Looking to fill the NANOG US Thanksgiving void
(as a Canadian in the USA, I have some spare time):
In San Jose, an upstream is charging us this 5% tax:
http://www2.csjfinance.org/UUT.asp
I think it's bogus, because the tax "applies to intrastate telephone
communications only" and, consistent
I asked:
> Who among AS1239, AS701, AS3356, AS7018, AS209 does loose RPF
> (not just strict RPF on single-homed customers)?
and Patrick answered:
>> I'm wondering why that is relevant.
It's relevant because it was suggested that loose RPF should be a
"best common practice" so I was curious whic
In response to this:
> Mark Smith wrote:
> >> The non-announcers, because they're also breaking PMTUD.
>
> Really? How?
Mark Smith replied with two paragraphs, but it's not 100% clear to me
that he got the reason why I asked. I asked because his initial statement
boiled down to "numbering o
Jared Mauch wrote:
>> I would hope they're doing it for more than just ICMP packets.
yes, loose RPF, but I just care about ICMP.
>> I would argue should be, or is a current best practice.
OK, so I must have missed the memo :-)
Who among AS1239, AS701, AS3356, AS7018, AS209 does loose RPF
(not
virendra rode wrote:
>> This is yet another reason one shouldn't rely on pings & traceroutes to
>> perform reachability analysis.
So, you're in the "traceroute is not important" camp?
(you'll note that in my email I did ask whether we think
traceroute is important)
Mark Smith wrote:
>> The non-
A smaller North American network provider, with a modest North
American backbone, numbers their internal routers on public IP space
that they do not announce to the world.
One of the largest North American network providers filters/drops
ICMP messages so that they only pass those with a source IP
>> More to the point, how can ARIN refuse such an order?
I would guess ARIN's point is "It's not yours to give" and that the
original court overstepped their bounds and clearly misunderstood the
whole notion of IP address "ownership."
Also, I think your example is almost as flawed as mine, and t
Joe McGuckin typed:
>> 2) Why does ARIN believe that it can ignore a court order?
Maybe because ARIN wasn't a party to the original proceedings
that generated that order?
Let's say you're eating lunch one day, minding your own business,
and a sheriff comes up with an official looking document an
Back in mid-December someone typed:
> > One reason to be careful with dampening is that flaps can be
> > multiplied. (Connect to routeviews and see the different flap counts
> > under different peers for the same flap at your end to observe this.)
How about in this scenario:
asA gets transi
>> I don't think standard ethernet pinouts are correct. You want a cable
>> with pins 1&2 on one twisted pair and 4&5 on another (7&8 for DDS 56K).
Correct has nothing to do with it.
Any straight-through cable will work just fine. It's just from the
jack to the equipment... and it's already be
>> o SmartJack with demarcation point in the office (or same floor) instead
>>of the building entrance point
You are not likely going to be able to control that,
it depends on how the install tech's day is going.
Strictly speaking, I believe they are supposed to put
it at the MPOE.
>> If I
>> A company I work with (who's servers are located in the San Jose,
>> CA) is looking to setup some backup servers at a datacenter whose
>> connectivity and location is off any faultline, or away from other
>> malady, that might effect its main servers datacenter or
>> connectivity. Problem is, t
>> If you read through
>> http://www.e-gerbil.net/ras/nac-case/plantiff-affidavit1.pdf you'll
>> see that NAC was blackmailing their client because they knew they
>> could not quickly move out
I think that argument is close to being bogus. The agreement doesn't
say that they have to be out in 45
Maybe I'm a little slow on the draw, but I've just now realized
that we've come full circle, in a strange sort of way.
8 to 10 years ago the discussions were dominated by Karl D(1),
where *everything* was defined as to whether is was "actionable" or not.
Now the discussions are dominated by many
>> But ultimately, _you_ are responsible for your own systems.
When I detect abusive behavior coming from a customer site then
it is my responsibility to make sure that doesn't affect the
rest of the world.
Also, if I know how to fix it at source and the customer doesn't know
then it's my respo
>> Nicholas Weaver and Vern Paxson have published a paper estimating the
>> worst case scenario of a network worm attack from USD$52 to $103 Billion.
I'ld just like to say that the 52 dollar estimate is _not_ for my network.
We're at least in the $178 to $182.50 range.
-mark
I've been trying to find out what the current BCP is for handling ddos
attacks. Mostly what I find is material about how to be a good
net.citizen (we already are), how to tune a kernel to better withstand
a syn flood, router stuff you can do to protect hosts behind it, how
to track the attack bac
>> Neither Sprint nor Qwest are serious about earning my business and are not
>> providing me with their network peering details. I was hoping that the
>> list might have the collective resources to help me determine who has
>> better peering.
Aren't we six years past the point where people ask
>> What game is this? I have some gear at SJC1 and I've not heard anything.
http://a.mainstreet.net/mfn.tif
Postmarked early October.
It would have been hard to get out in less than one month
(we were out as of mid September).
-mark
>> I've already had several direct replies saying to manually configure the
>> 172.16 subnet on router A. Sure, that will work, but I'm looking for a
>> solution that doesn't require manual configuration of all the routers
>> involved.
Put another physical ethernet interface in router B and
mov
I see 216.223.192.0/19 with these ASpaths:
wcg 7911 8001 4276
globix 4513 8001 4276
mfn 6461 8001 4276
and fail to see it (Network not in table)
behind AS2828 (XO) and AS1 (Genuity).
-mark
>> Every time you see one of us mention ISIS or OSPF, all it has to do
>> with is carrying loopback/infrastructure routes.
I don't think anyone has said to Ralph why the above is done. Just in
case it isn't obvious: you need to make sure the next-hops are known
on each router by a means other t
>> So, is there a significant Worldcom operational issue that
>> has not yet been reported to nanog?
To answer my own question: Yes, there was a problem on the MFS
ring between S63 and S77 (a "BZ ring" problem). Fixed with
a card swap yesterday near mid-day.
-mark
FYI,
I'm seeing a lot of DNS lookups for all the three letter domain names
for which we are listed as authoritative (we have five).
The requests look like this:
req: nlookup(foo.com) id 64450 type=255 class=255
212.100.232.17.domain > myserver.domain: 31881+ ANY ANY? foo.com. (25)
I've got problems with 30 T1 circuits, on two DS3 hubs.
All are Worldcom (MFS), all out of S63 (55 So. Market, SanJose),
all have Pacbell tail loops.
Earlier today a worldcom person said to me: "I tried to get you status
from the OSC (Sacramento), but they are really, really busy. I was on
hol
Joe Wood <[EMAIL PROTECTED]> typed:
>> However, for ISP's that do NOT use any sort of prefix filters, wouldn't
>> you prefer that your BGP session was limited to a number of prefixes, in
>> case of a routing leak?
We'ld prefer that such ISPs identify themselves here so we can
straighten them out
>> I almost forgot about those netedge boxes, seems the one we had in DC
>> was about as reliable as a microwave with tin foil in it. I cant
>> remember how many times it or a card had been replaced.
There was a general belief that MFS only had one spare on each coast.
When they swapped it in
>> How did people interconnect before may 1998, fddi?
fddi, some remote with netedge boxes at either end of an atm link.
There were some 10baseT connections too, there was at least one
low end Catalyst switch dedicated to plain ethernet.
Here is a big hint:
http://www.nanog.org/2.95.NANOG.note
>> I have one downstream ISP customer that explicitly asked for "full BGP
>> routes" to be written into the contract. Why Verio's customer's wouldn't
>> want full routes makes no business sense to me.
The reasons are related to the law of diminishing returns.
-mark
>> hme0/1.2.3.1/www.test1.com
>> hme0/1.2.3.2/www.test2.com
It is probably better to attach the IP addresses to the loopback
interface rather than the ethernet interface.
-mark
>> Anyone else receiving huge as-path (more than 125) causing these:
Yes, but I saw it only once from four different sources:
Through AS1:
Jul 3 07:23:56: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested
size 266
Through AS6461:
Jul 3 07:22:51: %BGP-3-INSUFCHUNKS: Insuff
>> Viawest has just told me that their policy is that customers who go
>> over a /23 worth of address space must request further space
>> directly from ARIN.
What they (Viawest) are saying you is that they are too small to serve
you. Your domain record says you are in Denver, so I'm guessing yo
I recently claimed that, in the USA, there is a law that prohibits an
ISP from inspecting packets in a telecommunications network for
anything other than traffic statistics or debugging.
Was I correct?
I'ld also like to get opinions on privacy policies for network
operators. It has been sugges
>> This specific 'unattended server enclosure' is sitting outside
>> in the middle of the desert.
How will you protect it from gunshots:
http://sadtomato.net/mojave.html
They removed that phone booth a couple of years ago:
http://www.lvrj.com/lvrj_home/2000/May-23-Tue-2000/news/13631118.html
RAS> I can't speak as to what exactly Akamai is doing, but this
I should add that Akamai contacted me with minutes of my initial
post to ask for more data and they said that they are looking
into it... leaving me with the impression that what I was seeing
was not typical.
-mark
Hello,
I've observed that our border routers are getting pinged a fair bit.
I measured on one router and saw:
5 per second, seems consistent throughout the day,
roughly 40 different sources every 15 seconds
I took a look at the varied sources and discovered that the sites
are well connecte
a Clint Eastwood line from
one of his movies (Magnum Force?): "A man's gotta know his limitations."
But, imho, it does provide the best summary and/or dismissal
for the "Certification or College degrees?" thread.
-mark kent, H.B.
[EMAIL PROTECTED] wrote:
>> I would expect that if the Equinix exchange participants were IPv6
>> hungry ...
Let me toss in a question that may really be dumb... what are those
that are hungry for IPV6 doing with it?
I figure that organizations that run IPV6 now think they are
ahead of the ga
>> And didn't some ugly peering battles between 701 and 3561 back
>> when 3561 was MCI cause some { severely hampered | loss of }
>> connectivity between the two?
When AS3561 started (registered in 1994, turned on in 1995),
it started with many of the old NSF regionals attached to it.
This in
On the leaking more specific routes topic (ip prefix lists):
I've verified that Above.Net lets me do this and Genuity does not.
But Genuity has said, today, that they are working on doing it.
To address Sean's point about mistakes turning one /16 into a zillion
entries, is there any way to allow
>> I've gotten attractive pricing from Genuity but I haven't used them
>> in a couple years. Is there any reason I wouldn't want to use them
>> as a third upstream OC3 provider?
I think they are outstanding. After using a bunch-o'nsps from 1994 to
1998, including 5 at a time, we picked Genuity
>> > load balancing over multiple links uses a flow-hashed method. If you
>> > want per-packet load distribution you have to specifically enable it by
>> > saying "no ip route-cache" on each interface.
>>
>> That is very deadly, please, don't anyone actually try that.
How so? So it uses a litt
>> Out of the Tier 1s who is the best to use ?
calpop.com... didn't you read the previous post?
-mark
>> Has anyone ever had any experiences with calpop.com for
>> colocation services?
Are they Savvis, or just pretending to be Savvis:
http://www.calpop.com/network.html
I like it where they say
CalPOP's Network has been rated th
>> It's not a MAE. All MAE's are listed at http://www.mae.net/
>>
>> There appears to have been a proposal last year for a meet-point
>> in Phoenix for networks participating in a telemedicine project.
>> Does not appear to be intended to exchange public Internet traffic.
IIRC, There was a MAE
>> So I have filters accepting from my customers whatever le 24,
>> but once those routes are propagated over Internet and they
>> reach eventually providers like Level3, they have their filters
>> accepting only those routes, which are registered on some IRR
>> in exact way
Are you sure tha
46 matches
Mail list logo