gt;From memory, the management cards alarm when the gradient is exceeded, too.
--
Nathan Ward
ses since this
change in 2017?
Even if you end up with the same answer of 12mo, data supporting it may
give comfort to the community.
Maybe you make a call that once it’s at say 1% or 0.1% or something like
that, then it’s OK to turn off - and make a prediction for when that might
be based on the histor
was Chief Internet Janitor in his previous role.
He cleaned the tubes so the sewage could flow.
--
Nathan Ward
about 2 feet from the bottom of the ladder
you're at the top of a 50RU rack with. Plus the swaying building.
You get over your vertigo pretty quickly, or you just don't go up the tower
more than once.
--
Nathan Ward
hops in the
home - which for the majority of cases would mean double NAT.
In NZ the most popular ADSL deployment is PPPoATM, so the ADSL unit the ISP
ships (either loaned, or included in the install cost) is an IPv4 router
terminating a PPPoATM connection, not a bridge or anything.
--
Nathan Ward
-i name
OrgName:YouTube, Inc.
:-)
--
Nathan Ward
was a bit masochistic. Then we got a router tester and did exactly
the same thing, but in a whole lot less space with a whole lot less effort.
Both worked great, naturally I recommend a router tester.
--
Nathan Ward
Dig up.
On 18/03/2010, at 2:32 PM, Guillaume FORTAINE wrote:
Misses, Misters,
I have read with interest what everybody told in this thread and it seems
that they consider everything new as spam.
My conclusion is that they fear what it is new.
Best Regards,
Guillaume FORTAINE
useful to someone, YMMV,
etc.
--
Nathan Ward
If only there were other security experts on this list with a proven ability to
make this thread even more absurd.
On 16/03/2010, at 4:47 PM, Guillaume FORTAINE wrote:
Misters,
Thank you for your reply.
1) First of all, I am absolutely not related to the Obeseus project. From my
point
implementation complexity.
Since this mechanism has never been in use in the public internet, it is
proposed to reclassify it to Historic.
--
Nathan Ward
involve you putting in a new server -
but a bit heavier on your network kit.
--
Nathan Ward
wanted them to be
authoritative for some zone you control.
--
Nathan Ward
based on what you're interested
in, also.
--
Nathan Ward
On 16/02/2010, at 7:34 PM, Mikael Abrahamsson wrote:
On Tue, 16 Feb 2010, Nathan Ward wrote:
You are very unlikely to get traffic from Teredo, because:
1) Windows only asks for if it has non-Teredo IPv6 connectivity
Please don't just say windows as the different versions of windows
On 16/02/2010, at 7:47 PM, Mikael Abrahamsson wrote:
On Tue, 16 Feb 2010, Nathan Ward wrote:
XP won't ask for unless it has non-Teredo connectivity though I don't
think.
That doesn't compute considering all the XP machines with Teredo addresses
that asked for my only content
is also interesting, it's a more JunOS like interface. It's also some
quite heavy C++, so running it on the tiny Soekris boxes that I had meant it
wouldn't work for me. If you can spare the CPU and RAM then give XORP a go.
--
Nathan Ward
connections open for
weeks on end across the Internet?
--
Nathan Ward
wh...@nic.ve
... etc.
I get a proper response, anyway.
There is no A record in the DNS for ve.whois-servers.net, which is what my
client tries first. Perhaps this is where the confusion lies.
--
Nathan Ward
I'm actually writing some IP management code. Web based, it knows about the
difference between IPv4 and IPv6 in maybe 3 or 4 places.
Intention is to release it publicly when it's good to go.
On 3/02/2010, at 10:14 AM, Scott Berkman wrote:
I was about to suggest IPPlan, but it is lacking the V6
on many internal networks for now because a corresponding
route doesn't show up in the global routing table at the moment. Once that
changes
1.1.1/24 and 1.2.3/24 are assigned to APNIC. Unless they release them, the
general public will not get addresses in these.
--
Nathan Ward
badly.
Then we'll move on to 4000::/3.
--
Nathan Ward
of it and sacrificing your address space to get it.
% printf %04x\n 4095
0fff
% printf %d\n 0x0fff
4095
--
Nathan Ward
, because they are right
now the standard so you're not going to run in to compatibility problems. If
you've got links to customers you should have a /32, so setting aside a /48 or
a /44 or something for those customer links is no huge drama.
--
Nathan Ward
does not change the
behavior of ARP at all.
--
Nathan Ward
I have used Ixia, Spirent AX/4000, Spirent Testcenter and Spirent Smartbits for
1-10GE testing, they've all been able to do the things you ask for - they are
quite basic features and any 10GE router tester unit will do what you want.
In addition, you should demand much higher than 10Kpps, you
table explosion religious war here, with snipes from
people saying that we need a new routing system, etc. etc.
So with that in mind, do your concerns from your original post still
make sense?
--
Nathan Ward
. In APNIC world anyway, I'm not sure of the terms
and policies used in other regions.
--
Nathan Ward
.
This happens all the time with IPv4 space and AS #'s today, why
would it be any different with v6?
It's not.
--
Nathan Ward
.)
Yes it will break auto MDI/MDI-X.
--
Nathan Ward
on the outside?
He is confused, and means 6to4.
Also the airport extreme does not do DHCPv6-PD or anything (as far as
I know, they certainly did not last time I tried), so I don't know
that we'd really call them an IPv6 CPE in the way that I suspect Wade
means.
--
Nathan Ward
wireshark's Lua
extension system to write a plugin to do this for you right within
wireshark.
The wireshark/Lua stuff is quite powerful (though not super super
fast), it's a really useful tool to have on hand.
--
Nathan Ward
about
10/100/1000mbit connections, you might want to put something in place
that prevents several people testing at once.
--
Nathan Ward
anything on their site that provides a BGP feed of
prefixes allocated by RIRs, which I think is what we're talking about
here.
--
Nathan Ward
Apologies if this message is brief, it is sent from my cellphone.
On 29/10/2009, at 11:33, Walter Keen walter.k...@rainierconnect.net
wrote:
Most aDSL modems if set to PPPoE (I think Actiontec's come this
way by
default) will send the mac as the pppoe un/pw.
David E. Smith wrote:
if you only
accept signed advertisements.. I don't know if that is the intended
default mode or not.. Need to do some reading I guess.
--
Nathan Ward
I haven't used cacti in a while, but does it let you combine several
RRD files in to one graph? If so that's useful for power stuff,
because you're likely to want to graph an aggregate of several things
across different devices - for example a+b power of a server, or
aggregate power usage
within a current RIR pool, not so much.
--
Nathan Ward
On 28/10/2009, at 2:20 PM, Church, Charles wrote:
This is puzzling me. If it's from non-announced space, at some
point some router should report no route to it. How is the TCP
handshake performed to allow a sync to turn into spam?
Unallocated is not the same as unannounced.
or some type?
I suggest sticking with RT.
I run RT on CentOS by maintaining a separate Perl libs dir for the
cpan modules that are required by RT and keeping it separate from the
OS managed stuff, it works very well.
--
Nathan Ward
timestamps gives you the latency in
that direction.
I believe a packet is sent, and the target router responds with a
timestamp.
But yeah, timestamps are being compared.
I'm with Perry though - sounds like your clocks are drifting.
--
Nathan Ward
because there was a bit of confusion.
--
Nathan Ward
often
than you'd sometimes like.
That's why we have Unique Local Addresses.
--
Nathan Ward
On 20/10/2009, at 3:10 PM, bmann...@vacation.karoshi.com wrote:
On Tue, Oct 20, 2009 at 03:07:39PM +1300, Nathan Ward wrote:
On 20/10/2009, at 3:02 PM, Bill Stewart wrote:
plus want the ability to take their address
space with them when they change ISPs (because there are too many
devices
in DHCPv6:
http://www.ietf.org/mail-archive/web/dhcwg/current/msg07412.html
--
Nathan Ward
.
Perhaps, but if you're operating a LAN segment you're going to want to
filter rouge RA and DHCPv6 messages from your network, just like you
do with DHCP in IPv4.
Filtering RA and DHCPv6 are done in very similar ways.
--
Nathan Ward
On 18/10/2009, at 9:52 PM, Chuck Anderson wrote:
On Sun, Oct 18, 2009 at 09:29:41PM +1300, Nathan Ward wrote:
Perhaps, but if you're operating a LAN segment you're going to want
to
filter rouge RA and DHCPv6 messages from your network, just like
you do
with DHCP in IPv4.
Filtering RA
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean SLAAC, it just means RA.
--
Nathan Ward
On 19/10/2009, at 1:10 AM, Owen DeLong wrote:
On Oct 18, 2009, at 3:05 AM, Nathan Ward wrote:
On 18/10/2009, at 11:02 PM, Andy Davidson wrote:
On 18 Oct 2009, at 09:29, Nathan Ward wrote:
RA is needed to tell a host to use DHCPv6
This is not ideal.
Why?
Remember RA does not mean
AdvAutonomousFlag?
--
Nathan Ward
have two sites without a guaranteed
link between them.
This is a bit annoying though, yeah. But, I'm not sure I can think of
a good solution that doesn't involve us changing the routing system so
that we can handle a huge amount of intentional de-aggregates or
something.
--
Nathan Ward
/2009, at 11:26 PM, Adrian Chadd wrote:
Nathan Ward, please stand up.
Adrian
On Tue, Oct 13, 2009, TJ wrote:
-Original Message-
From: Justin
To go along with Dan's query from above, what are the preferred
methods
that other SPs are using to deploy IPv6 with non-IPv6-capable edge
of people, when in reality it's a solution for a small number of
people.
Thanks for the point about the tunnel brokers though, I missed that,
I'll update this tomorrow with any suggestions I get before then.
--
Nathan Ward
good data on this.
--
Nathan Ward
On 14/10/2009, at 3:49 PM, Chris Adams wrote:
Once upon a time, Nathan Ward na...@daork.net said:
On 14/10/2009, at 2:14 PM, Chris Adams wrote:
What about web-hosting type servers? Right now, I've got a group of
servers in a common IPv4 subnet (maybe a /26), with a /24 or two
routed
to each
that are direct customers of Verizon.
What about the small matter of all of the current s for the the
IPv6 enabled root DNS servers?
--
Nathan Ward
be an easy thing to do. On a personal note, I hope
that we DO need to expand IPv6 allocations to ISPs as this thing
finally gets deployed.
My understanding is that the RIRs are doing sparse allocation, as
opposed to reserving a few bits. I could be wrong.
--
Nathan Ward
in the past several times
and it's *ok*. Now though, I say don't bother, this thing is maybe a
couple hundred dollars, and saves you oodles of time fooling around
making it work reliably.
--
Nathan Ward
make more sense.
I echo Roland's comment, but I'll make it more specific - stay away
from anything with spanning tree in it.
--
Nathan Ward
for one or two troublesome ASNs as a quick hack at 3am - don't
do it unless you understand why it works and why you shouldn't do it.
--
Nathan Ward
this
technique with /44s or /40s, or something.
--
Nathan Ward
, there was no
win
to be had in classful.
This is really this basis of my reply, so, I'll just say +1
Read about how sparse allocation/binary chop stuff works. You get the
same amount of routes in your IGP table (or less) but it's much more
flexible.
--
Nathan Ward
tied in to silly
rules, nor do you get IGP bloat.
I have an extensible IP management tool that I've been hacking on
heaps in the last week that does this stuff for you. It should be
ready for people to tinker with in the next few weeks.
--
Nathan Ward
--
Nathan Ward
of the network closely, but I'm
sure there are other places higher up the list than FTE..
--
Nathan Ward
.
--
Nathan Ward
browser's queries, despite what nslookup shows in a
terminal window.
As you are on OS X, have a read of
http://developer.apple.com/documentation/Darwin/Reference/Manpages/man5/resolver.5.html
It lets you do per-domain resolvers, and so on.
--
Nathan Ward
in to private VLANs on Cisco, or whatever similar feature
exists for your vendor.
--
Nathan Ward
:FN2233-RIPE
source: RIPE # Filtered
Dispatch someone from IETF, that is on in Stockholm right now.
Actually, Paul Jakma might be there, dispatch him if it really is a
Quagga bug.
--
Nathan Ward
in how
the outer IPv4 destination is built, taken from the inner IPv6
destination address.
6over4 is different again.
I think someone wrote a draft explaining this a while back.. not sure
where or what it was called.
--
Nathan Ward
, I'll get an auxiliary ringer.
Does anyone have a phone model that they find to be excellent in a
louder than usual data center?
Not 100% what you asked for, but the noise cancelling Jawbone
bluetooth earpieces are great.
--
Nathan Ward
, as opposed to invalid or untrusted or whatever normally
comes up.
Screenshot of the GUI:
http://don.braintrust.co.nz/~nward/netalyzr.png
--
Nathan Ward
).
--
Nathan Ward
in the comments field:
http://psg.com/as3130/
Regarding strange announcements by AS 3130 of prefixes in
98.128.0.0/16 is in the big headings on the top of that page.
He is no doubt announcing it with an origin AS of 3130 so no person or
router complains about inconsistent origins.
--
Nathan Ward
up to the ISP's router and having several
PDs per end customer is in my opinion the best way to go.
--
Nathan Ward
On 4/05/2009, at 8:31 PM, Mikael Abrahamsson wrote:
On Mon, 4 May 2009, Nathan Ward wrote:
I think that they have to be forwarded. What do you do if people
chain three routers? How does your actual CPE know to dish out a /
60 and not a /64 or something? What if someone chains four? What
. That way, we can chain up to 16 subnets in the
home. The BRAS can reserve a /60 or /56 or whatever for each customer
so they are contiguous, or whatever.
--
Nathan Ward
On 29/04/2009, at 3:25 PM, Nathan Ward wrote:
On 29/04/2009, at 3:10 PM, Crooks, Sam wrote:
Cisco ASA's appear to be linux under the hood based on watching
versions
of ASA804-3/12/19/23/31 boot on the console
They are Linux, and run two copies of IOS simultaneously in a VM each.
Erk
google.
Did you have any problems that you encountered? Poorly behaving IPv6
stacks, rogue RA+SLAAC/DHCPv6, etc.?
Do you have any netflow logs from the event?
--
Nathan Ward
it is, but you
don't really treat it as such.
--
Nathan Ward
, reaching tools.ietf.org.
--
Nathan Ward
On 24/04/2009, at 12:14 AM, Pekka Savola wrote:
On Thu, 23 Apr 2009, Nathan Ward wrote:
After trying to participate on mailing lists for about 2 or 3
years, it's pretty hard to get anything done without going to
meetings.
Just participating in mailing lists is good for keeping up to date
because they were written by that coder who left a few years
ago and work just fine.
--
Nathan Ward
by two providers as the customer wants redundancy with
their own IP space, but does not have a public ASN. Ie. the customer
has a circuit and possibly a BGP feed to two different providers.
--
Nathan Ward
that are
announced by more than 3 ASes..
I never said that was the only reason, I'm sure plenty of people are
doing anycast with different originating ASes.
For example, check the 192.88.99.0/24 prefix.
--
Nathan Ward
are
far behind the RFC being published (or even a late draft).
--
Nathan Ward
) is to use tools like
curl, and I don't see why HTTP is more difficult than FTP as a
protocol in that case. Perhaps I'm missing something.
It looks like curl can upload stuff (-d @file) but you have to have
something on the server to accept it. FTP sounds easier.
--
Nathan Ward
a URL in to
the database, and then wait for that entry to be called, and viola,
you can execute php code, or whatever.
Obviously that is relevant to the first part of your reply - it would
not work with static content.
--
Nathan Ward
On 22/04/2009, at 3:57 PM, Joe Greco wrote:
It may not be wise to wait until ARIN allocates 256.0.0.0/8 to someone
and everyone chimes in to note that their routers are barfing on that.
:-/
Now that *would* be amusing.
--
Nathan Ward
like it does on a
Cisco switch or something, you set up a tag on each port, and join the
tags together with a L2 switching service. The tag IDs can be
different on each port, or the same... it has no impact.
--
Nathan Ward
house alarms would probably be useful here.
Whack a $5 12v horn on it, and my bet is that it'd become a deterrent
pretty quickly.
--
Nathan Ward
broadcast from an outdoor event for a radio
station.
--
Nathan Ward
to the public network?
If a host is a desktop PC controlled by an end user, should it be able
to send and receive anything it wants?
IMO, host based filtering and ACLs (either firewalls or router ACLs or
whatever) in the network should both be used. They fulfil different
needs.
--
Nathan Ward
2001:4860:b003::be
mt.l.google.com has IPv6 address 2001:4860:b003::5b
mt.l.google.com has IPv6 address 2001:4860:b003::5d
etc. etc.
(mt[0-3].google.com are the same)
--
Nathan Ward
some bus architectures know about how multicast
works, and it consumes *less* resources than doing the same thing with
many unicast streams. If the bus does not know about multicast, then
the bus would treat it as 24 unicast streams, surely.
--
Nathan Ward
as
well for those of you wanting to use DHCPv6 for addressing - RA is not
giving out addressing information, and is only giving out Use DHCPv6
bits and a router address.
--
Nathan Ward
to a number of problems.
--
Nathan Ward
.
--
Nathan Ward
there are lots of people who want auto configuration in IPv6
but who clearly do not do this in IPv4. That seems strange, to me.
--
Nathan Ward
implementation of DHCPv6 for address assignment does.
Better? :-)
--
Nathan Ward
On 19/02/2009, at 9:53 AM, Leo Bicknell wrote:
In a message written on Thu, Feb 19, 2009 at 09:44:38AM +1300,
Nathan Ward wrote:
I guess you don't use DHCP in IPv4 then.
No, you seem to think the failure mode is the same, and it is not.
Let's walk through this:
1) 400 people get
1 - 100 of 194 matches
Mail list logo