Re: Private use of non-RFC1918 IP space
Stephen Sprunk wrote: Trey Darley wrote: Some colleagues and I are running into a bit of a problem. We've been using RFC 1918 Class A space but due to the way subnets have been allocated we are pondering the use of public IP space. As the network in question is strictly closed I don't anticipate any problems with this as the addresses would be unambiguous within our environment. I'm curious if anyone else is doing this. "Closed" networks nearly always end up getting connected to public networks, either by intent or by accident. If you act as if your network will remain "closed" forever, e.g. by using public addresses that are (or will be) assigned to someone else, you're going to cause a lot of headaches for yourself or your replacement down the road, eventually. Contrary to popular belief, ARIN (and possibly other RIRs) _will_ assign public IPs for private/closed networks if you can explain why RFC1918 space will not suffice for your needs, e.g. because you are running a private internetwork between multiple companies and thus NAT/RFC1918 is simply not viable due to the number of ASes and the difficulty in avoiding collisions or the sheer number of hosts... Or you can always get some PA space from an ISP rather easily. ~Seth
Re: Database backed DNS Management Solutions
Steven Crandell wrote: > I'm a long time BIND user and recent convert to PowerDNS. > I considered BIND-DLZ briefly but found that I wasn't excited about the DB > retro-fit on a piece of software that was previously very much meant to live > in the world of flat files. > My initial intent was to try PowerDNS first and then give BIND-DLZ a test > drive also, but I never got around to BIND-DLZ given how well PowerDNS > performed. > > My only beef with PDNS is the inability to use master-slave replication to > hosts that are not listed as type NS. > This is by design but it nevertheless got in my way. > I've since just set all domains to use native replication (e.g. db backend > repliciation, Postgres/Slony in this instance) and absolutely could not be > happier with the results. > > The amount of time I spend managing DNS has been reduced to almost nothing > given how easily I can script my large operations. > Still it pays to be wise: Use transactions!! > Always, always, *always* use a transaction-aware database with PowerDNS. That said, I too am a happy user of PowerDNS using native database replication. The recent January 27 release added a lot of good stuff. ~Seth
Re: Private use of non-RFC1918 IP space (IPv6-MW)
Patrick W. Gilmore wrote: > On Feb 4, 2009, at 6:56 PM, Scott Howard wrote: >> On Mon, Feb 2, 2009 at 9:35 PM, Patrick W. Gilmore >> wrote: >> >>> Except the RIRs won't give you another /48 when you have only used one >>> trillion IP addresses. >> >> Of course they will! A /48 is only the equivalent of 65536 "networks" >> (each >> network being a /64). Presuming that ISPs allocate /64 networks to each >> connected subscriber, then a /48 is only 65k subscribers, or say around a >> maximum of 200k IP addresses in use at any one time (presuming no NAT >> and an >> average of 3-4 IP-based devices per subscriber) >> >> IPv4-style utilization ratios do make some sense under IPv6, but not >> at the >> address level - only at the network level. > > First, it was (mostly) a joke. > > Second, where did you get 4 users per /64? Are you planning to hand > each cable modem a /64? > That was the generally accepted subnet practice last time I had a discussion about it on the ipv6-ops list. I'm not an ISP, but I have a /48 and each subnet is a /64. Some devices will refuse to work if you subnet smaller than a /64. (Yes, poorly designed, etc.) ~Seth
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]
Matthew Moyle-Croft wrote:
>
>
> Anthony Roberts wrote:
>>
>>
>> I don't think there's any need for the ISP's routers to advertise all the
>> prefixes they delegate. They'll advertise the /48 or whatever it is, and
>> then delegate chunks out of that.
>>
> My apologies for not being clear:
>
> As I posted just before in reply to MarkA - I'm hoping that for the
> MAJORITY of customers that I can use PD and dynamic /64s (or whatever)
> local to a BRAS.
> My FEAR is that people ("customers") are going to start assuming that v6
> means their own static allocation (quite a number are assuming this).
> This means that I have a problem with routing table size etc if I have
> to implement that.
>
Well, it is static, but like most static IP services offerd by an ISP,
if you leave you can't take your addresses with you. Even with DSL from
AT&T if you move locations you get a different subnet.
~Seth
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]
Mark Andrews wrote: > In message <498a3ca5.6060...@internode.com.au>, Matthew Moyle-Croft writes: >> Anthony Roberts wrote: >>> On Thu, 05 Feb 2009 11:08:44 +1030, Matthew Moyle-Croft >>> wrote: >>> Let's face it - the current v6 assignment rules are to solve a 1990s set of problems. A /64 isn't needed now that we have DHCP(v6). >>> It's needed to prevent people from NATing in v6, as they'll still want >>> their stuff behind a firewall, and some of them will want subnets. >>> >> Why do we want to prevent people using NAT? If people choose to use >> NAT, then I have no issue with that. >> >> This anti-NAT zealotism is tiring and misplaced. > > NAT's break lots of things and increase the development > costs of every piece of network based software being written. > > If we could get a true accounting of the extra cost imposed > by NAT's I would say it would be in the trillions of dollars. > > NAT's are a necessary evil in IPv4. If every node that > currently communicates to something the other side of a NAT > was to have a global address then we would have already run > out of IPv4 addresses. > > NAT's are not a necessary evil in IPv6. Just stop being > scared to renumber. Addresses are not forever and when you > design for that renumbering get easier and easier. > > For everything else there are alternate solutions. > Far too many people see NAT as synonymous with a firewall so they think if you take away their NAT you're taking away the security of a firewall. A *lot* of these problems we face are conceptual rather than technological. ~Seth
Re: Private use of non-RFC1918 IP space (IPv6-MW)
TJ wrote: >> Some devices will refuse to work if you subnet smaller than a /64. (Yes, >> poorly designed, etc.) > > Actually, no - not poorly designed. The spec says it must be a /64 > (excluding those starting with 000 binary) so that is what devices > (rightfully) expect. Ref: http://tools.ietf.org/html/rfc4291#section-2.5.1 > I was just trying to head off the flood of "poorly designed" comments last time I said such a thing on a different list. ;) I find /64 convenient because it ends on a nice boundary out of my /48 and for my purposes it's more than enough space. The only annoyance I've come across was my Cisco devices will only accept an EUI-64 address as a host address in an ACL. Not a big deal though. ~Seth
Automatic Switches?
I hate to interrupt the IPv6 and RFC 1918 mega-threads... Does anyone know of a company that makes 208v (3-wire line-line ground, no neutral, 208v loads only, single phase) 30-60 amp automatic transfer switches with sub-30ms switching time? APC used to make the SU045X163 30A model, but it seems to have been discontinued and it's hard to find products that support 208v single phase. ~Seth
Re: Automatic Switches?
Seth Mattinen wrote: > I hate to interrupt the IPv6 and RFC 1918 mega-threads... > > Does anyone know of a company that makes 208v (3-wire line-line ground, > no neutral, 208v loads only, single phase) 30-60 amp automatic transfer > switches with sub-30ms switching time? APC used to make the SU045X163 > 30A model, but it seems to have been discontinued and it's hard to find > products that support 208v single phase. > Ugh, of course I come across something (TwinSource DCC-II RM-ITSTS, 50A in a 4U case using SCRs) mere minutes after posting. Any other recommendations are still welcome. The TwinSource unit looks quite fascinating, although I'm guessing quite expensive. ~Seth
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
John Peach wrote: > > On Mon, 9 Feb 2009 21:16:49 -0500 > "TJ" wrote: > >>> The SOX auditor ought to know better. Any auditor that >>> requires NAT is incompenent. >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and >> RFC1918 addressing ... > > SOX auditors are incompetent. I've been asked about anti-virus software > on UNIX servers and then asked to prove that they run UNIX. Not just SOX. I vaguely remember something in PCI about NAT. It wouldn't surprise me if every auditing thing involving computers said something about requiring NAT. See my earlier comment about NAT=firewall. ~Seth
Re: One /22 Two ISP no BGP
Charles Regan wrote: > Just got final confirmation from ISP1 that they will not do BGP with us. > > ISP1 is Telebec. > http://www.iptools.com/dnstools.php?tool=ipwhois&user_data=142.217.0.0&submit=Go > > My subnet > http://www.iptools.com/dnstools.php?tool=ipwhois&user_data=204.144.60.0&submit=Go > > What can we do now ? Any suggestions ? > Do you know who is upstream of ISP2? We've established that Telebec is only connected to Bell Canada. If ISP2 also has a connection to Bell then you don't gain anything with Telebec except this huge mess and horrible hacks to work around their lack of BGP. ~Seth
Re: One /22 Two ISP no BGP
Charles Regan wrote: > The problem we have now is that we got our /22 from arin to do multihoming. > If we dump tlb, no more multihoming? No /22. Is that correct? > > We also have a contract with tlb. > $$$ 1.5yrs left... > > There's something in there about non-multihomed sites, but I'm not familiar with it. Telebec doesn't appear to be multihomed, though. The only other thing I can think of to avoid horrible hackery is to convince them to colo a router for you to do eBGP to. Honestly, I wouldn't recommend multihoming *without* BGP. One day you'll end up with some really ugly failure mode. ~Seth
Re: lots of prepends
Mikael Abrahamsson wrote: > > Today 85.119.176.0/21 was announced by AS20912 with 177 prepends. I > noticed 20912 modulo 256 is 176. AS47868 modulo 256 is 252 which matches > this mondays prepend-incident. > > So, what router OS will put 20912 into a byte and thus end up with 176 > in something like "set as-path prepend last-as " ? It > needs to be fixed. > > Has anyone noticed any ill effects with IOS and using "bgp max-as"? Will > it just drop any prefixes with long as-paths and no other ill > operational effects? > No ill effects here, but I never saw the others before this one, and I'm only seeing it via 3561. 010308: Feb 19 13:08:13.455 PDT: %BGP-6-ASPATH: Long AS path 3561 3257 8928 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 20912 received from 216.88.158.93: More than configured MAXAS-LIMIT ~Seth
Re: Comcast - No complaints! [was: Re: Craptastic Service!
Paul M. Moriarty wrote: > > Oh, and you might want to read those SLA's you get from AT&T or any > other carrier. Typically, all they give you for not meeting the SLA is > "credits" and you typically have to ask for them, in writing within 30 > days to actually get them. > If I give someone money to do something, and they fail to meet the contracted metrics, what else can they give me except money back? ~Seth
Re: Yahoo and their mail filters..
Peter Beckman wrote: > On Wed, 25 Feb 2009, Richey wrote: > >> AOL's Scomp is spam it's self. If I read though 100 messages maybe one >> message is really spam. The other 99 are jokes, regular emails, maybe a >> news letter from their church, etc. Most people are lazy and would >> rather >> click on the Spam button instead of unsubscribing for a list they >> subscribed >> to in the first place. > > Why the hell can't AOL integrate the standard listserv commands integrated > into many subscription emails into a friggin' button in their email > client, right next to "Spam" (or even in place of it) that says > "Unsubscribe?" > > I realize it could be used badly if globalized, but if AOL got off their > duff and vetted some of the higher volume truly honest subscription > emailers and allowed their emails to activate the Spam->Unsub button, it > might save everyone some headaches. > In a perfect world, the spam button would only affect delivery to that user, not everyone. Especially when they go all rabid click crazy on the spam button for personal correspondence from their mom. ~Seth
Re: Request for data : Earth Hour - traffic stats [28 March 2009 20:30-21:30 local]
jamie rishaw wrote: > Ninjas, > > I'm compiling some data re this year's "Earth Hour"[1] . > > For those not in the know, or those that dismissed it, "Earth Hour" is > something the World Wildlife Fund cooked up, suggesting that the world "turn > off" all non-essential electrical devices, to demonstrate some > global-warming hypothesis. > > I'm looking for data - either compiled or raw - of activity between 8:30 > (20:30) and 9:30 (21:30) "local" time. Power usage (and comparisons against > previous weeks if available) and probably easier to push out - bandwidth > info (and, again, comparisons against previous 2030-2130-saturday-night > data). > > All data will be anonymized. Sources, if you send from $work email, will > not be included in any summarizations. > > I think this will turn out to be some rather interesting info. I'll post > findings to nanog, of course, or at least, appropriate urls and such. > I say we all run "off the grid" on generator power for earth hour. (At least that's what I'm saying because it was coincidentally my regular automatic exercise time with load transfer.) ~Seth
Re: Register.com DNS hosting issues
Jeffrey Negro wrote: > No ETA given to me, just the stock line of "We apologize.. blah blah... > as soon as possible.. blah blah." > This is probably a good time to remind the uninitiated to have some secondary DNS with a totally separate company if your DNS is that important to you. ~Seth
Re: Verizon EVDO Issues
Alexander Harrowell wrote: > On Tuesday 07 April 2009 22:10:24 Charles Wyble wrote: >> Been troubleshooting a very strange problem for a couple of weeks now. >> >> I have a few hundred systems deployed throughout the United States >> utilizing EVDO connectivity with Verizon as a carrier. They are stationary. >> >> Over the past few weeks clusters of them in SF and Lewisville TX and a >> few other areas have been failing intermittently. They are offline for >> several days, then online for a few days then go offline again. They are >> running Linux and PPPD. >> > > Do they maintain a continuous data link in normal operation (like, say, > connectivity for a LAN, or backhaul for a camera or some such), or do they > request the data link when they need to send [whatever] (like a discrete > SCADA > system)? My (user only) experience is that cellular data service doesn't > handle long sessions well. > I have a few Sprint EVDO cards. They go into standby when nothing is actively going on and fire up within seconds when there is something to do. I regularly use everything from SSH to streaming video without any issues. I only notice the delay with SSH when I don't type anything for a few minutes and it has to come active again, but I can leave it idle for hours and it never drops. As far as the OP goes, let them replace the cards if they think that's the problem. You and I may suspect something else is up, but if that's on their checklist, it is what it is. ~Seth
Re: BGP FlowSpec support on provider networks
Fouant, Stefan wrote: > Hi folks, > > I am trying to compile data on which providers are currently supporting > BGP Flowspec at their edge, if there are any at all. The few providers > I've reached out to have indicated they do not support this and have no > intention of supporting this any time in the near future. I'm also > curious why something so useful as to have the ability to advertise flow > specification information in NLRI and distribute filtering information > is taking so long to gain a foothold in the industry... > Just FYI, but when you hit reply and change the subject, your message still shows up under the "Fiber cut in SF area" thread. Anyone who's ignoring that thread will not see your message. ~Seth
Re: Looking for AT&T / Verizon / Sprint WWAN service impressions - on or off-list replies welcome
Crooks, Sam wrote: > I'm considering use of AT&T / Verizon / Sprint WWAN services and the > Cisco 3G router interface cards/integrated module in C880 routers for > primary or backup WAN network connectivity for routers. My comments are only for Sprint EVDO/1xRTT since that's what I use. > I'm looking for information from users of these services on the > following: > > - addressing - Do these WWAN services use dynamic, PPPoE or static IP > assignment typically? Any of the 3? All? My IP changes every time the session establishes. >- is static IP assignment available? I've never asked about static because there was no benefit to me when other workarounds were available, i.e. DMVPN. > - do these service providers use NAT within their network? Sprint doesn't, you get a public IP and I can establish inbound connections. They seem to filter incoming port 80 though. I regularly SSH to the wireless IP without any problems, although if the radio is sleeping sometimes it takes two attempts. > - How is the service reliability? In most cases, is the service > available for use when you need to use it? I've been using it for years with no complaints. > - How is the service coverage area? Do you have problems getting > sufficient coverage in the deplouyment location to support desired > speeds (say 512kbps up/down as a minimum)? I get full EVDO rates. It's as reliable as any other CDMA phone I've used in my area. Standard bad and good coverage areas apply. They will do site surveys for you though, plus you can get fancy antennas for the cards. I picked EVDO because it has a better upstream rate. > - is ESP / IKE / IPsec permitted through un-rate-limited and un-molested > by the providers? As far as I can tell. > - If you build a IPsec/GRE tunnel over these services, do you have > frequent issues with the tunnel dropping, or a dynamic routing protocol > running through the tunnel going down frequently? Sometimes latency sucks and timers will expire. It always recovers on its own though. > Also interested in similar information on impressions of similar EMEA > WWAN service providers, particularly Vodaphone and T-Mobile, if anyone > has experiences with these. > > > Replies on-list or off-list are welcome Your choice. > > Cisco 3G interface and provider information: > > http://www.cisco.com/en/US/products/ps7272/index.html > > http://www.cisco.com/en/US/prod/routers/networking_solutions_products_ge > nericcontent0900aecd80601f7e.html#~north-america > If uplink rates matter, for AT&T, you'll have to wait for the HWIC-3G-HSPA-A to come out. If you want better than 384 up right now, go EVDO Rev. A and make sure they do a site survey for you first. In the end, it's just a fancy cell phone in your router. ~Seth
Re: Looking for AT&T / Verizon / Sprint WWAN service impressions - on or off-list replies welcome
Charles Wyble wrote: > > > Crooks, Sam wrote: >> I'm considering use of AT&T / Verizon / Sprint WWAN services and the >> Cisco 3G router interface cards/integrated module in C880 routers for >> primary or backup WAN network connectivity for routers. >> > > I haven't used the integrated cards with cisco gear. However I do have > 300+ cards deployed throughout the United States (EVDO USB modems on > Linux boxes). > > >> I'm looking for information from users of these services on the >> following: >> - addressing - Do these WWAN services use dynamic, PPPoE or static IP >> assignment typically? Any of the 3? All? >>- is static IP assignment available? > > We have static IP assignment for our Verizon cards. Sprint cards aren't > static. > I received an offlist response indicating Sprint now offers static. ~Seth
Re: Where to buy Internet IP addresses
LEdouard Louis wrote: > Optimum Online business only offer 5 static IP address. > > > > Where can I buy a block of Internet IP address for Business? How much > does it cost? > > > > Most of our devices only require an internal IP address to reach the > internet, but we have a Juniper DX for load balancing. > > > > We must provide Juniper DX with an internet IP address and point it to > internal IP address for customers to be able to reach it from the > internet. this is for testing and development purposes and will expect > several servers on Load-balancer. The 5 static IP addresses just won't > be enough. > Get a different ISP. You can't "buy addresses." You can apply to your RIR for addresses, but it sounds like you wouldn't qualify if your price range is 5 statics from your ISP. Also see huge debate on arin-ppml about buying and selling addresses. ~Seth
Re: Where to buy Internet IP addresses
Mark Andrews wrote: > In message <49fb4661.8090...@west.net>, Jay Hennigan writes: >> LEdouard Louis wrote: >>> Optimum Online business only offer 5 static IP address. >>> >>> Where can I buy a block of Internet IP address for Business? How much >>> does it cost? >> Only five? Really? Our basic residential users get 18 quintillion >> addresses, and business users get 65536 times that many. Tell them you >> need a few more. :-) > > Actually residential users do. One /64 is not enough. On > can argue about whether a /56 or a /48 is appropriate for > residential users but a single /64 isn't and residential > ISP's should be planning to hand out more than a single /64 > to their customers. > I hear this a lot, but how many "linksys default channel 6" end users really have more than one subnet, or even know what a subnet is? ~Seth
Re: Where to buy Internet IP addresses
David Schwartz wrote: >> I hear this a lot, but how many "linksys default channel 6" end users >> really have more than one subnet, or even know what a subnet is? >> >> ~Seth > > Wrong question. The right question is, how many would if reachable address > scarcity weren't a factor. > They're reachable right now as long as you're in radio range. ~Seth
Re: Slightly OT: Calculating HVAC requirements for server rooms
Ricky Beam wrote:
> On Fri, 01 May 2009 21:32:19 -0400, William Warren
> wrote:
>>> Specifically, I am using the guide posted at:
>>> http://www.openxtra.co.uk/articles/calculating-heat-load
>
> "Before you decide on an air conditioning unit you should commission an
> audit from a suitably qualified air conditioning equipment specialist or
> installer."
>
> Translation: Hire a f***ing professional.
>
> And that's exactly what you need to do. Qualified HVAC installers (with
> specific data center experience) will know far more than us "network
> types" will ever want to know about cooling. They do this for a living,
> and thus, know all the tiny details and odd edge cases to look for.
> (like looking above the drop ceiling -- that's what it's called, btw --
> and seeing what's up there long before pencil meets paper (not that
> anyone uses paper anymore.))
>
>> You also have to take into account the environment surrounding the
>> data room. At my wife's work The ceiling above is only separated with
>> a false ceiling to the metal roof above but the rest of hte spaces
>> surrounding the room are climate controled. They [had] to
>> significantly upsize to account for the heat load of that ceiling.
>
> Unless you are pulling air through the plenum (that space above the drop
> ceiling), the air up there shouldn't matter much -- there should be
> plenum returns up there to begin with venting the air to the surrounding
> plenum(s) (i.e. the rest of the office, hallway, neighboring office,
> etc.) However, I've seen more than enough office setups where the
> "engineers" planning the space completely ignore the plenum. In my
> current office building the static pressure pushes the bathroom doors
> open by almost 2". And they placed our server room directly under the
> building air handlers -- meaning all the air on the 3rd floor eventually
> passes through the plenum above my servers. (also, the sprinkler system
> riser room is in there.)
The space above the drop ceiling is only a plenum if it's used as air
handling space opposed to ducting the returns everywhere. If it's not an
air handling space, it's not a plenum, it's just where spiders might be.
It's easier to throw grated panels in all over the place for returns in
large systems.
Now, back on topic, plus nifty graphics explaining the difference:
http://en.wikipedia.org/wiki/Plenum_cable
> Bottom line, again, ask a professional. NANOG is a bunch of network
> geeks (in theory.) I'd be surprised if there's even one licensed HVAC
> "geek" on the list. ('tho I'm sure many may *know* an HVAC engineer.)
But yes, please, don't learn how to make your own system from what we
say here. HVAC systems are their own world. You wouldn't want an HVAC
guy designing your network just because he's seen a lot of server rooms,
would you?
~Seth
Re: Where to buy Internet IP addresses
Joe Maimon wrote: > > > Joe Greco wrote: > >> One of the goals of providing larger address spaces was to reduce (and >> hopefully eliminate) the need to burn forwarding table entries where >> doing so isn't strictly necessary. When we forget this, it leads us >> to the same sorts of disasters that we currently have in v4. >> >> ... JG > > And if you are encouraging /48 handouts, /32 isnt large enough to > prevent that on the global level. > What remains to be seen is what will happen when someone says "hey, my /32 is full, I need another one". Will it be: a) Sure, here's another /32, have fun! b) You didn't subnet very efficiently by current standards even though it was encouraged in the past; try to reclaim some space internally. ~Seth
Re: Where to buy Internet IP addresses
Carsten Bormann wrote:
> On May 4, 2009, at 10:08, Nathan Ward wrote:
>
>> Forwarding these requests up to the ISP's router and having several
>> PDs per end customer is in my opinion the best way to go.
>
> If the ISP sees (and has to hand out) the PD, some bean counter will put
> a price tag on it ("differential pricing").
> If there is a price tag on it, nobody will pay the higher price, and
> everybody will put in a kludge to get by with one /64.
> Think about it: That's exactly the reason why we got mired in the InterNAT.
>
> Really, /56 for everyone is the only way back to an Internet.
>
As cool as it would be to have the internet fully routable, I would be
surprised if it would happen because of the "how little can we get away
with giving the customer so we can charge for upgrades" mentality.
~Seth
Re: Why is www.google.cat resolving?
Tim Tuppence wrote: > Hello, > > I am seeing that www.google.cat resolves from three different networks. > It even resolves from here: http://www.squish.net/dnscheck/ > > What is going on? > Why are you expecting it not to? ~Seth
Re: UCEProtect Level 3
Raleigh Apple wrote: > Is anyone else out there aware that the UCEProtect Level 3 email > blacklist blocks entire AS? > http://lmgtfy.com/?q=uceprotect+level+3
Re: Data centre info
Ingo Flaschberger wrote: >> - disadv > > you can not hide cables > I think well-dressed visible overhead cable arrangements look kind of cool. I'd rather see nice cables than a hidden rat's nest. ~Seth
Re: delays to google
Andy Ringsmuth wrote: > It's starting to show up in the news media as well: > > http://apnews.myway.com/article/20090514/D9864P900.html > > > Google glitch disrupts search engine, e-mail > Because we let google control our fate far too much. Personally, I think this thread is more off topic than the ones that were moderated and should live on the outages mailing list. This is not operational, it's just google being broken, again. ~Seth
Re: another brick in the wall[ed garden]
Owen DeLong wrote: > While you're at it, it would be nice if SPRINT also fixed the problems > with ports TCP/25 and TCP/587. > Never tried 25, but I know 587 is fine through a tethered handset my (extremely non-technical) significant other uses daily. Shouldn't we all be using the submission port anyway? ;) ~Seth
Re: Managing your network devices via console
Tomas L. Byrnes wrote: > I've found Avocents to be a nightmare, and the company to be horrible to > deal with. > > They work fine as a local console switch, but they are absurdly > expensive for that use. The rest of their features are byzantine in > implementation and usage, and their support and licensing policies > exorbitant. > > Old school terminal servers and IPMI/DRAC cards work very well. > I have a PM25 that's an absolutely awesome console server. The only thing it can't do that would make it perfect is SSH. I've never been particularly impressed with the responsiveness of IPMI/SOL, but it's acceptable since it's typically only used in an emergency. ~Seth
Re: ISP best practices
Adam Kennedy wrote: > Bind is fully capable of IPv6. When combined with Webmin (www.webmin.com), > I'm not sure how much easier Bind can get. Webmin will also keep DNSSEC keys > up to date with changes, so long as you make those changes from within > Webmin. If you make changes in CLI, you can tell Webmin to rehash the keys > manually. It's as simple as clicking a GUI button. > Does anyone still use probind? As much as I am gung-ho command line, managing a huge amount of DNS can get ugly. ~Seth
Re: Local Peering and Transit - BGP multihoming
ty chan wrote: > Dear all, > > In my lab, i manage two ASN (100,200). ASN100 has one transit to ASN300 and > local peering to ASN500. > ASN200 has one transit to ASN400. ASN100 do private peering to ASN200. Some > policies are required as below: > 1. ASN100 customer can only use ASN300 for transit > 2. ASN200 customer can only use ASN400 for transit. > 3. Local traffic will stay local between ASN100,ASN200 and ASN500. > 4. ASN100 and ASN200 are backup each other only if either upstreams is down. > > How to configure BGP to meet the above policies? I am using Cisco devise. > Is there a reason you are just throwing specs out and expecting the list to do your job for you? I don't mean to be rude, but you should learn how to at least do some of it yourself so you can ask specific questions for the parts you have trouble getting it to work. ~Seth
Why choose 120 volts?
I have a pure curiosity question for the NANOG crowd here. If you run your facility/datacenter/cage/rack on 120 volts, why? I've been running my facility at 208 for years because I can get away with lower amperage circuits. I'm curious about the reasons for using high-amp 120 volt circuits to drive racks of equipment instead of low-amp 208 or 240 volt circuits. ~Seth
GGC need portal access restored
I also need someone at GGC to contact me ASAP; a tech showed up on site to replace hardware in a node and I've come to find out my portal access is no longer available and I can't place it into maintenance mode. ~Seth
Re: NTP Sync Issue Across Tata (Europe)
On 8/9/23 2:39 AM, Forrest Christian (List Account) wrote: When GPS is working, time transmission with accuracies of under 1 microsecond is common. This is especially true if the GPS integrates some sort of disciplined oscillator. Note that this is in excess of what NTPd running on a typical OS can reliably retransmit. BUT.. if I was to choose only one protocol, it would be NTP, not GPS, because of all of the reasons you mention. I find it distressing that sites are relying on GPS only. I suspect that this a failure to assign proper risk to using GPS. It's particularly odd when one considers that adding NTP time sources are essentially free and improve robustness and reliability greatly. I liked having a WWVB receiver in my mix, but all the hardware appliances (at least those offering OCXO or Rubidium oscillator options) seem to have rejected it in favor of GPS only. I can only conclude that either vendors think options like WWVB are a dead end or there's no demand for GPS alternatives. Products like the BlueSky GNSS Firewall exist, but not something I've thought was as necessary expenditure for my needs (yet). Mouser lists it at just under $10k. Personally I'm just not that comfortable using random unknown platform and unknown installation conditions time server pools over the big-I internet. I would possibly consider NTP servers operated by entities I have peering with. ~Seth
Re: NTP Sync Issue Across Tata (Europe)
On 8/9/23 3:25 PM, Forrest Christian (List Account) wrote: Note that NIST operates a pool of 24 time servers for public use. These are spread across four different locations in two different states. My understanding is that they all get their time directly from the official NIST clocks without GPS or NTP being involved. I used to jump through all the hoops for that but honestly I like the appliances better (they are also PTP grandmaster clocks). I can always disable the GPS inputs if any of the doom and gloom actually comes to pass. ~Seth
Re: maximum ipv4 bgp prefix length of /24 ?
On 9/29/23 10:24, VOLKAN SALİH wrote: you guys become rich this way.. by playing penny pincher. I asked global firms like Huawei, not some local company called ADAMS! You joined the wrong mailing list then. This is NANOG, which has companies of all sizes and private individuals operating networks. This is not a "global firms" mailing list.
Re: .US Harbors Prolific Malicious Link Shortening Service
On 11/2/23 1:30 PM, goemon--- via NANOG wrote: Are there any legitimate services running solely on .us domain names? Yes.
Why are paper LOAs still used?
Why do companies still insist on, or deploy new systems that rely on paper LOA for IP and ASN resources? How can this be considered more trustworthy than RIR based IRR records? And I'm not even talking about old companies, I have a situation right now where a VPS provider I'm using will no longer use IRR and only accepts new paper LOAs. In the year 2024. I don't understand how anyone can go backwards like that. ~Seth
