge.net’ and ‘trafficmanager.net’ (Microsoft) or 'fastly.net',
> that reside on authoritative name servers that *only* have an IPv4
> address.
Fastly does have IPv6 enabled authoritative
Chris Boyd writes:
> My old Test-Um Lanscaper died, and I was curious what people liked these
> days. Don’t need throughput testing or anything like that, just basic
> wire map testing, cable ID, cable length, PoE voltage, and DHCP client.
>
> What do y’all like?
Pocketethernet has already been
Douglas Fischer writes:
> I was thinking in use something like reverse ssh and ansible. But I
> thought that I'm probably reinventing part of the wheel.
If your familiar with ansible: ansible-pull?
"pulls playbooks from a VCS repo and executes them for the local host"
Mark Tinka writes:
> On 17/Mar/20 19:39, Jens Link wrote:
>
>>
>> Jens, using frr for quite some time now without any problems
>
> IS-IS, per chance?
Sorry, only BGP for now.
Jens
--
| Del
Craig writes:
> Wanted to ask what WIKI software teams are using to save documentation to /
> how to's for staff, etc.
On the wiki side: +1 for dokuwiki
Given that more and more people are automating stuff and this way ending
up git anyway:
Write your doku as markdown, put it into git,
Dmitry Sherman writes:
> Hello,
>
> Anybody working with Quagga for production peering with multiple peers
> and dynamic eBGP/iBGP announcement?
https://frrouting.org/ is a quagga fork and most (all) developers of
quagga mode to frr.
Jens, using frr for quite some time now without any problems
Michael Bullut writes:
> Hi Ross,
>
> How would you gauge good DNS performance?
quick and dirty:
jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time"
;; Query time: 16 msec
jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 3 msec
Jens
Job Snijders writes:
Hi,
> I made a list of the IPv6 addresses in my home LAN, but have trouble
> copy+pasting the list into a cloud spreadsheet. My address list is here:
> http://pete.meerval.net/~job/
>
> How do other folks do this? Just administrate things in text files?
Ca By writes:
> http://jool.mx/en/index.html
>
> Free open source nat64
And the DNS64 part can be done with powerdns (recursor), unbound, bind,
... All OpenSource
Jens
--
| Foelderichstr. 40 |
Lee Howard writes:
> I’ve tried several times to come up with a scenario that leads to
> depletion in less than 200 years, and I haven’t managed it. Can you do it?
Self replicating nano bots. Which will be a good thing (probably):
https://xkcd.com/865/
SCNR
Jens
--
Matt Hoppes writes:
> Had a previous employee or I discovered it on the network segment after
> we had some weird routing issues and had to get that cleaned up. I don't
> know why anyone would do that when there is tons of private IP space.
Excuse 1: "We'll
Brandon Applegate writes:
Hi,
> Anyone have any insight on how one can look up an OUI (yes I know about
> oui.txt, but I’m asking about a live query site).
https://www.wireshark.org/tools/oui-lookup.html ?
Jens
--
Stephen Satchell l...@satchell.net writes:
It's been a while since I did this, but you can select an additional
port to accept SSH connections.
That's easy:
jens@screen:~$ grep Port /etc/ssh/sshd_config
Port 22
Port 443
Picking the right port to use is an exercise, though, that will
Owen DeLong o...@delong.com writes:
On Sep 16, 2014, at 8:55 AM, Majdi S. Abbas m...@latt.net wrote:
su is not available.
I think it is now, since the break up of the Soviet Union.
A friend told me that .su domains are quite common in windows
environments after the admins discovered
David Conrad d...@virtualized.org writes:
A friend told me that .su domains are quite common in windows
environments after the admins discovered that .local is not a good
choice. ;-)
That would be an *exceptionally* bad idea.
I agree. On the other hand: People pay me to fix network
Valdis Kletnieks valdis.kletni...@vt.edu writes:
and I feel fine
I didn't see any mention of this Tony Hain paper:
http://tndh.net/~tony/ietf/ARIN-runout-projection.pdf
tl;dr: ARIN predicted to run out of IP space to allocate in August this
year.
Are you ready?
Personally? Yes! Customer
Mark Grigsby m...@pcinw.net writes:
Speaking in the context of configuring an ipsec tunnel..
Once upon a time:
Admin: We need Port 50 and Port 51 for the tunnel!
Me:You mean IP protocol 50 and 51?
Admin: It the same! You have no clue!
Jens
--
Mathias Wolkert t...@netnod.se writes:
Autoneg. The old timers that don't trust it after a few decades of
decent code. Or those that lock one side and expect the other to adjust
to that.
Autoneg is black magic. Doesn't work. You have manually configure duplex
and speed on one side 1!
Jeff Wheeler j...@inconcepts.biz writes:
With apologies to Randy, let the CCNAs fight with label makers.
Yeah. And you need do be at last CCNP to switch a module in a router.
Had this request last year. I first thought that some troubleshooting /
configuration was involved but it was just
Leo Bicknell bickn...@ufp.org writes:
I've repeatedly asked $BIG_COLO_PROVIDERS to offer a vending machine
in the lobby next to the one with sodas that sold Cat 5, Fiber,
SFP's, USB sticks, and so on.
Hmm.
http://gearomat.com/
Jens
--
Leo Bicknell bickn...@ufp.org writes:
USB-Serial adapters. Preferably selected so they are driverless on
both OSX and Windows. :)
^^^
Wahahahaha There is no such thing.
I've seen people reinstalling their Windows after trying to use another
USB-Serial adapter. I also
Owen DeLong o...@delong.com writes:
1.When the only tool you have is a hammer, you try to mold every problem
into a nail.
Ack.
2.When you only know a procedure for doing something and don't understand
the fundamentals
of why X is supposed to occur at step Y, then when you
Sven Olaf Kamphuis s...@cb3rob.net writes:
3.5 HD floppies (yes, they're still around ;)
Really? I thought Deutsche Bahn was last company using
them: Unfortunately we can't display reservation information.
Okay, knowing Deutsche Bahn the disks might not be 3,5. ;-)
Jens
--
valdis.kletni...@vt.edu writes:
Does anybody actually *have* a functional 7 track drive?
Maybe the people running http://www.cray-cyber.org have one.
(If you ever come to Munich, try to visit this museum.)
Jens
--
-
|
William Herrin b...@herrin.us writes:
Anyone have a list of MUAs that actually support RFC 2369 with
subscription management widgets in the GUI? Surely someone has written
one but I can't seem to find any documentation to that effect.
Gnus?
Jens, Gnus user since 1999
--
William Herrin b...@herrin.us writes:
and you have to read the mail in Microsoft Lookout, interspersed with
work-oriented messages from your boss and colleagues. With Outlook
popping new-message-notifications up on the projector while you try to
give a presentation during a meeting, each
George Bonser gbon...@seven.com writes:
In other words, the broadband provider provides a single global IP to
the always up CPE. That CPE does DHCP to user stations and hands out
1918 addresses and NATs them to the single global IP.
Ah there is the misunderstanding. Same her in good old
Mark Andrews ma...@isc.org writes:
DS-Lite over 6rd using RFC 1918 / multi-use ISP assigned block
(I'd love to be able to say class E here) provides a single NAT
translation for IPv4 and public IPv6.
Okay, it's 10:15 in the morning and I really want a drink know. ;-)
Jens
--
Jack Bates jba...@brightok.net writes:
Hi,
a little late, but just catching up the list.
Has anyone seen issues with IOS where certain MACs fail?
54:52:00 (kvm) fails out an old 10mbit port on a 7206 running 12.2
SRE. I've never seen anything like this. DHCP worked, ARP worked, and
arp
Jens Link li...@quux.de writes:
Okay, it's 10:15 in the morning and I really want a drink know. ;-)
s/know/now/
I think I'll need more coffee.
Jens
--
-
| Foelderichstr. 40 | 13595 Berlin, Germany| +49-151
Daniel Roesen d...@cluenet.de writes:
And quite important for residential ISPs of some size: have fun teaching
your call centers diagnosing double-NAT failure modes.
NAT444 is a hell I don't want to visit really.
No it's great! It's secure! It's easy to implement! It's the only way to
do it
Scott Helms khe...@ispalliance.net writes:
IPv6 for some ISPs will be extraordinarily painful because of legacy
layer 2 gear
I don't feel sorry for them. We know that IPv6 is coming for how long?
15years? 10year? 5years? Well if you only read the mainstream media you
should have read
Tim Chown t...@ecs.soton.ac.uk writes:
Which of the big boys are doing it?
Strato in Germany. They offer IPv6 for dedicated server now. I was told
that the implementation for their shared hosting (about one million
domains) is almost finished and that they also offer IPv6 for virtual
servers
david raistrick dr...@icantclick.org writes:
And at what point during that time did they have any vendor gear they
could purchase that -would- support v6? At -best- during the last 5
years, but I'd put money on that even today they can't purchase gear
with adequate v6 support.
Another
Jason Bertoch ja...@i6ix.com writes:
I'm not sure about your part of the world, but the economy has been
terrible in mine. Even in a good economy, DSL margins don't afford the
ability to replace your network every two years.
Same thing here in Germany. DSL providers fighting for the lowest
George Bonser gbon...@seven.com writes:
While that is true, it is no worse than the situation right now. In the
US, the vast majority of users are already behind a NAT (I would say
over 90% of them are) so they are already experiencing this breakage.
I never thought it was that bad. In
Owen DeLong o...@delong.com writes:
All well and good until some of their customers are on IPv6...
Then what?
Someone will build an appliance to deal with this problem. ;-)
Jens
--
-
| Foelderichstr. 40 | 13595
valdis.kletni...@vt.edu writes:
Those people are next on my hit list, after we've finally eliminated those
who still talk about class A/B/C addresses. :)
You are going to kill about 90% of all net-/sysadmins?
SCNR
Jens
--
valdis.kletni...@vt.edu writes:
You are going to kill about 90% of all net-/sysadmins?
Do you *really* want somebody working on your network that gets confused by a
reference to 213/8 because it's in Class-C space?
Don't get me wrong. I like the idea. Especially after the discussion I had
Dobbins, Roland rdobb...@arbor.net writes:
Eric Vyncke's IPv6 security book is definitely worthwhile,
http://www.ciscopress.com/bookstore/product.asp?isbn=1587055945
A good companion to Eric's book is Deploying IPv6 Networks
http://www.ciscopress.com/bookstore/product.asp?isbn=1587052105
James Bensley jwbens...@gmail.com writes:
Hmm, Google says you could use http://www.zebra.org/ to set your box
up as a route, and then you can just view the routes from there?
Aehm, Zebra is dead. Quagga it the successor.
Last change date on zebra.org website is 5 years old.
Jens
--
Rogelio scubac...@gmail.com writes:
What other network operator groups are there around the world (besides
NANOG)?
PLNOG, http://www.plnog.pl
Jens
--
-
| Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264
Owen DeLong o...@delong.com writes:
for NAT. Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP addresses.
Why on earth would you do that? Why not just put the provider-assigned
Saku Ytti s...@ytti.fi writes:
RFC4193 + NAT quite simply is what they know and are comfortable with.
NAT is *not simple*. NAT adds one more layer of complexity. When
using multiple NAT things get worse.
In most cases people don't want or need NAT they are just used to it and
old habits die
Owen DeLong o...@delong.com writes:
You know that, I know that and (hopefully) all people on this list know
that. But NAT == security was and still is sold by many people.
So is snake oil.
Ack, but people are still buying snake oil too.
After one of my talks about IPv6 the firewall
Owen DeLong o...@delong.com writes:
In all reality:
1.NAT has nothing to do with security. Stateful inspection provides
security, NAT just mangles addresses.
You know that, I know that and (hopefully) all people on this list know
that. But NAT == security was and still is sold by
Caleb Tennis caleb.ten...@gmail.com writes:
I saw this earlier this morning, not sure if it relates to you or not:
http://www.telegeography.com/cu/article.php?article_id=33597
Well that's Africa and most unfortunate for all the soccer fans
there.
jens
--
Rod Beck rod.b...@hiberniaatlantic.com writes:
There are several cable systems landing in South Africa. I doubt it will
affect
television coverage ...
TV is not an issue Internet is. At least thats what I read in an
article yesterday. According to the article I read many (smaller)
providers
Tarig Yassin tariq198...@hotmail.com writes:
First: *PLEASE* do not start a new thread by replying to a mail an
changing the subject. There is something called reference header which
allows real mail clients (read: not Outlook or Notes) to do
threading. This makes it much easier to read large
Joel Jaeggli joe...@bogus.com writes:
not sure how they propose to enforce that, instrumentation approaches
that look inside the home gateway have a non-trivial falsh positive rate
and you've got a lot more hosts than ip addresses.
Well you force your users to install some software to control
Pavel Dimow paveldi...@gmail.com writes:
Hi,
I am wondering what tools you consider most valuable when designing big
network from scratch or perform a migration?
White board and a digital camera to document the drawings. Pen and paper
are also a very important tool.
For example I would
Matthias Flittner matthias.flitt...@de-cix.net writes:
Hi Folks,
I'm searching an fundamental book about how to (inter)connect two
networks. It should be about how to connect your business network in a
secure and reliable way to the internet. The book should contain some
theoretical basics
Thorsten Dahm t.d...@resolution.de writes:
The usual suspects in the open source world would be nagios, cacti,
mrtg, netflow, ...
There is no tool called netflow. ;-) To collect and analyze netflow
data I'd recommend nfdump.sf.net and nfsen.sf.net as open source
solution.
Jens
--
Tom bifr...@minions.com writes:
DHCPACK from 1.2.1.3
Perhaps someone should mention this to the hotel? :)
I've senn DHCPACK from 1.1.1.1 I was told it's the default value of a
Cisco WLAN Controller. There are more things broken in most hotel
WLANs.
Jens
--
D C cassel...@gmail.com writes:
I am looking for a better way to manage IP addresses. I am currently using
an excel spreadsheet, but this is becoming cumbersome as more and more
addresses are being added. Does anyone have any recommendations?
Somebody recommended
Randy Bush ra...@psg.com writes:
is there a decent looking glass package that does not fill my machine
with trash?
Haven't tried it but what about RANCID?
http://www.shrubbery.net/rancid/man/lg_intro.1.html
Jens
--
-
|
John Levine jo...@iecc.com writes:
I'm not saying that NAT is wonderful, but my experience, in which day
to day stuff all works fine, is utterly different from the doom and
disaster routinely predicted here.
Ever tried too troubleshoot networks which where using multiple NAT?
Every time I
John R. Levine jo...@iecc.com writes:
Did you run any services?
Of course not, it's consumer DSL. I run services on my server which is
somewhere else and tunnel in via ssh which, of course, works fine
through NAT.
Take a look at all those small SOHO storage boxes. They all offer web
and
Robert E. Seastrom r...@seastrom.com writes:
So, what are you having your up-and-coming NOC staff read?
http://www.amazon.com/Illustrated-Network-Modern-Kaufmann-Metworking/dp/0123745411/
I think it's quite good and covers many modern topics. One drawback:
It mentions ethereal and not
Charles N Wyble char...@knownelement.com writes:
Should one get a real cisco router? The 877 or something?
871 works very well here. You may find on heap on eBay. But *don't* get
an 861. Last time i checked there was no IOS with IPv6 support for this
model.
My current home router is a cisco
Charles N Wyble char...@knownelement.com writes:
Have you tried pfsense, or do you find the built in
functionality/configuration system to be sufficient?
AFAIK IPv6 is not supported via the GUI, but everything else is okay.
Jens
--
jim deleskie deles...@gmail.com writes:
Hi,
I'm betting more then a few of use free mail accts to keep this separate
from our work mail.
As a positive side effect there are fewer Out of Office replies when
people use different accounts for normal work mail and mailing lists.
If your
Steve Bertrand st...@ibctech.ca writes:
For instance, I like to present myself as a 'network engineer'. I have
never taken formal education, don't hold any certifications (well, since
2001), and can't necessarily prove my worth.
Hey, network engineer is good. Some time back someone gave me
Todd Christell tchrist...@springnet.net writes:
So Im giving an introductory talk on IPv6 for a state wide conference
for tech coordinators for education. I have the usual catechism of
reasons/advantages from the network side but was wondering if there were
any good education specific
Bill Stewart nonobvi...@gmail.com writes:
- Tolkien characters (one of the reasons for DNS was that too many
people wanted to name their machine frodo or mozart.)
Diskworld characters are also quite common.
For my own systems I use names of single malts.
cheers
Je 'typing on Bowmore' ns
--
Owen DeLong o...@delong.com writes:
denial
anger
bargaining
depression
acceptance--- My dual-stacked network and I are here.
So am I. But most IT people I talk to are still at the denial phase. And
there is not much one can do about it.
Jens, 566 days to go
--
Owen DeLong o...@delong.com writes:
I spend much of my time talking to groups of people about this. I
have managed to get several members of such groups from denial to
bargaining and sometimes eve depression in a single session.
I did several presentations about IPv6 basics myself and there
Brandon Grant bran...@momentous.ca writes:
Also, I am hoping to find a tool that can tie in with SNMP software so
I can have tickets auto-generated for certain types of SNMP traps or
polling failures.
Do it the other way round: Use something like Nagios, Zabbix or Icinga
for monitoring and if
Florian Weimer f...@deneb.enyo.de writes:
Bad. For some systems, such tricks work to some degree only due to
lack of input validation, and you get failures down the road (ARP
ceases to work, packet filters are not applied properly and other
fun).
I never had any problems using Cisco to
Chris Costa cco...@cenic.org writes:
We recently did a backbone router upgrade and the vendor surprisingly
didn't support /31's.
Mind dropping a name?
Jens
--
-
| Foelderichstr. 40 | 13595 Berlin, Germany |
Richard A Steenbergen r...@e-gerbil.net writes:
Ironically enough the manuals themselves are accessable without a login,
but the list of manuals is not.
Outch. Personally I don't like when company's hides documentation or
require me to register (or even get a support contract) to read the
Owen DeLong o...@delong.com writes:
I expect my connections to my mail server to actually reach my mail
server. I use TLS and SMTP AUTH as well as IMAP/SSL. Many of the just
works settings in question break these things badly.
One of my customers has an appliance for his WLAN guest access
Jorge Amodio jmamo...@gmail.com writes:
I guess Cisco's 800's are out of the Consumer Grade price range, but
any comments about v6 support on them and how they compare with other
options.
Once you find the right IOS version they are working great. ;-)
I had to upgrade my router @home in
Brandon Ewing nicot...@warningg.com writes:
Can you comment on what version you got it to work on? I haven't futzed
with it much, but with 12.4(24)T2, you can't put an ipv6 address directly on
the wireless subinterface. I tried putting it on a BVI interface, but
didn't have much luck.
Paul Stewart pstew...@nexicomgroup.net writes:
Thanks - we're not really looking for so much a ticketing system as more
of a change management approval system I guess.
Thats why I suggested OTRS only after RT was mentioned. CheckPoint R70.1
has something like this build in but it's only for
Brian Johnson bjohn...@drtel.com writes:
So a customer with a single PC hooked up to their broad-band connection
would be given 2^64 addresses?
I realize that this is future proofing, but OMG! That’s the IPv4
Internet^2 for a single device!
Most people will have more than one device. And
Matthew Huff mh...@ox.com writes:
Nagios http://www.nagios.org
http://www.icinga.org/ - a (very current) fork of Nagios
http://software.uninett.no/stager/ - another netflow tool
http://nedi.ch - For those with larger campus networks
http://nipper.titania.co.uk/ - audit tool for
Steven M. Bellovin s...@cs.columbia.edu writes:
http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/
There's also a video of the talk at 25c3:
ftp://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2816-en-cisco_ios_attack_and_defense.mp4
cheers,
Jens
--
Chris ch...@ghostbusters.co.uk writes:
I'm hoping someone can offer some advice on suitable hardware and kernel
tweaks for using Linux as a router running bgpd via Quagga.
There was a talk Towards 10Gb/s open-source routing at this years
Linux-Kongress in Hamburg. Here are th slides:
79 matches
Mail list logo