NANOG Digest, Vol 48, Issue 41

Scot Loach scot.loach at gmail.com
Sun Jan 15 18:56:45 UTC 2012


On 1/15/12, nanog-request at nanog.org <nanog-request at nanog.org> wrote:
> Send NANOG mailing list submissions to
> 	nanog at nanog.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
> 	nanog-request at nanog.org
>
> You can reach the person managing the list at
> 	nanog-owner at nanog.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
>
>
> Today's Topics:
>
>    1. Re: Whois 172/12 (Alex Ryu)
>    2. RE: Whois 172/12 (Network IP Dog)
>    3. Re: Monday Night Footbal -- on Google? (Mark Tinka)
>    4. Re: Whois 172/12 (Suresh Ramasubramanian)
>    5. Re: Whois 172/12 (Jay Moran)
>    6. accessing multiple devices via a script (Abdullah Al-Malki)
>    7. Re: accessing multiple devices via a script (Phil Regnauld)
>    8. Re: accessing multiple devices via a script (Joel jaeggli)
>    9. Re: accessing multiple devices via a script (Justin Krejci)
>   10. Re: accessing multiple devices via a script (Kurth Bemis)
>   11. RE: Whois 172/12 (Keith Medcalf)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 15 Jan 2012 09:43:24 -0600
> From: Alex Ryu <r.hyunseog at ieee.org>
> To: bmanning at vacation.karoshi.com
> Cc: nanog at nanog.org
> Subject: Re: Whois 172/12
> Message-ID:
> 	<CAM9zEH5_P2o2s8rT6TaE1OeE4dZC2GamWpgDAoZU_i1iq=p4Cw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Similar to 1.0.0.0/8 case, which was allocated to APNIC last year or so...
>
>
> On Sun, Jan 15, 2012 at 6:47 AM,  <bmanning at vacation.karoshi.com> wrote:
>> On Sun, Jan 15, 2012 at 06:36:12AM -0600, Robert Bonomi wrote:
>>> > From nanog-bounces+bonomi=mail.r-bonomi.com at nanog.org ?Sun Jan 15
>>> > 02:02:00 2012
>>> > Subject: Re: Whois 172/12
>>> > From: "Patrick W. Gilmore" <patrick at ianai.net>
>>> > Date: Sun, 15 Jan 2012 02:58:11 -0500
>>> > To: NANOG list <nanog at nanog.org>
>>> >
>>> > Read RFC1918.
>>> >
>>> > Likely a machine on his local network (i.e. behind the same NAT box) is
>>> > hitting him.
>>>
>>>
>>> Patrick,
>>> ? I'v read RFC-1918. ? I cannot find *any* reference to ?172.0/12, as the
>>> OP
>>> was asking about. ?172.16/12, yes. but not 172.0/12. ?Can you please
>>> clarify
>>> your advice?
>>>
>>> ZZ
>>
>>
>> ? ? ? ?so as a stylistic point, ? 172/12 ?is supposed to equal
>> 172.0.0.0/12?
>>
>> ? ? ? ?if memory serves, back in the day, there were records of
>> allocations in this space,
>> ? ? ? ?pre-ARIN. When RFC 1918 was settled on, there were some folks
>> blocking 172.0.0.0/8
>> ? ? ? ?so there was talk of relocating those folks into other space.
>>
>> /bill
>>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 15 Jan 2012 08:16:42 -0800
> From: "Network IP Dog" <network.ipdog at gmail.com>
> To: "'Suresh Ramasubramanian'" <ops.lists at gmail.com>, "'Patrick W.
> 	Gilmore'" <patrick at ianai.net>
> Cc: 'NANOG list' <nanog at nanog.org>
> Subject: RE: Whois 172/12
> Message-ID: <4f12fbf5.a24de70a.66e1.fffff79b at mx.google.com>
> Content-Type: text/plain;	charset="UTF-8"
>
> <quote>Jesus. 172.16/12 fine .. that's rfc1918.   The rest of 172/8 is
> mostly unallocated.</quote>
>
> What's with the language?
>
> Ephesians 4:32  &  Cheers!!!
>
> -----Original Message-----
> From: Suresh Ramasubramanian [mailto:ops.lists at gmail.com]
> Sent: Sunday, January 15, 2012 12:35 AM
> To: Patrick W. Gilmore
> Cc: NANOG list
> Subject: Re: Whois 172/12
>
> Jesus. 172.16/12 fine .. that's rfc1918.   The rest of 172/8 is mostly
> unallocated.
>
> On Sun, Jan 15, 2012 at 1:28 PM, Patrick W. Gilmore <patrick at ianai.net>
> wrote:
>> Read RFC1918.
>>
>> Likely a machine on his local network (i.e. behind the same NAT box) is
>> hitting him.
>>
>> But that is not guaranteed.  A packet with a source address of 172.0.x.x
>
>
>
> --
> Suresh Ramasubramanian (ops.lists at gmail.com)
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 16 Jan 2012 00:17:55 +0800
> From: Mark Tinka <mtinka at globaltransit.net>
> To: nanog at nanog.org
> Subject: Re: Monday Night Footbal -- on Google?
> Message-ID: <201201160017.59546.mtinka at globaltransit.net>
> Content-Type: text/plain; charset="us-ascii"
>
> On Thursday, January 12, 2012 12:06:42 PM Jay Ashworth
> wrote:
>
>> I'm not saying you need the whole 19mbps (though,
>> remember here, we are not talking about "Additional
>> Carriage"; we are talking about *being the only way
>> people can see that game* -- and my example was the
>> Super Bowl).. but unless MPEG algorithms have gotten
>> *much* better than I'm aware of, 5mb/s is probably not
>> enough for the Super Bowl.  And you'd really be better
>> off with some FEC, too, even if it costs you a couple
>> frames extra delay.
>
> For broadcast networks, what we're seeing they like is that
> unlike satellite transmissions, there is more flexibility
> for them on IP (IPTv), which would let them lift compression
> rates and pack more data into a stream.
>
> But because most of them are primarily satellite
> broadcasting houses, only starting to roll-out IPTv, they
> need to maintain parity on both transmission media.
>
> Whatever the case, 5Mbps would be too low. At 1080i, we have
> a customer pushing HD channels at about 13Mbps a piece, give
> or take.
>
> Mark.
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 836 bytes
> Desc: This is a digitally signed message part.
> URL:
> <http://mailman.nanog.org/pipermail/nanog/attachments/20120116/266aa19b/attachment-0001.bin>
>
> ------------------------------
>
> Message: 4
> Date: Sun, 15 Jan 2012 21:59:53 +0530
> From: Suresh Ramasubramanian <ops.lists at gmail.com>
> To: Network IP Dog <network.ipdog at gmail.com>
> Cc: NANOG list <nanog at nanog.org>
> Subject: Re: Whois 172/12
> Message-ID:
> 	<CAArzuouosAsiA6YR_RZxOU9wB5+evG_uyJNK2gx3sQWAvmksVw at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> So kind, compassionate and forgiving that I'll buy Patrick a beer when
> I see him next, its been a long time.
>
> --srs
>
> On Sun, Jan 15, 2012 at 9:46 PM, Network IP Dog <network.ipdog at gmail.com>
> wrote:
>> <quote>Jesus. 172.16/12 fine .. that's rfc1918. ? The rest of 172/8 is
>> mostly unallocated.</quote>
>>
>> What's with the language?
>>
>> Ephesians 4:32 ?& ?Cheers!!!
>
>
>
> --
> Suresh Ramasubramanian (ops.lists at gmail.com)
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 15 Jan 2012 11:39:48 -0500
> From: Jay Moran <jay+NANOG at tp.org>
> To: NANOG <nanog at nanog.org>
> Subject: Re: Whois 172/12
> Message-ID:
> 	<CA+Ld8r9ouXgt6FPb_jdOASf9bK_CwmeQjYQV9dc=+JeEZFVr4w at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Sun, Jan 15, 2012 at 8:54 AM, Jon Lewis <jlewis at lewis.org> wrote:
>
>
>> AOL has and uses (publicly) a bunch of space in 172/8.  In fact, looking
>> at a BGP table, I'd say they're by far the largest user (one of the only)
>> in that /8.
>>
>
> We, AOL, have 172.128/10, 172.192/12, 172.208/13, 172.216/16. These blocks
> represent our dial-up ISP customers that can't seem to get broadband or for
> whatever reason, stay on dial-up. Also pretty amazingly is how high the
> simultaneous user count has stayed, guess the folks that left weren't the
> ones on in the evenings between 7-10pm ET. We (mostly me) are looking into
> solutions to be able to remove the reliance on this space. Unfortunately,
> most of the developers, who created the various servers/applications that
> dole out these addresses, all left in the late 90's with some pretty fat
> wallets; at this point... it's an archeology dig.
>
> Jay
> --
> Jay Moran
> http://tp.org/jay
>
>
> ------------------------------
>
> Message: 6
> Date: Sun, 15 Jan 2012 20:52:50 +0300
> From: Abdullah Al-Malki <a.almalki1402 at gmail.com>
> To: nanog at nanog.org
> Subject: accessing multiple devices via a script
> Message-ID:
> 	<CAPoCSvtrRhCc4T_LOdz_7EAhwckeP58zJfvy8UfiLjf4qq48LQ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi fellows,
> I am supporting a big service provider and sometimes I face this problem.
> Sometimes I want to access my customer network and want to extract some
> verification output "show commands" from a large number of devices.
>
> What kind of scripting solutions you guys are using this case.
>
> Appreciate the feedback,
> Abdullah
>
>
> ------------------------------
>
> Message: 7
> Date: Sun, 15 Jan 2012 18:56:55 +0100
> From: Phil Regnauld <regnauld at nsrc.org>
> To: Abdullah Al-Malki <a.almalki1402 at gmail.com>
> Cc: nanog at nanog.org
> Subject: Re: accessing multiple devices via a script
> Message-ID: <20120115175655.GB35765 at macbook.bluepipe.net>
> Content-Type: text/plain; charset=us-ascii
>
> Abdullah Al-Malki (a.almalki1402) writes:
>> Hi fellows,
>> I am supporting a big service provider and sometimes I face this problem.
>> Sometimes I want to access my customer network and want to extract some
>> verification output "show commands" from a large number of devices.
>>
>> What kind of scripting solutions you guys are using this case.
>
> 	Hi Abdullah,
>
> 	rancid ?
>
> 	http://www.shrubbery.net/rancid/
>
> 	Cheers,
> 	Phil
>
>
>
> ------------------------------
>
> Message: 8
> Date: Sun, 15 Jan 2012 10:01:29 -0800
> From: Joel jaeggli <joelja at bogus.com>
> To: Phil Regnauld <regnauld at nsrc.org>
> Cc: nanog at nanog.org
> Subject: Re: accessing multiple devices via a script
> Message-ID: <4F131479.6040805 at bogus.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 1/15/12 09:56 , Phil Regnauld wrote:
>> Abdullah Al-Malki (a.almalki1402) writes:
>>> Hi fellows,
>>> I am supporting a big service provider and sometimes I face this problem.
>>> Sometimes I want to access my customer network and want to extract some
>>> verification output "show commands" from a large number of devices.
>>>
>>> What kind of scripting solutions you guys are using this case.
>>
>> 	Hi Abdullah,
>>
>> 	rancid ?
>>
>> 	http://www.shrubbery.net/rancid/
>
> clogin from rancid features prominently in a lot of our network level
> automation...
>
> so does pdsh...
>
> http://code.google.com/p/pdsh/
>
> Particularly when it involves hosts.
>
>> 	Cheers,
>> 	Phil
>>
>
>
>
>
> ------------------------------
>
> Message: 9
> Date: Sun, 15 Jan 2012 18:41:09 +0000
> From: "Justin Krejci" <jkrejci at usinternet.com>
> To: "Abdullah Al-Malki" <a.almalki1402 at gmail.com>, nanog at nanog.org
> Subject: Re: accessing multiple devices via a script
> Message-ID:
> 	<1400261429-1326652872-cardhu_decombobulator_blackberry.rim.net-359265357- at b1.c4.bise6.blackberry>
> 	
> Content-Type: text/plain
>
> Parallel ssh (pssh) might help you too
>
>
> ------Original Message------
> From: Abdullah Al-Malki
> To: nanog at nanog.org
> Subject: accessing multiple devices via a script
> Sent: Jan 15, 2012 11:52 AM
>
> Hi fellows,
> I am supporting a big service provider and sometimes I face this problem.
> Sometimes I want to access my customer network and want to extract some
> verification output "show commands" from a large number of devices.
>
> What kind of scripting solutions you guys are using this case.
>
> Appreciate the feedback,
> Abdullah
>
>
>
>
> ------------------------------
>
> Message: 10
> Date: Sun, 15 Jan 2012 13:46:13 -0500
> From: Kurth Bemis <kurth.bemis at gmail.com>
> To: Phil Regnauld <regnauld at nsrc.org>
> Cc: nanog at nanog.org
> Subject: Re: accessing multiple devices via a script
> Message-ID: <1326653173.3288.4.camel at kurth-gsm>
> Content-Type: text/plain; charset="UTF-8"
>
> On Sun, 2012-01-15 at 18:56 +0100, Phil Regnauld wrote:
>> Abdullah Al-Malki (a.almalki1402) writes:
>> > Hi fellows,
>> > I am supporting a big service provider and sometimes I face this
>> > problem.
>> > Sometimes I want to access my customer network and want to extract some
>> > verification output "show commands" from a large number of devices.
>> >
>> > What kind of scripting solutions you guys are using this case.
>>
>> 	Hi Abdullah,
>>
>> 	rancid ?
>>
>> 	http://www.shrubbery.net/rancid/
>>
>> 	Cheers,
>> 	Phil
>>
>
> Back in the day (~2001 era) I used expect to do a lot of tasks across
> (in that day) telnet.
>
> http://www.linuxjournal.com/article/3065
>
> Good Luck,
> ~k
>
>
>
>
> ------------------------------
>
> Message: 11
> Date: Sun, 15 Jan 2012 11:49:22 -0700
> From: "Keith Medcalf" <kmedcalf at dessus.com>
> To: "nanog at nanog.org" <nanog at nanog.org>
> Subject: RE: Whois 172/12
> Message-ID: <4317db7bf189e74dad2ded425777378e at mail.dessus.com>
> Content-Type: text/plain;	charset="iso-8859-1"
>
>
> As port 137 is the Netbios Name Service port are you *sure* this is a port
> scan and not a windows box (or other OS running NetBIOS crud) that simply
> has fat-fingered addresses configured?
>
>
> ---
> ()? ascii ribbon campaign against html e-mail
> /\? www.asciiribbon.org
>
>
>> -----Original Message-----
>> From: Ted Fischer [mailto:ted at fred.net]
>> Sent: Sunday, 15 January, 2012 01:20
>> To: nanog at nanog.org
>> Subject: Re: Whois 172/12
>>
>> Thanks for the replies so far, but not what I was looking for.
>>
>> I should have specified that I've done several ns & dig lookups just to
>> make sure.
>>
>> We were supposed to have lit up the last of IPv4 last year.  I would have
>> presumed that meant that there was nothing left.  Since I can't find a
>> reference to 172/12 anywhere, one might be led to presume that it was
>> allocated somehow, to someone (perhaps inadvertently not recorded) since
>> there are - supposedly - no fresh IPv4 addresses left to allocate, and the
>> only reference to this block is that 172/8 is allocated to ARIN.  It
>> doesn't even appear in RFC 5735.
>>
>> We all know about 172.16/12 - nothing left of that horse but glue.
>>
>> My question is about 172/12.  Where is it, what is it's supposed purpose.
>> I'm almost sure it's an internal box.  I just find it better to give a
>> professional answer to "why can't I use this" than just "you can't use
>> this and why is this address scanning you for udp/137 anyway".
>>
>> If someone can point out to me what was done with 172/12 I'd appreciate
>> it.
>>
>>
>> Patrick opined:
>> > Read RFC1918.
>>
>>   I didn't remember seeing anything about 172/12 in RFC1918.  Looked at it
>> again.  Is there something about 172/12 I missed?  Thanks.
>>
>> > Likely a machine on his local network (i.e. behind the same NAT box) is
>> > hitting him.
>> >
>> > But that is not guaranteed.  A packet with a source address of 172.0.x.x
>> > could be hitting his machine.  Depends on how well you filter.  Many
>> > networks only look at destination IP address, source can be anything -
>> > spoofed, un-NAT'ed, etc.  He just wouldn't be able to send anything back
>> > to it (unless it was on the local LAN, as I mention above).
>> >
>> > --
>> > TTFN,
>> > patrick
>> >
>> >
>> > On Jan 15, 2012, at 2:53 AM, Alex Ryu wrote:
>> >
>> >> As far as I know, 172.0.1.216 is not assigned, yet.
>> >>
>> >> whois -h whois.arin.net 172.0.1.216
>> >> [whois.arin.net]
>> >> #
>> >> # Query terms are ambiguous.  The query is assumed to be:
>> >> #     "n 172.0.1.216"
>> >> #
>> >> # Use "?" to get help.
>> >> #
>> >>
>> >> No match found for 172.0.1.216.
>> >>
>> >>
>> >>
>> >> #
>> >> # ARIN WHOIS data and services are subject to the Terms of Use
>> >> # available at: https://www.arin.net/whois_tou.html
>> >> #
>> >>
>> >> Also, when you check BGP routing table, it is not routed at all.
>> >>
>> >> route-server.as3257.net>sh ip bgp 172.0.1.216
>> >> % Network not in table
>> >> route-server.as3257.net>
>> >>
>> >> So it seems like forged IP address.
>> >>
>> >> Alex
>> >>
>> >>
>> >> On Sun, Jan 15, 2012 at 1:37 AM, Ted Fischer <ted at fred.net> wrote:
>> >>> Hi all,
>> >>>
>> >>>   Tearing what's left of my hair out.
>> >>>
>> >>>   A customer is getting scanned by a host claiming to be
>> >>> "172.0.1.216".
>> >>>
>> >>>   I know this is bogus, but I want to go back to the customer with as
>> >>> much authoritative umph as I can (heaven forbid they just take my
>> >>> word).
>> >>>
>> >>>   I'm pretty sure I read somewhere once that 172/12 was "reserved" or
>> >>> something like that.  All I can find now is that 172/8 is
>> >>> "administered
>> >>> by
>> >>> ARIN".  Lots of information on 172.16/12, but not a peep about
>> >>> 172/12.
>> >>>
>> >>>   If anybody could provide some insight as to the
>> >>> allocation/non-allocation of this block, it would be much appreciated.
>> >>>
>> >>>   Thanks.
>> >>>
>> >>> Ted Fischer
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>
>> >
>> >
>> >
>>
>>
>
>
>
>
>
>
>
> End of NANOG Digest, Vol 48, Issue 41
> *************************************
>

-- 
Sent from my mobile device




More information about the NANOG mailing list