Re: HELP IN SETTING UP iBGPlay
On 7/10/2012 5:04 AM, Joseph M. Owino wrote: hi, Anyone out there who can help in setting up iBGP looking glass for an IXP. We currently are running 2 route servers and and 2 switches, they all are Cisco equipment. We also have a working web server running on FreeBSD 8.0. Any help is highly appreciated. regards, Muga Happy to help you if you get stuck.The work flow looks very similar to what is in BGPlay, so once you have the MRT file that contains desired data, you are most of the way there. I suspect the issue you will hit is that you already have existing route servers, and when you specify the route servers as the source route-reflector-clients, then you will see the route servers as the routers in your views rather than your peer routers. If on the other hand you have control over your peer routers, and you can reflect directly to the iBGPlay routerserver, that appears to be the model they show in their setup documents. John Kemp (k...@routeviews.org)
Netsol AAAA glue
So I sent an email over a week ago to ipv6...@networksolutions.com - and since I've only recieved the auto reply. A year or so ago I did this and got very quick turnaround, but now just dead air (sent another email yesterday). Wanted to see if others had the same results (recently) and any advice before I call into phone tree hell. Thanks. -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 8779 B023 7637 CEC8 C5C6 4052 664D 7E08 3CBB 1739 SH1-0151. This is the serial number, of our orbital gun.
Re: Netsol AAAA glue
On Jul 13, 2012, at 8:43 AM, Brandon Applegate wrote: So I sent an email over a week ago to ipv6...@networksolutions.com - and since I've only recieved the auto reply. A year or so ago I did this and got very quick turnaround, but now just dead air (sent another email yesterday). Wanted to see if others had the same results (recently) and any advice before I call into phone tree hell. Thanks. As long as you're not 1 year into a 10 year renewal, you may want to consider just moving your domains to another registrar such as opensrs. Drawback of using OpenSRS is they don't do DS records for dnssec, if that's a requirement as well, I believe Dyn has a good service for this (or so I read in the OpenSRS forums). - Jared
Re: Netsol AAAA glue
On 2012-07-13 14:52 , Jared Mauch wrote: On Jul 13, 2012, at 8:43 AM, Brandon Applegate wrote: So I sent an email over a week ago to ipv6...@networksolutions.com - and since I've only recieved the auto reply. A year or so ago I did this and got very quick turnaround, but now just dead air (sent another email yesterday). Wanted to see if others had the same results (recently) and any advice before I call into phone tree hell. Thanks. As long as you're not 1 year into a 10 year renewal, you may want to consider just moving your domains to another registrar such as opensrs. Drawback of using OpenSRS is they don't do DS records for dnssec, if that's a requirement as well, I believe Dyn has a good service for this (or so I read in the OpenSRS forums). Joker is a good one for that (IPv6 glue + DNSSEC) too, especially because of their automated robot that one can easily push key updates to. Obligatory link containing further options: http://www.sixxs.net/faq/dns/?faq=ipv6glue Greets, Jeroen
Re: Netsol AAAA glue
On Fri, Jul 13, 2012 at 5:43 AM, Brandon Applegate bran...@burn.net wrote: So I sent an email over a week ago to ipv6...@networksolutions.com - and since I've only recieved the auto reply. A year or so ago I did this and got very quick turnaround, but now just dead air (sent another email yesterday). Wanted to see if others had the same results (recently) and any advice before I call into phone tree hell. Thanks. NetSol has been dragged through the mud on NANOG a few times in recent memory, i believe the best bet is to 1) review the archives 2) find another register from 2008 http://www.nanog.org/mailinglist/mailarchives/old_archive/2008-07/msg00542.html from a few months ago http://seclists.org/nanog/2012/Mar/1001 CB
Re: Netsol AAAA glue
On Fri, Jul 13, 2012 at 08:52:27AM -0400, Jared Mauch wrote: dnssec, if that's a requirement as well, I believe Dyn has a good service for this (or so I read in the OpenSRS forums). Yes, Dyn supports DNSSEC and will send the DS to the registrar and so on. We'll also host the DNS using DNSSEC for you, but it's not a requirement to use our service for this. (I'm delighted to hear that people say it's good.) Best, A -- Andrew Sullivan Dyn Labs asulli...@dyn.com
Re: Netsol AAAA glue
Hi Brandon, Check out Name Cheap. One has to submit a support ticket for them to contact enom to add the ipv6 bits but that takes less than 2 days to have in place. Regards --jm Brandon Applegate mailto:bran...@burn.net 13 July 2012 2:43 PM So I sent an email over a week ago to ipv6...@networksolutions.com - and since I've only recieved the auto reply. A year or so ago I did this and got very quick turnaround, but now just dead air (sent another email yesterday). Wanted to see if others had the same results (recently) and any advice before I call into phone tree hell. Thanks. -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 8779 B023 7637 CEC8 C5C6 4052 664D 7E08 3CBB 1739 SH1-0151. This is the serial number, of our orbital gun.
[liberationtech] new opennet citizen lab report: routing gone wild
- Forwarded message from Ronald Deibert r.deib...@utoronto.ca - From: Ronald Deibert r.deib...@utoronto.ca Date: Fri, 13 Jul 2012 09:45:29 -0400 To: Liberation Tech List liberationt...@mailman.stanford.edu Subject: [liberationtech] new opennet citizen lab report: routing gone wild X-Mailer: Apple Mail (2.1278) Routing Gone Wild: Documenting upstream filtering in Oman via India Key Findings • Data collected from Oman shows that web filtering applied by India-based ISPs is restricting access to content for customers of an ISP in Oman. While unusual, content filtering undertaken in one political jurisdiction can have an effect on users in another political jurisdiction as a result of ISP routing arrangements – a phenomenon known as “upstream filtering.” • Content found to be filtered includes news sites, political blogs and file sharing sites. • Some variability in filtering was documented, potentially linked to certain measures to loosen filtering regulations in India. http://arstechnica.com/tech-policy/2012/07/internet-content-blocking-travels-downstream-affects-unwary-users/ https://citizenlab.org/2012/07/routing-gone-wild/ https://citizenlab.org/wp-content/uploads/2012/07/08-2012-routinggonewild.pdf http://opennet.net/blog/2012/07/routing-gone-wild-documenting-upstream-filtering-oman-india Please Note: Data Raw data for the proxy test results cited here can be found in the following formats: Summarized results [Google doc] Summarized results [csv] Raw data [zip - html, csv, txt] The data presented is from a June 18, 2012 test run of a URL list through two Omantel proxies, as well as from the Czech Republic as a control. There are three types of block pages that have been highlighted in the columns: oman_block_social - An Omani block page that specifies that the blocking was due to societal and cultural norms of the sultanate. oman_block_laws - An Omani block page that specifies the reason for blocking was a violation of the law. india_block - An Indian block page that specifies the reason for blocking was a court order. The presented zip file contains the html contents and headers returned during the course of this test run. To view this data, extract the zip file and open the contained index.html. Please exercise caution when following any links in this file, as the file contains contents of website data returned and we can make no guarantee as to what these sites contain. This data is presented for informational purposes only and we make no claims regarding the ownership of website content. There were two redactions made in the data. The IP numbers of proxies used were obfuscated and the website contents of the site songdad.com were removed, due to the fact that during the time of testing this site contained the JS/Blacole exploit kit. Ronald J. Deibert Professor of Political Science Director, The Canada Centre for Global Security Studies and The Citizen Lab Munk School of Global Affairs University of Toronto r.deib...@utoronto.ca http://deibert.citizenlab.org/ twitter.com/citizenlab ___ liberationtech mailing list liberationt...@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
using reserved IPv6 space
OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Other than the usual Hey, you shouldn't do that can anyone give me some IPv6 specific reasons that I may not be forecasting that would make it worse doing this than in an IPv4 scenario. I know, not apples to apples but for this question they are close enough. Unless there is something IPv6 specific that is influencing this -- -Hammer- I was a normal American nerd -Jack Herer
RE: using reserved IPv6 space
Hammer wrote: In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Why can't you just generate a ULA and use that? Regards, Leo smime.p7s Description: S/MIME cryptographic signature
Re: using reserved IPv6 space
On 2012-07-13 16:38, -Hammer- wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. There is this very nice concept called ULA (RFC4193), use it. If you want to be more sure about uniqueness, use http://www.sixxs.net/tools/grh/ula/ or you can also just use a chunk of your 'global' prefix and don't announce a route for it and firewall it off properly. Greets, Jeroen
Re: using reserved IPv6 space
Leo/Jeroen, Thank you both. That is the simple answer that I wasn't thinking of. I'm not as IPv6 savvy as I need to be (yet) so I haven't put all the pieces together when trying to look at the bigger picture. Thanks again. -Hammer- I was a normal American nerd -Jack Herer On 7/13/2012 9:41 AM, Jeroen Massar wrote: On 2012-07-13 16:38, -Hammer- wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. There is this very nice concept called ULA (RFC4193), use it. If you want to be more sure about uniqueness, use http://www.sixxs.net/tools/grh/ula/ or you can also just use a chunk of your 'global' prefix and don't announce a route for it and firewall it off properly. Greets, Jeroen
Re: using reserved IPv6 space
On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Would using just Link Locals not be sufficient? *(Failing that, as others noted, ULAs are the next right answer ... )* * * /TJ
Re: using reserved IPv6 space
I think they would. I'm just a bit too new to this. Thanks. -Hammer- I was a normal American nerd -Jack Herer On 7/13/2012 10:05 AM, TJ wrote: On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com mailto:bhmc...@gmail.com wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24 http://192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Would using just Link Locals not be sufficient? /(Failing that, as others noted, ULAs are the next right answer ... )/ / / /TJ
Re: using reserved IPv6 space
On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com wrote: On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Would using just Link Locals not be sufficient? *(Failing that, as others noted, ULAs are the next right answer ... )* * * /TJ As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and global addresses. For example, if you have some internal web traffic used for intranet use only, do you bind those servers to use only ULA addresses? This way your internal users with ULA addressing only have access to those servers? No need to give intranet-only servers a global address if they're not needed to be accessed globally. Is there a way for hosts to prefer or attempt to connect to a service by first trying a link-local scope, then a ULA and finally a global address if its off the AS? I really like the idea of ULA and think it makes much more sense than RFC1918 + NAT. I just don't have any deployment experience with it yet so I'm curious how the host would handle it. On the router side, I'm sure ULA and global routing just run as ships-in-the-night side-by-side anyways...right? -- Thomas Cooper
Re: using reserved IPv6 space
On 13 Jul 2012, at 17:11, Tom Cooper wrote: On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com wrote: As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and global addresses. For example, if you have some internal web traffic used for intranet use only, do you bind those servers to use only ULA addresses? This way your internal users with ULA addressing only have access to those servers? No need to give intranet-only servers a global address if they're not needed to be accessed globally. Is there a way for hosts to prefer or attempt to connect to a service by first trying a link-local scope, then a ULA and finally a global address if its off the AS? There is an RFC that describes how hosts should select addresses in such situations, http://tools.ietf.org/html/rfc3484 As an side; it would be great if some more IPv6 questions could be put on http://ipv6exchange.net/ - I would love to see that become a useful resource for people starting out with IPv6. If you have an IPv6 question, please do post! Cheers, aid
Re: using reserved IPv6 space
I'm having similar thoughts and we are about to implement. Fortunately we are implementing in an isolated lab first for this exact reason. For us to figure things out first before attempting them elsewhere. I like the ULA approach. I'm not sure about link local being used as strategy for Internal services. I'm finally getting to the point where I'm looking past the vastness of the numbers and just focusing on subnets and masks and subnetting and whatnot. -Hammer- I was a normal American nerd -Jack Herer On 7/13/2012 11:11 AM, Tom Cooper wrote: On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com mailto:trej...@gmail.com wrote: On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com mailto:bhmc...@gmail.com wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24 http://192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Would using just Link Locals not be sufficient? *(Failing that, as others noted, ULAs are the next right answer ... )* * * /TJ As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and global addresses. For example, if you have some internal web traffic used for intranet use only, do you bind those servers to use only ULA addresses? This way your internal users with ULA addressing only have access to those servers? No need to give intranet-only servers a global address if they're not needed to be accessed globally. Is there a way for hosts to prefer or attempt to connect to a service by first trying a link-local scope, then a ULA and finally a global address if its off the AS? I really like the idea of ULA and think it makes much more sense than RFC1918 + NAT. I just don't have any deployment experience with it yet so I'm curious how the host would handle it. On the router side, I'm sure ULA and global routing just run as ships-in-the-night side-by-side anyways...right? -- Thomas Cooper
Re: using reserved IPv6 space
Note that I meant using Link Locals for directly connected devices *(neighbors; e.g. - routing protocol neighborship formation)*. If they are not on-link with each other, Link Locals are a non-starter ... ULAs would be a possible solution for a completely disconnected network. Note that many are proponents of using Globals even in those situations, with judicious filtering stopping any inboud/outbound traffic. The benefit being that it's never going to be connected doesn't really, always mean it's never going to be connected :). *YMMV, as always!* /TJ On Fri, Jul 13, 2012 at 12:21 PM, -Hammer- bhmc...@gmail.com wrote: I'm having similar thoughts and we are about to implement. Fortunately we are implementing in an isolated lab first for this exact reason. For us to figure things out first before attempting them elsewhere. I like the ULA approach. I'm not sure about link local being used as strategy for Internal services. I'm finally getting to the point where I'm looking past the vastness of the numbers and just focusing on subnets and masks and subnetting and whatnot. -Hammer- I was a normal American nerd -Jack Herer On 7/13/2012 11:11 AM, Tom Cooper wrote: On Fri, Jul 13, 2012 at 11:05 AM, TJ trej...@gmail.com wrote: On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- bhmc...@gmail.com wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Would using just Link Locals not be sufficient? *(Failing that, as others noted, ULAs are the next right answer ... )* * * /TJ As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and global addresses. For example, if you have some internal web traffic used for intranet use only, do you bind those servers to use only ULA addresses? This way your internal users with ULA addressing only have access to those servers? No need to give intranet-only servers a global address if they're not needed to be accessed globally. Is there a way for hosts to prefer or attempt to connect to a service by first trying a link-local scope, then a ULA and finally a global address if its off the AS? I really like the idea of ULA and think it makes much more sense than RFC1918 + NAT. I just don't have any deployment experience with it yet so I'm curious how the host would handle it. On the router side, I'm sure ULA and global routing just run as ships-in-the-night side-by-side anyways...right? -- Thomas Cooper
Re: using reserved IPv6 space
See RFC 3849 - http://tools.ietf.org/html/rfc3849 Which pre-scribed the range: 2001:DB8::/32 for use in Documentation. I suppose this could be used for lab testing. *ducks flames* * * *Skeeve Stevens, CEO - *eintellego Pty Ltd ske...@eintellego.net ; www.eintellego.net Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco – IBM On Sat, Jul 14, 2012 at 12:38 AM, -Hammer- bhmc...@gmail.com wrote: OK. I'm pretty sure I'm gonna get some flak for this but I'll share this question and it's background anyway. Please be gentle. In the past, with IPv4, we have used reserved or non-routable space Internally in production for segments that won't be seen anywhere else. Examples? A sync VLAN for some FWs to share state. An IBGP link between routers that will never be seen or advertised. In those cases, we have often used 192.0.2.0/24. It's reserved and never used and even if it did get used one day we aren't routing it internally. It's just on segments where we need some L3 that will never be seen. On to IPv6 I was considering taking the same approach. Maybe using 0100::/8 or 1000::/4 or A000::/3 as a space for this. Other than the usual Hey, you shouldn't do that can anyone give me some IPv6 specific reasons that I may not be forecasting that would make it worse doing this than in an IPv4 scenario. I know, not apples to apples but for this question they are close enough. Unless there is something IPv6 specific that is influencing this -- -Hammer- I was a normal American nerd -Jack Herer
Re: Our first inbound email via IPv6 (was spam!)
On 6/5/2012 9:29 AM, Raymond Dijkxhoorn wrote: Looking more closely... Is this still work in progress? ;; ANSWER SECTION: comcast.net.358 IN MX 5 mx3.comcast.net. comcast.net.358 IN MX 10 mx1.comcast.net. comcast.net.358 IN MX 5 mx2.comcast.net. ;; ADDITIONAL SECTION: mx2.comcast.net.6958IN A 76.96.30.116 mx3.comcast.net.358 IN A 68.87.26.147 mx1.comcast.net.358 IN 2001:558:fe14:70::22 You are now only accepting IPv6 if all IPv4 fails? Or will records for mx2 and mx3 added later? Actually, I've had a problem with my version of sendmail on solaris choosing mx1.comcast.net and then reporting host not found. I think this is an issue with address selection, despite the server not being setup for v6 (os/sendmail are set for v6 support, but no assignment). I can't think of another reason why it would bounce 800+ emails with relay=mx1.comcast.net but have 0 logs for mx2/mx3. Jack
Re: using reserved IPv6 space
On 2012-07-13 18:11, Tom Cooper wrote: [..] As an IPv6 newbie myself Play with it and get your ears wet, it is still not entirely too late to start to learn to swim ;) , I wonder how hosts handle link local, ULA and global addresses. For example, if you have some internal web traffic used for intranet use only, do you bind those servers to use only ULA addresses? This way your internal users with ULA addressing only have access to those servers? No need to give intranet-only servers a global address if they're not needed to be accessed globally. You could do that indeed, thus have clients have only a global (and link-local address) and only make a certain prefix, be that ULA or a specific chunk of your global prefix only available to your internal network that are used for your internal services. As long as the prefix is stable you likely do not care if it is global or ULA, this as when a misconfiguration happens in such a way that that prefix is not properly firewalled away or gets routed it happened. As can be clearly seen in various routing tables filtering is not happening everywhere, thus it won't buy you that much; proper policy, automation and verification will avoid fat fingers much better though. Also, not that a firewalled prefix only brings one that much security, the higher chance is that the client host gets infected or compromised. Is there a way for hosts to prefer or attempt to connect to a service by first trying a link-local scope, then a ULA and finally a global address if its off the AS? RFC3484, aka /etc/gai.conf and friends on other OSs. It is not easy to distribute this though. I really like the idea of ULA and think it makes much more sense than RFC1918 + NAT. I just don't have any deployment experience with it yet so I'm curious how the host would handle it. ULA is meant for non-internet connected devices. As such NAT does not come into play as one will have a unique ULA prefix that will not clash when you inter connect them privately with other networks. RFC1918 + NAT primarily makes sense as it allows one to hookup devices to the Internet without 'wasting' more public addresses, that problem does not exist with IPv6 though. Greets, Jeroen
Real world sflow vs netflow?
Can anyone on or off list give me some real world thoughts on sflow vs netflow for border routers? (multi-homed, BGP, straight v4 v6 only for web hosting, no mpls, vpns, vlans, etc.) Finding it hard to decipher the vendor version of the answer to that question. We use netflow v9 currently but are considering hardware that would be sflow. We don't use it for billing purposes, mostly for spotting malicious remote hosts doing things like scans, spotting traffic such as weird ports in use in either direction that warrant further investigation, watching for ddos/dos destinations to act on mitigation, or investigating the nature of unusual levels of traffic on switch ports that set off alarms. I'm concerned things like port scans, etc. won't be picked up by the NMS if fed by sflow due to the sampling nature, or similar concern if 500 ssh connections by the same remote host are sampled as 1 connection, etc. Of course these concerns were put in my head by someone interested in me continuing to use equipment that happens to output netflow data, hence me wanting some real people answers. :-) Thanks!
The Cidr Report
What's wrong? She asked, hearing the frustration in my voice. It got bigger. I said. What, your penis again? She said, outside of the door. Can I come in? Yeah, it's open. I said. My wife, Amanda, opened the door, peaking her head in. I smiled, because she looked so adorable peaking in like she was seeing a secret. I stood there, fully erect, with the tape measure in my hand. She smiled at me, then look at my penis. Ugh, do you have to use the tape measure, we use that for the sewing. It's unsanitary. It's easier to measure with this. Also it's the only way I can measure around. Besides, I wash it. I said. You wash the tape measure? She said, confused. I paused. Yeah. Right. She said. She then grabbed my penis, and examined it closely. hm...It's hard for me to tell, I'm playing with it everyday. How big is it now? 9.7 inches long, 6.3 around. I said. Holding my little notebook in my hand. I really don't want to pass 10 inches... My wife took it from my hand, and looked at it. Wait, this says you were 9.2 inches long and 5.9 around? Yeah.I said. That can't be right, you grew that much in just two weeks? She said, confused. Yes, it is. You helped me measure that time, remember? I said. Yeah, let me measure you now, you probably did it wrong. She said, taking the tape measure. She spun it around the shaft of my penis, in the middle. My shaft was oddly uniform, with no significant changes in girth up and down the shaft. Ok yeah...you did mess up... What? I asked. You did make a mistake. You are just past 10 inches long...and 6.6 around God dammit, that's almost an inch longer in 2 weeks... I said, frustrated. When I first realized I was growing, it was great and all, but now I was getting to a point where I was worried that it was causing my wife some discomfort. She would adapt usually, but the change in size would bother her sometimes. Whenever she would adapt, I would get bigger. I worried about the point when I would get too big for my petite wife. I guess since it's your hands, it just made me harder. Amanda's face look the same as it did when I met her. She was 19, now she is 23. She had bright green eyes. She had small facial features, except for her big eyes. Her hair was pitch black, and she never dyed it. She was against that. She never wanted to fall too deeply into her appearance. Which she could easily do, because she had this natural beauty that radiated from her. Everything on her face was cute and well placed, from the freckles across her nose and checks, to the dimples she got only when she was mad. Amanda was 5'4, weighing a fit 115 lbs. She was very healthy, exercising daily and eating perfectly. She was thin and fit, with a well toned body, a full, awesome ass, and massive, perky, full 30 DD breasts. Her breasts seemingly defied gravity. Even though her body really has no impact on the size of the penis she could take (considering she can still handle my 10 incher), she was always tight down below. Even before I started growing, I needed a good amount of foreplay to even be able to fit my normal 6 incher in there. Now that I'm bigger, I need a lot more foreplay. That doesn't make sense, how can you grow that much in just 2 weeks? She asked. I don't know, how can I grow from 6'2 to 6'6 in just 4 months? How can I gain almost 70 lbs, all of it muscle, in just 4 months, without working out? People constantly ask if I'm on steroids...not even body builders gain this much muscle this quickly. And look at my balls! If they get any bigger I'm not even gonna be able to walk correctly. I said. I'm 25, I shouldn't be having such a big growth spurt. Amanda just smiled at me. Tim, I don't understand how you are not liking this. I never thought a guy would be mad that he was getting taller, more muscular, and having a huge penis. No, I do like it...it's just...I don't want to hurt you. I'm worried I'll get too big for you. I said. She snickered a bit. Tim, I didn't marry you just because of your small penis. My ex was half your size when we got married, and I left him, didn't I? I continued the joke. He's so lucky, being so small. I wish I had a small cock. Oh, I totally do to. So tiny I could barely feel it. She said, pretending to daydream. I laughed a bit. I don't know...I just worry this might have some negative consequences. This whole time, Amanda was running her fingers up and down my long shaft. I have to say, though, I do love how you can stay harder for much longer now. Yeah... I said. And how much it stretches me... I licked my lips as she slowly moved her face toward my penis, and licked up and down the shaft. How it's so thick I can barely wrap my hand around it... She said, and went back to licking and stroking my penis. And how much you cum... She was right. Over the last 4 months, I've gained so much control over my erections, over the timing of my orgasms, the amount of orgasms I have, when and how much I
Re: The Cidr Report
It was 3 weeks after I passed the 10 inch mark. Our sex life was better than ever, even though I thought it would be the opposite. Amanda wanted sex several times a day. I never knew I was holding her back these years we were together. The fact that I have gained so much sexual power and stamina allows her to express her sexuality whenever she wanted it, and it was often. Luckily, this growth spurt happened after I got my job. It was a real good job, laid back. I could mostly work from home if I wanted, but I needed to establish myself, and went into the office often. Most importantly, I had great insurance, and was going to my first doctor's appointment today. I woke up to Amanda slowly rubbing her finger up and down my chest. Morning, Mister Giant. She said, with a smile. Her subtle smirk that meant she wanted to have sex. Hi. I said, groggily. I glanced around the room for a second, then back at Amanda. Sorry about the morning wood. I joked. Ha, it just means you are ready. She said. I glanced down, and saw the penis head sticking way out of the waist band of my boxers. Look, it's past your bellybutton. She said, poking my penis head. I sighed, frustrated. I hate this. Come on baby, you'll learn to like it. I did, right? She said. I'm past 11 inches... I said, annoyed. You could always do porn. I don't mind. She said, with a cute smile. I laughed a bit, and she looked disappointed for a second. I really want to go at it...who could say they took an 11 incher? But I got class. She said, with a kiss, and hoped out of bed. Amanda was working at her Masters degree. Are you gonna be home when I get back? Yeah, my doctor's appointment shouldn't take that long. I said, sitting up, watching her naked body strut to the bathroom. She knew she was turning me on. For a split second, she glanced at me just as she entered the bathroom, her smirk never leaving her face. She wanted to have sex so badly, and I felt bad for her. I just wanted to give her what she wanted. Luckily, she was more responsible than me, and knew when to say no. You know, She called out from the bathroom. I know it's been almost like, a month since the incident. She was referring to her friends, Rachel and Hannah, walking in on us having sex. Rachel and Hannah have never stopped talking about how lucky I am. Why's that? I asked. They seriously think you are the hottest guy ever. She explained. Even before the growth, they always said you were attractive. But after seeing how big you are, they have been disappointed with every guy since. Okay. I said, not sure what to say. I heard Amanda giggle a bit to my apathetic response. Why do you bring this up? Oh, no reason. She said. I finally met my new doctor, and was a bit shocked. She looked like she was younger than me, but the degrees around her office proved that she was a professional. She was amazingly sexy. She wore her doctor's coat, but that did little to hide her massive breasts, easily more than double my wife's size. Her doctor's coat was open in the front, and her clothes were professional underneath, but her extremely wide hips and tiny waist were still clearly visible. She was easily 6'4, with short red red hair, and beautiful facial features. She could've easily become successful with just her looks alone, but her awards were too plentiful to be based solely on her appearance. Talk around the office was that she was an amazingly sexy Amazon, but too cold and professional to ever let anything happen. You say only 5 months ago you were 6'2? She asked. Yes a bit less than 5 months ago, and 180 lbs. I explained. Now I'm passing 290 lbs, and... Yes, 6'7, I was there. I have to admit, it's funny that my nurse was unable to measure your height without my help. She said, and smiled. Yeah...well, I'm 25, there is no reason I should be growing this fast... I said. This quick of a growth spurt isn't even common for young adults going through puberty. She said. But I still need to complete this physical to send back to your offices. I would prefer we didn't. I explained. I'm...well. The growth spurt has impacted my...uh...genitals intensely as well. I said. Well, I think that just justifies that I should examine you more. She said, coldly. Um...I mean...I've been getting weird reactions from women lately... I said. Sir, I am a professional. She said, almost offended. Now please. I sighed, and took off my pants. I expected a look of surprise, but she made more a look of confusion. I apologize, I've just never seen such large testicles. She said. Don't be surprised, I have to examine your testicles to see if this is a liquid build up or cancerous material. She explained, and she moved my 5 inch flaccid penis out of the way, and with her hands in gloves, she cupped my testicles. She slowly rubbed her hangs around my testicles, feeling for cancer or any other irregularities. This is genuinely shocking. I didn't think
Re: The Cidr Report
A week later, I kept watching my body, examining every detail. I was annoyed that my doctor came onto me, but she was the only one I could use to reference my body size, and I wanted this to stop as soon as possible. Amanda, though, seemed unphased when I told her the story of what happened. She said she couldn't blame the doctor, because I am the hottest man alive. I was slightly annoyed by this. I wanted to be devoted to my wife, the love of my life, and she didn't even care. This was different. I remember when she told me she would ...rip your balls off and stick them so far up your ass that they would come out of yours eyes. if she ever caught me cheating. She was joking...but I could tell that she was deadly serious about cheating. Now, she is...almost encouraging me to cheat. I was more surprised, when after 5 hours of sex that night, she made an odd suggestion. So...remember how I said Rachel and Hannah couldn't stop talking about you? Amanda asked me. What? I thought you said they only said I was hot or whatever. Yeah, but they always say it. She said, giving me a peck on the nose. They...they kinda beg me to let them have some of you. She said. What? I was a bit confused. Rachel and Hannah were very attractive girls. They were high school friends with Amanda, and were just as fit as her. Rachel was tall, 6'1. She was small chested, but built like a fitness super model. She had thick, muscular legs, and the best ass I've ever seen. Her stomach had a significant outline of abs, and her shoulders were broad. her arms were defined, as she did weight lift often. She wasn't bulky or manly, but very fit. She was blonde, with green eyes. Hannah, on the other hand, was exotic looking. She was 5'5, and just as fit as Rachel and Amanda, except more built. She was half Arabic, and had dark skin, hair, and eyes. She was a C cup, with an amazing ass, and very wide hips. This looked amazing on her very small waist. I really want them here, with us. Amanda said, completely sincere. I was kinda scared of your reaction... Wait, you want me to have sex with them? I asked, confused. Well, I want all 3 of us with you, here. In our bed. She said. I shook my head. Our bed!? I felt like something sacred was being defiled. Am I the only guy...no, only person, who felt that sex had any special connection to it? Sex isn't something that should just be thrown around to anyone, Amanda! I Love YOU. Not Rachel, not Hannah, not that fucking doctor. You! I know that! She said, annoyed that it seemed like I was accusing her of not loving me. But this isn't something that is permanent. We're young! We should have a bit of fun for a while, you know? Maybe play around now, and then you can devote yourself to me. She suggested. I... I took a deep breath. This was making me incredibly sad. You told me yourself, You've only been with 1 girl before me, right? Ya... I said. So you are gonna go your whole life, with only 2 women, and think that will be enough for you? Are you cheating on me? I asked. What?! Why else would you be trying to get me to be with other women? You are trying to soften the blow!? I said. Ew! I would never cheat on you, you asshole! She shouted, and got out of bed. I'm giving you an offer. If I wanted to have sex with another guy, I would fucking ask. She said, angry, as she began to put on her clothes. This doesn't make sense, Amanda. you've never acted like this. Now that I'm huge, you want to share me? I said. My body has changed the way you look at me. No you idiot. I changed. I'm different. Everyone changes Tim. I'm willing to keep things the way they are. But I'm more open about changing them. The only thing that changed is that I want to try new things. That's it. She explained. Stop assuming things. I just want to have fun. If you don't wanna, that's fine. And I'm asking you now, do you want to do this? She said. I paused. 3 incredibly sexy women, all focused on me? Amanda really wanted to do this. This should be a dream come true. I think because this is all based in my growth, I'm scared of it. I hate even the good things coming from this growth, but I shouldn't put that onto Amanda. If it will make her happy...it's my obligation to do so. Fine. I said. She jumped up with joy, like a little kid allowed to do something after begging her parents. I'll call them right now! She said. On her phone, she talked fast, explaining the situation. She planned to have the event the next week. As the day approached, I got really sick. I'm not sure exactly what happened, but I could barely move. I laid in my bed for 3 days. The sex party was delayed until the next week. The day finally arrived. Amanda had been preparing everything. Candles, lube, sexy lingerie. She had Hannah and Rachel tested for any STD's, and made sure they were on birth control. She wanted this to be perfect. It was 3 weeks since I was last at my doctor, getting measured.
Re: The Cidr Report
I forgot how big he was... Hannah said. I told Rachel already, he grew even bigger. Amanda said. Let's get started. Amanda said, and unhooked her bra, and walked toward me. She pushed herself against me, and we began kissing, my erection slowly forming up. The other 2 girls followed suite, taking off their bras. Rachel was the first to grab my penis, stroking it as he grew in her hand. God...it keeps getting bigger. Rachel said, amazed at how big it was growing. Hannah got down on her knees, and sat between my legs as I sat on the bed. She went low, and softly began to lick my balls. Rachel, on the left side of me, softly tugged at my penis, watching as it grew and grew. I watched these two girls intently, as Amanda, on my right side, kissed my neck. Amanda glanced down, seeing my penis. It's hard now. Lets get started. I get middle. She said. Hannah shifted over, and Rachel got into place. With Rachel on the left side, my wife in the middle, and Hannah on the right, all 3 of them began to lick up and down my giant foot long penis. I'm not sure who it was, but there was a hand cupping and playing with my balls. The girls alternated kissing each other randomly, while still licking my member. It quickly grew shinny with their saliva. Lay back. Amanda said, as she got up. God...it's longer than my face. Hannah said, as she put her face against my penis. Rachel put her arm up next to it, and laughed a bit. I don't know...it's longer than my forearm, is that thing going to fit inside of me? The look of awe never left their face this entire time. I was laid back, and Amanda came and sat on my face, facing the 2 women who kept licking and stroking my genitals. I licked and nibbled at Amanda, knowing exactly what got her going, her beautiful ass on my face. This continued for several moments, until Amanda got up. Okay, let me take it first, and you guys get warmed up. You can't take this thing without some foreplay. Amanda said, and stood at the foot of the bed where I sat. She slowly inserted herself down onto my giant penis, moving up and down while softly rubbing her clit. I still laid back, as I suddenly see Rachel put her womanhood in my face, her butt pointed toward Amanda. I took this hint, and began eating her out. Hannah sat with her back against the headboard of our king size bed behind me. Rachel bent down as I ate her out, and began to eat out Hannah. The room was full of the 3 beautiful girls moaning and breathing heavy, as Amanda slowly took more nad more of my giant member. Amanda began moaning softly, then her moans increased in volume. This was unusual, because Amanda was usually as quiet as a mouse during sex. I couldn't see much, but I felt liquid pouring down on my waist and penis, as Amanda began moaning having an intense orgasm. I felt her shaking slightly as she got off my penis, her orgasm lasting for a good 4 minutes. Were you having an orgasm that whole time? Rachel asked. Amanda smiled. Yeah... She panted. Try it out. Go ahead. Hannah said. I don't think I'm ready yet. Rachel smiled, and jumped off my face. I sat up, and she faced away from me, going reverse cowgirl. She stuck her delicious, perfect ass out slightly at me, and I grabbed and caressed it slightly, and then slowly led it onto my giant penis. She bit her lip as she slowly plunged downward. Oh God...this is fucking huge... She said. God She said, as she slowly moved up and down. I feel like I'm being torn in half... Hannah sat next to me, watching intently. As Rachel slowly moved farther and farther down my penis, trying to adapt to it, Hannah was watching and smiling. I glanced over at Amanda, who was rubbing herself. She still didn't have enough. I slowly moved my hand over to Hannah, and began rubbing her vagina, and then fingering her. Oh God your right...even his fingers are big. I keep wondering how much bigger he'll get. Hannah said. I cringed a bit. Rachel moaned softly. I hope he keeps growing...this is amazing. I cringed more. Oh, I feed my man. Keep him healthy. He's getting as big as possible. Amanda said, with a huge smile. I closed my eyes, and tried to ignore this conversation. Whatever you're feeding him, keep it up! Hannah said. I can't stop picturing him bigger and bigger... Amanda said. I never thought so much man would be such a turn on. Hannah said, as I continued to finger her, and she began to pant, and move in really close to me. I hate this conversation. I don't want to grow anymore. Oh God...oh fuck...yeahyeah oh yeah! Rachel started repeating these cliche sayings over and over again, as wave after wave after wave of orgasm slammed her body. Her legs gave way, and she fell forward. I quickly grabbed her around her waist, and stood up holding her. I turned her around, and she leaned over the bed, on her knees. She regained control over he extremities, as I slowly pulled out. NO! Keep going! Fuck me! I obliged, pushing
Re: The Cidr Report
Ugh... I mumbled, sitting at my desk, tugging at my shirt and pants which were uncomfortably tight on me. I remember buying this shirt last week, and it was already small. It bothered me that on one of the few days I actually had to be in the office, I was already bigger. It didn't help that all the women in the office were constantly flirting with me, testing my loyalties to my wife. This office had an unusually high number of female workers, especially in a field like mine, which only 15% of females actually wanted to be in. Yet, 70% of the employees were female. Young, attractive females. Young, attractive females that all wanted me. I gave as many of them the cold shoulder as I could. That was, until Linda popped her head around the corner. Hi, Tim. haven't seen you in a while. She said. I had met Linda in college, but we stayed platonic friends. Based on our positions at work, we ended up having lots of work together. This was a bit tough, because Linda is...well...very hot. There was always random flirting, and I've gotten a few drunk phone calls of her propositioning me for sex. But my ever growing body made her more bold, and my ever growing sexual appetite wore away at my will power. Oh, Hey Linda. What's going on. Linda was good at keeping me at a distance though. An office fling could ruin her career if people found out about it. But today was different. I had grown significantly. She was extremely sexy, too. She had a thin and lean body. She had the body of a super model, standing at 5'11. Her breasts were big for her body, a 32C. She had long, flowing dark brown hair, that went down to her mid back. Her eyes were grey, sitting very well on her beautiful face. Linda could get whatever she wanted with her looks. She had too much integrity to use her looks to get ahead, though. She was in her position on merit alone, even though no one else believed it. Not much. You're looking good. I see the gym has been kind to you. She said, with a smile. Uh...Yeah. I said, not wanting to give her any wrong signs. I tried to avoid eye contact...but she is gorgeous. I would attempt to steal glances at her, and she caught me every time. You look taller, too. Did you get taller? Aren't you too old to still be getting taller? She asked, trying her best to get a conversation going with me. I don't think gyms make people taller. I said. She laughed. I wasn't trying to be funny, she was flirting. Well, I know how stressful things get around here. Everyone needs someway to blow off steam. You go to the gym, and I...well... She fixed her posture a bit, and stuck her chest out slightly. ...have other things. She put her hand on my shoulder. I paused, and tried not to move. There is something more to this. Even being this much bigger shouldn't attract women like this...right? Her touch, even though the shirt, got my heart racing. it didn't help that my flaccid penis and testicles were so big in my tight pants, that they already showed, creating what Linda could've misinterpreted as an erection. Well...misinterpreted for now. Uh...Linda. I said, putting up my hand with the wedding ring. I'm married. I said. So? That doesn't mean we can't have fun. What is this, some Muslim country. She said, and smirked. That didn't sound much like Linda. She was usually very sensitive to other cultures. Especially with the news lately, Muslim-jokes were a sensitive topic for her. I thought you said they were only that way because of exploitation and... Tim, it was a joke. She said, rubbing my shoulder softly. I know I could've ended this by just removing her hand. But I didn't. She was hard to resist. In all the time I've known Amanda, I've never met a girl I ever considered more beautiful than her. I considered myself lucky that I found no girl more attractive than Amanda. Except for Linda, who had the face that only corny legends spoke of. Linda...please... I said, trying to keep my eyes on my computer. She was behind me, to my left, standing over me. She leaned her head forward a bit. Tim, only one time. We've known each other for a long time. Don't you think it's unfair that we never got to have sex? She said. She leaned forward, and a button popped off her blouse, which landed right on my keyboard. This confused me a bit, considering her blouse didn't look tight a few moments ago. I glanced back and up at her, and almost gasped at the sight. Her breasts looked massive. I closed my eyes quickly, and looked back at my computer screen. Linda, please go. I said, feeling my pants grow tighter in my crotch, as my penis slowly began to erect. Linda smirked, and rebuttoned her shirt, with the button that was still sitting on my keyboard. I looked back up at her, and her breasts were back to normal. She slowly left my cubical, trying her best to look sexy as she did so while giving a small, sexy sigh. I looked on my desk, where I swore the button had flung to, and it
Re: Real world sflow vs netflow?
On 2012-07-13 19:30, David Hubbard wrote: [..] We don't use it for billing purposes, mostly for spotting malicious remote hosts doing things like scans, spotting traffic such as weird ports in use in either direction that warrant further investigation, [..] The primary difference between NetFlow/IPFIX and sFlow is that NetFlow is unsampled while sFlow is sampled. As such, for these kind of cases it might be more worthy to have NetFlow than sFlow as you get all the source/dest ports. On the other hand sFlow can give you packet headers and that might be useful if you get every first say 200 bytes of every flow. Though depending on the hardware and traffic volume and traffic mix you might have to sample anyway. Oh and there is a small difference in the packet formats and the idea behind why something exists, but that won't hurt you too much. Greets, Jeroen
Re: The Cidr Report
L-Linda? I was losing it. What...what's happening to you? She put her hand on my chest, and pushed me back into the bathroom. She turned around, and closed the door, locking it behind her. I'm one of the most beautiful girl's you've ever seen, eh? She said, unbuttoning the top button of her tight blouse. This gave me a flashback of when her breasts somehow...grew? My erection restarted it's trajectory toward full erection. It thickened, causing it to look like my pants were painted over it. My penis head moved further and further right, at first moving along my thigh, but then coming off it as my penis hardened. My penis struggled to get to it's natural position. Linda, that was a private conversation. I said. You're right. She said. I shouldn't have listened, but I couldn't help it. I want you so badly. And your wife doesn't mind, right? Linda...please. I said, my penis aching, still swelling and trapped within my too tight pants. It began to hurt. She glanced down, and gasped. There was a pause for a few moments, as it continued to enlarge. My God...it's so big...and it's still getting bigger? She said, and bit her lip. She grabbed her blouse, and ripped it open. Her breasts were absolutely massive, and bulged out of her bra in every direction. I gasped. Linda! I said, looking away, and then back quickly. I still tried to convince myself that I was trying to resist. With that, my penis had a surge, reaching it's full erect size quickly. A tearing sound began to fill the air. What was that... she asked. I thought it was her breasts suddenly growing again. But when I looked down, seeing my penis, pointed sideways in my pants, slowly forcing it's way forward. It was ripping out of my cheap pants (which I got because I didn't want to waste money on pants I would just outgrow again). Oh crap... I whispered to myself, as my penis flung forward, ripping my pants open in front. My penis throbbed, pointing directly at her. Oh God! That's amazing! She said, quickly throwing her shirt off, and grabbing my penis, stroking it with vigor. This is so fucking big! I can't believe it's so hard and big that it ripped out of your pants! She said. I knew you were packing, I just thought you were packing a human penis. I can't wait to have this thing in me. Give it to me you fucking jerk, hiding this from me all this time. You made me wait too long for it. She said, and begun viciously stroking and licking my giant member. Oh God it tastes so good...it's so big...It's gotta be almost 13 inches. I was confused. I measured my penis this morning at 12.8 inches long, and 7.6 inches around. How did she know just from eye balling it? This thought was quickly replaced by the intense blow job she was giving me. I don't even know how she managed to fit my giant penis head so far down her throat. She plunged her mouth down more than half of my penis, I felt her tongue shifting around around it to the best of her ability. Her mouth looked small, but opened wide. Her thick, juicy lips wrapped around my penis, shifting and moving perfectly. She was an expert at this. God... I said, this felt amazing. She took her mouth off, and stroked with both hands. This is by far the biggest dick I've ever had. I've never met a dick I couldn't swallow completely. You are a challenge Tim... She said. and started licking, kissing, and sucking on my giant balls. Even your balls are huge...it's like 2 eggs...no wait...these are too big to be eggs. She said, with a giggle. Her hands were grabbing whatever she could touch. She attempted to deepthroat again, her hands clawing at my thighs and lower back. She wanted more and more. I began to doubt that even I was enough for her with the way she was acting. I gave up the act of resisting. I pulled the remainders of my pants down, and kicked them away, finally happy to have my lower body freed from the tight confines of my ever shrinking clothes. Linda managed to plunge more and more of my gigantic penis down her throat. I tried to wrap my mind around how she was able to do it, but it felt too good for me to focus, or really even care. I attempted to unbutton my dress shirt after throwing off my tie, but it was hard to do while being blown. My shirt was so tight on my body, that it was hard to get the buttons off. Frustrated, I ripped it open, and let it fall behind me. Now only in my shoes, Rachel continued to work my throbbing member. Her saliva dripped down my shaft and onto the floor. She tried her best to swallow, but my penis was incredibly hard, and wouldn't curve down into her throat. God dammit...I've never met a dick I couldn't deep throat. You're my white whale, Tim. She joked. I guess I gotta give up for now. She said, and stood up. She turned around, and stepped over my penis, so it was between her legs, and she was facing away from me, but her body pushed up against me. I reached down between her legs, lifting her skirt up.
Re: The Cidr Report
I finally got home. The car ride felt like it took forever. My clothes tattered by either my superhumanly strong boner, or the amazing sex I just had. For the first time in literally 10 years, I was crying. I wasn't a guy who cried. But this...I betrayed my wife. I loved her. And no matter how many times she said it was fine, I still felt horrible. What the... She said, as I walked into the house. Tim? What's wrong, what happened? She was worried. I'm so sorry... I said. I'm so sorry. Sorry for what? What happened? Why are your clothes ripped? She asked. I didn't want to have sex with her Amanda. I couldn't help it...all these women...they won't leave me alone. I said, falling to my knees, and hugging her around her torso. She smiled a bit. Tim...it's alright...I don't know why you are so broken up over this. I told you it was okay. No Amanda, it's not okay. You wouldn't do this to me. I wouldn't want you to, and you wouldn't do it. I said. Your right. I wouldn't. Because you told me not to. But I know if I told you not to, you wouldn't have either. She said. No. I responded. Given enough time, I would've cracked. This isn't who I am. I don't know what's happening to me. I don't want to only think about sex. I don't want to grow if this is what it turns me into. I said. Tim, I would be selfish to not share... She said. Stop it! I said, I stood up. I don't want to be shared! I'm not a fucking lawn mower. I was pissed. I stormed out of the house, still in tattered clothes. A block away was a park. It was later in the day, and there wasn't anyone there. It was surrounded by trees, so it didn't get much outside observation. I just wanted to sit, and think. Tim! She said, out the door, on the porch. I just kept walking. God dammit. I said, walking past the park. There were people there, and I didn't want to expose myself. I went farther, into the woods nearby. It wasn't dense, and I was able to walk through easily. My mind was going a mile a minute, my emotions were all over the place. I began to get dizzy. I stumbled around a bit, and then leaned back against a tree. For a moment, the feeling was gone, and I stood up straight. Then it overwhelmed me again. I looked down at myself. Something was happening. I looked at my hands. This was getting weird. I could see...I could see them...growing. Oh God... I said. I looked down, I watched my chest balloon outward slowly. I looked to my side, and watched my arms and shoulders building up more and more muscle, before my very eyes. God...no I grunted, and stumbled back, and leaned against the tree again. My penis started to erect, but I wasn't aroused. I grunted again, as I felt my back muscles growing into the tree. I expressed my frustration with this, as I felt my back slowly being scratched as it slide upward along the tree. I was getting taller too. I looked down again, my penis fully erect. No... I said. No no no... Watching my penis swell up larger. Don't grow...stop... All I could do was watch, as my penis grow just past my previous size. I let out a louder grunt, and my muscles began to rip out of the parts of my shirt that weren't ripped. My thighs breaking through the seams of my pants. My butt filling with muscle pushing anything that was left outward. It ended after what seemed like hours, but was only a few minutes. I wasn't much taller. I was 6'9 that morning, but I gained an inch and a half in height. My penis swelled to just below 14 inches, and just above 8 inches around. My testicles swelled slightly too. But the biggest impact were my muscles. It was obvious, I put on more than 60 lbs. I was now 390 lbs, of strong, monstrous muscle. I had no idea what to do. I had to get back to Amanda. I grunted, and fell into the doorway. Amanda was on the phone. I think that's him, I'll call you back. She said, and turned the corner. Her eyes widened. Tim! She said. I was breathing heavy. I need to go to the doctor... I said, sitting up. Amanda's voice seemingly healed me. I slowly made it to my feet. I shook my head... Tim...you...did you grow? She said. Your muscles are...massive. She said, in awe. There was a silence for a few moments, and she slowly stepped back, and grabbed her keys. When she came back, the door was closed. Tim... She said, a bit confused. I walked toward her. Do you still wanna go? She asked. Not yet. I said. I picked grabbed her waist, and threw her over my shoulder with one hand. She laughed. Tim! She said, excited. She began to feign helplessness. No, please, don't take me to your evil, well furnished bedroom and have your way with me! She joked, and I walked upstairs with her. I threw her on the bed, and she bounced. She laughed again. Tim, I've never seen you like this... She said. I grabbed her shirt and bra at the same time with one of my massive hands, and pulled them off of her in one quick motion, and she gasped, and sighed softly. Tim...this is
Re: The Cidr Report
if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees
Re: The Cidr Report
I think the effort to moderate this particular list would be far to much effort. * * *Skeeve Stevens, CEO - *eintellego Pty Ltd ske...@eintellego.net ; www.eintellego.net Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco – IBM On Sat, Jul 14, 2012 at 3:46 AM, Grant Ridder shortdudey...@gmail.comwrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees
Re: Real world sflow vs netflow?
Hi David, I'm not sure that sflow is going to get your the granularity that you are looking for. It's usually better to start more granular and then aggregate into larger flows when you graph or reference for historic values. Have you looked at other options, such as argus [1] to collect flow data outside of the networking gear? This way the networking gear can do what its primary job and flow collection can happen elsewhere. There's a whole argus community that discusses the information security topics you're interested in and Carter, the guy who wrote all (?) of the code is very responsive. Argus can also take in NetFlow flows from your routers too. There are obviously other tools available, that may work as well or better, but argus is one I've been using with great success in a fairly heavily trafficked environment. Cheers, Harry [1] http://www.qosient.com/argus/ On 07/13/2012 01:30 PM, David Hubbard wrote: Can anyone on or off list give me some real world thoughts on sflow vs netflow for border routers? (multi-homed, BGP, straight v4 v6 only for web hosting, no mpls, vpns, vlans, etc.) Finding it hard to decipher the vendor version of the answer to that question. We use netflow v9 currently but are considering hardware that would be sflow. We don't use it for billing purposes, mostly for spotting malicious remote hosts doing things like scans, spotting traffic such as weird ports in use in either direction that warrant further investigation, watching for ddos/dos destinations to act on mitigation, or investigating the nature of unusual levels of traffic on switch ports that set off alarms. I'm concerned things like port scans, etc. won't be picked up by the NMS if fed by sflow due to the sampling nature, or similar concern if 500 ssh connections by the same remote host are sampled as 1 connection, etc. Of course these concerns were put in my head by someone interested in me continuing to use equipment that happens to output netflow data, hence me wanting some real people answers. :-) Thanks!
Re: The Cidr Report
On 7/13/2012 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right. These emails seem to be originating from comcast (75.144.246.6). Please note I said seem to be since it's very easy to forge such things. I was quite sad when yahoo started dispensing *new* accounts from Rocketmail (a property they acquired in the long ago times), since I have a rocketmail account that long predates yahoo, or the acquisition. Still, there needs to be a filter of some sort set up. Mailman permits this, and I'd be a fan of it. It seems to be generated by someone who has the serious hate on for the list. That actually narrows it down quite a bit. Maybe I'll do a bit of traffic analysis over the weekend. Or not... -- Politicians are like a Slinky. They're really not good for anything, but they still bring a smile to your face when you push them down a flight of stairs.
Re: using reserved IPv6 space
-Hammer- bhmc...@gmail.com a écrit sur 13/07/2012 12:21:13 PM : I like the ULA approach. Global and ULA are two approach, but there's a third one: GUA + ULA. We actually put a GUA on servers speaking publicly, a ULA on servers speaking in our domain only and *both* ULA and GUA on servers which talk both ways. Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA connections only (just simple URPF over two interfaces). This setup works very well, surprisingly we've had very little source address selection problems so far (knock on wood). We're very happy that the separation between public and private networks is clear, it helps a lot with debugging and service separation. /JF
Re: The Cidr Report
Mailman also allows keyword filtering On Fri, Jul 13, 2012 at 12:56 PM, Lynda shr...@deaddrop.org wrote: On 7/13/2012 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right. These emails seem to be originating from comcast (75.144.246.6). Please note I said seem to be since it's very easy to forge such things. I was quite sad when yahoo started dispensing *new* accounts from Rocketmail (a property they acquired in the long ago times), since I have a rocketmail account that long predates yahoo, or the acquisition. Still, there needs to be a filter of some sort set up. Mailman permits this, and I'd be a fan of it. It seems to be generated by someone who has the serious hate on for the list. That actually narrows it down quite a bit. Maybe I'll do a bit of traffic analysis over the weekend. Or not... -- Politicians are like a Slinky. They're really not good for anything, but they still bring a smile to your face when you push them down a flight of stairs.
Re: The Cidr Report
On 13/07/12 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees +1 jc
Akamai infrastructure tech
If someone with Akamai is watching, can you please have someone from infrastructure contact me? We host an Akamai server, a drive started taking errors, Akamai shipped us a new drive, but did not tell us which of the eight drives in the server needs to be replaced. Normal contact channels have resulted in voicemail or no clue :( Thanks, -Robert
RE: Akamai infrastructure tech
That's unusual... we've gone through hard drive replacements many times and always gotten a detailed email from them before the hard drive arrived Paul -Original Message- From: Robert Glover [mailto:robe...@garlic.com] Sent: July-13-12 2:32 PM To: nanog@nanog.org Subject: Akamai infrastructure tech If someone with Akamai is watching, can you please have someone from infrastructure contact me? We host an Akamai server, a drive started taking errors, Akamai shipped us a new drive, but did not tell us which of the eight drives in the server needs to be replaced. Normal contact channels have resulted in voicemail or no clue :( Thanks, -Robert
Re: using reserved IPv6 space
On Fri, Jul 13, 2012 at 1:56 PM, jean-francois.tremblay...@videotron.comwrote: -Hammer- bhmc...@gmail.com a écrit sur 13/07/2012 12:21:13 PM : I like the ULA approach. Global and ULA are two approach, but there's a third one: GUA + ULA. We actually put a GUA on servers speaking publicly, a ULA on servers speaking in our domain only and *both* ULA and GUA on servers which talk both ways. Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA connections only (just simple URPF over two interfaces). This setup works very well, surprisingly we've had very little source address selection problems so far (knock on wood). We're very happy that the separation between public and private networks is clear, it helps a lot with debugging and service separation. Of the top of my head, the first problem you might hit there is WRT multicast ... *(ULA might win some source address selections that you want GUA to win)* /TJ
Re: DNS Changer items
On Jul 7, 2012, at 10:31 AM, Jay Ashworth wrote: - Original Message - From: Seth Mattinen se...@rollernet.us On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said: The dns-ok.us site is getting crushed from all the sudden media interest. One wonders why it's so hard to get the media interested when it would be *helpful*. DNS Changer gets traction like 3 days before the drop dead date, IPv6 gets on the radar *after* we run out of v4 /8's to give to regionals, etc... Reactive is easier to justify to the powers that be than proactive. It's easier to justify *not* being smart enough to deal with the problem when it doesn't cause a major disruption? When it isn't causing a major problem, the powers that be have a harder time understanding the need to act. Once it is causing a major disruption, the powers that be have no trouble understanding the need to act. This is not veneration of stupidity, it is human nature. Often summarized in the colloquialism The squeaky wheel gets the grease. Owen
Re: Netsol AAAA glue
On 07/13/2012 06:43 AM, Brandon Applegate wrote: So I sent an email over a week ago to ipv6...@networksolutions.com - and since I've only recieved the auto reply. A year or so ago I did this and got very quick turnaround, but now just dead air (sent another email yesterday). Wanted to see if others had the same results (recently) and any advice before I call into phone tree hell. Thanks. I waited over a month before I finally got fed up and e-mailed nanog for advice. I was told to e-mail lis...@networksolutions.com and amazingly, it worked -- within a day, my records were changed. Jeff
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 14 Jul, 2012 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 416525 Prefixes after maximum aggregation: 175957 Deaggregation factor: 2.37 Unique aggregates announced to Internet: 202804 Total ASes present in the Internet Routing Table: 41495 Prefixes per ASN: 10.04 Origin-only ASes present in the Internet Routing Table: 33311 Origin ASes announcing only one prefix: 15683 Transit ASes present in the Internet Routing Table:5581 Transit-only ASes present in the Internet Routing Table:135 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 31 Max AS path prepend of ASN ( 51742) 24 Prefixes from unregistered ASNs in the Routing Table: 404 Unregistered ASNs in the Routing Table: 131 Number of 32-bit ASNs allocated by the RIRs: 2974 Number of 32-bit ASNs visible in the Routing Table:2603 Prefixes from 32-bit ASNs in the Routing Table:6761 Special use prefixes present in the Routing Table:1 Prefixes being announced from unallocated address space:162 Number of addresses announced to Internet: 2565104428 Equivalent to 152 /8s, 228 /16s and 99 /24s Percentage of available address space announced: 69.2 Percentage of allocated address space announced: 69.3 Percentage of available address space allocated: 99.9 Percentage of address space in use by end-sites: 93.0 Total number of prefixes smaller than registry allocations: 144361 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 101982 Total APNIC prefixes after maximum aggregation: 32789 APNIC Deaggregation factor:3.11 Prefixes being announced from the APNIC address blocks: 102433 Unique aggregates announced from the APNIC address blocks:42106 APNIC Region origin ASes present in the Internet Routing Table:4715 APNIC Prefixes per ASN: 21.72 APNIC Region origin ASes announcing only one prefix: 1243 APNIC Region transit ASes present in the Internet Routing Table:739 Average APNIC Region AS path length visible:4.6 Max APNIC Region AS path length visible: 26 Number of APNIC region 32-bit ASNs visible in the Routing Table:245 Number of APNIC addresses announced to Internet: 704212608 Equivalent to 41 /8s, 249 /16s and 110 /24s Percentage of available APNIC address space announced: 82.3 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:152258 Total ARIN prefixes after maximum aggregation:77460 ARIN Deaggregation factor: 1.97 Prefixes being announced from the ARIN address blocks: 153294 Unique aggregates announced from the ARIN address blocks: 68403 ARIN Region origin ASes present in the Internet Routing Table:15189 ARIN Prefixes per ASN:10.09 ARIN Region origin
Re: using reserved IPv6 space
TJ trej...@gmail.com a écrit sur 13/07/2012 02:47:26 PM : Of the top of my head, the first problem you might hit there is WRT multicast ... (ULA might win some source address selections that you want GUA to win) /TJ Good point, thanks for pointing that out. We'll see when we deploy network-wide IPv6 multicast... not there (yet). /JF
Communications Committee volunteers [was: The Cidr Report]
On Jul 13, 2012, at 14:20 , JC Dill wrote: On 13/07/12 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees +1 Most excellent! Just so you know, the admins are the Communications Committee, and they are always looking for new volunteers. I assume you both will be volunteering forthwith? -- TTFN, patrick
Re: Communications Committee volunteers [was: The Cidr Report]
On Jul 13, 2012, at 3:49 PM, Patrick W. Gilmore wrote: On Jul 13, 2012, at 14:20 , JC Dill wrote: On 13/07/12 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees +1 Most excellent! Just so you know, the admins are the Communications Committee, and they are always looking for new volunteers. I assume you both will be volunteering forthwith? They already did in public. I don't think they can turn it down now :) - Jared
Re: Communications Committee volunteers [was: The Cidr Report]
The admins say they are working on a content filter system. All you really should have to do if do keyword filtering in mailman. I have this setup on a maillist that i manage. On Fri, Jul 13, 2012 at 2:51 PM, Jared Mauch ja...@puck.nether.net wrote: On Jul 13, 2012, at 3:49 PM, Patrick W. Gilmore wrote: On Jul 13, 2012, at 14:20 , JC Dill wrote: On 13/07/12 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees +1 Most excellent! Just so you know, the admins are the Communications Committee, and they are always looking for new volunteers. I assume you both will be volunteering forthwith? They already did in public. I don't think they can turn it down now :) - Jared
Re: Akamai infrastructure tech
Thanks to everyone who responded; we've got this completely taken care of! On 07/13/2012 11:32 AM, Robert Glover wrote: If someone with Akamai is watching, can you please have someone from infrastructure contact me? We host an Akamai server, a drive started taking errors, Akamai shipped us a new drive, but did not tell us which of the eight drives in the server needs to be replaced. Normal contact channels have resulted in voicemail or no clue :( Thanks, -Robert
Re: Communications Committee volunteers [was: The Cidr Report]
On Jul 13, 2012, at 16:02, Grant Ridder wrote: The admins say they are working on a content filter system. All you really should have to do if do keyword filtering in mailman. I have this setup on a maillist that i manage. How well would that actually work against what seems to be a bored individual with nothing better to do but send this stuff here? Any keyword filters can be easily circumvented in the same way spammers have done for years. We'll just be seeing these stories with lots of pen1s or similar quick edits.
Re: Real world sflow vs netflow?
Hi David, The main architectural difference between sFlow and Netflow is the location of the flow cache: 1. NetFlow: Packets are decoded on the router, flow keys are extracted and used to lookup/create an entry in a flow cache which is then updated based on values in the packet. Records are exported from the flow cache in the form of Netflow datagrams when the flow completes or based on a timeout. 2. sFlow: Packets are randomly sampled in hardware and the packet headers are immediately exported as sFlow datagrams - there is no flow cache on the switch/router. In addition to exporting the packet header, the sFlow agent captures the FIB state associated with forwarding the sampled packet, exporting information such as next hop router, AS-path, communities etc. An sFlow agent also periodically sends all the MIB-II interface counters, eliminating the need for SNMP polling - this isn't very important if you are only monitoring a few links, but makes a big difference if you are monitoring large chassis switches or tens or hundreds of thousands of ports in a data center or campus environment. Moving the flow cache off the router has a number of benefits: 1. You are no longer limited by the hardware/firmware capabilities of the router - your analysis software decides which fields to decode and how to accumulate results. For example, if you are managing a mixed IPv4/IPv6 environment you can decide to use sFlow to look into v6 over v4 and v4 over v6 tunnels (to do the same thing with Netflow would likely require a hardware upgrade). You can even feed sFlow into Wireshark for detailed analysis of protocols and packet headers. 2. Operational complexity is greatly reduced since the configuration options and resource management issues associated with the flow cache are eliminated. 3. Low latency. Measurements aren't delayed by the flow cache - you can detect DDoS attacks/large flows within seconds. 4. Scalability - you can turn on sFlow on every link (even 100G links), on every device for a comprehensive view of traffic. 5. Multi-vendor interoperability. The sFlow measurements are interoperable across vendors (since very little processing is performed on the devices). With NetFlow, different vendors and devices have different hardware limitations affecting the fields that they can export. Unsampled Netflow is only practical for moderate traffic levels. If you carry significant traffic you would want to enable sampling anyway, even with Netflow. However, there are a wide range of Netflow sampling implementations, many of which yield questionable results. In contrast, the sFlow standard specifies how sampling must be performed and ensures that information is included that allows the sampled data to be correctly scaled and produce unbiased measurements. Cheers, Peter On Fri, Jul 13, 2012 at 10:30 AM, David Hubbard dhubb...@dino.hostasaurus.com wrote: Can anyone on or off list give me some real world thoughts on sflow vs netflow for border routers? (multi-homed, BGP, straight v4 v6 only for web hosting, no mpls, vpns, vlans, etc.) Finding it hard to decipher the vendor version of the answer to that question. We use netflow v9 currently but are considering hardware that would be sflow. We don't use it for billing purposes, mostly for spotting malicious remote hosts doing things like scans, spotting traffic such as weird ports in use in either direction that warrant further investigation, watching for ddos/dos destinations to act on mitigation, or investigating the nature of unusual levels of traffic on switch ports that set off alarms. I'm concerned things like port scans, etc. won't be picked up by the NMS if fed by sflow due to the sampling nature, or similar concern if 500 ssh connections by the same remote host are sampled as 1 connection, etc. Of course these concerns were put in my head by someone interested in me continuing to use equipment that happens to output netflow data, hence me wanting some real people answers. :-) Thanks!
Re: using reserved IPv6 space
On Jul 13, 2012, at 4:24 PM, Randy Bush wrote: keep life simple. use global ipv6 space. randy Though it is rare, this is one time when I absolutely agree with Randy. Owen
Re: using reserved IPv6 space
On Fri, 13 Jul 2012, Owen DeLong wrote: On Jul 13, 2012, at 4:24 PM, Randy Bush wrote: keep life simple. use global ipv6 space. randy Though it is rare, this is one time when I absolutely agree with Randy. It's even more rare for me to agree with Randy AND Owen at the same time. -- Brandon Ross Yahoo AIM: BrandonNRoss +1-404-635-6667ICQ: 2269442 Schedule a meeting: https://tungle.me/bross Skype: brandonross
The Cidr Report
This report has been generated at Fri Jul 13 21:10:00 2012 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date PrefixesCIDR Agg 06-07-12418603 242444 07-07-12418670 242326 08-07-12418651 242260 09-07-12417976 242235 10-07-12418251 242235 11-07-12 0 242235 12-07-12 0 242235 13-07-12 0 242235 AS Summary 0 Number of ASes in routing system 0 Number of ASes announcing only one prefix 3390 Largest number of prefixes announced by an AS AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc. 0 Largest address span announced by an AS (/32s) æØÿÿÿ : BELLSOUTH-NET-BLK - BellSouth.net Inc. Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 13Jul12 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 418251 242235 17601642.1% All ASes AS6389 3390 190 320094.4% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS7029 3281 1636 164550.1% WINDSTREAM - Windstream Communications Inc AS17974 2146 606 154071.8% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia AS22773 1655 136 151991.8% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4766 2710 1251 145953.8% KIXS-AS-KR Korea Telecom AS18566 2088 706 138266.2% COVAD - Covad Communications Co. AS28573 1986 622 136468.7% NET Servicos de Comunicao S.A. AS2118 1288 15 127398.8% RELCOM-AS OOO NPO Relcom AS4323 1576 386 119075.5% TWTC - tw telecom holdings, inc. AS1785 1934 814 112057.9% AS-PAETEC-NET - PaeTec Communications, Inc. AS10620 1983 897 108654.8% Telmex Colombia S.A. AS4755 1612 561 105165.2% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS7303 1452 457 99568.5% Telecom Argentina S.A. AS7552 1124 234 89079.2% VIETEL-AS-AP Vietel Corporation AS8151 1491 687 80453.9% Uninet S.A. de C.V. AS18101 946 161 78583.0% RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI AS17908 827 60 76792.7% TCISL Tata Communications AS4808 1106 352 75468.2% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS9394 888 162 72681.8% CRNET CHINA RAILWAY Internet(CRNET) AS13977 839 123 71685.3% CTELCO - FAIRPOINT COMMUNICATIONS, INC. AS8452 1166 518 64855.6% TE-AS TE-AS AS3356 1106 465 64158.0% LEVEL3 Level 3 Communications AS855695 58 63791.7% CANET-ASN-4 - Bell Aliant Regional Communications, Inc. AS17676 692 75 61789.2% GIGAINFRA Softbank BB Corp. AS4780 841 245 59670.9% SEEDNET Digital United Inc. AS22561 1023 428 59558.2% DIGITAL-TELEPORT - Digital Teleport Inc. AS19262 998 405 59359.4% VZGNI-TRANSIT - Verizon Online LLC AS24560 1036 448 58856.8% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS3549 993 436 55756.1% GBLX Global Crossing Ltd. AS4804 649 97 55285.1% MPX-AS Microplex PTY LTD Total 43521132313029069.6% Top 30 total Possible Bogus Routes 10.86.64.32/30 AS65530 -Private Use
Re: The Cidr Report
Composed on a virtual keyboard, please forgive typos. On Jul 13, 2012, at 22:00, cidr-rep...@potaroo.net wrote: This report has been generated at Fri Jul 13 21:10:00 2012 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date PrefixesCIDR Agg 06-07-12418603 242444 07-07-12418670 242326 08-07-12418651 242260 09-07-12417976 242235 10-07-12418251 242235 11-07-12 0 242235 12-07-12 0 242235 13-07-12 0 242235 Ahhh, oops? Geoff, might want to check your scripts. -- TTFN, patrick AS Summary 0 Number of ASes in routing system 0 Number of ASes announcing only one prefix 3390 Largest number of prefixes announced by an AS AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc. 0 Largest address span announced by an AS (/32s) � : BELLSOUTH-NET-BLK - BellSouth.net Inc. Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 13Jul12 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 418251 242235 17601642.1% All ASes AS6389 3390 190 320094.4% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS7029 3281 1636 164550.1% WINDSTREAM - Windstream Communications Inc AS17974 2146 606 154071.8% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia AS22773 1655 136 151991.8% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4766 2710 1251 145953.8% KIXS-AS-KR Korea Telecom AS18566 2088 706 138266.2% COVAD - Covad Communications Co. AS28573 1986 622 136468.7% NET Servicos de Comunicao S.A. AS2118 1288 15 127398.8% RELCOM-AS OOO NPO Relcom AS4323 1576 386 119075.5% TWTC - tw telecom holdings, inc. AS1785 1934 814 112057.9% AS-PAETEC-NET - PaeTec Communications, Inc. AS10620 1983 897 108654.8% Telmex Colombia S.A. AS4755 1612 561 105165.2% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS7303 1452 457 99568.5% Telecom Argentina S.A. AS7552 1124 234 89079.2% VIETEL-AS-AP Vietel Corporation AS8151 1491 687 80453.9% Uninet S.A. de C.V. AS18101 946 161 78583.0% RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI AS17908 827 60 76792.7% TCISL Tata Communications AS4808 1106 352 75468.2% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS9394 888 162 72681.8% CRNET CHINA RAILWAY Internet(CRNET) AS13977 839 123 71685.3% CTELCO - FAIRPOINT COMMUNICATIONS, INC. AS8452 1166 518 64855.6% TE-AS TE-AS AS3356 1106 465 64158.0% LEVEL3 Level 3 Communications AS855695 58 63791.7% CANET-ASN-4 - Bell Aliant Regional Communications, Inc. AS17676 692 75 61789.2% GIGAINFRA Softbank BB Corp. AS4780 841 245 59670.9% SEEDNET Digital United Inc. AS22561 1023 428 59558.2% DIGITAL-TELEPORT - Digital Teleport Inc. AS19262 998 405 59359.4% VZGNI-TRANSIT - Verizon Online LLC AS24560 1036 448 58856.8% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS3549 993 436 557