On 29 Apr 2012, at 22:50, Nick Hilliard wrote:
On 28/04/2012 14:04, Alex Band wrote:
At RIPE 63, six months ago, the RIPE NCC membership got a chance to vote
on RPKI at the general meeting. The result was that the RIPE NCC has the
green light to continue offering the Resource Certification
Why not use a standard Cisco router or Asa for the routing and VPN and put a
riverbed steelhead on both ends to do Tcp optimization and compression.
On Apr 30, 2012, at 5:42 AM, Rens r...@autempspourmoi.be wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works
IPSec does not run well over satellite since the TCP headers are also
encrypted
-Original Message-
From: Gmail [mailto:jason.tre...@gmail.com]
Sent: maandag 30 april 2012 13:30
To: Rens
Cc: nanog@nanog.org
Subject: Re: VPN over satellite
Why not use a standard Cisco router or Asa for
I did developed my own accelerator in 2006(globax) and have customers
till now, but only for one-way ISP's in CIS region, and partially Europe
(Germany). Sure worked with satellite internet all that years.
But since i am not interested to advertise it here(working only for
ISPs), i will mention
free dinner at nanog/van for anyone who can explain how the dnssec
approach meets the defcon attack. hint: it is a path attack, not an
origin attack, and the dns pidgeon has no hooks to path attack
prevention. at ripe, joe gersh asked me for an example of a path attack
and i told him of
On Mon, Apr 30, 2012 at 09:41:51AM -0400,
Russ White ru...@riw.us wrote
a message of 60 lines which said:
Neither a DNS based solution nor the RPKI will resolve path attacks,
I want to be sure of the terminology: what is deployed presently is
the bundle RPKI+ROA. As their name say, ROA can
I want to be sure of the terminology: what is deployed presently is
the bundle RPKI+ROA. As their name say, ROA can only be used against
origin attacks. But RPKI can be used for other things than RPKI+ROA,
including BGP-sec (against path-based attacks), no?
wfm
Neither a DNS based solution nor the RPKI will resolve path attacks,
I want to be sure of the terminology: what is deployed presently is
the bundle RPKI+ROA. As their name say, ROA can only be used against
origin attacks. But RPKI can be used for other things than RPKI+ROA,
including
Reality check: I don't know that this is all that important, in the end.
So long as you can use an IGP locally with a default route to reach a
copy of the database, whether it be based on DNS, an RPKI, or anything
else, then you can bootstrap your EGP routing. If everything goes down
at the
Brandon Butterworth (brandon) writes:
or you wait for the Elders of the Internet to visit with blessings
http://www.youtube.com/watch?v=iDbyYGrswtg
Didn't randy just chime in ?
On Apr 28, 2012, at 6:34 AM, Alex Band wrote:
All in all, RPKI has really good traction and with native router support in
Cisco, Juniper and Quagga, this is only getting better.
We should be more careful with statements such as this, they're conflating
important things that add to the
Danny,
just one more comment.
So named vendor's support can be the worst case when there are no practical
ways to deploy and it is absolutely
not clear - should we follow this hierarchical model - I think it is the key
point as we pushed ourselves by inertia to this way of thinking.
Imho -
We need more flexible, distributed architecture behind - no matter -
which interests will be lobbied as we have got already.
as i agree that there is a problem, i *very* eagerly await your proposal
randy
Personally I find the BitTorrent approach interesting.
Jared Mauch
On Apr 30, 2012, at 11:46 AM, Randy Bush ra...@psg.com wrote:
We need more flexible, distributed architecture behind - no matter -
which interests will be lobbied as we have got already.
as i agree that there is a problem,
Randy -
you know that I'm enough stupid- means straightforward -
may be the way is not only technical (recomendations design) - but also to
combine with some policy changes as
splitting allocations and assignments (may be changing who is responsible for
what?)
Or we follow the traditional
Hi
I am looking for a few RUs / ¼ rack (~20Amps of VAC) in a carrier neutral
location with 24x365 smart hands service at 2001 6th Ave in Seattle.
Any recommendations?
Thanks in advance
Eric RR Morin
Internetwork Designer
IP Network Engineering Carrier Relations
XplorNet Communications
On Fri, 27 Apr 2012, Chris Adams wrote:
I don't think that will work, because there's an automatic direct route
for fe80::/64 to all interfaces with family inet6 configured. The only
way I see around it is to apply a firewall filter to all IPv6 interfaces
that blocks anything with a source in
Does it absolutely need to be at the Westin ?
If 'within downtown Seattle' is acceptable, you might try 'DFCOLO.COM' as they
are over at 3101 Western Ave.
-Original Message-
From: Eric Morin [mailto:eric.mo...@corp.xplornet.com]
Sent: Monday, April 30, 2012 11:06 AM
To: nanog@nanog.org
* Alex Band:
All in all, for an RPKI-specific court order to be effective in
taking a network offline, the RIR would have to tamper with the
registry, inject false data and try to make sure it's not detected
so nobody applies a local override.
Please keep in mind that this is what's
Hi Eric - The SIX has a list of co-lo vendors on our website:
http://www.seattleix.net/join.htm#colo-circuit
Good luck.
Nikos Mouat
On Mon, 30 Apr 2012, Eric Morin wrote:
Hi
I am looking for a few RUs / ¼ rack (~20Amps of VAC) in a carrier neutral
location with 24x365 smart hands service
On 4/30/12 2:36 PM, Justin M. Streiner strei...@cluebyfour.org wrote:
On Fri, 27 Apr 2012, Chris Adams wrote:
I don't think that will work, because there's an automatic direct route
for fe80::/64 to all interfaces with family inet6 configured. The only
way I see around it is to apply a
On Mon, Apr 30, 2012 at 11:51 AM, Jared Mauch ja...@puck.nether.net wrote:
Personally I find the BitTorrent approach interesting.
this conflates the 2 (at least!) topics here:
1) distribution of repository data
2) heirarchy of authority for the data which is in the repository
-chris
On
Most satellite modems offer built in TCP acceleration options heavily
optimized for VSAT use and an encryption option (proprietary to their
hardware only) which is probably your best bet. You can then use
traditional encryption to your satellite provider (or take Ethernet handoff
at the satellite
You can then use
traditional encryption to your satellite provider (or take Ethernet handoff
at the satellite earth station with co-located equipment, if appropriate).
True...except for most audit/regulatory purposes, having the traffic
unencrypted in any part of the chain is unacceptable.
Just
24 matches
Mail list logo