Re: Multicast Ethernet frames not bridging between wired and wireless, Netgear CPE
On Sat, 9 Feb 2013 14:31:00 -0500 Christopher J. Pilkington c...@0x1.net wrote: Further digging indicates that RA and NS don't cross the bridge from wired to wireless. Are you using the Netgear device for wireless, or is there a wireless adapter/card/whatever in your linux box? If you have linux running on the wireless thingy, u might find the proxy_ndp options useful (/proc/sys/net/ipv6/...) I have a Netgear WG102 running as bridge and it worked without any further tweaking. But, I transport the data via tagged VLANs up to the Netgear who extracts them for each SSID individually. -- Dan Lüdtke www.danrl.de
Re: How are operators using IRR?
Hi, On Wed, 16 Jan 2013 19:55:44 -0500 ML m...@kenweb.org wrote: Is this being paired with some AS path filtering? I am a huge fan of path filtering, but I have so very little paths to maintain that I can say so. I guess most operators to not filter paths, and building prefix lists is more or less current practice. Just from what I have seen so far. I asked about best practice about building filteers from IRR data a while ago on NANOG, but there were not really an answer. Cheers Dan
Re: State of the RING 2012
On Fri, 28 Dec 2012 12:04:59 +0100 Job Snijders job.snijd...@atrato-ip.com wrote: We also started talks with other debugging projects such as RIPE Atlas to explore if cooperation and exchange of information can further such projects. A software-version of the atlas probe would be nice. But I guess many RING-members already have probes in their networks running?! -- Dan Lüdtke www.danrl.de
Strict route filtering at IX?
Hi NANOGers, tl;dr What is the best practice for filtering a large number of prefixes at an internet exchange? Yesterday I ran into problems while writing new filtering rules for my peerings at a local Exchange. My workflow probably has a flaw, although it works fine for IPv6 (well, less prefixes there). After the physical link was set up I startet a BGP session with the route server of the exchange. A few minutes later some other AS imported my prefix, e.g. those listed at HE[1]. I guess they filtered less strict :) The next day the exchange's route server administrator added my AS-SET to the AS-SET of the route server. --- snip RIPE DB --- as-set: AS-KLEYREX-RS1 descr: KleyReX Internet Exchange Frankfurt [...] members:AS-NONATTACHED --- snap --- A few days have passed since then but the number of peers has not increased as expected. Is this normal? My mp-* entries look like this: --- snip RIPE DB --- aut-num:AS57821 as-name:NONATTACHED-AS [...] mp-import: afi ipv4.unicast from AS31142 accept AS-KLEYREX-RS1 mp-export: afi ipv4.unicast to AS31142 announce AS-NONATTACHED --- snap --- Yesterday I thought about importing the route servers prefixes and, of course, to filter them. Using rtconfig[2] I created a filter for BIRD[3] like this: --- snip bird.conf --- if (prefix_too_long()) then reject; @rtconfig printPrefixes if (net ~ [ %p/%l+ ]) then accept;\n filter AS-KLEYREX-RS1 reject; --- snap --- This takes about 10-20 minutes and results in an very large config file constiting of hundreds of prefixes in IPv4. The same config file for IPv6 would be smaller. However, legacy protocol IPv4 is not yet dead so I need to filter it somehow. BIRD sometimes segfaults when it is advised to read those large filters. So, here's the question: How do you filter at exchanges? Where is the error in my workflow? Is strict route filtering a myth? Thanks for helping! Dan [1] http://bgp.he.net/AS57821#_peers [2] http://irrtoolset.isc.org/wiki/RtConfig [3] http://bird.network.cz
Re: Why do some providers require IPv6 /64 PA space to have public whois?
Hi, hmm, they get away with it once again. On the other hand their prices stay low. Off-topic but somehow important to me: HE has an open-peering policy (AFAIK); which basically means that tunnelbroker.net traffic is free for hetzner.de Is that true? That would be great! Regards Dan
Re: Long and unabbreviatable IPv6 addresses with random overloaded bits, vs. tunnelbroker
On Sun, 18 Nov 2012 21:40:45 -0800 Owen DeLong o...@delong.com wrote: Setting up a proper IPv6 subnet and unique gateway for each VM is probably insane, but, potentially less insane than some other alternatives. I second that! I give out a proper configured /64 to every customer regardless of he has one, two or more VMs in his network. The alternatives did not work for us, furthermore scaling the networks is reduced to drop in more VMs until the /64 runs out of addresses (read: never) OR the situation calls for other setups anyway. Receiving a /112 should make one at least thinking about the underlying network design for a minute. It just looks awkward! Cheers Dan
Re: RFC becomes Visio
On Fri, 2012-09-28 at 19:31 +0100, Nick Hilliard wrote: Here's a visio diagram you can send them: http://www.foobar.org/~nick/bgp-network-diagram.vsd Is there a .png version of it somewhere? The whole thread made my day, I'm eager to see this diagram as well. I don't have this MS Visio thingy you all use to set up your Avian Carrier BGP sessions... Regards Dan -- Dan Luedtke http://www.danrl.de
Re: IPv6 End User Fee
On Fri, 2012-08-03 at 14:22 -0500, Otis L. Surratt, Jr. wrote: 1. How are you making up loss of revenue on IPv4 assignments? By using legacy IP only were it is necessary. This way I have to support only one stack (IPv6), that saves me money. Regards. Dan -- Dan Luedtke http://www.danrl.de
RE: Stuxnet and more
http://www.f-secure.com/weblog/archives/2403.html There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC. Someone orchestratesd an attack, hmm? Nice. -- Dan Luedtke http://www.danrl.de
Re: VPN over satellite
Hi, On Mon, 30 Apr 2012 02:42:27 -0700, Rens r...@autempspourmoi.be wrote: Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements) Have you asked Genua? www.genua.de Word on the street says they have a solution, but it may not appear on their homepage ;) regards Dan -- Dan Luedtke http://www.danrl.de