On 1/23/20 6:01 PM, Brian wrote:
Hello all. I am having a hard time trying to articulate why a Dual Home
ISP should have full tables. My understanding has always been that full
tables when dual homed allow much more control. Especially in helping to
prevent Async routes.
If you don't have ful
On 05/15/2018 04:34 AM, Rich Kulawiec wrote:
> On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote:
>> TL;DR = Don't use HTML email [snip]
>
> That's enough right there. HTML markup in email is used exclusively
> by three kinds of people: (1) ignorant newbies who don't know any
On 12/28/2017 11:39 AM, Owen DeLong wrote:
>
>> On Dec 28, 2017, at 09:23 , Octavio Alvarez wrote:
>>
>> On 12/20/2017 12:23 PM, Mike wrote:
>>> On 12/17/2017 08:31 PM, Eric Kuhnke wrote:
>>> Call this the 'shavings', in IPv4 for example, when yo
On 12/20/2017 12:23 PM, Mike wrote:
> On 12/17/2017 08:31 PM, Eric Kuhnke wrote:
> Call this the 'shavings', in IPv4 for example, when you assign a P2P
> link with a /30, you are using 2 and wasting 2 addresses. But in IPv6,
> due to ping-pong and just so many technical manuals and other advices,
>
On 09/26/2016 08:47 AM, Laszlo Hanyecz wrote:
>> If you have links from both ISP A and ISP B and decide to send traffic
>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A
>> *should* drop that traffic on the floor. There is no automated or
>> scalable way for ISP A to disting
On 09/08/2016 04:09 PM, Pshem Kowalczyk wrote:
> With NAT I have a single entry/exit point to those infrastructure subnets
> which can be easily policed.
I have used NAT in IPv4 scenarios as an alternative for lack of routing
control in the return direction.
However, this does not mean that this
On 07/01/2016 07:28 PM, Edgar Carver wrote:
> Is there some kind of NAT-based IPv6 firewall I can setup on the router
> that can help block viruses?
You need layer-7 firewalls for this. NAT-based "firewalls"
(pseudo-firewalls, really) are layer-4 only. Those will not help you
block typical viruses
On 05/31/2016 09:52 AM, Hugo Slabbert wrote:
>> I'm not sure if you mean that, if sent through C it should have the
>> source addres of A, or that it should actually be sent through A
>> regardless of the routing table (which sounds better to me).
>
> How is the latter better? What guarantees are
On 05/31/2016 11:22 AM, William Herrin wrote:
>> I'm not sure if you mean that, if sent through C it should have the
>> source addres of A, or that it should actually be sent through A
>> regardless of the routing table (which sounds better to me).
>
> That doesn't make sense. There may be multipl
On 05/30/2016 10:03 PM, Randy Bush wrote:
> rfc1812 says
>
>4.3.2.4 ICMP Message Source Address
>
>Except where this document specifies otherwise, the IP source address
>in an ICMP message originated by the router MUST be one of the IP
>addresses associated with the physical inter
On 26/02/16 09:16, Brielle Bruns wrote:
> Place the blame for local resolvers listening on WAN squarely where it
> belongs - the router vendors who make these devices.
As long as ISPs massively buy crappy hardware pieces, vendors will make
them and sell them. That's how it works.
Best regards.
Hi.
Do you know if there are any docs (RFC, drafts, independent...) that
study the tricks being done with the A/ RRs? What I mean is that it
is currently being used not only to resolve the IP address of a
hostname, but for load-balancing as well, the case being that the
hostname is not just a
On 15/12/15 10:08, Ahmed Munaf wrote:
> Dear All,
>
> We are using cisco for natting, we'd like to change it to another brand like
> A10 or Citrix.
If you are willing to rephrase it to "we are using Cisco IOS for
NATting, we'd like to change it to another platform or brand", you may
want to tak
On 27/10/15 05:40, Jutta Zalud wrote:
>>> But it is originating all from different IP addresses. Who knows if this
>>> is an attack to get *@jdlabs.fr blocked from NANOG and is just getting
>>> its goal accomplished.
>>
>> This is the part that's been bugging me. Doesn't the NANOG server
>> implem
On 10/27/2015 05:09 AM, Ian Smith wrote:
On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
mailto:octalna...@alvarezp.org>> wrote:
On 26/10/15 11:38, Jürgen Jaritsch wrote:
But it is originating all from different IP addresses. Who knows if this
is an attack
On 26/10/15 11:38, Jürgen Jaritsch wrote:
> Hi,
>
> I added this two lines to our postfix header checks:
>
> /mike@sentex\.net/ DISCARD
> /jdenoy@jdlabs\.fr/ DISCARD
>
> Worked very well:
>
> # grep -i discard /var/log/mail.log | grep -iE "@jdlabs|@sentex" | wc -l
> 408
But it is originating a
Hey!
New message, please read <http://piet.zijtveld.com/for.php?wrhgc>
Octavio Alvarez
Hey!
New message, please read <http://singdanceplaylearn.com/been.php?pw1m2>
Octavio Alvarez
Hey!
New message, please read <http://iamakeupartistry.com/stop.php?b7rm2>
Octavio Alvarez
On 09/09/15 06:36, Dovid Bender wrote:
> I am trying to understand why the legal babble bothers anyone. Does
> it give you a nervous twitch? Remind you why you hate legal? It's
> just text at the bottom of your email.
I've seen it in multiple languages (not necessarily on this list).
Furthermore,
On 06/07/15 19:12, Joe Greco wrote:
>> Terrible idea. These are the kind of features that should be opt in, and
>> Microsoft could have done that instead.
>
> It *is* an option.
Opt-in and opt-out are two models of having an option.
Also I meant being opt-out for the network administrator regard
Terrible idea. These are the kind of features that should be opt in, and
Microsoft could have done that instead.
Does the 802.11 beacon support TLV data, like setting some opt-out flag
without changing the SSID? (Even if the the flag name hasn't been yet
agreed on?) Would this be a bad idea?
Best
On 05/26/2015 08:44 AM, Owen DeLong wrote:
I think opt-out of password recovery choices on a line-item basis is
not a bad concept.
For example, I’d want to opt out of recovery with account creation
date. If anyone knows the date my gmail account was created, they
most certainly aren’t me.
OTOH,
On 14/04/15 06:26, Colin Johnston wrote:
> Best practice says avoid such info in records as does not aid debug since mix
> of dec and hex
Can you please cite the best practice document where this is stated?
Thanks.
On 04/03/2015 12:18 PM, Chris Boyd wrote:
Can we please get back to the original topic?
Also interested in the original topic.
So far we have had one interesting and useful suggestion that I've
seen -- Paul S. mentioned SIR https://github.com/dbarrosop/sir
>
Have I missed any other solution
On 10/12/14 18:41, Charles Mills wrote:
> In the US at least you have to authenticate with your Comcast credentials
> and not like a traditional open wifi where you can just make up an email
> and accept the terms of service. I also understand that it is a different
> IP than the subscriber. Base
On 10/11/14 12:53, Darden, Patrick wrote:
> Get a cheap usb--serial converter. Check amazon for trend usb rs-232
> db9 serial converter, tu-s9. Then you can just use whatever laptop.
I've seen some cheap RS-232 converters fail with some devices. I was
last bitten by one that just refused to work
On 05/10/14 18:44, Jimmy Hess wrote:
> On Thu, Oct 2, 2014 at 10:54 AM, wrote:
>> The *real* problem isn't the testing.
>> It's the assumption that you can actually *do* anything useful with this
>> data.
>> Name-n-shame probably won't get us far - and the way the US works, if
>> there's a
>
>
On 05/09/14 07:16, Jay Ashworth wrote:
> How many Youtube subject tags will fit in *your* routers' TCAM?
>
>
> http://tech.slashdot.org/story/14/09/04/2156232/ucla-cisco-more-launch-consortium-to-replace-tcpip
>
> [ Can someone convince me this isn't the biggest troll in the history
> of the
On 09/02/2014 05:46 AM, John Kristoff wrote:
> On Tue, 2 Sep 2014 04:47:37 +
> "S, Somasundaram (Somasundaram)"
> wrote:
>
>> 1: Does all the ISP's provide Multicast Routing by
>> default?
>
> No not all and even those that do often do not do so on the same gear,
> links and peers as their u
On 02/04/14 11:51, Joseph Jenkins wrote:
> So I setup BGPMON for my prefixes and got an alert about someone in
> Thailand announcing my prefix. Everything looks fine to me and I've
> checked a bunch of different Looking Glasses and everything announcing
> correctly.
>
> I am assuming I should be
On 04/03/14 10:33, Ian McDonald wrote:
> Until the average user's cpe is only permitted to use the resolvers one
> has provided as the provider (or otherwise decided are OK), this is
> going to be a game of whackamole. So long as there's an 'I have a clue'
> opt out, it appears to be the way forwar
On 03/04/2014 05:28 AM, jim deleskie wrote:
> Why want to swing such a big hammer. Even blocking those 2 IP's will
> isolate your users, and fill your support queue's.
When the malicious DNS services get shutdown you will still have your
support queue's filled, anyway.
Doing it now will let you
On 02/10/2014 06:05 PM, Vlade Ristevski wrote:
> Are you suggesting getting the default gateway from both providers or
> getting the full table from one and using the default as a backup on the
> other (7206)?
Whatever suits you best. Test and see. I'd just receive the full table
anyway but filte
On 02/10/2014 08:05 AM, Vlade Ristevski wrote:
> The ACL is a recent addition and we can probably do away with it. I
> didn't notice a significant increase in CPU or drops since adding it.
> But we usually peak at about 200Mbps on this link. The full routing
> table is a must since we're dual homed
On 04/02/14 16:31, Livingood, Jason wrote:
Can somebody explain to me why those who run eyeball networks are able
to block outbound packets when the customer hasn't paid their bill,
but can't seem to block packets that shouldn't be coming from that
cablemodem?
i suspect the non-payment case is
On 04/02/14 15:24, John R. Levine wrote:
If ISP has customer A with multiple *known* valid networks --doesn't
matter if ISP allocated them to customer or not-- and ISP lets them
all out, but filters everything else, ISP is still complying with BCP 38.
Of course. The question is how the ISP kno
On 04/02/14 14:18, John Levine wrote:
I was at a conference with people from some Very Large ISPs. They
told me that many of their large customers absolutely will not let
them do BCP38 filtering. ("If you don't want our business, we can
find someone else who does.") The usual problem is that t
On 04/02/14 11:35, Jay Ashworth wrote:
It *is in their commercial best interest (read: maximizing shareholder
value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
forced -- it's actually their fiduciary duty not to.
That's short-sighted, but I agree in that that's what hap
On 02/03/2014 05:33 AM, Ammar Salih wrote:
> Hello NANOG list members,
>
> I have a question for you, are you happy with the current network
> diagnostic tools, like ping, trace route .. etc,
What tools are you referring to by "..."? There are many others. I like
tcptraceroute (there are two var
On 02/02/2014 07:52 AM, John Curran wrote:
> NANOGers -
>
> The folks at the Internet Society are looking for input into how network
> operators are (or are not)
> involved in IETF standards development. To that end, they've put together
> a short survey for
> network operators on this
On 10/11/2013 10:27 AM, William Waites wrote:
> I'm having a discussion with a small network in a part of the world
> where bandwidth is scarce and multiple DSL lines are often used for
> upstream links. The topic is policy-based routing, which is being
> described as "load balancing" where end-use
On 09/23/2013 08:36 PM, Joe Greco wrote:
>> That's just the typical Bittorrent /client/, but the idea of using
>> Bittorrent means the /protocol/. A special Bittorrent client could be
>> written for ISPs with uploads disabled and Apple could also disable them
>> on the update-downloading Bittorrent
That's just the typical Bittorrent /client/, but the idea of using
Bittorrent means the /protocol/. A special Bittorrent client could be
written for ISPs with uploads disabled and Apple could also disable them
on the update-downloading Bittorrent client for the phones.
The clients (be it Bittorren
Again, as others have said: complain to the ISP that most probably
oversubscribed their links.
On 19/09/13 15:29, Warren Bailey wrote:
Your software updates (you meaning a user of the Internet) should not affect my
experience. I'm not advocating we go back to 5.25 floppies and never look back.
On Fri, 28 Jun 2013 19:31:35 -0700, Jim Popovitch wrote:
On Fri, Jun 28, 2013 at 10:12 PM, Octavio Alvarez
wrote:
I wish my Debian mirror would just be the "mirror.debian.net" *service*
(not host), and the network could choose the best for me.
Try http.debian.net
On Fri, 28 Jun 2013 17:20:21 -0700, Christopher Morrow
wrote:
"Runs in top of UDP"... "Is not UDP"...
If it has protocol set to 17 it is UDP.
So QUIC is an algorithm instead of a protocol?
SCTP is not NAT friendly (to the best of my knowledge), SHIM6 is
IPv6-specific and can help you "rec
On Fri, 28 Jun 2013 13:57:48 -0700, Christopher Morrow
wrote:
again... not a super smart on this stuff, but..
why does it require OS modifications? isn't this just going be
'chrome' (or 'other application') asking for a udp socket and spewing
line-rate-foo out of that? isn't the application goi
On Fri, 28 Jun 2013 13:39:04 -0700, Christopher Morrow
wrote:
On Fri, Jun 28, 2013 at 4:26 PM, Octavio Alvarez
wrote:
Sounds like a UDP replacement. If this is true, then OS-level support
will
be needed. If they are on this, then it's the perfect opportunity to fix
some other pro
On Fri, 28 Jun 2013 13:09:43 -0700, Michael Thomas wrote:
http://arstechnica.com/information-technology/2013/06/google-making-the-web-faster-with-protocol-that-reduces-round-trips/?comments=1
Sorry if this is a little more on the dev side, and less on the ops side
but since
it's Google, it
On Tue, 16 Oct 2012 20:35:11 -0700, Joseph Anthony Pasquale Holsten
wrote:
I want to like IPv6. I do. But I'm seriously considering turning off
IPv6 support from our servers.
First off, I'm using djbdns internally and it doesn't support
records. So we really aren't using it intern
On Thu, 13 Sep 2012 14:45:55 -0700, Jay Ashworth wrote:
- Original Message -
From: "Måns Nilsson"
04:05:41PM + Quoting Dylan Bouterse (dy...@corp.power1.com):
> I'm not sure if this is obvious for this list or not, but with your
> WiFi nodes, a good practice for that kind of de
On Mon, 30 Apr 2012 02:42:27 -0700, Rens wrote:
Could anybody recommend any hardware that can build a VPN that works well
over satellite connections? (TCP enhancements)
I'd try splitting the solution into two devices: at the lower layer, the
tunneling part, which can be done with any traditio
On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
wrote:
NetRange: 100.64.0.0 - 100.127.255.255
CIDR: 100.64.0.0/10
OriginAS:
NetName:SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
Weren't we supposed to *solve* the end-to-end connectivity problem,
instead of just le
On Tue, 06 Mar 2012 23:43:07 -0800, Igor Ybema wrote:
[igor@vds ~]$ host -t A www.facebook.com ns1.facebook.com
Using domain server:
Name: ns1.facebook.com
Address: 204.74.66.132#53
Aliases:
www.facebook.com has no A record
No, it's a subdomain with its A records in another server.
$ host
On Wed, 15 Feb 2012 12:47:15 -0800, John Kristoff wrote:
I have a handful of common misconceptions that I'd put on a top 10 list,
but I'd like to solicit from this community what it considers to be the
most annoying and common operational misconceptions future operators
often come at you with.
On Fri, 23 Dec 2011 01:18:40 -0800, jacob miller wrote:
Am having a debate on the results of speed tests sites.
Am interested in knowing the thoughts of different individuals in
regards to this.
They are just a measurement, which need to be correctly used and
interpreted (that's the diffic
On Wed, 09 Feb 2011 03:00:27 -0800, Robert Lusby wrote:
I am however *terrified* of making that move. There is so many new
phrases, words, things to think about etc
You fears will significantly lower after you set up a separate lab and
play with it. With something as simple as a switch you c
On Wed, 08 Jun 2011 02:28:40 -0700, Jeroen Massar wrote:
It is really nice that folks where able to put records on their
websites for only 24 hours, but they forgot to put in the glue on their
nameservers.
As such, for the folks testing IPv6-only, a lot of sites will fail
unless they use
On Sat, 30 Apr 2011 10:34:15 -0700, Chris Adams wrote:
Once upon a time, Octavio Alvarez said:
So the first user in a router tunes to a multicast stream. Consumption
for the ISP and all the routers in the chain to the source: same as if
it were a unicast stream. Then a second user tunes to a
On Fri, 29 Apr 2011 10:48:51 -0700, Jay Ashworth wrote:
- Original Message -
From: "Rubens Kuhl"
And that's the snap answer, yes. But the *load*, while admittedly
lessened over unicast, falls *mostly* to the carriers, who cannot anymore
bill for it, either to end users, providers,
61 matches
Mail list logo