| Why treat exchange subnets differently to any other bit of backbone | infrastructure? Oh, I wholeheartedly agree. I would love them all to use RFC 1918 addresses, because it is VERY VERY VERY rare that anything outside the scope in which the 1918 local use addresses are unique actually has to communicate with backbone infrastructure of any type. What communication can your workstation have with an XYZNET router? Can you log into it? Can you talk SMTP to it? How about SNMP? Oh, I know - you can start up a BGP session with it from your desk, right? In short, ping & traceroute are about the only interaction anyone will ever have with a router that is not under their control, excepting error messages (which is the usual way at least traceroute works), and it is NOT WORTH THE ADDRESS CONSUMPTION just to facilitate this. Regrettably, IP sux in the confusing of "where" and "what", so the only way to know who sent you the error ICMP datagram except by the source address. ICMP types that let one encode a handy URL or maybe some text explaining the error and its source would be cool, and if this is regularized, then there's no point in having global address space consumed by things which are only ever going to have interactive sessions with local hosts, and you get to keep your end-to-end diagnostic regime of incredibly useful, reliable and intuitive tools like traceroute and ping. In the absence of new ICMP messages (which really have to be rolled out "everywhere"), redirecting the attention spent on inducing and interpreting them to an in-the-network tool for diagnosing the condition of a LOCAL set of infrastructure is something I think is quite practical. Perhaps a tiny chunk of address space with useful IN-ADDR.ARPA messages would be a good start. : unix ; traceroute abc.defxyz.net symbolic-name (217.31.0.1) 1 ms 1 ms 1 ms symbolic-name.your.provider.net (217.31.10.2) 5 ms 5 ms 5 ms please-see.http.www.smartprovider.net (223.255.255.1) 50 ms 50 ms 50 ms please-see.http.www.smartprovider.net (223.255.255.1) 60 ms 60 ms 60 ms please-see.http.www.smartprovider.net (223.255.255.1) 65 ms 65 ms 65 ms please-see.http.www.smartprovider.net (223.255.255.1) 70 ms 70 ms 70 ms please-see.http.www.smartprovider.net (223.255.255.1) 75 ms 75 ms 75 ms please-see.http.www.otherprovider.net (223.255.255.2) 79 ms 80 ms 79 ms please-see.http.www.otherprovider.net (223.255.255.2) 85 ms 82 ms 98 ms ... (I was kinda thinking it might be fun for someone with some spare address space to offer up a mapping of A.B.HI.LO with HI.LO being the higher and lower order bytes of an AS number, although obviously that's not necessary, and is going to be wasteful, since people like Joe will think this is so abominable, that they won't have their ASes do it :-) ) | Why number point-to-point links with even locally-unique addresses? iBGP hack requires intra-domain connectivity to work, and may sometimes require distinguished interface addresses; eBGP insists on connectivity between peers in same logical subnet except when you break that with intentional use of knobs. SNMP hack requires interactive intra-domain connectivity to work. SSH (and telnet disaster) requires interactive intra-domain connectivity to work. Ping/traceroute/etc originating from route-server host(s) require interactive intra-domain connectivity to work. All these and more may benefit from discretely numbered interfaces. These numbers may be 1918 addresses, or they be kept discreet. You might think this is rather backwards and Victorian, like hiding the legs of tables from prying eyes through the use of extremely long tablecloths. However, there are people who have had funny carpentry done, who might see this as a feature. | Slashdot readers wielding traceroute can make an annoying pain in the | side of your head, but traceroute and ping are not without their uses. No functionality is broken - it's just you get ICMP messages from things you probably cannot connect to in any meaningful way. Big deal, that's what you have now, pace ping. | Ask people who are cursed with running poorly-documented X.25 networks | (surely there must be some left) how nice it would be to be able to map | the network in-band. Ask them why they don't have any hair left, while | you're at it. MPLS cannot cause baldness. That lot all have thick and fuzzy hair, I think. I'll stick with conventional theory and suggest it might be genes or razors. (Are you gonna call NATs&6to4/faith X.75 gateways? Cool!) | You don't need to deal with the messy traceroute problem if your | consistent and clean architecture doesn't happen to make traceroute | mess :) Right, stop replying to things which are obviously or even probably traceroutes. No more traceroute mess. No more idiotic firewall operators complaining about these damn unreachable and exceeded messages. I think I'm in favour, although I have to admit traceroute can be fun. Did you ever see Louis Mamakos's toy? Sean.
[[ What's with the huge CC list everyone? Aren't we all subscribers? Do y'all enjoy getting multiple copies of replies? I don't! ;-) ]] [ On Tuesday, June 4, 2002 at 18:33:23 (-0700), Sean M. Doran wrote: ]
Subject: Re: Bogon list
| Why treat exchange subnets differently to any other bit of backbone | infrastructure?
Oh, I wholeheartedly agree. I would love them all to use RFC 1918 addresses, because it is VERY VERY VERY rare that anything outside the scope in which the 1918 local use addresses are unique actually has to communicate with backbone infrastructure of any type.
"has to" and "can" in this context are two very different things..... If everyone filtered source and destination bogons A.S.A.P.P.....
In short, ping & traceroute are about the only interaction anyone will ever have with a router that is not under their control, excepting error messages (which is the usual way at least traceroute works), and it is NOT WORTH THE ADDRESS CONSUMPTION just to facilitate this.
I'm not so sure I agree (traceroute can be fun), _BUT_, if such routers were to always use only one unique-to-themselves canonical routable address in all valid error messages that they generate then there wouldn't be such a problem. Providers would at the same time enjoy the benefits of hiding all the niggling interface details while not borking tools that the little guys a the edge have used to point the finger from time immemorial....
Regrettably, IP sux in the confusing of "where" and "what", so the only way to know who sent you the error ICMP datagram except by the source address.
Indeed, but IIRC there's nothing which says a router has to emit error replies using the source address of the interface the undeliverable packet arrived on, is there? If a given router uses a single unique-to-itself canonical globally routable source address for all ICMP error replies it generates then the output of the likes of traceroute and even ping will still be meaningful and useful. No important information is lost, at least not from the point of view of everyone _without_ a login on the router in question at least (and if you can login to the router then I should hope you can figure out what interface the undeliverable packets are arriving on without any external help!). Isn't there even an IOS command to "make it so", or am I dreaming visions of some as-yet unimplemented BSD-based router feature again? -- Greg A. Woods +1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>
## On 2002-06-05 04:45 -0700 Randy Bush typed: RB> RB> > [[ What's with the huge CC list everyone? Aren't we all subscribers? Do RB> > y'all enjoy getting multiple copies of replies? I don't! ;-) ]] RB> RB> :0 Wh: msgid.lock RB> | formail -D 8192 msgid.cache RB> RB> Randy, Are you sure that: 1) All NANOG subscribers recognize the above as a procmail rule ? 2) That all NANOG subscribers read list E-mail on machines that have procmail on them ? -- Rafi
On Wed, Jun 05, 2002 at 09:50:17PM +0300, rafi-nanog@meron.openu.ac.il said: [snip]
RB> :0 Wh: msgid.lock RB> | formail -D 8192 msgid.cache
Randy,
Are you sure that:
1) All NANOG subscribers recognize the above as a procmail rule ?
most of them, probably.
2) That all NANOG subscribers read list E-mail on machines that have procmail on them ?
So because it is not applicable in all situations, it's not worth mentioning? Procmail works for a good share of those reading this list, I'd wager. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
On Wed, Jun 05, 2002 at 09:50:17PM +0300, Rafi Sadowsky wrote:
## On 2002-06-05 04:45 -0700 Randy Bush typed:
RB> :0 Wh: msgid.lock RB> | formail -D 8192 msgid.cache
Randy,
Are you sure that:
1) All NANOG subscribers recognize the above as a procmail rule ?
If they don't, they're probably in one.
2) That all NANOG subscribers read list E-mail on machines that have procmail on them ?
This is still (for some definition of still) a technical list, mainly composed of network engineers (you know, the people who don't buy clothes because their entire wardrobe is paid for by vendors, and who have a statistically high chance of being fat, bald, bearded, and/or spotted at a NANOG bar), and other people involved in "operating the internet". As such, the posters are expected to have a certain level of common sense, for example: * Knowing what procmail is and how to use it * Not posting in HTML * Not posting "where can I get a T1 in BF Egypt" * Not posting "everyone on the internet is down but me!" etc. Not to be mean to anyone, but if you're expecting something else, you should probably look at one of the isp-* lists. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Although I asked awhile back if anyone knew anything about the new fiber going into Ecuador and no replies, it seemed like a good question. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Richard A Steenbergen Sent: Wednesday, June 05, 2002 11:54 AM To: nanog@merit.edu Cc: Randy Bush; Greg A. Woods Subject: Re: OT: Re: Bogon list On Wed, Jun 05, 2002 at 09:50:17PM +0300, Rafi Sadowsky wrote:
## On 2002-06-05 04:45 -0700 Randy Bush typed:
RB> :0 Wh: msgid.lock RB> | formail -D 8192 msgid.cache
Randy,
Are you sure that:
1) All NANOG subscribers recognize the above as a procmail rule ?
If they don't, they're probably in one.
2) That all NANOG subscribers read list E-mail on machines that have procmail on them ?
This is still (for some definition of still) a technical list, mainly composed of network engineers (you know, the people who don't buy clothes because their entire wardrobe is paid for by vendors, and who have a statistically high chance of being fat, bald, bearded, and/or spotted at a NANOG bar), and other people involved in "operating the internet". As such, the posters are expected to have a certain level of common sense, for example: * Knowing what procmail is and how to use it * Not posting in HTML * Not posting "where can I get a T1 in BF Egypt" * Not posting "everyone on the internet is down but me!" etc. Not to be mean to anyone, but if you're expecting something else, you should probably look at one of the isp-* lists.
Richard, Kindly explain how not knowing procmail (or Unix for that matter) relates to configuring BGP/OSPF/Cisco IOS/JunOS (Yes I know JunOS is based on FreeBSD - but I doubt anyone runs an MTA or MUA on it ... ;-) For Example: I happen to know a senior technical consultant who went from reading his Email on VM(IBM Mainframe) to reading it on his laptop with Eudora(POP3) and couldn't(shouldn't?) care less whether what OS the MTA and POP3 server run on Said person happens to be (semi)regular poster on NANOG and I seriously doubt he's made anyone's kill rule ... Also don't even get me started on *security* consultants that are forced (by corporate policy) to read Email on MS OutLook from an Exchange server :-( -- Rafi ## On 2002-06-05 15:54 -0400 Richard A Steenbergen typed: RAS> RAS> On Wed, Jun 05, 2002 at 09:50:17PM +0300, Rafi Sadowsky wrote: RAS> > RAS> > ## On 2002-06-05 04:45 -0700 Randy Bush typed: RAS> > RAS> > RB> :0 Wh: msgid.lock RAS> > RB> | formail -D 8192 msgid.cache RAS> > RAS> > Randy, RAS> > RAS> > Are you sure that: RAS> > RAS> > 1) All NANOG subscribers recognize the above as a procmail rule ? RAS> RAS> If they don't, they're probably in one. RAS> RAS> > 2) That all NANOG subscribers read list E-mail on machines that have RAS> > procmail on them ? RAS> RAS> This is still (for some definition of still) a technical list, mainly RAS> composed of network engineers (you know, the people who don't buy clothes RAS> because their entire wardrobe is paid for by vendors, and who have a RAS> statistically high chance of being fat, bald, bearded, and/or spotted at a RAS> NANOG bar), and other people involved in "operating the internet". RAS> RAS> As such, the posters are expected to have a certain level of common sense, RAS> for example: RAS> * Knowing what procmail is and how to use it What is the logical connection between that and the following ? RAS> * Not posting in HTML RAS> * Not posting "where can I get a T1 in BF Egypt" What is BF ? RAS> * Not posting "everyone on the internet is down but me!" RAS> etc. RAS> RAS> Not to be mean to anyone, but if you're expecting something else, you RAS> should probably look at one of the isp-* lists. RAS> RAS>
On Thu, Jun 06, 2002 at 02:14:21AM +0300, rafi-nanog@meron.openu.ac.il said:
Richard,
Kindly explain how not knowing procmail (or Unix for that matter) relates to configuring BGP/OSPF/Cisco IOS/JunOS (Yes I know JunOS is based on FreeBSD - but I doubt anyone runs an MTA or MUA on it ... ;-)
It's not a causal relationship, but more of an indirect one: those that tend to have networking clue very frequently also possess UNIX clue. Which is what I (and I suspect Richard) was driving at ... [snip]
Also don't even get me started on *security* consultants that are forced (by corporate policy) to read Email on MS OutLook from an Exchange server :-(
The MUA someone may have to use has nothing to do with whether or not that person possesses experience with UNIX and standard UNIX utilities. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
On Wed, 05 Jun 2002 21:50:17 +0300, Rafi Sadowsky said:
1) All NANOG subscribers recognize the above as a procmail rule ?
2) That all NANOG subscribers read list E-mail on machines that have procmail on them ?
3) Remember that for procmail to nuke the second copy, the second copy has to arrive - I'm personally just a bit miffed at somebody who sent me 2 copies of a large file. Yes, procmail nuked the second one - *after* I'd pulled several hundred K over a modem.
[ On Wednesday, June 5, 2002 at 23:22:38 (-0400), Valdis.Kletnieks@vt.edu wrote: ]
Subject: Re: OT: Re: Bogon list
3) Remember that for procmail to nuke the second copy, the second copy has to arrive - I'm personally just a bit miffed at somebody who sent me 2 copies of a large file. Yes, procmail nuked the second one - *after* I'd pulled several hundred K over a modem.
Indeed. That was my original point. I don't want to _receive_ two copies of any messages, especially not those that are also forwarded via any mailing list. I do what I can to ensure things work the way I desire for replies to my posts, and I'm surprised more people don't do what I do as well. -- Greg A. Woods +1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca> Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>
GAW> Date: Tue, 4 Jun 2002 23:14:58 -0400 (EDT) GAW> From: Greg A. Woods GAW> If a given router uses a single unique-to-itself canonical GAW> globally routable source address for all ICMP error replies GAW> it generates then the output of the likes of traceroute and GAW> even ping will still be meaningful and useful. No important GAW> information is lost, at least not from the point of view of GAW> everyone _without_ a login on the router in question at GAW> least (and if you can login to the router then I should hope GAW> you can figure out what interface the undeliverable packets GAW> are arriving on without any external help!). Sounds good to me. GAW> Isn't there even an IOS command to "make it so", or am I GAW> dreaming visions of some as-yet unimplemented BSD-based GAW> router feature again? I don't know of any existing sysctl, but it should be trivial to add "net.inet.icmp.sourceforce" or something like that. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.
participants (9)
-
E.B. Dreger -
Rafi Sadowsky -
Randy Bush -
Richard A Steenbergen -
Scott Francis -
smd@clock.org -
Valdis.Kletnieks@vt.edu -
W.D.McKinney -
woods@weird.com