RE: Ethical DDoS drone network

> FWIW, I'm primarily concerned about testing PPS loads and not > brute force bandwidth. Simple solution. Write some DDoS software that folks can install on their own machines. Make its so that the software is only triggered by commands from a device under the same administrative control, i.e.

RE: Managing CE eBGP details & common/accepted CE-facing BGP practices

> Have a read after "Communities accepted from customers" in > the RADB WHOIS for AS3356 for a fairly comprehensive example. > Other's might have better examples, but I've often used this > one as being pretty good. > (whois -h whois.radb.net AS3356) You can also read this here:

RE: Net Mgmt Tools and supporting OS

> - I am building a new low-budget customer WAN/LAN network and > need some ideas for network management tools. Generally this means that you have someone technical who will work long hard hours to make things work properly. > I would be most comfortable with free distribution of linux, > but

RE: NAT66 and the subscriber prefix length

> My gripe was that I wanted to get an IPv6 allocation from > RIPE to start > testing how IPv6 would fit in the company that I work for and build a > dual stack network so that when the time comes, just switch > on IPv6 BGP > neighbors and update the DNS. > > But at almost 10.000 EUR per year

RE: NAT66 and the subscriber prefix length

> We have also started offering residential Internet to those > living on campus, which has been very popular (no suprise.) You've started your own ISP. ISP's get a /32 from ARIN. Case closed. In fact, you are better off treating your non-ISP networks as a customer of your ISP and assigning a

NAT66 and the subscriber prefix length

Not long ago, ARIN changed the IPv6 policy so that residential subscribers could be issued with a /56 instead of the normal /48 assignment. This was done so that ISPs with large numbers of subscriber sites would not exhaust their /32 (or larger) allocations too soon. Since these ISPs are allowed to

RE: Internet partitioning event regulations (was: RE: Sendingvs requesting. Was: Re: Sprint / Cogent)

> Are you saying that if any part of a network touches US soil > it can be regulated by the US govt over the entirety of the > network? For my part, this is not an attempt to change the > subject or divert the argument (red herring). It is a valid > question with operational impact. That's n

RE: Sprint v. Cogent, some clarity & facts

> what you're calling a political failure could be what others > call a rate war. I only used the term "political failure" because it was the best match of the two options given. But you are right that it is necessary to let go of those terms and maybe, define your own, if you want to get to a d

RE: Sprint v. Cogent, some clarity & facts

> > The concept of "Transit Free" is a political failure, not a > technical > > one. > > We disagree. Perhaps some examples are needed? If you drive in a screw with a big hammer, the end result is not pleasing. For one, a screw will not have the holding power of a nail. For another, the screw

RE: Sprint v. Cogent, some clarity & facts

> Put another way, since _every_ network does this, if you do > not want to buy from 'such networks', you cannot buy transit. Let's put it another 'nother way. Would an end user get better connectivity by buying from a reseller of transit? In other words, buying transit from a network which also

RE: Another driver for v6?

> In the same way that in the UK, appliance manufacturers have > been educating people about the analogue terrestrial TV > switchoff by 2012, do you think that we should be advocating > a 'internet PLUS day' some time in (date plucked from the air) 2014 ? Actually, the Internet PLUS day should

RE: Peering - Benefits?

> On 30 Oct 2008, at 13:03, HRH Sven Olaf Prinz von > CyberBunker-Kamphuis MP wrote: > > > internet exchanges are not per-se "redundant" > > Those networks who *choose* connect to peers via a single > fabric, in a single location, will suffer a similar fate to > those networks who single home

RE: Another driver for v6?

> It is almost lunacy to deploy IPv6 in a customer-facing sense > (note for example Google's choice to put its on a > separate FQDN). If you're going to use emotionally charged language then don't shoot yourself in the foot by using such an illogical and contrary example. Google is a very

RE: Another driver for v6?

> Does anyone see any benefits to beginning a small deployment > of IPv6 now even if its just for internal usage? According to you should deploy some IPv6 transition technology to make sure that your network does not cause problems for the

RE: spurring transition to ipv6 -- make it faster

> As long as none of your ipv6 traffic transits across anything > from British Telecom as it is not supported on their 21st > Century Network > > parently-not.html> The distinction between supported, and unsupported is that when

RE: contracts and survivability of telecom sector

> Are there any recommendations from an operational > perspective, should one or more of these or other telecom > companies have such problems? Make sure that you have more than one upstream provider, preferably three providers minimum so that if one of them is suddenly shut off, you still have

RE: Hey ISC, thanks for providing free wifi to intercage!

> > How about moving the meta-nanog themes in this thread to > > nanog-futures, instead of adding to the noise on the main list? > > Because nobody reads it? Try "because nobody knows that NANOG has a website where you can simple instructions to subscribe to Nanog-futures". For the record, ther

RE: breadcrumbs and collusion

> sounds good. who do you propose would fit the "role" of > dogcatcher in this case, and why haven't they caught the > stray yet after 5 years? The police fill the dogcatcher role here, and they have indeed caught and prosecuted the stray on the rare occasions when ISPs have contacted the polic

RE: Renesys Blog Article [Was: Re: the Intercage mess]

> It is not vigilantism, it is the common law, rooted in > ancient English history, of the "shire reeve", who we now > call the "sheriff". Reeve means "called", from the Germanic verb "rufen". In other words, this person is someone who is called to the duty by the shire. The point that has been

RE: breadcrumbs and collusion

> However, it makes little sense to close your gate to keep > the stray dogs out of your yard, if they can just come in via > your neighbour's gate and climb over the fences. It makes a lot of sense. Having closed your gate, and discovered a stray dog in your back yard, you can call the animal

Wall it off, make it go away

> let's push this stuff back into the nation-states who sponsor > it and then use treaties to wall it off inside those places. Let's not mince words. You want to wall off the Chinese and Russian Internets because you believe that the reason so much cybercrime originates there is for political re

RE: Atrivo/Intercage

> It could be argued (since _is_ the North American Network > Operators Group) that pushing this sort of criminal activity > _out_ of North America is a good First Step to be able to > better manage the situation. It could also be argued that pushing this activity into multiple legal jurisd

RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer

> It is clear to me -- at least -- that this entire criminal > operation is being operated out of Eastern Europe, and their > foothold in the U.S. is the major issue here. If you believe that this is a criminal operation then you should keep this discussion OFF THE LIST and discourage anyone fro

RE: BCP38 dismissal

> Sorry for the confusion. ^ > > Yes, I am a BCP38 evangelist. I apologize if it came across wrong. ^^^ OK, Patrick is setting an example. Could we all do likewise and get back to a civil conversation? > TTFN, > patrick Kudos for a good example.

RE: Revealed: The Internet's well known BGP behavior

> I stand by my assertion that most people do not run > traceroutes all day and watch for it to change. > > That some people are diligent does not change the fact the > overwhelming majority of people are not. > > Or the fact that with the right placement of equipment (read > "luck") and coo

RE: Revealed: The Internet's well known BGP behavior

> Lastly, can you show me a single inter-AS MPLS deployment? When you > can, then you can use that as a method to avoid this h4x0r. Just some quick googling found this from back in 2006. "Sprint has expanded its global MPLS network capabi

RE: Native v6 with Level(3)?

> This is, sadly, not different from a bunch of ISP's (I think > vzb is still in a wierd state where getting their > sales/install/support folks to put v6 on your link is harder > than it ought to be) > > > I responded to Kyle off-list as to the email address for getting to > > the people wit

RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> I'm looking at building a large network with Ipv6 in the Los > Angeles metro area, to serve a number of small businesses via > a large scale wireless network. Essentially a large scale > private WAN, with globally routable addresses (for a > VoIP/IPTV roll out later) So I'm not exactly a trad

IPv6 point-to-point was: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> matsuzaki-san's preso, i think the copy he will present next > week at apops: To summarize, using /64 on a link opens the door to a DOS problem that we need to pressure the vendors to fix. Obviously, this matters more to people who are running full-blown production IPv6 networks right now tha

RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> I don't operate an ISP network (not anymore, anyway...). My > customers are departments within my organization, so a /64 > per department/VLAN is more sane/reasonable for my environment. Some time ago there was a discussion on IPv6 addressing plans spread out over a couple of days. I incorpor

RE: uTorrent, IPv6

> So, if you run a network today, deploy 6to4 and Teredo > relays, regardless of whether you have customer facing IPv6 or not. > If you serve IPv6 content, you are already running Teredo and > 6to4 relays, so that Windows Vista users get near to > IPv4-speed access to your IPv6 content, right? R

RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum

> I don't have a problem with assigning customers a /64 of v6 > space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if you want to keep track of different block sizes. If ARIN will give you a /48 for every customer, then why be miserly with a

RE: Is it time to abandon bogon prefix filters?

> (Without an offline configuration generator, I postulate that > it can't be done.) Doesn't everyone use an offline config generator these days? After all, there is a lot more CPU power and database capacity outside of the routers than there is inside. --Michael Dillon

RE: Is it time to abandon bogon prefix filters?

> for my own use, i use m4, python and perl, and peval() m4 is a macro processor that you probably should not bother learning since you can do everything that it does by using Python and regular expressions, or one of the Python parsing modules. For instance PLY supports conditional lexing and sta

RE: Validating rights to announce a prefix (was: Public shaming...)

> "Easy upgrade" to PKI after the fact might as well be a > misnomer. In particular, there will likely be no way to > ensure that nobody uses the old system instead of the new, > spiffy and "secure"-ified system. This means that support > for the old, "insecure" system must be kept around >

RE: Validating rights to announce a prefix

> It's hard to switch to a more secure method later on if you > start with a less secure one. So, "upgrading" to PKI from > something else only makes sense if that previous system was > secure enough - but then why would you want to change? If the delegation information expires, which it should

RE: Validating rights to announce a prefix (was: Public shaming...)

> Okay, I admit I haven't paid the closest attention to RPKI, > but I have to ask: Is this a two-way shared-key issue, or > (worse) a case where we need to rely on a central entity to > be a key clearinghouse? > > The reason why I mention this is obvious -- the entire PKI > effort has been sta

Validating rights to announce a prefix (was: Public shaming...)

> To be clear: IANA and RIRs allocate or assign address space > today, they don't control any routing on the Internet (and > their own internal ASNs and IPs don't count). And that gets to the heart of the issue that I raised. Since the RIRs allocate ASnums and IP address blocks, they are in a po

RE: Public shaming list for ISPs announcing other ISPs IP space bymistake

> On Aug 14, 2008, at 11:13 AM, <[EMAIL PROTECTED]> > <[EMAIL PROTECTED] > wrote: > > ARIN holds the top of that authority and delegation > hierarchy because > > they give out the ASnums and IP address blocks. > > And here I thought IANA handed out ASnums and IP address > blocks to ARIN (and

RE: Public shaming list for ISPs announcing other ISPs IP space bymistake

> I don't think the IRR is so much a hack (it's a tool), but > we're lacking the process and infrastructure to vet/validate > that a given ASN is *authorized* to originate a prefix, and > all of the policy bits (which the IRR has if you use it) > associated with which ASNs should propagate the

RE: Public shaming list for ISPs announcing other ISPs IP space bymistake

> but, why wouldn't something like formally requiring > customers/peers/transits/etc to have radb objects as a 'requirement' > for peering/customer bgp services 'Cause there ain't nobody out there to "formally require" this. Other than ISPs, of course. And that means there will be umpteen differe

RE: IPv6 FAQ

> Rather than jumping down someone's throat here, are these > assumptions rampant (or even accurate)? We came across this > as we were trying to enhance our own Ops groups documents to > share with customers, and well, I don't think we want to > share this. ;) You can get a lot better informa

RE: was bogon filters, now "Brief Segue on 1918"

>Your point seemed to be that > it is not a large enough allocation of IPs for an > international enterprise of 80K souls. My rebuttal is: 16.5 > million IPs isn't enough? You don't seem to understand how IPv4 networks are designed and how that interacts with scale, i.e. the large sprawling n

RE: Software router state of the art

> > Click for instance > Thanks for being oh-so-helpful with a serious question. Got > any useful answers for me? Give me a vendor that offers your > suggestion. I don't have time for a make-it-myself solution. Sorry, but you're in the wrong place. The IP networ

Missing URL is here (was: So why don't US citizens get this?)

As I was saying... > Here in London they even steal bronze statues or brass > railings in a park to get the copper content. Here is one > account of the risks that copper thieves will go to. Don't > read it if you have a queasy stomach.

RE: Software router state of the art

> but knowing how bad Linux is at being a router and that their > products are Linux-based, I'm afraid to give one a try. J > products are based on a competing non-Linux platform that has > a better reputation for routing. Enough with the bipartisan politics. There are more choices than just

RE: Arbitrary de-peering

> Tier 1 means you don't buy transit, no? Presumably it follows that tier 2 networks do buy transit. Therefore, why would anyone buy service from a Tier 1 network except for other network operators? This doesn't match with the reality that providers who are Tier 1 seem to get some very big compa

RE: So why don't US citizens get this?

> It is cheaper to bore fiber and attach more remote systems > than to use the already existing copper? I'm curious how you > come up with those economics. > (seriously, that wasn't sarcasm) First point is that you can sell the copper. Second is that you can reduce the number of local loop faul

RE: So why don't US citizens get this?

> I belive there are just few major cities in the US that have > a comparable or higher concentration of people like other > large cities around the world. So then... Why do major US cities not have fiber to the home yet? Of course, here in the UK, FTTH won't go to London first:

RE: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

> So, look at other options: > > * Widen the query space by using multiple IP addresses as > source. This, > of course, has all the problems with NAT gw's that the port solution > did, except worse. > > This makes using your ISP's "properly designed" resolver even more > attractive, rat

RE: SBCglobal routing loop.

> > Sounds like he's used to used IRC, not mailing lists. > > There used to be an IRC channel where a lot of NANOG folks > hung out. > > Anyone care to publicize the channel name and which IRC network > > carries it? > from the nanog mailing list... > Sent: Tuesday, June 22, 2004 12:17 PM > >

RE: SBCglobal routing loop.

> > Anyone from sbcglobal out there? i'm seeing a routing > loop. Please > > contact me off list thanks. > What did your upstream transit supplier advise before you > escalated this to the global audience at NANOG? > This is the second time in 24hrs you have requested > assistance here whic

RE: Multiple DNS implementations vulnerable to cache poisoning

> > Pressure your local ICANN officers? > > Mmph. https://ns.iana.org/dnssec/status.html > > (it's out of ICANN's hands) Huh!? Then what does this following statement refer to? (c) 2008 The Internet Corporation for Assigned Names and Numbers. I found that at the bottom of the IANA page whose

RE: TLDs and file extensions (Re: DNS and potential energy)

> People keep making the assertion that top-level domains that > have the same strings as popular file extensions will be a > 'security disaster', but I've yet to see an explanation of > the potential exploits. I could maybe see a problem with > ".LOCAL" due to mdns or llmnr or ".1" due to the

RE: Mail Server best practices - was: Pandora's Box of new TLDs

> Requirement ? What requirement ? There's no requirement for > reverse DNS for email in any RFC. Not that RFCs are > ideal references > for mail operation in general. You're right, documents published by an organization whose goal is to design internetworking protocols are n

RE: ICANN opens up Pandora's Box of new TLDs

> There are probably some variations based on the zone, > languages, IDN'ability, etc., but it certainly is a good idea > to be bankofamerica.* for reasons that I think are obvious to > most of us. To make it hard for your customers to figure out whether a URL is legitimately owned by the bank

RE: ICANN opens up Pandora's Box of new TLDs

> > And no, companies *aren't* "forced to pay for another domain name" > > just because a new TLD appears -- they aren't doing it *now* > > Oh yes we are Looking at bbc.org and bbc.tv suggests that you are not. --Michael Dillon

RE: ICANN opens up Pandora's Box of new TLDs

> Some people are going to get very rich over this. How do you know this? Judging by the past experience of TLDs there will not be a rush of customers but there will be a rush of people trying to make a buck. In such a scenario, nobody makes much money unless they somehow link the TLD product to

RE: Latest instalment of the "hijacked /16s" story

> > http://www.47-usc-230c2.org/chapter3.html > > This time 128.168/16 - and by the same group that seems to have > > acquired control of the earlier one. > > luckily, there is no black market in address space. or at > least so the theory goes on arin and ripe public policy lists. No, the th

RE: NANOG NYC Event

> I also want to 2nd Little Italy ... And for proof that New York is constantly changing, check one of the newer Jewish neighborhoods in Brighton Beach, a little corner of the Soviet Union right on the edge of the USA. ;-) --Michael Dillon

RE: amazonaws.com?

> So to get Amazon to police their customers either requires > regulation or an external economic pressure. Blocking AWS > from folk's mail servers would apply some pressure, No it would not. That is what AWS wants you to to. > making > areas of the net go dark to AWS would apply more pressur

RE: amazonaws.com?

> I think the straightforward fix is for Amazon to put some > practical mail guidelines together for their environment Has anyone making these suggestions ever thought to look at the Amazon Web Services agreement that governs these EC2 customers?

RE: amazonaws.com?

> I don't see how, in your preferred replacement email > architecture, a provider would be able to avoid policing > their users to prevent spam in the way that you complain is > so burdensome. To begin with, mail could only enter such a system through port 587 or through a rogue operator signi

RE: Hurricane season starts June 1: Carriers harden networks

> The official spokespeople don't mention it, but there is also > a tendency for local officials to divert fuel delivery trucks > for their use instead of maintaining communication facilities. How much fuel can you legally carry in drums inside the trucks that your company already has with your

RE: IOS Rookit: the sky isn't falling (yet)

> So let's see - if you had a billion CPUs in your botnet, and > each one could go at a billion to the second, you still need > 2**69 seconds or 449,235,776,528,695 years. Not bad - only > 10,000 times the amount of time this planet has been around, > so yeah, that's the way they'll attack all

RE: IPV6 network feeds

> Similarly, we have had no problems with ordering v6 transit > from NTT America, Global Crossing or Teleglobe in North > America (also, Tiscali in Europe, and FLAG in Asia). In each > case v6 transit was treated as a routine provisioning > exercise, with no need for escalation to obscure grey

RE: IOS Rookit: the sky isn't falling (yet)

> If you were an attacker, which would you go with: > > 1) The brute-force attack which will require hundreds of > thousands of CPU-years. In this case an attacker would definitely go with this option. Since they can't change most of the IOS bytes because they contain IOS and the exploit, they

RE: amazonaws.com?

> Thinking about it, I realize that > asking _you_ (an > employee of major telephone company) is a silly question -- you have a > biased viewopoint from a government-regulated monopoly Reductio ad absurdum. Needs no other reply. > "it should be obvious to the meanest intelligence" that > the m

RE: IOS Rookit: the sky isn't falling (yet)

> Like MD5 File Validation? - "MD5 values are now made > available on Cisco.com for all Cisco IOS software images for > comparison against local system image values." I would expect a real exploit to try to match Cisco's MD5 hashes. By all means, check those hashes after you download them but I

RE: IOS Rookit: the sky isn't falling (yet)

> This seems like such a non-event because what is the exploit > path to load the image? There needs to be a primary exploit > to load the malware image. Hmmm. Get a job servicing/installing data centre HVAC systems, wait until you get called out to a mostly empty data center, lift some floor ti

RE: amazonaws.com?

> If the address-space owner won't police it's own property, > there is no reason for the rest of the world to spend the > time/effort to _selectively_ police it for them. Exactly!!! If an SMTP server operator is not willing to police their server by implementing a list of approved email partne

Re: [NANOG] IOS rootkits

> The question isn't IF routers have security vunerabilities, > but whether Gadi has an example he can demonstrate now of > installing a root kit on an IOS router NOW or not. That's not really the question. In fact, there are two questions. First, are routers really embedded devices running a s

Re: [NANOG] Alcatel-Lucent

> Hopefully... ;-) Not likely! This is a motley crew of people who like to jabber, not a forum for your favorite vendor's customer support. > I want to be able to carry IPv6 in a VPRN without having to > pay an order of magnitude more for an IOM. May I suggest that you will make much more im

Re: [NANOG] would ip6 help us safeing energy ?

> > I'm wondering how much content is used TiVo style, not in > real time, > > but fairly soon thereafter. It might make sense to > multicast feeds to > > local caches so when people actually want stuff, it doesn't > come all > > the way across the net. > > I think the good folks at Akamai

Re: [NANOG] [Nanog] P2P traffic optimization Was: Lies, Damned Lies, and Statistics [Was: Re: ATT VP: Internet to hit capacity by 2010]

> Won't this approach (using a ISP-managed intermediate) > ultimately end up being co-opted by the lawyers for the > various industry "interest groups" > and thus be ignored by the p2p users? To bring this back to network operations, it doesn't much matter what lawyers and end users do. The bot

Re: [Nanog] Lies, Damned Lies, and Statistics [Was: Re: ATT VP: Internet to hit capacity by 2010]

> However, as your chunk scheduling becomes more effective, it > usually becomes more expensive. At some point, its increasing > complexity will reverse the trend and start slowing down > copies, as real-world clients begin to block making chunk > requests waiting for CPU to make scheduling dec

Re: [Nanog] Lies, Damned Lies, and Statistics [Was: Re: ATT VP: Internet to hit capacity by 2010]

> Well. here's your problem; depending on the architecture, the > IP addressing structure doesn't necessarily map to the > network's cost structure. This is why I prefer the > P4P/DillTorrent announcement model. What's with these cute cryptic and ultimately meaningless names? I used the term "

Re: [Nanog] ATT VP: Internet to hit capacity by 2010

> > If the content senders do not want this dipping and levelling > > off, then they will have to foot the bill for the network capacity. > > That's kind of the funniest thing I've seen today, it sounds > so much like an Ed Whitacre. > Then Ed learns that > the people he'd like to charge fo

Re: [Nanog] ATT VP: Internet to hit capacity by 2010

> > You mean a computer? Like the one that runs file-sharing clients? > > Like the one that nobody really wants to watch large > quantities of television on? Especially now that it's pretty > common to have large, flat screen TV's, and watching TV even > on a 24" monitor feels like a throwback

Re: [Nanog] ATT VP: Internet to hit capacity by 2010

> > IP multicast does not help you when you have 1000 subscribers > > all pulling in 1000 unique streams. > > Yes, that's potentially a problem. That doesn't mean that > multicast can not be leveraged to handle prerecorded > material, but it does suggest that you could really use a > TiVo-li

Re: [Nanog] Lies, Damned Lies, and Statistics [Was: Re: ATT VP: Internet to hit capacity by 2010]

> Isn't TCP already measuring throughput and latency of > the network for > RTO etc.? Why not expose those parameters for peers to > the local P2P > This is where you hit a serious problem. If you implemented > that in a client, it could be much worse than naive P2P for > quite a

Re: [Nanog] Lies, Damned Lies, and Statistics [Was: Re: ATT VP: Internet to hit capacity by 2010]

> I fail to figure > out the necessary mathematics where topology information > would bring superior results compared to the usual greedy > algorithms where data is requested from the peers where it > seems to be flowing at the best rates. If local peers with > sufficient upstream bandwidth e

Re: [Nanog] Lies, Damned Lies, and Statistics [Was: Re: ATT VP: Internet to hit capacity by 2010]

> Time to push multicast as transport for bittorrent? Bittorrent clients are already multicast, only they do it in a crude way that does not match network topology as well as it could. Moving to use IP multicast raises a whole host of technical issues such as lack of multicast peering. Solving

Re: [Nanog] ATT VP: Internet to hit capacity by 2010

> > I think you're too high there! MPEG2 SD is around 4-6Mbps, > MPEG4 SD is > > around 2-4Mbps, MPEG4 HD is anywhere from 8 to 20Mbps, depending on > > how much wow factor the broadcaster is trying to give. > > Nope, ATSC is 19 (more accurately 19.28) megabits per second. So why would anyon

RE: [ppml] too many variables

> And yet people still say the sky is falling with > respect to routing convergence and FIB size. > Probably a better comparison BTW, would be with a Actually, the better comparison is with the power of current processors used in Juniper and Cisco gear with the current Moore's law power of com

RE: The Choice: IPv4 Exhaustion or Transition to IPv6

> - that less than 50% of the v4 space is currently routed. > scarcity will presumably cause these non-routed blocks to be: > :- used and routes > :- reclaimed and reassigned > :- sold on Uh, no. Just because the address space is not visible in the public Internet's default free zone does not

Power conservation - was: 24x7 Support Strategies

> But back to chips and heat generation. Has anyone > instrumented some of these servers (and their software) to > figure out how much heat various functions generate? It seems that someone has done just that. A list member sent me a private reply pointing me to http://www.linuxpowertop.org/ I

RE: FBI tells the public to call their ISP for help

> Since many Microsoft patches are only legally available via > the Internet, and an ISP can not predict which servers > Microsoft will use to distribute Microsoft patches, ISPs must > enable essentially full Internet access which includes access > for most worms. Has anybody tried a firewall

RE: 24x7 Support Strategies

> A related area that might well be worth revisiting is > cooling. IIRC, it was someone from Google, at the Intel > developer conference, who said that their power and HVAC > costs were rapidly approaching the cost of their servers. He > laid down a challenge for chipmakers to be more energy-e

IPv6 transition work was RE: NANOG 40 agenda posted

> Without naming any vendors, quite a few features that work > with hardware assist/fast path in v4, don't have the same > hardware assist in v6 (or that sheer enabling of ipv6 doesn't > impact v4 performance drasticly). > Also, quite a few features simply are not supported in v6 > (not to m

RE: NANOG 40 agenda posted

> > Isn't his point that y! could offer IPv6 e-mail in parallel to the > > existing IPv4 service, putting the IPv6 machines in a subdomain > > ipv6.yahoo.com, so that end users and networks who want to > do it can > > do so without bothering the others? > > This doesn't sound at all like a tr

RE: why same names, was Re: NANOG 40 agenda posted

> Before someone starts it, the debate between transition > protocols to use is well and truely over. Teredo and 6to4 > have been chosen for use by the software vendors of the end > systems. (fine by me) This is misleading. You are using IPv6 jargon (transition protocol) whose meaning is not o

RE: NANOG 40 agenda posted

> > In the past we've used "www6" for v6 only, "www4" for v4 only, and > > "www" has both v6 and v4. > Which works fine for you and me, but not for my mother. Which means it is an excellent suggestion for the transition phase into an IPv6 Internet. Since that happens to be where we are right

RE: Advice requested

> 1) Locate baseball bat > On a more serious note, I'd contact them and ask for them to stop. > Barring that call a lawyer and have a fancy letter sent to > someone's boss. Seems pointless really. If you detect someone hacking your servers and your company does not have a network security depar

RE: NANOG 40 agenda posted

> > > For core links it should IMHO be mostly possible to keep them > > > IPv4/IPv6 > > > dual-stack. > > > > What's wrong with MPLS in the core and 6PE at the edge? > > > > Right there you have two possible tactics that are worthy of being > > publicly discussed and compared. > > stewart bamfo

RE: NANOG 40 agenda posted

> what's interesting is the chicken/egg problem of users/content/ipv6. > What's driving v6 deployment? Currently, it is IPv4 exhaustion. As for content, that can be tied to users in some situations, for instance VPNs. That's why I think that a lot of the worry is premature. Instead of figuring ou

IPv6 services trial

> This is useless. Users need to use the same name for both > IPv4 and IPv6, they should not notice it. This is *NOT* useless. If a user network is connected to an ISP only through IPv6, then it is very useful indeed, if they can access email services or any other service provided by Yahoo, Goo

RE: NANOG 40 agenda posted

>Back in the day, there was something called Interop where vendors were >put under the thumb. Since there is no such thing for IPv6, perhaps >NANOG could step into that vacuum. I've gotten a couple of replies pointing me to http://www.ipv6ready.org Although the website doesn't make it very clear

RE: NANOG 40 agenda posted

> For core links it should IMHO be mostly possible to keep them > IPv4/IPv6 > dual-stack. What's wrong with MPLS in the core and 6PE at the edge? Right there you have two possible tactics that are worthy of being publicly discussed and compared. > Towards endusers it can become nasty, eg it

RE: Detailed Juniper J-Flow Overview

> ...that's _not_ a .pdf is sought, pointer appreciated. > > I'm trying to gather some flow-export data points, and > Juniper's website is quite "pdf-friendly". > > Any additional pointers to sample output, etc. would be much > appreciated. Google is your friend. Try pdf-to-text or "Juniper

  1   2   >