Why are paper LOAs still used?
Why do companies still insist on, or deploy new systems that rely on paper LOA for IP and ASN resources? How can this be considered more trustworthy than RIR based IRR records? And I'm not even talking about old companies, I have a situation right now where a VPS provider I'm using will no longer use IRR and only accepts new paper LOAs. In the year 2024. I don't understand how anyone can go backwards like that. ~Seth
Re: .US Harbors Prolific Malicious Link Shortening Service
On 11/2/23 1:30 PM, goemon--- via NANOG wrote: Are there any legitimate services running solely on .us domain names? Yes.
Re: maximum ipv4 bgp prefix length of /24 ?
On 9/29/23 10:24, VOLKAN SALİH wrote: you guys become rich this way.. by playing penny pincher. I asked global firms like Huawei, not some local company called ADAMS! You joined the wrong mailing list then. This is NANOG, which has companies of all sizes and private individuals operating networks. This is not a "global firms" mailing list.
Re: NTP Sync Issue Across Tata (Europe)
On 8/9/23 3:25 PM, Forrest Christian (List Account) wrote: Note that NIST operates a pool of 24 time servers for public use. These are spread across four different locations in two different states. My understanding is that they all get their time directly from the official NIST clocks without GPS or NTP being involved. I used to jump through all the hoops for that but honestly I like the appliances better (they are also PTP grandmaster clocks). I can always disable the GPS inputs if any of the doom and gloom actually comes to pass. ~Seth
Re: NTP Sync Issue Across Tata (Europe)
On 8/9/23 2:39 AM, Forrest Christian (List Account) wrote: When GPS is working, time transmission with accuracies of under 1 microsecond is common. This is especially true if the GPS integrates some sort of disciplined oscillator. Note that this is in excess of what NTPd running on a typical OS can reliably retransmit. BUT.. if I was to choose only one protocol, it would be NTP, not GPS, because of all of the reasons you mention. I find it distressing that sites are relying on GPS only. I suspect that this a failure to assign proper risk to using GPS. It's particularly odd when one considers that adding NTP time sources are essentially free and improve robustness and reliability greatly. I liked having a WWVB receiver in my mix, but all the hardware appliances (at least those offering OCXO or Rubidium oscillator options) seem to have rejected it in favor of GPS only. I can only conclude that either vendors think options like WWVB are a dead end or there's no demand for GPS alternatives. Products like the BlueSky GNSS Firewall exist, but not something I've thought was as necessary expenditure for my needs (yet). Mouser lists it at just under $10k. Personally I'm just not that comfortable using random unknown platform and unknown installation conditions time server pools over the big-I internet. I would possibly consider NTP servers operated by entities I have peering with. ~Seth
GGC need portal access restored
I also need someone at GGC to contact me ASAP; a tech showed up on site to replace hardware in a node and I've come to find out my portal access is no longer available and I can't place it into maintenance mode. ~Seth
Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers
On 6/1/22 8:12 PM, Mitchell Tanenbaum via NANOG wrote: Believe it or not, there is cable within 500 yards, but they won’t extend it. (: 50 feet across the street from me on the east side of the road is AT FTTH territory. My side of the street is not. F the west side apparently.
Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers
On 5/23/22 12:00 PM, Michael Thomas wrote: On 5/23/22 11:49 AM, Aaron Wendel wrote: The Fiber Broadband Association estimates that the average US household will need more than a gig within 5 years. Why not just jump it to a gig or more? Really? What is the average household doing to use up a gig worth of bandwidth? I want decent upload speeds for offsite backups of my home NAS. But no, upload is usually some pitiful fraction of download. The local cable company maxes out at 20Mbps upload, and AT stopped their FTTH deployment literally across the street from me with no signs of further expansion.
Re: Disney+ Issues
Disney+ started error 73'ing me and my customers again. Same as back in November 2020. Hooray for breaking things that used to work. I tried the chat method again, but unlike last time where they asked me for IP ranges in chat, now I've been given a case number and someone is supposed to email me back in 3 to 5 business days. So I guess we'll see. Worst case I'll buy a subscription and complain I can't get service since I'm a customer of myself at home.
Re: V6 still not supported
On 3/9/22 12:01 PM, Jay Hennigan wrote: It's not just equipment vendors, it's ISPs. Here in Oregon, Frontier was recently acquired by Ziply. They're doing massive infrastructure work and recently started offering symmetrical gigabit FTTH. This is a brand new greenfield PON deployment. No IPv6. It took being transferred three times to reach a person who even knew what it was. Likewise the Wave Broadband cable operator. No IPv6, no plans for it. The big guys in my area - Charter and AT - can do IPv6. But I understand that not every ISP has the talent to deploy IPv6. A lot of people simply refuse to learn new things as they get older. The smaller the company gets it can go either way: steadfast refusal to learn new things, or jumps at the chance to learn something new. The former will try to say customers don't want it or no business case to hide their knowledge gap.
Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock
On 3/7/22 2:14 PM, Abraham Y. Chen wrote: The cost of this software engineering should be minimal. So basically no solution is offered to what is the showstopper for this proposal, only a hand wave that it "should be" easy to fix (but that's everyone else's problem). I mean, I believe this has been discussed to death many times over in the past and yet here we still are.
Re: questions about ARIN ipv6 allocation
On 12/7/21 8:48 AM, Mike Hammett wrote: I can't imagine, as a percentage, a significant amount of voting ARIN members give a crap about what happens with legacy resources. If I had legacy resources I might, but I don't so it's an issue that I bounce between fully ignore or don't see why I should care.
Re: Fiber Network Equipment Commercial Norms
On 9/22/21 6:12 PM, Lady Benjamin Cannon of Glencoe, ASCE wrote: If someone were to make us remove a redundant DWDM node, we’d charge them list price to ever consider putting it back*, plus a deposit, plus our costs for the removal in the first place. Bad move. Enjoy the $8million, it could cost more than that to undo this mistake. *you’d actually never ever get it back in the form you’d want. We’ll never trust the site again and won’t place critical infrastructure there, we’d only build back what’s needed to serve the use. Buy the building then. Owners change and some are more friendly than others. Why would someone ever place critical infrastructure at a site without a solid agreement that prohibits removal, or at least making them whole financially so they don't have to take it out on the next person that comes along? I'd hate to be the poor customer that gets treated as lesser class because a previous owner caused hurt feelings.
Re: PeerinDB refuses to register certain networks [was: Setting sensible max-prefix limits]
On 8/19/21 11:19 AM, Ross Tajvar wrote: I, and many others that I know, have successfully listed our networks in PeeringDB while having no peering. You may just need to try again. All of the argument is based around an email dated in *2015*. So yeah, try again.
Re: Any2 LAX
On 6/11/21 11:18 AM, Bryan Holloway wrote: This is what I got from those guys ... -- CoreSite Incident Notification Description: During a planned maintenance event to integrate new hardware into our MPLS core an extreme dip in Any2 traffic was observed. After about 4 hours running in a degraded state, an emergency case was opened with the hardware vendor. After working with the hardware vendor to rule out any possible hardware or software bugs, the network engineering team located the source of the traffic loss. It was an errant configuration applied by the custom automation written to build LSP's in our MPLS network. A formal IR will be provided for this event. Was that an automated email? Last time I got any email from Coresite was April 22.
Re: Any2 LAX
On 6/11/21 10:16 AM, Jon Lewis wrote: On Fri, 11 Jun 2021, Seth Mattinen wrote: Did Any2 LAX barf last night between about 1am and 8am Pacific time? More like 00:00-7:45 (Pacific time). Anyone know what broke, and why the IX was dead for nearly 8 hours? This is our second recent issue with "an Any2 IX", having dealt with an IX partition event at Any2 Denver just a few weeks ago. What I saw was a lot of unreachable nexthops (I'm in LA2) on routes advertised through the route servers. Most of my direct BGP sessions were down, but a handful were still working including the route servers. For example, I was getting routes for AS29791 from the route servers, but nexthop 206.72.211.106 was dead to me. Not to pick on Internap other than a mutual customer called me directly at 1am and wanted to know why things were down. I killed the route server sessions and went back to sleep. Feels like LA1 and LA2 got split, but however the route servers interconnect still worked, which was problematic.
Any2 LAX
Did Any2 LAX barf last night between about 1am and 8am Pacific time?
Re: New minimum speed for US broadband connections
On 6/2/21 2:00 PM, Baldur Norddahl wrote: The kind of WISP we have around here is one or more AP on a tower or corn silo and that one tower will cover a huge area by line of sight. There will be nothing like you describe as each AP has separate frequency and therefore no conflict. The gear is more or less standard wifi, often Ubiquity. UBNT's AirMax line is not "wifi". Their LTU line isn't either. Mike and Josh are actual WISP operators. You've stated you have no WISP experience. Listen to them.
Re: login.authorize.net has A and CNAME records
What kind of local problem or network problems could cause a servfail response from the authoritative ns? I'm beginning to think this is a DNSSEC related problem, I'll ask on the pdns-users list. I see it's asking for a DS record on login.authorize.net.cdn.cloudflare.net when the nearest one appears to be at cloudflare.net, so for some reason that's not being applied all the way down.
Re: login.authorize.net has A and CNAME records
On 4/6/21 11:35 AM, Arne Jensen wrote: login.authorize.net. is a CNAME, but does not have any A records itself. This one returns A records: ; <<>> DiG 9.10.3-P4-Debian <<>> A login.authorize.net @ns0210.secondary.cloudflare.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25350 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;login.authorize.net. IN A ;; ANSWER SECTION: login.authorize.net.300 IN A 104.18.9.127 login.authorize.net.300 IN A 104.18.8.127 ;; Query time: 15 msec ;; SERVER: 2606:4700:59::a29f:2155#53(2606:4700:59::a29f:2155) ;; WHEN: Tue Apr 06 11:57:19 PDT 2021 ;; MSG SIZE rcvd: 80
Re: login.authorize.net has A and CNAME records
On 4/6/21 11:35 AM, Arne Jensen wrote: Den 06-04-2021 kl. 19:50 skrev Seth Mattinen: On 4/6/21 9:33 AM, Seth Mattinen wrote: Is anyone from authorize.net on here? You are publishing both an A and CNAME record for login.authorize.net, and the CNAME points to login.authorize.net.cdn.cloudflare.net which doesn't resolve. Looks like this may be a cloudflare related issue; I'm just getting servfail responses across the board to my on-net resolvers from cloudflare (not using public dns services). Sounds more like a local problem on your end, or issues between you and the CloudFlare facility you're being routed to. We peer with cloudflare in LAX so the connection is relatively direct. Example trace: 2021-04-06T10:40:52.859117-07:00 dnscache1 pdns_recursor[522]: Nameserver ns2.cloudflare.net IPs: 2400:cb00:2049:1::c629:de83(3.70ms), 198.41.222.131(8.02ms) 2021-04-06T10:40:52.859410-07:00 dnscache1 pdns_recursor[522]: login.authorize.net.cdn.cloudflare.net: Resolved 'cloudflare.net' NS ns2.cloudflare.net to: 2400:cb00:2049:1::c629:de83, 198.41.222.131 2021-04-06T10:40:52.859720-07:00 dnscache1 pdns_recursor[522]: login.authorize.net.cdn.cloudflare.net: Trying IP [2400:cb00:2049:1::c629:de83]:53, asking 'login.authorize.net.cdn.cloudflare.net|DS' 2021-04-06T10:40:52.860013-07:00 dnscache1 pdns_recursor[522]: login.authorize.net.cdn.cloudflare.net: ns2.cloudflare.net (2400:cb00:2049:1::c629:de83) returned a ServFail, trying sibling IP or NS 2021-04-06T10:40:52.860324-07:00 dnscache1 pdns_recursor[522]: login.authorize.net.cdn.cloudflare.net: Trying IP 198.41.222.131:53, asking 'login.authorize.net.cdn.cloudflare.net|DS' 2021-04-06T10:40:52.860628-07:00 dnscache1 pdns_recursor[522]: login.authorize.net.cdn.cloudflare.net: ns2.cloudflare.net (198.41.222.131) returned a ServFail, trying sibling IP or NS What kind of local problem or network problems could cause a servfail response from the authoritative ns?
Re: login.authorize.net has A and CNAME records
On 4/6/21 9:33 AM, Seth Mattinen wrote: Is anyone from authorize.net on here? You are publishing both an A and CNAME record for login.authorize.net, and the CNAME points to login.authorize.net.cdn.cloudflare.net which doesn't resolve. Looks like this may be a cloudflare related issue; I'm just getting servfail responses across the board to my on-net resolvers from cloudflare (not using public dns services). Sometimes I'll get two A records which do work instead of the CNAME, so login.authorize.net occasionally works if I get lucky. But the TTL is 300 seconds to that luck doesn't last too long.
login.authorize.net has A and CNAME records
Is anyone from authorize.net on here? You are publishing both an A and CNAME record for login.authorize.net, and the CNAME points to login.authorize.net.cdn.cloudflare.net which doesn't resolve.
Re: OT: Re: Younger generations preferring social media(esque) interactions.
On 3/24/21 8:08 AM, Phineas wrote: Chiming in as a somewhat-younger network engineer here (19) - I think that Discord should be more widely considered and approved as an option across the board here. I’m active on mailing lists, and while they work, at the end of the day I’d much rather be using an app like Discord, and I know this is true for a lot of the next generation of net engineers. I think age has something to do with that too, and I don't mean this as offensive at all because I've been there done that, but lack of other things going on in life. When I was 19 I had no problem being available on my cell phone at all times. I'd do weekends and nights with joy. I'd volunteer to take all the extra projects the older people didn't want. I'd make up projects just because. I'd respond to messages/emails/whatever immediately if I was awake no matter what time it was. Hell, I used to respond to NOC stuff while I was sitting in class rather than wait until the end. Now that I'm older and have things like a house and family, I slowly shifted to not wanting to be available constantly. I'd rather work on some house project, bake a cake, watch TV with the wife, or play games I missed out on when I was "busy" with stuff that hardly seems important now. I don't want my life to be a slave to apps or jump at every notification I get. I have a laptop just in case I need one, but my primary work area is my desk with desktop computer. When I step away from my desk I'm really stepping away, not transitioning to the sofa or dinner table to keep working on a laptop (something I did in my 20's). Now if someone messages me and I don't think it's time critical I'll get back to it when I feel like it. If it's emergency pick up the phone and dial a voice call: if it's not worth that much effort, it's not that important. I don't want to end up divorced or have a contentious home life because I can't separate work from the wife and kids. So the way I see it there will *always* be a general disconnect in how the younger and older groups prefer to interact because they're simply at completely different stages in their lives.
Re: OT: Re: Younger generations preferring social media(esque) interactions.
On 3/23/21 8:26 AM, Mark Tinka wrote: On 3/23/21 17:11, Seth Mattinen wrote: Okay great for those apps, but if nobody tells me where the new action is... how does that help me? With the list here at least it's on NANOG's website and they tell you how to join in. This feels like you're saying people are not worthy of being included in the future because they don't "know" when they should just know if they are worth being included. To be honest, if you don't hear about it, you probably aren't the target market :-). Happens to me all the time, don't take it personally. I recently found out about Clubhouse, for example. But it's been around, for a while now. I'm not saying that NOG lists are irrelevant - I'm just saying that the kids are flipping between screens faster than they can think. Us geezers are bound to lag in their world. But if the time is right, we shall hear about the Snapchat of the day so we can prepare our networks for ensuing breakage. This happened to WISPA where a enough people decided to split off and make Facebook groups the new gathering place to the detriment of the mailing lists.
Re: OT: Re: Younger generations preferring social media(esque) interactions.
On 3/23/21 7:40 AM, Mark Tinka wrote: On 3/23/21 16:34, Seth Mattinen wrote: The problem with other "social" formats I've found is that they're often an exclusive club you have to know about through connections or be invited to. You can also be excluded on a whim. What you can learn from that is the new brand marketing models of today's Internet world. Standard over-the-top selling is not much of a model anymore. If an app (or service) is worth the value it purports, its users will do all the marketing for it that it needs. Okay great for those apps, but if nobody tells me where the new action is... how does that help me? With the list here at least it's on NANOG's website and they tell you how to join in. This feels like you're saying people are not worthy of being included in the future because they don't "know" when they should just know if they are worth being included.
Re: OT: Re: Younger generations preferring social media(esque) interactions.
On 3/22/21 11:22 PM, Cynthia Revström via NANOG wrote: I haven't ever used facebook beyond receiving some invitation for an event, and I feel like that's the most common case for people around my age group. (not using Facebook that is) Facebook has effectively become social media for old people. It's not the future IMO. The problem with other "social" formats I've found is that they're often an exclusive club you have to know about through connections or be invited to. You can also be excluded on a whim.
Re: Perhaps it's time to think about enhancements to the NANOG list...?
On 3/22/21 7:00 AM, Mike Hammett wrote: TBH, most discussion in the WISP space has moved to Facebook. The busy WISPA mailing lists used to get about 20k messages per year. When I last checked, they were down to 5k or so and on a downward trend. Meanwhile, the Facebook groups have exploded, both in members per group and the number of groups. I dropped my WISPA membership when it was clear the mailing list was no longer preferred by the members. So that shift cost them at least my revenue. Facebook groups are cancer, generally run by people looking for a power trip with no oversight, much like an HOA board that is just itching to fine and foreclose on a house because it has unapproved drapes showing through a side window . I got banned from a group for posting info that was correct, mod said I was "spreading rumors", I followed up with news articles showing it was accurate, then got banned because I should have known not to disagree with a mod. It's a shame people support Facebook groups and reinforce this behavior, and that there's no recourse.
Re: Famous operational issues
On 2/18/21 1:07 AM, Eric Kuhnke wrote: On that note, I'd be very interested in hearing stories of actual incidents that are the cause of why cardboard boxes are banned in many facilities, due to loose particulate matter getting into the air and setting off very sensitive fire detection systems. I had a customer that tried to stack their servers - no rails except the bottom most one - using 2x4's between each server. Up until then I hadn't imagined anyone would want to fill their cabinet with wood, so I made a rule to ban wood and anything tangentially related (cardboard, paper, plastic, etc.). Easier to just ban all things. Fire reasons too but mainly I thought a cabinet full of wood was too stupid to allow. The "no wood" rule has become a fun story to tell everyone who asks how that ended up being a rule. The wood customer turned out to be a complete a-hole anyway, wood was just the tip of the iceberg.
Re: Texas internet connectivity declining due to blackouts
On 2/16/21 09:49, Michael Thomas wrote: On 2/16/21 8:50 AM, John Von Essen wrote: I just assumed most people in Texas have heat pumps- AC in the summer and minimal heating in the winter when needed. When the entire state gets a deep freeze, everybody is running those heat pumps non-stop, and the generation capacity simply wasn’t there. i.e. coal or natural gas plants have some turbines offline, etc.,. in the winter because historically power use is much much less. The odd thing is its been days now, those plants should be able to ramp back up to capacity - but clearly they haven’t. Blaming this on wind turbines is BS. In fact, if it weren’t for so many people in Texas with grid-tie solar systems, the situation would be even worse. You'd think that mid-summer Texas chews a lot more peak capacity than the middle of winter. Plus I would think a lot of Texas uses natural gas for heat rather than electricity further mitigating its effect on the grid. The difference is that in extreme cold heat pump systems are likely switching on emergency heat (i.e. plain old resistance heaters) when the compressor alone can no longer keep up with call for heat demand, which requires significantly more power. That's never happening in the summer, which is only ever running the compressor.
Re: Any2 Los Angeles down again
On 1/26/21 3:51 AM, Siyuan Miao wrote: Does anybody know if there's an alternative to Any2 Los Angeles with predictable uptime and enough members in LA? It's the second outage this month and we've observed at least 7 outages in the past year and we didn't even receive any maintenance notice or RFO. Anyone else seeing problems with Any2 LAX right now (9:50 Pacific time)? I'm seeing packet loss to Microsoft AS8075 through 206.72.210.143 but not 206.72.211.94. Unsure if this is yet another repeat of recent Any2 issues or limited to AS8075.
Re: Any2 Los Angeles down again
On 1/27/21 5:40 AM, Ryan Landry wrote: If you haven't already, I encourage you to subscribe to Coresite's maintenance notifications. Not sure it needs to be duplicated as a notification service to nanog@. I'm kind of curious what the actual problem is. I'm on Any2 in LA, but I haven't been affected yet. I do see other peers go offline, but only ever a subset, so whatever is happening is not affecting everyone. Unfortunately the notices are pretty generic.
Re: Parler
On 1/12/21 1:47 PM, John Curran wrote: On 12 Jan 2021, at 12:40 PM, Andy Ringsmuth wrote: And yet, Amazon will still happily sell you this item: https://www.amazon.com/Anarchist-Cookbook-William-Powell/dp/1607966123/ In fact, it is listed as: #1 Best Seller in Anarchism Thanks for the reminder! (I hadn’t realized it had been updated recently :-) /John According to reviews though the updated version is an edited/sanitized version, not the same as the original.
Re: Parler
On 1/10/21 4:00 PM, Eric S. Raymond wrote: sro...@ronan-online.com : While Amazon is absolutely within their rights to suspend anyone they want for violation of their TOS, it does create an interesting problem. Amazon is now in the content moderation business, which could potentially open them up to liability if they fail to suspend any other customer who hosts objectionable content. When I actively hosted USENET servers, I was repeatedly warned by in-house and external counsel, not to moderate which groups I hosted based on content, less I become responsible for moderating all groups, shouldn’t that same principal apply to platforms like AWS and Twitter? Yes, it would. This was an astonnishingly stupid move on AWS's part; I'm prett sure their counsel was not conmsulted. Surely everyone on this list, purportedly a network operators list, has to have at least heard of 47 USC Section 230... right?
Re: Show NOCs: OIG report: Should you charge extra for NOC tours?
On 1/7/21 10:31 AM, Christopher Morrow wrote: NOC tours seem like a very 1990's thing, that and 'datacenter tours'. I still offer them because as a small company a lot of people think unless you're $bigname that whatever a small company can possibly offer is trash.
Re: 10g residential CPE
On 12/28/20 9:11 AM, Aaron Wendel wrote: Actually our free service doesn't have limitations, has an SLA, no time/term restrictions, a CPE, support, etc. How do SLA refunds work on free service? Do you just pay them some cash value instead of credits?
Re: Disney+ Geolocation (again)
On 11/21/20 08:48, Mike Hammett wrote: I think this is another example of the disconnect between technical teams and support teams at consumer-facing organizations. Consumer-facing support often can't find their way out of a wet paper bag on consumer-related issues, much less on network issues. I think the community's impression so far is that the advised avenues are insufficient to actually solve anything. Since this message, there seems to have been more than one attempt to resolve these types of problems via that link without success. The support site linked to also has rather sparse information regarding how to solve these types of issues. There's nothing to indicate the support site is anything other than for subscription holding end users only. Phrases that I would think to type in the search box like "ISP" and "geolocation" return nothing. The error 73 page just says you are on a VPN or your ISP has a location problem, neither of which is useful information to me as an ISP. Calling in got me nowhere. The service rep couldn't open a ticket or even request escalation without a subscriber account. Even if I personally had one, I'm not going to mention it when I'm calling as an ISP on behalf of all of my customers and potential future customers because of the real danger of having an exception applied to that account rather than addressing the issue as a whole. They told me I should email back to the person who gave me the phone contact info and ask to speak to a supervisor, which I did, and never received a reply. I was able to eventually get through on live chat successfully after answering its automated questions in a way that would lead it to believe i was a customer but could not help me through its auto response means and get what I presume is a live person. However, even though I got lucky with this method someone else reported they just got dead ended with "what's an ISP" when they tried chat. So the lesson here is to just keep trying the end user chat and phone number until you get lucky. ~Seth
Re: Disney+ Geolocation (again)
On 11/20/20 3:29 PM, Jeff Mansukhani wrote: Yes, per the support team, ISP and end-users would go throuh the same initial point of contact to report issue so they may properly track and redirect as appropriate. Thank you. When I called the service rep had no idea what to do with an ISP calling in. Said they can't help without a subscriber account, nor escalate or open a ticket. ~Seth
Re: Disney+ Geolocation (again)
On 11/20/20 11:41 AM, Andy Ringsmuth wrote: In other words: “oops, I shouldn’t have given out the secret e-mail addresses that actually work." I did try calling, and it's just an end user dead end. ~Seth
Re: Disney+ Geolocation (again)
On 11/13/20 12:52 PM, Niels Bakker wrote: * se...@rollernet.us (Seth Mattinen) [Sun 08 Nov 2020, 18:21 CET]: I've had 74.118.152.0/21 allocated to me since 2005. So many IPs in possession for so long, yet so little reverse DNS: --- $ (for j in `jot 7 2`; do for i in `jot 255`; do host 74.118.15$j.$i; done; done) | grep -c NXDOMAIN 1579 --- Not sure why that's a problem. And a lame delegation for 159.118.74.in-addr.arpa. The last /24 is not in use. I've been reserving it since free pool exhaustion in case I can't get more for some unknown reason. I suppose it would still count against me with a whole /24 of NXDOMAIN either way.
Re: Disney+ Geolocation (again)
On 11/8/20 8:58 AM, Mike Hammett wrote: Ugh, they used to. I can't stand these consumer-focused organizations that are irresponsible to the greater operator community. I was told to go to help.disneyplus.com to resolve this, which just gives you the "you're on a VPN" page if you type in "error 73". I called anyway, and as I assumed they can't help me as an ISP calling in. (I did test to confirm with a friend's account but I'm not the account holder.) Even then, that doesn't help the overall "yeah our service works with every major streaming service *except* Disney+, so if you use them you'll have to call to convince them you're not using a VPN." This isn't even a new network, I've had 74.118.152.0/21 allocated to me since 2005. Why people insist on reinventing the geolocation wheel is beyond me. ~Seth
Disney+ Geolocation (again)
People can't watch Disney+. Looked at old emails, read them. Checked every geolocation site for my netblocks (which return ok). Emailed to netad...@disneystreaming.com They responded with "We do not service these requests via this email". Now what? Anyone have a secret contact that can actually help? ~Seth
Re: Ingress filtering on transits, peers, and IX ports
On 10/13/20 8:04 PM, Eric Kuhnke wrote: If I had a dollar for every 'scary security alert' email received in a NOC email inbox from a 'security researcher group' that is the results of a port scan, or some small subset of trojan infected residential endpoint computers attempting outbound connections on ($common_service_port), or similar... I get stupid automated "abuse" notices all the time about being an evil haxx0r, which is actually just having egress proxy enabled on GGC. The most crazy email I've had so far was saying that I "breached Section 4 of the Terms and Conditions of the domain" and that my as (the AS the GGC nodes are behind) is "to immediately cease and desist" followed by a bunch of BS about how their IP addresses are restricted and no crawl rights have been granted blah blah blah.
Re: Hurricane Electric AS6939
On 10/13/20 5:10 PM, Darin Steffl wrote: You would do well to add them to your mix and remove one of the other ones. I'd probably remove spectrum and replace with HE. We've only had 30 minutes of downtime total in 5 years so they've been very reliable for us. I removed Spectrum (Charter) and replaced them with HE. The latter's value proposition was far superior, plus HE is friendlier to work with, and easier to get in touch with a clued individual at HE.
Re: Gaming Consoles and IPv4
On 9/27/20 18:33, Daniel Sterling wrote: It is true that I've yet to see any FPS game use ipv6. I assume that's cuz they can't count on users having v6, so they have to support v4, and it wouldn't be worth their while to have their gaming host support dual-stack. just a guess there Xbox Live does support IPv6, and on my Xbox One X it does say it's successfully using IPv6. I haven't sniffed the traffic to see what it's actually doing though. PSN does not support IPv6.
Re: Rogue BGP Routes
On 5/14/20 1:53 PM, Gary Godard via NANOG wrote: Hi, We are having an issue with Charter Communications advertising 2 of our IP ranges. We are in the process of implementing RPKI now, but does anyone have a suggestion on how to get them to stop? We have tried contacting them via email and via and phone through numerous channels with no luck. Good luck. Charter hijacked my prefixes once while I was a paying customer (did not withdraw after I shut down BGP) and they wouldn't do anything about it outside of wanting to schedule a maintenance window. But do let us know what prefixes they are so those of us who are proactive about such things can filter and do contact everyone Charter peers with or where they use an upstream. I got faster responses that way than with Charter directly. ~Seth
Re: Google peering pains in Dallas
On 4/30/20 11:38 AM, Aaron C. de Bruyn via NANOG wrote: Why isn't there a well-known anycast ping address similar to CloudFlare/Google/Level 3 DNS, or sorta like the NTP project? Get someone to carve out some well-known IP and allow every ISP on the planet to add that IP to a router or BSD box somewhere on their network? Allow product manufacturers to test connectivity by sending pings to it. It would survive IoT manufacturers going out of business. Maybe even a second well-known IP that is just a very small webserver that responds with {'status': 'ok'} for testing if there's HTTP/HTTPS connectivity. Maybe run a "ping prisoner.iana.org" on ATLAS and see how universal it responds? It's possible some of the operators may block ICMP (I don't).
Nitel peering contact
Anyone from Nitel peering on here? The peer...@nitelusa.com address listed in peeringdb just returns an O365 "The group peering only accepts messages from people in its organization or on its allowed senders list" error.
Re: Internet operations during pandemics
On 3/19/20 9:51 AM, Christopher Morrow wrote: During this time, however, 'work from home' technology hasn't really progressed along the same path, has it? So, "get to the vpn" is still largely a process of getting packets across the wide internet and to small locations (your enterprise), there's little relief in site for that model:( IMO that's where local peering comes in, but the big ISPs like AT and Charter/Spectrum (the two national providers in my area) are loathe to peer anywhere except a few big central locations, if at all. It's not a technical problem (i.e. Charter has a 10% utilized 10Ge and unused 1Ge switch trunks in my facility as custs cancel due to he.net moving in), it's a policy problem. So we end up with setups like colo customers not using Charter at the colo because they can get better pricing options, then suddenly they have remote workers on high latency cable connections at home since for that home cable connection to talk to the colo server traffic has to take some crazy long out of state boomerang path that a simple peering connection would solve.
Re: COVID-19 vs. our Networks
On 3/17/20 10:03 AM, Mike Bolitho wrote: We have two redundant private lines out of each hospital connecting back to primary and DR DCs and a metro connecting everything together in each region. But for things we do not own that are not hosted locally, what are we supposed to do? We have to go out DIA to get there. Everything we own is connected via fully SLAed private lines. We have zero issues there. I think people vastly underestimate just how much in the healthcare vertical is outside of a medical providers control/ownership. Do all the SLA's in the world even matter if the contract has a force majeure clause?
Re: Google peering in LAX
On 3/2/20 4:32 PM, Patrick W. Gilmore wrote: That said, I fear this is going to be a problem long term. A blind “no /24s” filter is dangerous, plus it might solve all traffic issues. It is going to take effort to be sure you don’t get bitten by the Law Of Unintended Consequences. As soon as Google un-freezes new peering requests so I can get a direct peering that includes appropriate /24's I've been told offlist I should get (instead of the route server subset) I'll happily remove the transit filters. But I can only work with what I'm given.
Re: Google peering in LAX
On 3/2/20 3:09 PM, Patrick W. Gilmore wrote: Your routers, your decision. But how much traffic are you sending TO Google? Most people get the vast majority of traffic FROM Google. They send you videos, you send them ACKs. Does it matter where the ACKs go? A customer is complaining that data they're sending is going over a higher latency (longer) path. I don't know what they're doing I don't generally ask why, but they claim it's a problem for whatever they're doing and I don't have a reason to doubt them. It's not youtube. I agree that it's an undesirable long term solution but if filtering select transit-only /24's shifts the path to peering and reduces latency, if the customer is happy then I'm happy and if/when Google starts accepting peering requests again I'll revisit it.
Re: Google peering in LAX
On 3/2/20 3:02 PM, Randy Carpenter wrote: I would say it would be best to see if you can get a direct peer with Google via the IX. I have done this with some of the ISPs I work with. It was no additional cost since the physical connections are already in place and actually was highly recommended when first turning up the IX circuits. They won't; I just get a canned message that says they aren't doing any new IX peering "as we improve our automation systems".
Re: Google peering in LAX
On 3/2/20 2:20 PM, Hugo Slabbert wrote: I believe Owen was referring here to Google's actions: that the disagg is the antisocial behaviour and that transit providers (the people they are paying) would be more tolerant of that antisocial behaviour than would be peers (the people they are not paying). I suppose that one went over my head. To clarify I am the one with peering in LAX and I'm only seeing the big aggregates via the Any2 Easy servers. At the moment I can only infer that Google announces aggregates to the route servers and maybe one only gets the /24's after you turn up a direct neighbor or PNI, but there's no way to do that since Google isn't accepting new peering requests and steers such requests back to what's available on route servers. I suppose what I could do is filter /24's from 15169$ in the absence of being able to see if a direct/PNI peering would include them where route servers do not.
Re: Google peering in LAX
On 3/2/20 12:44 PM, Owen DeLong wrote: In part, it might be because people you’re not paying may be less tolerant of anti-social behavior than people you are paying. I'm not sure how I was being offensive but OK.
Google peering in LAX
Anyone know why Google announces only aggregates via peering and disaggregate prefixes over transit? For example, I had a customer complaining about a path that was taking the long way instead of via peering and when I looked I saw: Only 172.217.0.0/16 over Any2 LAX That plus 172.217.14.0/24 over transit Any inquiries to Google just get a generic "we're not setting up any new peering but we're on route servers" response for almost a year now. Or is it because they don't send the /24's to route servers and I'm stuck until they finish their forever improvement project to turn up a direct neighbor?
Re: akamai yesterday - what in the world was that
On 2/12/20 11:48, Josh Luthman wrote: In low power state, usually standby, they're connected to the network and listen for requests to download a new title (bought online) or updates. I know on the Xbox One side of things this feature is semi-off by default as it turns the HDD off to save power, but it's still in standby in the sense that it takes only a few seconds to get to a usable state. They can shut down or sleep, it's user choice. Xbox has a setting for an "instant on" mode. I also had the option to check for updates, but when I went to use it yesterday it came up asking me to download a system update. And then after it installed that it wanted to download a giant update file for Halo. It's supposed to get updates on its own if you have both instant on and get updates enabled, but it didn't for whatever reason. On PS4 you choose if you want to turn it off or go into rest mode, but I usually choose off because if the power hiccups in the weeks between times I get to use it it yells that it wasn't shut down correctly and it doesn't self-reboot into rest mode. Even when it was in rest mode, when I went to start Overcooked (the only game my wife will co-op play with me) it too asked to download an update. So sure, they can, but it doesn't work reliably and when I have time to play *ow I'm going to tell it to download now without caring if it's not-my-problem peak time or not. And I'm sure I'm not alone in that sentiment. Again, speaking with my end user hat on.
Re: akamai yesterday - what in the world was that
On 2/12/20 11:31, Livingood, Jason wrote: But I think folks are correct that the issue may be more that a given gaming device was turned off at night (though no reason that device could not pre-cache the content from the source). In any case, there should be a better way to address this. The Internet will see more and more of these downloads and smoothing the impact out seems prudent for all involved. Putting my end user hat on, I turn off all my consoles when I'm not using them, often for weeks. When I get home and it looks like I'll have time to play after dinner I'll turn one of them on and let it download/install. I don't really care that my off work and dinner times might not be convenient for my ISP to download giant files. I fully understand the ISP's perspective, but I'm not going to start leaving my consoles on 24x7. The way to address this used to be this thing called "physical media" that held games, but nowadays even when I have a game on disc it has to download at least one massive patch before it will play.
Re: akamai yesterday - what in the world was that
On 2/12/20 10:02, Jared Mauch wrote: When you see this please raise it to my attention. I can't promise a resolution but will promise clarity in what is going on. This was in May 2019 so what's done is done at this point, but I will forward you the email offlist.
Re: akamai yesterday - what in the world was that
The wheels of bureaucracy are certainly a problem. The largest peer on our local exchange couldn't even get Akamai to complete a peering turn up because whoever was working on the ticket on the Akamai side got stuck on trying to set up the wrong location. And then months pass, it never got resolved, and then they decided to pull the cache. Akamai had one hand failing to set up new peers and the other hand saying why aren't there more peers, and the two hands never know what the other is doing.
Re: akamai yesterday - what in the world was that
On 2/12/20 8:36 AM, Aaron Gould wrote: Netflix oca has it figured out, as my fill windows is during off-peak time, 2 a.m. - 6 am. and I think it's also configurable in the oca portal. It's not fill, it's that people don't turn on their xbox or whatever until after they get home from work and only then does it start downloading. Multiply that by 1000 people getting home from work around the same time.
Re: akamai yesterday - what in the world was that
On 2/12/20 8:13 AM, Brandon Martin wrote: It would be really nice if the major CDNs had virtual machines small network operators with very expensive regional transport costs could spin up. Hit rate would be very low, of course, but the ability to grab some of these mass-market huge updates and serve them on the other end of the regional transport at essentially no extra cost would be great. I'm sure legal arrangements make that difficult, though. My experience is that they want to see lots of traffic growth to stay interested. As companies get bigger the minimum bar to play keeps going up, and anyone below that bar is stuck relying on transit. Fall below the bar or don't show enough growth fast enough and they pull the resources away.
Re: Charter contact
On 2/7/20 6:36 PM, Mehmet Akcin wrote: Hey there I am looking for a contact in Charter for a 10G wave. Reno > SF or Reno to > LA. Please let me know if you know people who may help. If you can get them to actually sell you a 10G. Last time I dealt with Charter they maxed out at offering 5G in Reno. I use Verizon and AT now, both are also cheaper Charter was.
Re: 5G roadblock: labor
On 1/17/20 02:13, Alexandre Petrescu wrote: From the web: the band 48 (3550-3700MHz) is for CBRS in US (Citizens' band broadband service; I suppose something like voice between trucks) CBRS (and the soon to be former NN band) doesn't have anything to do with CB radios.
Re: Cost Recovery Surcharge & Va Personal Property Tax Recovery for IP Transit
On 1/6/20 9:21 AM, Tom Beecher wrote: "Property Tax Recovery" charges are also to my knowledge 100% optional fees. It's the carrier charging you a fee so they can pay their property taxes. Somehow, this sort of thing is legal. I mean, it's legal if someone signed an agreement that says they are agreeing to pay such things.
Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read
On 12/31/19 8:10 AM, joel jaeggli wrote: Argumentation on the basis of a tu quoque fallacy doesn't really add much to the dicussion. Depreciating potentialy dangerous and definitely obsolete protocols does not make you a hypocrite. Then how about privilege? If someone is living in a less-privileged situation (oppressive regime, state controlled ISP, extreme poverty, whatever) there's also a good chance that such people may not able to acquire newer/updated technology easily, perhaps not even legally at great risk. I will disagree with anyone's assertion that people in such conditions deserve to be disenfranchised.
Re: Paging anyone from ntpd.org
On 12/31/19 1:32 AM, Harlan Stenn wrote: On 12/30/2019 8:32 PM, Seth Mattinen wrote: On 12/30/19 8:22 PM, Seth Mattinen wrote: Is anyone from ntpd.org on here? You're pointing DNS at me for some reason. That zone (ntpd.org) isn't in our system. Your NS looks odd too, *.darkness-reigns.net and .nl? Is that legit? I don't know what it was before because I've never looked, but that seems off. nevermind, I'm tired and confused ntpd.org with ntp.org. Just going to wildcard *.ntpd.org to 127.0.0.1 and go back to sleep. I did think about replying, saying "Just to be clear, this isn't about ntp.org." What I did learn though there are a lot of people configuring their NTP with servers that are identical to the legitimate *.ntp.org names, except they're mistyping ntpd instead of ntp. Enough to generate >2Gbps worth of query traffic (pointed at a DNS server with a 1gbps interface). I have to admit I'm kind of curious how many unique clients that would be if I answered back with a working IP address instead of localhost.
Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read
On 12/31/19 12:50 AM, Ryan Hamel wrote: Just let the old platforms ride off into the sunset as originally planned like the SSL implementations in older JRE installs, XP, etc. You shouldn't be holding onto the past. Because poor people anywhere on earth that might not have access to the newer technology don't deserve access to Wikipedia, right? Gotta make sure information is only accessible to those with means to keep "lesser" people out.
Re: Paging anyone from ntpd.org
On 12/30/19 8:22 PM, Seth Mattinen wrote: Is anyone from ntpd.org on here? You're pointing DNS at me for some reason. That zone (ntpd.org) isn't in our system. Your NS looks odd too, *.darkness-reigns.net and .nl? Is that legit? I don't know what it was before because I've never looked, but that seems off. nevermind, I'm tired and confused ntpd.org with ntp.org. Just going to wildcard *.ntpd.org to 127.0.0.1 and go back to sleep.
Paging anyone from ntpd.org
Is anyone from ntpd.org on here? You're pointing DNS at me for some reason. That zone (ntpd.org) isn't in our system. Your NS looks odd too, *.darkness-reigns.net and .nl? Is that legit? I don't know what it was before because I've never looked, but that seems off. ~Seth
Re: Requesting /24 from ARIN
On 12/28/19 7:12 AM, Terrance Devor wrote: Thank You Jorge! What is important for us is not to overpay That's why auctions are really a last resort. Can someone please walk me through this with a few links? This is my first time going through this process. Ask ARIN. They will help you.
Re: AT AS7018 - Filter Changes
On 12/24/19 8:03 AM, James Breeden wrote: Yes. That's the ticket I've had open for 4 days. Do they not support IRR based filtering? I think that's the hangup we're having... No. Send them a list of prefixes and an LOA.
Re: Elephant in the room - Akamai
On 12/6/19 06:46, Fawcett, Nick via NANOG wrote: We had three onsite Akamai caches a few months ago. They called us up and said they are removing that service and sent us boxes to pack up the hardware and ship back. We’ve had quite the increase in DIA traffic as a result of it. Same here, removed last month, and no more Akamai traffic over peering since.
Re: RTG
On 10/30/19 10:10 PM, Seth Mattinen wrote: On 10/30/19 6:13 AM, John Von Essen wrote: I too love RTG, been using it forever, appears to handle interfaces all the way up 10G. I still use RTG. Not for graphing or anything fancy, just for polling counters in a database to be queried by other things. It's still useful for raw numbers for billing. Slight correction, I'm using rtg2: https://code.google.com/archive/p/rtg2/downloads
Re: RTG
On 10/30/19 6:13 AM, John Von Essen wrote: I too love RTG, been using it forever, appears to handle interfaces all the way up 10G. I still use RTG. Not for graphing or anything fancy, just for polling counters in a database to be queried by other things. It's still useful for raw numbers for billing.
Re: Request comment: list of IPs to block outbound
On 10/13/19 8:58 AM, Stephen Satchell wrote: In trying to research what would constitute "best practice", the papers I found were outdated, potentially incomplete (particularly with reference to IPv6), or geared toward other applications. This table currently does not have exceptions -- some may need to be added as a specific "allow" route or list. https://www.team-cymru.com/bogon-reference-http.html
Re: Cogent & FDCServers: Knowingly aiding and abetting fraud and theft?
On 10/11/19 07:16, Daniel Seagraves wrote: This should not be just a “nitpick". AT announces our extremely legacy ARIN allocation for us because we do not qualify to have an ASN, but I absolutely did not, will not, and*have actively resisted attempts to* transfer the block to them. I would sooner have my gums tattooed than give up my address space. Having an ASN was not a requirement when we were allocated the resource, and I don’t see why we should be punished for being early adopters. How exactly is it punishment that BGP needs an AS number? If AT won't support a private AS number for the last mile then that's AT, not ARIN. If you're a legacy holder you should be around long enough to know this stuff and that it's not some conspiracy that BGP uses AS numbers.
Re: IPv6 Pain Experiment
On 10/3/19 5:34 PM, John Levine wrote: In article you write: that gets me on to my small annoyance... /64 bit subnet masks for local networks. really? Yup. Making everything is a /64 is the best because means never again having to waste brain cycles on right-sizing subnets. And the total space is large enough that you're not shooting yourself in the foot anytime soon.
Re: IPv6 Pain Experiment
On 10/3/19 13:13, Mark Andrews wrote: On 4 Oct 2019, at 4:35 am, Seth Mattinen wrote: On 10/2/19 15:03, Naslund, Steve wrote: In my experience, the biggest hurdle to installing a pure IPv6 has nothing to do with network gear or network engineers. That stuff I expect to support v6. This biggest hurdle is the dumb stuff like machinery interfaces, surveillance devices, the must have IP interface on such and such of an obsolete appliance, etc. The dumb legacy app that supports the ancient obsolete pen plotter that we must keep forever, etc. Using the plotter example, why is it obsolete and must be replaced if it still works? It's a waste of money to dump fully functional hardware because software. The argument to justify its replacement needs to be something along the lines of the new plotter will output faster and save X hours a day which is equal to Y hours of time over a year. Not that the new one supports IPv6 and yeah that's about it. Oh the new one also supports TLSv1.3 to make sure your plots can't be intercepted by your cube neighbor as you walk across the office. Firstly adding IPv6 doesn’t remove IPv4. I know that. What I'm trying to say is that many companies aren't willing to throw away working equipment to gain a nebulous (to them) software feature like IPv6 that doesn't improve on its hardware functional state.
Re: IPv6 Pain Experiment
On 10/2/19 15:03, Naslund, Steve wrote: In my experience, the biggest hurdle to installing a pure IPv6 has nothing to do with network gear or network engineers. That stuff I expect to support v6. This biggest hurdle is the dumb stuff like machinery interfaces, surveillance devices, the must have IP interface on such and such of an obsolete appliance, etc. The dumb legacy app that supports the ancient obsolete pen plotter that we must keep forever, etc. Using the plotter example, why is it obsolete and must be replaced if it still works? It's a waste of money to dump fully functional hardware because software. The argument to justify its replacement needs to be something along the lines of the new plotter will output faster and save X hours a day which is equal to Y hours of time over a year. Not that the new one supports IPv6 and yeah that's about it. Oh the new one also supports TLSv1.3 to make sure your plots can't be intercepted by your cube neighbor as you walk across the office.
Re: Weekly Routing Table Report
On 9/2/19 15:02, Masataka Ohta wrote: then applying that very same standard of evidence to your assertions leads directly to "can safely be ignored" As I already wrote: > The following page by Geoff Huston is better than your delusion. > http://www.potaroo.net/ispcolumn/2001-03-bgp.html > What is driving this recent change to exponential growth > of the routing table? > In a word, multi-homing. feel free to verify it. May the world come to an end if someone dares to have an independent thought or shares original information that can't be backed up by at least 50 crosschecked references.
Re: What can ISPs do better? Removing racism out of internet
On 8/5/19 10:05 AM, William Herrin wrote: The best cure for speech is more speech. The President notwithstanding, hateful behavior has a hard time surviving the light of day. You shouldn't be the censor but you can shine the light. That doesn't seem to work on Facebook, where people spew the most vile things under the banner of their own name.
Re: 44/8
On 7/22/19 10:16 AM, William Herrin wrote: Respectfully John, this wasn't a DBA or an individual figuring the org name field on the old email template couldn't be blank. A class-A was allocated to a _purpose_. You've not only allowed but encouraged that valuable resource to be reassigned to an organization, this ARDC, and then treated the organization as a proxy for the purpose. No one asked you to do that. Nothing in the publicly vetted policies demanded that you attach organizations to the purpose-based allocations and certainly nothing demanded that you grant such organizations identical control over the resources as the control possessed by folks who were the intended direct recipients of assignments. From the outside it kind of looks like someone created an org that didn't exist before but matched the name in whois and said "oh yeah that's ours, says so right there".
Re: 44/8
On 7/19/19 6:33 AM, Matt Harris wrote: After reading the analogy above regarding spectrum space, I shudder to think what the community response would be if the FCC were to tacitly allow the ARRL to receive several million (or billion in this case) dollars from, say, Verizon in exchange for some part of our exclusive amateur bands. Indeed the ARRL has a fund (the "Spectrum Defense Fund") with the purpose of employing lawyers and public policy folks to help prevent our community resources from shrinking out from under us. But clearly the cell carriers need all the spectrum, for only they know what's best for us.
Re: Antennas in the data center
On 7/18/19 6:54 AM, Robert Webb wrote: Manager has no issue with equipment purchased and has polled the other tenants in the same data center and they are also OK with it. He has just cited that there is some standard but has not been forthcoming with any documentation. Never heard of such a "standard". Data centers usually either allow antennas or they don't as a policy of their own.
Re: Colo in Africa
On 7/16/19 4:30 PM, Ken Gilmour wrote: TBs of data is not really that much data on average when you average it over thousands of customers. The data is summarized, There are a ton of other things happening in the background that I've already explained in the thread and are really irrelevant to the task at hand which is finding a facility in Africa that does Bare Metal servers. I've had a lot of helpful people, despite the naysayers. I did find all of the "why not cloud" responses disappointing when you asked for colo of servers. On this list I would assume someone asking for a specific thing knows why they want it.
Re: Colo in Africa
On 7/16/19 10:53 AM, Akshay Kumar via NANOG wrote: Then you are "doing it wrong(tm). Good luck. Are you saying that anyone choosing not to use "the cloud" is simply wrong because "cloud" is always right?
Re: Traffic ratio of an ISP
On 6/20/19 7:16 AM, Mike Hammett wrote: The problem you're running into, Prasun, is that people either aren't actually reading what you're saying or have poor comprehension skills. Very few people are directly addressing what you're asking. A good question would be, who actually cares about ratios in the year 2019? Does anyone still calculate them and use them to decide anything? If so, why does it matter?
Re: BGP prefix filter list
On 5/20/19 4:26 PM, John Kristoff wrote: On Mon, 20 May 2019 23:09:02 + Seth Mattinen wrote: A good start would be killing any /24 announcement where a covering aggregate exists. I wouldn't do this as a general rule. If an attacker knows networks are 1) not pointing default, 2) dropping /24's, 3) not validating the aggregates, and 4) no actual legitimate aggregate exists, (all reasonable assumptions so far for many /24's), then they have a pretty good opportunity to capture that traffic. I'm talking about the case where someone has like a /20 and announces the /20 plus every /24 it contains. I regard those as garbage announcements.
Re: BGP prefix filter list
On 5/20/19 3:05 PM, William Herrin wrote: The technique you describe was one variant of FIB Compression. It got some attention around 8 years ago on the IRTF Routing Research Group and some more attention about 5 years ago when several researchers fleshed out the possible algorithms and projected gains. As I recall they found a 30% to 60% reduction in FIB use depending on which algorithm was chosen, how many peers you had, etc. A good start would be killing any /24 announcement where a covering aggregate exists.
Re: FCC Hurricane Michael after-action report
On 5/15/19 7:10 PM, Brandon Martin wrote: I dunno how the big guys get away with it. If I hit something, you can darn well bet someone's going to be on my neck immediately to shut the job down and pull my bond if possible. It helps when the people in the field are like 3 subcontractors removed.
Re: NTP question
On 5/1/19 8:35 PM, Mel Beckman wrote: But wait. What is the GPS constellation goes down? THEN we have bigger problems For timing if we lose the WWV stations and CDMA, then it seems the diversity plan is going to be a combination of US GPS, Galileo, and GLONASS disciplined sources.
Re: AT contact
On 4/30/19 13:18, Mehmet Akcin wrote: Peering email is broken, looking for an AT contact. Please contact me off list. There's other contacts listed in peeringdb
Re: Comcast storing WiFi passwords in cleartext?
On 4/24/19 8:13 AM, Benjamin Sisco wrote: The bigger concern should be the cleartext portion of the subject. There’s ZERO reason to store or transmit any credentials (login, service, keys, etc.), in any location, in an unencrypted fashion regardless of their perceived value or purpose. Unless you like risk. That's looking at it from a technical perspective when it isn't a technical problem. People that buy "includes wifi" from their ISP often need extreme amounts of help with it, and thus the wifi credentials are stored and transmitted in plain text for tech support reasons. ~Seth
Re: Comcast storing WiFi passwords in cleartext?
On 4/23/19 16:46, Töma Gavrichenkov wrote: Apparently there's a concern with customers that their seemingly private passphrases, entered in their own boxes, are being shared with the upstream ISP without an explicit customer consent, and are kept in the ISP database for an unspecified period of time. Is it there by design? if so, then maybe some tweaks are necessary? Don't use the built in wifi AP on a cable modem combo would be my first reaction. ~Seth
Re: Frontier rural FIOS & IPv6
On 3/31/19 13:31, David Hubbard wrote: Things are no better in Spectrum land; gotta love the innovation in monopoly markets…. I ask every year and expect it in perhaps thirty. It depends if you're Charter or Time Warner. Charter does.
Re: Should Netflix and Hulu give you emergency alerts?
On 3/9/19 12:03 PM, Sean Donelan wrote: Automatically geo-locating indoor smart speakers and smart TVs is more difficult, but if advertisers can get geolocation information from AT, Amazon, Apple, Google, Sprint, T-Mobile, Verizon, etc; why can't emergency alerts? There's no technical reason emergency alerts can't be geo located. But advertisers pay for it; emergency alerts aren't revenue generating.
Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
On 2/27/19 7:02 PM, b...@theworld.com wrote: I have proposed many times to just move domain WHOIS data into a new RRTYPE and let whoever owns the domain put in that whatever they want, including (and perhaps most usefully for many) just a URL for further detail. We kind of have that with RP records. But does anyone do it?
Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
On 2/25/19 9:59 PM, Keith Medcalf wrote: Are you offering an indemnity in case that code is malicious? What are the terms and the amount of the indemnity? Anyone who is that paranoid should read the RFC and write their own TOTP client that lets them indemnify themselves from their own code.
Re: Initial ARIN IPv4 membership and resource request
On 2/6/19 13:24, Nathanael Catangay Cariaga wrote: lol thatvis something i missed in the portal... well thanks anyways.. ARIN's free pool ran out on September 24, 2015. You can of course join the waiting list for whatever it's worth: https://www.arin.net/resources/request/waiting_list.html