Re: Webcasting as a replacement for traditional broadcasting (was Re: Wackie 'ol Friday)

Jay Ashworth wrote: sniip And, quite aside from broadcast networks protecting the ad revenues of their contracted affiliates -- the primary reason for most of the (from an engineering standpoint) stupidity surrounding the intersection of broadcasting and new technology -- social networking is be

Re: Bogons filtering

On Jun 10, 2013 7:50 PM, "Jayram A. Deshpande" wrote: > > Hello, > > > With IPv4 being almost exhausted[1] , I am curious to know how many net admins have the Bogon filtering ACLs still hanging around ? > No bogon filters here. Retiring bogon filters is great, one less process to maintain. > G

Re: Bogons filtering

This draft is now RFC6441 and BCP 171 http://tools.ietf.org/html/rfc6441 .as On 6/10/13 11:49 PM, Jayram A. Deshpande wrote: > Hello, > > > With IPv4 being almost exhausted[1] , I am curious to know how many net > admins have the Bogon filtering ACLs still hanging around ? > > Goo

Re: Bogons filtering

Well, there's this from 2012: https://www.team-cymru.org/Services/Bogons/ - ferg On Mon, Jun 10, 2013 at 7:49 PM, Jayram A. Deshpande wrote: Hello, > > > With IPv4 being almost exhausted[1] , I am curious to know how many net > admins have the Bogon filtering ACLs still hanging around ? > >

Bogons filtering

Hello, With IPv4 being almost exhausted[1] , I am curious to know how many net admins have the Bogon filtering ACLs still hanging around ? Google even gave me this expired Internet Draft [2] that seems to have been intended as a BCP. Regards, -Jay. [1] https://www.arin.net/resources/req

RE: PRISM: NSA/FBI Internet data mining project

On Thu, 6 Jun 2013, Alex Rubenstein wrote: I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. So, you are comfortable just giving up your right to privacy? It's just the w

Re: PRISM: NSA/FBI Internet data mining project

On Mon, Jun 10, 2013 at 04:36:32PM -0700, Scott Weeks wrote: > NSA claims know-how to ensure no illegal spying: > http://thegardenisland.com/news/state-and-regional/nsa-claims-know-how-to-ensure-no-illegal-spying/article_ec623964-d23a-53c6-aeb0-14bf325a7f3c.html > > scott "We're the government. T

RE: PRISM: NSA/FBI Internet data mining project

Funny, sort of. The guy was residing in Hawaii. Apologies for the long URLs... Report: NSA contract worker is surveillance source: http://thegardenisland.com/news/state-and-regional/report-nsa-contract-worker-is-surveillance-source/article_2a88ec60-f99c-54a7-8c13-13f6852ccca6.html Hawaii rea

RE: Single AS multiple Dirverse Providers

Just to update everyone.. Already had the allowas-in setup, the end result is that the ISPs in question tier2 team did not know that they block inbound updates from their upstream(peers) from known ranges inside their network. So, the upstream was blocking the customer prefix as they thought th

Re: Single AS multiple Dirverse Providers

On Mon, 10 Jun 2013, Patrick W. Gilmore wrote: Ever tried to get a single peer set up sessions in 50+ places with 50+ ASNs? I would submit that it's very likely that someone setting up 50+ places will have gained expert level knowledge of BGP and will understand the compromises they are maki

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 2:22 PM, Patrick W. Gilmore wrote: > Is it enough to keep the standard? Or should the standard have a specific > carve out, e.g. for stub networks only, not allowing islands to provide > transit. Just a straw man. For the moment I'm not going to make a statement one way or

Re: Single AS multiple Dirverse Providers

On Mon, Jun 10, 2013 at 03:22:41PM -0400, Patrick W. Gilmore wrote: > On Jun 10, 2013, at 14:14 , Joe Provo wrote: > > On Mon, Jun 10, 2013 at 01:18:04PM -0400, Patrick W. Gilmore wrote: > >> On Jun 10, 2013, at 12:54 , Joe Provo wrote: > >>> On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burg

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 15:23 , Job Snijders wrote: >> The alternative is to expect "networks" with 100s or 1000s of locations to >> burn 100s or 1000s of ASNs. Which I think is a bit silly. Hence my question >> about possibly changing the rules. > > I see no issue with that, we have an ASN pool o

Re: Single AS multiple Dirverse Providers

Hi, > The alternative is to expect "networks" with 100s or 1000s of locations to > burn 100s or 1000s of ASNs. Which I think is a bit silly. Hence my question > about possibly changing the rules. I see no issue with that, we have an ASN pool of roughly 4294967280 ASNs. There is no shortage. Al

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 14:14 , Joe Provo wrote: > On Mon, Jun 10, 2013 at 01:18:04PM -0400, Patrick W. Gilmore wrote: >> On Jun 10, 2013, at 12:54 , Joe Provo wrote: >>> On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote: I have a network that has three peers, two are at one site

Re: Single AS multiple Dirverse Providers

On Mon, 10 Jun 2013, Joe Provo wrote: I would submit that not knowing loop detection is a default and valuable feature might indicate the person should understand why and how it affects them. And I would further submit that the lack of deep protocol knowledge is a good reason to NOT F**K wit

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 14:07 , Bruce Pinsky wrote: > Patrick W. Gilmore wrote: > > On Jun 10, 2013, at 13:36 , Bruce Pinsky wrote: > >> Or maintain "standard" behavior by running a GRE tunnel between the two > >> discontinuous sites and run iBGP over the tunnel. > > > > Standard how? I don't remem

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 12:08 PM, Patrick W. Gilmore wrote: >> however, providers a/b at site1 do not send us the two /24s from >> site b.. > > This is probably incorrect. > > The providers are almost certainly sending you the prefixes, but your router > is dropping them due to loop detection. To

Re: Single AS multiple Dirverse Providers

I wouldn't look at allowing a route in with the same AS as being non-standard. Protocol behavior has to be managed by the administrator based on their own network needs and requirements. One very common tweak that comes to mind is setting next hop self for advertising ebgp learned routes to ibgp

Re: Single AS multiple Dirverse Providers

On Mon, Jun 10, 2013 at 01:18:04PM -0400, Patrick W. Gilmore wrote: > On Jun 10, 2013, at 12:54 , Joe Provo wrote: > > On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote: > > >> I have a network that has three peers, two are at one site and the third > >> is geographically diverse, a

Re: Single AS multiple Dirverse Providers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick W. Gilmore wrote: > On Jun 10, 2013, at 13:36 , Bruce Pinsky wrote: >> Patrick W. Gilmore wrote: > however, providers a/b at site1 do not send us the two /24s from site b.. >>> >>> This is probably incorrect. >>> >>> The providers

Re: Single AS multiple Dirverse Providers

On Mon, Jun 10, 2013 at 10:08 AM, Patrick W. Gilmore wrote: > > however, providers a/b at site1 do not send us the two /24s from > > site b.. > > This is probably incorrect. > > The providers are almost certainly sending you the prefixes, but your > router is dropping them due to loop detection.

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 13:36 , Bruce Pinsky wrote: > Patrick W. Gilmore wrote: > >> however, providers a/b at site1 do not send us the two /24s from > >> site b.. > > > > This is probably incorrect. > > > > The providers are almost certainly sending you the prefixes, but your > > router is dropp

Re: Single AS multiple Dirverse Providers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Patrick W. Gilmore wrote: >> however, providers a/b at site1 do not send us the two /24s from >> site b.. > > This is probably incorrect. > > The providers are almost certainly sending you the prefixes, but your router > is dropping them due to loop

Re: Single AS multiple Dirverse Providers

On Jun 10, 2013, at 12:54 , Joe Provo wrote: > On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote: >> I have a network that has three peers, two are at one site and the third >> is geographically diverse, and there is NO connection between the two >> separate networks. > > So, you h

Re: Single AS multiple Dirverse Providers

> however, providers a/b at site1 do not send us the two /24s from > site b.. This is probably incorrect. The providers are almost certainly sending you the prefixes, but your router is dropping them due to loop detection. To answer your later question, this is the definition of 'standard' as i

Re: Single AS multiple Dirverse Providers

On Mon, Jun 10, 2013 at 9:43 AM, Joe Abley wrote: > > On 2013-06-10, at 18:36, "Dennis Burgess" wrote: > > > I have a network that has three peers, two are at one site and the third > > is geographically diverse, and there is NO connection between the two > > separate networks. > > > > Currently

Re: Single AS multiple Dirverse Providers

On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote: > I have a network that has three peers, two are at one site and the third > is geographically diverse, and there is NO connection between the two > separate networks. So, you have two islands? Technically, that would be separate ASN

Re: Single AS multiple Dirverse Providers

On 2013-06-10, at 18:43, Joe Abley wrote: > [...] neigh x.x.x.x allowas-in" on JunOS. Actually, I think that's JunOSe. Or however you capitalise it. Joe

Re: Single AS multiple Dirverse Providers

On 6/10/13 6:48 PM, joel jaeggli wrote: On 6/10/13 6:36 PM, Dennis Burgess wrote: I have a network that has three peers, two are at one site and the third is geographically diverse, and there is NO connection between the two separate networks. Currently we are announcing several /24s out one n

Re: Single AS multiple Dirverse Providers

On 6/10/13 6:36 PM, Dennis Burgess wrote: I have a network that has three peers, two are at one site and the third is geographically diverse, and there is NO connection between the two separate networks. Currently we are announcing several /24s out one network and other /24s out the second

Re: Single AS multiple Dirverse Providers

On 2013-06-10, at 18:36, "Dennis Burgess" wrote: > I have a network that has three peers, two are at one site and the third > is geographically diverse, and there is NO connection between the two > separate networks. > > > > Currently we are announcing several /24s out one network and other /

Single AS multiple Dirverse Providers

I have a network that has three peers, two are at one site and the third is geographically diverse, and there is NO connection between the two separate networks. Currently we are announcing several /24s out one network and other /24s out the second network, they do not overlap. To the internet

RE: PRISM: NSA/FBI Internet data mining project

> How would you tap a few TBit/s so that you can filter it down to where you can look it at layer 7 in ASICs, and filter out something to a more manageable data rate? Well "lawful-intercept" is on by default. And you don't get to worry about the L7 and filtering/parsing -that's done by the black b

RE: PRISM: NSA/FBI Internet data mining project

>Happily, none of the companies listed are transport networks: I believe it's logical that government turned to biggest US based ISPs with request to help monitoring communication channels after 2001 events, as back in those days facebook was not around and google was not as prevalent. But to b

RE: Mechanics of CALEA taps

The only calea intercept I watched take place was with a system made by Sandvine.. And it was pretty shocking. Sent from my Mobile Device. Original message From: Dennis Burgess Date: 06/10/2013 6:25 AM (GMT-08:00) To: Randy Fischer ,nanog@nanog.org Subject: RE: Mechanics of

Re: Rep: ncnet

On 6/10/2013 11:00 AM, Larry Stites wrote: Too many of us look upon Americans as dollar chasers. As an Objectivist, I resemble this. I still hate having to agree with a spammer though :( Andrew

Re: PGP/SSL/TLS really as secure as one thinks?

On Fri, Jun 7, 2013 at 8:25 AM, Joe Abley wrote: > > On 2013-06-07, at 11:14, Jeroen Massar wrote: > > > On 2013-06-07 06:50, Dan White wrote: > > [..] > > > > A nice 'it is Friday' kind of thought > > > >> OpenPGP and other end-to-end protocols protect against all nefarious > >> actors, inc

RE: Mechanics of CALEA taps

While its possible to do this, you would have to have a device that would not impact performance typically at every exit point, but in a perfect world it would be on the clients CPE device!Our wireless CPE's can do this.I would not that a business model to not bill until a request is com

Re: PGP/SSL/TLS really as secure as one thinks?

On 2013-06-07, at 11:14, Jeroen Massar wrote: > On 2013-06-07 06:50, Dan White wrote: > [..] > > A nice 'it is Friday' kind of thought > >> OpenPGP and other end-to-end protocols protect against all nefarious >> actors, including state entities. > > If you can't trust the entities where y

Re: PRISM: NSA/FBI Internet data mining project

On Mon, Jun 10, 2013 at 11:10:57AM +0300, Kauto Huopio wrote: > I would add opportunistic STARTTLS to all SMTP processing devices. What we actually need is working opportunistic encryption in IPv6, something like http://www.inrialpes.fr/planete/people/chneuman/OE.html

Re: PRISM: NSA/FBI Internet data mining project

I would add opportunistic STARTTLS to all SMTP processing devices. --Kauto On Mon, Jun 10, 2013 at 12:23 AM, William Herrin wrote: > On Thu, Jun 6, 2013 at 9:28 PM, Leo Bicknell wrote: > > While there's a whole political aspect of electing people who pass > > better laws, NANOG is not a polit