On 03/26/2014 11:14 PM, Owen DeLong wrote:
Why not just use private VLAN layer 2 controls for the privacy you describe?
The technology I know of is what cisco calls 'protected ports' - My
understanding is that those simply mean you can't pass traffic to or
from other 'protected ports' - I
It might make sense to just give everyone their own vlan and their own /64;
that would, of course, bring its own problems and complexities (namely that
I've gotta have the capability to deal with more customers than I can have
native vlans - not impossible to get around, but significant
On 03/24/2014 06:18 PM, Owen DeLong wrote:
DHCPv6 is no less robust in my experience than DHCPv4.
ARP and ND have mostly equivalent issues.
This depends a lot on what you mean by 'robust'
Now, I have dealt with NAT, and I see IPv6 as a technology with the
potential to make my life less
On 03/26/2014 03:49 PM, Matt Palmer wrote:
On Wed, Mar 26, 2014 at 10:55:03AM -0700, Luke S. Crawford wrote:
There are many ways to skin this cat; stateless autoconfig looks
like it mostly works, but privacy extensions seem to be the default
in many places; outgoing IPv6 from those random
On 08/29/2013 07:43 PM, Blake Dunlap wrote:
+10 Good explanation.
This is a lot of why I have someone like Cogent/L3/etc and some random
transit provider in most of my pops I spec, plus a backhaul to another node.
...
One thing to keep in mind is that for major Tier 1s, it's not at all
I also have had good experience with (used) servertech/century/power
tower (I think all the same brand) - very inexpensive; if you are in
santa clara I have some spare 2u 16 port 208v (20a/c19) units.
Here is something a buddy wrote up when we were wiring them to the
user-accessable power
On Wed, Jun 06, 2012 at 07:43:42PM -0700, Aaron C. de Bruyn wrote:
Why haven't we taken this out of the hands of website operators yet?
Why can't I use my ssh-agent to sign in to a website just like I do
for about hundred servers, workstations, and my PCs at home?
One local password used
On Sun, May 27, 2012 at 12:34:22PM +1000, Matthew Palmer wrote:
On Sat, May 26, 2012 at 09:39:16PM -0400, Luke S. Crawford wrote:
On Sat, May 26, 2012 at 10:06:03AM +1000, Matthew Palmer wrote:
... Feel free to turn the process around -- decide what
the service is worth to you, tell
On Sat, May 26, 2012 at 10:06:03AM +1000, Matthew Palmer wrote:
We pay what our providers think they can get away with. Like most pricing
decisions, they're not based on any technical logic, they're based on what
the market will bear. Feel free to turn the process around -- decide what
the
On Thu, May 24, 2012 at 08:50:47AM -0400, not common wrote:
Hello,
I am looking for some guidance on full packet inspection at the ISP level.
Is there any regulations that prohibit or provide guidance on this?
Unless you are absolutely huge, and maybe even then, you need to worry
more
On Tue, Apr 24, 2012 at 01:32:17PM -0400, ad...@thecpaneladmin.com wrote:
Anyone have any tips for getting IPs from ARIN? For an end-user
allocation they are requesting that we provide customer names for
existing allocations, which is information that will take a while to
obtain. They are
On Sun, Apr 15, 2012 at 10:52:51AM -0500, Jimmy Hess wrote:
Consider that the probability 16GB of SDRAM experiences at least one
single bit error at sea level,
in a given 6 hour period exceeds 66% = 1 - (1 - 1.3e-12 * 6)^(16 *
2^30 * 8).In any given 24 hour period, the probability of at
On Sat, Apr 07, 2012 at 06:16:30PM -0400, Robert E. Seastrom wrote:
Sometimes making the AS path as short as possible makes a lot of sense
(e.g. when trying to get an anycast network to do the right thing),
but assumptions that peering results in lower costs are less true
every day.
I keep
On Sat, Apr 07, 2012 at 07:25:24PM -0400, Robert E. Seastrom wrote:
Generally the costs of transit are pushed down by competition. As a
vendor your costs for bandwidth/transport/port*bw may drop but you are
unlikely to drop your prices to your customers merely because your
costs have gone
On Sat, Mar 24, 2012 at 02:42:36PM -0500, Frank Bulk wrote:
I've been many times where you were, frustrated that I didn't know the dark
fiber options for a potential opportunity, but you have to remind yourself
don't have a *right* to know where *private* fiber is. It's not just the
physical
On Thu, Mar 22, 2012 at 01:31:47PM -0400, Jared Mauch wrote:
You agree on a price per distance (e.g.: mile/foot/whatnot).
Lets say the cable costs $25k to install for the distance of 5000 feet.
That cable has 144 strands.
You need access to one strand. If you install it yourself, it
On Thu, Mar 15, 2012 at 10:41:18PM -0400, Joe Maimon wrote:
So we have a wiki list of 1U rack hosting.
We do? where? all I see on http://nanog.cluepon.net is spam
How about a list of SP's willing to configure BGP over whatever you got,
including tunnels? And willing to allocate you space
goe...@anime.net writes:
On Fri, 8 Aug 2009, Luke S Crawford wrote:
1. are there people who apply pressure to ISPs to get them to shut down
botnets, like maps did for spam?
sadly no.
...
Why do you think this might be? Fear of (extralegal) retaliation by
botnet owners? or fear
,
but if I could null route the source, it's just a matter of detecting abusive
traffic, and with this attack, that part was pretty easy.
--
Luke S. Crawford
http://prgmr.com/xen/ - Hosting for the technically adept
http://nostarch.com/xen.htm - We don't assume you are stupid.
have to deal with cooling feel differently, but at my
scale, that's all priced into the power.)
--
Luke S. Crawford
http://prgmr.com/xen/ - Hosting for the technically adept
We don't assume you are stupid.
Joe Abley jab...@hopcount.ca writes:
What is everybody's favourite combination rack-mount VGA/USB KVM-over-
IP and serial console concentrator in 2009?
I'm looking for something that will accommodate 8 or so 9600bps serial
devices and about 12 VGA/USB devices, all reachable over IP via sane
bmann...@vacation.karoshi.com writes:
or - the more modern approach is to let the node (w/ proper authorization)
do a secure dynamic update of the revserse map - so the forward and reverse
delegations match. ... a -VERY- useful technique.
I have a question. Is this an abuse problem? some
Brandon Galbraith brandon.galbra...@gmail.com writes:
But it's definitely not cool when my credit card company cuts off my card
due to abnormal charges when I'm abroad and suddenly can't get ahold of
customer service via their international phone number. Automation in the
right places works
Randy Bush ra...@psg.com writes:
be specific, like if you run X tools the payoff will be Y.
Yes. And where is the appropriate form for this?I find this
sort of thing quite interesting; and yeah, it doesn't seem like the
sort of thing NANOG is for, but most of the small ISP forms
(like
Randy Bush ra...@psg.com writes:
speaking as a small provider, I can tell you that I find running snort
against my inbound traffic does reduce the cost of running an abuse desk.
I do catch offenders before I get abuse@ complaints, sometimes.
unfortunately snort does not really scale to a
[EMAIL PROTECTED] writes:
Apart from using Bernstein's tinydns, anyone have any scripts
for looking for problems in zone files or for incrementing the
serial number reliably?
If you are using BIND, your problem is solved by DDNS and nsupdate.
this has the added advantage of making it
Peter Beckman [EMAIL PROTECTED] writes:
If you are taking card-not-present credit card transactions over the
...snip hard to charge fradulent customers and also verifying customer
identity annoys the customer... points-
The goal here is to give abuse a negative expected return.
One way to
Peter Beckman [EMAIL PROTECTED] writes:
...snip use snort suggestion
This is what I think we should ALL be doing -- monitoring our own network
to make sure we aren't the source, via customers, of the spam or DOS
attacks. All outbound email from your own network should be scanned by
Christopher Morrow [EMAIL PROTECTED] writes:
Oh, how do you know you can trust the VPN folks anymore than the
cable-modem folks though? eventually the same cost issues are going to
arise for the VPN folks as did for cable-modem/dsl folks (downward
pressure on pricing and infra/opex/capex costs
29 matches
Mail list logo