> In the end the cure is worse than the disease (by abusing the
> anti-abuse
> system. DMCA abuse anyone? Or the stupid bogons list so many people
> forget to update every friggin time IANA allocated a new /8 to one of
> the RIRs?)
It's interesting to see how bandaid solutions increase the pro
'Jon Lewis'; [EMAIL PROTECTED]
Subject: Re: Best way to get of Bogon list?
On Mon, Nov 29, 2004 at 07:04:28AM -0800, Barry Raveendran Greene wrote:
> > Jared Mauch:
> > > jlewis:
> > > If someone will lend me appropriate /24's, I'll copy
> > >
On Mon, Nov 29, 2004 at 07:04:28AM -0800, Barry Raveendran Greene wrote:
> > Jared Mauch:
> > > jlewis:
> > > If someone will lend me appropriate /24's, I'll copy
> > > 69box.atlantic.net into 70box, 71box, etc. and come up with a
> > > large (fairly comprehensive) list of IPs behind broken bogo
On Sat, 27 Nov 2004 18:03:28 +0100, Iljitsch van Beijnum said:
> > To some extent this is correct, but these users really need to learn to
> > effectively protect themselves. In the long term atleast.
>
> Never teach a pig to sing: it wastes your time and annoys the pig.
I've always wondered whe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> > If someone will lend me appropriate /24's, I'll copy
> > 69box.atlantic.net into 70box, 71box, etc. and come up with a
> > large (fairly comprehensive) list of IPs behind broken bogon
> > filters.
>
> http://puck.nether.net/~jared/papers/69
On 27-nov-04, at 9:02, Christopher L. Morrow wrote:
I've never been a fan of bogon packet filtering (bogon route filtering
is more useful), but it occurs to me that it's probably better for us
network opertors to do this rather than have each and every firewall
admin do it for themselves.
be it 'r
On Thu, Nov 25, 2004 at 10:29:51PM -0500, Jon Lewis wrote:
> On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
>
> > I hate to say it, but that is the only way.
> >
> > You aren't dealing with a single bogon blocking list, you're dealing with a
> > whole lot of providers who are way behind the t
On Fri, 26 Nov 2004, Iljitsch van Beijnum wrote:
>
> On 26-nov-04, at 8:29, Christopher L. Morrow wrote:
>
> >> Can someone identify the *benefits* of using bogon lists for
> >> unallocated
> >> space? It appears that it only hurts connectivity, but does not help
> >> in
> >> any significant way
On 26-nov-04, at 8:29, Christopher L. Morrow wrote:
Can someone identify the *benefits* of using bogon lists for
unallocated
space? It appears that it only hurts connectivity, but does not help
in
any significant way to enhance security.
It might be a way to proactively keep your part of the net
AIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Jon Lewis
> Sent: Thursday, November 25, 2004 10:30 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Best way to get of Bogon list?
>
>
> On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
>
> > I hate to say it, but that
On Fri, Nov 26, 2004 at 01:02:27AM -0500, [EMAIL PROTECTED] wrote:
> On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
> > > Possibly, whoever are the vendors of software that recommends this
> > > practice (and authors of security handbooks) should be show the error
> > > of their ways?
Never h
Jon Lewis <[EMAIL PROTECTED]> wrote:
> It makes people feel like they're more secure.
aka "airport security". Inconvenience the users, and achieve nothing
useful.
> It may cut down slightly on junk traffic entering their networks,
> but I suspect thats an insignifigantly small amount / benefit.
On Fri, 26 Nov 2004 [EMAIL PROTECTED] wrote:
>
> On Thu, 25 Nov 2004, Jon Lewis wrote:
>
> > Its not even just providers. If it were, it'd be relatively easy to
> > just find and call each NOC. You're likely to have bogon issues with
> > few large providers. It's mostly smaller providers and
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
> > Possibly, whoever are the vendors of software that recommends this
> > practice (and authors of security handbooks) should be show the error
> > of their ways?
>
> Is this where we restart the BCP38 thread and then argue that if
> everybody
[mailto:[EMAIL PROTECTED] On Behalf Of
> Jon Lewis
> Sent: Thursday, November 25, 2004 10:30 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Best way to get of Bogon list?
>
>
> On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
>
> > I hate to say it, but that is t
On Fri, 26 Nov 2004 [EMAIL PROTECTED] wrote:
> Can someone identify the *benefits* of using bogon lists for unallocated
> space? It appears that it only hurts connectivity, but does not help in
> any significant way to enhance security.
It makes people feel like they're more secure. It may cut
[EMAIL PROTECTED] wrote:
Can someone identify the *benefits* of using bogon lists for
unallocated space? It appears that it only hurts connectivity, but
does not help in any significant way to enhance security.
Possibly, whoever are the vendors of software that recommends this
practice (and author
On Thu, 25 Nov 2004, Jon Lewis wrote:
> Its not even just providers. If it were, it'd be relatively easy to
> just find and call each NOC. You're likely to have bogon issues with
> few large providers. It's mostly smaller providers and end user
> networks...some of which are quite large or hig
bogon
lists.
Thanks for all the response people.
--
Majid.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jon Lewis
Sent: Thursday, November 25, 2004 10:30 PM
To: [EMAIL PROTECTED]
Subject: Re: Best way to get of Bogon list?
On Fri, 26 Nov 2004, S
On Fri, 26 Nov 2004, Suresh Ramasubramanian wrote:
> I hate to say it, but that is the only way.
>
> You aren't dealing with a single bogon blocking list, you're dealing with a
> whole lot of providers who are way behind the times and you just have to go on
> contacting them one at a time.
Its n
d the times and you just have to go on
contacting them one at a time.
srs
> From: Suresh Ramasubramanian <[EMAIL PROTECTED]>
> Majid Farid <[EMAIL PROTECTED]> wrote:
>>
>> I have question for the list what would be best/fastest way to get off
>> bogon li
Title: Re: Best way to get of Bogon list?
Exactly what I have been doing for last week 2 weeks now.
Thanks,
Majid
--
Sent from my BlackBerry Wireless Handheld
-Original Message-
From: Suresh Ramasubramanian <[EMAIL PROTECTED]>
To: Majid Farid &
Majid Farid <[EMAIL PROTECTED]> wrote:
I have question for the list what would be best/fastest way to get off
bogon list. Arin allocated us a /19 2 months ago (72.1.192.0/19) We
find that a lot of providers aren't accepting the BGP advertisements
for that block because the block 72.0.0
Good Day,
I have question for the list what would be best/fastest way to get off
bogon list. Arin allocated us a /19 2 months ago (72.1.192.0/19) We find
that a lot of providers aren't accepting the BGP advertisements for that
block because the block 72.0.0.0/8 was on bogon list.
T
On Thu, Aug 01, 2002 at 04:35:03PM +0300, Rafi Sadowsky wrote:
> ## On 2002-07-31 10:09 +0200 Jesper Skriver typed:
>
> JS> On Wed, Jul 31, 2002 at 12:22:30AM -0700, Randy Bush wrote:
> JS> >
> JS> > > AFAIK 12.0S only has the "service provider" feature set
> JS> >
> JS> > i fear that the joke i
## On 2002-07-31 10:09 +0200 Jesper Skriver typed:
JS> On Wed, Jul 31, 2002 at 12:22:30AM -0700, Randy Bush wrote:
JS> >
JS> > > AFAIK 12.0S only has the "service provider" feature set
JS> >
JS> > i fear that the joke is on us. at least one other train seems to
JS> > have been merged into the e
On Wed, Jul 31, 2002 at 12:22:30AM -0700, Randy Bush wrote:
>
> > AFAIK 12.0S only has the "service provider" feature set
>
> i fear that the joke is on us. at least one other train seems to
> have been merged into the ex-isp train. not sure how much. can't
> get a straight answer. welcome
> AFAIK 12.0S only has the "service provider" feature set
i fear that the joke is on us. at least one other train seems to
have been merged into the ex-isp train. not sure how much. can't
get a straight answer. welcome back to 1997, and bye bye what
stability we had.
randy
## On 2002-07-30 08:23 -0700 Randy Bush typed:
RB>
RB> >> Not a complete solution but a start:
RB> >> IP Source Tracker:
RB> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
RB> > limit/120s/120s21/ipst.htm
RB> >> Available as of 12.0(22)S for 7500 and 12000 series
On Tue, 30 Jul 2002 [EMAIL PROTECTED] wrote:
> The owners of the attacking devices are accessories to the crime
> although I'm sure they could plead ignorance and avoid any liability. But
> what if they could not plead ignorance? What if we could identify some of
> the attacking devices, and w
> How many ISPs would identify the user of an IP address for the purposes of
> sending a "cease and desist" letter when contacted by a lawyer?
Despite 9/11, privacy still counts for something. It's rather dangerous
to give out private user information without a court order.
If one of our sus
>> Not a complete solution but a start:
>> IP Source Tracker:
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
> limit/120s/120s21/ipst.htm
>> Available as of 12.0(22)S for 7500 and 12000 series Cisco routers.
ah yes. the new enterprise image. :-(
Hank Nussbacher wrote:
> > So, to restate the problem, how do we identify some of the sources of a
> > DoS attack quickly, maybe even while the attack is still in progress?
>
> Not a complete solution but a start:
> IP Source Tracker:
>
http://www.cisco.com/univercd/cc/td/doc/product/software/io
On Tue, 30 Jul 2002 [EMAIL PROTECTED] wrote:
> That's the obvious solution to the problem if the problem is how to track
> down the source(s) of a DoS attack. However, in any DoS attack, there is
> always a victim and one or more devices sendingattack traffic to the
> victim. The owners of the a
>As far as tracking DoS, I've read some good papers on the subject and it
>always boils down to tracking MAC addresses and going interface by
>interface to the source, demanding inter-ISP cooperation, and finally
>legal assistance. This has been tried during a few severe instances with
>poor resu
On Mon, 29 Jul 2002, jnull wrote:
> ISPs won't shut someone down because they've been "hacked", merely send
> them a warning Email or call--a process that takes days in my
> experience.
Worse -- there is an increasing number of ASNs spewing traffic onto the
internet with NOBODY AT THE WHEEL.
oods.
jnull
PGP: 0x54B1A25C
So little time, so many packets
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, July 29, 2002 5:37 AM
To: [EMAIL PROTECTED]
Subject: RE: Bogon list or Dshield.org type list
Having recently read David
--On Sunday, July 28, 2002 09:35:40 -0500 "John Palmer (NANOG Acct)"
<[EMAIL PROTECTED]> wrote:
> Yes - DSHEILD has our ORSC root server listed as well. I thought that
> was hilarious.
Some might beg to differ.
--
Måns NilssonSystems Specialist
+46 70 681 7204 KTHNOC
[EMAIL PROTECTED] wrote:
[...]
> other people could look in their netflow data
> for traffic from bogon addresses to your destination.
Do other people need such a list to discover invalid source addresses
emerging from their networks?
> [...] the owners of compromised
> machines used to init
Having recently read David Moore's paper on backscatter analysis,
http://www.caida.org/outreach/papers/2001/BackScatter/
this data is interesting because most of these filters seem to be blocking
an amount of traffic proportional to their size.
>Extended IP access list 120 (Compiled)
>perm
Yes - DSHEILD has our ORSC root server listed as well. I thought that was hilarious.
- Original Message -
From: "Charles Sprickman" <[EMAIL PROTECTED]>
To: "Johannes Ullrich" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, July 28, 2
targets. Whatever their
> > algorithm is, it doesn't seem reliable enough for me to trust it if an
> > IP that can not originate connections is listed as an attacker (albeit
> > small on their list)
> > --Phil
> >
> > -Original Message-
> > From
Alsato,
I have recently begun using Bogon Lists myself, after some research and
convincing advice I received from members of this list. However, I do
not agree with the terminology. A Bogon List is absolute (termed from
Bogus, derived from bogus or unreal). The only addresses I would place
in
enough for me to trust it if an
> IP that can not originate connections is listed as an attacker (albeit
> small on their list)
> --Phil
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> alsato
> Sent: Saturday, July 27, 2002 8:08
ECTED]] On Behalf Of
alsatoSent: Saturday, July 27, 2002 8:08 PMTo:
[EMAIL PROTECTED]Subject: Bogon list or Dshield.org type
list
Im wondering how many of you use Bogon Lists and
http://www.dshield.org/top10.html type
lists on your routers? Im curious to know if you are an ISP
Im wondering how many of you use Bogon Lists and http://www.dshield.org/top10.html type
lists on your routers? Im curious to know if you are an ISP with
customers or backbone provider or someone else? I have a feeling not many
people use these on routers? Im wondering why or why
not?
Hi, NANOGers.
For those of you who don't already know...
221/8 has been allocated to APNIC, effective July 2002. It hasn't yet
appeared in the routing table based on my nine eBGP feeds. My bogon
templates have been modified accordingly:
http://www.cymru.com/Documents/bogon-list.html
Thanks,
"Jason Lewis" <[EMAIL PROTECTED]> writes:
>>
>>
>> Which, by the way, rocks the hizzy.
>>
>> If anyone needs some qmail-scanner and/or spam-assassin help in qmail,
>> let me know. I just spent the last couple days pfutzing with it
>> extensively.
>>
>
> I just bumped my hit count to 6. I found
phen J. Wilcox wrote: ]
> > Subject: Re: Bogon list
> >
> > RFC1918 does not break path-mtu, filtering it does tho..
>
> So, in other words inappropriate use of RFC 1918 does not break Path MTU
> Discovery! You can't still have your cake and have eaten it too. O
[ On Friday, June 7, 2002 at 15:28:56 (-0400), Stephen Griffin wrote: ]
> Subject: Re: Bogon list
>
> I agree, however, most folks want to see the topology, some just choose
> to violate RFC1918 in order to do it.
Sometimes even I stoop so low! :-)
# bloody rogers routers use th
In the referenced message, Stephen J. Wilcox said:
>
> On Thu, 6 Jun 2002, Stephen Griffin wrote:
>
> >
> > In the referenced message, Sean M. Doran said:
> > > Basically, arguing that the routing system should carry around
> > > even more information is backwards. It should carry less.
> >
Well, the biggest offender in this respect by far was @home, and you know what
happened to THEM...
-C
On Fri, Jun 07, 2002 at 12:55:08PM -0400, Greg A. Woods wrote:
>
> [ On Friday, June 7, 2002 at 10:26:53 (+0100), Stephen J. Wilcox wrote: ]
> > Subject: Re: Bogon list
> >
[ On Friday, June 7, 2002 at 10:26:53 (+0100), Stephen J. Wilcox wrote: ]
> Subject: Re: Bogon list
>
> RFC1918 does not break path-mtu, filtering it does tho..
So, in other words inappropriate use of RFC 1918 does not break Path MTU
Discovery! You can't still have your cake and
Indeed, and that is one of the reasons why I agree IXPs and P2P should not
use RFC1918
My point was merely that using RFC1918 on links does not break P-MTU,
whether it should be used or not was another question...
Steve
On Fri, 7 Jun 2002, Daniel Senie wrote:
>
> At 05:26 AM 6/7/02, Stephen
At 05:26 AM 6/7/02, Stephen J. Wilcox wrote:
>On Thu, 6 Jun 2002, Stephen Griffin wrote:
>
> >
> > In the referenced message, Sean M. Doran said:
> > > Basically, arguing that the routing system should carry around
> > > even more information is backwards. It should carry less.
> > > If IXes n
On Thu, 6 Jun 2002, Stephen Griffin wrote:
>
> In the referenced message, Sean M. Doran said:
> > Basically, arguing that the routing system should carry around
> > even more information is backwards. It should carry less.
> > If IXes need numbers at all (why???) then use RFC 1918 addresses
On Thu, Jun 06, 2002 at 09:08:34PM -0400, Richard A Steenbergen wrote:
> Even if there was an option to source ICMP from loopbacks (which I
backhoe, nail... ip unnumbered loopback0
:)
On Thu, Jun 06, 2002 at 06:34:48PM -0400, Stephen Griffin wrote:
>
> Do you:
> 1) Not believe in PMTU-D
Yes.
> 2) Not believe in filtering RFC1918 sourced traffic at enterprise
> boundaries
Yes.
> I would love if RFC1918 were adhered to such that L3 packet-passing
> devices either weren't nu
In the referenced message, Sean M. Doran said:
> Basically, arguing that the routing system should carry around
> even more information is backwards. It should carry less.
> If IXes need numbers at all (why???) then use RFC 1918 addresses
> and choose one of the approaches above to deal with q
[ On Wednesday, June 5, 2002 at 23:22:38 (-0400), [EMAIL PROTECTED] wrote: ]
> Subject: Re: OT: Re: Bogon list
>
> 3) Remember that for procmail to nuke the second copy, the second copy
> has to arrive - I'm personally just a bit miffed at somebody who sent me
> 2 copies of
On Thu, Jun 06, 2002 at 02:14:21AM +0300, [EMAIL PROTECTED] said:
> Richard,
>
> Kindly explain how not knowing procmail (or Unix for that matter)
> relates to configuring BGP/OSPF/Cisco IOS/JunOS
> (Yes I know JunOS is based on FreeBSD -
> but I doubt anyone runs an MTA or MUA on it ... ;-)
I
On Wed, 05 Jun 2002 21:50:17 +0300, Rafi Sadowsky said:
> 1) All NANOG subscribers recognize the above as a procmail rule ?
>
> 2) That all NANOG subscribers read list E-mail on machines that have
> procmail on them ?
3) Remember that for procmail to nuke the second copy, the second copy
h
>
>
> Which, by the way, rocks the hizzy.
>
> If anyone needs some qmail-scanner and/or spam-assassin help in qmail,
> let me know. I just spent the last couple days pfutzing with it
> extensively.
>
I just bumped my hit count to 6. I found a small number of lists I am on
were making it into my
Which, by the way, rocks the hizzy.
If anyone needs some qmail-scanner and/or spam-assassin help in qmail, let
me know. I just spent the last couple days pfutzing with it extensively.
On Wed, 5 Jun 2002, Joel Jaeggli wrote:
>
> some of them have spamassassain
>
> http://spamassassin.taint.
Richard,
Kindly explain how not knowing procmail (or Unix for that matter)
relates to configuring BGP/OSPF/Cisco IOS/JunOS
(Yes I know JunOS is based on FreeBSD -
but I doubt anyone runs an MTA or MUA on it ... ;-)
For Example:
I happen to know a senior technical consultant who went from r
some of them have spamassassain
http://spamassassin.taint.org/
On Wed, 5 Jun 2002, Sean M. Doran wrote:
>
>
> | 2) That all NANOG subscribers read list E-mail on machines that have
> | procmail on them ?
>
> No, certainly not. Many enlightened subscribers know about
> http://www.gnus.or
| 2) That all NANOG subscribers read list E-mail on machines that have
| procmail on them ?
No, certainly not. Many enlightened subscribers know about
http://www.gnus.org/manual/gnus_124.html#SEC123
or
http://www.gnus.org/manual/gnus_171.html#SEC171
(which is a very gnus-ish documentation p
On Wed, Jun 05, 2002 at 03:18:58PM -0400, [EMAIL PROTECTED] said:
> This is an auto-generated system message. Please do not reply to this
> address.
[snip legalese]
Whoever this is, will you PLEASE fix your auto-noise generator to not pollute
mailing lists?
Apologies to the list for the (twice
On Wed, Jun 05, 2002 at 09:50:17PM +0300, Rafi Sadowsky wrote:
>
> ## On 2002-06-05 04:45 -0700 Randy Bush typed:
>
> RB> :0 Wh: msgid.lock
> RB> | formail -D 8192 msgid.cache
>
> Randy,
>
> Are you sure that:
>
> 1) All NANOG subscribers recognize the above as a procmail rule ?
If they d
On Wed, Jun 05, 2002 at 09:50:17PM +0300, [EMAIL PROTECTED] said:
[snip]
> RB> :0 Wh: msgid.lock
> RB> | formail -D 8192 msgid.cache
>
> Randy,
>
> Are you sure that:
>
> 1) All NANOG subscribers recognize the above as a procmail rule ?
most of them, probably.
> 2) That all NANOG subscrib
## On 2002-06-05 04:45 -0700 Randy Bush typed:
RB>
RB> > [[ What's with the huge CC list everyone? Aren't we all subscribers? Do
RB> > y'all enjoy getting multiple copies of replies? I don't! ;-) ]]
RB>
RB> :0 Wh: msgid.lock
RB> | formail -D 8192 msgid.cache
RB>
RB>
Randy,
Are you sure t
In article <[EMAIL PROTECTED]>,
Richard A Steenbergen <[EMAIL PROTECTED]> wrote:
>On Wed, Jun 05, 2002 at 08:34:58AM +, Miquel van Smoorenburg wrote:
>>
>> I haven't seen a 'icmp source lo0' interface command yet. Hopefully
>> it will be added for ipv6 so exchanges can use link-local addres
GAW> Date: Tue, 4 Jun 2002 23:14:58 -0400 (EDT)
GAW> From: Greg A. Woods
GAW> If a given router uses a single unique-to-itself canonical
GAW> globally routable source address for all ICMP error replies
GAW> it generates then the output of the likes of traceroute and
GAW> even ping will still b
>> Then we come to the extra bogons like exchange point allocations. Can't
>> forget them. :)
>
> I've never heard anyone refer to the IXP allocations as "bogons." Plus,
> I've not heard of anyone filtering the IXP prefixes on their ingress
> peering filters. Egress peering filters - yes.
At s
On Wed, Jun 05, 2002 at 08:34:58AM +, Miquel van Smoorenburg wrote:
>
> I haven't seen a 'icmp source lo0' interface command yet. Hopefully
> it will be added for ipv6 so exchanges can use link-local addressing
> (ipv6 has no fragmentation, PMTUd is mandatory).
I'm not terribly sure why you
> I haven't seen a 'icmp source lo0' interface command yet. Hopefully
> it will be added for ipv6 so exchanges can use link-local addressing
> (ipv6 has no fragmentation, PMTUd is mandatory).
>
> Mike.
Now expired...
draft-kato-bgp-ipv6-link-local-01.txt
Proof of conc
> [[ What's with the huge CC list everyone? Aren't we all subscribers? Do
> y'all enjoy getting multiple copies of replies? I don't! ;-) ]]
:0 Wh: msgid.lock
| formail -D 8192 msgid.cache
In article <[EMAIL PROTECTED]>,
Sean M. Doran <[EMAIL PROTECTED]> wrote:
>
>| Why treat exchange subnets differently to any other bit of backbone
>| infrastructure?
>
>Oh, I wholeheartedly agree. I would love them all to use RFC 1918
>addresses, because it is VERY VERY VERY rare that anything
[[ What's with the huge CC list everyone? Aren't we all subscribers? Do
y'all enjoy getting multiple copies of replies? I don't! ;-) ]]
[ On Tuesday, June 4, 2002 at 18:33:23 (-0700), Sean M. Doran wrote: ]
> Subject: Re: Bogon list
>
> | Why treat exchange sub
> Targeting people who look up in-addr.arpa mappings, you could
> always emit pointers to would-be tracerouters -- get yer real
> data at http://...
>
> Points to the person who first puts such a thing into the DNS.
>
Started it in 1997... Presented it @ INET in 1998.
UCB & a
| Why treat exchange subnets differently to any other bit of backbone
| infrastructure?
Oh, I wholeheartedly agree. I would love them all to use RFC 1918
addresses, because it is VERY VERY VERY rare that anything outside
the scope in which the 1918 local use addresses are unique actually
has
On Tuesday, June 4, 2002, at 07:49 , Sean M. Doran wrote:
> | Messy traceroutes make the helpdesk phone ring.
>
> Messy architecture is worse!
Agreed. An inconsistent architecture is a messy one. Why treat exchange
subnets differently to any other bit of backbone infrastructure? Why
number p
| Tweaking our Looking Glass software by itself would not fix the problem
| (ours doesn't have this problem anyway). To fix the problem everyone
| would have to tweak their Looking Glass software since the problem can
| be seen when someone traceroutes from a peer or 3rd party's Looking
| Glass
It just occurred to me that one could use the extended traceroute on the
back end for a Cisco to tweak the source IP but there again, it would
not be completely effective unless everyone did this.
-Dave
David McGaugh wrote:
>
> Tweaking our Looking Glass software by itself would not fix the pr
Tweaking our Looking Glass software by itself would not fix the problem
(ours doesn't have this problem anyway). To fix the problem everyone
would have to tweak their Looking Glass software since the problem can
be seen when someone traceroutes from a peer or 3rd party's Looking
Glass into our cu
| Traceroute to www.foo.com, see it goes through an exchange. Ping
| the router on the far end of the exchange, "host unreachable".
How do you know the name of the thing at the far end of the exchange?
Is it traceroute? Did the traceroute come from a looking glass, perhaps,
or pass through a
| While on the subject of IXP blocks, we also ended up redistributing the
| IXP blocks and sending them to our BGP customers (who do not receive a
| default) so that traceroutes and such from Looking Glasses do not break.
| They can then choose to filter them as they wish.
This is backwards. D
| Messy traceroutes make the helpdesk phone ring.
Messy architecture is worse!
There's two ways to deal with the "messy traceroute problem":
1. looking glasses - use them to compare traceroutes,
point people at them, couple them with ample notes
on how to interp
In a message written on Tue, Jun 04, 2002 at 01:54:07PM -0700, Aditya wrote:
> Am I right that I don't see a reason why IX blocks should be transited other
> than traceroute should work? I can think of a couple of reasons why the blocks
> SHOULDN'T be transitted by anyone.
Traceroute to www.foo.
We announce the IXP blocks to customers and not peers for IXs which we
participate. Additionally we don't filter our peers if they were to
announce an IXP block so long as it is not an IXP block for an IX which
we participate. (grammar?) This way we can continue to learn routes for
things like l.
>> as peers do not give eachother transit, you don't need to announce
>> the IX to eachother to get traceroute to work. you just carry it
>> in your own network.
> Weren't they talking about customers at a "downstream" ISPs which don't
> connect directly to the exchange?
one gives transit custo
On Tue, Jun 04, 2002 at 02:02:36PM -0700, Randy Bush wrote:
> as peers do not give eachother transit, you don't need to announce
> the IX to eachother to get traceroute to work. you just carry it
> in your own network.
Weren't they talking about customers at a "downstream" ISPs which don't
conn
as peers do not give eachother transit, you don't need to announce
the IX to eachother to get traceroute to work. you just carry it
in your own network.
randy
On Tue, Jun 04, 2002 at 04:47:51PM -0400, Leo Bicknell wrote:
>
> In a message written on Tue, Jun 04, 2002 at 03:47:00PM -0400, Richard A Steenbergen
>wrote:
> > Exchange point blocks SHOULDN'T be transited by anyone, therefore you
> > should not hear them from your peers.
>
> I would say th
In a message written on Tue, Jun 04, 2002 at 03:47:00PM -0400, Richard A Steenbergen
wrote:
> Exchange point blocks SHOULDN'T be transited by anyone, therefore you
> should not hear them from your peers.
I would say this the other way around, all exchange point blocks
should be transited by so
On Tue, Jun 04, 2002 at 01:24:04PM -0700, Clayton Fiske wrote:
> How does the absence of an IXP route affect traceroutes -through- it?
> The IXP device has a route back to the source of the trace, so it can
> reply. The traceroute packets are addressed to the ultimate destination,
> so they don't
> On Tue, Jun 04, 2002 at 11:04:40AM -0700, David McGaugh wrote:
> > I agree with Joe on this. At one time we were filtering 198.32/16 from
> > our peers but ran into things like ep.net (198.32.6.31) breaking. We now
> > only filter on IXP blocks for which we participate.
> >
> > While on the s
On Tue, Jun 04, 2002 at 04:17:04PM -0400, Joe Abley wrote:
> On Tuesday, June 4, 2002, at 03:47 , Richard A Steenbergen wrote:
>
> > Exchange point blocks SHOULDN'T be transited by anyone, therefore you
> > should not hear them from your peers.
>
[snip]
> Messy traceroutes make the helpdesk pho
On Tuesday, June 4, 2002, at 03:47 , Richard A Steenbergen wrote:
> Exchange point blocks SHOULDN'T be transited by anyone, therefore you
> should not hear them from your peers.
Unless an exchange point includes such a restriction in the agreements
with their participants, isn't this a privat
On Tue, Jun 04, 2002 at 11:04:40AM -0700, David McGaugh wrote:
> I agree with Joe on this. At one time we were filtering 198.32/16 from
> our peers but ran into things like ep.net (198.32.6.31) breaking. We now
> only filter on IXP blocks for which we participate.
>
> While on the subject of IXP
1 - 100 of 111 matches
Mail list logo