On Mon, Nov 9, 2009 at 8:54 PM, Jorge Amodio wrote:
> > A second issue is ownership. I own my domain.
>
> Interesting statement, did you get a property title with your domain name ?
>
> Just curious
>
>
I'd take that question up with your IP attorney.
[ Summary: lots of lawyers and courts seem
As someone just said to me privately: "I dislike the pedantic
nerds pull sometimes." (The "" is mine, not the original quote,
so the Communications Committee doesn't send me a warning.)
On Nov 9, 2009, at 8:10 PM, bmann...@vacation.karoshi.com wrote:
good question - does p
Those are very good points Jack. We stopped using multihop for those
same reasons.
Jack Bates wrote:
> Matthew Petach wrote:
>>
>> I've outlawed the use of multihop eBGP for load-sharing here; when we
>> get
>> multiple links off the same router to a peer or upstream, they are
>> configured
>> wit
Bin Dai wrote:
Hi:
These days, in the research, the interdomain multipath routing is pretty
hot but i doubt its actually use in reality.
Does anyone tell me any use of interdomain multipath routing like
multipath BGP in the real world?
"BGP multipath" is extremely common and used to load bala
Andrew Cox wrote:
I think the issue is more that older apps would expect that if they can
get a response then everything is ok.. perhaps this simply an outdated
method and needs to be rethought.
The app is expecting a response of some kind. When it gets back bogus
information that has it co
Matthew Petach wrote:
I've outlawed the use of multihop eBGP for load-sharing here; when we get
multiple links off the same router to a peer or upstream, they are configured
with multipath. We've got hundreds of BGP sessions across the network
configured with multipath on them.
Same here for
Shouldn't such apps be checking the content they receive back from a
server anyway?
Regardless of if they think they're getting to the right server (due to
a bogus non-NXDOMAIN response) there should be some sort of validation
in place.. otherwise you're open in any sort of man-in-the-middle att
On Mon, Nov 9, 2009 at 5:56 PM, Bin Dai wrote:
> Hi:
> These days, in the research, the interdomain multipath routing is pretty hot
> but i doubt its actually use in reality.
> Does anyone tell me any use of interdomain multipath routing like multipath
> BGP in the real world?
I've outlawed the u
We use eBGP multipath where I work. We usually get two or more
connections to each provider we have. Using multipath we are able to add
hardware redundancy with bandwidth balancing (to an extent) with this
method. There are some providers who will only allow multipath eBGP and
not even let you run
a...@baklawasecrets.com wrote:
> Hi,
>
> Thanks to everyone that replied to my post on failover configuration. This
> has lead me to this post. I'm at a point now where I'm looking at
> dual-homing with two BGP peers upstream. Now what I am looking at doing is
> as follows:
>
> BGP Peer wit
On Mon, 09 Nov 2009 15:04:06 PST, Bill Stewart said:
> For instance, returning the IP address of your company's port-80 web
> server instead of NXDOMAIN
> not only breaks non-port-80-http applications
Remember this...
> There is one special case for which I don't mind having DNS servers
> lie ab
On Mon, Nov 09, 2009 at 08:32:38PM -0500, Patrick W. Gilmore wrote:
> > notbeing Paul, its rude of me to respond - yet you posted this
> > to a public list ... so here goes.
> >
> > Why do you find your behaviour in your domains acceptable and yet
> >the
> > same behaviour in others zones
Hi:
These days, in the research, the interdomain multipath routing is
pretty hot but i doubt its actually use in reality.
Does anyone tell me any use of interdomain multipath routing like
multipath BGP in the real world?
Best,
Daniel
> A second issue is ownership. I own my domain.
Interesting statement, did you get a property title with your domain name ?
Just curious
Sent from my iPhone, please excuse any errors.
On Nov 9, 2009, at 19:32, bmann...@vacation.karoshi.com wrote:
On Mon, Nov 09, 2009 at 06:24:52PM -0500, Patrick W. Gilmore wrote:
On Nov 9, 2009, at 3:00 PM, Paul Vixie wrote:
i loved the henry ford analogy -- but i think henry ford would ha
On Mon, Nov 09, 2009 at 04:52:35PM -0800, Buhrmaster, Gary wrote:
>
>
> > -Original Message-
> > From: bmann...@vacation.karoshi.com
> > [mailto:bmann...@vacation.karoshi.com]
> > Sent: Monday, November 09, 2009 4:32 PM
> > To: Patrick W. Gilmore
> > Cc: NANOG list
> > Subject: Re: What D
On Nov 9, 2009, at 7:52 PM, Buhrmaster, Gary wrote:
-Original Message-
From: bmann...@vacation.karoshi.com
[mailto:bmann...@vacation.karoshi.com]
Sent: Monday, November 09, 2009 4:32 PM
To: Patrick W. Gilmore
Cc: NANOG list
Subject: Re: What DNS Is Not
...
notbeing Paul, it
At 0:32 + 11/10/09, bmann...@vacation.karoshi.com wrote:
not being Paul, its rude of me to respond - yet you posted this
to a public list ... so here goes.
Why do you find your behaviour in your domains acceptable and yet the
same behaviour in others zones to
> -Original Message-
> From: bmann...@vacation.karoshi.com
> [mailto:bmann...@vacation.karoshi.com]
> Sent: Monday, November 09, 2009 4:32 PM
> To: Patrick W. Gilmore
> Cc: NANOG list
> Subject: Re: What DNS Is Not
...
> notbeing Paul, its rude of me to respond - yet you posted th
On Mon, Nov 09, 2009 at 06:24:52PM -0500, Patrick W. Gilmore wrote:
> On Nov 9, 2009, at 3:00 PM, Paul Vixie wrote:
>
> >i loved the henry ford analogy -- but i think henry ford would have
> >said that
> >the automatic transmission was a huge step forward since he wanted
> >everybody
> >to hav
David Ulevitch wrote:
On 11/9/09 6:06 PM, Alex Balashov wrote:
Anything else is COMPLETELY UNACCEPTABLE. I don't understand how or why
this could possibly be controversial.
Because some people want the ability and choice to block DNS responses
they don't like; just as they have the ability a
> From: "Patrick W. Gilmore"
> Date: Mon, 9 Nov 2009 18:24:52 -0500
>
> On Nov 9, 2009, at 3:00 PM, Paul Vixie wrote:
>
> > i loved the henry ford analogy -- but i think henry ford would have
> > said that
> > the automatic transmission was a huge step forward since he wanted
> > everybody
>
Alex Balashov wrote:
When I write applications that make DNS queries, I expect the request to
turn NXDOMAIN if the host does not exist - HTTP as well as non-HTTP, but
especially non-HTTP.
Actually, the one I hate is when they return NXDOMAIN for any RR type
other than A, breaking DNS. Most
On Nov 9, 2009, at 3:00 PM, Paul Vixie wrote:
i loved the henry ford analogy -- but i think henry ford would have
said that
the automatic transmission was a huge step forward since he wanted
everybody
to have a car. i can't think of anything that's happened in the
automobile
market that h
On 11/9/09 6:06 PM, Alex Balashov wrote:
Anything else is COMPLETELY UNACCEPTABLE. I don't understand how or why
this could possibly be controversial.
Because some people want the ability and choice to block DNS responses
they don't like; just as they have the ability and choice to reject
em
When I write applications that make DNS queries, I expect the request
to turn NXDOMAIN if the host does not exist - HTTP as well as
non-HTTP, but especially non-HTTP.
Anything else is COMPLETELY UNACCEPTABLE. I don't understand how or
why this could possibly be controversial.
--
Alex Balash
Hi, Paul - I share your dislike of DNS services that break the DNS
model for profit in ways that break applications.
For instance, returning the IP address of your company's port-80 web
server instead of NXDOMAIN
not only breaks non-port-80-http applications, it also breaks the
behaviour that brows
Aaron Wendel wrote:
> Ok, guess we'll see if this really works or not.
>
> Would an AT&T mail admin contact me offlist? I have an issue I need to
> start moving up the chain since I'm getting nowhere fast with normal
> channels.
>
FYI replying and changing the subject keeps your message under t
i loved the henry ford analogy -- but i think henry ford would have said that
the automatic transmission was a huge step forward since he wanted everybody
to have a car. i can't think of anything that's happened in the automobile
market that henry ford wouldn't've wished he'd thought of.
i knew t
Ok, guess we'll see if this really works or not.
Would an AT&T mail admin contact me offlist? I have an issue I need to
start moving up the chain since I'm getting nowhere fast with normal
channels.
Thanks,
Aaron
William Herrin wrote:
>
> Be aware that provider A's diverse network for provider A's service is
> the same diverse network they'll use to connect you to provider B. As
> a result, many or most of the outages which impact provider A will
> also impact your connectivity to provider B, defeating the
> Don't let them cross connect over their network. Bring it in to your
> site separate from A, otherwise there's no point in the multihoming
> exercise.
s/no point/less benefit/
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the a
> Most purpose-built routing "appliances" use ternary content
> addressable memory (TCAM) in order to accomplish deterministic,
> hardware-based, longest-prefix lookups in large routing tables,
> such as a full Internet BGP feed. TCAM is used to replace
> software-based table lookup algorithms
On Mon, Nov 9, 2009 at 12:40 PM, wrote:
> I have an existing relationship with provider A, colo, cross connects
> etc. Provider A has offered to get the PI space, ASN number,
> purchase the transit for us with provider B and manage cross
> connects to provider B (they say they have a diverse "fi
a...@baklawasecrets.com wrote:
> Hi,
>
> Thanks to everyone that replied to my post on failover configuration. This
> has lead me to this post. I'm at a point now where I'm looking at
> dual-homing with two BGP peers upstream. Now what I am looking at doing is
> as follows:
>
> BGP Peer wit
Most purpose-built routing "appliances" use ternary content addressable memory
(TCAM) in order to accomplish deterministic, hardware-based, longest-prefix
lookups in large routing tables, such as a full Internet BGP feed. TCAM is used
to replace software-based table lookup algorithms which have
On Nov 8, 2009, at 2:39 PM, a...@baklawasecrets.com wrote:
So if my requirements are as follows:
- BGP router capable of holding full Internet routing table.
(whether I go for partial or full, I think I want something with
full capability).
- Capable of pushing 100meg plus of mixed tra
Hi,
Thanks to everyone that replied to my post on failover configuration. This has
lead me to this post. I'm at a point now where I'm looking at dual-homing with
two BGP peers upstream. Now what I am looking at doing is as follows:
BGP Peer with Provider A who is multihomed to other provider
On Mon, 09 Nov 2009 13:39:34 GMT, Adam Armstrong said:
> Sure, if you want to hand over your entire profit margin to a 3rd party.
> Do you really want to give away the keys to your business, and rely
> entirely upon a third party organisation? Better to acquire the skills
> which are vital to yo
a...@baklawasecrets.com wrote:
> Actually thinking about this, I still need to understand the implications of
> not taking a full routing table to my setup. So what is the likely impact
> going to be if I take partial instead of full routing table. Would
> appreciate any feedback on this. My
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Transport Layer Security Renegotiation
Vulnerability
Advisory ID: cisco-sa-20091109-tls
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
Revision 1.0
For Public Release 2009 November 9 1600 UTC (GMT
Hi Joe,
I agree with most of what you say below regarding linux sysadmin, BSD etc. I'm
quite happy and actually would prefer building a linux solution on our own
hardware. However, politically I think this is going to be difficult. I just
feel that they will be more comfortable with embedded
Alex Balashov wrote:
Thought-provoking article by Paul Vixie:
http://queue.acm.org/detail.cfm?id=1647302
Bah, many of the CDN's I've dealt with don't seed geographical responses
based on DNS, but rather use many out of band methods for determining
what response they will hand out. The pri
>
> Thanks,
>
> I've taken your advice and decided to reconsider my requirement for a full
> routing table. I believe I'm being greedy and a partial table will be
> sufficient. With regards to Linux/BSD, its not the CLI of quagga that will
> be an issue, rather the sysadmin and lack of suppo
Actually thinking about this, I still need to understand the implications of
not taking a full routing table to my setup. So what is the likely impact
going to be if I take partial instead of full routing table. Would appreciate
any feedback on this. My organisation is only looking at using
Ken Gilmour wrote:
Hi Adel
There are companies like packet exchange (www.packetexchange.net)
(whom i have personally used) who will do all of the legwork for you,
such as applying for the ASN, address space, transit agreements, and
get the tail connections directly to your building. You just nee
Thanks,
I've taken your advice and decided to reconsider my requirement for a full
routing table. I believe I'm being greedy and a partial table will be
sufficient. With regards to Linux/BSD, its not the CLI of quagga that will be
an issue, rather the sysadmin and lack of supporting infrastru
Thanks,
Their offering certainly looks appealing. Will be interested to hear user
experiences of the Vyatta BGP router range. Having said that
I will still be examining the Cisco offering, just because of the support,
larger user community and skills base issue. However if I can't
meet the pr
> > > Basically the organisation that I'm working for will not have the skills
> > > in house to support a linux or bsd box. They will have trouble
> > > with supporting the BGP configuration, however I don't think they will be
> > > happy with me if I leave them with a linux box when they
> > > do
Looking at two 100Mbit/s BGP connections, so I think I want something that will
do more than 100 but nowhere close to a gig. So full routing table capability
with throughput of mixed traffic around 200Mbit/s. If that makes sense. Do
the 2850s fall into that sort of price point?
Adel
On Mo
You will laugh, but the budget at the moment looks like £13k. Impossible? Do
only linux and openbsd solutions remain in the mix for this pittance?
On Sun 11:47 PM , Dale Rumph wrote:
> What does your budget look like? A pair of Cisco 7246vxr's with G1's
> sitting on the edge of the networ
51 matches
Mail list logo
