Re: 100.100.0.0/24
В 16:22 -0700 на 06.10.2012 (сб), Randy Bush написа: > >> http://www.team-cymru.org/Services/Bogons/bgp.html > > Please tell me how I can configure my router to use that feed to > > automatically reject any bogon advertisements I receive from other BGP > > neigbhors. > > you actually have to look at that web page > If you're seeing the same page, the configs and explanations there show how to drop packets destined to bogons, not routes. (I also want to know the answer to that question) -- Regards, Vasil Kolev signature.asc Description: This is a digitally signed message part
TCP congestion control and large router buffers
https://gettys.wordpress.com/2010/12/06/whose-house-is-of-glasse-must-not-throw-stones-at-another/ I wonder why this hasn't made the rounds here. From what I see, a change in this part (e.g. lower buffers in customer routers, or a change (yet another) to the congestion control algorithms) would do miracles for end-user perceived performance and should help in some way with the net neutrality dispute. I also understand that a lot of the people here operate routers which are a bit far from the end-users and don't have a lot to do with this issue, but the rest should have something to do with choosing/configuring these end-user devices, so this should be relevant. -- Regards, Vasil Kolev signature.asc Description: This is a digitally signed message part
Re: L3 Issues
В 11:39 -0600 на 01.08.2011 (пн), Khurram Khan написа: > Hello and Good Morning, > > Are there reports of L3 having issues this morning ? Starting at about > 10:10 A Pacific, I started seeing huge drops in traffic at various > sites, including San Diego, Houston, San Antonio, Charlotte, NC, > Philadelphia, etc. > Anyone seeing a similar behavior ? > Yes, l3 in Dallas is dropping about 40% of the traffic we're sending them. -- Regards, Vasil Kolev signature.asc Description: This is a digitally signed message part
DNSSEC support in registrars
Hi all, According to the deployment schedule, a lot of the TLDs support DNSSEC, but there's no online resource that shows which registrars support adding such records. Is there any such list? (also, is there a list of registrars who support ipv6 glue records?) -- Regards, Vasil Kolev signature.asc Description: This is a digitally signed message part
IPv6 eyeballs?
Hi all, This seems like the proper time to ask, seeing how many people are there asking for IPv6 transit - does anyone have any kind of stats how many eyeballs are there that have IPv6, and are there any of them that have a better service over v6 that over v4 (my guess here is universities or other academical institutions that have really big v6 pipes)? The reason for this question is that s few weeks ago I wrote an initial list of what we (as a medium-sized content provider) need to do to be able to push traffic over v6, and with careful testing and everything it should fit in six months. What's not known is it worth to start implementing it. We pretty much accept as given that no carrier will limit its own users to v6 only in the near (1-2-3 year) future, but with stuff like CGN/LSN degradation could be expected to show up in the v4 service. -- Regards, Vasil Kolev signature.asc Description: Това е цифрово подписана част от писмото
Router for a file hosting service
Hi all, I've been banging my head for a while and finally decided to ask for a recommendation for a router for a somewhat weird situation. What we currently have is a number of 10G ethernet ports to one carrier, just switches and nothing more, the carrier is the gw for all the servers we have (everything is one big VLAN). What I need is something that can handle something like 24 10gbit ports - 10-12 to switches with the serving equipment (each one of them pushing around 8-9Gbit) and on the other side connected to a few ISPs, some of them with full tables, some of them just peering, and to push the 80-100Gbps around. (all traffic is TCP, live data says 8.4Gbps is around 1mpps) Now this seems pretty straightforward, but there's a twist. Because of the nature of the app we need to be able to do some policy routing - the devices on the back should be able to set something in the packet (like the ToS field), and the outbound route preference to be picked based on that. We'll also need to push to the routes some idea on what to prefer for specific destinations (because we have some pretty good metrics on the backend on the packet loss to each destination). There's also the small issue of scrubbing the packets of the marker I've set on the backend, not to leak it, because it seems some people tend to do weird stuff with prioritization because of it (we had one case with BT, i think). Doing these two issues at wire speed doesn't seem to be covered in the documentation, or at least in what I found. We've looked into cisco 7609 for this, but I've already read enough on this list that made me a bit wary of it (and after all the reading I'm still not sure how well would it handle the policy routing issue and the rest of the nasty things we're planning for it. Any ideas or pointers? -- Regards, Vasil Kolev signature.asc Description: Това е цифрово подписана част от писмото
Re: IPv6 Deployment for the LAN
В 11:10 -0700 на 22.10.2009 (чт), Owen DeLong написа: > OK... Here's the real requirement: > > Systems administrators who do not control routers need the ability in > a dynamic host configuration mechanism to > assign a number of parameters to the hosts they administer through > that dynamic configuration mechanism. These > parameters include, but, are not limited to: > > 1. Default Router > 2. DNS Resolver information > 3. Host can provide name to server so server can supply dynamic > DNS > update > 4. IP Address(es) (v4, v6, possibly multiple v6 in the case of > things > like Shim6, etc.) > 5. NTP servers > 6. Boot server > 7. Site specific attribute/value pairs (ala DHCPv4 Options) > > These assignments MUST be controlled by a server and not by the router > because the router is outside of the > administrative control of the Systems Administrator responsible for > the hosts being configured. > And to add a real-world case for this - two months ago at HAR (hacking at random, a convention in the Netherlands) I was in the network team, handling fun stuff like DHCP servers, DNS, etc.. We also provided IPv6 connectivity there (we had a /16 IPv4 zone and a /48 IPv6 zone), and at some point we asked the question around - ok, how should we provide DNS and other useful information for the V6 only people? After a while with all the brains around, the decision was to write it on the datenklos through the field, where people can read it and configure it in their browsers. This would've been funny if it wasn't so sad. OTOH, for V4 everything with the DHCP worked fine (as it has always done, even at an event of this size), as is my experience with all the networks I've administered. Saying that DHCP doesn't work for me is extremely weird, as to me this means someone made specific effort to fuck it up. Finally - we have something that works, that's called DHCP. It might not be perfect, it might have some weird issues and implementations, but it's actually making our lives easier, is tested and works. I'd love anything that would be better, but as an option, not as the only choice I have. And it's not just the protocol that I care about. I care about that it's implemented in a HOST, where I can play with the software as much as possible, instead on a ROUTER, which is a vastly different device with rarely-updated OS, and even in the case where they're both the same machine(as in small office environments), they're again handled at different layers (kernel vs userspace). There are reasons that we're using what we're using, and not all of them are "because we're masochistic idiots". -- Regards, Vasil Kolev signature.asc Description: Това е цифрово подписана част от писмото
