RE: Microsoft Product Activation server reachability

So the ICMP message "communication prohibited by filter" must be a normal response to ICMP ping through that gateway. Unfortunately, it's not completely fixed yet, but I'm guessing by this measure of progress that they must be working on it. I now get HTTP 403 in response to any request I send

Re: Microsoft Product Activation server reachability

Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton wrote: > - Original Message - >

Re: Microsoft Product Activation server reachability

- Original Message - > From: "Nathan Anderson" > To: "nanog@nanog.org" > Sent: Thursday, January 10, 2013 11:24:16 PM > Subject: Microsoft Product Activation server reachability > > Anybody else having a problem reaching (what appears to be) the sole > Microsoft Product Activation server

Re: Microsoft Product Activation server reachability

I have just tested from Singapore [root@trinity ~]# ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.37 icmp_seq=1 Packet filtered From 213.199.189.37 icmp_seq=6 Packet filtered [root@trinity ~]# telnet wpa.one.microsoft.com 443 Trying

Re: [SHAME] Spam Rats

Mail is all this discussion is in the context of On Friday, January 11, 2013, Karl Auer wrote: > On Thu, 2013-01-10 at 20:23 +0530, Suresh Ramasubramanian wrote: > > Unused space generally gets a $generate type generic scripted runs which > > could be whatever, like ip-ad-dr-ess.example.com > >

Microsoft Product Activation server reachability

Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this so

Re: [SHAME] Spam Rats

> Date: 10 Jan 2013 20:57:25 - > From: "John Levine" > Subject: Re: [SHAME] Spam Rats > > >*.4.4.3.0.5.a.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR a.node.on.vlan344.namn.se. > > > >...will work just fine, for instance. > > Since there is no record for a.node.on.vlan344.namn.se., this > won't wor

Re: [SHAME] Spam Rats

Mail is all this discussion is in the context of On Friday, January 11, 2013, Karl Auer wrote: > On Thu, 2013-01-10 at 20:23 +0530, Suresh Ramasubramanian wrote: > > Unused space generally gets a $generate type generic scripted runs which > > could be whatever, like ip-ad-dr-ess.example.com > >

Re: [SHAME] Spam Rats

On Thu, 2013-01-10 at 20:23 +0530, Suresh Ramasubramanian wrote: > Unused space generally gets a $generate type generic scripted runs which > could be whatever, like ip-ad-dr-ess.example.com Nothing that actually stores actual RRs will scale to the number of addresses available in IPv6. If you w

Re: [SHAME] Spam Rats

On 1/10/13 12:59 PM, John Levine wrote: IMHO mail is one of the easiest "first things" to turn on for IPv6. You can certainly turn it on, and it will work at the current toy scale, but nobody has a clue how we're going to scale IPv4 spam management up for large scale IPv6. Anything that's obvio

Re: [SHAME] Spam Rats

On 01/10/2013 02:59 PM, John Levine wrote: IMHO mail is one of the easiest "first things" to turn on for IPv6. You can certainly turn it on, and it will work at the current toy scale, but nobody has a clue how we're going to scale IPv4 spam management up for large scale IPv6. Anything that's ob

Re: [SHAME] Spam Rats

>IMHO mail is one of the easiest "first things" to turn on for IPv6. You can certainly turn it on, and it will work at the current toy scale, but nobody has a clue how we're going to scale IPv4 spam management up for large scale IPv6. Anything that's obvious won't work.

Re: [SHAME] Spam Rats

>*.4.4.3.0.5.a.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR a.node.on.vlan344.namn.se. > >...will work just fine, for instance. Since there is no record for a.node.on.vlan344.namn.se., this won't work fine in any rDNS check I'm aware of. You are aware that useful rDNS has to have matching forward DNs,

Re: [SHAME] Spam Rats

On Jan 9, 2013, at 20:18 , Mark Foster wrote: > On 10/01/13 17:15, Karl Auer wrote: >> On Wed, 2013-01-09 at 21:14 -0600, Otis L. Surratt, Jr. wrote: >>> FYI - I have a PTR for all IPs. Just general practice. >> All IPs actually in use, or all possible IPs in a network? If the >> latter, then it

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 12:08 PM, Jared Mauch wrote: > > > > Not sure about you, but I've used the ability for a POTS line to either > ring or give me a modem tone to determine the power status at the site. > > - Jared > When I worked in the BBN NOC, we used the customers fax line to determine i

Re: [SHAME] Spam Rats

On Wed, Jan 9, 2013 at 10:49 PM, Julian DeMarchi wrote: > At least one company uses spamrats. That's how it got escalated to me. Hi Julian, A couple of thoughts for you: 1. Spam Rats is a non-entity and anyone blocking email solely on Spam Rats' information is a fool. You can't be responsible f

Re: [SHAME] Spam Rats

Just as a data point (and to initiate my semi-annual 'I'm still here' email), we of course check for and require PTRs for all of our email accreditation customers, many of which are ESPs, and you would be *shocked* (or maybe you wouldn't) how many otherwise relatively clueful and 'wanting to do

Re: [SHAME] Spam Rats

ARGH, ok, enough with: They can have any policy they like, it's their equipment and no one is being forced to use them. That's tacit, I'd hope. Doesn't mean people can't do dopey things well within their rights and maybe sounding it out would give them some clue, or at least warn others to stay

Re: OOB core router connectivity wish list

On (2013-01-10 11:52 -0600), Charles N Wyble wrote: > I have every device hooked to this. Pdus, routers, switches, vm, storage > servers. That allows me to get console and power cycle every device. > > What more would I want? Dialup means I need to be in a place I can hook up a > modem. Not t

Re: OOB core router connectivity wish list

I have a Cyclades acs-48 console server. Direct power and Ethernet drop from the ceiling with a public ip. In my subnet, but not through my routers/switches or pdus. Completely out of band, except for relying on colo power/net, which if that's not up then oob is worthless to me anyway. I have e

Re: OOB core router connectivity wish list

On (2013-01-10 12:08 -0500), Jared Mauch wrote: > Not sure about you, but I've used the ability for a POTS line to either ring > or give me a modem tone to determine the power status at the site. So the modem is not PSTN powered, so if it responds, pop must be powered? Wouldn't any old CPE on an

Re: OOB core router connectivity wish list

Antenna is pretty small now. Can back haul all alarms privately, single hop back to the teleport. Very low power consumption, and very decent throughput (we can run 100mbps+ these days, which is pricey). >From my Galaxy Note II, please excuse any mistakes. Original message F

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 12:16 PM, Warren Bailey wrote: > Why is Satellite not a good OOB option? Sometimes it is, and a larger colo could probably make another few nickles selling connections to an OOB access network which included, as one of the ways in, a satellite link. Regards, Bill Herrin

Re: OOB core router connectivity wish list

On 10/01/2013 16:52, Saku Ytti wrote: > If POP is powerless, where will be POTS powered RS232 Modem connect to? To the same power feed as the router you're trying to rescue. If that feed has no power, it's time to take out the gerbil wheel. Nick

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 12:16 PM, Warren Bailey wrote: > Why is Satellite not a good OOB option? > inside iron boxes satellite signal is 'hard'. getting a roof mounted antenna is extra cost/complexity. or so some thinking goes.

Re: OOB core router connectivity wish list

Why is Satellite not a good OOB option? >From my Galaxy Note II, please excuse any mistakes. Original message From: William Herrin Date: 01/10/2013 8:20 AM (GMT-08:00) To: Randy Carpenter Cc: nanog@nanog.org Subject: Re: OOB core router connectivity wish list On Thu, Jan 1

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 11:41 AM, Randy Whitney wrote > > > Nothing beats POTS in a broad power outage scenario. Numerous power > outages have taken down mobile service completely while the POTS lines > stayed up as it carries its own power by design. > -- > Randy > It's been a while since I've tr

Re: OOB core router connectivity wish list

On Jan 10, 2013, at 11:52 AM, Saku Ytti wrote: > On (2013-01-10 11:41 -0500), Randy Whitney wrote: > >> Nothing beats POTS in a broad power outage scenario. Numerous power >> outages have taken down mobile service completely while the POTS >> lines stayed up as it carries its own power by desig

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 11:41 AM, Randy Whitney wrote: > Nothing beats POTS in a broad power outage scenario. Numerous power outages > have taken down mobile service completely while the POTS lines stayed up as > it carries its own power by design. Carries it from somewhere that has to remain pow

Re: OOB core router connectivity wish list

On (2013-01-10 11:41 -0500), Randy Whitney wrote: > Nothing beats POTS in a broad power outage scenario. Numerous power > outages have taken down mobile service completely while the POTS > lines stayed up as it carries its own power by design. Is your RS232 Modem POTS powered? If POP is powerle

Re: OOB core router connectivity wish list

On 1/10/2013 11:18 AM, William Herrin wrote: On Thu, Jan 10, 2013 at 1:24 AM, Randy Carpenter wrote: On Wed, 9 Jan 2013, Randy Carpenter wrote: My main requirements would be: 1. Something that is *not* network (ethernet or otherwise) (isn't that the point of OOB?) I don't understand this at

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 1:24 AM, Randy Carpenter wrote: >> On Wed, 9 Jan 2013, Randy Carpenter wrote: >> > My main requirements would be: >> > >> > 1. Something that is *not* network (ethernet or otherwise) (isn't >> > that the point of OOB?) >> >> I don't understand this at all. Why can't an OOB

Re: [SHAME] Spam Rats

On 1/10/2013 9:53 AM, Suresh Ramasubramanian wrote: Unused space generally gets a $generate type generic scripted runs which could be whatever, like ip-ad-dr-ess.example.com If the IP address hasn't been assigned to example.com, why would make a DNS entry that

Re: OOB core router connectivity wish list

On 01/10/2013 07:02 AM, Jared Mauch wrote: On Jan 10, 2013, at 9:51 AM, Mikael Abrahamsson wrote: I certainly want to use something more modern, having run Xmodem to load images into devices or net-booted systems with very large images in the past… I've seen all sorts of creative ways to do t

Re: [SHAME] Spam Rats

On Thu, Jan 10, 2013 at 3:45 PM, Dave Sparro wrote: > What label would you suggest be used for PTR records in unassigned space? > Some fixed string like "unassigned."? This would make it obvious that something is wrong if ever it leaks out. -- Matthias

Re: [SHAME] Spam Rats

On Jan 10, 2013, at 10:17 AM, "Jima" wrote: > On Thu, January 10, 2013 7:53 am, Suresh Ramasubramanian wrote: >> As for v6 how popular do you see it getting for mail? > > Are you implying that when the internet otherwise moves on to IPv6, we'll > still inexplicably use IPv4 for mail? IMHO mail

PTRs for IPv6 (was Re: [SHAME] Spam Rats)

RE: PTRs for IPv6, see http://tools.ietf.org/html/draft-howard-isp-ip6rdns-05 I've had many excellent suggestions for updates to it, which I intend to treat in the next couple of weeks. I don¹t cover PTRs for servers, because I don't see a scalability problem. However, I don't think I understand t

Re: [SHAME] Spam Rats

On Thu, January 10, 2013 7:53 am, Suresh Ramasubramanian wrote: > As for v6 how popular do you see it getting for mail? Are you implying that when the internet otherwise moves on to IPv6, we'll still inexplicably use IPv4 for mail? Jima

Re: OOB core router connectivity wish list

On (2013-01-10 09:54 -0500), Jared Mauch wrote: > > I don't think you can get ethernet and transport out-of-the-area in > > some places at a reasonable cost, so having serial-console I think is > > still a requirement. > > Some of the POTS carriers are trying to jettison their equipment before th

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 9:51 AM, Mikael Abrahamsson wrote: > On Thu, 10 Jan 2013, Christopher Morrow wrote: > >>> - rs232: please no. it's 2013. I don't want or need a protocol >>> which >>> was designed for access speeds appropriate to the 1980s. >> >> >> I don't think you can get ether

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 9:44 AM, wrote: >> I don't think you can get ethernet and transport out-of-the-area in >> some places at a reasonable cost, so having serial-console I think is >> still a requirement. > > TDM is disappearing quickly in at least some parts of the world. We > may not be quit

Re: OOB core router connectivity wish list

On Jan 10, 2013, at 9:51 AM, Mikael Abrahamsson wrote: > On Thu, 10 Jan 2013, Christopher Morrow wrote: > >>>- rs232: please no. it's 2013. I don't want or need a protocol >>> which >>> was designed for access speeds appropriate to the 1980s. >> >> I don't think you can get ethernet

Re: OOB core router connectivity wish list

On (2013-01-10 09:35 -0500), Christopher Morrow wrote: > I don't think you can get ethernet and transport out-of-the-area in > some places at a reasonable cost, so having serial-console I think is > still a requirement. I don't understand this point. Where does your RS232 port go? It goes to Cons

Re: OOB core router connectivity wish list

On Jan 10, 2013, at 9:35 AM, Christopher Morrow wrote: >> >>- rs232: please no. it's 2013. I don't want or need a protocol which >> was designed for access speeds appropriate to the 1980s. > > I don't think you can get ethernet and transport out-of-the-area in > some places at a reas

Re: [SHAME] Spam Rats

Unused space generally gets a $generate type generic scripted runs which could be whatever, like ip-ad-dr-ess.example.com Not rid unallocated space, not that there's much of it in v4 As for v6 how popular do you see it getting for mail? On Thursday, January 10, 2013, Dave Sparro wrote: > On 1/

Re: OOB core router connectivity wish list

On Thu, 10 Jan 2013, Christopher Morrow wrote: - rs232: please no. it's 2013. I don't want or need a protocol which was designed for access speeds appropriate to the 1980s. I don't think you can get ethernet and transport out-of-the-area in some places at a reasonable cost, so having

Re: [SHAME] Spam Rats

On 1/9/2013 10:06 PM, Suresh Ramasubramanian wrote: > Who uses it? Or did you see your IP listed in one of those multiple dnsbl > query sites and contacted them on general principles even though you didn't > see any actual bounced email that could be traced to a spam rats listing? > > That said, it

Re: OOB core router connectivity wish list

> I don't think you can get ethernet and transport out-of-the-area in > some places at a reasonable cost, so having serial-console I think is > still a requirement. TDM is disappearing quickly in at least some parts of the world. We may not be quite there yet, but I think it's entirely reasonable

Re: OOB core router connectivity wish list

On Thu, Jan 10, 2013 at 9:10 AM, Nick Hilliard wrote: > - netflow: seriously, this is not an appropriate sort of port of > exporting > netflow. this is a "your RP is toast" recovery mechanism, at which point > netflow is probably long gone. it's possible that roland was saying that the

Re: OOB core router connectivity wish list

On 10/01/2013 13:51, Jared Mauch wrote: > We have encountered cases where a vendor TFTP implementation + latency > from the ROMMON can take a few hours to load images. I'm for ditching > TFTP and replacing it with HTTP. This forces them to put in a TCP > stack, and hopefully something that can wi

Re: OOB core router connectivity wish list

I absolutely agree that USB is a bad way to go with this, as well as web management. I have no interest in trying to use some terrible web app to bring a network back up when simple 300 baud would suffice. I've got no problem with telnet/ssh, although I hate the idea of needing to know an ip addre

Re: OOB core router connectivity wish list

On (2013-01-10 08:57 -0500), Jared Mauch wrote: > I am very much against USB consoles. there can be a whole plethora of issues > involved from OS-level to the device-level. When I'm on the console, things > have already gone bad. I don't need to find out if the vendor has the right > 'entitl

Re: OOB core router connectivity wish list

On Jan 9, 2013, at 12:34 PM, Saku Ytti wrote: > Having RS232 or USB console on forwarding-plane is not OOB. And even OOB > version of these is of limited value, you can't send images over them, you > can't multiplex over them and RS232 OOB 'server' costs more than switch. So > you get less and y

Re: OOB core router connectivity wish list

On Jan 9, 2013, at 11:18 AM, William Herrin wrote: >> [P1]: It should be possible to transfer data using tftp, ftp and scp (ftp >> client on the OOB device, scp being used to transfer data *to* the device >> (OOB being scp server). > > For security and performance reasons, FTP has no place in a

Re: [SHAME] Spam Rats

On 10 Jan 2013, at 6:41 AM, Mark Andrews wrote: > No. A /64 has 18,446,744,073,709,551,616 addresses. Even if you > had machines that supported zettabytes of data the zone would never > load in human lifetimes. Because hitting things in memory is the only way we can ever respond to a data reque

Re: [SHAME] Spam Rats

On Wed, Jan 09, 2013 at 09:27:17PM -0600, Chris Boyd wrote: > We're small shop, but our policy is not to accept email from addresses > without PTRs. And we have a long list of pool/dhcp/dyn/resnet PTRs we > don't accept mail from as well. This is (and has been) a best practice for most of a decad

Re: [SHAME] Spam Rats

On Thu, Jan 10, 2013 at 01:10:48PM +1000, Julian DeMarchi wrote: > On 01/10/2013 01:06 PM, Suresh Ramasubramanian wrote: > > Who uses it? Or did you see your IP listed in one of those multiple dnsbl > > query sites and contacted them on general principles even though you didn't > > see any actual b

Re: OOB core router connectivity wish list

On (2013-01-10 10:48 +), Dobbins, Roland wrote: > No it isn't, any more than SNMP is a task for those interfaces. Sending flowrecords to your slow ppc CPU just to allow export in non-HW interface is silly, when HW can export it directly, without ever hitting your control-plane. Polling SNMP i

Re: OOB core router connectivity wish list

On Thu, 10 Jan 2013, Dobbins, Roland wrote: Of course you do - else you're deaf, dumb, and blind at precisely the time you most need complete network visibility, i.e., during a disruptive event of some sort. You and me seem to talk about different types of disasters. In my type of disaster,

Re: OOB core router connectivity wish list

On Jan 10, 2013, at 6:15 AM, Mikael Abrahamsson wrote: > I definitely do not want SNMP and netflow on my disaster recovery OOB network. Of course you do - else you're deaf, dumb, and blind at precisely the time you most need complete network visibility, i.e., during a disruptive event of some

Re: OOB core router connectivity wish list

On Thu, 10 Jan 2013, Dobbins, Roland wrote: No it isn't, any more than SNMP is a task for those interfaces. Well, then what you're looking for is not what we're looking for (?). You seem to want the type of classic mgmt ethernet currently residing on high end router platforms (on the RP) and

Re: OOB core router connectivity wish list

On Jan 10, 2013, at 2:15 AM, Saku Ytti wrote: > That is task for on-band interfaces, which attach to your forwarding-logic. No it isn't, any more than SNMP is a task for those interfaces. > To export flow, you need port to be connected to your forwarding hardware, > not control-plane and certa

RE: OOB core router connectivity wish list

>"CMP" this is what we need. +1000