RE: 69/8...this sucks

In addition, sometimes the problem is that my user just needs to put the
crack pipe down. I just don't feel comfortable with this last one anymore,
though. I can't be sure it's the crack. It could be the IPs. How do I know?

I'm not a major router admin. I manage a couple dozen /24's and the
supporting gear, but...

It seems one purpose (perhaps remote) of bogon filters is security. Why
not get someone like CERT to broadcast changes in allocations? I'd bet a
cup of Dunkin' Donuts coffee that the news would quickly get to the
"right" people.

My $two_cents for very large values of $two_cents.
(back to my hole)
-ed -----------------
ed@the7thbeer.com

no ip clue-inhibit
ip bgp redistribute-clue

Thus spake "JC Dill" <nanog@vo.cnchost.com>

p.s. Please don't cc me on replies, or on replies to replies, etc. I
get the list email just fine and I don't need more than one copy of any
given email. Really.

1) nanog can sometimes take hours to forward posts to all members
2) the people directly involved in the thread reasonably expect to get
responses immediately
3) seeing your name in the To/Cc line may attach greater importance to the
message
4) duplicates can be automatically blocked by procmail with:
:0 Wh:.msgid.cache.lock

formail -D 8192 .msgid.cache

S

Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

Thus spake "Jack Bates" <jbates@brightok.net>

After the renumber, I'll
only have 69/8 space, which means all critical services such as my mail,
dns, and web servers will all be affected. I hear it now. "I didn't

receive

mail from so and so!" I check the logs and don't see an established
connection to my server. So, is the problem that the far mail server lost
the message, the user emailed the wrong place, or my new IP addresses
weren't accessible by the far mail server or the dns servers that it uses?

There's several BCPs that tell you to have at least one DNS server and at
least one unfavorable MX off-site. If you did this, your mail would be
safe, albeit a little slow from misconfigured sites.

S

Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

With that in mind, perhaps IANA and ICANN can be persuaded to renumber
into new space every time some is allocated? Or if you enjoy helpdesk
staff abused by end users in their thousands, encourage the use of a
.sex tld and house the root in new space.

TT

I suspect the problem isn't the backbones that have a NOC.

The problem is small mom&pop ISPs and companies where the NOC and the
senior secretary share a desk, and possibly a name.

An excellent choice - the average slashdot reader would resent any implication
that they were using a substandard clueless ISP, and would complain in a most
vociferous manner..

The problem is small mom&pop ISPs and companies where the NOC and the
senior secretary share a desk, and possibly a name.

maybe we should not encourage those who do not have time, talent,
and inclination to install bogon route filters that need to be
maintained?

Sure. If the NSPs would just filter the bogon routes, nobody else would
have to bother. Why is it that they don't?

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

Andy Dills wrote:

> maybe we should not encourage those who do not have time, talent,
> and inclination to install bogon route filters that need to be
> maintained?

Sure. If the NSPs would just filter the bogon routes, nobody else would
have to bother. Why is it that they don't?

  Filter (public, private and transit) peers or customers...? Or
themselves?
  I've had a few customers spontaneously (ahem) come up with remarkably
"Rob Thomas" configs (if any noun can be verbed, can any name be
adjectived?) -- I usually convince them to tone down the filters a bit.
The funny ones are those who've signed up for a partial table or
default. Then again, I suppose you can't be too careful.

Peter E. Fry

Yes.

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

Miss Rothschild wrote:

(Note to Mr. Dill, this is not intended to pick on you specifically, it's just a convenient place to butt in)

Ahem. It's _MS._ Dill, thank you.

Please post with a gender-specific name if you want to take offense
when mis-identified.

It is offensive to many people (both male and female) when someone
automatically assumes that an "unknown" person is male. Especially since:

      Females aged 2 and up accounted for 50.4 percent of U.S.
      Internet users in May, edging out their male counterparts,
      according to New York-based Internet research firms Media
      Metrix and Jupiter Communications

      [...]

      At Dulles-based America Online Inc., the nation's biggest
      online services company, 52 percent of its 23.2 million
      subscribers worldwide are women.

      [...]

      Some scholars believe the new-found gender parity is just
      another reflection of the social changes of the past few
      decades, when men and women found themselves on more equal
      footing. "That distinction has disappeared, and it is a
      huge revolution in society," says Michael Maccoby, an
      anthropologist and psychoanalyst.

<http://www.washingtonpost.com/ac2/wp-dyn/A137-2000Aug9?language=printer&gt;

It is doubly offensive when you opine that I have an obligation to
create and use [1] a gender-specific name solely to make things easier
for you and other sexist jerks^W men^W^W induh^H^Hividuals. What would
you do if my name was Pat or Chris? Or if YOUR name was Pat or Chris?

Sure you can. You just need content unimportant enough that no one
(the end users on a network that is still blocking 69/8, AND the
networks that put up the sacrificial target host on a 69/8 IP) is
truly hurt if the connection fails, but important enough that the
failure will lead to the broken networks being fixed and clue being
distributed.

How do I configure my routers and web servers for that?

ObNanog: Assuming you don't work at Google, if you aren't blocking 69/8
then your network will not be harmed in any way by the implementation of
this proposal. Thus you need to do nothing special at all. OTOH, if
you are improperly blocking 69/8, obviously you need to fix that when
you configure your "routers and web servers" (sic).

I'm suggesting that Google explain why they are doing this on a page
linked off their homepage. If this is done, people ARE going to
notice, and ARE going to find out why. When it is widely
publicised, it WILL be noticed even more.

Last I checked, Google was a for-profit business, not a charity house.
I'm not sure how doing something that will make them look dumb, and
cost them in valuable ad revenue, etc is in their best interests.
Perhaps you could fill me in here.

If you don't work at Google, then this is none of your concern.

p.s. Please don't cc me on replies, or on replies to replies, etc.

We have seen time after time that the propagation delays on the NANOG
list, most likely resultant from sub-optimal postfix/majordomo
configuration and/or an overloaded box, make it unsuitable for
realtime communications. With this in mind, I have taken the liberty
of cc'ing you in my reply, despite your request to the contrary.

I have no urgent need for your reply, I am happy to wait until I receive
email from the list. I politely made my request very clear, both in my
headers and in the body of my email. You responded by taking extra
steps to do the exact opposite of what I politely requested. Then you
have the gall to flame me for my polite request. This was very rude of
you.

If duplicate messages cluttering your inbox are causing you much
grief,

They are just an annoyance, as is being mistakenly referred to as a
male. Since you seem to think that these annoyances must be accepted as
part of participating on the net, be prepared to be referred to as Miss
Rothschild by me, now and in the future. What goes around comes around,
girlfriend.

jc

[1] JC Dill is my real name. It is the name on my passport and other
official documents.

It is offensive to many people (both male and female) when someone
automatically assumes that an "unknown" person is male.

though not offended, it does tell me a lot about the person making
the assumption. and it ain't positive.

but that nanog is yet another male dominated technical culture
(yamdtc) should surprise no one here. on the other hand, the level
of immature rudeness exhibited (remember when abha posted about the
geekgirls list?) can be *extremely* embarrassing, and some folk can
insist on making utter asses of themselves.

but, sad to say, none of this should surprise women. not to say
that women and men should not stand up against it when it occurs.

we now return you to small operators trying to convince other small
operators how they should run the route filters in their shops.
imiho, if it is not automated by protocol, banana eaters will screw
it up for sure. so, again imiho, this topic is about as likely to
make progress as serious gender equity in my lifetime <sigh>.

randy

From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
Behalf Of JC Dill
Sent: March 12, 2003 8:37 PM
To: nanog@merit.edu
Subject: Re: Put part of Google on 69/8 (was Re: 69/8...this sucks)

It is offensive to many people (both male and female) when
someone automatically assumes that an "unknown" person is
male. Especially since:

[snip]

It is doubly offensive when you opine that I have an
obligation to create and use [1] a gender-specific name
solely to make things easier for you and other sexist jerks^W
men^W^W induh^H^Hividuals. What would you do if my name was
Pat or Chris? Or if YOUR name was Pat or Chris?

I've had the opposite problem (people thinking I'm female, when I'm not...),
and it can get quite annoying, I agree.

I wonder if perhaps a solution would be doing something I saw a gentleman
from China, IIRC, do on this list quite a while ago. He had added (Mr.) to
his .sig to make it easy for people to figure out his gender. Perhaps this
would be an easyish way to somewhat-subtly warn people of the correct
gender?

Vivien

It is offensive to many people (both male and female) when someone
automatically assumes that an "unknown" person is male. Especially since:

      Females aged 2 and up accounted for 50.4 percent of U.S.
      Internet users in May, edging out their male counterparts,
      according to New York-based Internet research firms Media
      Metrix and Jupiter Communications

      [...]

      At Dulles-based America Online Inc., the nation's biggest
      online services company, 52 percent of its 23.2 million
      subscribers worldwide are women.

      [...]

      Some scholars believe the new-found gender parity is just
      another reflection of the social changes of the past few
      decades, when men and women found themselves on more equal
      footing. "That distinction has disappeared, and it is a
      huge revolution in society," says Michael Maccoby, an
      anthropologist and psychoanalyst.

Got any statistics for the actual demographic in question (NANOG)?
Probably not. But if you did, they'd support the assumption that an
unknown person is likely male, with extreme statistical significance.

It is doubly offensive when you opine that I have an obligation to
create and use [1] a gender-specific name solely to make things easier
for you and other sexist jerks^W men^W^W induh^H^Hividuals. What would
you do if my name was Pat or Chris? Or if YOUR name was Pat or Chris?

Not be offended if somebody didn't know my gender?

>>p.s. Please don't cc me on replies, or on replies to replies, etc.
>
> We have seen time after time that the propagation delays on the NANOG
> list, most likely resultant from sub-optimal postfix/majordomo
> configuration and/or an overloaded box, make it unsuitable for
> realtime communications. With this in mind, I have taken the liberty
> of cc'ing you in my reply, despite your request to the contrary.

I have no urgent need for your reply, I am happy to wait until I receive
email from the list. I politely made my request very clear, both in my
headers and in the body of my email. You responded by taking extra
steps to do the exact opposite of what I politely requested. Then you
have the gall to flame me for my polite request. This was very rude of
you.

Well, as somebody who rudely runs a mailing list, you should be used to
standard mailing list operating procedure.

> If duplicate messages cluttering your inbox are causing you much
> grief,

They are just an annoyance, as is being mistakenly referred to as a
male. Since you seem to think that these annoyances must be accepted as
part of participating on the net, be prepared to be referred to as Miss
Rothschild by me, now and in the future. What goes around comes around,
girlfriend.

Except, you know he's male, and he didn't know you were female. So, you
end up looking like a petty whiner who siezed upon the ability to be
offended, even when there was no cause for it.

Get over it. If my name was Andrea, I wouldn't be pissed if people assumed
I was a woman. I'd correct them and move on.

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

I've had the opposite problem (people thinking I'm female, when I'm

not...),

and it can get quite annoying, I agree.

Is this a pick up list? Find the guy or gal of your dreams that can think
too? I figure that you either earn people's respect or admiration or you
don't. Mailing-list sex hasn't ever been an interest of mine.

-Jack

Well, I've gotten [non-serious, I hope] marriage proposals from guys on
Usenet before...

I wouldn't go as far as Ms. Dill and saying it's offensive, but it is
annoying that whenever you call some company and they look you up in their
database, they say "ma'am" instead of "sir" (or, in Ms. Dill's case,
presumably the opposite), and whenever you start posting in a new forum
(Usenet, mailing list, etc), you inevitably have to correct the first person
who refers to you with the wrong gender pronouns, etc, which is always
embarassing for both you and the person who made the mistake...

That said, this is getting horribly off-topic... though perhaps we should
ask whether sex mailing lists are hosted on networks that filter 69/8?
(Yes, I know, that wasn't a good attempt at being on topic...)

Vivien

Fortunately, none of the simians on the list have objected to being
classified as 'banana eaters'

Randy, you've run a huge network. I have not had that opportunity, and I
don't have "banana eaters" working for me (and I'm not sure what that
phrase means exactly, but I'll assume it isn't racial).

I must not understand something. How would the banana eaters screw up
applying the same prefix-list outbound to all neighbors? Seems like an
easy protocol to follow. I could understand the problems with applying
inbound filters (unique huge filter for each neighbor), but if you're
willing to localize bogon routes to the border router, without
redistributing them, you get the job done. So filter announcements to
every neighbor.

That way, only the places with lots of administration (places that will
know to update filters) will need to worry about updating filters.

Then, bogon traffic only flows as far as the default route takes it,
without the ACL hit.

I'm not telling people that this is the cure, that this is how they should
run their network. I'm asking for the big operators to tell me what's
wrong with this idea. In theory, it should work, but I don't have the
pragmatism that comes with running a nationwide network staffed by banana
eaters. If nothing else, it seems like a worthy stopgap until the next
iteration of BGP comes along to really address the trust issues.

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

I must not understand something. How would the banana eaters screw up
applying the same prefix-list outbound to all neighbors?

  Humans tend to be imprecise. Scripted actions tend to be very precise.

  Implementing a process by which humans manually enter configurations
  is prone to error and more difficult to check.

  Implementing a scripted, automated process that enters configurations
  from a text file or database is more likely to be precise and thorough.

  In an anecdotal case, a human going router by router to update ACL 101
  is more prone to accidently skip a line in his vi list or his web list,
  that guides his manual logins. Another simple error that a human
  could make is to accidently mistakenly change cut/paste buffer.

  An automated computer program or script is much more likely to be precise.

  Notice I use the word "precise" above and not accurate. Humans may be
  more accurate in that they are intelligent enough to fix one-off problems.

  But when managing many many objects many network folks would value
  reliable precision over occasional accuracy.

  One can always manually find inaccuracies, and put algorithms for exception
  reports, of 'one-off situations' into a precise script.

  This is why many folks rightfully argue that change management should
  be scripted, and not entrusted to less experienced manual humans.

  There's a balance, and you can't have the Olivaws running amuch with
  their unintelligent precision. The automated processes must be well
  thought and audited by an intelligent, accurate human.

  -a