nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NANOG Digest, Vol 48, Issue 41

From: Scot Loach <scot.loach () gmail com>
Date: Sun, 15 Jan 2012 13:56:45 -0500
On 1/15/12, nanog-request () nanog org <nanog-request () nanog org> wrote:

Send NANOG mailing list submissions to
      nanog () nanog org

To subscribe or unsubscribe via the World Wide Web, visit
      https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
      nanog-request () nanog org

You can reach the person managing the list at
      nanog-owner () nanog org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of NANOG digest..."


Today's Topics:

   1. Re: Whois 172/12 (Alex Ryu)
   2. RE: Whois 172/12 (Network IP Dog)
   3. Re: Monday Night Footbal -- on Google? (Mark Tinka)
   4. Re: Whois 172/12 (Suresh Ramasubramanian)
   5. Re: Whois 172/12 (Jay Moran)
   6. accessing multiple devices via a script (Abdullah Al-Malki)
   7. Re: accessing multiple devices via a script (Phil Regnauld)
   8. Re: accessing multiple devices via a script (Joel jaeggli)
   9. Re: accessing multiple devices via a script (Justin Krejci)
  10. Re: accessing multiple devices via a script (Kurth Bemis)
  11. RE: Whois 172/12 (Keith Medcalf)


----------------------------------------------------------------------

Message: 1
Date: Sun, 15 Jan 2012 09:43:24 -0600
From: Alex Ryu <r.hyunseog () ieee org>
To: bmanning () vacation karoshi com
Cc: nanog () nanog org
Subject: Re: Whois 172/12
Message-ID:
      <CAM9zEH5_P2o2s8rT6TaE1OeE4dZC2GamWpgDAoZU_i1iq=p4Cw () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

Similar to 1.0.0.0/8 case, which was allocated to APNIC last year or so...


On Sun, Jan 15, 2012 at 6:47 AM,  <bmanning () vacation karoshi com> wrote:

On Sun, Jan 15, 2012 at 06:36:12AM -0600, Robert Bonomi wrote:

From nanog-bounces+bonomi=mail.r-bonomi.com () nanog org ?Sun Jan 15
02:02:00 2012
Subject: Re: Whois 172/12
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Sun, 15 Jan 2012 02:58:11 -0500
To: NANOG list <nanog () nanog org>

Read RFC1918.

Likely a machine on his local network (i.e. behind the same NAT box) is
hitting him.



Patrick,
? I'v read RFC-1918. ? I cannot find *any* reference to ?172.0/12, as the
OP
was asking about. ?172.16/12, yes. but not 172.0/12. ?Can you please
clarify
your advice?

ZZ



? ? ? ?so as a stylistic point, ? 172/12 ?is supposed to equal
172.0.0.0/12?

? ? ? ?if memory serves, back in the day, there were records of
allocations in this space,
? ? ? ?pre-ARIN. When RFC 1918 was settled on, there were some folks
blocking 172.0.0.0/8
? ? ? ?so there was talk of relocating those folks into other space.

/bill





------------------------------

Message: 2
Date: Sun, 15 Jan 2012 08:16:42 -0800
From: "Network IP Dog" <network.ipdog () gmail com>
To: "'Suresh Ramasubramanian'" <ops.lists () gmail com>, "'Patrick W.
      Gilmore'" <patrick () ianai net>
Cc: 'NANOG list' <nanog () nanog org>
Subject: RE: Whois 172/12
Message-ID: <4f12fbf5.a24de70a.66e1.fffff79b () mx google com>
Content-Type: text/plain;     charset="UTF-8"

<quote>Jesus. 172.16/12 fine .. that's rfc1918.   The rest of 172/8 is
mostly unallocated.</quote>

What's with the language?

Ephesians 4:32  &  Cheers!!!

-----Original Message-----
From: Suresh Ramasubramanian [mailto:ops.lists () gmail com]
Sent: Sunday, January 15, 2012 12:35 AM
To: Patrick W. Gilmore
Cc: NANOG list
Subject: Re: Whois 172/12

Jesus. 172.16/12 fine .. that's rfc1918.   The rest of 172/8 is mostly
unallocated.

On Sun, Jan 15, 2012 at 1:28 PM, Patrick W. Gilmore <patrick () ianai net>
wrote:

Read RFC1918.

Likely a machine on his local network (i.e. behind the same NAT box) is
hitting him.

But that is not guaranteed.  A packet with a source address of 172.0.x.x




--
Suresh Ramasubramanian (ops.lists () gmail com)




------------------------------

Message: 3
Date: Mon, 16 Jan 2012 00:17:55 +0800
From: Mark Tinka <mtinka () globaltransit net>
To: nanog () nanog org
Subject: Re: Monday Night Footbal -- on Google?
Message-ID: <201201160017.59546.mtinka () globaltransit net>
Content-Type: text/plain; charset="us-ascii"

On Thursday, January 12, 2012 12:06:42 PM Jay Ashworth
wrote:


I'm not saying you need the whole 19mbps (though,
remember here, we are not talking about "Additional
Carriage"; we are talking about *being the only way
people can see that game* -- and my example was the
Super Bowl).. but unless MPEG algorithms have gotten
*much* better than I'm aware of, 5mb/s is probably not
enough for the Super Bowl.  And you'd really be better
off with some FEC, too, even if it costs you a couple
frames extra delay.


For broadcast networks, what we're seeing they like is that
unlike satellite transmissions, there is more flexibility
for them on IP (IPTv), which would let them lift compression
rates and pack more data into a stream.

But because most of them are primarily satellite
broadcasting houses, only starting to roll-out IPTv, they
need to maintain parity on both transmission media.

Whatever the case, 5Mbps would be too low. At 1080i, we have
a customer pushing HD channels at about 13Mbps a piece, give
or take.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL:
<http://mailman.nanog.org/pipermail/nanog/attachments/20120116/266aa19b/attachment-0001.bin>

------------------------------

Message: 4
Date: Sun, 15 Jan 2012 21:59:53 +0530
From: Suresh Ramasubramanian <ops.lists () gmail com>
To: Network IP Dog <network.ipdog () gmail com>
Cc: NANOG list <nanog () nanog org>
Subject: Re: Whois 172/12
Message-ID:
      <CAArzuouosAsiA6YR_RZxOU9wB5+evG_uyJNK2gx3sQWAvmksVw () mail gmail com>
Content-Type: text/plain; charset=UTF-8

So kind, compassionate and forgiving that I'll buy Patrick a beer when
I see him next, its been a long time.

--srs

On Sun, Jan 15, 2012 at 9:46 PM, Network IP Dog <network.ipdog () gmail com>
wrote:

<quote>Jesus. 172.16/12 fine .. that's rfc1918. ? The rest of 172/8 is
mostly unallocated.</quote>

What's with the language?

Ephesians 4:32 ?& ?Cheers!!!




--
Suresh Ramasubramanian (ops.lists () gmail com)



------------------------------

Message: 5
Date: Sun, 15 Jan 2012 11:39:48 -0500
From: Jay Moran <jay+NANOG () tp org>
To: NANOG <nanog () nanog org>
Subject: Re: Whois 172/12
Message-ID:
      <CA+Ld8r9ouXgt6FPb_jdOASf9bK_CwmeQjYQV9dc=+JeEZFVr4w () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

On Sun, Jan 15, 2012 at 8:54 AM, Jon Lewis <jlewis () lewis org> wrote:



AOL has and uses (publicly) a bunch of space in 172/8.  In fact, looking
at a BGP table, I'd say they're by far the largest user (one of the only)
in that /8.



We, AOL, have 172.128/10, 172.192/12, 172.208/13, 172.216/16. These blocks
represent our dial-up ISP customers that can't seem to get broadband or for
whatever reason, stay on dial-up. Also pretty amazingly is how high the
simultaneous user count has stayed, guess the folks that left weren't the
ones on in the evenings between 7-10pm ET. We (mostly me) are looking into
solutions to be able to remove the reliance on this space. Unfortunately,
most of the developers, who created the various servers/applications that
dole out these addresses, all left in the late 90's with some pretty fat
wallets; at this point... it's an archeology dig.

Jay
--
Jay Moran
http://tp.org/jay


------------------------------

Message: 6
Date: Sun, 15 Jan 2012 20:52:50 +0300
From: Abdullah Al-Malki <a.almalki1402 () gmail com>
To: nanog () nanog org
Subject: accessing multiple devices via a script
Message-ID:
      <CAPoCSvtrRhCc4T_LOdz_7EAhwckeP58zJfvy8UfiLjf4qq48LQ () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

Hi fellows,
I am supporting a big service provider and sometimes I face this problem.
Sometimes I want to access my customer network and want to extract some
verification output "show commands" from a large number of devices.

What kind of scripting solutions you guys are using this case.

Appreciate the feedback,
Abdullah


------------------------------

Message: 7
Date: Sun, 15 Jan 2012 18:56:55 +0100
From: Phil Regnauld <regnauld () nsrc org>
To: Abdullah Al-Malki <a.almalki1402 () gmail com>
Cc: nanog () nanog org
Subject: Re: accessing multiple devices via a script
Message-ID: <20120115175655.GB35765 () macbook bluepipe net>
Content-Type: text/plain; charset=us-ascii

Abdullah Al-Malki (a.almalki1402) writes:

Hi fellows,
I am supporting a big service provider and sometimes I face this problem.
Sometimes I want to access my customer network and want to extract some
verification output "show commands" from a large number of devices.

What kind of scripting solutions you guys are using this case.


      Hi Abdullah,

      rancid ?

      http://www.shrubbery.net/rancid/

      Cheers,
      Phil



------------------------------

Message: 8
Date: Sun, 15 Jan 2012 10:01:29 -0800
From: Joel jaeggli <joelja () bogus com>
To: Phil Regnauld <regnauld () nsrc org>
Cc: nanog () nanog org
Subject: Re: accessing multiple devices via a script
Message-ID: <4F131479.6040805 () bogus com>
Content-Type: text/plain; charset=ISO-8859-1

On 1/15/12 09:56 , Phil Regnauld wrote:

Abdullah Al-Malki (a.almalki1402) writes:

Hi fellows,
I am supporting a big service provider and sometimes I face this problem.
Sometimes I want to access my customer network and want to extract some
verification output "show commands" from a large number of devices.

What kind of scripting solutions you guys are using this case.


     Hi Abdullah,

     rancid ?

     http://www.shrubbery.net/rancid/


clogin from rancid features prominently in a lot of our network level
automation...

so does pdsh...

http://code.google.com/p/pdsh/

Particularly when it involves hosts.


     Cheers,
     Phil






------------------------------

Message: 9
Date: Sun, 15 Jan 2012 18:41:09 +0000
From: "Justin Krejci" <jkrejci () usinternet com>
To: "Abdullah Al-Malki" <a.almalki1402 () gmail com>, nanog () nanog org
Subject: Re: accessing multiple devices via a script
Message-ID:
      <1400261429-1326652872-cardhu_decombobulator_blackberry.rim.net-359265357-@b1.c4.bise6.blackberry>
      
Content-Type: text/plain

Parallel ssh (pssh) might help you too


------Original Message------
From: Abdullah Al-Malki
To: nanog () nanog org
Subject: accessing multiple devices via a script
Sent: Jan 15, 2012 11:52 AM

Hi fellows,
I am supporting a big service provider and sometimes I face this problem.
Sometimes I want to access my customer network and want to extract some
verification output "show commands" from a large number of devices.

What kind of scripting solutions you guys are using this case.

Appreciate the feedback,
Abdullah




------------------------------

Message: 10
Date: Sun, 15 Jan 2012 13:46:13 -0500
From: Kurth Bemis <kurth.bemis () gmail com>
To: Phil Regnauld <regnauld () nsrc org>
Cc: nanog () nanog org
Subject: Re: accessing multiple devices via a script
Message-ID: <1326653173.3288.4.camel@kurth-gsm>
Content-Type: text/plain; charset="UTF-8"

On Sun, 2012-01-15 at 18:56 +0100, Phil Regnauld wrote:

Abdullah Al-Malki (a.almalki1402) writes:

Hi fellows,
I am supporting a big service provider and sometimes I face this
problem.
Sometimes I want to access my customer network and want to extract some
verification output "show commands" from a large number of devices.

What kind of scripting solutions you guys are using this case.


     Hi Abdullah,

     rancid ?

     http://www.shrubbery.net/rancid/

     Cheers,
     Phil



Back in the day (~2001 era) I used expect to do a lot of tasks across
(in that day) telnet.

http://www.linuxjournal.com/article/3065

Good Luck,
~k




------------------------------

Message: 11
Date: Sun, 15 Jan 2012 11:49:22 -0700
From: "Keith Medcalf" <kmedcalf () dessus com>
To: "nanog () nanog org" <nanog () nanog org>
Subject: RE: Whois 172/12
Message-ID: <4317db7bf189e74dad2ded425777378e () mail dessus com>
Content-Type: text/plain;     charset="iso-8859-1"


As port 137 is the Netbios Name Service port are you *sure* this is a port
scan and not a windows box (or other OS running NetBIOS crud) that simply
has fat-fingered addresses configured?


---
()? ascii ribbon campaign against html e-mail
/\? www.asciiribbon.org



-----Original Message-----
From: Ted Fischer [mailto:ted () fred net]
Sent: Sunday, 15 January, 2012 01:20
To: nanog () nanog org
Subject: Re: Whois 172/12

Thanks for the replies so far, but not what I was looking for.

I should have specified that I've done several ns & dig lookups just to
make sure.

We were supposed to have lit up the last of IPv4 last year.  I would have
presumed that meant that there was nothing left.  Since I can't find a
reference to 172/12 anywhere, one might be led to presume that it was
allocated somehow, to someone (perhaps inadvertently not recorded) since
there are - supposedly - no fresh IPv4 addresses left to allocate, and the
only reference to this block is that 172/8 is allocated to ARIN.  It
doesn't even appear in RFC 5735.

We all know about 172.16/12 - nothing left of that horse but glue.

My question is about 172/12.  Where is it, what is it's supposed purpose.
I'm almost sure it's an internal box.  I just find it better to give a
professional answer to "why can't I use this" than just "you can't use
this and why is this address scanning you for udp/137 anyway".

If someone can point out to me what was done with 172/12 I'd appreciate
it.


Patrick opined:

Read RFC1918.


  I didn't remember seeing anything about 172/12 in RFC1918.  Looked at it
again.  Is there something about 172/12 I missed?  Thanks.


Likely a machine on his local network (i.e. behind the same NAT box) is
hitting him.

But that is not guaranteed.  A packet with a source address of 172.0.x.x
could be hitting his machine.  Depends on how well you filter.  Many
networks only look at destination IP address, source can be anything -
spoofed, un-NAT'ed, etc.  He just wouldn't be able to send anything back
to it (unless it was on the local LAN, as I mention above).

--
TTFN,
patrick


On Jan 15, 2012, at 2:53 AM, Alex Ryu wrote:


As far as I know, 172.0.1.216 is not assigned, yet.

whois -h whois.arin.net 172.0.1.216
[whois.arin.net]
#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 172.0.1.216"
#
# Use "?" to get help.
#

No match found for 172.0.1.216.



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Also, when you check BGP routing table, it is not routed at all.

route-server.as3257.net>sh ip bgp 172.0.1.216
% Network not in table
route-server.as3257.net>

So it seems like forged IP address.

Alex


On Sun, Jan 15, 2012 at 1:37 AM, Ted Fischer <ted () fred net> wrote:

Hi all,

  Tearing what's left of my hair out.

  A customer is getting scanned by a host claiming to be
"172.0.1.216".

  I know this is bogus, but I want to go back to the customer with as
much authoritative umph as I can (heaven forbid they just take my
word).

  I'm pretty sure I read somewhere once that 172/12 was "reserved" or
something like that.  All I can find now is that 172/8 is
"administered
by
ARIN".  Lots of information on 172.16/12, but not a peep about
172/12.

  If anybody could provide some insight as to the
allocation/non-allocation of this block, it would be much appreciated.

  Thanks.

Ted Fischer
























End of NANOG Digest, Vol 48, Issue 41
*************************************



-- 
Sent from my mobile device
Previous By Date Next
Previous By Thread Next

Current thread: