* adrian kok [EMAIL PROTECTED] [2004-11-10 21:32]:
2/ I saw article. a full BGP feed is about 110,000
routes.
we're at 140..150k these days.
Do you have experience that AMD64 with 3G memory in
Unix Box can handle it?
I've done it on a soekris box, that is, a 266MHz Geode CPU with
128MB
Hi,
How could it be done to block VoIP at access router?
I've thought about using ACL to block UDP port
1719,but this could be overcome by modifying protocol
port number.
regards
Joe
__
Do You Yahoo!?
Log on to Messenger with your mobile
Tcp/1719 is part of the H323 Gatekeeper default ports (which can be changed)
Tcp/1720 is the H.225 call setup port, and I haven't heard of this being a
configurable port.
HTH,
Scott Morris, MCSE, CCDP, CCIE4 (RS/ISP-Dial/Security/Service Provider)
#4713, JNCIP, CCNA-WAN Switching, CCSP,
On Thu, Nov 11, 2004 at 03:45:43AM +0800, adrian kok wrote:
Dear all
Something I don't understand and would like you to
help.
1/ for the url:
http://www.oreillynet.com/pub/a/network/2002/08/12/multihoming.html
I don't understand those 2 steps:
- Register your routing policy in a
One might also suggest that explicit denials, as
opposed to explicit permits, as an access-control
policy is fundamentally flawed security approach in
the first place
My $.02,
- ferg
-- Scott Morris [EMAIL PROTECTED] wrote:
Tcp/1719 is part of the H323 Gatekeeper default ports (which
adrian kok wrote:
1/ for the url:
http://www.oreillynet.com/pub/a/network/2002/08/12/multihoming.html
I don't understand those 2 steps:
- Register your routing policy in a Routing Registry.
- Use looking glasses to see if your announcements are
visible elsewhere on the Internet.
How can
On Mon, Nov 08, 2004 at 05:18:49PM -0600, Adi Linden wrote:
There are a number of good and reasonable uses for RFC1918 addresses. Just
assume a individual/business/corporate LAN with client/server applications
and statically configured ip numbering. RFC1918 addresses are perfect. NAT
allows
There are a number of good and reasonable uses for RFC1918 addresses. Just
assume a individual/business/corporate LAN with client/server applications
and statically configured ip numbering. RFC1918 addresses are perfect. NAT
allows this network to be connected through any provider(s) to
On Thu, Nov 11, 2004 at 03:00:04AM +, Christopher L. Morrow wrote:
On Tue, 9 Nov 2004, Randy Bush wrote:
In today's networks, printers do NOT need global addresses.
let me make sure i understand this. in order not to have to
pay for the address space for a my enterprise's printers,
On Thu, 11 Nov 2004, Henning Brauer wrote:
* adrian kok [EMAIL PROTECTED] [2004-11-10 21:32]:
2/ I saw article. a full BGP feed is about 110,000
routes.
we're at 140..150k these days.
Do you have experience that AMD64 with 3G memory in
Unix Box can handle it?
If you'll look a what the route-views
I don't imainge that most voip is h.323 anymore.
On Thu, 11 Nov 2004, Joe Shen wrote:
Hi,
How could it be done to block VoIP at access router?
I've thought about using ACL to block UDP port
1719,but this could be overcome by modifying protocol
port number.
regards
Joe
On Thu, 2004-11-11 at 09:36 -0600, Adi Linden wrote:
SNIP
Having to NAT RfC1918 addresses to reach the internet, does not imply
that I have to have RfC1918 to be able to do NAT.
What are my options today to obtain ip address space? My requirements are
well met by a /27 subnet. ARIN won't
The following resources may be helpful for H.323:
IP Ports and Protocols used by H.323 Devices
http://www.teamsolutions.co.uk/tsfirewall.html
The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
SIP uses TCP
I guess you also want to announce a /64 into the IPv6 BGP tables ?
Correct me if I'm wrong, but doesn't IPv6 do away
with the need to renumber when switching providers?
So if RFC 2462 is right, and you use DNS outside
your network and you update that DNS at the moment
of switching providers,
First issue is that IPv6 interfaces support both the old new prefixes at
the same time, so the provider change case is not as dramatic as people fear
based on past IPv4 experience. Second:
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-renumbering-procedure-0
1.txt
talks about other issues
In a message written on Thu, Nov 11, 2004 at 04:22:28PM +, [EMAIL
PROTECTED] wrote:
Correct me if I'm wrong, but doesn't IPv6 do away
with the need to renumber when switching providers?
So if RFC 2462 is right, and you use DNS outside
your network and you update that DNS at the moment
of
My AFS, Kerberos, and active FTP sessions think that you are being very,
very optimistic about the usability of non-unique adresses and kludgy
middleboxen who think they understand networking.
Don't forget IPSec, and Cisco skinny IP telephone protocol, and of course
more importantly, my
From: [EMAIL PROTECTED]
Date: Thu, 11 Nov 2004 16:22:28 +
Sender: [EMAIL PROTECTED]
I guess you also want to announce a /64 into the IPv6 BGP tables ?
Correct me if I'm wrong, but doesn't IPv6 do away
with the need to renumber when switching providers?
So if RFC 2462 is right,
So if RFC 2462 is right, and you use DNS outside
its not.
That is how it has been designed, however there are some practical
problems with this system:
- Until very recently DNS software did not support A6 records at
all, and chain support for A6 records still seems to be a
On Thu, 11 Nov 2004, Irwin Lazar wrote:
The following resources may be helpful for H.323:
IP Ports and Protocols used by H.323 Devices
http://www.teamsolutions.co.uk/tsfirewall.html
The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
I see this a lot recently: You are mixing up RfC1918 and NAT.
If I have globally unique addresses I can NAT them as well
as 10/8. One has nothing to do with the other.
Having to NAT RfC1918 addresses to reach the internet, does not imply
that I have to have RfC1918 to be able to do NAT.
What are my options today to obtain ip address space? My requirements are
well met by a /27 subnet. ARIN won't give me a globally unique /27 for
personal use.
in ipv6, you'll get a /32 or whatever is in fashion this week.
that should do you just fine.
randy
SkyPE was designed to work thru any firewalls (except, of course, if you
block all outbound connections and require using HTTP proxy) -:).
- Original Message -
From: Irwin Lazar [EMAIL PROTECTED]
To: Joe Shen [EMAIL PROTECTED]
Cc: NANOG [EMAIL PROTECTED]
Sent: Thursday, November 11,
Hmm - just introduce some jitter into your network, and add random delay to
the short packets - and no VoIP in your company -:).
Other way - block ALL outbound connections (including DNS and HTTPS) and
require using proxy, or better do not allow external IP addresses.
-:)
(I should not be very
--On Thursday, November 11, 2004 11:37 AM -0500 Leo Bicknell
[EMAIL PROTECTED] wrote:
In a message written on Thu, Nov 11, 2004 at 04:22:28PM +,
[EMAIL PROTECTED] wrote:
Correct me if I'm wrong, but doesn't IPv6 do away
with the need to renumber when switching providers?
So if RFC 2462 is
On Thu, Nov 11, 2004 at 08:44:57AM -0800, Kevin Oberman wrote:
We have renumbered IPv6 space a couple of times when we were developing
our addressing plan. (We have a /32.) Renumbering was pretty trivial for
most systems, but servers requiring a fixed address were usually
configured with an
On Thu, 11 Nov 2004 19:40:29 +0800, Joe Shen said:
How could it be done to block VoIP at access router?
What business issue/problem are you trying to address by
blocking VoIP? Since there's so many different things out
there (H.323, Skype, the various IM software), a proper
solution probably
On Thu, 11 Nov 2004, Alexei Roudnev wrote:
Date: Thu, 11 Nov 2004 09:38:00 -0800
From: Alexei Roudnev [EMAIL PROTECTED]
To: Christopher L. Morrow [EMAIL PROTECTED],
Irwin Lazar [EMAIL PROTECTED]
Cc: Joe Shen [EMAIL PROTECTED], NANOG [EMAIL PROTECTED]
Subject: Re: How to Blocking
What business issue/problem are you trying to address by
blocking VoIP?
an incumbent telco which also has the monopoly on ip might
want to prevent bypass. welcome to singapore, and remember
to try the chili crab.
randy
1) Your problem is a wonky broken H.323 that dies when it
gets a connection from outside.
2) Your problem is corporate insider uses VoIP to call a
competitor and leak trade secrets.
3) Your problem is VoIP users bypassing billing for telephone calls.
All three will require different
--On 11 November 2004 10:46 -0800 Randy Bush [EMAIL PROTECTED] wrote:
What business issue/problem are you trying to address by
blocking VoIP?
an incumbent telco which also has the monopoly on ip might
want to prevent bypass. welcome to singapore, and remember
to try the chili crab.
Me I'm trying
NEW YORK (CNN/Money) - Two investment firms are about
to close a deal to acquire telecommunications software
company Telcordia Technologies Inc. for about $1.3
billion, a newspaper reported Thursday.
http://money.cnn.com/2004/11/11/news/midcaps/telcordia/index.htm
- ferg
--
Fergie, a.k.a.
Randy Bush wrote:
I see this a lot recently: You are mixing up RfC1918 and NAT.
If I have globally unique addresses I can NAT them as well
as 10/8. One has nothing to do with the other.
Having to NAT RfC1918 addresses to reach the internet, does not imply
that I have to have RfC1918
On Thu, 11 Nov 2004, Robert Mathews wrote:
To Joe Shen:
Perhaps 'I am failing to see it' but, what can be gained by blocking VoIP
traffic other than freeing bandwidth and CPU churnings?
reference panamanian gov'ts choice to protect legacy/incumbant carrier
business by blocking voip. no
I have 2 6500 DC Power Supplies I don't need anymore. They are
FREE to a good home! I'd prefer someone to just pick them up locally to
me, they are in the Ashburn Equinix facility. If anyone is interested,
drop me a line. They are pretty much brand new and work fine, they are
not for
Daniel Roesen wrote:
...
fixed as in now using stateless autoconfig? Fun... change NIC and
you need to change DNS. Thanks, but no thanks. Not for non-mobile
devices which need to be reachable with sessions initiated from remote
(basically: servers).
You are allowed to do either / both,
NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
10.69.68.2314 7939 2462962 2213063 746047830 10w1d
148815
68.216.192.17 4 6380 3045064 102934 746045400 1d15h
147463
131.247.47.238 4 5661 336539 102895 746047800
On 11 Nov 2004, at 15:01, Leo Bicknell wrote:
In a message written on Thu, Nov 11, 2004 at 11:16:04AM -0800, Tony
Hain wrote:
The existence of the address space does not require nat. Being stuck
in the
mindset where there is only one address on an interface leads people
to
believe that nat is
On Thu, 11 Nov 2004 15:01:36 EST, Leo Bicknell said:
Having to double the size of every ACL in your network (once for
the local address, once for the public address) does not seem
simpler. It also seems dangerous, since almost all devices have a
limit to ACL size. As if larger addresses
Correct me if I'm wrong, but doesn't IPv6 do away
with the need to renumber when switching providers?
...
That is how it has been designed, however there are some practical
problems with this system:
- Until very recently DNS software did not support A6 records at
all, and chain
Hi,
We are thinking of deploying anycast in our network for dns servers.
I have the following scenario:
- 10 server DNS (isc-bind) , linux and zebra for propagating ospf ip anycast.
Are there someone who has developed a solid scripts (perl/c/ecc..)
that is used to probe a dns service (udp/tcp
On 11 Nov 2004, at 18:02, Gere geomag wrote:
We are thinking of deploying anycast in our network for dns servers.
I have the following scenario:
- 10 server DNS (isc-bind) , linux and zebra for propagating ospf ip
anycast.
Are there someone who has developed a solid scripts (perl/c/ecc..)
that
Wow, IPv6 misinformation is reaching unprecendented heights here on
NANOG...
On 11-nov-04, at 18:46, Owen DeLong wrote:
Seems to me that with a little
bit of help from a Change providers tool, this
would be virtually painless without the need to
own or announce a small globally unique prefix.
On 11-nov-04, at 16:36, Adi Linden wrote:
What are my options today to obtain ip address space? My requirements
are
well met by a /27 subnet. ARIN won't give me a globally unique /27 for
personal use. So the /27 comes from my service provider, which has
several
caveats. I cannot multi-home. I
I still think that we should pursue making the design work and not
adopt
cruft as standards (ULA).
ULAs aren't cruft. They serve a purpose. If you don't need them, don't
use them and they won't get in your way.
ULAs aren't cruft so long as providers do not start exchanging ULA routes
in the
On 11 Nov 2004, at 18:24, Iljitsch van Beijnum wrote:
Wow, IPv6 misinformation is reaching unprecendented heights here on
NANOG...
[...]
There is currently no PI in IPv6 unless you're an internet exchange or
a root server. Whether there will be is anyone's guess, but it's not
currently in the
On Thu, Nov 11, 2004 at 07:28:13PM -0500, Joe Abley wrote:
There is currently no PI in IPv6 unless you're an internet exchange or
a root server. Whether there will be is anyone's guess, but it's not
currently in the pipeline.
... or you're an organisation who plans to delegate addresses
On Thu, Nov 11, 2004 at 12:05:26PM -0800, Tony Hain wrote:
fixed as in now using stateless autoconfig? Fun... change NIC and
you need to change DNS. Thanks, but no thanks. Not for non-mobile
devices which need to be reachable with sessions initiated from remote
(basically: servers).
On 12-nov-04, at 1:28, Joe Abley wrote:
There is currently no PI in IPv6 unless you're an internet exchange
or a root server. Whether there will be is anyone's guess, but it's
not currently in the pipeline.
... or you're an organisation who plans to delegate addresses to
customers (number and
--On torsdag 11 november 2004 09.36 -0600 Adi Linden [EMAIL PROTECTED]
wrote:
RFC1918 address space is free and plentiful for my purposes. It is
provider independent. It is globally unique in the sense that no other
publically routed network is using them. My globally unique address will
come
On 11 Nov 2004, at 19:47, Iljitsch van Beijnum wrote:
On 12-nov-04, at 1:28, Joe Abley wrote:
There is currently no PI in IPv6 unless you're an internet exchange
or a root server. Whether there will be is anyone's guess, but it's
not currently in the pipeline.
... or you're an organisation who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2004-11-12, at 02.53, Randy Bush wrote:
which roots are anycast? c f i j k?
b m
- - kurtis -
-BEGIN PGP SIGNATURE-
Version: PGP 8.1
iQA/AwUBQZQYaqarNKXTPFCVEQJcDACeMo3bNr6oOIRx69IvmCdMv/Xe3l0AnA4d
QdMSlL6vKhLe3xqRKkAf3LfV
=LN6i
which roots are anycast? c f i j k?
b m
g
-Bill
which roots are anycast? c f i j k?
b m
thanks.
which are widely anycast, i.e. at more than three or four
locations OR on three or more continents?
randy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2004-11-12, at 03.03, Randy Bush wrote:
which roots are anycast? c f i j k?
b m
thanks.
which are widely anycast, i.e. at more than three or four
locations OR on three or more continents?
I think that http://root-servers.org is up to
On Thu, Nov 11, 2004 at 06:03:42PM -0800, Randy Bush wrote:
which roots are anycast? c f i j k?
b m
thanks.
which are widely anycast, i.e. at more than three or four
locations OR on three or more continents?
randy
and the good folks on nanog would know this why?
and the good folks on nanog would know this why?
dunno, bill. maybe because it has to do with network operations?
but we did get the answers we needed, thanks to some of those good
folk. and non-answers from others. all as expected. welcome to
the internet.
randy
[EMAIL PROTECTED] (Iljitsch van Beijnum) writes:
Wow, IPv6 misinformation is reaching unprecendented heights here on
NANOG...
yes. for example, you wrote...
There is currently no PI in IPv6 unless you're an internet exchange or
a root server.
...but i really do think of 2001:4f8::/32
which roots are anycast? c f i j k?
b m
- - kurtis -
According to http://root-servers.org only m is.
-Hank
which roots are anycast? c f i j k?
b m
g
Not according to http://root-servers.org. Hiding the places?
-Hank
which are widely anycast, i.e. at more than three or four
locations OR on three or more continents?
3 or more continents: that would be f i and j
-Hank
randy
61 matches
Mail list logo