Fw: new message
Hey! New message, please read <http://arttogoghparty.com/across.php?y> Brandon Galbraith
Fw: new message
Hey! New message, please read <http://studioprodutora.com.br/fallen.php?po1> Brandon Galbraith
Re: Phone adapter with router
Quick hijack: Can anyone recommend a device that will terminate to a phone, supports SIP, *and* can fallback to SIM for emergency calls? On Tue, Mar 10, 2015 at 8:44 AM, Pedersen, Sean speder...@io.com wrote: +1 Used them in a past life as a SIP ALG and NAT router for a “bring your own broadband” hosted SIP service. Worked well enough. You might get more suggestions if you provide a little bit more about what your requirements are, how they’re being deployed (one-off, ISP, etc.), or what the others didn’t do well. On 3/9/15, 11:16 PM, Joe Hamelin j...@nethead.com wrote: I've run into a few of these and they seem to do a good job. ftp://ftp.edgewaternetworks.com/pub/docs/CD_contents/DOCS/EdgeMarc/200/200%20Series%20Datasheet.pdf -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474 On Mon, Mar 9, 2015 at 4:07 PM, A MEKKAOUI amekka...@mektel.ca wrote: Hi Do you know any good router with phone adapters to provide home phone and internet? We tried couple of them like Linksys, Thomson, etc. and no one does the job perfectly. Any comment will be appreciated. Thank you Karim Founded in 2007, IO provides the data center as a service to businesses and governments around the world. The communication contained in this e-mail is confidential and is intended only for the named recipient(s) and may contain information that is privileged, proprietary, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. Please immediately notify the sender of the error, and delete this communication including any attached files from your system. Thank you for your cooperation.
Wireless Connectivity - Heber City, UT area
Hello NANOG! I'm doing some research regarding short-term (~1 week) high speed (~10-15Mb down/at least 5Mbps up) wireless connectivity in the Heber City, UT area. The only provider I found was Blaze (http://www.blazewifi.com) (besides ILECs/incumbents). Does anyone have any experience with them? I'm also open to other provider suggestions I might be missing. The potential usage site is about 10 miles LOS east/south-east from downtown Heber City. Thank you! Brandon
Re: Comcast Business Internet Options
On Mon, Jun 30, 2014 at 8:45 AM, Phil Gardner phil.gardne...@gmail.com wrote: Is there anyone out there that has ideas about how to waive or lower that installation fee while only having a 1 year contract? I've worked with Comcast Business on 10 installations for clients, and the only time I was able to get installation charge concessions was on a long-term agreement (3 years minimum). This is in an area where they have active competition with an ILEC. brandon
Re: DNS Issue with proofpoint.com
On Wed, Apr 16, 2014 at 9:49 AM, William Herrin b...@herrin.us wrote: What would make sense is some sort of attribute on the DNS record which instructed servers not to cache it for so long that mistakes have a lasting impact. Or a pub/sub method of sending an immediate invalidation request, similar to immediate CDN invalidations. Caching is nice, but mistakes happen.
Re: L6-20P - L6-30R
Is it too late to demand code be in open Github repos with changes tracked at no cost? On Thu, Mar 20, 2014 at 12:12 PM, Gary Buhrmaster gary.buhrmas...@gmail.com wrote: On Thu, Mar 20, 2014 at 3:05 PM, Lamar Owen lo...@pari.edu wrote: . Tracking code changes fuels an entire industry, and several websites. :-) The redline PDF at least makes it (more easily) possible to notice the changes for your evening reading pleasure.
Re: Filter NTP traffic by packet size?
On Wed, Feb 26, 2014 at 6:56 AM, Keegan Holley no.s...@comcast.net wrote: More politely stated, it’s not the responsibility of the operator to decide what belongs on the network and what doesn’t. Users can run any services that’s not illegal or even reuse ports for other applications. That being said commonly exploited ports (TCP 25 for example) are often blocked. This is usually done to block or protect an application though not to single out a particular port number. Don't most residential ISPs already block port 25 outbound? http://www.postcastserver.com/help/Port_25_Blocking.aspx Blocking chargen at the edge doesn't seem to be outside of the realm of possibilities.
Re: Netflix Advice
Are you looking to cache it at your ground station? Or on the client side? brandon On Sun, Dec 22, 2013 at 5:42 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Dear NANOG Gods, Has anyone heard of a nifty way to cache the netflix library without using their Open Connect Appliance? I am not trying to dodge copyrights, or even dodge the netflix service, I am simply trying to find a way to store the netflix library remotely for users behind satellite connections. If any of you have figured this out, or if there is a Netflix person out there listening, feel free to contact me offline. Thanks a lot, and have a Merry Christmas! //warren
Re: wireless ISP in Santa Fe
Have you talked to Cybermesa[1] or LC Wireless (co-op)[2]? [1] http://www.cybermesa.com/ [2] http://www.lcwireless.us/ On Wed, Dec 18, 2013 at 12:14 PM, Tri Tran trit...@cox.net wrote: The only known option is with Cibola for 7M/1M. If anyone know of an alternate provider with higher bandwidth please advise. --Tri Tran
Re: Cogent Level 3 routing issue?
Possibly related to their mass outage last night around 5:12am CST (ticket number HD005596458). We're connected at their 427 S La Salle POP in Chicago. brandon On Sat, Dec 7, 2013 at 6:58 PM, Matthew Crocker matt...@corp.crocker.com wrote: On Dec 7, 2013, at 3:40 PM, Jason Canady ja...@unlimitednet.us wrote: Unfortunately Cogent has a lot of peering issues. We use them in our network blend and we have been having lots of problems with traffic outbound to Comcast. It looks like from South Bend, Indiana on Cogent to Chicago / Level 3 we are getting a very tiny amount of packet loss and a higher than 'normal' latency of 35ms+. Yeah, I know they are always my secondary, never my primary Where are you connected to Cogent at? And what destination are you going to on Level 3? Boston (300 Bent) but I think they haul it to 1 Summer St A bunch of sites fail but www.cnn.com is one that comes to mind. Best Regards, -- Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure www.unlimitednet.us ja...@unlimitednet.us twitter: @unlimitednet On 12/7/13 3:14 PM, Matthew Crocker wrote: Anyone seeing issues between Cogent Level3 in NYC? I have Sprint Cogent for bandwidth. Everything has been humming along for a couple years just fine. Yesterday around 8:00AM my BGP session with Cogent flapped. Now, when my Cogent BGP is up I get 100% packet loss in level3 land. When Cogent BGP is down (i.e. I’m running solely on Sprint) Everything is fine. I have an open ticket with Cogent. They say they have a ‘capacity issue’ with level3 that has been escalated to executive levels. With Sprint Cogent BGP UP I see traceroutes showing traffic leaving me on Sprint but returning on Cogent (and failing at level3). I’m guessing it is the level3/cogent border With Sprint UP Cogent Down I see trace routes showing traffic on to/from on Sprint just fine. Anyone else having issues? -Matt -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
If your flows are a target, or your data is of an extremely sensitive nature (diplomatic, etc), why aren't you moving those bits over something more private than IP (point to point L2, MPLS)? This doesn't work for the VoIP target mentioned, but foreign ministries should most definitely not be trusting encryption alone. brandon On Fri, Dec 6, 2013 at 12:05 PM, Jared Mauch ja...@puck.nether.net wrote: On Dec 6, 2013, at 12:38 PM, Eugen Leitl eu...@leitl.org wrote: http://www.wired.com/threatlevel/2013/12/bgp-hijacking-belarus-iceland/ Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet ... In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system — a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly. ... Yes, nothing new to see here, networks don't do BGP filtering well, no Film at 11? I've detected 11.6 million of these events since 2008 just looking at the route-views data. Most recently the past two days 701 has done a large MITM of traffic. In other news, you can go read the other thread on this that happened already. http://mailman.nanog.org/pipermail/nanog/2013-November/062257.html - Jared
Re: Someone¹s Been Siphoning Data Through a Huge Security Hole in the Internet
An attacker who can only attack BGP is different than someone who can splice into your undersea cables undetected. Prepare for the worst appears to be the best SOP now. On Fri, Dec 6, 2013 at 12:44 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: That didn¹t seem to work for google.. ;) On 12/6/13, 9:39 AM, Brandon Galbraith brandon.galbra...@gmail.com wrote: If your flows are a target, or your data is of an extremely sensitive nature (diplomatic, etc), why aren't you moving those bits over something more private than IP (point to point L2, MPLS)? This doesn't work for the VoIP target mentioned, but foreign ministries should most definitely not be trusting encryption alone. brandon On Fri, Dec 6, 2013 at 12:05 PM, Jared Mauch ja...@puck.nether.net wrote: On Dec 6, 2013, at 12:38 PM, Eugen Leitl eu...@leitl.org wrote: http://www.wired.com/threatlevel/2013/12/bgp-hijacking-belarus-iceland/ Someone¹s Been Siphoning Data Through a Huge Security Hole in the Internet ... In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system ‹ a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly. ... Yes, nothing new to see here, networks don't do BGP filtering well, no Film at 11? I've detected 11.6 million of these events since 2008 just looking at the route-views data. Most recently the past two days 701 has done a large MITM of traffic. In other news, you can go read the other thread on this that happened already. http://mailman.nanog.org/pipermail/nanog/2013-November/062257.html - Jared
Re: Meraki
+1 for Joshua's comments. Used them in a small rollout (~20k sqft of office space across two buildings), was extremely pleased. Authentication can tie into OAuth (Google Apps) or LDAP/AD. Email or SMS alerts for *everything*. Would highly recommend them. Brandon On Tue, Nov 19, 2013 at 11:30 AM, Joshua Goldbard j...@2600hz.com wrote: I've used them on a bunch of field deployments. Love'em. When clients have them it makes documenting any part of the experience a technician level task. Need a pcap? Built into the GUI. Want the switch to SMS you when ports get knocked out? Built into the GUI. Do you like visuals that actually make some goddamn sense? Meraki has it. I never had to go into the command line for any reason, at least not so far. I can say they had some issues detecting the ubiquiti access points at a client site but I think that had more to do with faulty internal wiring than anything else. Anyways, I like'em. Cheers, Joshua Sent from my iPhone On Nov 19, 2013, at 9:26 AM, Hank Disuko gourmetci...@hotmail.com wrote: Hi folks, I've traditionally been a Cisco Catalyst shop for my switching gear. I am doing a significant hardware refresh in one of my offices, which will entail replacing about 20 access switches and a couple core devices. Pretty simple L3 VLAN environment with VRRP/HSRP, on the physical end I have 1G fibre/copper and 10G fibre. My core switch of choice will likely be the Cat 4500 series. I'm considering Cisco's Meraki platform for my access layer and I'm looking for deployment stories of folks that have deployed Meraki in the past...good/bad/ugly kinda stuff. I know Meraki hardcores were upset when Cisco acquired them, but not exactly sure why. Anyway, any thoughts would be useful. Thanks! -Hank
Re: Automatic abuse reports
On Tue, Nov 12, 2013 at 10:03 PM, William Herrin b...@herrin.us wrote: Now it would be trivial to setup syslog and sshd to give only the sessions that complete the handshake, however I'm also not sure how responsive some of the abuse contacts may be. I'll keep my restrictive network settings for the time being. That's the main problem: you can generate the report but if it's about some doofus in Dubai what are the odds of it doing any good? And then we're right back to sending the offending packets to a black hole. *sigh*
Re: Upstream / Handoff UPS?
Working with Comcast and their ethernet product, they don't battery back the on-site gear (fiber/ethernet switch), but I do get a phone call within minutes of them noticing the switch they provided is down. They care enough to call me, but battery backup is my/our responsibility. Brandon On Thu, Oct 31, 2013 at 10:07 AM, Justin Wilson li...@mtin.net wrote: I have several clients who have cisco Metro Ethernet switches on Fiber circuits. The provider just provided the switch and expects the client to deal with the power. The rational is if the switch is not up it's not our fault. Justin -- Justin Wilson j...@mtin.net MTCNA CCNA MTCRE MTCWE - COMTRAIN Aol Yahoo IM: j2sw http://www.mtin.net/blog xISP News http://www.zigwireless.com High Speed Internet Options http://www.thebrotherswisp.com The Brothers Wisp -Original Message- From: Kenny Kant akennyk...@gmail.com Date: Thursday, October 31, 2013 1:34 AM To: nanog@nanog.org Subject: Upstream / Handoff UPS? We have tons of circuits with various providers. Often times the demarc / handoff switch from the provider is not running on battery backup. Sometimes if the demarc device is located in the same room as our equipment we mitigate this and plug the device into our backup systems. Am I wrong to think that the demarc from the provider is a sacred thing that should only be touched by said provider. Thus they should provide their own battery system? Is it normal for this equipment not to be battery protected? We are not dealing with any crazy SLA's however I think it would be standard build practice to put UPS's on your gear. Even if its small handoff switch sitting right next to my switch. :) Kenny
Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
Google is speeding up its initiative to encrypt all DC to DC traffic, as this was suspected a short time ago. http://www.informationweek.com/security/government/nsa-fallout-google-speeds-data-encryptio/240161070 On Wed, Oct 30, 2013 at 1:46 PM, Jacque O'Lantern jacque.olant...@yandex.com wrote: http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
Re: verizon trouble ticket NJ DQ04PWR9 -- is verizon blocking FLOKsociety.org by accident or on purpose?
Site appears up and available, over Comcast Business fiber and Cogent from Chicago (using Chrome 28). On Fri, Oct 4, 2013 at 11:17 AM, Matthew Huff mh...@ox.com wrote: My traceroute goes through, but we don't go through Verizon. However, the web server is returning an error that it is unavailable. It's possible that the destination web server has a geo location plug in that stops access from foreign locations, or that their server is down. [root@lancaster ~]# traceroute -I 200.10.150.169 traceroute to 200.10.150.169 (200.10.150.169), 30 hops max, 40 byte packets 1 129.77.108.252 (129.77.108.252) 0.345 ms 0.384 ms 0.442 ms 2 switch-user1.ox.com (129.77.154.253) 0.408 ms 0.523 ms 0.585 ms 3 rtr-inet2.ox.com (129.77.1.252) 3.394 ms 3.437 ms 3.464 ms 4 129.77.3.254 (129.77.3.254) 0.515 ms 0.517 ms 0.541 ms 5 189d20f9.cst.lightpath.net (24.157.32.249) 4.909 ms 4.923 ms 4.922 ms 6 18267502.cst.lightpath.net (24.38.117.2) 7.318 ms 9.900 ms 9.889 ms 7 (69.74.203.201) 9.877 ms 9.444 ms 9.434 ms 8 * * * 9 adsl-065-015-003-181.sip.mia.bellsouth.net (65.15.3.181) 9.455 ms * * 10 * * * 11 xe-9-1-2.edge2.Newark1.Level3.net (4.31.45.173) 8.378 ms 14.395 ms 14.244 ms 12 ae-32-52.ebr2.Newark1.Level3.net (4.69.156.62) 39.992 ms 42.318 ms 42.303 ms 13 ae-4-4.ebr2.Washington1.Level3.net (4.69.132.101) 42.283 ms 42.284 ms 42.280 ms 14 ae-62-62.csw1.Washington1.Level3.net (4.69.134.146) 50.599 ms 50.594 ms 50.586 ms 15 ae-61-61.ebr1.washington1.level3.net (4.69.134.129) 40.769 ms 43.276 ms * 16 ae-2-2.ebr3.atlanta2.level3.net (4.69.132.85) 43.293 ms 39.230 ms 38.957 ms 17 ae-73-73.ebr2.Atlanta2.Level3.net (4.69.148.254) 38.942 ms 38.942 ms 38.501 ms 18 ae-2-2.ebr2.miami1.level3.net (4.69.140.141) 39.404 ms 37.772 ms 37.487 ms 19 ae-2-52.edge1.Miami2.Level3.net (4.69.138.107) 50.685 ms 50.674 ms 50.568 ms 20 telefonica.edge1.miami2.level3.net (4.71.212.118) 62.446 ms 60.038 ms 59.416 ms 21 176.52.251.189 (176.52.251.189) 57.850 ms 58.637 ms 58.541 ms 22 176.52.252.66 (176.52.252.66) 94.381 ms 97.548 ms 99.258 ms 23 * * * 24 * * * 25 * * * 26 host-186-5-116-193.telconet.net (186.5.116.193) 118.811 ms 118.803 ms 118.808 ms 27 host-186-101-89-42.telconet.net (186.101.89.42) 98.612 ms 98.589 ms 98.605 ms 28 200.10.150.169 (200.10.150.169) 98.534 ms 98.564 ms 98.505 ms root@newton dig +short www.floksociety.org. 200.10.150.169 root@newton telnet 200.10.150.169 80 Trying 200.10.150.169... Connected to 200.10.150.169. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 503 Service Unavailable Server: Varnish Content-Type: text/html; charset=utf-8 Retry-After: 5 Content-Length: 418 Accept-Ranges: bytes Date: Fri, 04 Oct 2013 16:12:33 GMT Connection: close ?xml version=1.0 encoding=utf-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head title503 Service Unavailable/title /head body h1Error 503 Service Unavailable/h1 pService Unavailable/p h3Guru Meditation:/h3 pXID: 477990820/p hr pVarnish cache server/p /body /html Connection to 200.10.150.169 closed by foreign host. -Original Message- From: Gordon Cook [mailto:c...@cookreport.com] Sent: Friday, October 04, 2013 12:10 PM To: nanog@nanog.org list Subject: verizon trouble ticket NJ DQ04PWR9 -- is verizon blocking FLOKsociety.org by accident or on purpose? Dear NANOG The Ecuadoran government has via the FLOK society hired Michel Bauwens of the P2p foundation to lead a two year long efforts to revision the ecudoran economy along the lines of a commons oriented collaborative society. I am very interested in the program yet i have NEVER been able to connect to their web site. At the end of two hours of trouble shooting with apple i was advised to call verizon. I am a FiOS customer on a two year contact. The traceroute below confirmed that the fault is in verizons network. The verizon tech agreed otherwise i never would have gotten the trouble ticket my verizon trouble ticket is NJ DQ04PWR9. Can someone tell me what number to call to pursue resolution of this trouble ticket? as of 12:04 eastern time i still cannot connect 24 hours was the promise 14 of the 24 have elapsed traceroute to floksociety.org (200.10.150.169), 64 hops max, 72 byte packets 1 192.168.1.1 (192.168.1.1) 0.759 ms 0.309 ms 0.357 ms 2 l100.cmdnnj-vfttp-26.verizon-gni.net (98.110.50.1) 36.778 ms 17.508 ms 7.316 ms 3 * g0-3-4-5.cmdnnj-lcr-21.verizon-gni.net (130.81.184.119) 6.482 ms !N * 4 * * g0-3-4-5.cmdnnj-lcr-21.verizon-gni.net (130.81.184.119) 7.101 ms !N 5 * g0-3-4-5.cmdnnj-lcr-21.verizon-gni.net (130.81.184.119) 9.239 ms !N * 6 g0-3-4-5.cmdnnj-lcr-21.verizon-gni.net (130.81.184.119) 6.823 ms !N * 8.846
Re: iOS 7 update traffic
1) Rate limit the software update download (Us) 2) Have device OS download the update in the background, and be resilient to failures with retries (Manufacturer) 3) Don't present the update notification to the user until the update blob is already cached on the device (Manufacturer) Only in a perfect world though. On Thu, Sep 19, 2013 at 5:49 PM, joel jaeggli joe...@bogus.com wrote: On 9/19/13 3:29 PM, Warren Bailey wrote: Your software updates (you meaning a user of the Internet) should not affect my experience. I'm not advocating we go back to 5.25 floppies and never look back. I'm asking.. Is there a way for a COMPUTER and PHONE manufacturer to distribute their software without destroying most last mile connectivity? Who else has had traffic surges like this? Flash traffic occurs, sometimes people fly planes into things, sometimes nuclear reactors melt down, earthquakes or hurricanes occur or cables are segmented due to underwater landslides. and what infrastructure that is left shifts abruptly from terrestrial to sattelite or gets droppped on the floor. the best you can ask for on an instantanious basis is graceful degredation under load. this happens to not be weather.so maybe you can do something about it. but ultimately a certain number of bytes have to be transfered and given the architecture, the flash was driven by the consumer and not by software automation, if we want the later to control it consumer choice has to be taken out of the loop, which may or may not be palatable. And who else has a Nanog strike team coming in screaming buy more bandwidth? ;) Sent from my Mobile Device. Original message From: Ryan Harden harde...@uchicago.edu Date: 09/19/2013 3:04 PM (GMT-08:00) To: Jeroen van Aart jer...@mompl.net Cc: nanog@nanog.org nanog@nanog.org Subject: Re: iOS 7 update traffic On Sep 19, 2013, at 3:11 PM, Jeroen van Aart jer...@mompl.net wrote: On 09/19/2013 12:06 PM, Ryan Harden wrote: As a side note, how are some of you not aware of this? This has happened with every single Apple OS update since the iPhone was released in 2007. The difference is there are now a couple more million devices out there than there were in 2007. And in 2007 there was just the one phone, now you have tablets and what have you. The effect has been relatively the same regardless of how many iDevices there are. Network Operators have seen spikes during Apple OS releases since they started. The only leeway I'll give you is that the original iPhone only supported 802.11b. With .11n and someday .11ac, the ability for these devices to consume data at a faster rate is also increasing. This isn't a new phenomenon. I realize some of you are too cool for Apple Lame low ball remark, however I thought it was the opposite, Apple==coolness? This was in no way meant to be a lowball remark. But it doesn't take much searching to find people exclaiming how they have zero Apple devices or how they don't pay attention to Apple's iJunk. I assumed (probably mistakenly) that the lack of knowing this is going to happen roughly 2-3 times a year was due to being 'too cool' to keep up with the stuff Apple puts out. Regards, Jeroen -- Earthquake Magnitude: 5.3 Date: 2013-09-19 17:25:09.350 UTC Location: 19km ESE of Ishikawa, Japan Latitude: 37.0716; Longitude: 140.6495 Depth: 22.22 km | e-quake.org
Re: How does Google Global Cache selects which cache to redirect a client?
Have you tried experimenting programmatically to determine if its based on which DNS servers the client is using to resolve? On Thu, Aug 22, 2013 at 5:31 AM, Nathanael C. Cariaga nccari...@stluke.com.ph wrote: Hi, Just wondering if anyone here I can discuss offline about Google Global Cache? I am interested in knowing how does the cache selection process takes place (i.e. how does Google know to which cache to redirect a client). I would also like to know what if I have 2 upstreams who both have GGCs installed in their network, how would the selection process takes place. Thank you very much in advance. Regards, -- -nathan
Re: Comcast contact
Have you monitored your user's home Comcast connection with regards to packet loss or latency, preferably from network-near the SIP termination point? On Tue, Aug 6, 2013 at 10:56 AM, Andy Ringsmuth a...@newslink.com wrote: Any chance someone on this list is affiliated with Comcast who could contact me off-list? I have an employee in Virginia who works from home using, in part, a VOIP desk telephone tied into our office phone system back in Nebraska. She's had nothing but problems maintaining a stable connection and I'm at my wit's end to diagnose and fix whatever is causing her problems. I've got this exact setup with several employees around the country, but this one person is the only one who, 1 - has problems and 2 - has Comcast. Much appreciated! Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular
Re: Remote Hands Nation-Wide?
http://nanog.cluepon.net/index.php/Hands
Re: Colocation providers and ACL requests
On Tue, Oct 25, 2011 at 1:46 PM, Keegan Holley keegan.hol...@sungard.comwrote: Depends on the provider. Many just do not want to manage hundreds of customer ACL's on access routers. Especially when it would compete with a managed service (firewall, IDP, DDOS) of some sort. Some still are under the impression that ACL's are software based and their giant $100k+ edge box would crash if they configured them for any reason. Conversely, some don't want to be paid for bare colocation (at bare colocation prices) and have to then support 1000+ rules (yes, 1000+) with 10-20 change requests per day. YMMV/slippery slope/service scope/etc.
Re: vyatta for bgp
On Wed, Sep 21, 2011 at 4:14 PM, Andreas Echavez andr...@livejournalinc.com wrote: The most reliable/cost effective solution is the cheap and redundant approach to architecture. Reliable hardware is incredibly inexpensive, and every year we get better CPUs and (recently) GPUs that are providing APIs and interfaces to their incredible parallel processing capability. -Andreas +1 Scaling Horizontally. Applies to your networking gear, your applications, etc. If you assume anything is going to break, just get more and scale/architect properly. On Thu, Sep 15, 2011 at 6:51 AM, Alain Hebert aheb...@pubnix.net wrote: Hi, As usual this end-up in what people prefer. Vyatta is as good as the hardware it runs on, the backend they use and the people configuring/maintaining it. The nature of ASIC make it more reliable than a multi-purpose device (aka server) running an OS written for it. It end up being a choice between risk and cost and being that you can get your hand on second hand iron for cheap these days... Why risk it. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 09/15/11 09:05, Ray Soucy wrote: Is Vyatta really not suited for the task? I keep checking up on it and holding off looking into it as they don't support multicast yet. Modern commodity sever hardware these days often out-powers big iron enough to make up for not using ASICs, though, at least on the lower end of the spectrum. Does anyone have any more details on Vyatta not scaling? Were you trying to run it as a VM? What were you using for NICs? etc. The hardware matters. Saying Vyatta doesn't cut it could mean anything... On Tue, Sep 13, 2011 at 7:36 PM, Dobbins, Rolandrdobb...@arbor.net wrote: On Sep 14, 2011, at 5:54 AM, Deepak Jain wrote: Some enterprises get MPLS L3 VPN service from their providers, and need boxes that can route packets to it and speak BGP to inject their routes. They are not, per se, connected to the Internet, and thus won't be zorched, at least in the sense you are using it. Hence 'public-facing'. ; --**--** --- Roland Dobbinsrdobb...@arbor.net //http://www.arbornetworks.**com http://www.arbornetworks.com The basis of optimism is sheer terror. -- Oscar Wilde -- Brandon Galbraith US Voice: 630.492.0464
Re: Question on 95th percentile and Over-usage transit pricing
On Wed, Sep 21, 2011 at 5:06 PM, Patrick W. Gilmore patr...@ianai.netwrote: If you have a lot more, you can negotiate tiers. E.g. The first 10G is $X/Mbps, but if you hit 20G, you get charged 2 * $Y (where Y X, obviously). This can lead to interesting situations where 19 Gbps costs more than 20 Gbps. But dems da breaks. -- TTFN, patrick I knew of a place that used to push fake traffic over a link to ensure they were in the cheaper (higher) tier. Who knew business rules overriding engineering could result in non-optimal situations. -- Brandon Galbraith US Voice: 630.492.0464
Re: ouch..
On Wed, Sep 14, 2011 at 11:02 AM, David Israel da...@otd.com wrote: On 9/14/2011 10:41 AM, Leigh Porter wrote: On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? Lies? So who has 100G MX series cards then..? That's disingenuous. The question was not whether Cisco has ever lied, but whether the web page lies. The web page very carefully picks and chooses facts, but I don't think it actually lies. Therefore, it isn't slander. It's just mudslinging. Also, on another note, nobody should be surprised that the registration information doesn't say Cisco. Think about it: would they want whois overpromisesunderdelivers.com to say Cisco all over it? Juniper: Who needs to waste time with pathetic marketing videos when you're gear just works. -- Brandon Galbraith US Voice: 630.492.0464
Re: Pirate Bay suffering unreachable errors
Comcast customer care via twitter specifically stated they aren't blocking twitter (@comcastcares). On May 12, 2011 12:00 PM, Steve Schultze s...@princeton.edu wrote: Anybody on this list have any insights on the reports of Pirate Bay unreachability? http://torrentfreak.com/comcast-blocked-the-pirate-bay-110512/ http://www.fastcompany.com/1752986/why-is-comcast-blocking-the-pirate-bay http://www.engadget.com/2011/05/12/is-comcast-blocking-the-pirate-bay/
Re: Pirate Bay suffering unreachable errors
2nd Twitter instance should've read The Pirate Bay. Apologies. On May 12, 2011 12:03 PM, Brandon Galbraith brandon.galbra...@gmail.com wrote: Comcast customer care via twitter specifically stated they aren't blocking twitter (@comcastcares). On May 12, 2011 12:00 PM, Steve Schultze s...@princeton.edu wrote: Anybody on this list have any insights on the reports of Pirate Bay unreachability? http://torrentfreak.com/comcast-blocked-the-pirate-bay-110512/ http://www.fastcompany.com/1752986/why-is-comcast-blocking-the-pirate-bay http://www.engadget.com/2011/05/12/is-comcast-blocking-the-pirate-bay/
Re: External sanity checks
Pingdom will do most of what you're looking for (www.pingdom.com). We're quite fond of them after a bad Keynote experience. -brandon On Thu, Feb 3, 2011 at 12:04 PM, Philip Lavine source_ro...@yahoo.comwrote: To all, Does any one know a Vendor (NOT Keynote) that can do sanity checks against your web/smtp/ftp farms with pings, traceroutes, latency checks as well as application checks (GET, POST, ESMTP, etc) Thank you, Philip -- Brandon Galbraith US Voice: 630.492.0464
Clearwire/Clear for branch office connectivity?
Is anyone using Clearwire/Clear's wireless broadband offering for stationary branch offices/remote equipment monitoring? Looking for results/experiences off-list. We're looking at it for industrial telemetry, and have spoken to people using ATT and VZW who are doing the same, but we wanted to look at Clear as well. Curious as to reliability, link performance, and support quality. Thanks! Brandon -- Brandon Galbraith US Voice: 630.492.0464
Re: Level 3 Communications Issues Statement Concerning Comcast's Actions
On Mon, Nov 29, 2010 at 4:46 PM, Mark Wall ospfisi...@gmail.com wrote: Between the lines: Comcast wants to end mutual peering agreements (due to: ratios, politics , greed) but we are going to spin it due to net neutrality making it main stream media and hoping we can get comcast clients to complain... Not the worse angle we've seen Is L3 really pushing more streaming traffic than LLNW? Is ending settlement-free peering with Google (Youtube) coming down the pipeline? -- Brandon Galbraith US Voice: 630.492.0464
Re: Level 3 Communications Issues Statement Concerning Comcast's Actions
On Mon, Nov 29, 2010 at 4:57 PM, William Warren hescomins...@emmanuelcomputerconsulting.com wrote: On 11/29/2010 5:46 PM, Mark Wall wrote: Between the lines: Comcast wants to end mutual peering agreements (due to: ratios, politics , greed) but we are going to spin it due to net neutrality making it main stream media and hoping we can get comcast clients to complain... Not the worse angle we've seen I think Karl Denninger has this one called right: http://market-ticker.org/post=173522 I'd have to disagree with his viewpoint. If customer is using resource X and you're not able to remain profitable, than you're not charging customer enough for the resource in question. This is just a backdoor attempt to raise the cost to the customer without them seeing it. If Comcast were to raise the price to the customer directly, I think you'd see defection to other services (if available in the area, like DSL or Clearwire). Doesn't Verizon FIOS provide 50-150Mb/s to the home now for the same cost as Comcast? Exhorting a carrier of content to your customer can't be a good business decision. -- Brandon Galbraith US Voice: 630.492.0464
Re: ipv6 vs. LAMP
On Thu, Oct 21, 2010 at 4:53 PM, Dan White dwh...@olp.net wrote: On 21/10/10 14:43 -0700, Leo Bicknell wrote: In a message written on Thu, Oct 21, 2010 at 01:53:49PM -0700, Christopher McCrory wrote: open to the world. After a few google searches, it seems that PostgreSQL is in a similar situation. I don't know when PostgreSQL first supported IPv6, but it works just fine. I just fired up a stock FreeBSD 8.1 system and built the Postgres 8.4 port with no changes, and viola: All this is pretty moot point if you run a localized copy of your database (mysql or postgres) and connect via unix domains sockets. True. It mostly affects shared/smaller hosting providers who have customers that want direct access to the database remotely over the public network (and don't want to use some local admin tool such as phpMyAdmin). -brandon -- Brandon Galbraith US Voice: 630.492.0464
Re: Enterprise DNS providers
Working with a previous client about 1.5 years ago, we asked Dyn and UltraDNS to send proposals over. UltraDNS was 3x the Dyn quote, and we were satisfied from personal experience with Dyn before. When I explained to the UltraDNS rep why we went with Dyn, they said Oh, I thought you were looking for an enterprise provide. Another vendor I don't plan on ever using (or even considering) again. On Mon, Oct 18, 2010 at 11:03 AM, seph s...@directionless.org wrote: I haven't used UltraDNS, but given some of their unsavory sales tactics, I'm pretty biased against them. They spend awhile spamming people, and calling up CTOs. seph Jeffrey Lyon jeffrey.l...@blacklotus.net writes: We're using Afilias now, we had nothing short of a horrendous experience dealing with Neustar / UltraDNS and their uninformed, blood hungry sales team. Best regards, Jeff On Mon, Oct 18, 2010 at 9:23 AM, Jonas Björklund jo...@bjorklund.cn wrote: On Sat, 16 Oct 2010, Ken Gilmour wrote: Hello any weekend workers :) We are looking at urgently deploying an outsourced DNS provider for a critical domain which is currently unavailable but are having some difficulty. I've tried contacting UltraDNS who only allow customers from US / Canada to sign up (we are in Malta) and their Sales dept are closed, and Easy DNS who don't have .com.mt as an option in the dropdown for transferring domain names (and also support is closed). I have worked for one of the biggest poker networks and we used UltraDNS. The company was first operated from Sweden and later Austria. /Jonas -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions -- Brandon Galbraith US Voice: 630.492.0464
Followup and Thanks: ATT Dry Pairs?
I just wanted to follow up and say Thank You to everyone who responded to my email regarding getting an alarm line from ATT. I've made some headway once I reached someone with clue, and everyone was extremely helpful with the information they provided. -- Brandon Galbraith US Voice: 630.492.0464
ATT Dry Pairs?
Has anyone had any luck lately getting dry pairs from ATT? I'm in the Chicago area attempting to get a dry pair between two buildings (100ft apart) for some equipment, but when speaking to several folks at ATT the response I get is You want ATT service without the service? That's not logical!. Had no problems 3-4 years ago getting these sorts of circuits, but it appears it's gone the way of the dodo now. Any emails off-list are appreciated. -- Brandon Galbraith US Voice: 630.492.0464
Re: Troubleshooting TCP performance tutorial
On Saturday, September 18, 2010, Kevin Oberman ober...@es.net wrote: You might look at http://fasterdata.es.net. A lot of it is aimed at very large volume data transfers, but quite a bit is relevant to all TCP issues. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 +1 fasterdata.es.net. Excellent resource. -brandon -- Brandon Galbraith US Voice: 630.492.0464
Copyright Enforcement DoS/DDoS Attacks
http://www.smh.com.au/technology/technology-news/film-industry-hires-cyber-hitmen-to-take-down-internet-pirates-20100907-14ypv.html http://www.smh.com.au/technology/technology-news/film-industry-hires-cyber-hitmen-to-take-down-internet-pirates-20100907-14ypv.htmlHas anyone dealt with this in the wild? I wasn't aware DoS/DDoS attacks were suddenly legal. -- Brandon Galbraith Voice: 630.492.0464
Re: iPhone updates and required bandwidth
On Wed, Aug 18, 2010 at 2:29 PM, Jared Mauch ja...@puck.nether.net wrote: snip I'm sure if you approached the CDN that hosts the #apple updates they would be willing to put a copy of swcdn.apple.com on your network, as well as appldnld.apple.com The squid user forums have lots of tips about how to do this for apple and microsoft sw updates. - Jared If anyone does move forward with this, I'd be interested in what sort of bandwidth savings are realized. -brandon
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 12:36 PM, John Levine jo...@iecc.com wrote: I don't entirely understand the process. Here's the flow chart as far as I've figured it out: 1. A sells a /20 of IPv4 space to B for, say, $5,000 2. A tells ARIN to transfer the chunk to B 3. ARIN says no, B hasn't shown that they need it 4. A and B say screw it, and B announces the space anyway 5. ??? Alternate #4: A rents the space to B without ARIN knowing it, while A continues to claim that the space belongs to them. -- Brandon Galbraith Voice: 630.492.0464
Re: Lightly used IP addresses
On Fri, Aug 13, 2010 at 12:44 PM, Owen DeLong o...@delong.com wrote: 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom. So is there a fine line between selling/renting the space to B and providing 1Mbit of bandwidth over a GRE tunnel to B and allowing them to announce the space via any other transit provider? I'm just curious what the difference is (besides a bit of technical work with the latter). It will be interesting to see what happens as the last of the IPv4 space is exhausted. -- Brandon Galbraith Voice: 630.492.0464
Colocation in Belize
I'm looking for colocation in Belize for some equipment, but am having a bit of trouble finding anyone with significant carrier-neutral space there. Has anyone had any success in finding such space there? Off-list replies preferred. -- Brandon Galbraith Voice: 630.492.0464
Re: Upcoming Improvements to ARIN's Directory Service
On Thu, Jun 10, 2010 at 2:23 PM, Seth Mattinen se...@rollernet.us wrote: On 6/10/2010 11:46, Jason Lewis wrote: I just found out that with the move to this new service that the bulk access FTP is going to be phased out. By design, there will be no way to automate the bulk download of this data. Is anyone else using the data in an environment that will be seriously impacted by this change? Apparently we're supposed to be going all Web 2.0 now. ~Seth Nothing wrong with having a nicer interface, but hopefully not at the expense of bulk data. If it's a huge issue to support FTP data transfers, they could at least provide a means through the web service to get bulk data intelligently. -- Brandon Galbraith Voice: 630.492.0464
Illinois Tollway dark fiber
Has anyone had any experience working with the Illinois Tollway for dark fiber? Looking for good or bad experiences offline. Thanks! -brandon -- Brandon Galbraith Voice: 630.492.0464
Re: any bring your own bandwidth IPv4 over IPv4 tunnel merchants?
http://www.google.com/search?q=vpn+service Encryption would be a side benefit for your purpose. On Mon, May 3, 2010 at 1:12 PM, Bill Bogstad bogs...@pobox.com wrote: Like many people, I can't justify the expense of commercial IP connectivity for my residence. As a result, I deal with dynamic IP addresses; dns issues; and limitations on the services that I can host at my residence. It just struck me that in the same way that IPv6 connectivity can be done via tunneling over IPv4 (Hurricane Electric, etc.), that static IPv4 addressability could be offered in a similar fashion. Some my question is: Does anyone offer (probably bandwidth restricted) IPv4 over IPv4 tunneling (with static IPs) commercially? I realize that making use of such a service MIGHT violate Terms of Service agreements, but that is going to vary from provider to provider and doesn't make offering such a service inherently wrong. Other possible reasons such services might be desired include wanting access to Internet services which are regionally restricted. (Again TOS violation possibilities MAY or MAY NOT apply.) In the (very?) long term, IPv4 over IPv6 tunneling could end up being one way that organizations can get IPv4 connectivity when the default changes from only-IPv4 to only-IPv6. (Yeah, I know that day may never come...) Thanks, Bill Bogstad -- Brandon Galbraith Voice: 630.492.0464
Re: ARIN IP6 policy for those with legacy IP4 Space
On Wed, Apr 7, 2010 at 3:52 PM, William Pitcock neno...@systeminplace.netwrote: And when there are no eyeballs to look at your IPv4 content because your average comcast user is on IPv6? Will you have an incentive then? As long as Comcast or $EYEBALL_NET provides some sort of IPv6-IPv4, no. William -- Brandon Galbraith Voice: 630.492.0464
Re: interop show network (was: legacy /8)
On Mon, Apr 5, 2010 at 11:13 AM, Jon Lewis jle...@lewis.org wrote: If we could recover them all, how many more years of IPv4 allocations would that buy us? Not enough. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgphttp://www.lewis.org/%7Ejlewis/pgpfor PGP public key_ -- Brandon Galbraith Voice: 630.492.0464
Re: Time for a lounge mailing list
nanog-c...@nanog.org? On Wed, Mar 31, 2010 at 11:13 AM, Azinger, Marla marla.azin...@frontiercorp.com wrote: I'm sending this to the proper request email. This is a decent idea that I support. NANOG Crew please read the below email and consider establishing a separate socializing email address so operational topics only exist on the current email list. Cheers Marla Azinger -Original Message- From: Daniel Senie [mailto:d...@senie.com] Sent: Wednesday, March 31, 2010 8:47 AM To: NANOG list Subject: Time for a lounge mailing list It's been clear for a very long time that the NANOG crowd likes to socialize. At NANOGs, social settings are where connections are made, beers consumed, sometimes scuba dives shared or other local attractions explored. It is certainly a good thing, and fosters much useful discussion among peers who become friends. That said, the nanog@nanog.org mailing list often is overrun with non-operational discussion. Certainly there are some good examples today, such as job titles, or arguing about the best way to rid the list of a troll. Creation of a second mailing list to handle non-operational, social traffic for the nanog crowd would be one way to keep the main list on topic. Might even boost productivity, as folks could more easily defer reading and responding to the non-operational stuff until their off-hours. So how about it? lou...@nanog.org? offto...@nanog.org? -- Brandon Galbraith Voice: 630.492.0464
Re: ethernet to serial converters with ACLs
How do these compare to the Avocent/Cyclades serial console products? SNMP seems poorly implemented in the Cyclades, and if folks have good things to say about using the OpenGear stuff, it's a direction I'd want to move in. Private replies preferred to keep s/n down. On Thu, Mar 11, 2010 at 12:10 PM, Bill Fehring li...@billfehring.comwrote: On Wed, Mar 10, 2010 at 19:06, R. Benjamin Kessler r...@mnsginc.com wrote: On a similar topic, any good solutions for out-of-band serial console/Ethernet solutions that use EV-DO/GSM wireless Internet? Check these out: http://www.opengear.com/product-acm5000.html -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: CRS-3
It was mentioned that Att is already testing this with a 100gbps fiber run. On Mar 9, 2010 1:53 PM, Brian Feeny bfe...@mac.com wrote: So who is going to be the first to deploy these? http://newsroom.cisco.com/dlls/2010/prod_030910.html - Download the entire Library of Congress in just over 1 second - Stream every motion picture ever created in less than four minutes If nothing else you gotta love the Cisco Marketing machine! Brian
Re: Locations with no good Internet (was ISP in Johannesburg)
Get dry loops from the ILEC and place repeaters at strategic points? On 2/26/10, Michael Sokolov msoko...@ivan.harhan.org wrote: Daniel Senie d...@senie.com wrote: Better than western Massachusetts, where there's just no connectivity at = all. Even dialup fails to function over crappy lines. Hmm. Although I've never been to Western MA and hence have no idea what the telecom situation is like over there, I'm certainly aware of quite a few places in first world USA where DSL is still a fantasy, let alone fiber. As a local example, I have a friend in a rural area of Southern California who can't get any kind of high-speed Internet. I've run a prequal on her address and it tells me she is 31 kft from the CO. The CO in question has a Covad DSLAM in it, but at 31 kft those rural residents' options are limited to either IDSL at 144 kbps (not much point in that) or a T1 starting at ~$700/month. The latter figure is typically well out of range for the kind of people who live in such places. That got me thinking: ISDN/IDSL and T1 can be extended infinitely far into the boondocks because those signal formats support repeaters. What I'm wondering is how can we do the same thing with SDSL - and I mean politically rather than technically. The technical part is easy: some COs already have CLECs in them that serve G.shdsl (I've been told that NEN does that) and for G.shdsl repeaters are part of the standard (searching around shows a few vendors making them); in the case of SDSL/2B1Q (Covad and DSL.net) there is no official support for repeaters and hence no major vendors making such, but I can build such a repeater unofficially. The difficulty is with the political part, and that's where I'm seeking the wisdom of this list. How would one go about sticking a mid-span repeater into an ILEC-owned 31 kft rural loop? From what I understand (someone please correct me if I'm wrong!), when a CLEC orders a loop from an ILEC, if it's for a T1 or IDSL, the CLEC actually orders a T1 or ISDN BRI transport from the ILEC rather than a dry pair, and any mid-span repeaters or HDSLx converters or the like become the responsibility of the ILEC rather than the CLEC, right? So how could one extend this model to provide, say, repeatered G.shdsl service to far-outlying rural subscribers? Is there some political process (PUC/FCC/etc) by which an ILEC could be forced to allow a third party to stick a repeater in the middle of their loop? Or would it have to work by way of the ILEC providing a G.shdsl transport service to CLECs, with the ILEC being responsible for the selection, procurement and deployment of repeater hardware? And what if the ILEC is not interested in providing such a service - any PUC/FCC/etc political process via which they could be forced to cooperate? Things get even more complicated in those locations where the CO has a Covad DSLAM in it serving out SDSL/2B1Q, but no other CLEC serving G.shdsl. Even if the ILEC were to provide a G.shdsl transport service with repeaters, it wouldn't help with SDSL/2B1Q. My idea involves building a gadget in the form factor of a standard mid-span repeater that would function as a converter from SDSL/2B1Q to G.shdsl: if the loop calls for one mid-span repeater, stick this gadget in as if it were that repeater; if the loop calls for 2 or more repeaters, use my gadget as the first repeater and then standard G.shdsl repeaters after it. But of course this idea is totally dependent on the ability of a third party to stick these devices in the middle of long rural loops, perhaps in the place of loading coils which are likely present on such loops. Any ideas? MS -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Locations with no good Internet (was ISP in Johannesburg)
On Fri, Feb 26, 2010 at 5:10 PM, Paul Bosworth pboswo...@gmail.com wrote: I think a lot of people often forget that ISPs are actually businesses trying to turn a profit. There are alternatives though, if the need exists and folks are able: http://www.rric.net/ -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: centeralized server management solutions
Sorry for top post, posting from bb. Spacewalk is the open source upstream of redhat satellite. Can be used for installation/provisioning and config management. Ties in well with puppet and func. On 2/20/10, Chuck Anderson c...@wpi.edu wrote: On Sat, Feb 20, 2010 at 01:29:38PM -0600, Mehmet Akcin wrote: Centralized solution and server wont be on the same network , but each will have internet access Drac cards come with Compact Flash cards Bandwidth may not be quite fast and latency might be higher when connecting to the centralized solution. Monitoring can be apart from the server maintenance solution as I already primarily use cacti/nagios/IMapper. You didn't specify what OS'es you deploy, but for Linux/Red Hat-like systems: PXE boot, Kickstart [1], Puppet [2], Bacula [3]. PXE/Kickstart/Puppet can be managed with Cobbler [4]. Foreman [5] is an alternative for managing Puppet hosts. [1] http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/pt-install-advanced-deployment.html [2] http://reductivelabs.com/products/puppet/ [3] http://www.bacula.org/en/ [4] https://fedorahosted.org/cobbler/ [5] http://theforeman.org/ -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: dns interceptors [SEC=UNCLASSIFIED]
Transparent dns rewriter inline on the network On 2/12/10, Wilkinson, Alex alex.wilkin...@dsto.defence.gov.au wrote: 0n Sat, Feb 13, 2010 at 06:15:02AM +0800, Randy Bush wrote: i just lost ten minutes debugging what i thought was a server problem which turned out to be a dns trapper on the wireless in the changi sats lounge. this is not the first time i have been caught by this. Whats a dns trapper ? -Alex IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Google to offer fiber to end users
On Wed, Feb 10, 2010 at 2:56 PM, Seth Mattinen se...@rollernet.us wrote: On 2/10/2010 12:30, Charles N Wyble wrote: http://www.businessweek.com/news/2010-02-10/google-plans-to-build-high-speed-fiber-optic-networks-update2-.html http://googleblog.blogspot.com/2010/02/think-big-with-gig-our-experimental.html What do folks think? Optimistic view: It can force the incumbents into being competitive on service and everyone wins. Pessimistic view: incumbents feel threatened and try to sue/lobby it away to keep the status quo like they did with cities trying to offer wifi or FTTH. Google cash Muni cash. I'm not saying it'll work, but they have many more resources at their disposal. Incumbents should be worried. ~Seth -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Using /126 for IPv6 router links
Sometimes good enough perfect Never know what is going to come along to turn your addressing plan on its head. -brandon On 1/23/10, Larry Sheldon larryshel...@cox.net wrote: On 1/23/2010 8:24 PM, Owen DeLong wrote: On Jan 23, 2010, at 4:52 AM, Mathias Seiler wrote: In reference to the discussion about /31 for router links, I d'like to know what is your experience with IPv6 in this regard. I use a /126 if possible but have also configured one /64 just for the link between two routers. This works great but when I think that I'm wasting 2^64 - 2 addresses here it feels plain wrong. So what do you think? Good? Bad? Ugly? /127 ? ;) Use the /64... It's OK... IPv6 was designed with that in mind. 64 bits is enough networks that if each network was an almond MM, you would be able to fill all of the great lakes with MMs before you ran out of /64s. Did somebody once say something like that about Class C addresses? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Emergency power generators
On Thu, Jan 21, 2010 at 3:21 PM, gordon b slater gordsla...@ieee.orgwrote: On Thu, 2010-01-21 at 13:17 -0600, Joe Greco wrote: If your gear doesn't support it, talk to generator service guys who are well-thought-of in your area. I'd place good odds that they'll be happy to outfit you with a computer-readable fuel level indicator, oil pressure, remote test, etc., etc., though they may be smiling their way to the bank and thanking you for all the custom work. ... JG a lot of places just use a linux or BSD SFF/mini-ITX with a webcam grabbing a jpeg/png every few seconds or once a minute on a cron job, pointed at the controls/guages/meters. Just make sure the target area is well-lit so the cam can see needles/guages etc. big snip I've solved this in several locations with Arduino (google is your friend) boards. They're cheap ($40-$100/pop), are easily networked, and can be used to send the required data back in a variety of formats (we have Nagios monitoring them, checking every X minutes). This, of course, is no replacement for running the genset every so often to verify it actually starts. -brandon -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Cogent Outage?
Fiber cut in New Jersey, affecting most of the easy coast (per their support number). I didn't jot the master ticket number down though. Our gear in Chicago seems partially affected though. On Thu, Jan 14, 2010 at 11:31 AM, Joe Johnson j...@riversidecg.com wrote: We just lost Cogent across the country, along with several sister companies. Can't get through to a support person. Any idea what's going on? Joe Johnson Chief Information Officer Riverside Consulting Group, Ltd. Phone: 708.442.6033 x3456 Fax: 708.442.9722 j...@riversidecg.com www.riversidecg.com -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Consumer-grade dual-homed connectivity options?
On Wed, Dec 30, 2009 at 10:46 AM, Ken Chase m...@sizone.org wrote: 2x DSL not so backhoe-resistant. I like mixing cable with dsl. Tasty disparate paths (modulo garden shears applied to the single ingres point to your basement) if not technologies, orgs and methodologies. Or radio + dsl, or pigeon + mule, take your pick. *snip* I'm using cable and wimax in the Chicago suburbs with a dual-wan router. Works well, would recommend to others, and so forth. /kc On Wed, Dec 30, 2009 at 11:12:59AM -0500, Tim Sanderson's said: Do you control or have access to the provider side-the PPPoE server-and would both PPPoE connections hit the same PPPoE server at the provider? If so, I recommend setting up a PPP multilink with both DSL lines. The DSL provider would have to support that capability. I also recommend something like a Cisco 2691 router with two WIC-1ADSL cards. I have used this hardware for a 2xDSL multilink to my own home and it worked well. -- Tim -Original Message- From: Paul Bennett [mailto:paul.w.benn...@gmail.com] Sent: Wednesday, December 30, 2009 10:50 AM To: nanog@nanog.org Subject: Consumer-grade dual-homed connectivity options? Not sure whether this is an appropriate place to post this, but I thought I'd give it a shot, since you're all knowledgeable folks with regard to networking things... At home, I currently run two DSL lines. Right now, we just have two separate LANs, one connected to each line, with my wife's devices attached to one, and my devices attached to the other. For a while now, I've been thinking about setting up a load-balancing routing solution to give both of us access to both lines. I have the opportunity to acquire a refurbed Cisco Catalyst 2960 at a ridiculously low price. I also have access to a (nominally) spare quad-core 64-bit PC with 8GB of RAM. I say nominally because I'm thinking about setting it up as a media center / gaming rig connected to the TV in the den. That's largely beside the point, but it bears pointing out that keeping the PC available for my other needs would be a good thing. So. Is it going to be a more-effective solution to drop a few bucks on the 2960 and go through the hassle of learning how to set it up (and then setting it up), or would I be better off putting a secured Linux distro (e.g. gentoo-hardened, or something) on the semi-spare PC and running the load-balancing via iproute2 and friends? Either way, I'm looking at a learning curve, and a good amount of time fannying around getting the damn thing working -- there's a good chance I'd spend almost as much cash on the PC-based solution getting good-quality network cards, and maybe fast HDD tech (though it seems like RAM and cores would be more important than disk IO). What are your opinions? -- Paul THIS MESSAGE IS INTENDED ONLY FOR PERSONAL AND CONFIDENTIAL USE OF THE INDIVIDUAL OR ENTITY TO WHOM IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that you have received this message in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by e-mail or telephone, and delete the original message immediately. Thank you. -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W. -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Experiences with Comcast Ethernet/Transit service
We're looking at using Comcast's (business) transit and private ethernet services at several client locations and I wanted to see what experiences others have had regarding this. Off-list replies are preferred. Thanks, -brandon -- Brandon Galbraith Mobile: 630.400.6992
Re: news from Google
On Thu, Dec 3, 2009 at 1:12 PM, Bret Clark bcl...@spectraaccess.com wrote: For sure...everyone remembers the Bill Gates Borg picture, but at this rate, Google will soon become the new poster child for that picture (or something comparable). Bret I try to think of them as a benevolent dictator ;) -brandon On Thu, 2009-12-03 at 10:48 -0800, Seth Mattinen wrote: No kiddng. I must be the only one who is getting tired of seeing Google take over literally everything. ~Seth -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Historical traceroute logging
On Thu, Dec 3, 2009 at 4:26 PM, John Souvestre jo...@sstar.com wrote: Hello Jeroen. I very much like Ping Plotter. http://www.pingplotter.com/ John We've used Ping Plotter before as well. Some shortcomings, but works well for what it's supposed to do. -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On Wed, Dec 2, 2009 at 5:52 PM, Matthew Dodd md...@doddserver.com wrote: I meant to say 6to4, sorry about that. Nothing special there. -Matt 4to6 would be a mighty nice feature on a CPE =) -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Testing Internet Speeds and Capacity
Speedtest sites (speedtest.net, ndt.anl.gov, etc) or your own tests: http://www.google.com/search?q=nanog+iperf On Fri, Nov 20, 2009 at 1:11 AM, shake righa ssri...@gmail.com wrote: Hi, how does one truly test internet speeds provided by your provider. Speed test sits give different results that one provided by the provider. Regards, Shake -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: What DNS Is Not
Maybe Google needs to incorporate some level of CDN support into their SPDY layer... Better than DNS I would think. -brandon On 11/16/09, Glen Turner g...@gdt.id.au wrote: On 10/11/09 01:58, Jack Bates wrote: And different CDN's behave differently, depending on how they deliver content, support provider interconnects, etc. I'd hardly call many of them DNS lies, as they do resolve you to the appropriate IP, and if that IP disappears, try and quickly get you to another appropriate IP. It depends what you mean by appropriate. It may not be least cost or closest, and that can be a rude shock when the CDN traffic suddenly costs you A$5/GB (delivered from the US by undersea cable) rather than $0 (delivered from an in-country peer). DNS is the wrong answer, simply because there's no way for the user to express *their* policy. But since there no CDN support in HTTP. -- Glen Turner http://www.gdt.id.au/~gdt/ -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Layer 2 vs. Layer 3 to TOR
On Thu, Nov 12, 2009 at 2:40 PM, Bulger, Tim tim_bul...@polk.com wrote: If you use stackable switches, you can stack across cabinets (up to 3 with 1 meter Cisco 3750 Stackwise), and uplink on the ends. It's a pretty solid layout if you plan your port needs properly based on NIC density and cabinet size, plus you can cable cleanly to an adjacent cabinet's switch if necessary. Slightly off-topic.. Consider offloading 100Mb connections like PDUs, DRAC/iLO, etc. to lower cost switches to get the most out of your premium ports. Agreed. We use Netgear gigabit unmanaged switches for what Tim suggests to save the higher-cost-per-port switchports for server gear. -brandon -Tim -Original Message- From: Seth Mattinen [mailto:se...@rollernet.us] Sent: Thursday, November 12, 2009 3:20 PM To: 'nanog@nanog.org' Subject: Re: Layer 2 vs. Layer 3 to TOR Steve Feldman wrote: On Nov 12, 2009, at 2:48 PM, Raj Singh wrote: Guys, I am wondering how many of you are doing layer 3 to top of rack switches and what the pros and cons are. Also, if you are doing layer 3 to top of rack do you guys have any links to published white papers on it? Dani Roisman gave an excellent talk on this subject at NANOG 46 in Philadelpha: http://www.nanog.org/meetings/nanog46/abstracts.php?pt=MTQwOCZuYW5vZzQ2nm=nanog46 I'd always wondered how you make a subnet available across racks with L3 rack switching. It seems that you don't. ~Seth -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Redundant Data Center Architectures
Layer-3-independence and active/active/etc. is where it's at in terms of high availability in the 21st Century. GSLB, et. al. Somewhere on video.google.com is a Google I/O talk explaining the hell that is active/active redundancy and how hard it is to achieve at layers 4-7. I don't argue that it's the proper method for Layer 3 though. -brandon On Wed, Oct 28, 2009 at 12:38 PM, Roland Dobbins rdobb...@arbor.net wrote: On Oct 28, 2009, at 8:26 PM, Stefan Fouant wrote: I'm wondering what are the growing trends in connecting Data Centers for redundancy in DR/COOP environments. 'DR' is an obsolete 40-year-old mainframe concept; it never works, as funding/testing/scaling of the 'backup' systems is never adequate and/or allowed. Layer-2 between sites is evil, as well. Layer-3-independence and active/active/etc. is where it's at in terms of high availability in the 21st Century. GSLB, et. al. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Sorry, sometimes I mistake your existential crises for technical insights. -- xkcd #625 -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Redundant Data Center Architectures
Props for mentioning mod_backhand. Excellent tool for GSLB. On Wed, Oct 28, 2009 at 12:57 PM, Roland Dobbins rdobb...@arbor.net wrote: On Oct 29, 2009, at 12:42 AM, Ray Sanders wrote: Could you elaborate on GSLB (Global Load Balancing?) ? Architectural choices, implementation scenarios, DNS tricks to ensure optimal cleaving to and availability of distributed nodes within a given tier: http://www.backhand.org/mod_backhand/ http://www.backhand.org/wackamole/ http://www.spread.org/ http://www.dsn.jhu.edu/research/group/secure_spread/ http://wiki.blitzed.org/DNS_balancing http://www.cisco.com/en/US/products/hw/contnetw/ps4162/ --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Sorry, sometimes I mistake your existential crises for technical insights. -- xkcd #625 -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Power Analysis/Management Tools
Not to go too off-topic, but if there is a more preferred location for me to ask, please let me know. I'm looking for recommendations on open source packages that people are using for monitoring power utilization of their network/server gear. We're using Cacti currently, pulling the data from APCs via SNMP, and I wanted to check if someone had come across a better method before I reinvented the wheel.
Re: DreamHost admin contacts
Have had great luck (no outages) with Rackspace Mail (formerly Mailtrust). Quite affordable as well. Disclaimer: no affiliation, just a satisfied customer On 10/13/09, Andy Ringsmuth andyr...@inebraska.com wrote: Any chance there's someone from DreamHost on NANOG? Or that someone might have a way to reach them other than by filing a trouble ticket with them? POP has seemingly been down all day, with Webmail sporadic at best. Just migrated my company's e-mail over to them last week, and with this, of course our company president has been putting a severe squeeze on me to fix it. Barring that, what recommendations might the NANOG community have for an extremely rock-solid e-mail hosting company? I realize that may mean self-promotion, but hey, bring it on. Much appreciated! -Andy -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: IPv6 internet broken, cogent/telia/hurricane not peering
Funny enough, we've been looking at moving from 174 to HE for a large amount of traffic, and this discussion is making the decision *a lot* easier. On 10/12/09, Dave Temkin dav...@gmail.com wrote: Marco Hogewoning wrote: Cogent: You are absolutely insane. You are doing nothing but alienating your customers and doing a disservice to IPv6 and the internet as a whole. You are publishing records for www.cogentco.com, which means that I CANNOT reach it to even look at your looking glass. I send my prefixes to 4436, 22822, and 6939 and you are not peering with any of them. Why not peer, for FREE, with 6939? What could you possibly gain from NOT doing this? HE is NOT going to buy transit from you (nor am I). Please fix your policy. May I suggest to vote with your feet and take your business somewhere else. They obviously are not interested in you, your traffic or your money. MarcoH Already done. All they are doing is continuing to provide fodder for engineers to tell their bosses why to NOT consider 174 transit when it's brought up. -Dave -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: SMS
On Tue, Sep 22, 2009 at 3:27 PM, Shane Ronan sro...@fattoc.com wrote: How do I send out an email if the network is down? Why not use an e-mail to SMS gateway from whichever carrier? Your external monitoring box sends the email? You do have something doing external monitoring, right? -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Intelligent network monitoring systems (commercial/open source, what have you)
On Fri, Sep 11, 2009 at 2:07 PM, Charles Wyble char...@thewybles.comwrote: It all comes down to SNMP to the best of my knowledge. True. While you don't want the MRTG answer, I'd suggest looking at Cacti. There's a large library of device profiles people have put together so as to prevent you from having to hunt down MIBs/OIDs for devices. If you have a database of your devices, it's fairly trivial to import them into Cacti once you have the device profiles (I use a shell script and curl). -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Cisco 7600 (7609) as a core BGP router.
On Mon, Jul 20, 2009 at 8:46 AM, Richard A Steenbergen r...@e-gerbil.netwrote: On Mon, Jul 20, 2009 at 02:22:22PM +0100, Bailey Stephen wrote: I previously ran a single 7609 with dual Sup720's as a Core Internet BGP Router, running OSPF iBGP It's hard to classify a single router as a core, don't you think? Is two enough? ;) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Re: Using twitter as an outage notification (was : Fire, Power loss at Fisher Plaza in Seattle)
On Tue, Jul 7, 2009 at 3:24 PM, Mikael Abrahamssonswm...@swm.pp.se wrote: On Tue, 7 Jul 2009, Marshall Eubanks wrote: In a real crisis, redundancy rules. ... and simplicity. It's always fun when those outages pages rely on sql backends etc, so they're capable of tens or hundreds of users, so they look fine normally. When an outage happens and people really need the information and want it, things stop working. I've been advocating a distributed system with static HTML pages being generated and pushed out when things change. Huge load capability, you can put it anycasted at multiple IXes so it's geographically and ISP resiliant, larger ISPs can even request to get their own mirror. Keeping it simple. No takers yet though, people seem to have too much confidence in complicated, centralized, nice looking solutions. -- Mikael Abrahamssonemail: swm...@swm.pp.se http://www.coralcdn.org/ -- Brandon Galbraith Mobile: 630.400.6992
Re: tor
You're referring to the DMCAs safe harbor provision. -brandon On 6/24/09, Steven M. Bellovin s...@cs.columbia.edu wrote: On Wed, 24 Jun 2009 17:48:58 -0400 Andrew D Kirch trel...@trelane.net wrote: Richard A Steenbergen wrote: On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote: sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes. folk who learn this the hard way may find a pointer passed to me by smb helpful, http://www.chrisbrunner.com/?p=119. If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky. Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different. You might also consider asserting your right to common carrier immunity under 47USC230. OK -- I looked at that part of the US Code (http://www4.law.cornell.edu/uscode/47/230.html). Apart from the fact that the phrase common carrier does not occur in that section, subparagraph (f)(2) says: Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property. Perhaps you're referring to the law exempting ISPs from liability for user-created content? (I don't have the citation handy.) If so, remember that that law requires response to take-down notices. --Steve Bellovin, http://www.cs.columbia.edu/~smb -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Facility wide DR/Continuity
On Wed, Jun 3, 2009 at 9:37 AM, William Herrin herrin-na...@dirtside.comwrote: On Wed, Jun 3, 2009 at 8:09 AM, Drew Weaverdrew.wea...@thenap.com wrote: snip If you can't afford the fiber or need to put the DR site too far away for fiber to be practical, you can still build a network which virtualizes your LAN. However, you then have to worry about issues with the broadcast domain and traffic demand between the clustered servers over the slower WAN. It's doable. I've done it with VPNs over Internet T1's. But you better have your developers on board early and and provide them with a simulated environment so that they can get used to the idea of having little bandwidth between the clustered servers. In most cases, the fiber is affordable (a certain bandwidth provider out there offers Layer 2 point to point anywhere on their network for very low four digit prices). We recently put into place an active/active environment with one end point in the US and the other end point in Amsterdam, and both sides see the other as if they were on the same physical lan segment. I've found that, like you said, you *must* have the application developers onboard early, as you can only do so much at the network level without the app being aware. -brandon -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Facility wide DR/Continuity
On Wed, Jun 3, 2009 at 12:47 PM, Bill Woodcock wo...@pch.net wrote: On Wed, 3 Jun 2009, Drew Weaver wrote: Should the additional sites be connected to the primary site (and/or the Internet directly)? Yes, because any out-of-band synchronization method between the servers at the production site and the servers at the DR site is likely to be more difficult to manage. You could do UUCP over a serial line, but... What is the best way to handle the routing? Obviously two devices cannot occupy the same IP address at the same time, so how do you provide that instant 'cut-over'? This is one of the only instances in which I like NATs. Set up a NAT between the two sites to do static 1-to-1 mapping of each site into a different range for the other, so that the DR servers have the same IP addresses as their production masters, but have a different IP address to synchronize with. Or you use RFC1918 address space at each location, and NAT each side between public anycasted space and your private IP space. Prevents internal IP conflicts, having to deal with site to site NAT, etc. -brandon -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Minnesota to block online gambling sites?
On Mon, May 4, 2009 at 11:06 AM, Beavis pfu...@gmail.com wrote: Hi, I host some gambling sites (off-shore) and I would like to get some info on how i can put minnesota IP blocks on my Filter-List to comply with their 'wacked politics' -beavis On Wed, Apr 29, 2009 at 3:38 PM, Ken Gilmour ken.gilm...@gmail.com wrote: Hi there, I am just wondering if anyone knows any more about the attempt by Minnesota to block online gambling companies other than what's publicly available (e.g. http://www.gambling911.com/gambling-news/minnesota-regulators-try-block-access-gambing-sites-042909.html)? Such as a list or the letter to the providers? Thank you! Ken Please see ongoing thread on geoIP to see how to go about doing this =) -brandon -- Brandon Galbraith Mobile: 630.400.6992
Re: OOB customer communications (Re: Looking for Support Contact at Equifax)
On Mon, Apr 27, 2009 at 11:31 AM, Mike Lewinski m...@rockynet.com wrote: Suresh Ramasubramanian wrote: If your email and phone communications are down due to a connectivity break, and your customers get connectivity from you [assume no backup links, by default .. you'd be surprised at how many smaller customers get by with a single link and no backups at all. If their connectivity is down too - they just cant get to twitter right? I can post status updates to our noc twitter account from my cell phone (so no reliance on local network) and any customers who are using a smartphone device can get updates from their mobile, also wholly OOB from our network. I imagine there's a way to get updates via pure SMS too. I think it's the melding of the mobile with the Internet that is what gives Twitter its real power. I agree however that if the only Twitter access is via regular computer it loses most of its value in this situation. Mike Twitter allows you to specify that you want SMS notification when someone you're following makes an update. -- Brandon Galbraith Mobile: 630.400.6992
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Tue, Apr 21, 2009 at 4:54 PM, Kevin Loch kl...@kl.net wrote: Shane Ronan wrote: C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. A quick search of the website found this: https://www.arin.net/about_us/corp_docs/annual_rprt.html - Kevin More specifically: https://www.arin.net/about_us/corp_docs/annual/2008/ -brandon -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Important New Requirement for IPv4 Requests
On Mon, Apr 20, 2009 at 6:39 PM, Joe Greco jgr...@ns.sol.net wrote: So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? ... JG -- Easier to take back resources if an officer of the company lied regarding their usage/need, no? Just a thought, although I am by no means an expert in the field of contract law. -brandon -- Brandon Galbraith Voice: 630.400.6992
Re: Register.com DNS hosting issues
On Sat, Apr 4, 2009 at 2:05 PM, Peter Beckman beck...@angryox.com wrote: On Fri, 3 Apr 2009, Charles Wyble wrote: This is probably a good time to remind the uninitiated to have some secondary DNS with a totally separate company if your DNS is that important to you. Preferably with a provider that announces out of multiple ASN :) ATT and Akami both provide good distributed DNS service. I imagine there are other carriers, but I can't comment on them as I haven't used them. I can highly recommend DNSmadeEasy.com. Inexpensive, Anycasted, always fast and reliable. Good for primary and/or secondary, IMO, though it is sage advice to use two different providers if you are super ultra serious about never being down. Seconded. We use DNSmadeeasy as a primary for quite a few domains, but also have had good luck with DynDNS as well. -brandon --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ --- -- Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Comcast - No complaints! [was: Re: Craptastic Service!
Very true. You'll be hard pressed to find an IP/transit/dark fiber provider who is going to agree to be liable for anything except what you've paid in the event of an SLA violation. -brandon On 2/22/09, Patrick W. Gilmore patr...@ianai.net wrote: On Feb 22, 2009, at 1:26 PM, JC Dill wrote: Seth Mattinen wrote: If I give someone money to do something, and they fail to meet the contracted metrics, what else can they give me except money back? They can pay a penalty. Simply giving you your money back may not make you whole. Many businesses could make out like a bandit if they don't have to pay a penalty when they don't perform, but just give you your money back. In some lines of business (e.g. residential rental housing) we have laws to protect buyers (renters) that stipulate penalties when sellers (landlords) don't provide the services (livable housing) required by law, in addition to refund of the fee (rent) paid for the services. Giving you your money back when you didn't get the goods isn't really providing an SLA, it's simply not defrauding the customer. That ain't gonna happen. The housing laws you mention are the exception, not the rule. Very, very, very few businesses have any liability for lack of performance other than the money you paid them. And some not even that. -- TTFN, patrick -- Sent from my mobile device Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Comcast - No complaints! [was: Re: Craptastic Service!
Notice you said voucher and not cash, which I'd consider the same as a network provider providing a credit and not cash. -brandon On 2/22/09, JC Dill jcdill.li...@gmail.com wrote: Jim Popovitch wrote: On Sun, Feb 22, 2009 at 13:26, JC Dill jcdill.li...@gmail.com wrote: Many businesses could make out like a bandit if they don't have to pay a penalty when they don't perform, but just give you your money back. I'm curious, when traveling by car or by plane, do you often demand imposition of penalties for travel latency? Airlines pay penalties when they bump passengers even if you get there eventually - just later than you expected. When I am bumped because the plane is overbooked, they don't just put me on the next flight they also compensate me for not putting me on the flight I had a reservation for. When I traveled from SFO to San Diego for Thanksgiving 2 years ago I was bumped both ways. I was compensated each time with a guaranteed seat on the next flight, a meal voucher, and a ticket voucher that I used to fly to the east coast last fall, and will be flying to the east coast again this fall on the second voucher. When traveling by car I have far more control over the proposed route, time-of-day for travel, planned or spontaneous stops, etc. In exchange for this control I am also responsible for the outcome of my own travel plans. jc -- Sent from my mobile device Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: real hardware router VS linux router
On 2/19/09, mike mike-na...@tiedyenetworks.com wrote: Steve Bertrand wrote: Ryan Harden wrote: While you could probably build a linux router that is just as fast as a real hardware router, you're always going to run into the moving pieces part of the equation. Not if you boot directly from USB key into memory with no disk drive. Steve I am sorry, but this is wrong. A USB Key is another 'PC Architecture' that DOES NOT WORK for network devices. There is NO positive mechanical force to keep that thing inserted, and the way a USB Key would hang off most devices with a USB port, would put it at very high risk for being accidentally bumped / disconnected. Secondly, there are still many many PC Architecture boxen that still do not boot correctly from USB. I've used a hot glue gun to glue a USB key to the device/server/etc in question. Works very well against being bumped or accidentally dislodged. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: IPv6 Confusion
On 2/17/09, Randy Bush ra...@psg.com wrote: I find it a shame that NAT-PT has become depreciated the ietf has recanted and is hurriedly trying to get this back on track. of course, to save face, the name has to be changed. with people talking about carrier grade NATS I think combining these with NAT-PT could help with the transition cgn is not a transition tool. it is a dangerous hack to deal with the problems of a few very large consumer isps who lack sufficient space to number their customer edge. randy Sounds like those consumer ISPs better get started on rolling out dual stacks to the CPE. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: IPv6 Confusion
So we deploy v6 addresses to clients, and save the remaining v4 addresses for servers. Problem solved? -brandon On 2/17/09, Nathan Ward na...@daork.net wrote: On 18/02/2009, at 3:23 PM, Randy Bush wrote: I find it a shame that NAT-PT has become depreciated the ietf has recanted and is hurriedly trying to get this back on track. of course, to save face, the name has to be changed. Sort of - except it is only for IPv6 clients to connect to named IPv4 servers. NAT-PT allowed for the opposite direction, IPv4 clients connecting to IPv6 servers - NAT64 does not. The server must have an A record in DNS, and the client must use that name to connect to - just like NAT-PT. -- Nathan Ward -- Sent from my mobile device Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: One /22 Two ISP no BGP
Could Charlie do long haul microwave to someone who can do BGP? On 2/14/09, Francois Menard franc...@menards.ca wrote: The rule with ARIN is that you only need to demonstrate that you WANT do do multihoming, not that you WILL do multihoming. That question would be better asked on the ARIN policy mailing list. I'm also on that list. That was cleared with ARIN as part of the process to get that /22 I guess ARIN rightly assumes that most ISPs do want to do BGP with their customers... F. -- François D. Ménard franc...@menards.ca On 13-Feb-09, at 6:48 PM, Charles Regan wrote: The problem we have now is that we got our /22 from arin to do multihoming. If we dump tlb, no more multihoming? No /22. Is that correct? We also have a contract with tlb. $$$ 1.5yrs left... 2009/2/13, Seth Mattinen se...@rollernet.us: Charles Regan wrote: Isp2 is vtl not bell 2009/2/13, Seth Mattinen se...@rollernet.us: Charles Regan wrote: Just got final confirmation from ISP1 that they will not do BGP with us. ISP1 is Telebec. http://www.iptools.com/dnstools.php?tool=ipwhoisuser_data=142.217.0.0submit=Go My subnet http://www.iptools.com/dnstools.php?tool=ipwhoisuser_data=204.144.60.0submit=Go What can we do now ? Any suggestions ? Do you know who is upstream of ISP2? We've established that Telebec is only connected to Bell Canada. If ISP2 also has a connection to Bell then you don't gain anything with Telebec except this huge mess and horrible hacks to work around their lack of BGP. ~Seth Also, VTL peers with Sprint and SAVVIS. Based on this information I'd just drop Telebec completely. They only have one upstream. You won't get any redundancy with them since they're just giving you a connection to Bell, which VTL already gives you. Here's the view from my SAVVIS router with Sprint as the preferred path: routy-border0show ip bgp 216.113.0.0/17 BGP routing table entry for 216.113.0.0/17, version 78286019 Paths: (3 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 1239 5769, (received used) 208.79.242.129 (metric 3) from 208.79.242.129 (208.79.242.129) Origin IGP, metric 439, localpref 100, valid, internal, best Community: 11170:1239 3561 5769 216.88.158.93 from 216.88.158.93 (206.24.210.102) Origin IGP, localpref 90, valid, external Community: 3561:11840 11170:3561 3561 5769, (received-only) 216.88.158.93 from 216.88.158.93 (206.24.210.102) Origin IGP, localpref 90, valid, external Community: 3561:11840 -- Seth Mattinen se...@rollernet.us Roller Network LLC -- Envoyé avec mon mobile -- Sent from my mobile device Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Is whois.apnic.net down?
On 2/10/09, Dale Carstensen d...@lampinc.com wrote: I get Connection timed out on whois commands to it. Sorry to attempt to answer my own question, but maybe it's the fires in Australia, as the last traceroute hop is a Brisbane.telstra.net domain name. Backhoe fade I'm used to. But now fire fade? Lovely. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Smart hands around Dulles airport / northern VA.
On 1/16/09, Warren Kumari war...@kumari.net wrote: Hi all, This is a mail that I have been meaning to send ever since I moved back to the NoVA area, but have only gotten around to now... Many years ago I used to provide emergency, smart hands type assistance to those in need, but had to give this up when I moved out of the area. Anyway, I'm back and am willing to start doing this again This is primarily for those cases where you would normally have to fly someone out to have them replace a line-card or two, hook up a few cables, maybe swap a disk in an array, etc. This is not for those cases where you simple need someone to push the reset button, nor for rebuilding your entire cage from scratch... Anyway, if you have gear here and think that you might need to take me up on this, drop me a mail and I'll give you my direct contact info... If you like this idea, and are willing to also provide this sort of thing to the community (either in this, or in another area), please let me know -- I'll look into setting up a website / mailing list / something... What Warren said. I'm in the Chicagoland area. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Cogent Considerations [was: Re: Cogent Haiku v2.0]
On 1/12/09, Jim Shankland na...@shankland.org wrote: Adam Young wrote: I wouldn't take my word for it but truthfully, you get what you pay for. Given you have other, more reliable transit, adding Cogent may be ok. I wouldn't rely on it for anything serious though. That has not been my experience. Peering wars have been an issue, but aside from that, they've been fine. (This is transit in San Francisco at the gigabit-plus level.) Jim Shankland Seconded. We also have Cogent for gigabit transit. I had far more problems in the short time we used Level3 for transit than I've had with Cogent. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Gigabit Linux Routers
I wasn't aware of imagestream using any custom (asic) hardware, except the T1/3 cards in the concentrator we bought from them (worked like a champ, btw). -brandon On 12/19/08, Martin List-Petersen mar...@airwire.ie wrote: Henry Yen wrote: On Fri, Dec 19, 2008 at 18:32:40PM -0700, Michael Loftis wrote: --On December 18, 2008 4:02:14 PM -0800 Bruce Robertson br...@greatbasin.net wrote: Imagestream does nice work as well. I'll second the plug for imagestream as well. Soucy, Ray wrote: If all you're looking for is basic routing though, it might be worthwhile just getting a Vyatta appliance. Aren't both Imagestream and Vyatta routers built atop a Linux platform? So is Juniper a BSD base (if I recall correct). The difference is the selection of hardware and added routing hardware. The issue is, that those additions, that Juniper, Imagestream and Vyatta add, are not available on the standard platform, so it can't be quite compared. Kind regards, Martin List-Petersen -- Airwire - Ag Nascadh Pobal an Iarthar http://www.airwire.ie Phone: 091-865 968 -- Sent from my mobile device Brandon Galbraith Voice: 630.400.6992 Email: brandon.galbra...@gmail.com
Re: Dmain names for the interfaces of a router
On 11/9/08, Kai Chen [EMAIL PROTECTED] wrote: Hi everyone, my question is that, in practice, if there are different interfaces (different IP addresses) on the same border router having different domain names? thanks. I've found this quite helpful: http://www-td.rutgers.edu/documentation/Reference/RUNet_Network_Device_Naming_Convention/ -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: [EMAIL PROTECTED]
Re: Why do some companies get depeered and some don't?
On 11/2/08, Joe Maimon [EMAIL PROTECTED] wrote: Patrick W. Gilmore wrote: On Oct 31, 2008, at 1:32 AM, Nelson Lai wrote: Why do some companies like Cogent get depeered relatively often and companies like Teleglobe don't even get talked about and operate in silence free from depeering? That's funny. One of the first networks to de-peer Cogent was Teleglobe. They re-peered after a bit. The next obvious question is: When Sprint, Telia L3 de-peering Cogent, it causes a lot of news in the press noise on NANOG, so why didn't you know Teleglobe depeered Cogent? Imagine the news had they all depeered cogent at the same time. Imagine the lawsuits and government regulation had that occurred. -- Brandon Galbraith Voice: 630.400.6992 Email: [EMAIL PROTECTED]
Re: Sprint / Cogent dispute over?
On 11/2/08, Daniel Roesen [EMAIL PROTECTED] wrote: On Sun, Nov 02, 2008 at 04:40:20PM -0500, Randy Epstein wrote: Problem resolved? https://www.sprint.net/cogent.php Best regards, Daniel Seeing as Cogent is going to try tooth and nail to keep their new found Tier 1 status (and not pay anyone for transit), I would think this would bode worse for Sprint, since most of their transit customers could migrate to Cogent (saving $$$ and not having to face future depeerings). Just my $0.02. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: [EMAIL PROTECTED]
Re: Depeering as an IPv6 driver (was: Re: Sprint / Cogent)
On 10/30/08, Jared Mauch [EMAIL PROTECTED] wrote: On Oct 30, 2008, at 6:55 PM, Deepak Jain wrote: I wonder if judicious use of 6to4 and Teredo would allow an IPv6 (single homed) user to access now missing parts of the Internet. Me thinks, yes. So would some CGN (Carrier Grade Nat anyone) too. Last I knew Cogent wasn't doing any IPv6.. has that changed? - Jared Not that I know of. We tried to get IPv6 transit from Cogent several months ago (we already have IPv4 transit), and were told it's not available yet. -brandon -- Brandon Galbraith Voice: 630.400.6992 Email: [EMAIL PROTECTED]
Re: Sprint / Cogent
On 10/30/08, Paul Fleming [EMAIL PROTECTED] wrote: http://www.earthtimes.org/articles/show/sprint-nextel-severs-its-internet-connection-to-cogent-communications,603138.shtml The most interesting part of the press release to me is: In the over 1300 on-net locations worldwide where Cogent provides service, Cogent is offering every Sprint-Nextel wireline customer that is unable to connect to Cogent's customers a free 100 megabit per second connection to the Internet for as long as Sprint continues to keep this partitioning of the Internet in place. Unfortunately, there is no way that Cogent can do the same for the wireless customers of Sprint-Nextel. -brandon
Re: 143.228.0.0/16 and house.gov
On 10/2/08, Jean-François Mezei [EMAIL PROTECTED] wrote: snip Question: Is it possible to setup an akamai feed in hours once you know your website is to be swamped ? Obviously, the system managers there might not have been warned in advance that the politicians would place a huge load on their servers. But once they realised it, is it conceivable that they quickly setup an akamai feed ? Or is that something which takes weeks to setup ? I'm not sure about Akamai, but I believe Amazon is about to roll out CDN services as well (and I would assume they're as flexible as their other cloud offerings). As always, hindsight is 20/20. http://www.amazon.com/gp/html-forms-controller/aws-content-delivery-service -brandon
Re: DSL at MAE-East
On 9/25/08, Mike Lyon [EMAIL PROTECTED] wrote: Or get an ISR with a 3G GSM card? I'm a fan of this solution. We use T-Mobile with EDGE cards (not 3G, but I don't need 3G for SSH, RDP, etc) in several of our colocation environments for remote access. At $30/month for the service (per card), it was way cheaper than a cross-connect and DSL service. Also fairly reliable. -brandon
