Re: Time to add 2002::/16 to bogon filters?

2018-07-09 Thread LHC 
2002::/16 is still valid - not a bogon as long as there is an IPv4 Internet. 
Add the IPv4 bogons, though (2002:7f00:::/48 through 2002:7f.ff:ff.ff::/48, 
& others)

On July 9, 2018 3:06:00 PM PDT, "Fabien VINCENT (NaNOG)"  
wrote:
>Le 2018-07-09 18:10, valdis.kletni...@vt.edu a écrit :
>
>> On Mon, 09 Jul 2018 15:21:31 +0200, "Fabien VINCENT (NaNOG)" said:
>> 
>>> I think it's still used a bit ? I see today announcements over the
>>> following OriginAS over more than 2000 peers.
>>> 
>>> as1103SURFnet bv
>>> as1835Forskningsnettet - Danish network for Research and
>Education
>>> as2847Kauno technologijos universitetas
>>> as6939HURRICANE
>>> as16150   Availo Networks AB
>>> as25192   CZ.NIC, z.s.p.o.
>>> as28908   A3 Sverige AB
>> 
>> Announced and used are two different things.. :)
>> 
>> sudo tcpdump -ni any 'net 2002::/16' tcpdump: verbose output 
>> suppressed, use -v or -vv for full protocol  decode
>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 
>> 262144 bytes
>> 15:10:59.588097 IP6 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413 >  
>> 2001:470:1f12:dead::beef.51413: UDP, length 94
>> 15:10:59.588233 IP6 2001:470:1f12:dead::beef.51413 >  
>> 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413: UDP, length 365
>
>I'm pretty sure that 2002: address is (a) *your* end of the tunnel  and
>
>(b)
>only visible inside your network and *inside* the HE tunnel to the
>other 
>end.
>In other words, it shouldn't be seen out on the public net if it's 
>transiting
>an HE tunnel. I bet if you changed that '-i any' to '-i wlan' (for 
>whatever
>your router calls the outbound-facing interface) you won't see traffic 
>on 2002:
>
>
>You're right, it does need to be public to work ;) So my question is
>why 
>it is still and it was announced on DFZ ?
>
>Regards,
>
>-- 
>FABIEN VINCENT
>_@beufanet_

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: US/Canada International border concerns for routing

2017-08-11 Thread LHC (k9m) 
You mean ROBALLOFUS right?

:-)

On August 8, 2017 5:33:28 PM PDT, Clayton Zekelman  wrote:
>
>
>With the peering policies of the major Canadian ISPs, you're 
>virtually guaranteed to hairpin through the US on most paths.
>
>Robellus (Rogers, Bell & Telus) will peer with you at any of their 
>major Canadian peering points, such as NYC, Chicago or LA.
>
>
>
>At 10:01 AM 20/07/2017, Hiers, David wrote:
>>Hi,
>>We're looking to extend some services into Canada.  While our 
>>lawyers dig into it, I thought that I'd ask the hive mind about 
>>border restrictions.
>>
>>For traffic routing, is anyone constraining cross-border routing 
>>between Canada and the US?  IOW, if you are routing from Toronto to 
>>Montreal, do you have to guarantee that the path cannot go through, 
>>say, Syracuse, New York?
>>
>>I'm asking network operators about packet routing; data storage is a 
>>very different matter, of course.
>>
>>Thanks,
>>
>>David
>>
>>--
>>This message and any attachments are intended only for the use of 
>>the addressee and may contain information that is privileged and 
>>confidential. If the reader of the message is not the intended 
>>recipient or an authorized representative of the intended recipient, 
>>you are hereby notified that any dissemination of this communication 
>>is strictly prohibited. If you have received this communication in 
>>error, notify the sender immediately by return email and delete the 
>>message and any attachments from your system.
>
>-- 
>
>Clayton Zekelman
>Managed Network Systems Inc. (MNSi)
>3363 Tecumseh Rd. E
>Windsor, Ontario
>N8W 1H4
>
>tel. 519-985-8410
>fax. 519-985-8409

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Contact at Orange?

2017-08-03 Thread LHC (k9m) 
Wrong currency zone

On August 3, 2017 12:19:07 AM PDT, Dan Hollis  wrote:
>On Thu, 3 Aug 2017, Benoit Panizzon wrote:
>> Apparently this was not their problem.
>
>As long as the money's green?
>
>-Dan

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Making interconnection agreements between networks more dynamic

2017-05-23 Thread LHC (k9m) 
You need an extra 9 lines to handle the overrun.

On May 23, 2017 12:10:52 PM PDT, valdis.kletni...@vt.edu wrote:
>On Tue, 23 May 2017 15:07:14 -0300, Pedro de Botelho Marcos said:
>
>> Dynamic agreements offer many opportunities. For example, consider
>> acquiring extra "bandwidth as a service" that is available on demand
>just
>> when one needs it, similarly to how one might spin up extra VMs in
>the
>> cloud to handle high loads.
>
>In computer science, all problems can be solved by adding a level of
>indirection.
>
>You've now changed it from lengthy discussion about the connection, to
>lengthy
>discussion about which dynamic agreements both sides are willing to
>support.
>
>Hint:  You can't discuss "bandwidth as a service" without both sides
>talking
>about how much burst capacity might be needed, because the capacity
>would *still*
>require over-provisioning in order to be available if needed.  If both
>ends
>of the link have 1G optics, you're not going to burst to 10G no matter
>how
>many dynamic agreements you have.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: AT NOC contact?

2017-05-23 Thread LHC (k9m) 
you just won the internet.

On May 22, 2017 4:59:59 PM PDT, Chris Hartley  wrote:
>Well, I have some thicker sand blast resist that has very poor
>adhesion.  I
>could see trying that for, as you say, simple designs.  More complex
>designs could theoretically have tabs added connecting smaller features
>-
>that kind of sucks, but ... cutting, weeding and applying every vinyl
>stencil is quite tedious!
>
>Chris
>
>On Mon, May 22, 2017 at 7:35 PM, Jason Schwerberg
>
>wrote:
>
>> Can someone from AT's NOC contact me off-list?   Been dealing with
>an
>> open ticket on a T1 line for three weeks, and CIRMs and our account
>> manager don't seem to have a clue...just need someone to verify and
>> bounce the encapsulation...
>>
>> Thanks
>>
>>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Please run windows update now

2017-05-16 Thread LHC (k9m) 
YOU WENT THERE (ignores enough to run for president)

On May 15, 2017 1:48:51 AM PDT, Randy Bush  wrote:
>> Or BSD, or anything but Windows.  Anyone running Microsoft products
>> is quite clearly an unprofessional, unethical moron and fully
>deserves
>> all the pain they get -- including being sued into oblivion by their
>> customers and clients for their obvious incompetence and negligence.
>
>aside from being grossly rude, hyperbolic, and uninteligent, this rant
>ignores reality enough to make you a viable presidential candidate.
>
>80% of desk/laptops run windows.  get over it.  windows is embedded in
>many systems which will be hard to update in an hour or 100 hours.  and
>rude ranting is not doing one micron to help deal with it.
>
>embedded systems are very hard to update, think special drivers, kinky
>mods, ...  aside from the long softdev time, how much time do you think
>QA will take for moving a piece of medical equipment from xp to win10,
>let alone bsd?  and the state of the bsd update process is not
>something
>to describe in polite company.
>
>we have a vulnerable chain from weak software (which is improving, and
>msoft has been in the lead there for a decade), to nsa/cia not
>disclosing, to people choosing or having to run old versions (of
>whatever (and linux/bsd are not immune) for financial or technical
>reasons, to the conservative or lazy logistics of patching.  we can try
>to improve things at each link.  but this is gonna be slow.
>
>though this ransomware attack is not really that much larger than other
>attacks in the past (and the future is not cheering), at least it has
>reached the front pages and maybe people will patch more and vendors
>will issue more/better updates.  but, as @zeynep says, the lack of
>liability along the chain above allows bad practices to continue.
>
>in the meantime, backup, backup and take it offline so it does not get
>encrypted for you, patch, turn off unnecessary services/options, rinse
>repeat.  and try to promote prudent use among friends, family, and
>workplace.
>
>randy

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: IRNOG1 Meeting

2017-05-16 Thread LHC (k9m) 
... I'll show myself out.

On May 16, 2017 10:35:29 AM PDT, "LHC (k9m)" <large.hadron.colli...@gmx.com> 
wrote:
>Make it fun, with cake and for the apostates, bacon
>
>On May 13, 2017 3:15:51 AM PDT, Shahab Vahabzadeh
><sh.vahabza...@gmail.com> wrote:
>>Hello Hello,
>>Proudly I want to announce that 1st IRNOG Meeting will launch at 24th
>>of
>>May in Tehran.
>>In the first day of public announce we had near 90 people registered
>to
>>attend the meeting.
>>Hope to find this meeting useful in Iranian Community. It would be
>>great to
>>get your ideas about the experiences of coordinating such a meetings.
>>
>>http://ir-nog.com
>>
>>Thanks
>>
>>-- 
>>Regards,
>>Shahab Vahabzadeh, Network Engineer and System Administrator
>>
>>PGP Key Fingerprint = 1C43 988E 01A8 4D95 B662 9118 CD94 9F10 4DF4
>6163
>
>-- 
>Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: IRNOG1 Meeting

2017-05-16 Thread LHC (k9m) 
Make it fun, with cake and for the apostates, bacon

On May 13, 2017 3:15:51 AM PDT, Shahab Vahabzadeh  
wrote:
>Hello Hello,
>Proudly I want to announce that 1st IRNOG Meeting will launch at 24th
>of
>May in Tehran.
>In the first day of public announce we had near 90 people registered to
>attend the meeting.
>Hope to find this meeting useful in Iranian Community. It would be
>great to
>get your ideas about the experiences of coordinating such a meetings.
>
>http://ir-nog.com
>
>Thanks
>
>-- 
>Regards,
>Shahab Vahabzadeh, Network Engineer and System Administrator
>
>PGP Key Fingerprint = 1C43 988E 01A8 4D95 B662 9118 CD94 9F10 4DF4 6163

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: What services do you control at your org?

2017-04-30 Thread LHC (k9m) 
I'm a teenager.

For my personal systems, the answers are:

I am the networking group, but my work is nonexistent. Myself. NEETery. I'm 
mostly concerned with maintaining the white noise generators. And since I am 
talking about my personal systems, yes.

On April 27, 2017 3:56:19 PM PDT, Matt Freitag  wrote:
>All,
>
>I'm doing an informal survey:
>
>   - Are you in the networking group? (presumably yes)
>   - What org do you work for? (optional)
>   - What industry is your org in? (ex. Higher Ed)
>   - Does the networking group control your NAC/RADIUS server used for
>   network authentication, DHCP, and/or DNS servers?
> - "Control" means the networking group does all the configuration,
>  administration, and maintenance of said systems.
>
>My answers:
>
>   - I am in the networking group
>   - I'm at Michigan Technological University
>   - We're in Higher Education
>   - Currently I control the NAC/RADIUS server, but not do DHCP and do
>  minimal stuff with DNS. Mostly adding/removing other domains from our
>   master BIND servers.
>
>Thank you for your time!!
>
>Matt Freitag
>Network Engineer I
>Information Technology
>Michigan Technological University
>(906) 487-3696 <%28906%29%20487-3696>
>https://www.mtu.edu/
>https://www.mtu.edu/it

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: nanog: SixXS is shutting down

2017-03-23 Thread LHC (k9m) 
Many people still don't have native IPv6. Why must 6XS die?

On March 23, 2017 11:03:01 AM PDT, Pim van Pelt  wrote:
>Colleagues of nanog,
>
>In 1999, Jeroen and I started SixXS, a project which aimed to provide
>IPv6 connectivity to users who wanted to learn about the network
>protocol and gain experience operating IPv6 networks. Our vision was
>to facilitate migration to IPv6 in content and access providers.
>
>We were able to provide IPv6 to 50’000+ individual users and companies
>in 140+ countries, using servers hosted at 40+ Internet providers in
>30+ countries. We are incredibly proud of what we’ve accomplished
>together, and how many people have gotten to know all about IPv6 due
>to our combined efforts.
>
>We have completed a retrospective and rationale document, which
>details our experience developing and operating the SixXS tunnelbroker
>over the last 18 years. We have worked through our plans with the many
>dedicated ISPs that have been involved:
>https://www.sixxs.net/sunset/
>
>We have reached out to users recently, giving them 6 weeks to make
>alternative plans. We have chosen a somewhat symbolic date of
>2017-06-06 to turn down the SixXS service. Our website will remain as
>a tombstone.
>
>Please feel free to pass this along to any group or list you feel
>would benefit from it, and reach out to  or to myself
>directly  if you have thoughts you’d like to share
>between now and then.
>
>
>Kindest Regards,
>Pim van Pelt and Jeroen Massar (SixXS founders)
>
>-- 
>Pim van Pelt 
>PBVP1-RIPE - http://www.ipng.nl/

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Dyn DDoS this AM?

2016-10-24 Thread LHC 
All this TTL talk makes me think.

Why not have two ttls - a 'must-recheck' (does not expire the record but forces 
a recheck; updates record if server replies & serial has incremented) and a 
'must-delete' (cache will be stale at this point)?

On October 23, 2016 3:42:58 PM PDT, Mark Andrews  wrote:
>
>In message

Re: Dyn DDoS this AM?

2016-10-24 Thread LHC 
All this TTL talk makes me think.

Why not have two ttls - a 'must-recheck' (does not expire the record but forces 
a recheck; updates record if server replies & serial has incremented) and a 
'must-delete' (cache will be stale at this point)?

On October 23, 2016 3:42:58 PM PDT, Mark Andrews  wrote:
>
>In message

Re: Lawsuits for falsyfying DNS responses ?

2016-09-13 Thread LHC 
I believe that the CRTC has rules against censorship - meaning that Videotron, 
Bell etcetera have a choice between following the CRTC code or the provincial 
law (following one = sanctions from the other), rendering internet service 
provision to Québec impossible without being a dialup provider from 
out-of-province.

The law may even be actually contrary to federal law.

On September 12, 2016 10:41:16 AM PDT, Jean-Francois Mezei 
 wrote:
>As many may know, the province of Québec has passed a law to protect
>the
>interests of its lottery corporation.
>
>To do so, it will provide ISPs with list of web sites to block (aka:
>only allow its own gambing web site).
>
>There is an opportunity to comment this week in which I will submit.
>
>(I've gathered many arguments over the past little while already). But
>have a specific question today:
>
>Are there examples of an ISP getting sued because it redirected traffic
>that should have gone to original site ?
>
>For instance, user asks for www.google.com and ISP's DNS responds with
>an IP that points to a bing server?
>
>If the risk of a lawsuit is real, then it brings new dimension to
>arguments already made agains that (stupiod) Québec law.
>
>(And it also creates interesting issues for DNS servers from companies
>such as Google which may have a anycast server located in Québec but
>are
>not considered an ISP and won't receive those documenst from the gov
>with list of websites to block.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.