That may be, but it would surprise me. The carriers still get paid
by virtue of charging the recipients for the SMSes, and in this
particular case cutting off this line of communication is leaving
money on the table, as email-SMS deliverability is desired yet
optional/secondary
Internet and phone connections across Britain could go into meltdown
as BT workers threaten their first national strike for 23 years...
‘Many business and residential phonelines could go out of action, and
if broadband crashes then thousands and thousands of people will find
their internet
I would expect that the increased awareness of network security that
resulted would pay dividends in business and home use of networks.
I'd expect a lot of nice business for audit firms with the right government
connections, and another checklist with a magic acronym that has everything to
do
Checklists come in handy in fact if many were followed (BCP
checklists, appropriate industry standard fw, system rules)
the net would be a cleaner place.
Sensible checklists that actually improve matters, yes.
The audit checklists I've often been subjected to, full of security theatre and
I look at this as water under the bridge. Yep, it was complicated code
and now it works. I can run bittorrent just fine beyond an Apple
wireless router and I did nothing to make that work. Micro-torrent
just communicates with the router to make the port available.
So, the security model here
Why waste valuable people's time to conserve nearly valueless
renewable resources?
See my earlier comments on upsell and control. While you have some ISPs
starting from the mentality that gives us accepting incoming connections is a
chargeable extra, they're also going to be convinced that
Owen DeLong wrote:
If you want to build a business based on upsell and control by trying
to convince users that they should give you extra money to provision
a resource that costs you virtually nothing, then more power to you.
However, I think this will, in the end, be as popular as
Jeroen Massar wrote:
See my earlier comments on upsell and control. While you
have some ISPs starting from the mentality that gives us accepting
incoming connections is a chargeable extra, they're also going
to be convinced that there's a revenue opportunity in segmenting
customers who want
I think BGP is better for that job, ultimately because it was
specifically designed for that job, but also because it's now
available
in commodity routers for commodity prices e.g. Cisco 800 series.
+1 - for me, if I need a dynamic routing protocol between trust /
administrative domains,
Now, when traffic comes from head office destined for a site prefix,
it hits the provider gear. That provider gear will need routing
information to head to a particular site. If you wanted to use
statics, you will need to fill out a form each time you add/remove a
prefix for a site and the
- Ruben Guerra ruben.gue...@arrisi.com wrote:
Using BGP would be overkill for most. Many small commercial customers
to not want the complexity of BGP
This one keeps coming up.
Leaf-node BGP config is utterly trivial, and is much easier for the SP to
configure the necessary safety devices
If i have to wait for 20 minutes for an email, i've started skype
already.. You know what, why don't we simply turn the smtp servers
-off- and use skype and msn for everything... saves electricity :P
By that argument, why don't we turn off the Internet and use SMS for everything?
It may be
This isn't to do with anything low level like RAs. This is about
people proposing every IPv6 end-site gets PI i.e. a default free zone
with multiple billions of routes instead of using ULAs for internal,
stable addressing. It's as though they're not aware that the majority
of end-sites on the
About the only hack I can see that *might* make sense would be that
home CPE does NOT honour the upstream lifetimes if upstream
connectivity is lost, but instead keeps the prefix alive on very
short lifetimes until upstream connectivity returns.
Yep, that's the hack I was getting at.
As a
- Owen DeLong o...@delong.com wrote:
Personally, I think that enforced UNE is the right model. If you sell
higher level services, you should not be allowed to operate the physical
plant. The physical plant operating companies should sell access to the
physical plant to higher level
- Owen DeLong o...@delong.com wrote:
Yeah... I'd rather see it done in such a way that there is a
prohibition of common ownership or management. Essentially,
require that the stock be split and each current owner receives
one share in each company with any shareholders who own more than
Terminating PPPoE generally isn't much different than terminating
VLANs. In Juniper world, it requires the right equipment. Cisco
world, it's not generally a big deal.
Unless, for example, you already sunk a chunk of change into Cisco 10Ks, and
now want IPv6 on your PPPoE. Not that I'm
I think ULA is still useful for home networks. If the home router guys
properly generate the ULA dynamically, it should stop conflicts within
home networking. There's something to be said for internal services
which ULA can be useful for, even when you do fall off the net.
I really,
So, when I take my laptop from Home to work, to the airport, to some
random cyber cafe I should have to manually alter my DNS servers
assuming I can find someone in the location who can tell me what they
are ?? Or let me guess, I should hardcode some public DNS servers
which I can
I do not live over there, I have never seen a Vonage or Magic jack or
any other VoIP service ad on TV in the UK, ever.
Vonage *are* advertising on UK TV. Hardly the carpet-bombing the OP suggests
is the case in the US, but they are doing something.
It is quite a different market here. I
Certainly fixing all the buggy host stacks, firewall and compliance devices
to realize that ICMP isn't bad won't be hard.
Wait till you get started on fixing the security consultants.
Ack. I've yet to come across a *device* that doesn't deal properly with
packet too big. Lots (and lots
http://www.startssl.com/
Their certs are free and, from what I hear, are accepted by Google.
Seconded. I was a hold-out for a long time on personal stuff - I trust me, I'm
not paying someone else to trust me - but StartSSL makes a lot of the pain go
away with minimal effort.
Regards,
Tim.
ROTFL what an honour ;-), as we are in to weekend mood anyway I share
the reason for this. When I joined Colt my signature did look like this:
---
___ ___ ___ ___ Ralf Weber t: +49 (0)69 56606 2780
\C/ \O/ \L/ \T/ System Administrator
V V V VCOLT Telecom GmbH
Is anyone else that uses ServerBeach hosting having issues with their name
servers (ns[12].geodns.net) failing to resolve their hostnames?
I haven't seen any recent problems, although I have the geodns servers slaving
from my server. Are you doing the same, or generating DNS directly on their
I read the article and the follow up posts and I wonder if we are all
using the same definition for speed here. The article seems to
imply you don't get 6 Mbps on your DSL line in summer because the
copper is hotter and it's harder to push electrons down the link.
That is clearly BS,
It's already been pointed out that lame delegations are more likely
problems for many. But the we'll just pre-fill in-addr to avoid
problems isn't going to work for ip6.arpa. If anyone has enough
hardware to serve the zone for a /48 (64k * 4bil * 4bil *
bytes-in-record), I'd love to see it.
3) If you write an application using anything other than UDP or TCP,
it won't work on most networks (with some minor exceptions for PPTP
and IPSEC, which work sometimes).
This hasn't been my experience unless you're behind some form of NAT.
Yes, it is well known that NAT breaks most
There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as
As for the iOS problem, read on here:
http://www.net.princeton.edu/apple-ios/ios41-allows-lease-to-expire-keeps-using-IP-address.html
That's the iOS issue - out of curiosity, what's the Mac issue?
Regards,
Tim.
When I took an A level computing course in the 90s the course material
still talked about primary stor and backing stor, batch jobs and the
like...
I was working with a lot of batch jobs in my first development role in 1993,
and still supporting overnight scheduling to make best use of the
GAI/GNI do not return TTL values, but this should not be a problem.
If they were to return anything, it should not be a TTL, but a time()
value, after which the result may no longer be used.
One way to achieve that would be for GAI to return an opaque structure
that contained the IP and
On the other hand, if you hop into other people's Huawei
routers via CLI you will curse and scream. As close as I
could tell, it handles most functionality of IOS, but
they tried to find a synonym for every word cisco used
in the cli.
This does occasionally brighten up my day with gems like
I don't think the term means what Masataka thinks it means, because nobody
in this discussion is talking in terms of circuits rather than packet routing.
Geographical addressing can tend towards bellhead thinking, in the sense that
it assumes a small number (one?) of suppliers servicing all
Not to sound like I am trolling here, but how hard is
it get VPS servers or some EC2 servers and setup your
own DNS servers. Are there use cases where that is not
practical?
Aren't we talking about NetSol as a *registrar* and inserting quad-A glue? Or
did I miss the original intention?
Even though it may be easy to make end systems and local
LANs v6 capable, rest, the center part, of the Internet
keep causing problems.
Really? My impression is that it's very much the edge that's hard - CE
routers, and in particular cheap, nasty, residential DSL and cable CE routers.
Lots
The only solution is, IMO, to let multihomed sites have
multiple prefixes inherited from their upper ISPs, still
keeping the sites' ability to control loads between incoming
multiple links.
And for the basement multi-homers, RA / SLAAC makes this much easier to do with
v6. The larger-scale
Does anyone have a very lightly used, long long low bandwidth link
they can dedicate to The Cause?
Dummynet. One cheap PC, two NICs, roll your own, as long as you like. I've
had fake circuits running with 2s RTT, applications keep doing their thing,
just very slowly.
Regards,
Tim.
You'll need a beefy NAT box. Linux with Xeon CPU and 4GB RAM minimum.
Or not. The CCC presentation is showing *real* Internet for everyone, unless
I'm very much mistaken...
Regards,
Tim.
So...why do you need publicly routable IP addresses if they aren't
publicly routable?
Because the RIRs aren't in the business of handing out publicly routable
address space. They're in the business of handing out globally unique address
space - *one* of the reasons for which may be
Given the lack of truly neutral terms in english, I have
taken to alternative my pronouns interchangably when I write.
Folks? I really do mean folks when I write guys, but I do understand why
it can come across as exclusionary, and I try to force myself into the habit of
folks. It sounds a
On Tue, January 13, 2009 8:57 pm, Joe Abley wrote:
The fact that I choose to stick 701 in an AS_PATH attribute on a
prefix I advertise in order to stop that prefix from propagating into
701 is entirely my own business, and it's a practice which, although
apparently not commonplace, has been a
On Thu, October 4, 2007 6:49 am, Mike Leber wrote:
As the data at http://bgp.he.net/ipv6-progress-report.cgi shows for the
IPv6 and IPv4 nameserver tests, some of the time IPv6 connectivity is
*faster* than IPv4 connectivity (66 out of 264 test cases), because of
network topology differences
On Thu, September 11, 2008 10:58 am, Eugeniu Patrascu wrote:
Why should an ISP provide proof of the good behavior of their clients ?
Or in your conuntry you're considered guilty until proven otherwise ?
Conversely, and sticking close to the 'clean house' metaphor, if someone
has a history of
Isn't that just CYA? Thank the lawyers and corporate compliance
offices and professional whiners.
The obvious answer is that if your corporate email policy makes you look like
an idiot, post to mailing lists from a personal email address that doesn't make
you look like an idiot.
This
P.S. Does anyone else think that perhaps ipv3.com == Guillaume
FORTAINE?
It's spewing semi-coherent proposals for unworkable alternative addressing
schemes. Sounds more like Jim Fleming to me. Perhaps we start comparing IPv3
to IPv8 and see if we get a reaction? ;)
Regards,
Tim.
This reminds of me of the failure-mode-within-a-failure-mode of 10b2
with vaxstation2000's using vms's vaxcluster software. Unplugging the
10b2 gave you a window of about 10 seconds before one by one every
vaxstation2000 would bugcheck. I was always rather astonished that
nobody at DEC either
Some caveats:
1. only the ME version supports MPLS, in case you want to overlay an
MPLS TE/VPN network on a Metro Ethernet Forum (MEF) ELAN raw Ethernet
service.
2. If you are using IP multicast, make sure that the Metro Ethernet
provider supports PIM snooping, otherwise (S,G) directed
All of those numbers are straight forwarding with nothing turned on
and 64
byte packets. That way you get a nice idea of what the CPU can do.
They're also, as ever, unidirectional, so you can immediately halve them if
your question is what size pipe can I connect this device to?
As a VPN
Which seems a bit far afield from reality to me. Yes, there are lots
of folks with IPv6 connectivity and v4-only recursive DNS servers. I
don't think ISPs will have problems setting aside a handful of IPv4
addresses for authoritative DNS infrastructure to work around this
until v6 transport
I guess we have another gem for DeLongFacts.com (in the vein of
SchneierFacts.com): He is one of the few natural enemies of the
Babushka.
Did anyone else suddenly have flashbacks to the VMS Wombat?
I think that George's POV -- which is also mine -- is that as the
world shifts, the percentage of video distribution which is
amenable to multicast, and not well served by unicast, is likely
to grow, and it would be a Good Idea to be ready for that
situation already when it arrives.
Really?
Let me just step in here and say.. it's tough to build onto Zimbra.
At work, we support ~1000 users on Zimbra (network edition), with
hundreds of thousands of messages flowing through daily, and it
doesn't like you tinkering with stuff under the hood. Most of your
customizations get blown
Standing back a little, I can see an argument that IPv6 would be an
easier 'sell' if there were two modes of operation, one with only
RAs, and one with only DHCPv6.
This +1.
There are plenty of enterprises, employing actual network engineers
(allegedly), who are just about getting to grips
Thankfully, the current test has been a success.
Including stopping non-members from posting to the list, and other anti-spam?
I've got a sudden influx this morning of spam addressed to nanog@nanog.org :(
Regards,
Tim.
- Original Message -
The new posts do not have list (un)subscribe information in the
headers.
Also, a statement would be nice as to what header definitely *will* be in place
that we can filter on. At the moment, I'm assuming 'List-ID', but I'm not sure
if that header or its
You can also use IPv6 privacy extensions (by default on Windows 7),
see rfc4941. For Linux, you can also enable it, which is not a
default.
In the context of addresses I'm using to manage kit, having devices randomly
renumber themselves at regular intervals does *not* sound like it's going to
Silly confidentiality notices are usually enforced by silly corporate
IT departments and cannot be removed by mere mortal employees.
They are an unavoidable part of life, like Outlook top posting and
spam.
Alternatively, if your corporate email imposes stupid policies and / or a
stupid email
I've never seen anyone put in rDNS for networks or broadcast addresses.
I've done this a fair bit, on both a personal and professional basis. I find
it quite helpful when I forget what the subnet masks are (or fail to apply them
properly) and try and Do Something with an address that can't be
Just because something is public doesn¹t mean you have to accept ALL
traffic, it just means you have to anticipate any potential problems based
on Larry knowing your address rather than imagining him standing at the
front gate of your gated community. ;) (let¹s torture that analogy!)
There's
Additional support on my feeling of DO and IPv6, is DO's stance of
directly not even allowing IPv6 tunnels to HE, SiXXs, or any of the
other providers by specifically teliing them not to allow connections
from your IPv4 address space.
Say *what*?
I've got HE tunnels into DO, purely because
All those init.d scripts do about 95% the same thing, all hacked
together in shell. Most of them are probably just slightly edited
versions of some few paleo-scripts.
Set the location of the pid file, set the path of the executable, set
the command line flags/options, maybe change some
That's it. Step 1, buy the equipment at full price. Step 2, pay for the cloud
management license, yearly. Step 3, no extended warranty option, so pay full
price if equipment from step one fails.
As long as you're doing step 2 (which you *have* to, otherwise it's a brick),
isn't step 3 report
By the way, I hope that all of the people who have been ranting about
this have read this note. The only way this filtering works is if the
client computers have a special CA cert installed into their browsers.
That means it's a private organizational network that manages all its
client
I meant that on the Internet as a whole it is unusual for such speeds to
actually be realized in practice due to various issues.
8-10Mb/s seems to be what one can expect without going to distributed
protocols.
Really? I have 2 x VDSL (40/10) to my house, running MLPPP. I can get a
I am worried as most tech's know Cisco and Juniper, so going to ALU would
be a learning curve based on replies I am getting off list.
It's definitely quite different from the CLI. I'm still dabbling, but the guys
here who have been through the training and are immersed in it really like it.
It really bothers me to see that people in this industry are so worried about
a change of syntax or terminology. If there's one thing about the big
vendors that bothers me, it's that these batteries of vendor specific tests
have allowed many techs to get lazy. They simply can't seem to operate
That all said: Restricting content based on location is complete and
utter nonsense in 2015. The world is global, people want to pay for
content and the content owners just don't allow people to pay for it.
Globalisation is for your corporate lords and masters to buy labour and raw
materials
Interesting that you say that about sip. We had a client that would use it
for sip on ships all the time. It wasn't the best but it worked. Ping times
were between 500-700ms.
It really depends on your expectations - or more to the point, your end-users'
expectations.
I've tested SIP in the
And I’m saying you’re ignoring an important part of reality.
Whatever ISPs default to deploying now will become the standard to which
application developers develop.
Changing the ISP later is easy.
I'm not even convinced of that. Once /56 (or *any* value) is baked into the
processes,
On 02/10/2023 19:24, Matthew Petach wrote:
The problem with this approach is you now have non-deterministic routing.
Depending on the state of FIB compression, packets *may* flow out
interfaces that are not what the RIB thinks they will be.
This can be a good recipe for routing micro-loops
70 matches
Mail list logo
