On Wed, 2005-04-20 at 20:41:30 -0400, Scott Morris proclaimed...
> If you just want to play with BGP stuff, you can use Zebra (unix) or go to
> www.nantech.com and get their BGP4WIN program.
Or use something that eats tables and asks for moreOpenBGPD (part of
OpenBSD). It's hungry, and wants
...or if you just want to look at BGP route/path stuff, try
one of the route servers. Here's a good link:
http://www.inetdaemon.com/tools/route_servers.html
- ferg
-- "Scott Morris" <[EMAIL PROTECTED]> wrote:
None of the routers that are tested in the lab are capable of supporting a
full B
Forget part of my reply here... I thought someone was posting from the CCIE
forum stuff I do.
So disregard the lack-of-caffeine-induced, retarded command about no router
being able to support a full feed. :)
My apologies
Zebra is still a good idea though!
Scott
-Original Message-
Zebra is a great option here, I use it to eat a routing table from
production routers, peer a perl Net::BGP daemon with it, and then do SQL
injections from there to instruct my netflow engine on baseline
subnetting for external networks, as well as provide AS clue for non-AS
aware netflow expo
None of the routers that are tested in the lab are capable of supporting a
full BGP feed
If you just want to play with BGP stuff, you can use Zebra (unix) or go to
www.nantech.com and get their BGP4WIN program.
That may help you a bit more.
Scott
-Original Message-
From: [EMAIL PR
I'm trying to come up with a way to get a full BGP routing table in to
my lab.
I'm not really fussed about keeping it up to date, so a snapshot is fine.
At the moment, I'm thinking about spending a few hours hacking together
a BGP daemon in perl to peer with and record a table from a production
ro
On Wed, 20 Apr 2005, Dean Anderson wrote:
> On Wed, 20 Apr 2005 [EMAIL PROTECTED] wrote:
>
> > > I'd rather expect this sort of behavior with anycasted servers...
> >
> > Where do you see any connection between anycast and ignoring DNS TTL? Or is
> > this just part of your usual rant against a
Please contact me offlist, did you decide to stop accepting mail
from berkeley.edu?
thanks,
matt ghali
[EMAIL PROTECTED]<
The only thing necessary for the triumph
of evil is for good men to do nothing. - Edmund Burke
This can also be done with stateless hash-based load balancing, which
produces exactly the results discussed below (single TCP sessions remain on
the same server, while repeated UDP queries go to different servers). A
single address is advertised by the DNS servers via OSPF. Each POP has
mult
> While that setup may have worked well, it's not an anycast implementation
> I would suggest that others follow. Having the same set of servers
> announcing multiple IP addresses (assuming those addresses are both in the
> same set of addresses given out to those doing dns lookups) leaves you
On Apr 20, 2005, at 3:29 PM, Dean Anderson wrote:
Or don't. No one here cares if you do. Reality trumps lab tests.
"Reality" for the last ten years has been that no one did either
PPLB or
TCP DNS. That reality is changing. It'll probably start to change
faster,
sooner. Then, users will start
On Wed, 20 Apr 2005 14:00:00 EDT, Dean Anderson said:
> On Wed, 20 Apr 2005 [EMAIL PROTECTED] wrote:
> > Where do you see any connection between anycast and ignoring DNS TTL?
> The data he showed isn't necessarilly "ignoring ttl". If there are
> multiple anycasted caching servers behind a specific
On Wed, 20 Apr 2005, Patrick W. Gilmore wrote:
> And I can show that if you give a pig wings
I suppose IF a pig had wings, indeed, it *would* fly. But pigs aren't
growing winglets.
However, there are two relevant facts here:
1) People are starting to deploy PPLB.
2) People
On Wed, 20 Apr 2005 [EMAIL PROTECTED] wrote:
Our recursive name service, using anycast servers, is setup with 3
name servers at 3 different physical locations, with each server
connected to a router at the same physical location. Each server
handles two different anycast addresses. There is no per-
NANOG and ARIN are very pleased to announce our fourth joint meeting, to
be held this fall in Los Angeles. Many thanks to Equinix, our host--
we'll look forward to seeing you Oct. 23-25 (NANOG) and Oct. 26-28 (ARIN.)
I'm at ARIN's spring meeting now, and continue to be amazed at the
importance t
Dear Colleagues,
This announcement is being sent to multiple lists. I apologise for
duplicates.
The RIPE NCC received the IPv4 address range 85.0.0.0 - 88.255.255.255
(85/8, 86/7 and 88/8) from the IANA in April 2004.
We began making allocation from 85/8 in August 2004 and from 86/8 in
March,
> > But caching servers are usually setup to load balance. Usually, the
> > servers with the same IP address share an ethernet along with multiple
> > routers. So the packets are switched on essentially a per-packet
> > basis.
> > Or possibly a per-arp basis that alters the MAC-based-forwarding
BTW, while it looks like you've shown it to be traditional load balancing,
I ought to explain that this is also not a very good idea. The
loadbalancer is a single point of failure, usually. Loadbalancers are a
good idea for stateful, high-work-request servers such as web servers
running web-apps.
Once upon a time, Dean Anderson <[EMAIL PROTECTED]> said:
> If there are
> multiple anycasted caching servers behind a specific IP address, then
> those several cache's will each have a different state. Since, [as I
> explained, and was supposed by the poster], there is "some kind of load
> balan
On Apr 20, 2005, at 2:13 PM, Dean Anderson wrote:
No, you are thinking of the (wrong) claims originally made by ISC
about
how anycast would affect TCP to an anycast authoritative server. ISC
wrongly asserted that since BGP routes don't churn very fast
compared with
DNS TCP connection lifetimes
On Wed, 20 Apr 2005, Crist Clark wrote:
> Dean Anderson wrote:
> > I'd rather expect this sort of behavior with anycasted servers...
>
> I would not expect this kind of behavior from an anycasted address.
> You'd need a LOT of routing churn to see different caches every few
> seconds. It's much
On Wed, 2005-04-20 at 12:38 +0530, Suresh Ramasubramanian wrote:
> seen on a local linux mailing list -
>
> > It looks like some one broke into VSNL's name server and done some
> > harm to open source websites I'm now using Airtel's (mantraonline)
> > name server and able to browser the sites men
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
leo vegoda
Sent: Thursday, December 16, 2004 8:57 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: afnog@afnog.org
Subject: [EMAIL PROTECTED] [afnog] New IPv6 Address Block Allocated to RI
On Wed, 20 Apr 2005 [EMAIL PROTECTED] wrote:
>
> > I'd rather expect this sort of behavior with anycasted servers...
>
> Where do you see any connection between anycast and ignoring DNS TTL?
> Or is this just part of your usual rant against anycast DNS service?
The data he showed isn't necess
Dean Anderson wrote:
I'd rather expect this sort of behavior with anycasted servers...
I would not expect this kind of behavior from an anycasted address.
You'd need a LOT of routing churn to see different caches every few
seconds. It's much more likely some kind of load balancer in front
of a DNS
> I'd rather expect this sort of behavior with anycasted servers...
Where do you see any connection between anycast and ignoring DNS TTL?
Or is this just part of your usual rant against anycast DNS service?
We use anycast for our caching (recursive) DNS servers. It works well
for us, and we cer
I'd rather expect this sort of behavior with anycasted servers...
With a cache, the behavior is confusing, but also harms DNS TCP support,
just like that described for authoritative servers.
Further there isn't a good reason to have anycasted caches. Indeed, with
DHCP-learned nameservers, ther
* Suresh Ramasubramanian:
> Any idea?
SANS would call this a DNS cache poisoning attack. 8-) It seems that
ns*.dnsauthority.com uses the shortcut I mentioned earlier.
; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com de ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, st
seen on a local linux mailing list -
> It looks like some one broke into VSNL's name server and done some
> harm to open source websites I'm now using Airtel's (mantraonline)
> name server and able to browser the sites mentioned above any one have
> any idea whats happening ??? while nslookup to
29 matches
Mail list logo
