On 5/Mar/19 08:26, Mark Andrews wrote:
> It does work as designed except when crap middleware is added. ECMP
> should be using the flow label with IPv6. It has the advantage that
> it works for non-0-offset fragments as well as 0-offset fragments and
> also works for transports other than TCP
> On 5 Mar 2019, at 5:18 pm, Mark Tinka wrote:
>
>
>
> On 5/Mar/19 00:25, Mark Andrews wrote:
>
>>
>> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
>> they have installed broken ECMP devices. The simplest way to do that
>> is to set the interface MTUs to 1280 on all
On 5/Mar/19 00:25, Mark Andrews wrote:
>
> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
> they have installed broken ECMP devices. The simplest way to do that
> is to set the interface MTUs to 1280 on all the servers. Why should
> the rest of the world have to put up
> On 5 Mar 2019, at 6:06 am, Saku Ytti wrote:
>
> Hey Jean,
>
>>I confess using IPv6 behind a 6in4 tunnel because the "Business-Class"
>> service
>>of the concerned operator doesn't handle IPv6 yet.
>>
>>as such, I realised that, as far as I can figure, ICMPv6 packet "too-big"
Hey Thomas,
> switches connected to end-user/customer gear: never ever.
> switch to server interfaces: only to servers of teams you can trust.
> temporarily enable to untrusted teams if you'd need to order remote
> hands to lookup the exact cabling in case of problems.
What are the problems in
Hey Jean,
> I confess using IPv6 behind a 6in4 tunnel because the "Business-Class"
> service
> of the concerned operator doesn't handle IPv6 yet.
>
> as such, I realised that, as far as I can figure, ICMPv6 packet "too-big"
> (rfc 4443)
> seem to be ignored or filtered at ~60%
John,
I have used supportrequ...@hulu.com prior. Not sure if this is valid anymore.
-Eddie
> On Feb 28, 2019, at 12:33 PM, John Alcock wrote:
>
> Afternoon,
>
> I have searched the forums and have had no luck.
>
> We have just received a new block of ip's. None of my subscribers can
On Mon, 4 Mar 2019 01:42:02 +
Joshua Miller wrote:
> A while back I read somewhere that transit providers shouldn't delete
> communities unless the communities have a specific impact to their
> network, but my google-fu is failing me and I can't find any sources.
Perhaps you're referring to
> On Feb 26, 2019, at 1:34 PM, James Renken via NANOG wrote:
>
> On Feb 25, 2019, at 5:20 AM, Bill Woodcock wrote:
>> We know that neither Comodo nor Let's Encrypt were DNSSEC validating before
>> issuing certs.
>
> I’d like to clarify that Let’s Encrypt has always validated DNSSEC, dating
Hello everybody,
A while back I read somewhere that transit providers shouldn't delete
communities unless the communities have a specific impact to their network,
but my google-fu is failing me and I can't find any sources.
Is this still the case? Does anyone have a source for the practice of
On 2019-03-03 20:13, Mark Tinka wrote:
>
>
> On 3/Mar/19 18:05, Jeroen Massar wrote:
>
>> IPv6 requires a minimum MTU of 1280.
>>
>> If you cannot transport it, then the transport (the tunnel in this case)
>> needs to handle the fragmentation of packets of 1280 down to whatever does
>> fit in
On 2019-03-03 11:31, Mark Tinka wrote:
[..]
> Across the 6-in-4 tunnel, the tested MTU is 1,232 for IPv6.
IPv6 requires a minimum MTU of 1280.
If you cannot transport it, then the transport (the tunnel in this case) needs
to handle the fragmentation of packets of 1280 down to whatever does fit
A little more on the "it depends"
switches connected to end-user/customer gear: never ever.
switch to switch, switch to router interfaces: yes, to validate cabling
and resolve problems as quickly as possible.
switch to server interfaces: only to servers of teams you can trust.
temporarily
Afternoon,
I have searched the forums and have had no luck.
We have just received a new block of ip's. None of my subscribers can get
to Hulu. I have started updating all the major GeoIP Databases.
I figure I need to get Hulu to update their database. Of course calling
regular support is
+1 on it depends. IMO, I would prefer LLDP vs. a vendor proprietary discovery
protocol. Where you intend to run it in your network is a major factor for
risk.
Also, you forgot to add LLDP-MED to #5 (but it might not be relevant to your
services).
-Eddie
> On Feb 28, 2019, at 1:27 AM,
Team,
We are having issues in our Virginia US office & it shows geolocation in all
browsers as Canada instead of US region when we access news.google.com in our
PC.
Our public ip is 129.46.232.65. This issue is being observed for more than 2
month.
Can you help to whom we can contact to
hello,
I confess using IPv6 behind a 6in4 tunnel because the "Business-Class"
service
of the concerned operator doesn't handle IPv6 yet.
as such, I realised that, as far as I can figure, ICMPv6 packet "too-big"
(rfc 4443)
seem to be ignored or filtered at ~60% of
Hi,
Can someone with amzn-noc contact me off list regarding
AWS-ZOOMVIDEOCOMMUNICATIONS.
Thx
Luiz
Luiz Rosas
Sr. Network Engineer
Race Communications
Phone: +1 415-376-3327
luiz.ro...@race.com / www.race.com
On Feb 25, 2019, at 1:16 PM, Hank Nussbacher wrote:
> Yes if an attacker pwned the DNS then game over no matter what. I go
> under the assumption that the attacker was not able to take over the DNS
> system but rather other things along the way, in which case CAA should
> be of some
On Feb 25, 2019, at 5:20 AM, Bill Woodcock wrote:
> We know that neither Comodo nor Let's Encrypt were DNSSEC validating before
> issuing certs.
I’d like to clarify that Let’s Encrypt has always validated DNSSEC, dating to
before we issued our first publicly trusted certificate in September
> On 26 Feb 2019, at 21:58, Bill Woodcock wrote:
>
>
>
>> On Feb 26, 2019, at 8:12 AM, John Levine wrote:
>>
>> In article
>> you
>> write:
>>> Swapping the DNS cabal for the CA cabal is not an improvement. Right? They
>>> are really the same arbitraging rent-seekers, just different
Sorry for the noise,
Can anyone in digitalocean contact me off-list.
I'm having what I believe to be a networking issue with three new droplets
that doesn't appear on older droplets out of the Frankfurt datacenter and I
can't seem to break through level 1 support.
Would be appreciated.
Marc
https://teamarin.net/2019/02/27/getting-ready-for-the-big-reveal/
From: NANOG On Behalf Of
Mitcheltree, Harold B
Sent: Wednesday, February 27, 2019 11:59 AM
To: John Curran ; nanog list
Subject: Re: FYI - Major upgrade this weekend to www.arin.net and ARIN Online
Link fails -
ARTICLE NOT
On 2/21/19 1:07 AM, Brielle Bruns wrote:
> Can you believe its been _36_ years since the first version of sendmail?
>
> *holds up a glass of maker's mark*
>
> To the people who made the internet possible. Cheers!
To those that are bringing back memories, Cheers!
ALAN AT NCSUVM,
I'm still running it on my private email server in my basement, on
FreeBSD. Some things just work.
--
Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474
On Wed, Feb 20, 2019 at 10:08 PM Brielle Bruns wrote:
> On 2/20/2019 4:25 PM, Suresh Ramasubramanian wrote:
> > I've tried never to hand
On Mon, Mar 4, 2019 at 10:02 AM Mark Tinka wrote:
> > Can we make a short rule that says: For ICMP, *ALLOW* *ALL* unless you do
> > have a very specific and motivated reason to block some types.
> > I would even go as far as "allow all icmp from any to any" (and if possible
> > as the first
On 4/Mar/19 09:12, Radu-Adrian Feurdean wrote:
> Can we make a short rule that says: For ICMP, *ALLOW* *ALL* unless you do
> have a very specific and motivated reason to block some types.
> I would even go as far as "allow all icmp from any to any" (and if possible
> as the first firewall
27 matches
Mail list logo
