On Feb 27, 2008, at 2:09 AM, Adrian Chadd wrote:
(speaking as someone who has built large ACLs/prefix-lists and has
6MB+ configs that can't be loaded on my routers. without vendor
support
those that want to do the right thing can't, so the game is lost).
I remember the days of making rt
On Mon, Feb 25, 2008, Alex Pilosov wrote:
>
> A bit of administrativia:
>
> This thread generated over a hundred posts, many without operational
> relevance or by people who do not understand how operators, well, operate,
> or by people who really don't have any idea what's going on but feel l
On Tue, Feb 26, 2008, Jared Mauch wrote:
> > The problem isn't that the router config is too easy Jared, its that
> > there's no nice and easy way of doing it right from scratch that matches
> > the sort of newbie network operators that exist today. For examples
> The problem is that some
On Wed, Feb 27, 2008 at 10:09:19AM +0900, Adrian Chadd wrote:
> > (speaking as someone who has built large ACLs/prefix-lists and has
> > 6MB+ configs that can't be loaded on my routers. without vendor support
> > those that want to do the right thing can't, so the game is lost).
>
> Getting Cisc
On 27/02/2008, at 11:39 AM, Adrian Chadd wrote:
(speaking as someone who has built large ACLs/prefix-lists and has
6MB+ configs that can't be loaded on my routers. without vendor
support
those that want to do the right thing can't, so the game is lost).
I remember the days of making rt
> (speaking as someone who has built large ACLs/prefix-lists and has
> 6MB+ configs that can't be loaded on my routers. without vendor support
> those that want to do the right thing can't, so the game is lost).
I remember the days of making rtconfig work properly in various
situations (heck, d
for a list filled with network operators and engineers, the lot of you
are quick to whip out lawyers and courts and international tribunals.
perhaps I missed the message, but has anyone mentioned the direct
economic impact of SFI? as a responsible network operator, would you
peer with a network th
The biggest problem here is that Cisco needs to change
their defaults to require more configuration than
router bgp X
neighbor 1.2.3.4 remote-as A
When that's the bar for the complexity required for setting up BGP,
bad things WILL happen. Period.
Cisco has taken all these year
-Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Christopher Morrow
> Sent: Tuesday, February 26, 2008 8:59 AM
> To: hjan
> Cc: nanog@merit.edu
> Subject: Re: [admin] [summary] RE: YouTube IP Hijacking
>
>
> On Tue, Feb 26, 2008
On Tue, Feb 26, 2008 at 10:40 AM, hjan <[EMAIL PROTECTED]> wrote:
> I think that they should use remote triggered blackhole filtering with
> no-export community.
> In this way they do the job with no impact on the rest of internet.
so, certainly this isn't a bad idea, but given as an example:
Alex Pilosov ha scritto:
Facts:
* AS17557 announced more specific /24 to 3491, which propagated to wider
internets
I think that they should use remote triggered blackhole filtering with
no-export community.
In this way they do the job with no impact on the rest of internet.
Regards,
Gi
Leo Vegoda wrote:
> On 26/02/2008 12:06, "Arnd Vehling" <[EMAIL PROTECTED]> wrote:
>
> [...]
>
>> With a decent LIR DB (like the RIPE DB) this is only possible if an
>> hijacker breaks the authentication of the according database objects
>> which is a pain in the a** _if_ the objects use a prope
On 26/02/2008 12:06, "Arnd Vehling" <[EMAIL PROTECTED]> wrote:
[...]
> With a decent LIR DB (like the RIPE DB) this is only possible if an
> hijacker breaks the authentication of the according database objects
> which is a pain in the a** _if_ the objects use a proper authentication
> scheme lik
Alex Pilosov wrote:
> Oh yeah, d'oh! Thanks for correction. But that is also an important point
> against PHAS and IRRPT filtering - they are powerless against truly
> malicious hijacker (one that would register route in IRR, add the
> right origin-as to AS-SET, and use correct origin).
With a de
On Mon, Feb 25, 2008, Alex Pilosov wrote:
>
> A bit of administrativia:
>
> This thread generated over a hundred posts, many without operational
> relevance or by people who do not understand how operators, well, operate,
> or by people who really don't have any idea what's going on but feel l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> There have been two or three panels on this exact topic in
> the past, you can find them in the index of talks.
> Unfortunately, the problem hasn't changed at all. Perhaps we
> could just replay those video streams :-)
My $.02 - http://www
I'd hear to see who does it, and get them to present the "operational
lessons" at the next nanog!
On second thought, I guess one thing has changed considerably
since 15 years ago. Rather than ~5000 monkeys with keyboard
access to manipulate global routing tables, there are likely well
North o
On Feb 25, 2008, at 1:22 PM, Alex Pilosov wrote:
Well, in this case, they *aren't* filtering! (unless I am
misunderstanding
what you are saying, due to repeated use of 'their').
What I'm saying is that best case today ISPs police routes
advertised by their customers, yet they accept routes
On Mon, 25 Feb 2008, Danny McPherson wrote:
> > ** Paul Wall brought up the fact that even obviously bogus routes (1/8
> > and 100/7) were accepted by 99% of internet during an experiment.
>
> I'm not sure why this would surprise anyone.
To me and you, it's not surprising. To public, it might be
On Feb 25, 2008, at 12:51 PM, Alex Pilosov wrote:
** Nobody brought up the important point - the BGP announcement
filtering
are only as secure as the weakest link. No [few?] peers or transits
are
filtering "large" ISPs (ones announcing few hundred routes and up).
There
are a great many of
A bit of administrativia:
This thread generated over a hundred posts, many without operational
relevance or by people who do not understand how operators, well, operate,
or by people who really don't have any idea what's going on but feel like
posting.
I'd like to briefly summarize the impor
21 matches
Mail list logo