2009/11/6 Jeffrey Lyon jeffrey.l...@blacklotus.net
The primary issue is that we receive a fair
deal of customers who end up with wide scale DDoS attacks followed by
an offer for protection to move to your network. In almost every
case the attacks cease once the customer has agreed to pay
HI,
I was recently brought onto a project where some failover is desired, but I
think that the number of connections provisioned is excessive. Also hoping to
get some guidance with regards to how well I can get the failover to actually
work. So currently 4 X 100Mb/s Internet connections have
-Original Message-
From: a...@baklawasecrets.com [mailto:a...@baklawasecrets.com]
Sent: Sunday, November 08, 2009 4:52 AM
To: nanog@nanog.org
Subject: Failover how much complexity will it add?
HI,
I was recently brought onto a project where some failover is desired, but I
think
a...@baklawasecrets.com wrote:
HI,
Now I couldn't get any good answers as to why Internet connections 1 and 2 need
to be separate. I think the idea was to make sure that there was enough
bandwidth for the third party support VPN. I feel that I can consolidate this
into one connection
Owen,
We could learn a lot about this from Aviation. Nowhere in human history has
more research, care, training, and discipline been applied to accident
prevention,
mitigation, and analysis as in aviation. A few examples:
Others later in this thread duly noted a definite relationship of
Anton Kapela wrote:
What curve must we shift to get routers with hardware and software
that's both a) fast b) reliable and c) cheap -- in the hopes that the
only problems left to solve indeed are human ones?
Fast, Reliable, Cheap - pick any two. No, you can't have all three.
The
a...@baklawasecrets.com wrote:
HI,
I was recently brought onto a project where some failover is desired, but I
think that the number of connections provisioned is excessive. Also hoping
to get some guidance with regards to how well I can get the failover to
actually work. So currently
On 2009-11-08-10:23:41, Blake Pfankuch bpfank...@cpgreeley.com wrote:
Make sure they operate their own network for last mile
[...]
I wouldn't sway from the big names for your primary connections
either.
Because ownership of the provider/subsidiary delivering the last mile
means one hand is
Thanks for all your comments guys. With regards to bgp I did
think about placing two bgp routers in front of the ssg's. However
my limited understanding makes me think that if I had two bgp
connections from different providers I would still have issues. So
I guess that if my primary Internet
Seth Mattinen [se...@rollernet.us] said:
Forget all of that and just multihome to two separate providers with BGP
--Assuming that you're advertising PI space or can work around that
appropriately with your providers, I agree, that's the ideal situation.
Having multiple circuits to one provider
a...@baklawasecrets.com wrote:
Thanks for all your comments guys. With regards to bgp I did
think about placing two bgp routers in front of the ssg's. However
my limited understanding makes me think that if I had two bgp
connections from different providers I would still have issues. So
I
On Sun, 08 Nov 2009 08:23:41 MST, Blake Pfankuch said:
I wouldn't sway from the big names for your primary connections either.
This is, of course, dependent on the OP's location and budget. I know when we
were getting our NLR connection set up, there was a fair amount of You want
40G worth of
Kanak,
We're not a Staminus reseller. Please do your homework:
http://webtrace.info/asn/32421 .
I'm not going to hold court on whether or not you or your resellers
are DDoSing competitor's customers, I was merely stating my opinion.
The reader can draw their own conclusion. I think your network
Thanks Seth and James,
Things are getting a lot clearer. The BGP multihoming solution sounds like
exactly what I want. I have more questions :-)
Now I suppose I would get my allocation from RIPE as I am UK based?
Do I also need to apply for an AS number?
As the IP block is mine, it is ISP
Hi Adel
There are companies like packet exchange (www.packetexchange.net)
(whom i have personally used) who will do all of the legwork for you,
such as applying for the ASN, address space, transit agreements, and
get the tail connections directly to your building. You just need to
pay them and
Hi,
Thanks for the info on UKNOF. I've started a thread there with regards to RIPE
and obtaining ASN numbers and so on., as
this is I guess quite UK specific.
Adel
On Sun 8:40 PM , Arnold Nipper arn...@nipper.de wrote:
Hi Adel,
On 08.11.2009 21:24 Ken Gilmour wrote
There are
Don't think I sent the below to the list, so resending:
Thanks Seth and James,
Things are getting a lot clearer. The BGP multihoming solution sounds like
exactly what I want. I have more questions :-)
Now I suppose I would get my allocation from RIPE as I am UK based?
Do I also need to
Hi,
Ok thanks for clearing that up. I'm getting some good feedback on applying for
PI and ASN through Ripe LIRs over on the UKNOF so I think I have a handle on
this.
With regards to BGP and using separate BGP routers. I am announcing my PI
space to my upstreams, but I don't need to carry a
a...@baklawasecrets.com wrote:
Hi,
Thanks for the info on UKNOF. I've started a thread there with regards to
RIPE and obtaining ASN numbers and so on., as
this is I guess quite UK specific.
You will need an AS number regardless of what path you get your
addresses from to multihome. In
a...@baklawasecrets.com wrote:
Hi,
Ok thanks for clearing that up. I'm getting some good feedback on applying
for PI and ASN through Ripe LIRs over on the UKNOF so I think I have a handle
on this.
With regards to BGP and using separate BGP routers. I am announcing my PI
space to my
I think partial routes makes perfect sense, makes sense that traffic for
customers who are connected to each of my upstreams should go out of
the correct BGP link as long as they are up! Now I need to start thinking of
BGP router choices, sure I have a plethora of choices :-(
On Sun 10:01
In message 75cb24520911060747x3556e01tbb80be8c9e0d5...@mail.gmail.com, Christ
opher Morrow writes:
On Thu, Nov 5, 2009 at 5:56 PM, valdis.kletni...@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET
On Sun, 8 Nov 2009, Dobbins, Roland wrote:
if the discussion hasn't shifted from that of DDoS to EDoS, it
should.
All DDoS is 'EDoS' - it's a distinction without a difference, IMHO.
DDoS costs opex, can cost direct revenue, can induce capex spends -
it's all about economics at bottom, always
Sean Donelan wrote:
Oh, the cloud service provider won't negotiate, won't give you unlimited
service credits, want to charge extra for that protection, don't want to
make promises it will work, and so on :-)
The same unsolved problems from the 1970's mainframe/timesharing era
still
So if my requirements are as follows:
- BGP router capable of holding full Internet routing table. (whether I go for
partial or full, I think I want something with full capability).
- Capable of pushing 100meg plus of mixed traffic.
What are my options? I want to exclude openbsd, or linux
So if my requirements are as follows:
- BGP router capable of holding full Internet routing table. (whether I go for
partial or full, I think I want something with full capability).
- Capable of pushing 100meg plus of mixed traffic.
What are my options? I want to exclude openbsd, or linux
Thought-provoking article by Paul Vixie:
http://queue.acm.org/detail.cfm?id=1647302
--
Alex Balashov - Principal
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
From: a...@baklawasecrets.com [a...@baklawasecrets.com]
- BGP router capable of holding full Internet routing table. (whether I go
for partial or full,
I think I want something with full capability).
--Capable of holding _2_ full internet routing
There are any problems with quagga+BSD/Linux that you know or something
like that?
Or in your scenario a cisco/juniper box is a requirement?
I'm asking this because I'm always running BGP with upstreams providers
using quagga on BSD and everything is fine until now.
Basically the organisation that I'm working for will not have the skills in
house to support a linux or bsd box. They will have trouble
with supporting the BGP configuration, however I don't think they will be happy
with me if I leave them with a linux box when they
don't have linux/unix
Alex Balashov wrote:
Thought-provoking article by Paul Vixie:
http://queue.acm.org/detail.cfm?id=1647302
I doubt Henry Ford would appreciate the Mustang.
-Dave
Dave Temkin wrote:
Alex Balashov wrote:
Thought-provoking article by Paul Vixie:
http://queue.acm.org/detail.cfm?id=1647302
I doubt Henry Ford would appreciate the Mustang.
I don't think that is a very accurate analogy, and in any case, the
argument is not that we should immediately
Alex Balashov wrote:
For example, perhaps in the case of CDNs geographic optimisation
should be in the province of routing (e.g. anycast) and not DNS?
-- Alex
In most cases it already is. He completely fails to address the concept
of Anycast DNS and assumes people are using statically
On Nov 8, 2009, at 7:06 PM, Dave Temkin wrote:
Alex Balashov wrote:
For example, perhaps in the case of CDNs geographic optimisation
should be in the province of routing (e.g. anycast) and not DNS?
-- Alex
In most cases it already is. He completely fails to address the
concept of
DNS is NOT always defined by Paul... :)
--bill
On Sun, Nov 08, 2009 at 05:39:47PM -0500, Alex Balashov wrote:
Thought-provoking article by Paul Vixie:
http://queue.acm.org/detail.cfm?id=1647302
--
Alex Balashov - Principal
Evariste Systems
Web : http://www.evaristesys.com/
Tel
On Nov 8, 2009, at 7:30 PM, bmann...@vacation.karoshi.com wrote:
On Sun, Nov 08, 2009 at 07:17:16PM -0500, David Andersen wrote:
Our trace-driven simulations yield two findings. First, reducing the
---
-Dave
a simulation is driven from a mathmatical
On Sun, Nov 8, 2009 at 6:06 PM, Dave Temkin dav...@gmail.com wrote:
In most cases it already is. He completely fails to address the concept of
Anycast DNS and assumes people are using statically mapped resolvers.
He also assumes that DNS is some great expense and that by not allowing tons
of
On Nov 8, 2009, at 7:46 PM, bmann...@vacation.karoshi.com wrote:
The paper also presents the results of trace-driven simulations that
explore the effect of varying TTLs and varying degrees of cache
sharing on DNS cache hit rates.
I'm not debating the traces - I wonder about the
Alex Balashov wrote:
For example, perhaps in the case of CDNs geographic optimisation
should be in the province of routing (e.g. anycast) and not DNS?
-- Alex
In most cases it already is. He completely fails to address the concept
of Anycast DNS and assumes people are using
On Sun, 8 Nov 2009, Alex Balashov wrote:
For example, perhaps in the case of CDNs geographic optimisation should be in
the province of routing (e.g. anycast) and not DNS?
Well my first answer to that would be that GSLB scales down a lot further
than anycast.
And my first question would be
On 2009-11-09, at 10:35, Simon Lyall wrote:
And my first question would be what would the load on the global
routing system if a couple of thousand (say) extra sites started
using anycast for their content?
Are you asking what the impact would be of a couple of thousand extra
routes in
DNS is NOT always defined by Paul... :)
I agree Bill, but Paul is right on the money about how the DNS is being
misused and abused to create more smoke and mirrors in the domain
name biz.
I really find annoying that some ISPs (several large ones among them) are
still tampering with the DNS
If you're a consumer broadband provider, and you use a DNS blackhole
list so that any of your subscribers who tries to reach
bigbank1.fakebanks.example.com gets redirected to
fakebankwebsitelist.sipc.gov, you might be able to claim that you
complied with the law, though the law's aggressive enough
Kris Foster and Michael K. Smith have been chosen to fill two year
terms on the Communications Committee (formerly known as the Mailing
List Committee.)
They join Randy Epstein and Tim Yocum, who are starting the second
year of their terms, and Sue Joiner, who is the Merit appointee to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Nov 8, 2009 at 9:35 PM, David Conrad d...@virtualized.org wrote:
On Nov 8, 2009, at 4:59 PM, David Andersen wrote:
Z. M. Mao, C. D. Cranor, F. Douglis, and M. Rabinovich. A Precise and
Efficient Evaluation of the Proximity between Web
45 matches
Mail list logo
