Re: dealing with bogon spam ?

Ah, colo4jax I see. Jacksonville, Florida. 68.234.16.0/20 shows up as unallocated but as these guys own the previous /20 its probably a stale arin db and a brand new allocation Prefix AS Path Aggregation Suggestion 68.234.0.0/204777 2497 25973 40430 68.234.16.0/20

Re: dealing with bogon spam ?

On Tue, 27 Oct 2009 23:44:40 -0700 Leslie wrote: > It seems to me like the best solution might be a semi-hacky solution > of asking arin (and other IRR's) if i can copy its DB and creating an > internal peer which null routes unallocated blocks (updated nightly?) > > Has anyone seen an IRR's DB'

Re: dealing with bogon spam ?

I would suggest to report that netblock to SpamHaus to have it included at their DROP list, and also use that DROP list as extra filter in addition to your bogon filter setup at your border routers. The SpamHaus DROP (Don't Route Or Peer) list was specially designed for this kind of abuse of s

Re: dealing with bogon spam ?

Leslie wrote: [..] > It seems to me like the best solution might be a semi-hacky solution of > asking arin (and other IRR's) if i can copy its DB and creating an > internal peer which null routes unallocated blocks (updated nightly?) What you want to take is: $rirs = array( "afrin

Re: dealing with bogon spam ?

On Tue, 27 Oct 2009 16:57:17 PDT, Leslie said: > We're seeing a decent chunk of spam coming from an unallocated block of > address space. Fear not, this will end when we run out of IPv4 space not too many months down the road :) I admit to remaining confused as to why we still keep seeing provid

Re: dealing with bogon spam ?

On Oct 28, 2009, at 2:44 AM, Leslie wrote: Yes, unallocated (at least according to ARIN's whois db) but not unannounced - obviously our network can get to the space or else I wouldn't be having a spam problem with them! I'm actually seeing this /20 as advertised through Savvis from AS40

Re: dealing with bogon spam ?

On Oct 28, 2009, at 7:14 AM, valdis.kletni...@vt.edu wrote: On Tue, 27 Oct 2009 16:57:17 PDT, Leslie said: We're seeing a decent chunk of spam coming from an unallocated block of address space. Fear not, this will end when we run out of IPv4 space not too many months down the road :) I

Re: dealing with bogon spam ?

>> It seems to me like the best solution might be a semi-hacky solution of >> asking arin (and other IRR's) if i can copy its DB and creating an >> internal peer which null routes unallocated blocks (updated nightly?) > > What you want to take is: > > $rirs = array( > "afrinic"

Redundant Data Center Architectures

I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/COOP environments. I imagine VPLS has a big play here, but I'm willing to bet there are all sorts of weirdness that such environments can create, such as the effect it may have on DR elections, etc. Also,

Re: dealing with bogon spam ?

Randy Bush wrote: >>> It seems to me like the best solution might be a semi-hacky solution of >>> asking arin (and other IRR's) if i can copy its DB and creating an >>> internal peer which null routes unallocated blocks (updated nightly?) >> What you want to take is: >> >> $rirs = array( >>

Strip AS in BGP peer

Hello Nanog, am not sure if i should have placed this on the cisco-nsp or the juniper-nsp but someone may have a direct answer. well here it goes. we'll soon form a new internet exchange and i would like to suggest a model in the route-server wherein the route-server would strip out it's own AS

Re: Strip AS in BGP peer

Take a read of the quagga documentation. There's a BGP neighbor option for stripping out the local AS when speaking eBGP. Adrian On Wed, Oct 28, 2009, Sherwin Ang wrote: > Hello Nanog, > > am not sure if i should have placed this on the cisco-nsp or the > juniper-nsp but someone may have a dir

Re: dealing with bogon spam ?

On 29/10/2009, at 2:52 AM, Jeroen Massar wrote: Randy Bush wrote: It seems to me like the best solution might be a semi-hacky solution of asking arin (and other IRR's) if i can copy its DB and creating an internal peer which null routes unallocated blocks (updated nightly?) What you want

Re: Redundant Data Center Architectures

We are doing: Citrix XenServer environments at both sites with NetApps for the SANs MPLS connections with Riverbeds for WAN op. Let me know if you wanna dig into this deeper. Stefan Fouant wrote: I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/COOP en

ISP with CSC/CoC?

- __ Information from ESET NOD32 Antivirus, version of virus signature database 4551 (20091028) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com

Re: dealing with bogon spam ?

On Thu, 29 Oct 2009 03:24:17 +1300 Nathan Ward wrote: > I can't see anything on their site that provides a BGP feed of > prefixes allocated by RIRs, which I think is what we're talking > about here. We currently provide A BGP bogon route server feed for the asking, which are routes of 'well kn

Re: dealing with bogon spam ?

Just FYI the colo4jax guys got back to me and it is a stale ARIN db entry - I guess they don't update it as quickly as I thought. So this is now just a normal case of spam. Leslie Leslie wrote: Yes, unallocated (at least according to ARIN's whois db) but not unannounced - obviously our netwo

Re: dealing with bogon spam ?

On 28/10/09 00:57, Leslie wrote: How have you dealt with this issue? Does anyone publish a more granular listing of unallocated space? Does arin have this information somewhere other than just probing any given ip via whois? You can at least get a list of all the allocated blocks. Presumably a

Re: IPv6 Deployment for the LAN

Iljitsch van Beijnum wrote: > This would be a big mistake. Fate sharing between the device that > advertises the presence of a router and the device that forwards packets > makes RAs much more robust than DHCPv4. No, what we want are better first hop redundancy protocols, and DHCP for v6, so that

Re: dealing with bogon spam ?

John Kristoff wrote: On Thu, 29 Oct 2009 03:24:17 +1300 Nathan Ward wrote: I can't see anything on their site that provides a BGP feed of prefixes allocated by RIRs, which I think is what we're talking about here. We currently provide A BGP bogon route server feed for the asking, which a

looking for optonline/cablevision contact

ive been having a mailing issue with optonline/cablevision for several weeks now and normal business tech support is giving me the run around. can someone from optonline/cablevision contact me off thread so i can try to get this simple thing resolved. -- ---

Re: Redundant Data Center Architectures

On Oct 28, 2009, at 8:26 PM, Stefan Fouant wrote: I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/COOP environments. 'DR' is an obsolete 40-year-old mainframe concept; it never works, as funding/testing/scaling of the 'backup' systems is never adeq

Re: Redundant Data Center Architectures

On Oct 28, 2009, at 10:38 AM, Roland Dobbins wrote: On Oct 28, 2009, at 8:26 PM, Stefan Fouant wrote: I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/COOP environments. 'DR' is an obsolete 40-year-old mainframe concept; it never works, as fundin

Re: Redundant Data Center Architectures

Roland, Could you elaborate on "GSLB" (Global Load Balancing?) ? Pardon if that question seems a bit "noob-ish" Thanks Roland Dobbins wrote: On Oct 28, 2009, at 8:26 PM, Stefan Fouant wrote: I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/C

Re: Redundant Data Center Architectures

Roland Dobbins wrote: On Oct 28, 2009, at 8:26 PM, Stefan Fouant wrote: I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/COOP environments. 'DR' is an obsolete 40-year-old mainframe concept; it never works, as funding/testing/scaling of the 'backup'

Re: Redundant Data Center Architectures

>>Layer-3-independence and active/active/etc. is where it's at in terms of high availability in the 21st Century. GSLB, et. al. Somewhere on video.google.com is a Google I/O talk explaining the hell that is active/active redundancy and how hard it is to achieve at layers 4-7. I don't argue that i

Re: Redundant Data Center Architectures

On Oct 29, 2009, at 12:44 AM, Brandon Galbraith wrote: Somewhere on video.google.com is a Google I/O talk explaining the hell that is active/active redundancy and how hard it is to achieve at layers 4-7. Depends upon the type of apps, amount of required concurrency, etc. It's easy on the

Re: Redundant Data Center Architectures

On Oct 29, 2009, at 12:42 AM, Ray Sanders wrote: Could you elaborate on "GSLB" (Global Load Balancing?) ? Architectural choices, implementation scenarios, DNS tricks to ensure optimal cleaving to and availability of distributed nodes within a given tier:

Re: Redundant Data Center Architectures

Props for mentioning mod_backhand. Excellent tool for GSLB. On Wed, Oct 28, 2009 at 12:57 PM, Roland Dobbins wrote: > > On Oct 29, 2009, at 12:42 AM, Ray Sanders wrote: > > Could you elaborate on "GSLB" (Global Load Balancing?) ? >> > > Architectural choices, implementation scenarios, DNS tric

Re: Strip AS in BGP peer

More specifically: - neighbor *ip or peer-group* attribute-unchanged as-path Cheers, Cody On Wed, 28 Oct 2009 22:19:54 +0800, Adrian Chadd wrote: > Take a read of the quagga documentation. There's a BGP neighbor option > for stripping out the local AS when speaking eBGP. > > > > Adrian >

Re: dealing with bogon spam ?

Michiel Klaver wrote: I would suggest to report that netblock to SpamHaus to have it included at their DROP list, and also use that DROP list as extra filter in addition to your bogon filter setup at your border routers. The SpamHaus DROP (Don't Route Or Peer) list was specially designed for

Re: Strip AS in BGP peer

On 28.10.2009 19:01 Cody Appleby wrote > More specifically: > - neighbor *ip or peer-group* attribute-unchanged as-path > To leave _everything_ unchanged (med and next hop which goes w/o saying ;-)) might even best. Hence go for neighbor attribute-unchanged Of course there are also other

Re: dealing with bogon spam ?

Justin Shore wrote: Michiel Klaver wrote: I would suggest to report that netblock to SpamHaus to have it included at their DROP list, and also use that DROP list as extra filter in addition to your bogon filter setup at your border routers. The SpamHaus DROP (Don't Route Or Peer) list was spe

Re: dealing with bogon spam ?

Leslie wrote: > John Kristoff wrote: >> I suppose if there is interest and a need we could do this. Shoot >> myself or the team (i...@cymru.com) a note off list if you have >> thoughts on the matter or simply want to provide some feedback into >> such a service and how it might best be used. We'

ip options

Experts, out of the well-known values for ip options: x...@r4# set ip-options ? Possible completions: Range of values [Open a set of values any Any IP option loose-source-route Loose source route route-record Route record ro

RE: ip options

Luca: Check http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/s ec_acl_sel_drop_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1 043334 Not the whole story, but :) Hope it helps, Dario > -Original Message- > From: Luca Tosol

Re: ip options

On Oct 29, 2009, at 2:05 AM, Luca Tosolini wrote: Considering the security hazard that they imply, I am therefore thinking to drop them. You should certainly consider the impact on traceroute and possibly QoS (i.e., RSVP, if it's relevant) in your environment. Some vendors/platforms als

Re: Redundant Data Center Architectures

Also, commercial solutions from F5 (their GTM product and their old 3-DNS product). Using CDN's is also a way of handling this, but you need to be prepared for all your traffic to come from their source-ip's or do creative things with x-forwarded-for etc. Making an active/active datacenter design

PPPoE vs. Bridged ADSL

There is a debate among our engineering staff as to the best means of provisioning broadband service over copper facilities. Due to our history, we have a mix out in the field. Some customers are on DSLAMS set up for bridged connections with DHCP; isolated by a variety of means including VLANS.

Re: PPPoE vs. Bridged ADSL

JD wrote: There seem to be pros and cons to both directions. Certainly true bridging has less overhead. But modern CPEs can minimize the impact of PPPoE. PPPoE allows for more flexible provisioning; including via RADIUS. Useful for the call center turning customers on/off without NOC help. But

RE: Redundant Data Center Architectures

> -Original Message- > From: Darren Bolding [mailto:dar...@bolding.org] > Sent: Wednesday, October 28, 2009 4:57 PM > To: Roland Dobbins > Cc: NANOG list > Subject: Re: Redundant Data Center Architectures > > Also, commercial solutions from F5 (their GTM product and their old 3- > DNS > pr

Re: PPPoE vs. Bridged ADSL

On Cisco hardware PPPoE was cleaner if you have other ISPs' customers on your network and you want to put them in their own VRF's. I've been out of that world for a while now, so maybe it's changed. -saxon 2009/10/28 JD > There is a debate among our engineering staff as to the best means of > p

Re: PPPoE vs. Bridged ADSL

> > Opinions on this? I'd be interested in hearing the latest real world > experience for both and the direction most folks are going in. > > I can't speak to which would be better on copper specifically, but in general I'd favor DHCP over PPPoE. Either way, most of the back-end stuff will be simil

Re: PPPoE vs. Bridged ADSL

Most aDSL modems if set to PPPoE (I think Actiontec's come this way by default) will send the mac as the pppoe un/pw. David E. Smith wrote: Opinions on this? I'd be interested in hearing the latest real world experience for both and the direction most folks are going in. I can't speak to

Re: ALTDB Problems

On Tue, Oct 27, 2009 at 11:21 AM, Steve Rubin wrote: > > ALTDB is free and you get what you pay for. > > However. Donations to http://www.nanog.org/scholarships/abha.php would > probably get requests done a lot faster. > > > -- > Steve Rubin/ AE6CH / http://www.altdb.net/ > E

Re: PPPoE vs. Bridged ADSL

We like PPPoE on the edge because we can use RADIUS to apply policy to the subscribers for bandwidth management, class-of-service, SNPs, etc. You probably have some of these features via your DSLAM, but we found it easier to do via RADIUS with a web based GUI for our provisioning folks. So

Re: PPPoE vs. Bridged ADSL

On Wed, 28 Oct 2009 15:33:58 -0700 Walter Keen wrote: >Most aDSL modems if set to PPPoE (I think Actiontec's come this way by >default) will send the mac as the pppoe un/pw. >David E. Smith wrote: > > Opinions on this? I'd be interested in hearing the latest real world > experience f

Re: IPv6 Deployment for the LAN

>> This would be a big mistake. Fate sharing between the device that >> advertises the presence of a router and the device that forwards packets >> makes RAs much more robust than DHCPv4. > No, what we want are better first hop redundancy protocols, and DHCP for > v6, so that everyone who has extra

Re: PPPoE vs. Bridged ADSL

Apologies if this message is brief, it is sent from my cellphone. On 29/10/2009, at 11:33, Walter Keen wrote: Most aDSL modems if set to PPPoE (I think Actiontec's come this way by default) will send the mac as the pppoe un/pw. David E. Smith wrote: Opinions on this? I'd be inter

Re: ALTDB Problems

On Oct 28, 2009, at 3:53 PM, christian koch wrote: On Tue, Oct 27, 2009 at 11:21 AM, Steve Rubin wrote: ALTDB is free and you get what you pay for. However. Donations to http://www.nanog.org/scholarships/abha.php would probably get requests done a lot faster. -- Steve Rubin

Re: IPv6 Deployment for the LAN

Amen to that Randy. MMC Randy Bush wrote: This would be a big mistake. Fate sharing between the device that advertises the presence of a router and the device that forwards packets makes RAs much more robust than DHCPv4. No, what we want are better first hop redundancy protocols, and DH

Re: dealing with bogon spam ?

You are using it the wrong way .. most of the drop list is directly spammer controlled space used as, for example, C&C for botnets. You'd see tons of abuse and little or no smtp traffic from a lot of those hosts. On Thu, Oct 29, 2009 at 12:26 AM, Jason Bertoch wrote: > Justin Shore wrote: >> As a

Re: IPv6 Deployment for the LAN

This is unusual, but, I have to agree with Randy here. Owen On Oct 28, 2009, at 5:09 PM, Matthew Moyle-Croft wrote: Amen to that Randy. MMC Randy Bush wrote: This would be a big mistake. Fate sharing between the device that advertises the presence of a router and the device that forwards

Re: Redundant Data Center Architectures

On 29/10/2009, at 8:39 AM, Stefan Fouant wrote: -Original Message- From: Darren Bolding [mailto:dar...@bolding.org] Sent: Wednesday, October 28, 2009 4:57 PM To: Roland Dobbins Cc: NANOG list Subject: Re: Redundant Data Center Architectures Also, commercial solutions from F5 (their GTM