Re: 32 and directallocate
On 19/07/2011 03:43, Brielle Bruns wrote: > On 7/18/11 7:02 PM, Deric Kwok wrote: >> Hi >> >> I have the following questions. hope you can help >> >> 1/ In ipv6 /32. ls it same as ipv4 /32 > > No. It depends how you define it. If you mean the number of bits in the network mask, then yes it is the same. If it is the size of the network, then it is not the same. _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
Re: OT: Given what you know now, if you were 21 again...
Once upon a time, Jason Baugher said: > If I had to have a job where I did the same thing every day, year after > year, I'd stab a pencil in my eye. I love that our industry is > constantly evolving. Definate +1 to that. I look at how my father's job has changed in his 49+ years; he's gone from a hardware-in-the-loop simulator that took a room full of analog computer (because digital computers weren't fast enough) to where computers are small and powerful enough that they looked at running a sim in real-time on the flying vehicle (as additional guidance feedback). I dont't think anyone can realistically say what the Internet will look like 10 years from now, much less 50. Pundits like to guess, but they usually miss their "next year" predictions anyway. :-) -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: ep.net contact?
Got in touch with them. Thanks to all those who replied. tnx Chris Sent from my iPad On Jul 12, 2011, at 9:13 AM, Chris Griffin wrote: > Could someone involved in ep.net contact me off list in regard to a DNS > issue. Usual contact methods have failed to date. > > Thanks > Chris > --- > Chris Griffin cgrif...@ufl.edu > Sr. Network Engineer - CCNP Phone: (352) 273-1051 > CNS - Network Services Fax: (352) 392-9440 > University of Florida/FLR Gainesville, FL 32611 > > > >
ep.net contact?
Could someone involved in ep.net contact me off list in regard to a DNS issue. Usual contact methods have failed to date. Thanks Chris --- Chris Griffin cgrif...@ufl.edu Sr. Network Engineer - CCNP Phone: (352) 273-1051 CNS - Network Services Fax: (352) 392-9440 University of Florida/FLR Gainesville, FL 32611
RE: NANOG List Update - Moving Forward
And adding to it as well +7 Kind Regards Chris Barlow BSc. MBCS Information Technology Manager TICS (Global) Ltd, Oxford House Sixth Avenue, Robin Hood Airport Doncaster DN9 3GG Tel +44 (0)1302 623074 Fax +44 (0)1302 623075 Mob +44(0)7909 520445 This message is for the intended recipient only. It may contain confidential or proprietary information. If you receive this message in error, please immediately delete it, destroy all copies of it and notify the sender. You must not use or disclose any part of this message if you are not the intended recipient. If you contact us by email, we may store your name and address to facilitate communication. We take reasonable precautions to ensure our emails are virus free, however we cannot accept responsibility for any virus transmitted by us and recommend that you subject any incoming email to your own virus checking procedures. Head Office: TICS Ltd, Oxford House, Sixth Avenue, Robin Hood Airport, Doncaster DN9 3GG Registered in England and Wales under registration number 7164795 For further information about TICS Ltd, please visit http://www.tics-ltd.co.uk -Original Message- From: jim deleskie [mailto:deles...@gmail.com] Sent: 12 July 2011 13:03 To: neno...@systeminplace.net Cc: t...@pelican.org; NANOG list Subject: Re: NANOG List Update - Moving Forward +1 On Tue, Jul 12, 2011 at 8:32 AM, William Pitcock wrote: > On Tue, 12 Jul 2011 10:50:38 +0100 (BST) Tim Franklin > wrote: > >> > Thankfully, the current test has been a success. >> >> Including stopping non-members from posting to the list, and other >> anti-spam? >> >> I've got a sudden influx this morning of spam addressed to >> nanog@nanog.org :( >> > > Ditto. Getting lots of crap here. > > William >
Re: AOL security contact?
I tried doma...@aol.net, which I got when I did a whois on the IP of the affected domain, then hit noc@ and ab...@aol.com I fired off an email to iWeb, who is hosting the scam site and is notorious for lack of response, and GoDaddy. My recommendation to anyone: start blocking .info like how Google delisted co.cc On Mon, Jul 11, 2011 at 12:13 PM, Jay Ashworth wrote: > - Original Message - >> From: "Chris" > >> Anyone have an AOL security contact because like I posted yesterday, >> CNN was hit through a redirect vulnerability in their ad system and >> now AOL is suffering the same thing by having some scammer serving up >> "Casey Anthony leaked lawyer video" crap as Facebook spam where >> unsuspecting lusers are clicking like wild on it > > My recommendation to anyone from Facebook who's listening here: > > Block the whole damn domain. That will get them to contact you. :-) > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII > St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 > > -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
AOL security contact?
Anyone have an AOL security contact because like I posted yesterday, CNN was hit through a redirect vulnerability in their ad system and now AOL is suffering the same thing by having some scammer serving up "Casey Anthony leaked lawyer video" crap as Facebook spam where unsuspecting lusers are clicking like wild on it -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
Re: CNN security contact?
CNN patched the redirect vulnerability which was making it easier to social engineer Nancy Grace tards who followed the case
CNN security contact?
Yet another Casey Anthony scam floating around but via a vulnerability in CNN's advertising system so Facebook lusers think it's authentic and from CNN. GoDaddy domain and Softlayer hosting the site.. called Softlayer NOC - "1 person is in the abuse department on Sunday" -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
Re:
> Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds: > IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: > Prot=1, saddr=10.20.1.2, sport=29733, daddr=10.1.4.81, dport=29733 > IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10: skipping > incomplete map. No peer, access-list or transform-set specified. > IPSEC(crypto_map_check)-1: Error: No crypto map matched. > >>From my understanding this is caused by the crypto map not being able to >>establish a tunnel to the Juniper. From that log, the Cisco is missing numerous configuration items: No peer, access-list or transform-set specified. Do you have the above specified in the crypto map within the ASA ? Cheers Chris
Re: What do you think about the Juniper MX line?
I just wanted to say thank you to all that posted feedback to this thread. Your insight has been incredibly helpful and has most certainly clarified many of the questions I had lingering. Thanks again!! On Mon, Jun 27, 2011 at 4:23 PM, Randy Carpenter wrote: > > The SRX line is nice for some uses, particularly with recent software updates > that have fixed things like using IPv6 on vlan interfaces. > > The SRX is not going to be the choice for an edge router that needs to do BGP > and/or 1 Gb/s+ of traffic. > > The SRX pretty much does everything in software, where the MX routes packets > in ASICs. > > SRX is great for a firewall box, or to be the edge for a small network. > > I do wish there was an even lower-end MX than the new MX5 (all hardware > routing, but ~$10k), as I would have many uses for such a thing in networks > that only have a few uplinks of ~1 Gb/s. I don't need 20 Gb of throughput for > that. But, if the budget allows for an MX5 (~$30k MSRP) or bigger, the MX > line is very nice. > > -Randy > > > - Original Message - >> Heh, I spent about 3mo evaluating/testing SRX's and I agree they had >> potential but left /a lot/ to be desired. >> >> -Jeremy >> >> On Mon, Jun 27, 2011 at 2:45 PM, Owen DeLong wrote: >> >> > Sorry... I misspoke. My comments related to the SRX series and not >> > the MX. >> > >> > The MX is a fine product in my experience. >> > >> > Owen >> > >> > On Jun 25, 2011, at 10:03 PM, Howard Hart wrote: >> > >> > > >> > > We have a couple installed as our edge routers. >> > > >> > > Pluses - solid as a rock, easy to administer, and will take some >> > extremely high packet rates for relatively low cost (important for >> > us since >> > we use them for VoIP traffic). If you're approaching the capacity >> > of a 1GB >> > uplink, I highly recommend these as your first step to 10 GB. >> > > >> > > Minuses - careful on your MX80 version. The MX80-48T includes a >> > > built in >> > 48 port 1 GigE switch, but we've had compatibility issues with it >> > and other >> > vendors switches. The modular version that replaces the MX80-48T >> > costs quite >> > a bit more, but it does give you a lot more connection and >> > compatibility >> > options. >> > > >> > > Howard Hart >> > > >> > > On Jun 25, 2011, at 9:37 PM, "Ryan Finnesey" >> > wrote: >> > > >> > >> I would love to know the same I am looking at the MX line as >> > >> well for a >> > >> new network build-out >> > >> >> > >> Cheers >> > >> Ryan >> > >> >> > >> >> > >> -Original Message- >> > >> From: Chris [mailto:behrnetwo...@gmail.com] >> > >> Sent: Saturday, June 25, 2011 9:29 AM >> > >> To: nanog@nanog.org >> > >> Subject: What do you think about the Juniper MX line? >> > >> >> > >> Hello, >> > >> >> > >> I've been doing some research into using the MX line of Juniper >> > >> routers >> > >> and was interested in hearing people's experiences (the good, >> > >> bad, and >> > >> ugly). What do you like about them? What do you dislike? >> > >> Where are you putting them in your network? Where are you not >> > >> putting >> > >> them? Why? What other platforms would you consider and why? I >> > >> hope to >> > >> hear some candid responses, but feel free to respond privately >> > >> if you >> > >> need to. >> > >> >> > >> Thanks! >> > >> >> > >> >> > >> > >> > >> >> > >
Re: Firewall Appliance Suggestions
- Original Message - From: Brent Jones [mailto:br...@servuhome.net] Sent: Thursday, June 30, 2011 01:46 PM To: Blake T. Pfankuch Cc: NANOG (nanog@nanog.org) Subject: Re: Firewall Appliance Suggestions On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch wrote: > Howdy, > I am looking for something a little unique in a bit of a tough > situation with some sticky requirements. First off, my requirements are a > little weird and I can't bend them a whole lot due to stipulations being put > on me. I am in need a firewall appliance which can be run on VMware vSphere, > with IPSEC support for multiple Phase 2 negotiations within a single Phase 1. > I am also in need of something that can support VLAN interfaces on the LAN > side, and ideally something with multi zoning so I can keep LAN side networks > separate from each without ridiculous firewall rules. Meaning build a zone > for "Customer network 1" and it displays separately (ease of management and > firewall config hopefully). I need a minimum of 10 "zones" on LAN side (/29 > or /30), and NAT support for LAN to WAN (to dedicate all outbound connections > to a single IP from a specific zone), ideally something extremely scalable > (100-200 zones). And here is the super fun part! I need something that is > going to be web managed primarily as minions will be doing most of the day to > day maintenance, or very simple CLI config. Willing to pay for something if > need be, but looking for something that can easily handly 50-100mbit of > throughput. > > Any Ideas? > > Thanks! > > Blake Pfankuch > I just moved most of my network over to Juniper SRX firewalls. They are pretty easy, but having a half-brained NOC guy make firewall changes is a bad idea either way. -- Brent Jones br...@servuhome.net
What do you think about the Juniper MX line?
Hello, I've been doing some research into using the MX line of Juniper routers and was interested in hearing people's experiences (the good, bad, and ugly). What do you like about them? What do you dislike? Where are you putting them in your network? Where are you not putting them? Why? What other platforms would you consider and why? I hope to hear some candid responses, but feel free to respond privately if you need to. Thanks!
Re: unqualified domains, was ICANN to allow commercial gTLDs
Once upon a time, Randy Bush said: > > Now I'm tempted to be the guy that gets .mail > > express that temptation in dollars, and well into two commas. Imagine the "typo-squating" someone could do with .con. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: AAAA on various websites, but they all forgot to enable them on their nameservers....
On Wed, Jun 8, 2011 at 12:15, Schiller, Heather A wrote: > ...yes, there is a serious lack of v6 enabled eyeballs. But it's also > not clear to me from Akamai's stats just how many of the sites they host > are v6 enabled. 2? 12? 500? I remember it being stated that ~40 of their customers would participate in Wv6 Day, but I obviously don't speak for Akamai and I can't find a pointer to that info now... ~Chris > > --heather > > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Large jump in global table prefix count?
Anyone else notice a rather large jump in the global table size? We just gained around 20K prefixes in just the last few hours. From http://www.cidr-report.org/as2.0/#General_Status Top 20 Net Increased Routes per Originating AS Prefixes Change ASnum AS Description 19227 115->19342 AS15557 LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS) Tnx Chris -- Chris Griffin cgrif...@ufl.edu Sr. Network Engineer - CCNP Phone: (352) 273-1051 CNS - Network Services Fax: (352) 392-9440 University of Florida/FLR Gainesville, FL 32611
Re: Yup; the Internet is screwed up.
Once upon a time, Jay Ashworth said: > TTBOMK, no, the affils don't actually reencode the whole feed; there are > boxes these days that can insert your bug without trashing the rest of > the stream -- and I think their contract with the network *requires* them > to run their primary streams as-had, though I can't produce a citation > on that. > > Do you have a citation on this, Chris? I have a couple MythTV people > on that list who work at network affils that I could ask. Well, many/most have multiple channels in their digital stream, and they have to reencode to lower bitrates to fit them all in (different stations do better or worse jobs at this). Only one signal here just carries one channel. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Actual IPv6 test day issue
So I found out I had an actual end-user issue related to IPv6 test day. My mother couldn't get to our webmail with her B&N Nook Color (based on Android 2.3). I went over and couldn't connect with my T-Mobile G2 (Android 2.2) either. Their connection is via DSL and does not have IPv6 configured, but they do have a D-Link DIR-825 wireless router (just running as a wireless bridge with DHCP disabled). The DIR-825 was running an older code, 2.02NA, which was "IPv6 ready"; it had router advertisements enabled (there was no config option to disable them). The problem was that while HTTP would work on Android, HTTPS would not (you'd just get the standard "page not available" error). It appears that there is a bug in Android that keeps it from falling back to IPv4 for HTTPS connections. I don't know if that's somebody's idea of an extra level of "security" or what. I upgraded the DIR-825 to 2.05NA, which doesn't have RA always enabled, and everything works now (on IPv4 only). I haven't had a chance to set up a more detailed test; I just figured I'd throw it out there to see if anybody else saw such. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
Once upon a time, Jay Ashworth said: > - Original Message - > > From: "Chris Adams" > > The top profile for Blu-Ray is 36 megabits per second, and that is > > not used on most titles. Over-the-air HDTV is 19 megabits or less. > > Cable HD channels are often only 12-15 megabits per second. > > Chris glances off, but doesn't quite say, that cable providers are prone > to *reencode* OTA HDTV, leaving cable subscribers with a worse -- sometimes > a *substantially* worse -- picture than they'd get from an OTA antenna. Well, the OTA providers are doing it to the network feeds first, so I don't see focusing on the cable providers doing it to the OTA providers as the sole source of quality issues. The OTA providers also reencode to add bugs, weather/breaking news crawls, etc., and they don't always do a good job of that before feeding the signal to the statmuxer. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
Once upon a time, Eugeniu Patrascu said: > I need 100Mbs at home because I want to see a streamed movie NOW, not > in a month because someone considers broadband a luxury :) > Pretty simple usage scenario I might say. The top profile for Blu-Ray is 36 megabits per second, and that is not used on most titles. Over-the-air HDTV is 19 megabits or less. Cable HD channels are often only 12-15 megabits per second. OTA and cable HD is typically MPEG2, and MPEG4 can reach similar quality in half the bandwidth, which means TV quality HD can be 6-10 megabits per second. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
Once upon a time, Barry Shein said: > The attraction of DSL was, among other things, that it was nailed down > to one and only one service provider, you couldn't just "dial" some > other provider like with ISDN. When BellSouth switched their DSL from PVC-per-customer to PPPoE, it was set up with the ability for a single line to be "subscribed" to multiple providers. The domain in the username used for PPPoE authentication was to determine to which provider the session was connected. I don't know if that capability was ever used (or even actually available). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
Once upon a time, Jeroen van Aart said: > I wonder, what's wrong with dialup through ISDN? You get speed that is > about the same as low end broadband I'd say. And I think it'd be > available at these locations where DSL is not. For the most part, it probably isn't, especially now. Telco front-line support doesn't even know what a BRI is anymore. While POTS lines are largely flat-rate for local access in the US, many telcos put per-minute charges on ISDN BRIs (and that's per-channel-minute, so 128k runs mintes at 2x wall clock time), so the "power users" that wanted higher-than-dialup speeds didn't move to ISDN very fast (because they also wanted to be on line nearly 24x7). Also, the telcos generally made getting a BRI difficult to impossible. An early string of Dilbert cartoons covered Dilbert's attempts to get ISDN at his house, and IIRC they were based on Scott Adams' real-life attempts (and this was either when or shortly after he worked for the phone company). I live in Huntsville, AL, and we supposedly were one of the first cities in BellSouth territory (if not the US) to have ISDN available at essentially every address. After a while, it usually wasn't too painful to get a BRI turned up, as long as you didn't want any special configs (such as hunting); when I got mine, it pretty much "just worked". However, the billing was confusing at best; IIRC in the several years I had ISDN service, my bill was never exactly the same amount two consecutive months (and I never had any usage charges, so it wasn't because of that). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: The stupidity of trying to "fix" DHCPv6
Once upon a time, Owen DeLong said: > I would like to see both protocols made optionally complete, so, in addition > to fixing DHCPv6 by adding routing information options, I'd also like to > see something done where it would be possible to add at least DNS > servers to RA. Isn't that what RDNSS (recursive DNS servers) and DNSSL (DNS search list) extensions are? -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Yup; the Internet is screwed up.
Once upon a time, Jared Mauch said: > On Jun 9, 2011, at 8:43 PM, Jay Ashworth wrote: > > Even Cracked realizes this: > > > > http://www.cracked.com/blog/5-reasons-internet-access-in-america-disaster > > I would describe this as "local market failure". It's common even in highly > populated areas, not just rural ones here in the US. I'd go so far as to say "user failure". If I wanted cable TV (especially if I needed it at home as part of my job), I wouldn't buy/rent/lease/whatever a home without checking that cable TV is available at that location. I live in a city with two cable providers, each of which covers the "whole" city, yet there are pockets where one (or even both) don't provide service. Before I bought my house, I made sure I could get my preferred Internet service at my house. There are definately things wrong with the state of last-mile Internet access in the US, but moving somewhere without checking is IMHO your own fault. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Cogent IPv6
Once upon a time, William Herrin said: > Now, as to why they'd choose a /112 (65k addresses) for the interface > between customer and ISP, that's a complete mystery to me. I had to ask this here a while back, so I can now share. :-) IPv6 addresses are written as 8 16-bit chunk separated by colons (optionally with the longest consecutive set of :0 sections replaced with ::). A /112 means the prefix is 7 of the 8 chunks, which means you can use ::1 and ::2 for every connection. Of course, just because you allocate a /112 (or shorter) in your database doesn't mean you have to use it. You could also allocate a /112 for a point-to-point link and use a /127 (e.g. addresses ::a and ::b). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: IPv6 day non-participants
The ISOC dashboard that Chris mentions is indeed accurate and up to date from our perspective. Comcast is definitely an active participant with our website http://xfinity.comcast.net, which is live with a published and is IPv6 reachable. Thanks -- Chris Griffiths Comcast Cable Communications, Inc. On 6/8/11 12:16 PM, "Chris Grundemann" wrote: >ISOC has a red/green dashboard of individual (non)participants: >http://www.worldipv6day.org/participant-websites/index.html > >Cheers, >~Chris > >On Wed, Jun 8, 2011 at 09:59, James Harr wrote: >> I noticed that one of our vendors wasn't actually participating when >> they very publicly put on their home page that they would. So I >> queried the IPv6 day participation list to see who didn't have 's >> for their listed website. It turned out to be around 9.5% >> >> Before you read the list, here's me shedding responsibility with a >> list of caveats: >> - The crappy perl script I am using might be broken. IE - it doesn't >> think about "foo.com" vs "www.foo.com", HTTP redirection, or any of >> that. >> - The organizations in this list may have withdrawn because they found >> out something was terribly broken. >> - DNS caching may be skewing the results if the TTLs are long. >> >> SNIP >> www.xiphiastec.com Xiphiastec >> www.pir.orgPublic Interest Registry >> www.exactabacus.comExact Abacus >> www.comcast.netComcast >> www.shazzlemail.comShazzle, LLC >> www.bangzoom.com Bangzoom Software Inc >> www.mihostcgi.com mihostcgi >> www.unclesamnames.com American Domain Names >> opendns.comOpenDNS >> www.mutali.rw Mutali >> townnews.com TownNews >> www.infoblox.com Infoblox >> www.ripplecom.net Ripple Communications >> www.agame.com Spil Games >> www.alexville.com Alexville Games >> www.hkirc.hk Hong Kong Internet Registration >>Corporation >> www.hkdnr.hk Hong Kong Domain Name Registration >> www.buffalo.feb.govUnited States Office of Personnel >>Management >> www.cyberport.hk Hong Kong Cyberport Management Ltd >> www.catnix.com CATNIX >> sucomo.com Sucomo OHG >> www.mybrighthouse.com BrightHouse Networks >> www.it-in.ru it-in >> ivancorp.net Ivanhoe-IT >> www.forestdaleinc.org Forestdale Inc >> www.towerstream.comTowerstream >> www.intuix.com Intuix LLC >> suse.org Novell Inc. >> www.IronNails.com IronNails Consultancy >> www.orbitdiensten.com Orbit-Diensten >> madonnaradio.com Voila >> www.gov.bc.ca Government of British Columbia >> www.zte.com.cn ZTE Corporation >> www.tamagawa.jpTamagawa Academy & University >> >> >> -- >> ^[:wq^M >> >> > > > >-- >@ChrisGrundemann >weblog.chrisgrundemann.com >www.burningwiththebush.com >www.theIPv6experts.net >www.coisoc.org >
Re: IPv6 day non-participants
ISOC has a red/green dashboard of individual (non)participants: http://www.worldipv6day.org/participant-websites/index.html Cheers, ~Chris On Wed, Jun 8, 2011 at 09:59, James Harr wrote: > I noticed that one of our vendors wasn't actually participating when > they very publicly put on their home page that they would. So I > queried the IPv6 day participation list to see who didn't have 's > for their listed website. It turned out to be around 9.5% > > Before you read the list, here's me shedding responsibility with a > list of caveats: > - The crappy perl script I am using might be broken. IE - it doesn't > think about "foo.com" vs "www.foo.com", HTTP redirection, or any of > that. > - The organizations in this list may have withdrawn because they found > out something was terribly broken. > - DNS caching may be skewing the results if the TTLs are long. > > SNIP > www.xiphiastec.com Xiphiastec > www.pir.org Public Interest Registry > www.exactabacus.com Exact Abacus > www.comcast.net Comcast > www.shazzlemail.com Shazzle, LLC > www.bangzoom.com Bangzoom Software Inc > www.mihostcgi.com mihostcgi > www.unclesamnames.com American Domain Names > opendns.com OpenDNS > www.mutali.rw Mutali > townnews.com TownNews > www.infoblox.com Infoblox > www.ripplecom.net Ripple Communications > www.agame.com Spil Games > www.alexville.com Alexville Games > www.hkirc.hk Hong Kong Internet Registration Corporation > www.hkdnr.hk Hong Kong Domain Name Registration > www.buffalo.feb.gov United States Office of Personnel Management > www.cyberport.hk Hong Kong Cyberport Management Ltd > www.catnix.com CATNIX > sucomo.com Sucomo OHG > www.mybrighthouse.com BrightHouse Networks > www.it-in.ru it-in > ivancorp.net Ivanhoe-IT > www.forestdaleinc.org Forestdale Inc > www.towerstream.com Towerstream > www.intuix.com Intuix LLC > suse.org Novell Inc. > www.IronNails.com IronNails Consultancy > www.orbitdiensten.com Orbit-Diensten > madonnaradio.com Voila > www.gov.bc.ca Government of British Columbia > www.zte.com.cn ZTE Corporation > www.tamagawa.jp Tamagawa Academy & University > > > -- > ^[:wq^M > > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Re: Cogent IPv6
> Do they issue you a small IPv6 block for your interface, just like they do > for IPv4? Is it a separate session? Any things to be aware of before > pulling the trigger on it? (Other then them not having connectivity to Hi Nick, They issued a /112 for our interface with a separate BGP session. (In the UK) No real issues with kicking things off (** from the technical side anyway) Thanks Chris
Re: Cogent?
As in sales? Isn't that all they have? On 6/7/11, Ryan Finnesey wrote: > Does cogent have a true carrier/wholesale team? Cheers Ryan Sent from my > Windows Phone -- Sent from my mobile device
Re: (OT) Firearms Was: UN declares Internet access a "human right"
http://www.tomshardware.com/news/Joshua-Lee-Campbell-Server-Shoot-Gun-alcohol,11171.html Just don't end up like this guy. He's a personal hero of mine. We've all wanted to do this before but he had the liquid courage to do it and yet another reason to own a 45 ;-)
Re: (OT) Firearms Was: UN declares Internet access a "human right"
> Once law enforcement is effective enough to prevent the average > criminal from having access to firearms, then the law-abiding population can > be compelled to disarm. That day is coming through US force as "Operation Gun Runner" from the ATF allowed Mexican drug cartel straw purchasers to come in, purchase 5 or so AK-47 rifles, and when the gun store owner had suspicions about not selling it - the ATF told the owner to "let the guns walk" so the group could track down the weapons. Unfortunately, those weapons were used to kill a DEA agent in Mexico and a Border Patrol agent who was only armed with bean bag rounds in his shotgun then died trying to cycle out those rounds to put in live rounds. Also with al-CIAda patsy Adam Gahdan inaccurately reporting in his latest video to other jihadists about purchasing "automatic weapons" from gun shows, I believe the ball is rolling for everyone in the United States to be disarmed through force by new legislation to outlaw weapons. I do not think the average gun owner would ever disarm because the gun culture in our country is so deep and passionate in any freedom loving citizen's blood. The Second Amendment, in my opinion and most gun owners agree with, was put in the Bill of Rights for the average citizen to remove tyrants if the process of democracy does not work. > At present, the average criminal in my area does not have firearms, and so I > do not own one. Gun crime is on the increase, however, so this situation may > change. Better get one before it's too late :-) -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
Re: Microsoft's participation in World IPv6 day
Once upon a time, Owen DeLong said: > You're not that atypical either, at least compared to US users. The > following very common applications are known to have problems > with LSN: > The HTTPs Server on TiVO boxes I'm curious: how does this have any problem with any particular NAT implementation? The TiVo HTTPS server is only intended to be accessed from the local LAN, so what happens outside your house (e.g. LSN) shouldn't matter. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On May 18, 2011, at 4:03 PM, Leo Bicknell wrote: > Bah, you should include the solution, it's so trivial. > > Generate all possible files and then do an index lookup on the MD5. > It's a little CPU heavy, but darn simple to code. Isn't this essentially what Dropbox has been doing in many cases? Chris - -- - ----- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAk3UOKIACgkQElUlCLUT2d3YoQCfee38nKuXD5O4C2w5VXUWszF1 EjcAmwfyytDgwmQDpJsQZSpl03ddGbVv =3sX9 -END PGP SIGNATURE-
Re: GoDaddy abuse contact
The best abuse contact response I ever got was an under 3 hour reply to a lesser known domain provider who revoked the domain for the Facebook scam. It was hilarious and I don't think even GoDaddy responded within 3 days or so. A part of me wants to say we should look out for people while another part wants to chalk it up to survival of the fittest. I just looked, it's still up and running. -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
GoDaddy abuse contact
Does anyone have a better abuse contact for GoDaddy? I'm trying to get one of those "paste Javascript in your browser address bar" scams on Facebook shutdown before too many idiots fall for it. -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
Re: Pirate Bay suffering unreachable errors
# traceroute -T -p 80 thepiratebay.org Chicago: 3 r1.chi1.us.as5580.net (78.152.63.85) 0.346 ms 0.400 ms 1.383 ms 4 r1.ash1.us.as5580.net (80.94.64.217) 29.253 ms r1.nyc1.us.as5580.net (80.94.64.213) 22.749 ms 22.772 ms 5 r1.ams1.nl.as5580.net (80.94.64.149) 115.317 ms r1.lon1.uk.as5580.net (80.94.64.141) 94.657 ms r1.ams1.nl.as5580.net (80.94.64.149) 115.341 ms 6 10ge-ams-ix.ams1.portlane.net (195.69.145.25) 116.592 ms ams-ix.tc2-ams.nl.p80.net (195.69.145.52) 116.242 ms 195.66.224.243 (195.66.224.243) 90.884 ms 7 po41-20g-r85.cr0-r86.hy-sto.se.p80.net (82.96.1.161) 144.107 ms 135.739 ms te-2-1.sto3.se.portlane.net (80.67.4.134) 144.717 ms 8 as48285-fe-kn1.sthix.net (192.121.80.155) 135.647 ms te-3-2.sto1.se.portlane.net (80.67.4.128) 134.538 ms as48285-fe-kn1.sthix.net (192.121.80.155) 143.794 ms 9 as48285-fe-kn1.sthix.net (192.121.80.155) 142.410 ms sthix-ix-ge-sth-1500.alltele.se (192.121.80.148) 135.641 ms as48285-fe-kn1.sthix.net (192.121.80.155) 134.178 ms 10 vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 146.133 ms sthix-ix-ge-sth-1500.alltele.se (192.121.80.148) 142.945 ms vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 137.692 ms 11 vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 136.782 ms ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166) 145.971 ms vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 135.594 ms 12 ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166) 144.054 ms 144.000 ms ge-0-1.moria-cr-1.piratpartiet.net (194.68.0.146) 144.534 ms 13 ge-0-1.moria-cr-1.piratpartiet.net (194.68.0.146) 143.294 ms 134.907 ms 143.886 ms 14 * thepiratebay.piratpartiet.se (194.14.56.29) 135.930 ms 144.389 ms 15 thepiratebay.org (194.71.107.15) 145.483 ms 145.418 ms * Comcast (North FL) 6 * te-0-2-0-0-cr01.miami.fl.ibone.comcast.net (68.86.93.149) 21.542 ms 24.742 ms 7 xe-10-1-0.edge2.Miami1.Level3.net (64.156.8.9) 104.518 ms 106.520 ms 108.143 ms 8 ae-31-51.ebr1.Miami1.Level3.net (4.69.138.94) 49.732 ms 50.156 ms 51.593 ms 9 ae-2-2.ebr1.Dallas1.Level3.net (4.69.140.133) 87.808 ms 91.518 ms 91.010 ms 10 ae-61-61.csw1.Dallas1.Level3.net (4.69.151.125) 100.321 ms 108.464 ms ae-71-71.csw2.Dallas1.Level3.net (4.69.151.137) 123.269 ms 11 ae-83-83.ebr3.Dallas1.Level3.net (4.69.151.158) 126.642 ms 139.122 ms ae-93-93.ebr3.Dallas1.Level3.net (4.69.151.170) 49.901 ms 12 ae-3-3.ebr2.LosAngeles1.Level3.net (4.69.132.77) 91.881 ms 96.655 ms 101.315 ms 13 ae-6-6.ebr2.SanJose5.Level3.net (4.69.148.202) 115.018 ms 123.654 ms 128.822 ms 14 ae-5-5.ebr4.SanJose1.Level3.net (4.69.148.142) 134.523 ms ae-1-100.ebr1.SanJose5.Level3.net (4.69.148.109) 143.657 ms * 15 * * * 16 * * * 17 * * * 18 * * * 19 * xe1-3-925.core1.scl.layer42.net (69.36.239.126) 94.119 ms 92.276 ms 20 ro2.scl01.appliedops.net (67.218.96.58) 103.292 ms 112.557 ms 117.280 ms 21 ge-0-0-1-4028.ro1.sjc01 (208.83.220.112) 123.730 ms 130.364 ms 149.335 ms 22 ge-0-0.cal-cr-0.srstubes.net (74.116.251.2) 149.940 ms 151.987 ms 155.845 ms 23 vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 278.083 ms 297.589 ms 303.895 ms 24 ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166) 308.448 ms * 213.364 ms 25 * ge-0-1.moria-cr-1.piratpartiet.net (194.68.0.146) 215.563 ms 222.188 ms 26 * thepiratebay.piratpartiet.se (194.14.56.29) 213.583 ms 214.014 ms 27 * * * 28 * * * 29 * * * 30 * * * California: 3 209.234.157.201 (209.234.157.201) 1.073 ms 1.134 ms 1.216 ms 4 lax2-pr1-xe-0-0-0-0.us.twtelecom.net (66.192.253.170) 2.296 ms 2.757 ms 2.809 ms 5 xe-2-0-0.cr1.sjc1.us.nlayer.net (69.22.142.125) 15.501 ms 15.527 ms 15.552 ms 6 * * * 7 as40475.ge-0-2-1.cr1.sfo1.us.nlayer.net (69.22.153.90) 15.352 ms 15.102 ms 14.849 ms 8 ge-0-0-1-4030.ro1.sjc01 (208.83.220.116) 19.544 ms 18.497 ms 18.240 ms 9 ge-0-0.cal-cr-0.srstubes.net (74.116.251.2) 16.336 ms 17.939 ms 17.941 ms 10 vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 186.587 ms 187.003 ms 187.027 ms 11 ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166) 183.391 ms 180.588 ms 181.568 ms 12 ge-0-1.moria-cr-1.piratpartiet.net (194.68.0.146) 181.621 ms 181.416 ms 181.602 ms 13 thepiratebay.piratpartiet.se (194.14.56.29) 180.714 ms 180.159 ms 180.224 ms 14 * * * 15 * * * 16 * * * 17 thepiratebay.org (194.71.107.15) 182.664 ms 192.584 ms 192.555 ms Scranton: 2 ec0-61.agg04.sctn01.hostnoc.net (96.9.184.62) 0.301 ms 0.346 ms 0.383 ms 3 xe1-04.gwy02.sctn01.hostnoc.net (96.9.191.13) 0.558 ms 0.632 ms 0.612 ms 4 xe2-01.gwy01.laca01.hostnoc.net (96.9.191.74) 81.522 ms 81.603 ms 81.648 ms 5 appliedops.net.any2ix.coresite.com (206.223.143.126) 94.202 ms 94.190 ms 94.800 ms 6 ge-0-0.cal-cr-0.srstubes.net (74.116.251.2) 91.912 ms 92.173 ms 92.113 ms 7 vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 189.557 ms 189.291 ms 189.291 ms 8 ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166) 191.086 ms 190.428 ms 190.905 ms
Re: Pirate Bay suffering unreachable errors
Confirmed on 3 VPS servers in California, Chicago and Scranton: All the packets die at piratpartiet.se On 5/12/11, Michael Holstein wrote: > > My guess would be routing problems, probably Comcast's. If some of the > whiners would post traceroutes maybe help could be had. > > Cheers, > > Michael Holstein > Cleveland State University > -- --C "The dumber people think you are, the more surprised they're going to be when you kill them." - Sir William Clayton
Re: Pirate Bay suffering unreachable errors
FWIW, most speculation can be eliminated with a simple traceroute: 6 te-0-2-0-0-cr01.miami.fl.ibone.comcast.net (68.86.93.149) 83.161 ms 25.235 ms 22.264 ms 7 xe-10-1-0.edge2.Miami1.Level3.net (64.156.8.9) 25.455 ms 31.254 ms 39.878 ms 8 ae-31-51.ebr1.Miami1.Level3.net (4.69.138.94) 56.394 ms 56.829 ms 61.876 ms 9 ae-2-2.ebr1.Dallas1.Level3.net (4.69.140.133) 88.305 ms 97.700 ms 101.956 ms 10 ae-81-81.csw3.Dallas1.Level3.net (4.69.151.149) 105.718 ms 112.451 ms ae-61-61.csw1.Dallas1.Level3.net (4.69.151.125) 116.147 ms 11 ae-73-73.ebr3.Dallas1.Level3.net (4.69.151.146) 124.239 ms 124.327 ms 127.080 ms 12 ae-3-3.ebr2.LosAngeles1.Level3.net (4.69.132.77) 148.655 ms 83.899 ms 83.441 ms 13 ae-6-6.ebr2.SanJose5.Level3.net (4.69.148.202) 97.200 ms 97.450 ms 100.717 ms 14 ae-1-100.ebr1.SanJose5.Level3.net (4.69.148.109) 105.675 ms 110.643 ms ae-5-5.ebr4.SanJose1.Level3.net (4.69.148.142) 121.534 ms 15 ae-34-34.ebr2.SanJose1.Level3.net (4.69.153.33) 115.325 ms ae-5-5.ebr1.SanJose1.Level3.net (4.69.148.138) 129.887 ms 130.121 ms 16 ae-62-62.csw1.SanJose1.Level3.net (4.69.153.18) 130.228 ms ae-61-61.csw1.SanJose1.Level3.net (4.69.153.2) 109.190 ms ae-91-91.csw4.SanJose1.Level3.net (4.69.153.14) 139.681 ms 17 ae-22-70.car2.SanJose1.Level3.net (4.69.152.68) 118.715 ms ae-32-80.car2.SanJose1.Level3.net (4.69.152.132) 121.790 ms ae-42-90.car2.SanJose1.Level3.net (4.69.152.196) 131.790 ms 18 Layer42.car2.SanJose1.Level3.net (4.53.18.242) 91.717 ms 96.110 ms 100.318 ms 19 xe1-3-925.core1.scl.layer42.net (69.36.239.126) 147.051 ms 149.223 ms 149.706 ms 20 ro2.scl01.appliedops.net (67.218.96.58) 115.829 ms 125.489 ms 132.102 ms 21 ge-0-0-1-4028.ro1.sjc01 (208.83.220.112) 142.292 ms 141.739 ms 98.201 ms 22 ge-0-0.cal-cr-0.srstubes.net (74.116.251.2) 100.815 ms 105.488 ms 119.839 ms 23 vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158) 227.047 ms 197.560 ms 201.478 ms 24 ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166) 210.747 ms 220.879 ms 226.355 ms 25 ge-0-1.moria-cr-1.piratpartiet.net (194.68.0.146) 233.013 ms 237.760 ms 240.525 ms 26 thepiratebay.piratpartiet.se (194.14.56.29) 246.535 ms 249.101 ms 251.711 ms 27 * * * 28 * * * 29 * * * 30 * * *
Re: How do you put a TV station on the Mbone?
Once upon a time, Jay Ashworth said: > Unless (what I assert is) Google's plan to engender muni fiber last-mile > really catches fire -- at which point it will become logistically practical > for people like Chris Adams to compete with people like Road Runner... and > you'll have your end-user transport. Yay, I'm an example on NANOG! :-) I wish Huntsville had been chosen by the GOOG. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: OT: Server Cabinet
Once upon a time, Joe Greco said: > Now of course we have no idea what's going to be mounted in this, but > it's an HP rack so I assume maybe HP servers, which tend towards the > heavy. One thing about using a 2-post rack for servers that can be a problem is that most 2-post racks I've seen have tapped holes, ready for screws, and some server rails (such as Dell) pretty much require square hole or round hole racks instead. You can get third-party server rails that will work with a tapped hole rack, but that's an extra expense (and irritation). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: How do you put a TV station on the Mbone? (was: Royal Wedding...)
Once upon a time, Octavio Alvarez said: > So the first user in a router tunes to a multicast stream. Consumption > for the ISP and all the routers in the chain to the source: same as if > it were a unicast stream. Then a second user tunes to a multicast > stream. Cost for the ISP: zero. How does this affect peering, when some providers want bandwidth ratios in a certain range? I can also see how this affects the ISPs providing bandwidth to the content providers. In our colo for example, we rate-limit customers to the paid-for bandwidth at the colo port. With multicast however, they could use significantly more bandwidth, because every router in our network could potentially send the stream to many ports. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: How do you put a TV station on the Mbone?
Once upon a time, Daniel Roesen said: > That reminds me of 9/11. When the tragic event unfolded, we sat in the > office. News made the rounds verbally, and people started looking for > streaming services at their personal desks (no TVs around). People > pretty quickly gave up trying to find streams and news portals which were > actually working fine and the crowd gathering behind me watching over my > shoulder became bigger and bigger. We had a TV in the office then, but now we don't. The other big news event of the week, the tornadoes in the south (especially here in Alabama), meant we were filling up our office bandwidth much of the day Wednesday, watching the local weathermen to find out if we (or our family and friends) were next. This was an exceedingly unusual event in terms of magnitude, but the watching to see where the tornadoes go part is fairly regular around here this time of year. Every time there is a severe weather outbreak, we see our bandwidth usage go up significantly (especially when it is during the business day). As an admin at a small ISP, I'll admit we don't have multicast set up in our network, in part because every time I've looked, I just end up confused. Kind of like IPv6 was for a long time, except IPv6 has more attention and so more people writing better (easier to understand) info. Of course, we provide DSL via PPPoE (wholesaler, so we don't have a choice in the setup), so there isn't much we can do to help with that level. That's where we could gain the most of course; we sometimes see nearly double the DSL traffic for big events (not for the wedding though, since most of our customers don't have electricity). The "last mile" is usually the bottleneck, but that's the hardest nut to crack. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: YOU-TUBE-IN.edge2.SanJose1.Level3.net
We're seeing the same packet loss from SF. 1. ge-0-3.core1.sf2p.weebly.net 0.0% 0.3 3.9 0.3 186.5 19.4 2. vlan118.car2.SanFrancisco1.Level3.net 0.7% 1.1 12.9 0.5 184.4 35.3 3. ae-2-4.bar2.SanFrancisco1.Level3.net 0.0% 27.5 3.9 0.4 63.2 11.8 4. 4.69.140.154 0.0% 1.2 1.7 1.2 24.7 2.0 5. ae-72-72.csw2.SanJose1.Level3.net 0.0% 9.8 3.1 1.3 56.6 6.7 6. ae-2-70.edge2.SanJose1.Level3.net 0.0% 54.3 4.3 1.3 64.9 10.5 7. YOU-TUBE-IN.edge2.SanJose1.Level3.net 59.8% 66.8 10.2 2.9 97.1 19.4 8. 72.14.232.136 61.7% 2.9 5.3 2.9 46.2 7.6 9. 64.233.174.15 61.4% 3.2 3.7 3.0 16.2 1.9 10. 74.125.224.48 56.8% 3.3 3.1 2.8 3.9 0.2 On Wed, Apr 20, 2011 at 8:40 AM, Andreas Petersson wrote: > Hi, > > Not sure this is the right place to ask, but I see lots of pl to > www.google.com from my servers. Anyone else that have the same problem? > > Host Loss% > Snt Last Avg Best Wrst StDev > > 6. ae-92-92.csw4.SanJose1.Level3.net 0.0% > 71.3 1.1 1.1 1.3 0.1 7. > ae-4-90.edge2.SanJose1.Level3.net 0.0% 7 > 1.1 17.3 1.1 67.9 25.0 8. > YOU-TUBE-IN.edge2.SanJose1.Level3.net 42.9% 7 > 2.1 2.2 2.1 2.3 0.1 9. > 72.14.232.136 66.7% 6 > 2.7 5.0 2.7 7.2 3.1 10. > 64.233.174.15 60.0% 6 > 2.8 2.8 2.8 2.9 0.1 11. > 74.125.224.49 60.0% 6 > 3.2 5.8 3.2 8.4 3.7 > > > BR > Andreas Petersson > >
Re: YOU-TUBE-IN.edge2.SanJose1.Level3.net
yes, from SF - Postini and Google. On Wed, Apr 20, 2011 at 11:40 AM, Andreas Petersson wrote: > Hi, > > Not sure this is the right place to ask, but I see lots of pl to > www.google.com from my servers. Anyone else that have the same problem? > > Host Loss% > Snt Last Avg Best Wrst StDev > > 6. ae-92-92.csw4.SanJose1.Level3.net 0.0% > 71.3 1.1 1.1 1.3 0.1 7. > ae-4-90.edge2.SanJose1.Level3.net 0.0% 7 > 1.1 17.3 1.1 67.9 25.0 8. > YOU-TUBE-IN.edge2.SanJose1.Level3.net 42.9% 7 > 2.1 2.2 2.1 2.3 0.1 9. > 72.14.232.136 66.7% 6 > 2.7 5.0 2.7 7.2 3.1 10. > 64.233.174.15 60.0% 6 > 2.8 2.8 2.8 2.9 0.1 11. > 74.125.224.49 60.0% 6 > 3.2 5.8 3.2 8.4 3.7 > > > BR > Andreas Petersson > >
Re: IPv4 address exchange
On Mon, Apr 18, 2011 at 18:59, Owen DeLong wrote: >> >> At John Curran's advice, the ARIN Advisory Council abandoned my proposals. >> Two of them are now in "petition" for further discussion, including >> ARIN-prop-134 which outlines how to identify a "legitimate address holder" >> and ARIN-prop-136 which allows a Legacy holder to "opt-out" of ARIN's >> services. The idea is to make it possible for legacy holders (who don't >> have a contract with ARIN) to disarm ARIN's whois weapon. >> > I don't agree with this characterization of our actions. Nor do I. Those that wish to understand the ARIN Advisory Council's actions in earnest can find the results of the AC meeting in question here: [http://lists.arin.net/pipermail/arin-ppml/2011-March/020373.html] and the minutes from that meeting, here: [https://www.arin.net/about_us/ac/ac2011_0317.html]. You are also welcome to ping me off-list (or on arin-ppml) if you are interested in a further explanation of my own reasons for voting to abandon the proposals in question. Cheers, ~Chris > I did not feel that John Curran advised us to act in any particular > direction. Yes, he did raise some concerns > about the outcome of the policy proposals being adopted, but, many of us > already had those concerns in > mind before John said anything. > > I believe that if the AC felt that your proposals were in the best interests > of the community and/or had the > broad support of the community, we would have placed them on the docket with > or without the concerns > expressed by Mr. Curran. > > I am speaking here only of my own personal perspective, but, I can assure you > that my vote in favor > of abandoning your proposals was based entirely on the lack of community > support for the proposals > and the nature of the proposals themselves being contrary to what I believed > was the good of the > community. > > Owen > > > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
historical pricing data
This may be the wrong place to ask but maybe one of you could point me in a direction. I'm looking for [ideally] historical market pricing for mpls/ipl between as many as possible city pairs [with a focus toward Asia] as well as ip maybe 5 year back. Thanks, Chris
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
> We have just as many -- and yes, it's great. > > The only thing I'd prefer would be Exim over Postfix, but Mailscanner > does make things very pleasant to use. +1 for Exim, although development stalled for a while when Philip Hazel retired its now back on track. Also not happy with Barracuda, have a couple of hosts which are blocked by their blocking list and they've refused to tell me why. Chris
Re: Ping - APAC Region
pccw's lookingglass http://lookingglass.pccwglobal.com/ On Tue, Mar 29, 2011 at 1:33 PM, Robert Lusby wrote: > Slightly off-topic so apologies: > > Looking at hosting some servers in Hong Kong, to serve the APAC region. Our > client is worried that this may slow things down in their Australia region, > and are wondering whether hosting the servers in an Australian data-centre > would be a better option. > > Does anyone have any statistics on this? > > Or ... does anyone know of a "ping" tool we can use, hosted in Australia? > > Any better ideas welcome. > > Thanks. >
Re: SORBS contact?
Hello, Thank you to all that answered, all helpful info. Surprisingly minutes after my Nanog post, a couple of my tickets saw action and the /24 was finally removed a short while later. Thanks again, Chris
SORBS contact?
Hello, We have opened a number of tickets in the SORBS DUHL system to notify them of the use of a former dialup /24 for static assignments to no avail. Anyone from SORBS reading this? Thank you, Chris Conn B2B2C.ca
In need of an att person at the slo cls
Please ping me off list. I'm in urgent need of escalation of a xcon. Thx Chris cmcdon...@pccwglobal.com -- Sent from my mobile device
Re: Internet Edge Router replacement - IPv6 route table size considerations
I think this is the point where I get a shovel, a bullwhip and head over to the horse graveyard that is CAM optimization... -C On Mar 8, 2011, at 5:18 20PM, Chris Enger wrote: > Our Brocade reps pointed us to the CER 2000 series, and they can do up to > 512k v4 or up to 128k v6. With other Brocade products they spell out the CAM > profiles that are available, however I haven't found specifics on the CER > series. > > Chris > > -Original Message- > From: Julien Goodwin [mailto:na...@studio442.com.au] > Sent: Tuesday, March 08, 2011 5:09 PM > To: 'nanog@nanog.org' > Cc: Chris Enger > Subject: Re: Internet Edge Router replacement - IPv6 route table size > considerations > > On 09/03/11 12:08, Julien Goodwin wrote: >> On 09/03/11 11:57, Chris Enger wrote: >>> I did look at a Juniper J6350, and the documentation states it can handle >>> 400k routes with 1GB of memory, or 1 million with 2GB. However it doesn’t >>> spell out how that is divvyed up between the two based on a profile setting >>> or some other mechanism. >> It's a software router so the short answer is "it isn't" >> >> With 3GB of RAM both a 4350 and 6350 can easily handle multiple IPv4 >> feeds and an IPv6 feed (3GB just happens to be what I have due to >> upgrading from 1GB by adding a pair of 1GB sticks) >> >> If you need more then ~500Mbit or so then you would want something >> bigger. The MX80 is nice and has some cheap bundles at the moment; it's >> specced for 8M routes (unspecified, but the way Juniper chips typically >> store routes there's less difference in size then the straight 4x) >> >> From others the Cisco ASR1k or Brocade NetIron XMR (2M routes IIRC) are >> the obvious choices. > And I meant Brocade NetIron CES here.
RE: Internet Edge Router replacement - IPv6 route table size considerations
Thank you everyone for the suggestions both on and off list. We will be looking at a few additional devices along with what we have researched. Thanks, Chris -Original Message- From: Bill Blackford [mailto:bblackf...@gmail.com] Sent: Wednesday, March 09, 2011 5:53 AM To: Chris Enger Cc: nanog@nanog.org Subject: Re: Internet Edge Router replacement - IPv6 route table size considerations Chris, With address exhaustion and deaggregation, the table is only going to get bigger so choosing anything now that can only handle anything south of 1M routes is not a wise investment. Several posters have recommended ASR1002 and MX80. I use both of these platforms in my environment and have been quite pleased with both. ARA100x. Cisco has lower/cheaper options here including a 1RU device. I don't have the specs handy, but these are lacking in scalability that you will most likely need. I believe the forwarding cap is 2.5G. With the ASR1002, you can start up with the 5G forwarding board. The MX80. There are several models/bundles. A good choice for you may be the MX80-5G. Incidentally, the "5G" does not mean 5gig. It ships with a 20 port ge MIC that will do line rate. The other MIC and the on-board 4X 10GE are disabled. As previously mentioned, it doesn't use TCAM so your V4, V6 routes don't share finite resources with each other or MAC entires, etc. If you're familiar with the benefits if JUNOS - once you've used it for awhile - it's hard to go back. If your environment is rapidly growing, stay away from low CAM limits,anything that's runs in software, (C7200, C7330, J6350), and make the jump to line-rate hardware devices. -b On Tue, Mar 8, 2011 at 4:15 PM, Chris Enger wrote: > Greetings, > > I am researching possible replacements for our Internet edge routers, and > wanted to see what people could recommend for a smaller chassis or fixed > router that can handle current IPv4 routes and transition into IPv6. > Currently we have Brocade NetIron 4802s pulling full IPv4 routes plus a > default route. I've looked at Extreme, Brocade, Cisco, and a few others. > Most range from 256k - 500k IPv4 and 4k - 16k IPv6 routes when CAM space is > allocated for both. The only exception I've found so far is the Cisco ASR > 1002, which can do 125k v6 along with 500k v4 routes at once. I'm curious if > any other vendors have comparable products. > > My concern is trying to find a router (within our budget) that has room for > growth in the IPv6 routing space. When compared to the live table sizes that > the CIDR report and routeviews show, some can't handle current routing > tables, let alone years of growth. BGP tweaks may keep us going but I can't > see how 16k or fewer IPv6 routes on a router is going to be viable a few > years from now. > > Thank you, > Chris Enger > > -- Bill Blackford Network Engineer Logged into reality and abusing my sudo privileges.
RE: Internet Edge Router replacement - IPv6 route table size considerations
Our Brocade reps pointed us to the CER 2000 series, and they can do up to 512k v4 or up to 128k v6. With other Brocade products they spell out the CAM profiles that are available, however I haven't found specifics on the CER series. Chris -Original Message- From: Julien Goodwin [mailto:na...@studio442.com.au] Sent: Tuesday, March 08, 2011 5:09 PM To: 'nanog@nanog.org' Cc: Chris Enger Subject: Re: Internet Edge Router replacement - IPv6 route table size considerations On 09/03/11 12:08, Julien Goodwin wrote: > On 09/03/11 11:57, Chris Enger wrote: >> I did look at a Juniper J6350, and the documentation states it can handle >> 400k routes with 1GB of memory, or 1 million with 2GB. However it doesn’t >> spell out how that is divvyed up between the two based on a profile setting >> or some other mechanism. > It's a software router so the short answer is "it isn't" > > With 3GB of RAM both a 4350 and 6350 can easily handle multiple IPv4 > feeds and an IPv6 feed (3GB just happens to be what I have due to > upgrading from 1GB by adding a pair of 1GB sticks) > > If you need more then ~500Mbit or so then you would want something > bigger. The MX80 is nice and has some cheap bundles at the moment; it's > specced for 8M routes (unspecified, but the way Juniper chips typically > store routes there's less difference in size then the straight 4x) > > From others the Cisco ASR1k or Brocade NetIron XMR (2M routes IIRC) are > the obvious choices. And I meant Brocade NetIron CES here.
RE: Internet Edge Router replacement - IPv6 route table size considerations
I did look at a Juniper J6350, and the documentation states it can handle 400k routes with 1GB of memory, or 1 million with 2GB. However it doesn’t spell out how that is divvyed up between the two based on a profile setting or some other mechanism. Chris From: tsi...@gmail.com [mailto:tsi...@gmail.com] Sent: Tuesday, March 08, 2011 4:33 PM To: Chris Enger; 'nanog@nanog.org' Subject: Re: Internet Edge Router replacement - IPv6 route table size considerations have you looked into juniper networks? - Reply message ----- From: "Chris Enger" Date: Tue, Mar 8, 2011 5:15 pm Subject: Internet Edge Router replacement - IPv6 route table size considerations To: "'nanog@nanog.org'" Greetings, I am researching possible replacements for our Internet edge routers, and wanted to see what people could recommend for a smaller chassis or fixed router that can handle current IPv4 routes and transition into IPv6. Currently we have Brocade NetIron 4802s pulling full IPv4 routes plus a default route. I've looked at Extreme, Brocade, Cisco, and a few others. Most range from 256k - 500k IPv4 and 4k - 16k IPv6 routes when CAM space is allocated for both. The only exception I've found so far is the Cisco ASR 1002, which can do 125k v6 along with 500k v4 routes at once. I'm curious if any other vendors have comparable products. My concern is trying to find a router (within our budget) that has room for growth in the IPv6 routing space. When compared to the live table sizes that the CIDR report and routeviews show, some can't handle current routing tables, let alone years of growth. BGP tweaks may keep us going but I can't see how 16k or fewer IPv6 routes on a router is going to be viable a few years from now. Thank you, Chris Enger
Internet Edge Router replacement - IPv6 route table size considerations
Greetings, I am researching possible replacements for our Internet edge routers, and wanted to see what people could recommend for a smaller chassis or fixed router that can handle current IPv4 routes and transition into IPv6. Currently we have Brocade NetIron 4802s pulling full IPv4 routes plus a default route. I've looked at Extreme, Brocade, Cisco, and a few others. Most range from 256k - 500k IPv4 and 4k - 16k IPv6 routes when CAM space is allocated for both. The only exception I've found so far is the Cisco ASR 1002, which can do 125k v6 along with 500k v4 routes at once. I'm curious if any other vendors have comparable products. My concern is trying to find a router (within our budget) that has room for growth in the IPv6 routing space. When compared to the live table sizes that the CIDR report and routeviews show, some can't handle current routing tables, let alone years of growth. BGP tweaks may keep us going but I can't see how 16k or fewer IPv6 routes on a router is going to be viable a few years from now. Thank you, Chris Enger
Re: ARIN and IPv6 Requests
(Yeah, high reply latency...) Is Carrier V still filtering at sub-/32 on their IPv6 peerings? Last I was in a position to check, not even Apple's /45 was visible from inside AS701. -C On Feb 10, 2011, at 12:25 PM, Eric Clark wrote: > Don't remember about the v4 part, but 3 years ago they issued me a /48, > specifically for my first site and indicated that a block was reserved for > additional sites. I can probably dig that up. > > Sent from my iPad > > On Feb 10, 2011, at 12:18 PM, Jason Iannone wrote: > >> It also looks like there isn't a policy for orgs with multiple >> multihomed sites to get a /48 per site. Is there an exception policy >> somewhere? >> >> On Thu, Feb 10, 2011 at 12:50 PM, wrote: >>> Initial. Documenting IPv4 usage is in the request template. >>> >>> -- >>> Adam Webb >>> >>> >>> >>> >>> >>> From: >>> "Nick Olsen" >>> To: >>> >>> Date: >>> 02/10/2011 01:45 PM >>> Subject: >>> re: ARIN and IPv6 Requests >>> >>> >>> >>> We requested our initial allocation without any such questions. Is this >>> your initial or additional? >>> >>> Nick Olsen >>> Network Operations >>> (855) FLSPEED x106 >>> >>> >>> >>> From: adw...@dstsystems.com >>> Sent: Thursday, February 10, 2011 2:38 PM >>> To: nanog@nanog.org >>> Subject: ARIN and IPv6 Requests >>> >>> Why does ARIN require detailed usage of IPv4 space when requesting IPv6 >>> space? Seems completely irrelevant to me. >>> >>> -- >>> Adam Webb >>> EN & ES Team >>> desk: 816.737.9717 >>> cell: 916.949.1345 >>> --- >>> The biggest secret of innovation is that anyone can do it. >>> --- >>> >>> - >>> Please consider the environment before printing this email and any >>> attachments. >>> >>> This e-mail and any attachments are intended only for the >>> individual or company to which it is addressed and may contain >>> information which is privileged, confidential and prohibited from >>> disclosure or unauthorized use under applicable law. If you are >>> not the intended recipient of this e-mail, you are hereby notified >>> that any use, dissemination, or copying of this e-mail or the >>> information contained in this e-mail is strictly prohibited by the >>> sender. If you have received this transmission in error, please >>> return the material received to the sender and delete all copies >>> from your system. >>> >>> >>> >> >
Submarine cable sample?
Hi, Was wondering where one in the SF Bay area might be able to borrow (or otherwise procure at a reasonable cost) a short - less than 1 meter - section of undersea fiber cable for a presentation I'll be giving in a few weeks. Feel free to unicast your reply if you are in a position to assist. Thanks, -Chris
Re: BGP Failover Question
We are recieving full routes from both providers. ---Chris On Feb 21, 2011, at 6:36 PM, Charles Gucker wrote: > On Mon, Feb 21, 2011 at 4:10 PM, Chris Wallace > wrote: >> This isn't the first time we have seen this issue with our various >> providers, how can I prevent issues like this from happening in the future? > > Quick question, are you running with a default route from your > provider? If so, you're better off either finding another provider, > or upgrading the router (if necessary) to carry a full table. If > they do something to partition their network, you will see the > decrease in routes learned from them, provided you see those routes > and not the default route as asked above. > > charles
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Mon, Feb 21, 2011 at 19:08, Dan Wing wrote: > Its title, filename, abstract, and introduction all say the problems > are specific to NAT444. Which is untrue. I just re-read the filename, abstract and introduction, and I disagree that any of those say that the problems are specific to NAT444. They all do state that these problems are present in NAT444, but not that it's the only technology/scenario/configuration where you might find them. More importantly, I am unsure the point of this argument. Are you trying to say that the items listed as broken in the draft are not actually broken? Because in my experience they are. IMHO, the fact that they are also broken in other (similar) scenarios is not evidence that they are not broken in this one. On the contrary, this scenario seems to be evidence to the brokenness in the others (until we get a chance to test and document them all - are you volunteering? ;). Cheers, ~Chris > -d > > > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
BGP Failover Question
I am looking for some help with an issue we recently had with one of our BGP peers recently. I currently have two DIA providers each terminated into their own edge router and I am doing iBGP to exchange routes between the two edge routers. Last week Provider A made a policy change "somewhere" in their network in the middle of the day causing traffic to stop routing. Of course this connection happens to be the preferred route for the majority of our inbound and outbound traffic. I never saw our physical link go down and never saw our peer drop therefore BGP did not stop advertising routes, this caused most of our customers traffic to go nowhere. In order to fix the issue I had to manually shutdown the peer till Provider A confirmed the change they made had been reverted. This isn't the first time we have seen this issue with our various providers, how can I prevent issues like this from happening in the future? ---Chris
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Fri, Feb 18, 2011 at 16:48, Benson Schliesser wrote: > > I agree that it's an imperfect analogy, so I won't bother defending it. :) > But my point remains: NAT444 is a deployment scenario, which includes a CGN > element. Other deployment scenarios that also include a CGN element will > have the same issues, and perhaps more. And, indeed, a number of > "transition" (i.e. exhaustion) scenarios include a CGN. Thus it is > appropriate to focus on the root of the problem (CGN) rather than pointing at > just one scenario that leverages it. That I'll agree with. It seems to me that what's called for is an expansion of the tests done for the draft in question to include other, currently in-vogue, CGN/LSN technologies. > So... I agree that CGN is painful, relative to native connectivity and even > relative to CPE-based NAT44. But I'd like to understand why NAT444 is better > or worse than other CGN-based scenarios, before I agree with that conclusion. That wasn't the conclusion I drew, can't speak for others of course. My conclusion is that CGN/LSN is broken, as evidenced by brokenness in NAT444. I agree that a comparison of all (or some reasonable subset of all) LSN technologies would be valuable, especially as folks may begin to be forced to choose one. For now I stick with the ideal: Avoid if possible. (Dual-stack early, dual-stack often?) >> If we get dual v4+v6 connectivity quickly enough, we do not need LSN >> (including NAT444). > > Amen, brother. I guess I'm just pessimistic about the definition of > "quickly" versus operationally realistic timeframes. Fair enough, I still have hope. =) ~Chris > Cheers, > -Benson > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6naysayer...)
On Fri, Feb 18, 2011 at 12:07, Scott Helms wrote: > > We don't have a situation where the existing infrastructure doesn't work, it > does. It does today. IPv4 addresses are still freely available today though. As soon as we introduce LSN, the infrastructure starts to stop working. When that happens, IPv6 will have demand. Hopefully we can deploy it before then and avoid the brokeness though... Cheers, ~Chris > -- > Scott Helms > Vice President of Technology > ISP Alliance, Inc. DBA ZCorum > (678) 507-5000 > > http://twitter.com/kscotthelms > > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Fri, Feb 18, 2011 at 16:07, Benson Schliesser wrote: > Broken DNS will result in problems browsing the web. That doesn't make it > accurate to claim that the web is broken, and it's particularly weak support > for claims that email would work better. I don't think that's a great analogy. NAT444 is CGN, the web is not DNS. If I say I can chop down a tree with a red ax, can you disprove that by saying that you can chop it down with any color ax? > Well, if your user does nothing but send email then perhaps even UUCP would > be good enough. But for the rest of us, until IPv6 penetration reaches all > the content/services we care about, we need dual v4+v6 connectivity. If we get dual v4+v6 connectivity quickly enough, we do not need LSN (including NAT444). Cheers, ~Chris > Cheers, > -Benson > > > > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Thu, Feb 10, 2011 at 14:17, Benson Schliesser wrote: > If you have more experience (not including rumors) that suggests otherwise, > I'd very much like to hear about it. I'm open to the possibility that NAT444 > breaks stuff - that feels right in my gut - but I haven't found any valid > evidence of this. In case you have not already found this: http://tools.ietf.org/html/draft-donley-nat444-impacts-01 Cheers, ~Chris > > Regardless, I think we can agree that IPv6 is the way to avoid NAT-related > growing pains. We've known this for a long time. > > Cheers, > -Benson > > ___ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List (arin-p...@arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact i...@arin.net if you experience any issues. > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Re: quietly....
Once upon a time, Henry Yen said: > On Sun, Feb 06, 2011 at 10:43:18AM -0800, Owen DeLong wrote: > > I believe that Sony will offer IPv6 software upgrades for the PS-3 because > > they will eventually realize that failing to do so is bad for future sales. > > Technical impediments (lack of ipV6) in their product(s) do not necessarily > correlate with what they think of future sales prospects. Also, lack of functionality in the current generation can be seen by management as _good_ for future sales (of the PS4, the Xbox 720, WiiToo, etc.). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Top webhosters offering v6 too?
Many virtual private server companies (I have 2 BurstNET VPS servers in Scranton and Los Angeles) will give you a /64 of IPv6 addresses. This is always an option.
Re: quietly....
On Feb 3, 2011, at 9:00 AM, Jack Bates wrote: > The concept of v4 to v6 addressing scale doesn't match the pricing scale, > though. Generally, I expect to see most ISPs find themselves 1 rank higher in > the v6 model compared to v4, which effectively doubles your price anyways. :) Not sure I understand that one. /19 = 500 /29s /32 = 64,000 /48s Shouldn't the v6 blocks be a lot bigger? Chris -- ----- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: Significant Announcement (re: IPv4) 3 February - Watch it Live!
Once upon a time, Sameer Khosla said: > Anyone else getting Error establishing a database connection trying to > bring this up? It was posted to /. this morning, so it is probably overloaded (I didn't even try). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: quietly....
On Feb 2, 2011, at 8:38 PM, Randy Carpenter wrote: > From the main section on https://www.arin.net/fees/fee_schedule.html: > > "... ISPs with both IPv4 resources and IPv6 resources pay the larger of the > two fees." > > It is not mentioned anywhere in the waiver stuff. Actually it is in the waiver stuff but I didn't see it at the top too. That's much more reasonable. Chris -- - Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: quietly....
On Feb 2, 2011, at 7:22 PM, Randy Carpenter wrote: > And, even if you are an ISP, you only pay the larger of the two fees if you > have both v4 and v6. I'm not sure if that is permanent or not, though. I thought that was part of the "waiver" stuff that expires this year. Chris -- ----- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: quietly....
On Feb 2, 2011, at 3:09 PM, david raistrick wrote: > At least in ARIN territory, if you're multihomed, and you can show in-1-year > use of 50% of a (v4) /24, you qualify for a PI v6 /48. One of the things I find frustrating about this is the cost of the space. We're a very small shop and to add IPv6 addresses for testing now we're looking at paying another $2,200 a year ($1,700 in the first year) when it will probably be some time before we actually _need_ the addresses. The waivers a few years were a nice start but why does the cost need to double ever? It isn't like ARIN needs the money, they have more than they can spend. Once we are a "member" and have IPv4 space, the marginal cost to ARIN of assigning the equivalent in IPv6 space is pretty close to zero. Maybe some sort of NRC but doubling the annual cost just doesn't make sense. At least with IPv4 you can make the argument that the cost is artificially high to control usage but with IPv6 there are no more scarcity issues. I'd love to add IPv6 to the network but it just rubs me the wrong way to have to pay $2,220 a year to do so for something that essentially has no cost. I can't imagine having to justify it to a bean counter. Chris -- ----- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: quietly....
Once upon a time, Iljitsch van Beijnum said: > If someone turns their box into a router they can also turn it into a DHCP > server. This is what happens with IPv4. The solution is to filter these > packets from fake routers in the switches. So ask your switch vendor for that > feature in IPv6. The difference is that in the widest-used desktop OS, "turn me into a router" is a single checkbox, while "turn me into a DHCP server" requires installing software. The first is an accident waiting to happen (and then a support nightmare), while the second is not a common problem. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: quietly....
Once upon a time, Owen DeLong said: > On Feb 1, 2011, at 3:41 PM, Karl Auer wrote: > > Devil's advocate hat on: NAT (in its most common form) also permits > > internal addressing to be independent of external addressing. > > > Which is a bug, not a feature. That is an opinion (and not a unversally held opinion), not a fact. I tend to agree with you, but you keep stating your opinion as fact. Telling people "I'm right, you're wrong" over and over again leads to them going away and ignoring IPv6. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Comcast IPv6 Native Dual Stack Trials
Well done John! Here's to a rapid expansion of the native footprint! ~Chris On Mon, Jan 31, 2011 at 08:26, Brzozowski, John wrote: > Comcast Activates First Users With IPv6 Native Dual Stack Over DOCSIS > > http://blog.comcast.com/2011/01/comcast-activates-first-users-with-ipv6-nat > ive-dual-stack-over-docsis.html > > John > = > John Jason Brzozowski > Comcast Cable > e) mailto:john_brzozow...@cable.comcast.com > o) 609-377-6594 > m) 484-962-0060 > w) http://www.comcast6.net > = > -- @ChrisGrundemann weblog.chrisgrundemann.com www.burningwiththebush.com www.theIPv6experts.net www.coisoc.org
Re: Future of the IPv6 CPE survey on RIPE Labs - Your Input Needed
On 27/01/11 08:17 -0600, Jack Bates wrote: On 1/27/2011 12:57 AM, Frank Bulk wrote: Have you looked at D-Link's DIR-825? It has most of the things you're looking for. The DIR-655 is a more affordable option. Haven't had the chance to look at that one. Will check it out. In regards to (2), is it even possible to do DHCPv6-PD on with a SLAAC WAN? It had better be, as IOS 12.2 SRE only supports SLAAC + DHCPv6-PD. Most of the Cisco documentation I've seen, says that is their beautiful layout. No more proxyarp/nd. Instead, assign a /64 to each subinterface, perform SLAAC, then hand out prefixes via DHCPv6-PD if someone needs a prefix. The DIR-825(Rev B) running firmware 2.05NA does. From the status screen: IPv6 Connection Type : Autoconfiguration (SLAAC/DHCPv6) Network Status : Connected WAN IPv6 Address : 2610:b8:0:234:218:e7ff:fef8:66dc/64 IPv6 Default Gateway : fe80::c67d:4fff:fed6:5401 LAN IPv6 Address : 2610:b8:100f:1:218:e7ff:fef8:66db/64 LAN IPv6 Link-Local Address : fe80::218:e7ff:fef8:66db/64 Primary IPv6 DNS Server : 2610:b8:0:3:215:c5ff:fef3:f9c8 Secondary IPv6 DNS Server :2610:b8:0:3:215:c5ff:feee:9448 DHCP-PD : Enabled IPv6 network assigned by DHCP-PD : 2610:b8:100f::/48 The latest firmware has fairly good support, but is lacking configurable v6 firewall settings. I haven't done any firewall testing yet, but I'd imagine all incoming v6 connections are blocked. The Emulator hasn't been updated yet to reflect the options in the new firmware, but this should give you an idea of what the configuration looks like: http://www.support.dlink.com/emulators/dir825_revB/203NA/adv_link_local.html The DIR-615 should have similar support, but I haven't upgraded it yet. Hello, As for the DIR-615, it should, but it doesn't...At least, the E3/E4 revisions I had. I contacted D-LINK support and was able to get a beta build that seems promising. But DHCP-PD over PPPoE works relatively well, minus a couple of little "features". I am hoping to have that hammered out soon, as the 615 is a capable little sub-50$ home CPE. But D-Link engineering seems receptive to my observations. I have to check the state of the firewalling in it too ;) Chris
Re: Using IPv6 with prefixes shorter than a /64 on a LAN
On Monday, 24 January 2011 at K:59:59 -0200, Carlos Martinez-Cagnazzo wrote: > I am particularly wondering about possible NDP breakage. +1 We allocate /64 per PtP but only configure /127 for NDP and secrity concerns, I figure we can always change the mask if the space is set asside from the get go. ta -- Chris Nicholls Timico Network Operations ch...@timico.net
Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources
Once upon a time, Jack Bates said: > I have a customer reporting the same thing. The traffic flood goes to > offline modem bank IPs. So far, Akamai hasn't actually grasped what the > problem is and says everything is fine. :( me too I hadn't captured the traffic during one of the floods yet, but now that you mention it, I'm seeing spikes on my Akamai graphs at the same time as the spikes on the dialup graphs. I wonder if some Microsoft PPP update triggered an Akamai bug or some such (why else would it just be hitting dialups)? -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: WAAS CIFS Optimisation
> Do i need to disable default Microsoft SMB signature to get optimal CIFS > optimisation? > > Thanks for any feedback or recommandation > Manu IIRC Yes. Also ensure you're on one of the newer versions, older ones (< 4.1.7 maybe ?) have some known issues with Windows sharing. Chris
Verizon FiOS Distribution Switch
I have a question about a Verizon FiOS business connection with an ethernet hand off and I am hoping that someone out there has done the same thing. We have a FiOS business connection coming into our building. This includes an Ethernet hand off into the usual Actiontec router as well as a block of 13 public IP addresses. The Actiontec router needs to remain in place with its current Public IP address. We have some devices from a vendor plugged into it for Internet access, as well as numerous cable boxes across the building that get their guide information through the coax interface on the router. What we want to do is take the ethernet hand off out of the WAN (RJ-45) interface on the Actiontec router and plug it into a hardened Cisco switch such as a 2950. Our goal here is to use the Cisco switch as a Internet distribution switch since we will have numerous test devices that will need to have a direct connection to the Internet. Our preference is also not to have all of the traffic from these other devices traverse the Actiontec router. I have a few concerns with this setup: Some articles I have read indicate that the hand off from the Verizon ONT may not be a direct Ethernet hand off so the interface it connects to may require a different config (Dialer or something). I am also concerned about any issues if the ONT or some down stream Verizon device may cause if it sees multiple MAC addresses coming across our link. We're not trying to cheat the system or anything, just to modify the Verizon setup to better suit our needs. Any advice or tips would be helpful. - Chris
Re: Request Spamhaus contact
We don't want things like http://bit.ly/gGlKbF c On 1/17/2011 19:31, Jeffrey Lyon wrote: > I've already stated that i'm having the server powered down. What else > do you people want? Why not focus your energy on the providers who are > NOT responding to complaints? > > Jeff > > On Mon, Jan 17, 2011 at 8:30 PM, Mark Scholten wrote: >> >> >>> -Original Message- >>> From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net] >>> Sent: Tuesday, January 18, 2011 1:58 AM >>> To: TR Shaw >>> Cc: nanog@nanog.org >>> Subject: Re: Request Spamhaus contact >>> >>> TR, >>> >>> Again, it's been null routed. Customer has been served with notice. >>> Unless you guys can help find some more related IP space I think the >>> issue has been solved. >>> >>> Thanks, Jeff >> >> Hello Jeffrey, >> >> At least a few moments back (after receiving the message above) it was >> possible to get the page at www . vertrouwdeapotheek . nl at IP >> 208.64.120.197. >> >> Do you really know if it has been solved? >> >> Regards, Mark >> >> > > > signature.asc Description: OpenPGP digital signature
Re: Request Spamhaus contact
On Jan 17, 2011, at 6:42 PM, Jeffrey Lyon wrote: > I fat fingered the netmask, try now. I've asked privately but would it really be too much to take this off NANOG? Spammer complaining he is on a RBL is hardly relevant. Chris -- ----- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: Is Cisco equpiment de facto for you?
Once upon a time, Michael Ruiz said: > I like Cisco personally and they are cheaper than > buying a Juniper. For example a M-series is always going to cost some > bucks after you factor the FPC and the PICS that need to be loaded. We didn't find that to be the case, after you factor in all the Cisco pieces that need to be loaded as well. Both make modular routers, so I don't see how saying that one requires modules is a valid argument. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Is NAT can provide some kind of protection?
Once upon a time, Scott Helms said: > Few home users have a stateful firewall configured Yes, they do. NAT requires a stateful firewall. Why is that so hard to understand? -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Is Cisco equpiment de facto for you?
Once upon a time, Andrey Khomyakov said: > There have been awfully too many time when Cisco TAC would just say that > since the problem you are trying to troubleshoot is between Cisco and > VendorX, we can't help you. You should have bought Cisco for both sides. That kind of behavior from a vendor tells me I shouldn't have bought that vendor for either side. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: How are you aggregating WAN customers these days?
The ASRs seem to be the consensus in a lot of places. Wondering if anyone has tried anything like aggregating T1 customers onto a mux box, then connecting that back to a 6500. What are the general impressions of the ASR series? On Mon, Jan 10, 2011 at 10:00 AM, Justin Wilson wrote: > Cisco ASR 1000. For T3 you can get a 4 port card. Seems to perform well. > > Also have a 6500 deployed with some flexwan interfaces. Believe this > will also work in the 7000 something chassis. > > Justin > -- > Justin Wilson > Aol & Yahoo IM: j2sw > http://www.mtin.net/blog – xISP News > http://www.twitter.com/j2sw – Follow me on Twitter > Wisp Consulting – Tower Climbing – Network Support > > > > > From: Chris > Date: Mon, 10 Jan 2011 09:51:53 -0500 > To: > Subject: How are you aggregating WAN customers these days? > > Hello, > > I'm looking to put some feelers out there and see what people are > doing to aggregate WAN customers (T1,T3, etc...) these days. What > platforms/devices are you using? What seems to be working/not working? > Any insights would be great! > > Thanks, > Chris > >
How are you aggregating WAN customers these days?
Hello, I'm looking to put some feelers out there and see what people are doing to aggregate WAN customers (T1,T3, etc...) these days. What platforms/devices are you using? What seems to be working/not working? Any insights would be great! Thanks, Chris
Starbucks network admins
Does anyone have any good contacts for Starbucks network admins? -- Chris Harvey Distinguished Engineer o: 703-939-8479 m: 703-967-4229
Re: Muni Fiber Last Mile - a contrary opinion
Once upon a time, Michael DeMan said: > On Dec 26, 2010, at 8:07 PM, Chris Adams wrote: > > The AT&T (formerly BellSouth) cabinets around here mostly have natural > > gas generators included, so they almost never go out. The cable > > companies, on the other hand, might have enough battery to last through > > a brownout. > > Interesting - out of curiosity, how big are these cabinets/pedestals? Or > would you by chance know details on the natgas power system they are using? I don't know; I've just seen them driving by (since other cabinets don't have a gas meter, they stand out). It looks like they set up two cabinets about 6-8 feet wide, 3 feet deep, and 4-5 feet high (just guestimating). Maybe one cabinet for power/batteries/generator and one for the telco gear? > Natgas is not ideal in a full-on disaster scenario like an earthquake, > but probably could add another '9' onto service levels? I have never > heard of or seen such a thing, but it is a really good idea. I'm in north Alabama; earthquakes aren't a significant problem here. The biggest I can remember was something like a 3.2, just enough to hear and feel. We're far enough from New Madrid that it shouldn't be an issue. Our main problem is severe storms (thunderstorms and tornados), the once-every-few-decades ice storm, and the random exploding transformer. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Muni Fiber Last Mile - a contrary opinion
Once upon a time, Jared Mauch said: > You are likely already at the mercy of some local hut for your > dialtone. Very few things home run to the co these days. It's unlikely > any hut has more than 24 hours of battery. The AT&T (formerly BellSouth) cabinets around here mostly have natural gas generators included, so they almost never go out. The cable companies, on the other hand, might have enough battery to last through a brownout. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Some truth about Comcast - WikiLeaks style
Once upon a time, Leo Bicknell said: > And yet, I don't know of any location in the US with two cable > operators. Huntsville, AL has Comcast and Knology (originally CableAlabama) cable available at virtually every address (except for some apartment complexes, which tend to only be wired for one cable plant and negotiate a deal with one company or the other). I believe some of the surrounding areas have overlap between Knology and Mediacom. A number of years ago (15 or so?), CableAlabama wanted to sell out to Comcast, and the city refused to allow it under the franchise agreement. CA sued and eventually won a settlement, but didn't end up merging (and became or was bought out by Knology). IIRC the settlement was 50% off of the franchise fee for 20 years or so. For a long time, we had the lowest cable prices in the country because of the competition, but I don't think that's the case anymore (Comcast, being the big corporate entity, doesn't care about competition with Knology, and Knology just raises their prices to keep up). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Some truth about Comcast - WikiLeaks style
Once upon a time, JC Dill said: > Why not open up the > market for telco wiring and just see what happens? There might be 5 or > perhaps even 10 players who try to enter the market, but there won't be > 50 - it simply won't make financial sense for additional players to try > to enter the market after a certain number of players are already in. Look up pictures of New York City in the early days of electricty. There were streets where you couldn't hardly see the sky because of all the wires on the poles. > And there certainly won't be 50 all trying to service the same neighborhood. And there's the other half of the problem. Without franchise agreements that require (mostly) universal service, you'd get 50 companies trying to serve the richest neighborhoods in town, and none, or maybe one high-priced vendor, serving the poorer areas. > And if a competing water service thought they could do better than the > incumbent, why not let them put in a competing water project? There is limited space, and most people don't want the road and their yard being dug up because their neighbor wants different water service. Also, the more people digging, the more breaks you'll have in existing services (and if there are fibers from 10 different companies cut, they'll be pointing fingers for blame and all trying to get in the hole at the same time to fix theirs first). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Cogeco MX/SMTP administrator?
Hello, Could a Cogeco MX/SMTP admin contact me off list please, we seem to be suffering from the same fate as these individuals; http://www.dslreports.com/forum/r24888256-Email-sent-to-AOL-is-timing-out Thanks, Chris Conn B2B2C.ca
Re: [Operational] Internet Police
Once upon a time, Fred Baker said: > did you know that DSLRs are illegal in Kuwait unless one is a registered > journalist? Did you know that they are not? http://thenextweb.com/me/2010/11/30/kuwait-dslr-ban-does-not-exist-after-all/ This is like the people attacking EasyDNS because they took wikileaks.org down. Oops, except it wasn't, it was EveryDNS. I read it on the Internet so it must be true! -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Over a decade of DDOS--any progress yet?
On Dec 8, 2010, at 9:33 AM, Arturo Servin wrote: > Yes, but all of them rely on your upstreams or in mirroring your > content. If 100 Mbps are reaching your input interface of 10Mbps there is not > much that you can do. Hmm. What would be really cool is if you could use Snort, NetFlow/NBAR, or some other sort of DPI tech to find specifically the IP addresses of the DDoS bots, and then pass that information back upstream via BGP communities that tell your peer router to drop traffic from those addresses. That way the target of the traffic can continue to function if the DDoS traffic doesn't closely mimic the normal traffic. Your BGP peer router would need to have lots of memory for /32 or /64 routes though. Anyone heard of such a beast? Or is this how the stuff from places like Arbor Networks do their thing? --Chris
Re: Pointer for documentation on actually delivering IPv6
On Saturday, 4 December 2010 at K:40:50 -0500, Mark Radabaugh wrote: > Probably a case of something being blindingly obvious but... > > I have seen plenty of information on IPv6 from a internal network > standpoint. I have seen very little with respect to how a ISP is > supposed to handle routing to residential consumer networks. I have seen > suggestions of running RIPng. The thought of letting Belkin routers (if > you can call them that) into the routing table scares me no end. > > Is this way easier than I think it is? Did somebody already write the > book that I can't find? > > -- > Mark Radabaugh > Amplex > > m...@amplex.net 419.837.5015 > > ---end quoted text--- I found the following very helpful, Hardest thing for me was nailing DHCPv6-PD without an DHCP server :) Deploying IPv6 in Broadband Access Networks By: Adeel Ahmed; Salman Asadullah Publisher: John Wiley & Sons Pub. Date: August 17, 2009 Print ISBN: 978-0-470-19338-9 Web ISBN: 0-470193-38-7 Deploying IPv6 Networks By: Ciprian Popoviciu; Eric Levy-Abegnoli; Patrick Grossetete Publisher: Cisco Press Pub. Date: February 10, 2006 Print ISBN-10: 1-58705-210-5 Print ISBN-13: 978-1-58705-210-1 -- Chris Nicholls Timico Network Operations ch...@timico.net
Re: Want to move to all 208V for server racks
Once upon a time, Ricky Beam said: > Just because someone is selling them doesn't mean they meet building > codes. (esp. for residential use.) None of the dozen or so licensed > electricians I've ever talked to will use them. I saw GFCI breakers installed in a new house this year, and it passed inspection. I think you experienced a recall of a specific device and are confusing that with a general removal. When Toyota recalled a model of car, that didn't mean all cars were banned. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
Once upon a time, Christopher Morrow said: > the colo provider may not want to 'waste' electricity/cooling on a > vending machine... A plain (non-drink) machine draws a few watts. I don't think rack screws and patch cables need to be refrigerated; if they can't spare a few watts for a vending machine, then you probably can't install anything new there anyway. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Cisco 6500 QoS Priority Queuing (DSCP & EXP based)
These are lan modules. They have fixed queues that you map traffic into. Research lan qos methods and it should make sense. On Nov 17, 2010 11:55 AM, "Manu Chao" wrote: > Thanks Jim, > > The line cards are 6700 series only. > > It seems (i will test it) that wrr commands can only be associated with COS > marking not DSCP nor EXP. > > May be Priority Queuing is not supported for MPLS traffic on 6700 modules ? > > On Wed, Nov 17, 2010 at 3:36 PM, Rampley Jr, Jim F < > jim.ramp...@chartercom.com> wrote: > >> >> This depends on which line cards you have in your chassis. This >> configuration below won't work on 6700 series line cards. You have to use >> the wrr commands. I didn't test it, but MQC configuration below should work >> on ES series line cards. >> >> >> >> Jim >> >> >> -Original Message- >> From: Manu Chao [mailto:linux.ya...@gmail.com] >> Sent: Wednesday, November 17, 2010 9:11 AM >> To: NANOG list >> Subject: Cisco 6500 QoS Priority Queuing (DSCP & EXP based) >> >> I would to translate following 7200 QoS configuration to Catalyst 6500: >> >> class-map match-any PQ >> match dscp ef >> match mpls experimental topmost 5 >> >> policy-map QOS-PE-OUT >> class PQ >> priority percent 33 >> class class-default >> >> AFAIK we need extra command on 6500 to enable Priority Queuing at the >> interface level but my problem is that interface priority command are only >> COS based not DSCP nor EXP. I may be wrong. >> >> I would appreciate any 6500 QoS help. >> >> Thanks in advance >> >> E-MAIL CONFIDENTIALITY NOTICE: >> >> >> >> >> >> >> >> The contents of this e-mail message and >> any attachments are intended solely for the >> addressee(s) and may contain confidential >> and/or legally privileged information. If you >> are not the intended recipient of this message >> or if this message has been addressed to you >> in error, please immediately alert the sender >> by reply e-mail and then delete this message >> and any attachments. If you are not the >> intended recipient, you are notified that >> any use, dissemination, distribution, copying, >> or storage of this message or any attachment >> is strictly prohibited. >> >> >> >> >> >> >> >> >>
Re: RINA - scott whaps at the nanog hornets nest :-)
Once upon a time, valdis.kletni...@vt.edu said: > That's right up there with the sites that blackhole their abuse@ > address, and then claim they never actually see any complaints. What about telcos that disable error counters and then say "we don't see any errors"? -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.