Re: HELP IN SETTING UP iBGPlay

[John Kemp]

On 7/10/2012 5:04 AM, Joseph M. Owino wrote:
 hi,

 Anyone out there who can help in setting up iBGP looking glass for an IXP. We 
 currently are running 2 route servers and and 2 switches, they all are Cisco 
 equipment. We also have a working web server running on FreeBSD 8.0. Any help 
 is  highly appreciated.

 regards,
 Muga


Happy to help you if you get stuck.The work flow looks very similar
to what
is in BGPlay, so once you have the MRT file that contains desired data, you
are most of the way there.

I suspect the issue you will hit is that you already have existing route
servers,
and when you specify the route servers as the source
route-reflector-clients, then you will
see the route servers as the routers in your views rather than your
peer routers.

If on the other hand you have control over your peer routers, and you
can reflect directly to the
iBGPlay routerserver, that appears to be the model they show in their
setup documents.

John Kemp (k...@routeviews.org)

Netsol AAAA glue

[Brandon Applegate]

So I sent an email over a week ago to ipv6...@networksolutions.com - and 
since I've only recieved the auto reply.


A year or so ago I did this and got very quick turnaround, but now just 
dead air (sent another email yesterday).


Wanted to see if others had the same results (recently) and any advice 
before I call into phone tree hell.  Thanks.


--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
8779 B023 7637 CEC8 C5C6 4052 664D 7E08 3CBB 1739
SH1-0151.  This is the serial number, of our orbital gun.

Re: Netsol AAAA glue

[Jared Mauch]

On Jul 13, 2012, at 8:43 AM, Brandon Applegate wrote:

 So I sent an email over a week ago to ipv6...@networksolutions.com - and 
 since I've only recieved the auto reply.
 
 A year or so ago I did this and got very quick turnaround, but now just dead 
 air (sent another email yesterday).
 
 Wanted to see if others had the same results (recently) and any advice before 
 I call into phone tree hell.  Thanks.

As long as you're not 1 year into a 10 year renewal, you may want to consider 
just moving your domains to another registrar such as opensrs.  Drawback of 
using OpenSRS is they don't do DS records for dnssec, if that's a requirement 
as well, I believe Dyn has a good service for this (or so I read in the OpenSRS 
forums).

- Jared

Re: Netsol AAAA glue

[Jeroen Massar]

On 2012-07-13 14:52 , Jared Mauch wrote:
 
 On Jul 13, 2012, at 8:43 AM, Brandon Applegate wrote:
 
 So I sent an email over a week ago to ipv6...@networksolutions.com
 - and since I've only recieved the auto reply.
 
 A year or so ago I did this and got very quick turnaround, but now
 just dead air (sent another email yesterday).
 
 Wanted to see if others had the same results (recently) and any
 advice before I call into phone tree hell.  Thanks.
 
 As long as you're not 1 year into a 10 year renewal, you may want to
 consider just moving your domains to another registrar such as
 opensrs.  Drawback of using OpenSRS is they don't do DS records for
 dnssec, if that's a requirement as well, I believe Dyn has a good
 service for this (or so I read in the OpenSRS forums).

Joker is a good one for that (IPv6 glue + DNSSEC) too, especially
because of their automated robot that one can easily push key updates to.

Obligatory link containing further options:
  http://www.sixxs.net/faq/dns/?faq=ipv6glue

Greets,
 Jeroen

Re: Netsol AAAA glue

[Cameron Byrne]

On Fri, Jul 13, 2012 at 5:43 AM, Brandon Applegate bran...@burn.net wrote:
 So I sent an email over a week ago to ipv6...@networksolutions.com - and
 since I've only recieved the auto reply.

 A year or so ago I did this and got very quick turnaround, but now just dead
 air (sent another email yesterday).

 Wanted to see if others had the same results (recently) and any advice
 before I call into phone tree hell.  Thanks.


NetSol has been dragged through the mud on NANOG a few times in recent
memory, i believe the best bet is to 1) review the archives 2) find
another register

from 2008 
http://www.nanog.org/mailinglist/mailarchives/old_archive/2008-07/msg00542.html

from a few months ago http://seclists.org/nanog/2012/Mar/1001

CB

Re: Netsol AAAA glue

[Andrew Sullivan]

On Fri, Jul 13, 2012 at 08:52:27AM -0400, Jared Mauch wrote:

 dnssec, if that's a requirement as well, I believe Dyn has a good
 service for this (or so I read in the OpenSRS forums). 

Yes, Dyn supports DNSSEC and will send the DS to the registrar and so
on.  We'll also host the DNS using DNSSEC for you, but it's not a
requirement to use our service for this.  (I'm delighted to hear that
people say it's good.)

Best,

A

-- 
Andrew Sullivan
Dyn Labs
asulli...@dyn.com

Re: Netsol AAAA glue

[Jacques Marneweck]

Hi Brandon,

Check out Name Cheap.  One has to submit a support ticket for them to
contact enom to add the ipv6 bits but that takes less than 2 days to
have in place.

Regards
--jm

 Brandon Applegate mailto:bran...@burn.net
 13 July 2012 2:43 PM
 So I sent an email over a week ago to ipv6...@networksolutions.com -
 and since I've only recieved the auto reply.

 A year or so ago I did this and got very quick turnaround, but now
 just dead air (sent another email yesterday).

 Wanted to see if others had the same results (recently) and any advice
 before I call into phone tree hell.  Thanks.

 -- 
 Brandon Applegate - CCIE 10273
 PGP Key fingerprint:
 8779 B023 7637 CEC8 C5C6 4052 664D 7E08 3CBB 1739
 SH1-0151.  This is the serial number, of our orbital gun.

[liberationtech] new opennet citizen lab report: routing gone wild

[Eugen Leitl]

- Forwarded message from Ronald Deibert r.deib...@utoronto.ca -

From: Ronald Deibert r.deib...@utoronto.ca
Date: Fri, 13 Jul 2012 09:45:29 -0400
To: Liberation Tech List liberationt...@mailman.stanford.edu
Subject: [liberationtech] new opennet citizen lab report: routing gone wild
X-Mailer: Apple Mail (2.1278)

Routing Gone Wild: Documenting upstream filtering in Oman via India

Key Findings

• Data collected from Oman shows that web filtering applied by 
India-based ISPs is restricting access to content for customers of an ISP in 
Oman. While unusual, content filtering undertaken in one political jurisdiction 
can have an effect on users in another political jurisdiction as a result of 
ISP routing arrangements – a phenomenon known as “upstream filtering.”
• Content found to be filtered includes news sites, political blogs and 
file sharing sites.
• Some variability in filtering was documented, potentially linked to 
certain measures to loosen filtering regulations in India.

http://arstechnica.com/tech-policy/2012/07/internet-content-blocking-travels-downstream-affects-unwary-users/
https://citizenlab.org/2012/07/routing-gone-wild/
https://citizenlab.org/wp-content/uploads/2012/07/08-2012-routinggonewild.pdf
http://opennet.net/blog/2012/07/routing-gone-wild-documenting-upstream-filtering-oman-india

Please Note:

Data

Raw data for the proxy test results cited here can be found in the following 
formats:

Summarized results [Google doc]
Summarized results [csv]
Raw data [zip - html, csv, txt]
The data presented is from a June 18, 2012 test run of a URL list through two 
Omantel proxies, as well as from the Czech Republic as a control. There are 
three types of block pages that have been highlighted in the columns:

oman_block_social - An Omani block page that specifies that the blocking was 
due to societal and cultural norms of the sultanate.
oman_block_laws - An Omani block page that specifies the reason for blocking 
was a violation of the law.
india_block - An Indian block page that specifies the reason for blocking was a 
court order.
The presented zip file contains the html contents and headers returned during 
the course of this test run. To view this data, extract the zip file and open 
the contained index.html. Please exercise caution when following any links in 
this file, as the file contains contents of website data returned and we can 
make no guarantee as to what these sites contain. This data is presented for 
informational purposes only and we make no claims regarding the ownership of 
website content.

There were two redactions made in the data. The IP numbers of proxies used were 
obfuscated and the website contents of the site songdad.com were removed, due 
to the fact that during the time of testing this site contained the JS/Blacole 
exploit kit.

Ronald J. Deibert
Professor of Political Science
Director, The Canada Centre for Global Security Studies and
The Citizen Lab
Munk School of Global Affairs
University of Toronto
r.deib...@utoronto.ca
http://deibert.citizenlab.org/
twitter.com/citizenlab








___
liberationtech mailing list
liberationt...@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

using reserved IPv6 space

[-Hammer-]

OK. I'm pretty sure I'm gonna get some flak for this but I'll share this 
question and it's background anyway. Please be gentle.


In the past, with IPv4, we have used reserved or non-routable space 
Internally in production for segments that won't be seen anywhere else. 
Examples? A sync VLAN for some FWs to share state. An IBGP link between 
routers that will never be seen or advertised. In those cases, we have 
often used 192.0.2.0/24. It's reserved and never used and even if it did 
get used one day we aren't routing it internally. It's just on 
segments where we need some L3 that will never be seen.


On to IPv6

I was considering taking the same approach. Maybe using 0100::/8 or 
1000::/4 or A000::/3 as a space for this.


Other than the usual Hey, you shouldn't do that can anyone give me 
some IPv6 specific reasons that I may not be forecasting that would make 
it worse doing this than in an IPv4 scenario. I know, not apples to 
apples but for this question they are close enough. Unless there is 
something IPv6 specific that is influencing this


--


-Hammer-

I was a normal American nerd
-Jack Herer

RE: using reserved IPv6 space

[Leo Vegoda]

Hammer wrote:

 In the past, with IPv4, we have used reserved or non-routable space 
 Internally in production for segments that won't be seen anywhere else. 
 Examples? A sync VLAN for some FWs to share state. An IBGP link between 
 routers that will never be seen or advertised. In those cases, we have 
 often used 192.0.2.0/24. It's reserved and never used and even if it did 
 get used one day we aren't routing it internally. It's just on 
 segments where we need some L3 that will never be seen.
 
 On to IPv6
 
 I was considering taking the same approach. Maybe using 0100::/8 or 
 1000::/4 or A000::/3 as a space for this.

Why can't you just generate a ULA and use that?

Regards,

Leo


smime.p7s
Description: S/MIME cryptographic signature

Re: using reserved IPv6 space

[Jeroen Massar]

On 2012-07-13 16:38, -Hammer- wrote:
 OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
 question and it's background anyway. Please be gentle.
 
 In the past, with IPv4, we have used reserved or non-routable space
 Internally in production for segments that won't be seen anywhere else.

There is this very nice concept called ULA (RFC4193), use it.
If you want to be more sure about uniqueness, use
 http://www.sixxs.net/tools/grh/ula/
or you can also just use a chunk of your 'global' prefix and don't
announce a route for it and firewall it off properly.

Greets,
 Jeroen

Re: using reserved IPv6 space

[-Hammer-]

Leo/Jeroen,
Thank you both. That is the simple answer that I wasn't thinking 
of. I'm not as IPv6 savvy as I need to be (yet) so I haven't put all the 
pieces together when trying to look at the bigger picture. Thanks again.


-Hammer-

I was a normal American nerd
-Jack Herer



On 7/13/2012 9:41 AM, Jeroen Massar wrote:

On 2012-07-13 16:38, -Hammer- wrote:

OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
question and it's background anyway. Please be gentle.

In the past, with IPv4, we have used reserved or non-routable space
Internally in production for segments that won't be seen anywhere else.

There is this very nice concept called ULA (RFC4193), use it.
If you want to be more sure about uniqueness, use
  http://www.sixxs.net/tools/grh/ula/
or you can also just use a chunk of your 'global' prefix and don't
announce a route for it and firewall it off properly.

Greets,
  Jeroen

Re: using reserved IPv6 space

[TJ]

On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com wrote:

 OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
 question and it's background anyway. Please be gentle.

 In the past, with IPv4, we have used reserved or non-routable space
 Internally in production for segments that won't be seen anywhere else.
 Examples? A sync VLAN for some FWs to share state. An IBGP link between
 routers that will never be seen or advertised. In those cases, we have
 often used 192.0.2.0/24. It's reserved and never used and even if it did
 get used one day we aren't routing it internally. It's just on segments
 where we need some L3 that will never be seen.

 On to IPv6

 I was considering taking the same approach. Maybe using 0100::/8 or
 1000::/4 or A000::/3 as a space for this.



Would using just Link Locals not be sufficient?
*(Failing that, as others noted, ULAs are the next right answer ... )*
*
*
/TJ

Re: using reserved IPv6 space

[-Hammer-]

I think they would. I'm just a bit too new to this. Thanks.

-Hammer-

I was a normal American nerd
-Jack Herer



On 7/13/2012 10:05 AM, TJ wrote:
On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com 
mailto:bhmc...@gmail.com wrote:


OK. I'm pretty sure I'm gonna get some flak for this but I'll
share this question and it's background anyway. Please be gentle.

In the past, with IPv4, we have used reserved or non-routable
space Internally in production for segments that won't be seen
anywhere else. Examples? A sync VLAN for some FWs to share state.
An IBGP link between routers that will never be seen or
advertised. In those cases, we have often used 192.0.2.0/24
http://192.0.2.0/24. It's reserved and never used and even if it
did get used one day we aren't routing it internally. It's just
on segments where we need some L3 that will never be seen.

On to IPv6

I was considering taking the same approach. Maybe using 0100::/8
or 1000::/4 or A000::/3 as a space for this.



Would using just Link Locals not be sufficient?
/(Failing that, as others noted, ULAs are the next right answer ... )/
/
/
/TJ

Re: using reserved IPv6 space

[Tom Cooper]

On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com wrote:

 On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com wrote:

  OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
  question and it's background anyway. Please be gentle.
 
  In the past, with IPv4, we have used reserved or non-routable space
  Internally in production for segments that won't be seen anywhere else.
  Examples? A sync VLAN for some FWs to share state. An IBGP link between
  routers that will never be seen or advertised. In those cases, we have
  often used 192.0.2.0/24. It's reserved and never used and even if it did
  get used one day we aren't routing it internally. It's just on segments
  where we need some L3 that will never be seen.
 
  On to IPv6
 
  I was considering taking the same approach. Maybe using 0100::/8 or
  1000::/4 or A000::/3 as a space for this.
 


 Would using just Link Locals not be sufficient?
 *(Failing that, as others noted, ULAs are the next right answer ... )*
 *
 *
 /TJ


As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and
global addresses.
For example, if you have some internal web traffic used for intranet use
only, do you bind those servers to use only ULA addresses? This way your
internal users with ULA addressing only have access to those servers? No
need to give intranet-only servers a global address if they're not needed
to be accessed globally.

Is there a way for hosts to prefer or attempt to connect to a service
by first trying a link-local scope, then a ULA and finally a global address
if its off the AS?
I really like the idea of ULA and think it makes much more sense than
RFC1918 + NAT. I just don't have any deployment experience with it yet so
I'm curious how the host would handle it.

On the router side, I'm sure ULA and global routing just run as
ships-in-the-night side-by-side anyways...right?

-- 
Thomas Cooper

Re: using reserved IPv6 space

[Adrian Bool]

On 13 Jul 2012, at 17:11, Tom Cooper wrote:

 On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com wrote:
 
 As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and
 global addresses.
 For example, if you have some internal web traffic used for intranet use
 only, do you bind those servers to use only ULA addresses? This way your
 internal users with ULA addressing only have access to those servers? No
 need to give intranet-only servers a global address if they're not needed
 to be accessed globally.
 
 Is there a way for hosts to prefer or attempt to connect to a service
 by first trying a link-local scope, then a ULA and finally a global address
 if its off the AS?


There is an RFC that describes how hosts should select addresses in such 
situations,

http://tools.ietf.org/html/rfc3484

As an side; it would be great if some more IPv6 questions could be put on 
http://ipv6exchange.net/ - I would love to see that become a useful resource 
for people starting out with IPv6.  If you have an IPv6 question, please do 
post!

Cheers,

aid

Re: using reserved IPv6 space

[-Hammer-]

I'm having similar thoughts and we are about to implement. Fortunately 
we are implementing in an isolated lab first for this exact reason. For 
us to figure things out first before attempting them elsewhere.


I like the ULA approach. I'm not sure about link local being used as 
strategy for Internal services. I'm finally getting to the point where 
I'm looking past the vastness of the numbers and just focusing on 
subnets and masks and subnetting and whatnot.


-Hammer-

I was a normal American nerd
-Jack Herer



On 7/13/2012 11:11 AM, Tom Cooper wrote:
On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com 
mailto:trej...@gmail.com wrote:


On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com
mailto:bhmc...@gmail.com wrote:

 OK. I'm pretty sure I'm gonna get some flak for this but I'll
share this
 question and it's background anyway. Please be gentle.

 In the past, with IPv4, we have used reserved or non-routable
space
 Internally in production for segments that won't be seen
anywhere else.
 Examples? A sync VLAN for some FWs to share state. An IBGP link
between
 routers that will never be seen or advertised. In those cases,
we have
 often used 192.0.2.0/24 http://192.0.2.0/24. It's reserved and
never used and even if it did
 get used one day we aren't routing it internally. It's just on
segments
 where we need some L3 that will never be seen.

 On to IPv6

 I was considering taking the same approach. Maybe using 0100::/8 or
 1000::/4 or A000::/3 as a space for this.



Would using just Link Locals not be sufficient?
*(Failing that, as others noted, ULAs are the next right answer
... )*
*
*
/TJ


As an IPv6 newbie myself, I wonder how hosts handle link local, ULA 
and global addresses.
For example, if you have some internal web traffic used for intranet 
use only, do you bind those servers to use only ULA addresses? This 
way your internal users with ULA addressing only have access to those 
servers? No need to give intranet-only servers a global address if 
they're not needed to be accessed globally.


Is there a way for hosts to prefer or attempt to connect to a 
service by first trying a link-local scope, then a ULA and finally a 
global address if its off the AS?
I really like the idea of ULA and think it makes much more sense than 
RFC1918 + NAT. I just don't have any deployment experience with it yet 
so I'm curious how the host would handle it.


On the router side, I'm sure ULA and global routing just run as 
ships-in-the-night side-by-side anyways...right?


--
Thomas Cooper

Re: using reserved IPv6 space

[TJ]

Note that I meant using Link Locals for directly connected devices *(neighbors;
e.g. - routing protocol neighborship formation)*.
If they are not on-link with each other, Link Locals are a non-starter ...
ULAs would be a possible solution for a completely disconnected network.

Note that many are proponents of using Globals even in those situations,
with judicious filtering stopping any inboud/outbound traffic.
The benefit being that it's never going to be connected  doesn't really,
always mean it's never going to be connected :).


*YMMV, as always!*
/TJ


On Fri, Jul 13, 2012 at 12:21 PM, -Hammer- bhmc...@gmail.com wrote:

  I'm having similar thoughts and we are about to implement. Fortunately we
 are implementing in an isolated lab first for this exact reason. For us to
 figure things out first before attempting them elsewhere.

 I like the ULA approach. I'm not sure about link local being used as
 strategy for Internal services. I'm finally getting to the point where I'm
 looking past the vastness of the numbers and just focusing on subnets and
 masks and subnetting and whatnot.

 -Hammer-

 I was a normal American nerd
 -Jack Herer



 On 7/13/2012 11:11 AM, Tom Cooper wrote:

 On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com wrote:

 On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com wrote:

  OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
  question and it's background anyway. Please be gentle.
 
  In the past, with IPv4, we have used reserved or non-routable space
  Internally in production for segments that won't be seen anywhere else.
  Examples? A sync VLAN for some FWs to share state. An IBGP link between
  routers that will never be seen or advertised. In those cases, we have
  often used 192.0.2.0/24. It's reserved and never used and even if it
 did
  get used one day we aren't routing it internally. It's just on
 segments
  where we need some L3 that will never be seen.
 
  On to IPv6
 
  I was considering taking the same approach. Maybe using 0100::/8 or
  1000::/4 or A000::/3 as a space for this.
 


  Would using just Link Locals not be sufficient?
 *(Failing that, as others noted, ULAs are the next right answer ... )*
 *
 *
 /TJ


 As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and
 global addresses.
 For example, if you have some internal web traffic used for intranet use
 only, do you bind those servers to use only ULA addresses? This way your
 internal users with ULA addressing only have access to those servers? No
 need to give intranet-only servers a global address if they're not needed
 to be accessed globally.

 Is there a way for hosts to prefer or attempt to connect to a service
 by first trying a link-local scope, then a ULA and finally a global address
 if its off the AS?
 I really like the idea of ULA and think it makes much more sense than
 RFC1918 + NAT. I just don't have any deployment experience with it yet so
 I'm curious how the host would handle it.

 On the router side, I'm sure ULA and global routing just run as
 ships-in-the-night side-by-side anyways...right?

 --
 Thomas Cooper

Re: using reserved IPv6 space

[Skeeve Stevens]

See RFC 3849 - http://tools.ietf.org/html/rfc3849

Which pre-scribed the range: 2001:DB8::/32  for use in Documentation.  I
suppose this could be used for lab testing.

*ducks flames*

*
*
*Skeeve Stevens, CEO - *eintellego Pty Ltd
ske...@eintellego.net ; www.eintellego.net

Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellego ;  http://twitter.com/networkceoau
linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net

The Experts Who The Experts Call
Juniper - Cisco – IBM



On Sat, Jul 14, 2012 at 12:38 AM, -Hammer- bhmc...@gmail.com wrote:

 OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
 question and it's background anyway. Please be gentle.

 In the past, with IPv4, we have used reserved or non-routable space
 Internally in production for segments that won't be seen anywhere else.
 Examples? A sync VLAN for some FWs to share state. An IBGP link between
 routers that will never be seen or advertised. In those cases, we have
 often used 192.0.2.0/24. It's reserved and never used and even if it did
 get used one day we aren't routing it internally. It's just on segments
 where we need some L3 that will never be seen.

 On to IPv6

 I was considering taking the same approach. Maybe using 0100::/8 or
 1000::/4 or A000::/3 as a space for this.

 Other than the usual Hey, you shouldn't do that can anyone give me some
 IPv6 specific reasons that I may not be forecasting that would make it
 worse doing this than in an IPv4 scenario. I know, not apples to apples but
 for this question they are close enough. Unless there is something IPv6
 specific that is influencing this

 --


 -Hammer-

 I was a normal American nerd
 -Jack Herer

Re: Our first inbound email via IPv6 (was spam!)

[Jack Bates]

On 6/5/2012 9:29 AM, Raymond Dijkxhoorn wrote:


Looking more closely... Is this still work in progress?

;; ANSWER SECTION:
comcast.net.358 IN  MX  5 mx3.comcast.net.
comcast.net.358 IN  MX  10 mx1.comcast.net.
comcast.net.358 IN  MX  5 mx2.comcast.net.

;; ADDITIONAL SECTION:
mx2.comcast.net.6958IN  A   76.96.30.116
mx3.comcast.net.358 IN  A   68.87.26.147
mx1.comcast.net.358 IN   2001:558:fe14:70::22

You are now only accepting IPv6 if all IPv4 fails?
Or will  records for mx2 and mx3 added later?



Actually, I've had a problem with my version of sendmail on solaris 
choosing mx1.comcast.net and then reporting host not found. I think this 
is an issue with address selection, despite the server not being setup 
for v6 (os/sendmail are set for v6 support, but no assignment). I can't 
think of another reason why it would bounce 800+ emails with 
relay=mx1.comcast.net but have 0 logs for mx2/mx3.



Jack

Re: using reserved IPv6 space

[Jeroen Massar]

On 2012-07-13 18:11, Tom Cooper wrote:
[..]
 As an IPv6 newbie myself

Play with it and get your ears wet, it is still not entirely too late to
start to learn to swim ;)

, I wonder how hosts handle link local, ULA and
 global addresses.
 For example, if you have some internal web traffic used for intranet use
 only, do you bind those servers to use only ULA addresses? This way your
 internal users with ULA addressing only have access to those servers? No
 need to give intranet-only servers a global address if they're not needed
 to be accessed globally.

You could do that indeed, thus have clients have only a global (and
link-local address) and only make a certain prefix, be that ULA or a
specific chunk of your global prefix only available to your internal
network that are used for your internal services.

As long as the prefix is stable you likely do not care if it is global
or ULA, this as when a misconfiguration happens in such a way that that
prefix is not properly firewalled away or gets routed it happened. As
can be clearly seen in various routing tables filtering is not happening
everywhere, thus it won't buy you that much; proper policy, automation
and verification will avoid fat fingers much better though.

Also, not that a firewalled prefix only brings one that much security,
the higher chance is that the client host gets infected or compromised.


 Is there a way for hosts to prefer or attempt to connect to a service
 by first trying a link-local scope, then a ULA and finally a global address
 if its off the AS?

RFC3484, aka /etc/gai.conf and friends on other OSs. It is not easy to
distribute this though.

 I really like the idea of ULA and think it makes much more sense than
 RFC1918 + NAT. I just don't have any deployment experience with it yet so
 I'm curious how the host would handle it.

ULA is meant for non-internet connected devices. As such NAT does not
come into play as one will have a unique ULA prefix that will not clash
when you inter connect them privately with other networks.

RFC1918 + NAT primarily makes sense as it allows one to hookup devices
to the Internet without 'wasting' more public addresses, that problem
does not exist with IPv6 though.

Greets,
 Jeroen

Real world sflow vs netflow?

[David Hubbard]

Can anyone on or off list give me some real world
thoughts on sflow vs netflow for border
routers? (multi-homed, BGP, straight v4  v6 only
for web hosting, no mpls, vpns, vlans, etc.)

Finding it hard to decipher the vendor version
of the answer to that question.  We use
netflow v9 currently but are considering hardware
that would be sflow.  We don't use it for
billing purposes, mostly for spotting malicious
remote hosts doing things like scans, spotting
traffic such as weird ports in use in either 
direction that warrant further investigation,
watching for ddos/dos destinations to act on
mitigation, or investigating the nature of unusual
levels of traffic on switch ports that set off
alarms.  I'm concerned things like port scans,
etc. won't be picked up by the NMS if fed by
sflow due to the sampling nature, or similar
concern if 500 ssh connections by the same remote
host are sampled as 1 connection, etc.  Of course
these concerns were put in my head by someone
interested in me continuing to use equipment that
happens to output netflow data, hence me wanting some
real people answers. :-)

Thanks!

The Cidr Report

[HUGE NOG]

What's wrong? She asked, hearing the frustration in my voice.

It got bigger. I said.

What, your penis again? She said, outside of the door. Can I come in?

Yeah, it's open. I said. My wife, Amanda, opened the door, peaking her head 
in. I smiled, because she looked so adorable peaking in like she was seeing a 
secret. I stood there, fully erect, with the tape measure in my hand.

She smiled at me, then look at my penis. Ugh, do you have to use the tape 
measure, we use that for the sewing. It's unsanitary.

It's easier to measure with this. Also it's the only way I can measure around. 
Besides, I wash it. I said.

You wash the tape measure? She said, confused.

I paused. Yeah.

Right. She said. She then grabbed my penis, and examined it closely. 
hm...It's hard for me to tell, I'm playing with it everyday. How big is it 
now?

9.7 inches long, 6.3 around. I said. Holding my little notebook in my hand. 
I really don't want to pass 10 inches...

My wife took it from my hand, and looked at it. Wait, this says you were 9.2 
inches long and 5.9 around?

Yeah.I said.

That can't be right, you grew that much in just two weeks? She said, confused.

Yes, it is. You helped me measure that time, remember? I said.

Yeah, let me measure you now, you probably did it wrong. She said, taking the 
tape measure. She spun it around the shaft of my penis, in the middle. My shaft 
was oddly uniform, with no significant changes in girth up and down the shaft. 
Ok yeah...you did mess up...

What? I asked.

You did make a mistake. You are just past 10 inches long...and 6.6 around

God dammit, that's almost an inch longer in 2 weeks... I said, frustrated. 
When I first realized I was growing, it was great and all, but now I was 
getting to a point where I was worried that it was causing my wife some 
discomfort. She would adapt usually, but the change in size would bother her 
sometimes. Whenever she would adapt, I would get bigger. I worried about the 
point when I would get too big for my petite wife. I guess since it's your 
hands, it just made me harder.

Amanda's face look the same as it did when I met her. She was 19, now she is 
23. She had bright green eyes. She had small facial features, except for her 
big eyes. Her hair was pitch black, and she never dyed it. She was against 
that. She never wanted to fall too deeply into her appearance. Which she could 
easily do, because she had this natural beauty that radiated from her. 
Everything on her face was cute and well placed, from the freckles across her 
nose and checks, to the dimples she got only when she was mad.

Amanda was 5'4, weighing a fit 115 lbs. She was very healthy, exercising daily 
and eating perfectly. She was thin and fit, with a well toned body, a full, 
awesome ass, and massive, perky, full 30 DD breasts. Her breasts seemingly 
defied gravity. Even though her body really has no impact on the size of the 
penis she could take (considering she can still handle my 10 incher), she was 
always tight down below. Even before I started growing, I needed a good amount 
of foreplay to even be able to fit my normal 6 incher in there. Now that I'm 
bigger, I need a lot more foreplay.

That doesn't make sense, how can you grow that much in just 2 weeks? She 
asked.

I don't know, how can I grow from 6'2 to 6'6 in just 4 months? How can I 
gain almost 70 lbs, all of it muscle, in just 4 months, without working out? 
People constantly ask if I'm on steroids...not even body builders gain this 
much muscle this quickly. And look at my balls! If they get any bigger I'm not 
even gonna be able to walk correctly. I said. I'm 25, I shouldn't be having 
such a big growth spurt.

Amanda just smiled at me. Tim, I don't understand how you are not liking this. 
I never thought a guy would be mad that he was getting taller, more muscular, 
and having a huge penis.

No, I do like it...it's just...I don't want to hurt you. I'm worried I'll get 
too big for you. I said.

She snickered a bit. Tim, I didn't marry you just because of your small penis. 
My ex was half your size when we got married, and I left him, didn't I?

I continued the joke. He's so lucky, being so small. I wish I had a small 
cock.

Oh, I totally do to. So tiny I could barely feel it. She said, pretending to 
daydream.

I laughed a bit. I don't know...I just worry this might have some negative 
consequences.

This whole time, Amanda was running her fingers up and down my long shaft. I 
have to say, though, I do love how you can stay harder for much longer now.

Yeah... I said.

And how much it stretches me...

I licked my lips as she slowly moved her face toward my penis, and licked up 
and down the shaft.

How it's so thick I can barely wrap my hand around it... She said, and went 
back to licking and stroking my penis. And how much you cum... 

She was right. Over the last 4 months, I've gained so much control over my 
erections, over the timing of my orgasms, the amount of orgasms I have, when 
and how much I 

Re: The Cidr Report

[HUGE NOG]

It was 3 weeks after I passed the 10 inch mark. Our sex life was better than 
ever, even though I thought it would be the opposite. Amanda wanted sex several 
times a day. I never knew I was holding her back these years we were together. 
The fact that I have gained so much sexual power and stamina allows her to 
express her sexuality whenever she wanted it, and it was often.

Luckily, this growth spurt happened after I got my job. It was a real good job, 
laid back. I could mostly work from home if I wanted, but I needed to establish 
myself, and went into the office often. Most importantly, I had great 
insurance, and was going to my first doctor's appointment today.

I woke up to Amanda slowly rubbing her finger up and down my chest. Morning, 
Mister Giant. She said, with a smile. Her subtle smirk that meant she wanted 
to have sex.

Hi. I said, groggily. I glanced around the room for a second, then back at 
Amanda. Sorry about the morning wood. I joked.

Ha, it just means you are ready. She said. I glanced down, and saw the penis 
head sticking way out of the waist band of my boxers. Look, it's past your 
bellybutton. She said, poking my penis head.

I sighed, frustrated. I hate this.

Come on baby, you'll learn to like it. I did, right? She said.

I'm past 11 inches... I said, annoyed.

You could always do porn. I don't mind. She said, with a cute smile. I 
laughed a bit, and she looked disappointed for a second. I really want to go 
at it...who could say they took an 11 incher? But I got class. She said, with 
a kiss, and hoped out of bed. Amanda was working at her Masters degree. Are 
you gonna be home when I get back?

Yeah, my doctor's appointment shouldn't take that long. I said, sitting up, 
watching her naked body strut to the bathroom. She knew she was turning me on. 
For a split second, she glanced at me just as she entered the bathroom, her 
smirk never leaving her face. She wanted to have sex so badly, and I felt bad 
for her. I just wanted to give her what she wanted. Luckily, she was more 
responsible than me, and knew when to say no.

You know, She called out from the bathroom. I know it's been almost like, a 
month since the incident. She was referring to her friends, Rachel and Hannah, 
walking in on us having sex. Rachel and Hannah have never stopped talking 
about how lucky I am.

Why's that? I asked.

They seriously think you are the hottest guy ever. She explained. Even 
before the growth, they always said you were attractive. But after seeing how 
big you are, they have been disappointed with every guy since.

Okay. I said, not sure what to say. I heard Amanda giggle a bit to my 
apathetic response. Why do you bring this up?

Oh, no reason. She said.

I finally met my new doctor, and was a bit shocked. She looked like she was 
younger than me, but the degrees around her office proved that she was a 
professional. She was amazingly sexy. She wore her doctor's coat, but that did 
little to hide her massive breasts, easily more than double my wife's size. Her 
doctor's coat was open in the front, and her clothes were professional 
underneath, but her extremely wide hips and tiny waist were still clearly 
visible. She was easily 6'4, with short red red hair, and beautiful facial 
features. She could've easily become successful with just her looks alone, but 
her awards were too plentiful to be based solely on her appearance. Talk around 
the office was that she was an amazingly sexy Amazon, but too cold and 
professional to ever let anything happen.

You say only 5 months ago you were 6'2? She asked.

Yes a bit less than 5 months ago, and 180 lbs. I explained. Now I'm passing 
290 lbs, and...

Yes, 6'7, I was there. I have to admit, it's funny that my nurse was unable 
to measure your height without my help. She said, and smiled.

Yeah...well, I'm 25, there is no reason I should be growing this fast... I 
said.

This quick of a growth spurt isn't even common for young adults going through 
puberty. She said. But I still need to complete this physical to send back to 
your offices.

I would prefer we didn't. I explained. I'm...well. The growth spurt has 
impacted my...uh...genitals intensely as well. I said.

Well, I think that just justifies that I should examine you more. She said, 
coldly.

Um...I mean...I've been getting weird reactions from women lately... I said.

Sir, I am a professional. She said, almost offended. Now please.

I sighed, and took off my pants. I expected a look of surprise, but she made 
more a look of confusion.

I apologize, I've just never seen such large testicles. She said. Don't be 
surprised, I have to examine your testicles to see if this is a liquid build up 
or cancerous material. She explained, and she moved my 5 inch flaccid penis 
out of the way, and with her hands in gloves, she cupped my testicles. She 
slowly rubbed her hangs around my testicles, feeling for cancer or any other 
irregularities. This is genuinely shocking. I didn't think 

Re: The Cidr Report

[HUGE NOG]

A week later, I kept watching my body, examining every detail. I was annoyed 
that my doctor came onto me, but she was the only one I could use to reference 
my body size, and I wanted this to stop as soon as possible.

Amanda, though, seemed unphased when I told her the story of what happened. She 
said she couldn't blame the doctor, because I am the hottest man alive. I was 
slightly annoyed by this. I wanted to be devoted to my wife, the love of my 
life, and she didn't even care. This was different. I remember when she told me 
she would ...rip your balls off and stick them so far up your ass that they 
would come out of yours eyes. if she ever caught me cheating. She was 
joking...but I could tell that she was deadly serious about cheating. Now, she 
is...almost encouraging me to cheat. I was more surprised, when after 5 hours 
of sex that night, she made an odd suggestion.

So...remember how I said Rachel and Hannah couldn't stop talking about you? 
Amanda asked me.

What? I thought you said they only said I was hot or whatever.

Yeah, but they always say it. She said, giving me a peck on the nose. 
They...they kinda beg me to let them have some of you. She said.

What? I was a bit confused. Rachel and Hannah were very attractive girls. 
They were high school friends with Amanda, and were just as fit as her. Rachel 
was tall, 6'1. She was small chested, but built like a fitness super model. 
She had thick, muscular legs, and the best ass I've ever seen. Her stomach had 
a significant outline of abs, and her shoulders were broad. her arms were 
defined, as she did weight lift often. She wasn't bulky or manly, but very fit. 
She was blonde, with green eyes. 

Hannah, on the other hand, was exotic looking. She was 5'5, and just as fit as 
Rachel and Amanda, except more built. She was half Arabic, and had dark skin, 
hair, and eyes. She was a C cup, with an amazing ass, and very wide hips. This 
looked amazing on her very small waist.

I really want them here, with us. Amanda said, completely sincere. I was 
kinda scared of your reaction...

Wait, you want me to have sex with them? I asked, confused.

Well, I want all 3 of us with you, here. In our bed. She said.

I shook my head. Our bed!? I felt like something sacred was being defiled. Am 
I the only guy...no, only person, who felt that sex had any special connection 
to it? Sex isn't something that should just be thrown around to anyone, 
Amanda! I Love YOU. Not Rachel, not Hannah, not that fucking doctor. You!

I know that! She said, annoyed that it seemed like I was accusing her of not 
loving me. But this isn't something that is permanent. We're young! We should 
have a bit of fun for a while, you know? Maybe play around now, and then you 
can devote yourself to me. She suggested.

I... I took a deep breath. This was making me incredibly sad.

You told me yourself, You've only been with 1 girl before me, right?

Ya... I said.

So you are gonna go your whole life, with only 2 women, and think that will be 
enough for you?

Are you cheating on me? I asked.

What?!

Why else would you be trying to get me to be with other women? You are trying 
to soften the blow!? I said.

Ew! I would never cheat on you, you asshole! She shouted, and got out of bed. 
I'm giving you an offer. If I wanted to have sex with another guy, I would 
fucking ask. She said, angry, as she began to put on her clothes.

This doesn't make sense, Amanda. you've never acted like this. Now that I'm 
huge, you want to share me? I said. My body has changed the way you look at 
me.

No you idiot. I changed. I'm different. Everyone changes Tim. I'm willing to 
keep things the way they are. But I'm more open about changing them. The only 
thing that changed is that I want to try new things. That's it. She explained. 
Stop assuming things. I just want to have fun. If you don't wanna, that's 
fine. And I'm asking you now, do you want to do this? She said.

I paused. 3 incredibly sexy women, all focused on me? Amanda really wanted to 
do this. This should be a dream come true. I think because this is all based in 
my growth, I'm scared of it. I hate even the good things coming from this 
growth, but I shouldn't put that onto Amanda. If it will make her happy...it's 
my obligation to do so. Fine. I said.

She jumped up with joy, like a little kid allowed to do something after begging 
her parents. I'll call them right now! She said. On her phone, she talked 
fast, explaining the situation. She planned to have the event the next week.

As the day approached, I got really sick. I'm not sure exactly what happened, 
but I could barely move. I laid in my bed for 3 days. The sex party was delayed 
until the next week.

The day finally arrived. Amanda had been preparing everything. Candles, lube, 
sexy lingerie. She had Hannah and Rachel tested for any STD's, and made sure 
they were on birth control. She wanted this to be perfect.

It was 3 weeks since I was last at my doctor, getting measured. 

Re: The Cidr Report

[HUGE NOG]

I forgot how big he was... Hannah said.

I told Rachel already, he grew even bigger. Amanda said. Let's get started. 
Amanda said, and unhooked her bra, and walked toward me. She pushed herself 
against me, and we began kissing, my erection slowly forming up. The other 2 
girls followed suite, taking off their bras.

Rachel was the first to grab my penis, stroking it as he grew in her hand. 
God...it keeps getting bigger. Rachel said, amazed at how big it was growing. 
Hannah got down on her knees, and sat between my legs as I sat on the bed. She 
went low, and softly began to lick my balls. Rachel, on the left side of me, 
softly tugged at my penis, watching as it grew and grew. I watched these two 
girls intently, as Amanda, on my right side, kissed my neck.

Amanda glanced down, seeing my penis. It's hard now. Lets get started. I get 
middle. She said. Hannah shifted over, and Rachel got into place. With Rachel 
on the left side, my wife in the middle, and Hannah on the right, all 3 of them 
began to lick up and down my giant foot long penis. I'm not sure who it was, 
but there was a hand cupping and playing with my balls. The girls alternated 
kissing each other randomly, while still licking my member. It quickly grew 
shinny with their saliva. Lay back. Amanda said, as she got up.

God...it's longer than my face. Hannah said, as she put her face against my 
penis.

Rachel put her arm up next to it, and laughed a bit. I don't know...it's 
longer than my forearm, is that thing going to fit inside of me? The look of 
awe never left their face this entire time. I was laid back, and Amanda came 
and sat on my face, facing the 2 women who kept licking and stroking my 
genitals. I licked and nibbled at Amanda, knowing exactly what got her going, 
her beautiful ass on my face.

This continued for several moments, until Amanda got up. Okay, let me take it 
first, and you guys get warmed up. You can't take this thing without some 
foreplay. Amanda said, and stood at the foot of the bed where I sat. She 
slowly inserted herself down onto my giant penis, moving up and down while 
softly rubbing her clit. I still laid back, as I suddenly see Rachel put her 
womanhood in my face, her butt pointed toward Amanda. I took this hint, and 
began eating her out. Hannah sat with her back against the headboard of our 
king size bed behind me. Rachel bent down as I ate her out, and began to eat 
out Hannah.

The room was full of the 3 beautiful girls moaning and breathing heavy, as 
Amanda slowly took more nad more of my giant member. Amanda began moaning 
softly, then her moans increased in volume. This was unusual, because Amanda 
was usually as quiet as a mouse during sex. I couldn't see much, but I felt 
liquid pouring down on my waist and penis, as Amanda began moaning having an 
intense orgasm. I felt her shaking slightly as she got off my penis, her orgasm 
lasting for a good 4 minutes.

Were you having an orgasm that whole time? Rachel asked.

Amanda smiled. Yeah... She panted. Try it out.

Go ahead. Hannah said. I don't think I'm ready yet.

Rachel smiled, and jumped off my face. I sat up, and she faced away from me, 
going reverse cowgirl. She stuck her delicious, perfect ass out slightly at me, 
and I grabbed and caressed it slightly, and then slowly led it onto my giant 
penis. She bit her lip as she slowly plunged downward. Oh God...this is 
fucking huge... She said. God She said, as she slowly moved up and down. 
I feel like I'm being torn in half...

Hannah sat next to me, watching intently. As Rachel slowly moved farther and 
farther down my penis, trying to adapt to it, Hannah was watching and smiling. 
I glanced over at Amanda, who was rubbing herself. She still didn't have 
enough. I slowly moved my hand over to Hannah, and began rubbing her vagina, 
and then fingering her.

Oh God your right...even his fingers are big. I keep wondering how much bigger 
he'll get. Hannah said. I cringed a bit.

Rachel moaned softly. I hope he keeps growing...this is amazing. I cringed 
more.

Oh, I feed my man. Keep him healthy. He's getting as big as possible. Amanda 
said, with a huge smile. I closed my eyes, and tried to ignore this 
conversation.

Whatever you're feeding him, keep it up! Hannah said.

I can't stop picturing him bigger and bigger... Amanda said.

I never thought so much man would be such a turn on. Hannah said, as I 
continued to finger her, and she began to pant, and move in really close to me.

I hate this conversation. I don't want to grow anymore.

Oh God...oh fuck...yeahyeah oh yeah! Rachel started repeating these 
cliche sayings over and over again, as wave after wave after wave of orgasm 
slammed her body. Her legs gave way, and she fell forward. I quickly grabbed 
her around her waist, and stood up holding her. I turned her around, and she 
leaned over the bed, on her knees. She regained control over he extremities, as 
I slowly pulled out. NO! Keep going! Fuck me!

I obliged, pushing 

Re: The Cidr Report

[HUGE NOG]

Ugh... I mumbled, sitting at my desk, tugging at my shirt and pants which 
were uncomfortably tight on me. I remember buying this shirt last week, and it 
was already small. It bothered me that on one of the few days I actually had to 
be in the office, I was already bigger.

It didn't help that all the women in the office were constantly flirting with 
me, testing my loyalties to my wife. This office had an unusually high number 
of female workers, especially in a field like mine, which only 15% of females 
actually wanted to be in. Yet, 70% of the employees were female. Young, 
attractive females. Young, attractive females that all wanted me. I gave as 
many of them the cold shoulder as I could. That was, until Linda popped her 
head around the corner.

Hi, Tim. haven't seen you in a while. She said.

I had met Linda in college, but we stayed platonic friends. Based on our 
positions at work, we ended up having lots of work together. This was a bit 
tough, because Linda is...well...very hot. There was always random flirting, 
and I've gotten a few drunk phone calls of her propositioning me for sex. But 
my ever growing body made her more bold, and my ever growing sexual appetite 
wore away at my will power. Oh, Hey Linda. What's going on. 

Linda was good at keeping me at a distance though. An office fling could ruin 
her career if people found out about it. But today was different. I had grown 
significantly. She was extremely sexy, too. She had a thin and lean body. She 
had the body of a super model, standing at 5'11. Her breasts were big for her 
body, a 32C. She had long, flowing dark brown hair, that went down to her mid 
back. Her eyes were grey, sitting very well on her beautiful face. Linda could 
get whatever she wanted with her looks. She had too much integrity to use her 
looks to get ahead, though. She was in her position on merit alone, even though 
no one else believed it. Not much. You're looking good. I see the gym has been 
kind to you. She said, with a smile.

Uh...Yeah. I said, not wanting to give her any wrong signs. I tried to avoid 
eye contact...but she is gorgeous. I would attempt to steal glances at her, and 
she caught me every time.

You look taller, too. Did you get taller? Aren't you too old to still be 
getting taller? She asked, trying her best to get a conversation going with me.

I don't think gyms make people taller. I said.

She laughed. I wasn't trying to be funny, she was flirting. Well, I know how 
stressful things get around here. Everyone needs someway to blow off steam. You 
go to the gym, and I...well... She fixed her posture a bit, and stuck her 
chest out slightly. ...have other things. She put her hand on my shoulder.

I paused, and tried not to move. There is something more to this. Even being 
this much bigger shouldn't attract women like this...right? Her touch, even 
though the shirt, got my heart racing. it didn't help that my flaccid penis and 
testicles were so big in my tight pants, that they already showed, creating 
what Linda could've misinterpreted as an erection. Well...misinterpreted for 
now. Uh...Linda. I said, putting up my hand with the wedding ring. I'm 
married. I said.

So? That doesn't mean we can't have fun. What is this, some Muslim country. 
She said, and smirked.

That didn't sound much like Linda. She was usually very sensitive to other 
cultures. Especially with the news lately, Muslim-jokes were a sensitive topic 
for her. I thought you said they were only that way because of exploitation 
and...

Tim, it was a joke. She said, rubbing my shoulder softly. I know I could've 
ended this by just removing her hand. But I didn't.

She was hard to resist. In all the time I've known Amanda, I've never met a 
girl I ever considered more beautiful than her. I considered myself lucky that 
I found no girl more attractive than Amanda. Except for Linda, who had the face 
that only corny legends spoke of. Linda...please... I said, trying to keep my 
eyes on my computer. She was behind me, to my left, standing over me.

She leaned her head forward a bit. Tim, only one time. We've known each other 
for a long time. Don't you think it's unfair that we never got to have sex? 
She said. She leaned forward, and a button popped off her blouse, which landed 
right on my keyboard. This confused me a bit, considering her blouse didn't 
look tight a few moments ago.

I glanced back and up at her, and almost gasped at the sight. Her breasts 
looked massive. I closed my eyes quickly, and looked back at my computer 
screen. Linda, please go. I said, feeling my pants grow tighter in my crotch, 
as my penis slowly began to erect.

Linda smirked, and rebuttoned her shirt, with the button that was still sitting 
on my keyboard. I looked back up at her, and her breasts were back to normal. 
She slowly left my cubical, trying her best to look sexy as she did so while 
giving a small, sexy sigh. I looked on my desk, where I swore the button had 
flung to, and it 

Re: Real world sflow vs netflow?

[Jeroen Massar]

On 2012-07-13 19:30, David Hubbard wrote:
[..]
 We don't use it for
 billing purposes, mostly for spotting malicious
 remote hosts doing things like scans, spotting
 traffic such as weird ports in use in either 
 direction that warrant further investigation,
[..]

The primary difference between NetFlow/IPFIX and sFlow is that NetFlow
is unsampled while sFlow is sampled. As such, for these kind of cases it
might be more worthy to have NetFlow than sFlow as you get all the
source/dest ports. On the other hand sFlow can give you packet headers
and that might be useful if you get every first say 200 bytes of every flow.

Though depending on the hardware and traffic volume and traffic mix you
might have to sample anyway.

Oh and there is a small difference in the packet formats and the idea
behind why something exists, but that won't hurt you too much.

Greets,
 Jeroen

Re: The Cidr Report

[HUGE NOG]

L-Linda? I was losing it. What...what's happening to you?

She put her hand on my chest, and pushed me back into the bathroom. She turned 
around, and closed the door, locking it behind her. I'm one of the most 
beautiful girl's you've ever seen, eh? She said, unbuttoning the top button of 
her tight blouse. This gave me a flashback of when her breasts somehow...grew? 
My erection restarted it's trajectory toward full erection. It thickened, 
causing it to look like my pants were painted over it. My penis head moved 
further and further right, at first moving along my thigh, but then coming off 
it as my penis hardened. My penis struggled to get to it's natural position.

Linda, that was a private conversation. I said.

You're right. She said. I shouldn't have listened, but I couldn't help it. I 
want you so badly. And your wife doesn't mind, right?

Linda...please. I said, my penis aching, still swelling and trapped within my 
too tight pants. It began to hurt.

She glanced down, and gasped. There was a pause for a few moments, as it 
continued to enlarge. My God...it's so big...and it's still getting bigger? 
She said, and bit her lip. She grabbed her blouse, and ripped it open. Her 
breasts were absolutely massive, and bulged out of her bra in every direction.

I gasped. Linda! I said, looking away, and then back quickly. I still tried 
to convince myself that I was trying to resist.

With that, my penis had a surge, reaching it's full erect size quickly. A 
tearing sound began to fill the air. What was that... she asked. I thought it 
was her breasts suddenly growing again. But when I looked down, seeing my 
penis, pointed sideways in my pants, slowly forcing it's way forward. It was 
ripping out of my cheap pants (which I got because I didn't want to waste money 
on pants I would just outgrow again). 

Oh crap... I whispered to myself, as my penis flung forward, ripping my pants 
open in front. My penis throbbed, pointing directly at her.

Oh God! That's amazing! She said, quickly throwing her shirt off, and 
grabbing my penis, stroking it with vigor. This is so fucking big! I can't 
believe it's so hard and big that it ripped out of your pants! She said. I 
knew you were packing, I just thought you were packing a human penis. I can't 
wait to have this thing in me. Give it to me you fucking jerk, hiding this from 
me all this time. You made me wait too long for it. She said, and begun 
viciously stroking and licking my giant member. Oh God it tastes so 
good...it's so big...It's gotta be almost 13 inches.

I was confused. I measured my penis this morning at 12.8 inches long, and 7.6 
inches around. How did she know just from eye balling it? This thought was 
quickly replaced by the intense blow job she was giving me. I don't even know 
how she managed to fit my giant penis head so far down her throat. She plunged 
her mouth down more than half of my penis, I felt her tongue shifting around 
around it to the best of her ability. Her mouth looked small, but opened wide. 
Her thick, juicy lips wrapped around my penis, shifting and moving perfectly. 
She was an expert at this. God... I said, this felt amazing.

She took her mouth off, and stroked with both hands. This is by far the 
biggest dick I've ever had. I've never met a dick I couldn't swallow 
completely. You are a challenge Tim... She said. and started licking, kissing, 
and sucking on my giant balls. Even your balls are huge...it's like 2 
eggs...no wait...these are too big to be eggs. She said, with a giggle. Her 
hands were grabbing whatever she could touch. She attempted to deepthroat 
again, her hands clawing at my thighs and lower back. She wanted more and more. 
I began to doubt that even I was enough for her with the way she was acting.

I gave up the act of resisting. I pulled the remainders of my pants down, and 
kicked them away, finally happy to have my lower body freed from the tight 
confines of my ever shrinking clothes. Linda managed to plunge more and more of 
my gigantic penis down her throat. I tried to wrap my mind around how she was 
able to do it, but it felt too good for me to focus, or really even care. I 
attempted to unbutton my dress shirt after throwing off my tie, but it was hard 
to do while being blown. My shirt was so tight on my body, that it was hard to 
get the buttons off. Frustrated, I ripped it open, and let it fall behind me.

Now only in my shoes, Rachel continued to work my throbbing member. Her saliva 
dripped down my shaft and onto the floor. She tried her best to swallow, but my 
penis was incredibly hard, and wouldn't curve down into her throat. God 
dammit...I've never met a dick I couldn't deep throat. You're my white whale, 
Tim. She joked. I guess I gotta give up for now. She said, and stood up.

She turned around, and stepped over my penis, so it was between her legs, and 
she was facing away from me, but her body pushed up against me. I reached down 
between her legs, lifting her skirt up. 

Re: The Cidr Report

[HUGE NOG]

I finally got home. The car ride felt like it took forever. My clothes tattered 
by either my superhumanly strong boner, or the amazing sex I just had. For the 
first time in literally 10 years, I was crying. I wasn't a guy who cried. But 
this...I betrayed my wife. I loved her. And no matter how many times she said 
it was fine, I still felt horrible.

What the... She said, as I walked into the house. Tim? What's wrong, what 
happened? She was worried.

I'm so sorry... I said. I'm so sorry.

Sorry for what? What happened? Why are your clothes ripped? She asked.

I didn't want to have sex with her Amanda. I couldn't help it...all these 
women...they won't leave me alone. I said, falling to my knees, and hugging 
her around her torso.

She smiled a bit. Tim...it's alright...I don't know why you are so broken up 
over this. I told you it was okay.

No Amanda, it's not okay. You wouldn't do this to me. I wouldn't want you to, 
and you wouldn't do it. I said.

Your right. I wouldn't. Because you told me not to. But I know if I told you 
not to, you wouldn't have either. She said.

No. I responded. Given enough time, I would've cracked. This isn't who I am. 
I don't know what's happening to me. I don't want to only think about sex. I 
don't want to grow if this is what it turns me into. I said.

Tim, I would be selfish to not share... She said.

Stop it! I said, I stood up. I don't want to be shared! I'm not a fucking 
lawn mower. I was pissed. I stormed out of the house, still in tattered 
clothes. A block away was a park. It was later in the day, and there wasn't 
anyone there. It was surrounded by trees, so it didn't get much outside 
observation. I just wanted to sit, and think.

Tim! She said, out the door, on the porch. I just kept walking.

God dammit. I said, walking past the park. There were people there, and I 
didn't want to expose myself. I went farther, into the woods nearby. It wasn't 
dense, and I was able to walk through easily. My mind was going a mile a 
minute, my emotions were all over the place. I began to get dizzy. I stumbled 
around a bit, and then leaned back against a tree. For a moment, the feeling 
was gone, and I stood up straight. Then it overwhelmed me again.

I looked down at myself. Something was happening. I looked at my hands. This 
was getting weird. I could see...I could see them...growing.

Oh God... I said. I looked down, I watched my chest balloon outward slowly. I 
looked to my side, and watched my arms and shoulders building up more and more 
muscle, before my very eyes. God...no I grunted, and stumbled back, and 
leaned against the tree again. My penis started to erect, but I wasn't aroused. 
I grunted again, as I felt my back muscles growing into the tree. I expressed 
my frustration with this, as I felt my back slowly being scratched as it slide 
upward along the tree. I was getting taller too. I looked down again, my penis 
fully erect.

No... I said. No no no... Watching my penis swell up larger. Don't 
grow...stop... All I could do was watch, as my penis grow just past my 
previous size.

I let out a louder grunt, and my muscles began to rip out of the parts of my 
shirt that weren't ripped. My thighs breaking through the seams of my pants. My 
butt filling with muscle pushing anything that was left outward. It ended after 
what seemed like hours, but was only a few minutes.

I wasn't much taller. I was 6'9 that morning, but I gained an inch and a half 
in height. My penis swelled to just below 14 inches, and just above 8 inches 
around. My testicles swelled slightly too. But the biggest impact were my 
muscles. It was obvious, I put on more than 60 lbs. I was now 390 lbs, of 
strong, monstrous muscle. I had no idea what to do. I had to get back to Amanda.

I grunted, and fell into the doorway. Amanda was on the phone. I think that's 
him, I'll call you back. She said, and turned the corner. Her eyes widened. 
Tim! She said.

I was breathing heavy. I need to go to the doctor... I said, sitting up. 
Amanda's voice seemingly healed me. I slowly made it to my feet. I shook my 
head...

Tim...you...did you grow? She said. Your muscles are...massive. She said, 
in awe. There was a silence for a few moments, and she slowly stepped back, and 
grabbed her keys. When she came back, the door was closed. Tim... She said, a 
bit confused. I walked toward her. Do you still wanna go? She asked.

Not yet. I said. I picked grabbed her waist, and threw her over my shoulder 
with one hand.

She laughed. Tim! She said, excited. She began to feign helplessness. No, 
please, don't take me to your evil, well furnished bedroom and have your way 
with me! She joked, and I walked upstairs with her.

I threw her on the bed, and she bounced. She laughed again. Tim, I've never 
seen you like this... She said.

I grabbed her shirt and bra at the same time with one of my massive hands, and 
pulled them off of her in one quick motion, and she gasped, and sighed softly. 
Tim...this is 

Re: The Cidr Report

[Grant Ridder]

if the admins are not going to moderate this list... give me the admin
password to the list serve and i will set it up right... gees

Re: The Cidr Report

[Skeeve Stevens]

I think the effort to moderate this particular list would be far to much
effort.

*
*
*Skeeve Stevens, CEO - *eintellego Pty Ltd
ske...@eintellego.net ; www.eintellego.net

Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellego ;  http://twitter.com/networkceoau
linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net

The Experts Who The Experts Call
Juniper - Cisco – IBM



On Sat, Jul 14, 2012 at 3:46 AM, Grant Ridder shortdudey...@gmail.comwrote:

 if the admins are not going to moderate this list... give me the admin
 password to the list serve and i will set it up right... gees

Re: Real world sflow vs netflow?

[Harry Hoffman]

Hi David,

I'm not sure that sflow is going to get your the granularity that you
are looking for. It's usually better to start more granular and then
aggregate into larger flows when you graph or reference for historic values.

Have you looked at other options, such as argus [1] to collect flow data
outside of the networking gear?

This way the networking gear can do what its primary job and flow
collection can happen elsewhere.

There's a whole argus community that discusses the information security
topics you're interested in and Carter, the guy who wrote all (?) of the
code is very responsive. Argus can also take in NetFlow flows from your
routers too.

There are obviously other tools available, that may work as well or
better, but argus is one I've been using with great success in a fairly
heavily trafficked environment.

Cheers,
Harry

[1] http://www.qosient.com/argus/



On 07/13/2012 01:30 PM, David Hubbard wrote:
 Can anyone on or off list give me some real world
 thoughts on sflow vs netflow for border
 routers? (multi-homed, BGP, straight v4  v6 only
 for web hosting, no mpls, vpns, vlans, etc.)
 
 Finding it hard to decipher the vendor version
 of the answer to that question.  We use
 netflow v9 currently but are considering hardware
 that would be sflow.  We don't use it for
 billing purposes, mostly for spotting malicious
 remote hosts doing things like scans, spotting
 traffic such as weird ports in use in either 
 direction that warrant further investigation,
 watching for ddos/dos destinations to act on
 mitigation, or investigating the nature of unusual
 levels of traffic on switch ports that set off
 alarms.  I'm concerned things like port scans,
 etc. won't be picked up by the NMS if fed by
 sflow due to the sampling nature, or similar
 concern if 500 ssh connections by the same remote
 host are sampled as 1 connection, etc.  Of course
 these concerns were put in my head by someone
 interested in me continuing to use equipment that
 happens to output netflow data, hence me wanting some
 real people answers. :-)
 
 Thanks!
 
 
 

Re: The Cidr Report

[Lynda]

On 7/13/2012 10:46 AM, Grant Ridder wrote:

if the admins are not going to moderate this list... give me the admin
password to the list serve and i will set it up right.


These emails seem to be originating from comcast (75.144.246.6). Please 
note I said seem to be since it's very easy to forge such things. I 
was quite sad when yahoo started dispensing *new* accounts from 
Rocketmail (a property they acquired in the long ago times), since I 
have a rocketmail account that long predates yahoo, or the acquisition.


Still, there needs to be a filter of some sort set up. Mailman permits 
this, and I'd be a fan of it. It seems to be generated by someone who 
has the serious hate on for the list. That actually narrows it down 
quite a bit. Maybe I'll do a bit of traffic analysis over the weekend.


Or not...

--
Politicians are like a Slinky.
They're really not good for anything,
but they still bring a smile to your face
when you push them down a flight of stairs.

Re: using reserved IPv6 space

[Jean-Francois . TremblayING]

-Hammer- bhmc...@gmail.com a écrit sur 13/07/2012 12:21:13 PM :

 I like the ULA approach. 

Global and ULA are two approach, but there's a third one: GUA + ULA. We 
actually put a GUA on servers speaking publicly, a ULA on servers speaking 
in our domain only and *both* ULA and GUA on servers which talk both ways. 
Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA 
connections only (just simple URPF over two interfaces). 

This setup works very well, surprisingly we've had very little source 
address selection problems so far (knock on wood). We're very happy that 
the separation between public and private networks is clear, it helps a 
lot with debugging and service separation. 

/JF

Re: The Cidr Report

[Grant Ridder]

Mailman also allows keyword filtering

On Fri, Jul 13, 2012 at 12:56 PM, Lynda shr...@deaddrop.org wrote:

 On 7/13/2012 10:46 AM, Grant Ridder wrote:

 if the admins are not going to moderate this list... give me the admin
 password to the list serve and i will set it up right.


 These emails seem to be originating from comcast (75.144.246.6). Please
 note I said seem to be since it's very easy to forge such things. I was
 quite sad when yahoo started dispensing *new* accounts from Rocketmail (a
 property they acquired in the long ago times), since I have a rocketmail
 account that long predates yahoo, or the acquisition.

 Still, there needs to be a filter of some sort set up. Mailman permits
 this, and I'd be a fan of it. It seems to be generated by someone who has
 the serious hate on for the list. That actually narrows it down quite a
 bit. Maybe I'll do a bit of traffic analysis over the weekend.

 Or not...

 --
 Politicians are like a Slinky.
 They're really not good for anything,
 but they still bring a smile to your face
 when you push them down a flight of stairs.

Re: The Cidr Report

[JC Dill]

On 13/07/12 10:46 AM, Grant Ridder wrote:

if the admins are not going to moderate this list... give me the admin
password to the list serve and i will set it up right... gees


+1


jc

Akamai infrastructure tech

[Robert Glover]

If someone with Akamai is watching, can you please have someone from
infrastructure contact me?  We host an Akamai server, a drive started
taking errors, Akamai shipped us a new drive, but did not tell us which
of the eight drives in the server needs to be replaced.

Normal contact channels have resulted in voicemail or no clue :(

Thanks,
-Robert

RE: Akamai infrastructure tech

[Paul Stewart]

That's unusual... we've gone through hard drive replacements many times and
always gotten a detailed email from them before the hard drive arrived

Paul


-Original Message-
From: Robert Glover [mailto:robe...@garlic.com] 
Sent: July-13-12 2:32 PM
To: nanog@nanog.org
Subject: Akamai infrastructure tech

If someone with Akamai is watching, can you please have someone from
infrastructure contact me?  We host an Akamai server, a drive started taking
errors, Akamai shipped us a new drive, but did not tell us which of the
eight drives in the server needs to be replaced.

Normal contact channels have resulted in voicemail or no clue :(

Thanks,
-Robert

Re: using reserved IPv6 space

[TJ]

On Fri, Jul 13, 2012 at 1:56 PM, jean-francois.tremblay...@videotron.comwrote:

 -Hammer- bhmc...@gmail.com a écrit sur 13/07/2012 12:21:13 PM :

  I like the ULA approach.

 Global and ULA are two approach, but there's a third one: GUA + ULA. We
 actually put a GUA on servers speaking publicly, a ULA on servers speaking
 in our domain only and *both* ULA and GUA on servers which talk both ways.
 Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA
 connections only (just simple URPF over two interfaces).

 This setup works very well, surprisingly we've had very little source
 address selection problems so far (knock on wood). We're very happy that
 the separation between public and private networks is clear, it helps a
 lot with debugging and service separation.



Of the top of my head, the first problem you might hit there is
WRT multicast ...
*(ULA might win some source address selections that you want GUA to win)*
/TJ

Re: DNS Changer items

[Owen DeLong]

On Jul 7, 2012, at 10:31 AM, Jay Ashworth wrote:

 - Original Message -
 From: Seth Mattinen se...@rollernet.us
 
 On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
 The dns-ok.us site is getting crushed from all the sudden media
 interest.
 
 One wonders why it's so hard to get the media interested when it
 would be *helpful*. DNS Changer gets traction like 3 days before the
 drop dead date, IPv6 gets on the radar *after* we run out of v4 /8's
 to give to regionals, etc...
 
 Reactive is easier to justify to the powers that be than proactive.
 
 It's easier to justify *not* being smart enough to deal with the problem
 when it doesn't cause a major disruption?
 

When it isn't causing a major problem, the powers that be have a harder time 
understanding the need to act.

Once it is causing a major disruption, the powers that be have no trouble 
understanding the need to act.

This is not veneration of stupidity, it is human nature. Often summarized in 
the colloquialism The squeaky wheel gets the grease.

Owen

Re: Netsol AAAA glue

[Jeff Fisher]

On 07/13/2012 06:43 AM, Brandon Applegate wrote:

So I sent an email over a week ago to ipv6...@networksolutions.com - and
since I've only recieved the auto reply.

A year or so ago I did this and got very quick turnaround, but now just
dead air (sent another email yesterday).

Wanted to see if others had the same results (recently) and any advice
before I call into phone tree hell.  Thanks.


I waited over a month before I finally got fed up and e-mailed nanog for 
advice. I was told to e-mail lis...@networksolutions.com and amazingly, 
it worked -- within a day, my records were changed.


Jeff

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith pfsi...@gmail.com.

Routing Table Report   04:00 +10GMT Sat 14 Jul, 2012

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  416525
Prefixes after maximum aggregation:  175957
Deaggregation factor:  2.37
Unique aggregates announced to Internet: 202804
Total ASes present in the Internet Routing Table: 41495
Prefixes per ASN: 10.04
Origin-only ASes present in the Internet Routing Table:   33311
Origin ASes announcing only one prefix:   15683
Transit ASes present in the Internet Routing Table:5581
Transit-only ASes present in the Internet Routing Table:135
Average AS path length visible in the Internet Routing Table:   4.5
Max AS path length visible:  31
Max AS path prepend of ASN ( 51742)  24
Prefixes from unregistered ASNs in the Routing Table:   404
Unregistered ASNs in the Routing Table: 131
Number of 32-bit ASNs allocated by the RIRs:   2974
Number of 32-bit ASNs visible in the Routing Table:2603
Prefixes from 32-bit ASNs in the Routing Table:6761
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:162
Number of addresses announced to Internet:   2565104428
Equivalent to 152 /8s, 228 /16s and 99 /24s
Percentage of available address space announced:   69.2
Percentage of allocated address space announced:   69.3
Percentage of available address space allocated:   99.9
Percentage of address space in use by end-sites:   93.0
Total number of prefixes smaller than registry allocations:  144361

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   101982
Total APNIC prefixes after maximum aggregation:   32789
APNIC Deaggregation factor:3.11
Prefixes being announced from the APNIC address blocks:  102433
Unique aggregates announced from the APNIC address blocks:42106
APNIC Region origin ASes present in the Internet Routing Table:4715
APNIC Prefixes per ASN:   21.72
APNIC Region origin ASes announcing only one prefix:   1243
APNIC Region transit ASes present in the Internet Routing Table:739
Average APNIC Region AS path length visible:4.6
Max APNIC Region AS path length visible: 26
Number of APNIC region 32-bit ASNs visible in the Routing Table:245
Number of APNIC addresses announced to Internet:  704212608
Equivalent to 41 /8s, 249 /16s and 110 /24s
Percentage of available APNIC address space announced: 82.3

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 131072-133119
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:152258
Total ARIN prefixes after maximum aggregation:77460
ARIN Deaggregation factor: 1.97
Prefixes being announced from the ARIN address blocks:   153294
Unique aggregates announced from the ARIN address blocks: 68403
ARIN Region origin ASes present in the Internet Routing Table:15189
ARIN Prefixes per ASN:10.09
ARIN Region origin 

Re: using reserved IPv6 space

[Jean-Francois . TremblayING]

TJ trej...@gmail.com a écrit sur 13/07/2012 02:47:26 PM :

 Of the top of my head, the first problem you might hit there is 
 WRT multicast ...  
 (ULA might win some source address selections that you want GUA to 
win)
 /TJ

Good point, thanks for pointing that out. We'll see when we deploy 
network-wide IPv6 multicast... not there (yet). 

/JF

Communications Committee volunteers [was: The Cidr Report]

[Patrick W. Gilmore]

On Jul 13, 2012, at 14:20 , JC Dill wrote:
 On 13/07/12 10:46 AM, Grant Ridder wrote:

 if the admins are not going to moderate this list... give me the admin
 password to the list serve and i will set it up right... gees
 
 +1

Most excellent!

Just so you know, the admins are the Communications Committee, and they are 
always looking for new volunteers.

I assume you both will be volunteering forthwith?

-- 
TTFN,
patrick

Re: Communications Committee volunteers [was: The Cidr Report]

[Jared Mauch]

On Jul 13, 2012, at 3:49 PM, Patrick W. Gilmore wrote:

 On Jul 13, 2012, at 14:20 , JC Dill wrote:
 On 13/07/12 10:46 AM, Grant Ridder wrote:
 
 if the admins are not going to moderate this list... give me the admin
 password to the list serve and i will set it up right... gees
 
 +1
 
 Most excellent!
 
 Just so you know, the admins are the Communications Committee, and they are 
 always looking for new volunteers.
 
 I assume you both will be volunteering forthwith?

They already did in public.  I don't think they can turn it down now :)

- Jared

Re: Communications Committee volunteers [was: The Cidr Report]

[Grant Ridder]

The admins say they are working on a content filter system.  All you really
should have to do if do keyword filtering in mailman.  I have this setup on
a maillist that i manage.

On Fri, Jul 13, 2012 at 2:51 PM, Jared Mauch ja...@puck.nether.net wrote:


 On Jul 13, 2012, at 3:49 PM, Patrick W. Gilmore wrote:

  On Jul 13, 2012, at 14:20 , JC Dill wrote:
   On 13/07/12 10:46 AM, Grant Ridder wrote:
 
  if the admins are not going to moderate this list... give me the admin
  password to the list serve and i will set it up right... gees
 
  +1
 
  Most excellent!
 
  Just so you know, the admins are the Communications Committee, and
 they are always looking for new volunteers.
 
  I assume you both will be volunteering forthwith?

 They already did in public.  I don't think they can turn it down now :)

 - Jared

Re: Akamai infrastructure tech

[Robert Glover]

Thanks to everyone who responded; we've got this completely taken care of!

On 07/13/2012 11:32 AM, Robert Glover wrote:
 If someone with Akamai is watching, can you please have someone from
 infrastructure contact me?  We host an Akamai server, a drive started
 taking errors, Akamai shipped us a new drive, but did not tell us which
 of the eight drives in the server needs to be replaced.
 
 Normal contact channels have resulted in voicemail or no clue :(
 
 Thanks,
 -Robert
 

Re: Communications Committee volunteers [was: The Cidr Report]

[Sean Harlow]

On Jul 13, 2012, at 16:02, Grant Ridder wrote:

 The admins say they are working on a content filter system.  All you really
 should have to do if do keyword filtering in mailman.  I have this setup on
 a maillist that i manage.

How well would that actually work against what seems to be a bored individual 
with nothing better to do but send this stuff here?  Any keyword filters can be 
easily circumvented in the same way spammers have done for years.  We'll just 
be seeing these stories with lots of pen1s or similar quick edits.

Re: Real world sflow vs netflow?

[Peter Phaal]

Hi David,

The main architectural difference between sFlow and Netflow is the
location of the flow cache:

1. NetFlow: Packets are decoded on the router, flow keys are extracted
and used to lookup/create an entry in a flow cache which is then
updated based on values in the packet. Records are exported from the
flow cache in the form of Netflow datagrams when the flow completes or
based on a timeout.
2. sFlow: Packets are randomly sampled in hardware and the packet
headers are immediately exported as sFlow datagrams - there is no flow
cache on the switch/router. In addition to exporting the packet
header, the sFlow agent captures the FIB state associated with
forwarding the sampled packet, exporting information such as next hop
router, AS-path, communities etc. An sFlow agent also periodically
sends all the MIB-II interface counters, eliminating the need for SNMP
polling - this isn't very important if you are only monitoring a few
links, but makes a big difference if you are monitoring large chassis
switches or tens or hundreds of thousands of ports in a data center or
campus environment.

Moving the flow cache off the router has a number of benefits:
1. You are no longer limited by the hardware/firmware capabilities of
the router - your analysis software decides which fields to decode and
how to accumulate results. For example, if you are managing a mixed
IPv4/IPv6 environment you can decide to use sFlow to look into v6 over
v4 and v4 over v6 tunnels (to do the same thing with Netflow would
likely require a hardware upgrade). You can even feed sFlow into
Wireshark for detailed analysis of protocols and packet headers.
2. Operational complexity is greatly reduced since the configuration
options and resource management issues associated with the flow cache
are eliminated.
3. Low latency. Measurements aren't delayed by the flow cache - you
can detect DDoS attacks/large flows within seconds.
4. Scalability - you can turn on sFlow on every link (even 100G
links), on every device for a comprehensive view of traffic.
5. Multi-vendor interoperability. The sFlow measurements are
interoperable across vendors (since very little processing is
performed on the devices). With NetFlow, different vendors and devices
have different hardware limitations affecting the fields that they can
export.

Unsampled Netflow is only practical for moderate traffic levels. If
you carry significant traffic you would want to enable sampling
anyway, even with Netflow. However, there are a wide range of Netflow
sampling implementations, many of which yield questionable results. In
contrast, the sFlow standard specifies how sampling must be performed
and ensures that information is included that allows the sampled data
to be correctly scaled and produce unbiased measurements.

Cheers,
Peter

On Fri, Jul 13, 2012 at 10:30 AM, David Hubbard
dhubb...@dino.hostasaurus.com wrote:
 Can anyone on or off list give me some real world
 thoughts on sflow vs netflow for border
 routers? (multi-homed, BGP, straight v4  v6 only
 for web hosting, no mpls, vpns, vlans, etc.)

 Finding it hard to decipher the vendor version
 of the answer to that question.  We use
 netflow v9 currently but are considering hardware
 that would be sflow.  We don't use it for
 billing purposes, mostly for spotting malicious
 remote hosts doing things like scans, spotting
 traffic such as weird ports in use in either
 direction that warrant further investigation,
 watching for ddos/dos destinations to act on
 mitigation, or investigating the nature of unusual
 levels of traffic on switch ports that set off
 alarms.  I'm concerned things like port scans,
 etc. won't be picked up by the NMS if fed by
 sflow due to the sampling nature, or similar
 concern if 500 ssh connections by the same remote
 host are sampled as 1 connection, etc.  Of course
 these concerns were put in my head by someone
 interested in me continuing to use equipment that
 happens to output netflow data, hence me wanting some
 real people answers. :-)

 Thanks!

Re: using reserved IPv6 space

[Owen DeLong]

On Jul 13, 2012, at 4:24 PM, Randy Bush wrote:

 keep life simple.  use global ipv6 space.
 
 randy

Though it is rare, this is one time when I absolutely agree with Randy.

Owen

Re: using reserved IPv6 space

[Brandon Ross]

On Fri, 13 Jul 2012, Owen DeLong wrote:


On Jul 13, 2012, at 4:24 PM, Randy Bush wrote:


keep life simple.  use global ipv6 space.

randy


Though it is rare, this is one time when I absolutely agree with Randy.


It's even more rare for me to agree with Randy AND Owen at the same time.

--
Brandon Ross  Yahoo  AIM:  BrandonNRoss
+1-404-635-6667ICQ:  2269442
Schedule a meeting:  https://tungle.me/bross Skype:  brandonross

The Cidr Report

[cidr-report]

This report has been generated at Fri Jul 13 21:10:00 2012 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
06-07-12418603  242444
07-07-12418670  242326
08-07-12418651  242260
09-07-12417976  242235
10-07-12418251  242235
11-07-12 0  242235
12-07-12 0  242235
13-07-12 0  242235


AS Summary
 0  Number of ASes in routing system
 0  Number of ASes announcing only one prefix
  3390  Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
 0  Largest address span announced by an AS (/32s)
æØÿÿÿ : BELLSOUTH-NET-BLK - BellSouth.net Inc.


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 13Jul12 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 418251   242235   17601642.1%   All ASes

AS6389  3390  190 320094.4%   BELLSOUTH-NET-BLK -
   BellSouth.net Inc.
AS7029  3281 1636 164550.1%   WINDSTREAM - Windstream
   Communications Inc
AS17974 2146  606 154071.8%   TELKOMNET-AS2-AP PT
   Telekomunikasi Indonesia
AS22773 1655  136 151991.8%   ASN-CXA-ALL-CCI-22773-RDC -
   Cox Communications Inc.
AS4766  2710 1251 145953.8%   KIXS-AS-KR Korea Telecom
AS18566 2088  706 138266.2%   COVAD - Covad Communications
   Co.
AS28573 1986  622 136468.7%   NET Servicos de Comunicao S.A.
AS2118  1288   15 127398.8%   RELCOM-AS OOO NPO Relcom
AS4323  1576  386 119075.5%   TWTC - tw telecom holdings,
   inc.
AS1785  1934  814 112057.9%   AS-PAETEC-NET - PaeTec
   Communications, Inc.
AS10620 1983  897 108654.8%   Telmex Colombia S.A.
AS4755  1612  561 105165.2%   TATACOMM-AS TATA
   Communications formerly VSNL
   is Leading ISP
AS7303  1452  457  99568.5%   Telecom Argentina S.A.
AS7552  1124  234  89079.2%   VIETEL-AS-AP Vietel
   Corporation
AS8151  1491  687  80453.9%   Uninet S.A. de C.V.
AS18101  946  161  78583.0%   RELIANCE-COMMUNICATIONS-IN
   Reliance Communications
   Ltd.DAKC MUMBAI
AS17908  827   60  76792.7%   TCISL Tata Communications
AS4808  1106  352  75468.2%   CHINA169-BJ CNCGROUP IP
   network China169 Beijing
   Province Network
AS9394   888  162  72681.8%   CRNET CHINA RAILWAY
   Internet(CRNET)
AS13977  839  123  71685.3%   CTELCO - FAIRPOINT
   COMMUNICATIONS, INC.
AS8452  1166  518  64855.6%   TE-AS TE-AS
AS3356  1106  465  64158.0%   LEVEL3 Level 3 Communications
AS855695   58  63791.7%   CANET-ASN-4 - Bell Aliant
   Regional Communications, Inc.
AS17676  692   75  61789.2%   GIGAINFRA Softbank BB Corp.
AS4780   841  245  59670.9%   SEEDNET Digital United Inc.
AS22561 1023  428  59558.2%   DIGITAL-TELEPORT - Digital
   Teleport Inc.
AS19262  998  405  59359.4%   VZGNI-TRANSIT - Verizon Online
   LLC
AS24560 1036  448  58856.8%   AIRTELBROADBAND-AS-AP Bharti
   Airtel Ltd., Telemedia
   Services
AS3549   993  436  55756.1%   GBLX Global Crossing Ltd.
AS4804   649   97  55285.1%   MPX-AS Microplex PTY LTD

Total  43521132313029069.6%   Top 30 total


Possible Bogus Routes

10.86.64.32/30   AS65530 -Private Use 

Re: The Cidr Report

[Patrick W. Gilmore]

Composed on a virtual keyboard, please forgive typos. 

On Jul 13, 2012, at 22:00, cidr-rep...@potaroo.net wrote:

 This report has been generated at Fri Jul 13 21:10:00 2012 AEST.
 The report analyses the BGP Routing Table of AS2.0 router
 and generates a report on aggregation potential within the table.
 
 Check http://www.cidr-report.org for a current version of this report.
 
 Recent Table History
Date  PrefixesCIDR Agg
06-07-12418603  242444
07-07-12418670  242326
08-07-12418651  242260
09-07-12417976  242235
10-07-12418251  242235
11-07-12 0  242235
12-07-12 0  242235
13-07-12 0  242235

Ahhh, oops?

Geoff, might want to check your scripts. 

-- 
TTFN,
patrick


 AS Summary
 0  Number of ASes in routing system
 0  Number of ASes announcing only one prefix
  3390  Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
 0  Largest address span announced by an AS (/32s)
� : BELLSOUTH-NET-BLK - BellSouth.net Inc.
 
 
 Aggregation Summary
 The algorithm used in this report proposes aggregation only
 when there is a precise match using the AS path, so as 
 to preserve traffic transit policies. Aggregation is also
 proposed across non-advertised address space ('holes').
 
 --- 13Jul12 ---
 ASnumNetsNow NetsAggr  NetGain   % Gain   Description
 
 Table 418251   242235   17601642.1%   All ASes
 
 AS6389  3390  190 320094.4%   BELLSOUTH-NET-BLK -
   BellSouth.net Inc.
 AS7029  3281 1636 164550.1%   WINDSTREAM - Windstream
   Communications Inc
 AS17974 2146  606 154071.8%   TELKOMNET-AS2-AP PT
   Telekomunikasi Indonesia
 AS22773 1655  136 151991.8%   ASN-CXA-ALL-CCI-22773-RDC -
   Cox Communications Inc.
 AS4766  2710 1251 145953.8%   KIXS-AS-KR Korea Telecom
 AS18566 2088  706 138266.2%   COVAD - Covad Communications
   Co.
 AS28573 1986  622 136468.7%   NET Servicos de Comunicao S.A.
 AS2118  1288   15 127398.8%   RELCOM-AS OOO NPO Relcom
 AS4323  1576  386 119075.5%   TWTC - tw telecom holdings,
   inc.
 AS1785  1934  814 112057.9%   AS-PAETEC-NET - PaeTec
   Communications, Inc.
 AS10620 1983  897 108654.8%   Telmex Colombia S.A.
 AS4755  1612  561 105165.2%   TATACOMM-AS TATA
   Communications formerly VSNL
   is Leading ISP
 AS7303  1452  457  99568.5%   Telecom Argentina S.A.
 AS7552  1124  234  89079.2%   VIETEL-AS-AP Vietel
   Corporation
 AS8151  1491  687  80453.9%   Uninet S.A. de C.V.
 AS18101  946  161  78583.0%   RELIANCE-COMMUNICATIONS-IN
   Reliance Communications
   Ltd.DAKC MUMBAI
 AS17908  827   60  76792.7%   TCISL Tata Communications
 AS4808  1106  352  75468.2%   CHINA169-BJ CNCGROUP IP
   network China169 Beijing
   Province Network
 AS9394   888  162  72681.8%   CRNET CHINA RAILWAY
   Internet(CRNET)
 AS13977  839  123  71685.3%   CTELCO - FAIRPOINT
   COMMUNICATIONS, INC.
 AS8452  1166  518  64855.6%   TE-AS TE-AS
 AS3356  1106  465  64158.0%   LEVEL3 Level 3 Communications
 AS855695   58  63791.7%   CANET-ASN-4 - Bell Aliant
   Regional Communications, Inc.
 AS17676  692   75  61789.2%   GIGAINFRA Softbank BB Corp.
 AS4780   841  245  59670.9%   SEEDNET Digital United Inc.
 AS22561 1023  428  59558.2%   DIGITAL-TELEPORT - Digital
   Teleport Inc.
 AS19262  998  405  59359.4%   VZGNI-TRANSIT - Verizon Online
   LLC
 AS24560 1036  448  58856.8%   AIRTELBROADBAND-AS-AP Bharti
   Airtel Ltd., Telemedia
   Services
 AS3549   993  436  557