Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)
* Adrian Bool On 24 Sep 2012, at 22:42, Mike Jones m...@mikejones.in wrote: While you could do something similar without the encapsulation this would require that every router on your network support routing on port numbers, Well, not really. As the video pointed out, the system was designed to leverage hierarchy to reduce routing complexity. Using the hierarchy, port number routing is only required at the level where a routes diverge on a port basis - which if you're being sensible about such a deployment would only be at the edge of the access layer. While that might be true, the access network would normally be the largest part of an SP's network, when it comes to router count. The access part might have 100s or 1000s of times more routers than the core/border. The cone gets wider the closer to the customer edge you get. Slide 6 illustrates this well. By not doing translation or encapsulation of the IPv4 packets, instead relying on the access routers to natively route based on A+P, we would have made sure that the ISPs that have already deployed IPv6 could not use the technology, and that ISPs that have not yet deployed IPv6 and think the technology looks interesting have a huge incentive to put off the entire project for several years, while they wait for new router products or software images that support A+P to be made available. Not exactly desirable. There are also other problems with the idea - not only do you need the router to be able to forward based on A+P, you would also need to distribute these A+P routes in the network. Which means we would need to update OSPFv2, IS-IS, or whatever else the SP might be using. We would have to update DHCPv4 (both the protocol and the SP's server) too, as there is currently no way it can give you a lease for a partial IPv4 address. This would also touch on layer 2 devices doing layer 3 inspection and policing, such as DHCP Snooping. You'd also need to update ARP, as there is currently no way to send an ARP who-has 192.0.2.1 port 1234 request, which you would have to do. The amount of changes required is so large that you might as well call the result IPv4½ instead of MAP. Finally, operating a single-stack network (regardless of that single stack being IPv4 or IPv6) is much preferable to operating a dual-stack one. Less complexity, less things to trouble-shoot, less things to set up, less things to monitor, less things to train staff in, and so forth. That MAP (and DS-Lite) means single-stack IPv6 in the vast majority of the network is a very desirable trait, in my opinion. Your proposal would remove this benefit, instead we'd end up with a dual-stack IPv4½/IPv6 network. Best regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com
Announcing APNIC IP's in ARIN region
Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. Best regards, Brandon Wade iCastCenter.com
Re: Announcing APNIC IP's in ARIN region
On 2012-09-21 01:57, Brandon Wade wrote: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. As this Internet thing is a global thing, why would that be an issue? (unless it is a spammer outfit of course ;) Greets, Jeroen
Re: Announcing APNIC IP's in ARIN region
It presents no technical problem but has always been considered politically inadvisable. I mean, there are multiple registries for a reason that goes beyond mere oranization and load sharing. Increasingly, governments are trying to take more control over packets (there is ever the push for geographic maping mechanisms and so on) and that may introduce potential legal problems in the future, depending on the nation you're in and how paranoid they become. So in short, do what you need to do. Just be aware of sub-optimal. -Wayne On Tue, Sep 25, 2012 at 10:30:59AM +0200, Jeroen Massar wrote: On 2012-09-21 01:57, Brandon Wade wrote: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. As this Internet thing is a global thing, why would that be an issue? (unless it is a spammer outfit of course ;) Greets, Jeroen --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: IPv6 Address allocation best practises for sites.
On Sep 24, 2012, at 21:08 , Jeff Wheeler j...@inconcepts.biz wrote: On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell mi...@illuminati.org wrote: Does the best practise switch to now using one IPv6 per site, or still the same one IPv6 for multi-sites? Certainly it would be nice to have IPv6 address per vhost. In many cases, this will be practical. It also sometimes will NOT be practical. Imagine that I am one of the rather clueless hosting companies who are handing out /64 networks to any customer who asks for one, and using NDP to find the machine using each address in the /64. Churn problems aside, if you have any customer doing particularly dense virtual hosting, say a few thousand IPv6 addresses on his one or more machines, then he will use up the whole NDP table for just himself. You probably won't want to be a customer on the same layer-3 device as that guy. Now that there might be dozens of VMs per physical server and maybe 40 physical servers per each top-of-rack device, you can quickly exhaust all of your NDP entries even with normal, legitimate uses like www virtual hosting. That's not the best way to stand up /64s for vhosts. If you're smart, the customer gets a /64 for machine addresses (put your interfaces in this /64) and each machine gets a /64 for vHosts (put your vhost addresses on the loopback interface of the applicable machine). Then, you route the /64 to the machine address for the applicable machine and the vhosts never hit your neighbor table. [snip] Deleted a whole bunch of additional reasons you really want to do things the way I suggest above [/snip] Owen
Re: Announcing APNIC IP's in ARIN region
In message 505bad72.9070...@icastcenter.com, Brandon Wade writes: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. Best regards, Brandon Wade iCastCenter.com There should be no problems. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Announcing APNIC IP's in ARIN region
In message 20120925090534.ga7...@wakko.typo.org, Wayne E Bouchard writes: It presents no technical problem but has always been considered politically inadvisable. I mean, there are multiple registries for a reason that goes beyond mere oranization and load sharing. There are multiple registries because it is easier to deal with someone the speaks you language / is in the same approximate time zone. The SG site has got addresses from APNIC. There is no requirement to connect in the APNIC region. Lots of APNIC sites connect to the rest of the world in the US. Increasingly, governments are trying to take more control over packets (there is ever the push for geographic maping mechanisms and so on) and that may introduce potential legal problems in the future, depending on the nation you're in and how paranoid they become. So in short, do what you need to do. Just be aware of sub-optimal. -Wayne On Tue, Sep 25, 2012 at 10:30:59AM +0200, Jeroen Massar wrote: On 2012-09-21 01:57, Brandon Wade wrote: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. As this Internet thing is a global thing, why would that be an issue? (unless it is a spammer outfit of course ;) Greets, Jeroen --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/ -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Google IP Contact
If anyone from Google is reading this list, I would appreciate if you could contact me off-list. We've got some issues with one of our CIDR's being treated as German, and would very much like to have this corrected. Tried to report the problem online, but unfortunately without any effect. Best regards, Anders Hansen Network Specialist Group IT - ITS, Communication Services DSV A/S Litauen Alle 4 P. O. Box 157 DK-2630 Taastrup +45 43 20 30 40 Tel. +45 43 20 42 59 Direct Tel. +45 25 41 76 73 Mobile anders.han...@dsv.commailto:anders.han...@dsv.com www.dsv.comhttp://www.dsv.com
RE: Google IP Contact
Got in contact.. thx! Best regards, Anders Hansen Network Specialist Group IT - ITS, Communication Services DSV A/S Litauen Alle 4 P. O. Box 157 DK-2630 Taastrup +45 43 20 30 40 Tel. +45 43 20 42 59 Direct Tel. +45 25 41 76 73 Mobile anders.han...@dsv.commailto:anders.han...@dsv.com www.dsv.comhttp://www.dsv.com From: Anders Hansen - DSV Sent: 25. september 2012 13:12 To: 'nanog@nanog.org' Subject: Google IP Contact If anyone from Google is reading this list, I would appreciate if you could contact me off-list. We've got some issues with one of our CIDR's being treated as German, and would very much like to have this corrected. Tried to report the problem online, but unfortunately without any effect. Best regards, Anders Hansen Network Specialist Group IT - ITS, Communication Services DSV A/S Litauen Alle 4 P. O. Box 157 DK-2630 Taastrup +45 43 20 30 40 Tel. +45 43 20 42 59 Direct Tel. +45 25 41 76 73 Mobile anders.han...@dsv.commailto:anders.han...@dsv.com www.dsv.comhttp://www.dsv.com
RE: Announcing APNIC IP's in ARIN region
The only problem I've ever run into is with IP geo-location providers using the country of origin of the original assignments to determine the locale of the IP. Major CDN providers and content owners then use these geo-location providers to provide geography specific content or for content localization. A problem we saw at GC when using our ARIN space in APAC (which I realize is the inverse of your situation) is that our enterprise customers often got redirected to a cloud server in the United States rather than in their originating country, and this was in spite of their block being SWIP'd out to them in that country. It's conceivable that you could have some sort of similar problem depending on the nature of your project and how you are planning to use their IP's. Dave -Original Message- From: Brandon Wade [mailto:brandonw...@icastcenter.com] Sent: Thursday, September 20, 2012 5:58 PM To: nanog@nanog.org Subject: Announcing APNIC IP's in ARIN region Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. Best regards, Brandon Wade iCastCenter.com
Charter Blackholing AS29889
Hi guys (and sorry for the noise), It appears return traffic from Charter to our ASN is blackholed. According to all three of our upstreams they are delivering traffic but it's not coming back. Unfortunately I don't have a reverse traceroute (our emails to charter customers are bouncing) so I have no idea what transit path they are returning traffic on. I tried fiddling with our outbound paths to no avail. If someone on a Charter connection could shoot me a traceroute to 209.9.238.7 that would be great. Ultimately if someone from Charter is willing to help that would be awesome as well. Source IP: 209.9.238.7 (AS29889) Dest IP: 75.140.10.216 Via HE: [root@mon ~]# traceroute 75.140.10.216 traceroute to 75.140.10.216 (75.140.10.216), 30 hops max, 60 byte packets 1 209.9.238.1 (209.9.238.1) 0.551 ms 0.790 ms 0.512 ms 2 gige-g4-13.core1.ash1.he.net (216.66.0.225) 12.029 ms 12.094 ms 12.158 ms 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Via Abovenet: [root@mon ~]# traceroute 75.140.10.216 traceroute to 75.140.10.216 (75.140.10.216), 30 hops max, 60 byte packets 1 209.9.238.1 (209.9.238.1) 0.544 ms 0.540 ms 0.573 ms 2 208.185.24.1 (208.185.24.1) 0.206 ms 0.218 ms 0.200 ms 3 xe-4-2-0.er1.iad10.us.above.net (64.125.29.198) 0.228 ms 0.232 ms 0.215 ms 4 above-telia.iad10.us.above.net (64.125.13.158) 117.943 ms 117.958 ms 117.763 ms 5 las-bb1-link.telia.net (80.91.246.71) 62.157 ms 62.162 ms 62.189 ms 6 cco-ic-151505-las-bb1.c.telia.net (213.248.79.102) 72.780 ms 70.183 ms 70.151 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * -- Randy McAnally
FOLO: POLL: 802.1x deployment
I've gotten quite a number of useful responses so far; I'll keep aggregating them until tomorrow afternoon or so, and then post a summary. I propose to mention educational institutions by name, but companies only by market segment, and not to mention any contributors names; if that's not opaque enough for anyone who replied, please let me know. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Announcing APNIC IP's in ARIN region
On Sep 25, 2012, at 2:05 AM, Wayne E Bouchard w...@typo.org wrote: It presents no technical problem but has always been considered politically inadvisable. I mean, there are multiple registries for a reason that goes beyond mere oranization and load sharing. Always? Actually, no. Back when the RIRs were first starting up, we pushed multinationals to obtain their addresses from the RIR that served the region in which their headquarters were located. The theory was that a single RIR would be better able to ensure addresses were used efficiently and it was more likely routing announcements could be limited. I personally got into a long argument with folks from Shell who wanted addresses from APNIC for their AP region networks and were displeased when I pushed them to RIPE-NCC (Royal Dutch Shell, headquarters in The Hague). I believe Geert Jan DeGroot at RIPE-NCC (who tended to be a stickler for those sorts of things) got into similar arguments with folks from Mitsubishi in Europe. Of course, the cynical might suggest that over time, such niceties as conserving address space and routing slots would, of course, take a lower priority to marking territory and RIR revenues, but who would be that cynical? Regards, -drc
URGENT - ISP/Telecom
Hi I am looking for an operator that can build a ADSL or SDSL in record time. Best regards Olivier
Re: URGENT - ISP/Telecom
On Tue, 25 Sep 2012, Olivier CALVANO wrote: I am looking for an operator that can build a ADSL or SDSL in record time. With a request this detailed, I wish you the best of luck. jms
Re: URGENT - ISP/Telecom
On 2012-09-25, at 11:49, Olivier CALVANO o.calv...@gmail.com wrote: I am looking for an operator that can build a ADSL or SDSL in record time. I just pulled a 2-metre pair of copper between a modem and a DSLAM in the lab, and I can ping things. Total elapsed time 12 minutes (I stopped on the way for coffee). Do I win $5? Joe
Re: URGENT - ISP/Telecom
On 25/09/12 17:31, Joe Abley wrote: On 2012-09-25, at 11:49, Olivier CALVANO o.calv...@gmail.com wrote: I am looking for an operator that can build a ADSL or SDSL in record time. I just pulled a 2-metre pair of copper between a modem and a DSLAM in the lab, and I can ping things. Total elapsed time 12 minutes (I stopped on the way for coffee). Do I win $5? Joe I think your disqualified for not wrapping it in black trash bags, pink bubble wrap, or duck tape like we've seen some other vendors do in recent months on nanog.
Re: Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)
Adrian, MAP facilitates both IPv6 deployment and IPv4 address exhaustion without involving any CGN mess in the network. This allows the home networks to stay dual-stack, use IPv6 as possible, and resort to IPv4 if IPv6 is not feasible for the intended destinations. One could promote the intent being that as more and more traffic goes over IPv6, less and less IPv4 will be needed (thereby shrinking the reliance on IPv4 ports sharing). Note that MAP Translation mode (i.e. MAP-T) does not involve any encapsulation, so, any QoS or Security or LI or DPI or Caching needing access to Layer4 info (i.e. UDP/TCP ports) would work just fine anywhere in the network. In case of MAP-E (Encapsulation mode), layer4 info (i.e. UDP/TCP ports) is not available in the network (until at boundary of the network where decapsulation is done). * The ISP's router to which the user connects being able to route packets on routes that go beyond the IP address and into the port number field of TCP/UDP. Nope. The routers still follow the dynamic IPv4 and IPv6 routing for packet forwarding. That is UNCHANGED. The routers (expected to the boundary routers/ASBR, not the PE routers connecting the users) must have to look at the ports for IPv4-IPv6 stateless translation. Once translated, routing lookup as usual. * A CE router being instructed to constrain itself to using a limited set of ports on the WAN side in its NAT44 implementation. Indeed. And it is not much different from how it works today. Almost all CPEs (I.e. Residential routers) work with limited set of ports (typically 2000) for dynamic NAT44 anyway. Of course, when MAP is enabled, the range would no longer be the default (as is the case today), rather something that is assigned using DHCP or TR069. That's in the control plane. Cheers, Rajiv -Original Message- From: nanog-requ...@nanog.org nanog-requ...@nanog.org Reply-To: nanog@nanog.org nanog@nanog.org Date: Tuesday, September 25, 2012 12:08 AM To: nanog@nanog.org nanog@nanog.org Subject: NANOG Digest, Vol 56, Issue 84 Date: Mon, 24 Sep 2012 22:42:46 +0100 From: Mike Jones m...@mikejones.in To: Adrian Bool a...@logic.org.uk Cc: nanog@nanog.org nanog@nanog.org Subject: Re: Throw me a IPv6 bone (sort of was IPv6 ignorance) Message-ID: CAAAas8H8ERETrcnn0TaFD3cNToAfpdy12G6goNP5e=2cyth...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 On 24 September 2012 21:11, Adrian Bool a...@logic.org.uk wrote: On 24 Sep 2012, at 17:57, Tore Anderson tore.ander...@redpill-linpro.com wrote: * Tore Anderson I would pay very close attention to MAP/4RD. FYI, Mark Townsley had a great presentation about MAP at RIPE65 today, it's 35 minutes you won't regret spending: https://ripe65.ripe.net/archives/video/5 https://ripe65.ripe.net/presentations/91-townsley-map-ripe65-ams-sept-24 -2012.pdf Interesting video; thanks for posting the link. This does seem a strange proposal though. My understanding from the video is that it is a technology to help not with the deployment of IPv6 but with the scarcity of IPv4 addresses. In summary; it simply allows a number of users (e.g. 1024) to share a single public IPv4 address. My feeling is therefore, why are the IPv4 packets to/from the end user being either encapsulated or translated into IPv6 - why do they not simply remain as IPv4 packets? If the data is kept as IPv4, this seems to come down to just two changes, * The ISP's router to which the user connects being able to route packets on routes that go beyond the IP address and into the port number field of TCP/UDP. * A CE router being instructed to constrain itself to using a limited set of ports on the WAN side in its NAT44 implementation. Why all the IPv6 shenanigans complicating matters? While you could do something similar without the encapsulation this would require that every router on your network support routing on port numbers, by using IPv6 packets it can be routed around your network by existing routers. And it's not like anyone is going to be deploying such a system without also deploying IPv6, so it's not adding any additional requirements doing it that way. - Mike -- Message: 3 Date: Mon, 24 Sep 2012 23:34:30 +0100 From: Adrian Bool a...@logic.org.uk To: nanog@nanog.org nanog@nanog.org Subject: Re: Throw me a IPv6 bone (sort of was IPv6 ignorance) Message-ID: 8beebcda-b6fa-4407-bf95-e122b26f4...@logic.org.uk Content-Type: text/plain; charset=us-ascii On 24 Sep 2012, at 22:42, Mike Jones m...@mikejones.in wrote: While you could do something similar without the encapsulation this would require that every router on your network support routing on port numbers, Well, not really. As the video pointed out, the system was designed to leverage hierarchy to reduce routing complexity. Using the hierarchy, port number routing is only required at the level where a routes diverge on a port basis - which if you're being sensible about such a deployment would only be
RE: URGENT - ISP/Telecom
Heh, yesterday I received notification from Verizon that they replaced plastic bags, bubble wrap and electrical tape with a real enclosure. -Original Message- From: John Mitchell [mailto:mi...@illuminati.org] Sent: Tuesday, September 25, 2012 12:36 PM To: NANOG list (nanog@nanog.org) Subject: Re: URGENT - ISP/Telecom On 25/09/12 17:31, Joe Abley wrote: On 2012-09-25, at 11:49, Olivier CALVANO o.calv...@gmail.com wrote: I am looking for an operator that can build a ADSL or SDSL in record time. I just pulled a 2-metre pair of copper between a modem and a DSLAM in the lab, and I can ping things. Total elapsed time 12 minutes (I stopped on the way for coffee). Do I win $5? Joe I think your disqualified for not wrapping it in black trash bags, pink bubble wrap, or duck tape like we've seen some other vendors do in recent months on nanog.
Re: URGENT - ISP/Telecom
On Tue, Sep 25, 2012 at 05:49:24PM +0200, Olivier CALVANO wrote: I am looking for an operator that can build a ADSL or SDSL in record time. i used to pursue leads like this. now i get on all my boarding passes. -- Jim Mercer Reptilian Research j...@reptiles.org+1 416 410-5633 He who dies with the most toys is nonetheless dead
RE: URGENT - ISP/Telecom
DING DING DING DING - We have a winning entry! :-) Aaron D. Osgood Streamline Solutions L.L.C P.O. Box 6115 Falmouth, ME 04105 TEL: 207-781-5561 MOBILE: 207-831-5829 ICQ: 206889374 GVoice: 207.518.8455 GTalk: aaron.osgood aosg...@streamline-solutions.net http://www.streamline-solutions.net Introducing Efficiency to Business since 1986. -Original Message- From: Joe Abley [mailto:jab...@hopcount.ca] Sent: Tuesday, September 25, 2012 12:32 PM To: Olivier CALVANO Cc: NANOG list (nanog@nanog.org) Subject: Re: URGENT - ISP/Telecom On 2012-09-25, at 11:49, Olivier CALVANO o.calv...@gmail.com wrote: I am looking for an operator that can build a ADSL or SDSL in record time. I just pulled a 2-metre pair of copper between a modem and a DSLAM in the lab, and I can ping things. Total elapsed time 12 minutes (I stopped on the way for coffee). Do I win $5? Joe
Re: URGENT - ISP/Telecom
Date: Tue, 25 Sep 2012 17:49:24 +0200 Subject: URGENT - ISP/Telecom From: Olivier CALVANO o.calv...@gmail.com To: NANOG list (nanog@nanog.org) nanog@nanog.org Hi I am looking for an operator that can build a ADSL or SDSL in record time. Are you prepared to pay a record amount of money? If so, feel free to contact me.
Re: Charter Blackholing AS29889
On 09/25/2012 9:32 am, Randy McAnally wrote: Hi guys (and sorry for the noise), Thanks to all those who replied as well as Charter's help we defermined uRPF between Charter and some of their peers were filtering ICMP packets making traceroutes appear dead. Compounded by the fact our test server was blocking certain ICMP packets. The issue appears to have been a non issue from the beginning. Carry on folks :) -- Randy McAnally
Rogers Contact ? Offlist please?
Region, Owen Sound, any technical contact for help with a fiber connection with slow/bursty uploads. ? Dennis Burgess, Mikrotik Certified Trainer Author of Learn RouterOS- Second Edition http://www.wlan1.com/product_p/mikrotik%20book-2.htm Link Technologies, Inc -- Mikrotik WISP Support Services Office: 314-735-0270 tel:314-735-0270 Website: http://www.linktechs.net http://www.linktechs.net/ - Skype: linktechs skype:linktechs?call -- Create Wireless Coverage's with www.towercoverage.com http://www.towercoverage.com/ - 900Mhz - LTE - 3G - 3.65 - TV Whitespace 5-Day Advanced RouterOS Workshop - Oct 8th 2012 - St. Louis, MO, USA http://www.wlan1.com/RouterOS_Training_p/5d-stl-training-oct2012.htm
Re: Announcing APNIC IP's in ARIN region
Wayne, This isn't entirely true... As a general rule, most people have no objection so long as a given organization that is getting space from RIRs conforms to one of the following: Get from the RIR where HQ is located. Get from the RIR where addresses are deployed. For example, an organization in the APNIC region that wanted to deploy a router at a US XP and announce their space there is entirely valid. An ISP headquartered in the AfriNIC region that expanded into Europe would be able to use their Afrinic space for that expansion as well. Owen On Sep 25, 2012, at 02:05 , Wayne E Bouchard w...@typo.org wrote: It presents no technical problem but has always been considered politically inadvisable. I mean, there are multiple registries for a reason that goes beyond mere oranization and load sharing. Increasingly, governments are trying to take more control over packets (there is ever the push for geographic maping mechanisms and so on) and that may introduce potential legal problems in the future, depending on the nation you're in and how paranoid they become. So in short, do what you need to do. Just be aware of sub-optimal. -Wayne On Tue, Sep 25, 2012 at 10:30:59AM +0200, Jeroen Massar wrote: On 2012-09-21 01:57, Brandon Wade wrote: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. As this Internet thing is a global thing, why would that be an issue? (unless it is a spammer outfit of course ;) Greets, Jeroen --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: FOLO: POLL: 802.1x deployment
On 25 Sep 2012, at 14:50, Jay Ashworth j...@baylink.com wrote: I propose to mention educational institutions by name, There's an awful lot of those using 802.1x. It'll be some list :) Tim
Re: POLL: 802.1x deployment
If you regularly use one or more 802.1x protected networks, could you take a moment to reply off-list, and tell me the size of the network (homelab, smb, enterprise, carrier), and, if you know, how long 802.1x has been deployed there? Surely you are joking, Mr. Ashworth. The entirety of eduroam is on 802.1X (better known as WPA Enterprise). That must be an 8-digit number of users. If you need a list of sites, start with http://en.wikipedia.org/wiki/Eduroam (but, aside from the US, it mostly lists just the countries). When you are done drilling down, there should be about 6500 names of sites on the list. If you are talking about wired .1X: It is relatively common for eduroam-enabled institutions to also provide publicly accessible wired ports controlled by .1X and connected to the same RADIUS servers. But I don't have any numbers at all. I'm also interested in whether any network you use has dropped .1x. eduroam deployment started in 2003. Your university academic computing environment would need to be pretty stupid to leave eduroam once it is deployed. But stranger things have happened. If your academic computing environment is not yet on eduroam, they still almost certainly use .1X for the wireless. Not all 100+ million students worldwide have access to on-campus WiFi, but nowadays most do. Grüße, Carsten
Verizon FIOS troubleshooting
All, Recently began seeing things like this to the default GW from inside and outside the FIOS network. Called tech support but all they could do was put a ticket in for the NetEng team. http://pastie.org/4800421 http://www.bsd-unix.net/smokeping/smokeping.cgi?target=people.bryan The pings jumping from an avg of 3ms to 80 is what gets me. Also my downloading / uploading on my segment doesn't seem to affect the latency jumps on the default GW either way (when testing from my COLO). Any thoughts or suggestions would be appreciated!
Re: URGENT - ISP/Telecom
- Original Message - From: Joe Abley jab...@hopcount.ca On 2012-09-25, at 11:49, Olivier CALVANO o.calv...@gmail.com wrote: I am looking for an operator that can build a ADSL or SDSL in record time. I just pulled a 2-metre pair of copper between a modem and a DSLAM in the lab, and I can ping things. Total elapsed time 12 minutes (I stopped on the way for coffee). Do I win $5? Next time NANOG comes back to Tampa, yes. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: POLL: 802.1x deployment
On 9/25/12, Carsten Bormann c...@tzi.org wrote: Surely you are joking, Mr. Ashworth. The entirety of eduroam is on 802.1X (better known as WPA Enterprise). ding ding ding. WPA Ent wireless authentication calls upon 802.1X. And 802.1X wired port security is also a feature of many switches, and provides stronger protection than MAC-address based port security functionality; and 802.1x option may be used by at least some organizations, to protect against unauthorized connections to secure wired networks, and/or to force guests / salespeople / vendors plugging in their laptop, to be placed in a guest LAN; instead of gaining access to the company's secure internal network, if they sneak over to someone's desk, unplug the desktop, and plug in their laptop to attempt some covert network scanning. Wired switch vendors don't add 802.1X to their switches for their health, it would be less expensive to make a product without the development effort to add the function; someone wants the feature. In this case, the remaining burden of proof should be on whomever wants to claim it's not widely deployed. http://en.wikipedia.org/wiki/Eduroam (but, aside from the US, it mostly lists just the countries). When you are done drilling down, there should be about 6500 names of sites on the list. eduroam deployment started in 2003. Eduroam? What standard is that? Grüße, Carsten --- -JH
Re: POLL: 802.1x deployment
On Wed, 26 Sep 2012 00:37:38 +0200, Carsten Bormann said: The entirety of eduroam is on 802.1X (better known as WPA Enterprise). That must be an 8-digit number of users. If you need a list of sites, start with http://en.wikipedia.org/wiki/Eduroam However, that would be more a confederation of deployments than one single large deployment. pgp4LSIWVSJ3O.pgp Description: PGP signature
Re: Verizon FIOS troubleshooting
On 9/25/2012 4:11 PM, Bryan Seitz wrote: All, Recently began seeing things like this to the default GW from inside and outside the FIOS network. Called tech support but all they could do was put a ticket in for the NetEng team. http://pastie.org/4800421 http://www.bsd-unix.net/smokeping/smokeping.cgi?target=people.bryan The pings jumping from an avg of 3ms to 80 is what gets me. Also my downloading / uploading on my segment doesn't seem to affect the latency jumps on the default GW either way (when testing from my COLO). Any thoughts or suggestions would be appreciated! Most likely Verizon has their routers configured to rate limit, or reduce priority to replying to pings directed at them. --John
Re: Verizon FIOS troubleshooting
On 09/25/2012 7:11 pm, Bryan Seitz wrote: All, Recently began seeing things like this to the default GW from inside and outside the FIOS network. Called tech support but all they could do was put a ticket in for the NetEng team. http://pastie.org/4800421 http://www.bsd-unix.net/smokeping/smokeping.cgi?target=people.bryan The pings jumping from an avg of 3ms to 80 is what gets me. Also my downloading / uploading on my segment doesn't seem to affect the latency jumps on the default GW either way (when testing from my COLO). Any thoughts or suggestions would be appreciated! Worry about a connected hosts, not the gateway router. If you see the same behavior between hosts then check your upstream/downstream rates since they will buffer your connection if you get close to the advertised rates, even for micro bursts. -- Randy M