Re: AS6713 (aka IAM / MOROCCO TELECOMS) peering contact
Poor form Clayton. This type of response is not helpful or constructive. Kenny Sent from my iPhone On Dec 26, 2014, at 5:46 PM, Clayton Zekelman clay...@mnsi.net wrote: What if the peering team member is a she? Should she not contact you if so? Sent from my iPhone On Dec 26, 2014, at 5:48 PM, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hello, If someone from IAM peering team is watching, could he please get in touch OFF-list please ? Best regards. -- Youssef BENGELLOUN-ZAHR
AS209 / Qwest / CenturyLink
Could someone from Qwest/CenturyLink AS209 contact me off list. We have two prefixes which are incorrectly being announced from this AS. I'm sure its an old configuration from days gone by. If there is a better / correct procedure to request help for this please let me know. Thanks! Kenny
Upstream / Handoff UPS?
We have tons of circuits with various providers. Often times the demarc / handoff switch from the provider is not running on battery backup. Sometimes if the demarc device is located in the same room as our equipment we mitigate this and plug the device into our backup systems. Am I wrong to think that the demarc from the provider is a sacred thing that should only be touched by said provider. Thus they should provide their own battery system? Is it normal for this equipment not to be battery protected? We are not dealing with any crazy SLA's however I think it would be standard build practice to put UPS's on your gear. Even if its small handoff switch sitting right next to my switch. :) Kenny
Re: which firewall product?
If the tunnel is to be terminated on this firewall device I would say look into a Mikrotik box. Alternatively you could make Cisco's IOS firewall / zone based firewall do this. So look into an ISR? Sent from my iPad On Jul 30, 2013, at 3:00 PM, William Herrin b...@herrin.us wrote: Hi folks, I'm trying to identify a firewall appliance for one of my customers. The wrinkle is: it has to be able to inspect packets inside an IPIP tunnel and accept/reject based on IP address, TCP port number and standard things like that. On the packet carried *inside* the IPIP tunnel packet. From what I can tell, the Cisco ASA can't do this. Linux iptables can (with the u32 match module) but the customer wants an appliance, not a server. What appliances do you know of that can do this? Is there a different Cisco box? A Juniper firewall? Anything else? Thanks in advance, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
L3 Contact
Will an IP engineer from Level3 contact me off list. We having trouble routing traffic through.. Possible bogon update issue ? Thanks Sent from my iPhone
IP allocations / bogon - verification
Gang, I apologize for a double post on this same topic tonight however I thought that broadening my request may help our cause. This month we had one of our IP allocations revoked and just recently got everything squared away with ARIN and things are turned back on so to speak. However I still have some customers having issues hitting a number of financial related websites ..etc and I assume its because of bogons ..etc I saw some earlier posts on here where folks have posted their allocation to ensure that others are routing it properly so I wanted to do the same. My allocation which has recently been revived: 66.185.0.0/20 Test point traceroute .etc 66.185.0.198 We do seem to be having some issues with some level 3 routing our range to some desitnations and can provide specifics off list. Thanks all for the help / verification. Kenny
Re: Blocking TCP flows?
+1 for Bro http://www.bro.org http://packetpushers.net/healthy-paranoia-show-11-bro-the-outer-limits-of-ids/ Sent from my iPad On Jun 13, 2013, at 2:32 PM, Eric Wustrow ew...@umich.edu wrote: Hi all, I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps link, with new blocked flows being dropped within a millisecond or so of being added. I've been looking into using OpenFlow on an HP Procurve, but I don't know much in this area, so I'm looking for better alternatives. Ideally, such a device would add minimal latency (many/expandable CAM entries?), can handle many programatically added flows (hundreds per second), and would be deployable in a production network (fails in bypass mode). Are there any COTS devices I should be looking at? Or is the market for this all under the table to pro-censorship governments? Thanks, -Eric
Centurylink Outage Iowa
Can anyone from Centurylink confirm any large outage in Dubuque, Iowa area? Support lines seem jammed. Thanks Kenny Sent from my iPhone
Re: Centurylink Outage Iowa
Rofl lots of corn and cows :) Sent from my iPhone On Jun 3, 2013, at 3:10 PM, valdis.kletni...@vt.edu wrote: On Mon, 03 Jun 2013 14:52:26 -0500, Kenny Kant said: Can anyone from Centurylink confirm any large outage in Dubuque, Iowa area? It's Dubuque, Iowa. How large can an outage there *be*? :) (Sorry, couldn't resist. :)