RE: Whither Cometh BCP38?
-Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Monday, June 11, 2012 11:13 AM To: NANOG Subject: Whither Cometh BCP38? Off a comment Vix made in another thread this weekend, what is the current status, to the degree to which anyone knows and is permitted to say, of the deployment of RFC 3704, BCP 38, to block IP address spoofing at the ingress edge of large consumer eyeball networks? Some statistics are available at http://spoofer.csail.mit.edu/ Ron
Communal Dining
Folks, You are all invited to an extremely informal dinner at our house at 6PM on Saturday, April 21. Spouses and children are all invited. I will bake bread and put on a huge pot of soup. If your kids are picky eaters, feel free to bring whatever they will eat. Our house is located at: 241 West Meadowland Lane Sterling, Virgina 20164 703 430 8379 -- Ron and Nancy Bonica vcard: www.bonica.org/ron/ronbonica.vcf
FW: Communal Dining
Folks, Sorry, you are not all invited to dinner. I apologize for the spam. MS mail address completion helped me a little more than I wanted. Ron -Original Message- From: Ronald Bonica Sent: Monday, April 16, 2012 10:05 AM To: 'frbi...@aol.com'; 'Nicholas Hinko'; 'Susan Hinko'; jay cuasay; 'William Richey'; Will Ress; 'maria torres'; 'landre...@gmail.com'; nanog@nanog.org Subject: Communal Dining Folks, You are all invited to an extremely informal dinner at our house at 6PM on Saturday, April 21. Spouses and children are all invited. I will bake bread and put on a huge pot of soup. If your kids are picky eaters, feel free to bring whatever they will eat. Our house is located at: 241 West Meadowland Lane Sterling, Virgina 20164 703 430 8379 -- Ron and Nancy Bonica vcard: www.bonica.org/ron/ronbonica.vcf
RE: US DOJ victim letter
Folks, I received a DoJ Victim Notification letter yesterday, which was pretty amazing considering the fact that I don't run a network. My letter referenced United States v. Menachem Youlus. I suspect that the letters that you guys received referenced a different case. Do I have that right? Ron -Original Message- From: Phil Dyer [mailto:p...@cluestick.net] Sent: Tuesday, January 31, 2012 7:39 PM To: nanog@nanog.org Subject: Re: US DOJ victim letter On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis jle...@lewis.org wrote: On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote: Bit odd, if it's a phish. Even more odd if it's actually from the Fed. It's definitely real, but seems like they're handling it as incompetently as possible. Yep. That sounds about right. Man, I'm feeling left out. I kinda want one now. phil
Trouble accessing www.nanog.org
Is anyone else having trouble accessing www.nanog.org. I can ping the site but don't get any response from HTTP requests. -- Ron Bonica vcard: www.bonica.org/ron/ronbonica.vcf
From Quebec
Hi Folks, I arrived in Quebec at about midnight last night. (United is always late). Dorothy, the VIRTUS forms are on the printer. Please have Amanda fill them out immediately. Ask Dylan if he is willing to help in autumn. If not, offer Donna $40 to pay for his investigation. I will reimburse you when I get back. Ron _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
RE: From Quebec
Folks, Sorry! I meant to send this email to my wife and daughter. Fat fingers early in the morning. Ron -Original Message- From: Ronald Bonica Sent: Sunday, July 24, 2011 9:29 AM To: dbonica; North American Network Operators' Group Subject: From Quebec Hi Folks, I arrived in Quebec at about midnight last night. (United is always late). Dorothy, the VIRTUS forms are on the printer. Please have Amanda fill them out immediately. Ask Dylan if he is willing to help in autumn. If not, offer Donna $40 to pay for his investigation. I will reimburse you when I get back. Ron _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
RE: in defense of lisp (was: Anybody can participate in the IETF)
Scott, I am not so sure that Randy's suggestion can be dismissed out of hand. When we started down the path of locator/identifier separation, we did so because the separation of locators and identifiers might solve some real operational problems. We were not so interested in architectural purity. At this point, it might be interesting to do the following: - enumerate the operational problems solved by LISP - enumerate the subset of those problems also solved by RFC 6296 - execute a cost/benefit analysis on both solutions Ron -Original Message- From: Scott Brim [mailto:scott.b...@gmail.com] Sent: Wednesday, July 13, 2011 10:39 AM To: Randy Bush Cc: North American Network Operators' Group Subject: Re: in defense of lisp (was: Anybody can participate in the IETF) On Wed, Jul 13, 2011 at 10:09, Randy Bush ra...@psg.com wrote: btw, a litte birdie told me to take another look at 6296 IPv6-to-IPv6 Network Prefix Translation. M. Wasserman, F. Baker. June 2011. (Format: TXT=73700 bytes) (Status: EXPERIMENTAL) which also could be considered to be in the loc/id space randy No, that's a misuse of loc/id since no identification is involved, even at the network layer -- but it is in the reduce issues in global routing and local renumbering space (that's part of what LISP does). Cameron: As for ILNP, it's going to be difficult to get from where things are now to a world where ILNP is not just useless overhead. When you finally do, considering what it gives you, will the journey have been worth it? LISP apparently has more benefits, and NPT6 is so much easier -- particularly if you have rapid adaptation to apparent address changes, which many apps have and all mobile devices need already -- sorry but I don't think ILNP is going to make it. You can't just say the IETF should pay more attention. I've invited people to promote it and nobody stepped up. Scott
RE: Anybody can participate in the IETF (Was: Why is IPv6 broken?)
Leo, Maybe we can fix this by: a) bringing together larger groups of clueful operators in the IETF b) deciding which issues interest them c) showing up and being vocal as a group in protocol developing working groups To some degree, we already do this in the IETF OPS area, but judging by your comments, we don't do it nearly enough. Comments? Ron -Original Message- From: Leo Bicknell [mailto:bickn...@ufp.org] Sent: Monday, July 11, 2011 3:35 PM To: nanog@nanog.org Subject: Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) In a message written on Sun, Jul 10, 2011 at 06:16:09PM +0200, Jeroen Massar wrote: Eh ANYBODY, including you, can sign up to the IETF mailing lists and participate there, just like a couple of folks from NANOG are already doing. The way the IETF and the operator community interact is badly broken. The IETF does not want operators in many steps of the process. If you try to bring up operational concerns in early protocol development for example you'll often get a we'll look at that later response, which in many cases is right. Sometimes you just have to play with something before you worry about the operational details. It also does not help that many operational types are not hardcore programmers, and can't play in the sandbox during the major development cycles.
RE: Anybody can participate in the IETF (Was: Why is IPv6 broken?)
-Original Message- From: Leo Bicknell [mailto:bickn...@ufp.org] Sent: Tuesday, July 12, 2011 11:42 AM To: Ronald Bonica Cc: nanog@nanog.org Subject: Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) [snip] But there is no roadmap in the IETF process now for LISP that says We've got this 90% baked, we need to circulate a draft to the NANOG mailing list, request operator comments, and actively solicit operators to participate in the expanded test network. We need that mechanism to tell folks hey, it's real enough your operational feedback is now useful and come test our new idea. Leo, We need to fix this problem. Without the feedback loop that you describe, the IETF will never know whether they are producing useful stuff or nonsense. How does the following sound as a solution: Let's say we set up an new IETF mailing list, primarily for the use of operators. When an operator sees a draft that might be of interest to the operational community, he creates a new thread on the list, copying the draft authors and WG chairs. (The authors and chairs can decide whether to add the WG to the thread). The OPS AD will consider thread contents when evaluating the draft. Ron
RE: Anybody can participate in the IETF (Was: Why is IPv6 broken?)
Cameron, Please stay tuned. While 6-to-4-historic is on hold, it is far from being dead. Expect more discussion in Quebec and on the mailing list. I doubt if there will be any final decision before Quebec. Ron -Original Message- From: Cameron Byrne [mailto:cb.li...@gmail.com] Sent: Tuesday, July 12, 2011 11:44 AM To: Ronald Bonica Cc: Leo Bicknell; nanog@nanog.org Subject: Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) On Tue, Jul 12, 2011 at 8:28 AM, Ronald Bonica rbon...@juniper.net wrote: Leo, Maybe we can fix this by: a) bringing together larger groups of clueful operators in the IETF b) deciding which issues interest them c) showing up and being vocal as a group in protocol developing working groups To some degree, we already do this in the IETF OPS area, but judging by your comments, we don't do it nearly enough. Comments? There may be an OPS area, but it is not listened to. Witness the latest debacle with the attempt at trying to make 6to4 historic. Various non-practicing entities were able to derail what network operators largely supported. Since the IETF failed to make progress operators will do other things to stop 6to4 ( i have heard no over IPv4 transport, blackhole 6to4 anycast, decom relay routers...) Real network operators have a relatively low BS threshold, they have customers to support and businesses to run, and they don't have thumb wrestle these people who don't actually have any skin in the game. Cameron Ron -Original Message- From: Leo Bicknell [mailto:bickn...@ufp.org] Sent: Monday, July 11, 2011 3:35 PM To: nanog@nanog.org Subject: Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?) In a message written on Sun, Jul 10, 2011 at 06:16:09PM +0200, Jeroen Massar wrote: Eh ANYBODY, including you, can sign up to the IETF mailing lists and participate there, just like a couple of folks from NANOG are already doing. The way the IETF and the operator community interact is badly broken. The IETF does not want operators in many steps of the process. If you try to bring up operational concerns in early protocol development for example you'll often get a we'll look at that later response, which in many cases is right. Sometimes you just have to play with something before you worry about the operational details. It also does not help that many operational types are not hardcore programmers, and can't play in the sandbox during the major development cycles.
RE: And so it ends (slightly off topic)
Folks, Somehow, it is appropriate that this should happen on February 3. On February 3, 1959, Buddy Holly, Richie Valens and JP Richardson (aka The Big Bopper) died in a plane crash. Don McLean immortalized that day as The Day The Music Died in his 1971 hit, American Pie. Ron
RE: IPv6: numbering of point-to-point-links
Lasse, draft-ietf-6man-prefixlen-p2p-01 provides some insights. Ron -Original Message- From: Lasse Jarlskov [mailto:l...@telenor.dk] Sent: Monday, January 24, 2011 7:49 AM To: nanog@nanog.org Subject: IPv6: numbering of point-to-point-links Hi all. While reading up on IPv6, I've seen numerous places that subnets are now all /64. I have even read that subnets defined as /127 are considered harmful. However while implementing IPv6 in our network, I've encountered several of our peering partners using /127 or /126 for point-to-point links. What is the Best Current Practice for this - if there is any? Would you recommend me to use /64, /126 or /127? What are the pros and cons? -- Best regards, Lasse Jarlskov Systems architect - IP Telenor DK
RE: Auto ACL blocker
Brian, Have you thought about what a bad guy might do if he knew that you had such a policy deployed? Is there a way that the bad guy might turn the policy against you? Ron -Original Message- From: Brian R. Watters [mailto:brwatt...@absfoc.com] Sent: Tuesday, January 18, 2011 2:12 PM To: nanog@nanog.org Subject: Auto ACL blocker We are looking for the following solution. Honey pot that collects attacks against SSH/FTP and so on Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. Of course we would require a master whitelist as well as to not be blocked from our own networks. Any current solutions or ideas ?? -- BRW
