Re: Intradomain DNS Anycast revisited
thanks. > No, because both routers are reached through the > same L1/L2 medium, so > Quagga can't use link-state to determine > reachability of the next-hop. > You could fix that by getting rid of the switches, > and just having a bunch > of router interfaces facing two Ethernet interfaces > on each server, which > would remove some points of failure, and would be a > good idea if you can > spare the router interfaces... Do you mean Quagga's OSPF route has higher priority than static route? or even there is static default route configured, once Quagga detects link to default router is down it will replace 0.0.0.0/0.0.0.0 in host routing table? > > 2) If each server is configured two default > router ( > > router-1 & > > router-2), or each server learn route > 0.0.0.0/0.0.0.0 > > by OSPF ( our border router inject default > route into > > OSPF ); there should be > > two equal cost path to 0.0.0.0/0.0.0.0 on each > DNS > > server, the DNS server should disperse any > outgoing > > packets onto the two paths, will > > that do harm to DNS service ? > > Nope, no problem, particularly so long as the two > routers are iBGP peers, > so they'll both (for the most part) have the same > idea of what selected > paths are. > I don't understand why should both routers be iBGP peers. In fact, iBGP does not run on that two routers; the two routers are only members of OSPF backbone area who only run OSPF; only border router ( at the edge of our network) runs BGP and enject default route into OSPF backbone area. Although all DNS servers are cache server, we have to open 53/TCP to allow resolver using TCP protocol. For example, server-(1,3)--switch--router-1--\ | (OSPF only) router3--host server-(2,4)--switch--router-2--/ if that possible that router3 or router-1 dispers packets of the same TCP connection to different path? Is there possibility that a DNS requests are divided into multiple UDP packets? > > 3) Is there any requirement on BIND to fit to > such > > multipath routing situation? > > Nope. BIND doesn't know what's going on that far > below it. > Do I only need to configure BIND to origin request from administration IP address ( configured on NIC and different from DNS service address)? regards Joe __ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com
Re: Tier-2 reachability and multihoming
On Fri, 25 Mar 2005, Patrick W Gilmore wrote: Okie, this has gone on long enough. If you would like some help, please stop, take a deep breath, count to ten slowly, then ask nicely and some people here might teach you something. May be you should spend more time on networking than your partime job of yoga teaching! Woody's sarcasm might have annoyed you, but your repeated flames (and not even good ones!) at the people you asked to help you annoy all of us. well guess who wouldnt think that if not being helped a minuscule amount, why not be part of the fun! If you do not want any help, you are welcome to continue in your misunderstanding of how the Internet works. I am sorry, am I not ingratiating myself with the good graces of the father of Internet?!
Re: Intradomain DNS Anycast revisited
> 1) should each dns cache server be configured a static > default route (0.0.0.0/0.0.0.0)? If server-(1,3) is > configured statically to use > router-1 as default router, will Quagga make it use > router-2 when router-1 is not reachable? No, because both routers are reached through the same L1/L2 medium, so Quagga can't use link-state to determine reachability of the next-hop. You could fix that by getting rid of the switches, and just having a bunch of router interfaces facing two Ethernet interfaces on each server, which would remove some points of failure, and would be a good idea if you can spare the router interfaces... or you could use the OSPF which you're already going to be running, to advertise a default from both routers to each of the servers. > 2) If each server is configured two default router ( > router-1 & > router-2), or each server learn route 0.0.0.0/0.0.0.0 > by OSPF ( our border router inject default route into > OSPF ); there should be > two equal cost path to 0.0.0.0/0.0.0.0 on each DNS > server, the DNS server should disperse any outgoing > packets onto the two paths, will > that do harm to DNS service ? Nope, no problem, particularly so long as the two routers are iBGP peers, so they'll both (for the most part) have the same idea of what selected paths are. > 3) Is there any requirement on BIND to fit to such > multipath routing situation? Nope. BIND doesn't know what's going on that far below it. -Bill
RE: ARIN, was Re: 72/8 friendly reminder
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Owen DeLong > Sent: Friday, March 25, 2005 12:00 AM > To: Edward Lewis > Cc: Andrew Dul; nanog@merit.edu > Subject: Re: ARIN, was Re: 72/8 friendly reminder > > [ snip ] > Right... So, things divide into two categories... Major > Undertakings and > changes to existing policy... Requires policy process. > Easily implemented > obvious wins for everyone (a pingable address within a new block would > be an example here) where the first step should be a polite "Hey ARIN > Staff, can this be done?" If the staff says "Sure...Easy... > look for an > announcement soon.", then my experience has been they tend to get > implemented fairly quickly (I believe this is what I just saw from > Leslie a couple of minutes ago on this very issue). If the staff says > no, they generally provide reasons and suggestions. In this > case, either > the policy process or an alternative solution is probably in order. The problem I see with it not being in policy process is that it means it's not permanent. Personally, I think that this is a great idea, but I don't necessarily agree that it's as easy as pinging a host address in terms of scalability and effectiveness. Outside the policy process, we lose the framework of discussion and consensus. The staff is fantastic. Responsive. Intelligent. Good leadership. But it may not always be that way. These things aren't static. YMMV -M<
Re: Tier-2 reachability and multihoming
On Fri, 25 Mar 2005 [EMAIL PROTECTED] wrote: On Thu, Mar 24, 2005 at 12:18:34PM -0800, Bill Woodcock wrote: On Thu, 24 Mar 2005, G Pavan Kumar wrote: > Actually, I am not doing what you think I am. I am using the RouteViews > aggregation of the BGP routing tables. RouteViews is a project at the > univ. of Oregon that peers with backbones. Really? Could you tell us more about it? I thought there was just one Internet backbone. Bill... Stop it!!! shooting fish in a barrel is no sport at all. You think I am a fish in a barrel? Well, guess what, I didnt think it through while entering your mouth that you're dumb enough to prefer it rather in a barrel!! > I am looking at almost full and fresh data. So what value do you assign to "almost full?" There's a difference between "best" and "complete," which you may not be entirely appreciating. -Bill almost full == just after dessert and as you (and almost every one else on this list) know, there is zero chance of "complete" ... and "best" is always in the eye/routing-table of the beholder. --bill
Re: Tier-2 reachability and multihoming
On Mar 25, 2005, at 12:25 AM, G Pavan Kumar wrote: On Thu, 24 Mar 2005, Bill Woodcock wrote: On Thu, 24 Mar 2005, G Pavan Kumar wrote: > Actually, I am not doing what you think I am. I am using the RouteViews > aggregation of the BGP routing tables. RouteViews is a project at the > univ. of Oregon that peers with backbones. Really? Could you tell us more about it? I thought there was just one Internet backbone. Would you excuse me if I didnt predict that you couldnt improvize and make out of the context? Okie, this has gone on long enough. If you would like some help, please stop, take a deep breath, count to ten slowly, then ask nicely and some people here might teach you something. Woody's sarcasm might have annoyed you, but your repeated flames (and not even good ones!) at the people you asked to help you annoy all of us. If you do not want any help, you are welcome to continue in your misunderstanding of how the Internet works. -- TTFN, patrick
Re: Tier-2 reachability and multihoming
On Thu, 24 Mar 2005, Bill Woodcock wrote: On Thu, 24 Mar 2005, G Pavan Kumar wrote: > Actually, I am not doing what you think I am. I am using the RouteViews > aggregation of the BGP routing tables. RouteViews is a project at the > univ. of Oregon that peers with backbones. Really? Could you tell us more about it? I thought there was just one Internet backbone. Would you excuse me if I didnt predict that you couldnt improvize and make out of the context? > I am looking at almost full and fresh data. So what value do you assign to "almost full?" There's a difference between "best" and "complete," which you may not be entirely appreciating. -Bill
Re: ARIN, was Re: 72/8 friendly reminder
Here's my dilemma. On the one hand I hear calls for greater operational input to ARIN. On the other hand is empirical evidence that there isn't much input being given. Correct... Generally, you hear those calls coming from ARIN because ARIN is trying to maximize the involvement of its constituency. This is a good thing, but, should not create the illusion that there is not already significant involvement. This is sort of one of those "We can always do better" kind of issues, and, I think that active solicitation is better than the alternatives. What I have been trying to do extract what latent operational input might be fed to ARIN, judging from discussions I have seen at other RIRs, the IETF, etc. If there aren't follow ups to these ideas, then I would conclude that ARIN isn't dysfunctional and is operating as it should be, an idea supported by what is above. If there are ideas forthcoming, then maybe there is a need to encourage participation. Got it. Yes, I think that there needs to be encouragement for ideas to be forthcoming whether such ideas exist or not. I think ARIN is doing a pretty good job of providing that encouragement. This thread was ignited by the desire to have a pingable address in newly allocated blocks (from IANA to ARIN), and maybe Randy's suggestion is all that is needed - simply asking ARIN to do this. Maybe policies aren't the only way to influence ARIN's operation. Right... So, things divide into two categories... Major Undertakings and changes to existing policy... Requires policy process. Easily implemented obvious wins for everyone (a pingable address within a new block would be an example here) where the first step should be a polite "Hey ARIN Staff, can this be done?" If the staff says "Sure...Easy... look for an announcement soon.", then my experience has been they tend to get implemented fairly quickly (I believe this is what I just saw from Leslie a couple of minutes ago on this very issue). If the staff says no, they generally provide reasons and suggestions. In this case, either the policy process or an alternative solution is probably in order. With a minimal reading of the policy manual and some thought, I think it's fairly easy to sort out which type of request fits in which category. If in doubt, ask the staff first, they'll be happy to tell you whether it requires policy or can be done at the staff level. Owen pgp0mxnC0GSdG.pgp Description: PGP signature
Re: ARIN, was Re: 72/8 friendly reminder
--On Thursday, March 24, 2005 16:32 -0500 Edward Lewis <[EMAIL PROTECTED]> wrote: At 12:53 -0800 3/24/05, Owen DeLong wrote: NO. Operational specifications and routing are the domain of the IETF and _NOT_ ARIN. ARIN is responsible for the stewardship of assigned numbers within the ARIN region. This includes IP addresses, Autonomous System Numbers, and, DNS delegations for reverses on IP addresses. While ARIN should consider routing issues and the operational impact of ARIN stewardship policies, and, ARIN also has an educational role in helping the community to understand BCP including operational BCP as it relates to IP Addresses, ASNs, and DNS, ARIN has no role in dictating or driving operational practices. My question is not related to specification development but operational requirements of ARIN itself providing a service based on specifications. E.g., picking something a bit more concrete that secure routing, should ARIN deploy DNSSEC support, once it is published (again), in 6 months? 12 months? 10 years? This will tell the staff what level of staffing is needed to accomplish the work. The policy discussion will let membership know whether it is willing to pay for this. (Open to the public or not, the membership determines what it pays.) When DNSSEC is released again (whenver that may be), if ARIN constituency wants ARIN to support it, at least one such person will make a policy proposal. In the policy proposal, there will be a proposed or intended timeframe for implementation. This is a requirement of the policy process. If ARIN staff does not feel it can meet that timeframe, that will be part of the discussion in the Staff Impact slide that is presented with each proposal at the ARIN meeting(s) where the proposal is discussed. Discretionary funding for supporting research within the IETF should exist too, to cover participation in development of specifications at an appropriate level of effort. ARIN has, so far, expressed a desire not to do this. Indeed, ARIN has specifically encouraged ARIN members to participate individually in IETF, but, feels that ARIN as a body has no role to play there. Let's say DNSSEC is ready for deployment. Does the impetus come from the ARIN staff or from the membership? (Maybe it comes from outside, but does it need to be made into a policy before the staff implements it?) Neither. It comes from the ARIN constituency, which is the entire community of IP consumers within the ARIN region. The imeptus would come from a policy proposal. Anyone who has an interest can submit a policy proposal to ARIN. I'm not sure ARIN has a change or innovation role. It is not unlikely that responsible stewardship includes a minimum of change and a preservation of stability and consistency. ARIN has two definite roles when it comes to innovation. 1) Don't get in the way of innovation by the community and 2) provide expert advice when it comes to the development of specifications related to RIR functions. And ARIN ought to be wary of trends in the improvement of its internal operations. Agreed. However, this is different from the impression I received from the earlier comments that seemed to suggest that ARIN had a role as an innovator. Finally, as to 1, to a certain extent, ARIN does have a partial responsibility to stand in the way of some innovation if in ARIN's view said innovation might be harmful to existing services. An example of role number 1 is providing DNS services over IPv6 transport. An example of role number 2 is contributing to the discussion of the IRIS definitions for address registries. In neither case is ARIN leading the charge, but is playing a part in innovation. I don't believe ARIN had any delay between ARIN beginning to issue IPv6 allocations and ARIN providing DNS/v6 services. Until such time as ARIN had policy and responsibility for issuing IPv6 addresses, ARIN had no reason whatsoever to provide any DNS/v6 services. To come back to secure routing, the reason ARIN would be involved is that ARIN would be asked to publish information on who is allocated number resources. Although this is done in WhoIs now, there is a need to do this via whatever format is required by "secure routing." I'm sure the specification of secure routing will describe how to operate the protocol, but not address the server capacity nor topology needed. Again, if that feature is desired by anyone in ARIN constituency, then, a relevant policy proposal will be put forth, and, the issue will be debated and addressed according to community consensus. I do not see this as dysfunctional. Perhaps policies aren't the vehicle, but then how does the operational community get ARIN to supply services? Policies _ARE_ the vehicle, and, I guess I don't understand what it is you think is dysfunctional about the policy process, since from what I can see, it addresses exactly the issues you describe above. Owen pgpIY33PxRCt4.pgp Description: PGP signature
Intradomain DNS Anycast revisited
Hi, I'm trying to set up a anycast DNS server farm for customer service. In order to improve availability, we plan to install those servers in one LAN which has the similar structure like : server-(1,3)---switch1---router-1---(outside) | | server-(2,4)---switch2---router-2---(outside) The four unix servers are all unix boxes, switch-1 & switch-2 are interconnected to guarantee the availability. BIND is to be used as DNS cache server software, Quagga OSPFD is used to be routing software. According to above configuration, both routers will know multiple paths to dns cache server, while dns cache server should know two paths to outside network. Here comes my questions: 1) should each dns cache server be configured a static default route (0.0.0.0/0.0.0.0)? If server-(1,3) is configured statically to use router-1 as default router, will Quagga make it use router-2 when router-1 is not reachable? 2) If each server is configured two default router ( router-1 & router-2), or each server learn route 0.0.0.0/0.0.0.0 by OSPF ( our border router inject default route into OSPF ); there should be two equal cost path to 0.0.0.0/0.0.0.0 on each DNS server, the DNS server should disperse any outgoing packets onto the two paths, will that do harm to DNS service ? 3) Is there any requirement on BIND to fit to such multipath routing situation? Joe __ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com
Re: Tier-2 reachability and multihoming
On Thu, Mar 24, 2005 at 12:18:34PM -0800, Bill Woodcock wrote: > > On Thu, 24 Mar 2005, G Pavan Kumar wrote: > > Actually, I am not doing what you think I am. I am using the RouteViews > > aggregation of the BGP routing tables. RouteViews is a project at the > > univ. of Oregon that peers with backbones. > > Really? Could you tell us more about it? I thought there was just one > Internet backbone. Bill... Stop it!!! shooting fish in a barrel is no sport at all. > > I am looking at almost full and fresh data. > > So what value do you assign to "almost full?" There's a difference > between "best" and "complete," which you may not be entirely appreciating. > > -Bill almost full == just after dessert and as you (and almost every one else on this list) know, there is zero chance of "complete" ... and "best" is always in the eye/routing-table of the beholder. --bill
Re: ARIN, was Re: 72/8 friendly reminder
>> NO. Operational specifications and routing are the domain of the IETF >> and _NOT_ ARIN. whoever wrote this should share what they're smoking. > Let's say DNSSEC is ready for deployment. and cash falls from the sky randy
Re: "Bandwidth Advisors" - www.bandwidthadvisors.com
Hannigan, Martin wrote: They're brokers. There's really nothing wrong with what they are doing, although they may not have explained it to you too well. I guess not. What they do is become an agent, or reseller, for a company and they get a residual on anyone they refer. So if you are a corp IT guy and you have no clue as to who's out there and what the prices are, these kinds of services "can" be useful. Almost everyone will give someone a residual for a referral, but you have to ask. :-) Brokers are one thing. Consultants or "advisors" are another thing. I don't see anything on their web site that labels them as "brokers". I do see under their FAQ... Q. How does Bandwidth Advisors get paid? A. Bandwidth Advisors receives a small residual payment from the Telcos once the Client begins paying for the service. Nice to see it there. I know a bunch of consultants out there (me being one, Bill Woodcock, etc.) that do not take money from vendors they recommend. How can a client of a consultant really know they have the best deal when the "consultant" will not investigate all of the options out there? For those that don't know... I am now the COO of UnitedLayer. It sounds like, since I am not going to pay the "extortion" fee to Bandwidth Advisors, that their consultants won't know about our pricing and services. Even if I did pay the fee, that means that their clients can't get the best deal as I need to raise my fees to client to cover the "small residual payment" going to "Bandwidth Advisors". Tim -- 1978 45th Ave / San Francisco CA 94116 / USA // POTS: +1 415 665 3790 GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 "Be who you are and say what you feel because the people who mind don't matter and the people who matter don't mind." - Dr. Seuss begin:vcard fn:Tim Pozar n:Pozar;Tim adr:;;1978 45th Avenue;San Francisco;CA;94116-1001;US email;internet:[EMAIL PROTECTED] tel;home:415-665-3790 x-mozilla-html:FALSE url:http://www.lns.com version:2.1 end:vcard
Re: Attractive Nuisance, was Re: 72/8 friendly reminder
--- Mike Leber <[EMAIL PROTECTED]> wrote: Well, there has been some movement - Cisco has changed their policy, as noted here: http://www.merit.edu/mail.archives/nanog/2005-02/msg00354.html Now if we can just get everyone else to play along... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: "Bandwidth Advisors" - www.bandwidthadvisors.com
- Original Message - From: "Tim Pozar" <[EMAIL PROTECTED]> To: Sent: Thursday, March 24, 2005 6:57 PM Subject: "Bandwidth Advisors" - www.bandwidthadvisors.com > > Just got a call from "Tosten" of a company called "Bandwidth > Advisors". They represent themselves as a "Independent Telco & > Colo Consultants" (see web page). > > Seems that they are calling around ISPs and asking them if they > have an "agent" program. After talking to him a bit I find out > that they will only recommend a company if they are getting a > kick-back from the company. Sounds like a company to avoid if one > really wants an "Independent Consultant". i'm unsure how this is operationally relevant, but to humour you a bit: from the looks of it, they are agents. they bring the business and collect commission, presumably out of the money they saved you by bringing the business to you (ie customer acquisition cost). i don't see anything wrong with that and would like to point out that a relationship with a good agent (ie one who knows his stuff, brings good clients to the table and doesn't waste your time) is worth it's weight in gold. if it's not your cup of tea, fair enough - you're entitled to your opinion. however, billing them as the root of all evil on an unrelated list because you don't like/understand their business model and/or don't want to work with them isn't on, imo. -p --- paul galynin
Re: MIT Hosed? (anyone from Ebay or Rogers available)
Problem solved (sort of). Thanks to all who helped. An ISP was leaking routes they picked up via a biazzare (and apparently nonfunctional path). The last hop before the path got to us was Sprint (AS1239) (which we are connected to). We have withdrawn our route from Sprint which made the bogus routes go away and restored connectivity. Fortunately I have other connections I can use. We are attempting to contact to get them to clean up their act. -Jeff On Thu, 2005-03-24 at 17:06, Jeffrey I. Schiller wrote: > Looking for some help... > > Net 18/8 seems to be unable to reach significant portions of the > Internet. I suspect that someone is advertising a bogus route for us. > None of the regular looking glasses show any problems though. > > If anyone from Ebay or Rogers Cable (AS812) is listening, I would really > like to know what routes (and AS path) you have for net 18 so I can > track this problem down. > > Please cc any correspondence so [EMAIL PROTECTED], an e-mail address not > serviced through MIT's infrastructure. > > Thanks. > > -Jeff -- = Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice [EMAIL PROTECTED]
RE: "Bandwidth Advisors" - www.bandwidthadvisors.com
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Tim Pozar > Sent: Thursday, March 24, 2005 6:58 PM > To: nanog@merit.edu > Subject: "Bandwidth Advisors" - www.bandwidthadvisors.com > > > > Just got a call from "Tosten" of a company called "Bandwidth > Advisors". They represent themselves as a "Independent Telco & > Colo Consultants" (see web page). > > Seems that they are calling around ISPs and asking them if they > have an "agent" program. After talking to him a bit I find out > that they will only recommend a company if they are getting a > kick-back from the company. Sounds like a company to avoid if one > really wants an "Independent Consultant". > > Tim They're brokers. There's really nothing wrong with what they are doing, although they may not have explained it to you too well. What they do is become an agent, or reseller, for a company and they get a residual on anyone they refer. So if you are a corp IT guy and you have no clue as to who's out there and what the prices are, these kinds of services "can" be useful. Almost everyone will give someone a residual for a referral, but you have to ask. :-) -M<
FW: [IP] a briefing at the National Academies
FYI: -- Forwarded Message From: "Brownstein, Charles" <[EMAIL PROTECTED]> Date: Thu, 24 Mar 2005 17:05:58 -0500 To: <[EMAIL PROTECTED]> Subject: can you assist in announcing this To interested IP'ers The Computer Science and Telecommunications Board of the National Academies invites you to a briefing at the National Academies on Thursday, March 31, 2005 to present the findings of a recently completed study: "Signposts in Cyberspace: the Domain Name System and Internet Navigation." This study examines the performance and prospects of the Domain Name System from both technical and institutional perspectives, and also looks at how navigation technologies and institutions facilitate finding and accessing Internet resources. The DNS and Internet navigation serve as the public "face" to most users of the Internet. Their workings, and the workings of the myriad technical systems and institutional arrangements that make them possible, shape the value of the Internet in important ways. Sound public policy about them is thus critical to sustaining the utility and accessibility of this increasingly essential resource. "Signposts in Cyberspace" both describes the evolution of the technologies and institutions that have supported the growth of the Internet and provides the basis for future decisions that will enable its productive evolution. Leading the discussion will be Dr. Roger Levien, Chair of the multi-disciplinary study committee that produced the report. He will be joined by members of the committee. The briefing will be from 11 am to 12 pm. Date: Thursday, March 31, 2004 Time: 11 AM Place:The National Academies 2100 C St. NW Washington DC Lecture Room Information about the study may be found at < http://www7.nationalacademies.org/cstb/project_dns.html>. A preprint of the report will be posted and linked to this site by the time of meeting. To confirm your place at this event, please respond by email to: ([EMAIL PROTECTED]) with DNS RSVPin the subject field, or by telephone (202-334-2605) by Monday, March 28th. We hope that you will be able to join us. Charles N. Brownstein, Director Computer Science and Telecommunications Board The National Academies 500 5th St NW, Washington DC 20001 202 334 2605 [EMAIL PROTECTED] cstb.org -where the nation turns for independent and informed assessments of computing, communications, and public policy -- End of Forwarded Message - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
"Bandwidth Advisors" - www.bandwidthadvisors.com
Just got a call from "Tosten" of a company called "Bandwidth Advisors". They represent themselves as a "Independent Telco & Colo Consultants" (see web page). Seems that they are calling around ISPs and asking them if they have an "agent" program. After talking to him a bit I find out that they will only recommend a company if they are getting a kick-back from the company. Sounds like a company to avoid if one really wants an "Independent Consultant". Tim -- 1978 45th Ave / San Francisco CA 94116 / USA // POTS: +1 415 665 3790 GPG Fingerprint: 4821 CFDA 06E7 49F3 BF05 3F02 11E3 390F 8338 5B04 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759
Re: Utah governor signs Net-porn bill
David Barak wrote: wouldn't it be cheaper and easier to simply get a lawyer and an engineer in the same room and brainstorm until you came up with something which pretty-much-worked(tm) and was at least arguably compliant with the law? There have been a couple of ideas bandied about on this list which are arguably compliant and technically simple. Why would any person in their right mind comply with an unconstitutional law? This isn't a principle for which I'd gladly go to jail.All I'm saying is that it isn't the doom&gloom you're portraying - Utah politicians being difficult doesn't mean the end of free speech forever. Why not wait and see what happens? "The only thing necessary for the triumph of evil is for good men to do nothing." -- Edmund Burke -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Re: FW: 72/8 friendly reminder
On Thu, Mar 24, 2005 at 04:20:10PM -0500, Member Services wrote: > ARIN supports the idea of doing reachability testing on new /8 blocks issued > by the IANA and will begin to set a plan in motion to move forward on this. > Once more details have been worked out, we will notify the community. /me snickers quietly Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Re: Vonage SUED over not clearly informing customers re 911 service lacking
On Thu, Mar 24, 2005 at 01:02:26PM -0600, Network.Security wrote: > I read on a Vonage customer forum about "testing" your 911 service with > them, I don't know that I'd advocate that as the PSAPs will likely be > ticked. But again, it emphasizes a point about collaboration between > Vonage and the areas it supports to insure customer safety. Nope. I asked a local 911 dispatcher. They said that yes, as long as you immediately identify your call as a non-emergency test call, and don't do it too often, they don't object. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Attractive Nuisance, was Re: 72/8 friendly reminder
Jeeze... It seems there are all kinds of policy wonks ever so ready to errect fantastic edifices and structure all manner of procedure and organization in order to fix the problem of newly allocated address space being filtered that is largely caused by a highly visible attractive nuisance, and rather than persude the people that make the static filter configuration pages to responsibly remove the portion that isn't RFC 1918 or martians, you would rather tilt at windmills. Look, this situation is akin to a gun and ammo store (the security website in question) leaving a pile of hand grenades on display on a table in front of their store. You are busy arguing about who should clean up the mess made every time a less knowledgable member of the public blows themselves up. The fix is to not put hand grenades in a public place. Ergo, please don't make static filter configurations available that include unallocated address space, people will use them and leave them in place forever. Yes, they are doing something that will harm themselves. Yes, that is dumb. It's an "attractive nuisance", please fix it. Mike. ps. http://insurance.cch.com/rupps/attractive-nuisance-doctrine.htm On Thu, 24 Mar 2005 [EMAIL PROTECTED] wrote: > > > a bit more coffee made me realize that what might best occur would > > be for the rir, some weeks BEFORE assigning from a new block issued > > by the iana, put up a pingable for that space and announce it on > > the lists so we can all test BEFORE someone uses space from that > > block. > > ARIN meeting happens in Orlando in about 1 month > from now. There is at least one open mike session > on the agenda and there is also a new policy workshop > if folks think that this practice needs to be made > into a formal policy. > > Also, on the ARIN website at http://www.arin.net/about_us/ab_org_bot.html > you can find contact info for the Board of Trustees. > These are the people who can decide that something > makes perfect sense and instruct staff to just do it > without going through the process of changing policies. > > Seems to me that this idea falls into the "just do it" > category, i.e. it's operational best practice. > So if you want this feature, tell ARIN about it! > > --Michael Dillon > > P.S. there is an upcoming RIPE meeting in Stockholm > at the end of May. As above, tell them that this > is important for them to be doing. > +- H U R R I C A N E - E L E C T R I C -+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +---+
Re: Utah governor signs Net-porn bill
On Thu, Mar 24, 2005 at 05:48:00AM -0800, David Barak wrote: > if you prick them, they'll bleed... What color? Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Re: Utah governor signs Net-porn bill
On Wed, Mar 23, 2005 at 08:12:33PM -0500, William Allen Simpson wrote: > "The price of liberty is eternal vigilance." or vice versa. > > "Conviction is worthless unless it is converted into conduct." "Defending *palatable* speech is unremarkable." -- me Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
MIT Hosed? (anyone from Ebay or Rogers available)
Looking for some help... Net 18/8 seems to be unable to reach significant portions of the Internet. I suspect that someone is advertising a bogus route for us. None of the regular looking glasses show any problems though. If anyone from Ebay or Rogers Cable (AS812) is listening, I would really like to know what routes (and AS path) you have for net 18 so I can track this problem down. Please cc any correspondence so [EMAIL PROTECTED], an e-mail address not serviced through MIT's infrastructure. Thanks. -Jeff -- = Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice [EMAIL PROTECTED]
Re: ARIN, was Re: 72/8 friendly reminder
At 13:01 -0800 3/24/05, Owen DeLong wrote: There are not many such proposals in play at the moment because the ARIN community reached consensus around most of these issues over the last two years. There seems to be general agreement that the current state of things is acceptable in terms of Whois and DNS. While ARIN runs a Routing Registry as part of it's public service focus, I do not believe that ARIN should have a defining role in the IRR process. In general, that also is the purview of the IETF. Here's my dilemma. On the one hand I hear calls for greater operational input to ARIN. On the other hand is empirical evidence that there isn't much input being given. What I have been trying to do extract what latent operational input might be fed to ARIN, judging from discussions I have seen at other RIRs, the IETF, etc. If there aren't follow ups to these ideas, then I would conclude that ARIN isn't dysfunctional and is operating as it should be, an idea supported by what is above. If there are ideas forthcoming, then maybe there is a need to encourage participation. This thread was ignited by the desire to have a pingable address in newly allocated blocks (from IANA to ARIN), and maybe Randy's suggestion is all that is needed - simply asking ARIN to do this. Maybe policies aren't the only way to influence ARIN's operation. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Achieving total enlightenment has taught me that ignorance is bliss.
Re: ARIN, was Re: 72/8 friendly reminder
At 12:53 -0800 3/24/05, Owen DeLong wrote: NO. Operational specifications and routing are the domain of the IETF and _NOT_ ARIN. ARIN is responsible for the stewardship of assigned numbers within the ARIN region. This includes IP addresses, Autonomous System Numbers, and, DNS delegations for reverses on IP addresses. While ARIN should consider routing issues and the operational impact of ARIN stewardship policies, and, ARIN also has an educational role in helping the community to understand BCP including operational BCP as it relates to IP Addresses, ASNs, and DNS, ARIN has no role in dictating or driving operational practices. My question is not related to specification development but operational requirements of ARIN itself providing a service based on specifications. E.g., picking something a bit more concrete that secure routing, should ARIN deploy DNSSEC support, once it is published (again), in 6 months? 12 months? 10 years? This will tell the staff what level of staffing is needed to accomplish the work. The policy discussion will let membership know whether it is willing to pay for this. (Open to the public or not, the membership determines what it pays.) Discretionary funding for supporting research within the IETF should exist too, to cover participation in development of specifications at an appropriate level of effort. Let's say DNSSEC is ready for deployment. Does the impetus come from the ARIN staff or from the membership? (Maybe it comes from outside, but does it need to be made into a policy before the staff implements it?) I'm not sure ARIN has a change or innovation role. It is not unlikely that responsible stewardship includes a minimum of change and a preservation of stability and consistency. ARIN has two definite roles when it comes to innovation. 1) Don't get in the way of innovation by the community and 2) provide expert advice when it comes to the development of specifications related to RIR functions. And ARIN ought to be wary of trends in the improvement of its internal operations. An example of role number 1 is providing DNS services over IPv6 transport. An example of role number 2 is contributing to the discussion of the IRIS definitions for address registries. In neither case is ARIN leading the charge, but is playing a part in innovation. To come back to secure routing, the reason ARIN would be involved is that ARIN would be asked to publish information on who is allocated number resources. Although this is done in WhoIs now, there is a need to do this via whatever format is required by "secure routing." I'm sure the specification of secure routing will describe how to operate the protocol, but not address the server capacity nor topology needed. Perhaps policies aren't the vehicle, but then how does the operational community get ARIN to supply services? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Achieving total enlightenment has taught me that ignorance is bliss.
FW: 72/8 friendly reminder
ARIN supports the idea of doing reachability testing on new /8 blocks issued by the IANA and will begin to set a plan in motion to move forward on this. Once more details have been worked out, we will notify the community. Regards, Leslie Nobile Director, Registration Services American Registry for Internet Numbers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy Bush Sent: Wednesday, March 23, 2005 1:51 PM To: nanog@merit.edu Subject: Re: 72/8 friendly reminder >> We were recently assigned a 72.244/16 allocation from ARIN. Friendly >> reminder that ARIN started allocating 72/8 since Aug. If you have a >> static bogon filters, can you please make sure they are updated. >> Thank > if you are really worried about this, and i can understand your being > so, then make it easy for the busy folk here (not those pontificating > on law and morals in the rocky mountains) to test. > give us an address we can ping. a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. randy
Re: ARIN, was Re: 72/8 friendly reminder
--On Thursday, March 24, 2005 3:20 PM -0500 Edward Lewis <[EMAIL PROTECTED]> wrote: > > At 17:01 + 3/24/05, Andrew Dul wrote: > >> I agree, I'd certainly like to see more people actively participate in >> the process. If nanog folks believe that the ARIN membership is not >> getting the right stuff done... How do we fix this problem? How do we >> get more operators involved and active in the RIRs? > > In the spirit of cart and horse, it's not about getting more operators > involved in ARIN. It's about getting operators to use ARIN as a resource > in the proper way. (I'm addressing operators here as this is NANOG.) > Fair enough... > What do operators expect from ARIN? Most ARIN policies are centered on > the administrative function of allocation of address space and AS > numbers. Is that all there is? Are the existing policies all that are > needed? > Other than a community service/educational role on issues related to the above policies, yes, that is the limits of ARIN's charter. Other issues are the purview of ICANN, IETF, IESG, and ISOC. > Are there concerns about the live-in-the-network registry services like > WhoIs, DNS, IRIS, routing registry? There are not many policy proposals > (lame delegations, privacy concerns with WhoIs) in play covering > operational considerations. > There are not many such proposals in play at the moment because the ARIN community reached consensus around most of these issues over the last two years. There seems to be general agreement that the current state of things is acceptable in terms of Whois and DNS. While ARIN runs a Routing Registry as part of it's public service focus, I do not believe that ARIN should have a defining role in the IRR process. In general, that also is the purview of the IETF. >> ARIN isn't perfect but it could be a lot worse. In some ways I think the >> issue you describe is an industry wide problem. There are many different >> groups (RIRs, ICANN, IETF, Nanogs, etc...) and participating in all of >> them is a lot of effort, especially when most of us already have >> full-time jobs. > > Participating in all of them *is* a full-time job. ;) > Right, but, the portion of the internet community which consists of organizations willing to pay an FTE to do that job is very small. Owen -- If it wasn't crypto-signed, it probably didn't come from me. pgpPNxZlaCq55.pgp Description: PGP signature
Re: ARIN, was Re: 72/8 friendly reminder
> One question does haunt me about how the operations community views ARIN. > Most ARIN policies are concerned with address allocation, reporting, and > such. There are not many policies regarding the functional role ARIN > plays in the Internet, the only one that leaps to mind is a lame > delegation policy under discussion. > > The (haunting) question is whether the operations community feels that > there should be operational policies put before ARIN. E.g., support for > secure routing - when a concrete approach is defined that needs RIR > input, should ARIN play? > NO. Operational specifications and routing are the domain of the IETF and _NOT_ ARIN. ARIN is responsible for the stewardship of assigned numbers within the ARIN region. This includes IP addresses, Autonomous System Numbers, and, DNS delegations for reverses on IP addresses. While ARIN should consider routing issues and the operational impact of ARIN stewardship policies, and, ARIN also has an educational role in helping the community to understand BCP including operational BCP as it relates to IP Addresses, ASNs, and DNS, ARIN has no role in dictating or driving operational practices. >> Most ARIN members seem to view ARIN as a distant regulatory >> agency to whom they must regularly burn incense and make >> sacrifices in order for the ARIN gods to bestow IP addresses >> upon the unworthy network operator. The result is that there >> is little participation by ARIN members in monitoring and >> governing ARIN. And therefore, ARIN does what it has always >> done without changing or innovating. > Huh? I can accept that most ARIN non-members with direct assignments see ARIN in this way, but, I find it _VERY_ hard to believe that is the viewpoint of the majority of ARIN members. It certainly is not the viewpoint of the members who read any of the things they signed when they joined. It certainly is not the viewpoint of the members who participate on PPML or attend ARIN meetings. If that is the viewpoint of the members who do not participate, then, that is unfortunate, and, certainly a dysfunctional role for those members. > Oh, that's was where I was going. Is that the case? If so, then there > is a dysfunction. > Yep. I'm not sure, however, what you can do to address the issue of misperception due to willful ignorance. If you can figure out how to solve that, perhaps we can next tackle the problems of the dysfunction in united States voting. > I want to make it clear that any lack of change or innovation is not > something that the staff has caused. (By design the staff is in reaction > mode.) The lack of change or innovation is the motivation for the > haunting question above. > I'm not sure ARIN has a change or innovation role. It is not unlikely that responsible stewardship includes a minimum of change and a preservation of stability and consistency. > PS - I think my response to Michael is not so much an opposing view, but > a slightly different emphasis in where improvements may lie. I really > don't think Michael is trying to "stick it to the staff." (I hope he's > not.) But a lot of times people confuse the ARIN staff with the ARIN > membership organization. > I rarely agree with Michael, but, I do respect him. I am quite confident that his intent is not to "stick it" to the ARIN staff. I think he comes from a genuine desire to improve things. We don't differ on that. We differ on how. Owen -- If it wasn't crypto-signed, it probably didn't come from me. pgp1PyVhlRbyS.pgp Description: PGP signature
Re: ARIN, was Re: 72/8 friendly reminder
---Original Message--- > From: "Edward Lewis" <[EMAIL PROTECTED]> > Subject: Re: ARIN, was Re: 72/8 friendly reminder > Sent: 24 Mar 2005 12:20:08 > > At 17:01 + 3/24/05, Andrew Dul wrote: > > >I agree, I'd certainly like to see more people actively participate in the > >process. If nanog folks believe that the ARIN membership is not getting the > >right stuff done... How do we fix this problem? How do we get more > >operators involved and active in the RIRs? > > In the spirit of cart and horse, it's not about getting more > operators involved in ARIN. It's about getting operators to use ARIN > as a resource in the proper way. (I'm addressing operators here as > this is NANOG.) I think its also about getting operators who aren't active participants in ARIN or NANOG to use the numbering resources in a "good" way. In my mind that probably means creating systems to reduce the misconfiguration issues which started this thread in the first place. > ARIN staff has begun work on documenting the registry service level > agreements, there was a presentation on this in October. There has > been little discussion on this by anyone since the presentation. If > WhoIs is out, reports fly on NANOG. But has anyone ever tried to > quantify what level of service is expected of ARIN's computing > facilities? Or an even better question...what should be in whois? There are some who feel that whois as we know it today should go away? Is that what the operators want? What if there were legal forces that created an environment where ARIN couldn't publish whois information. > >I think colocating 1 ARIN meeting/per year with Nanog in the fall has been a > >help. > > I would caution that "attending meetings" is neither a sign of > contribution nor a sign of progress. Don't get me wrong, making > meetings easier to attend is good, but we shouldn't attend meetings > because it is easy, fun or entertaining. I prefer to have fun at > home. There is something about being at the meeting that at least forces me to pay attention to part of what is going on. It is real easy to ignore email storms, but face to face interaction has value IMO. > >We could of course create a huge beuarcratcy with lots of people to study > the > >issues and make policy, but that hasn't been the way the Internet has > >developed and is counter to what many operators think is best for the > >Internet. That also requires money. Is that what people want? I don't > >think so, but I could be wrong. > > One the one hand, what built the Internet isn't what will maintain > it. A bureaucracy will be needed, the challenge isn't to prevent it > but to build the best one possible. True, I was trying to keep the flame-thrower set to low. It seems to me that anytime someone brings up the idea of "organizations" with structure/policy/rules/etc people get real nervous. There is an inherient "trust" issue that I think exists among operators. "Don't trust authority", but there has to be some set of rules that we will live by as the Internet becomes more & more critical to making everything work worldwide 24x7x365. Andrew
Re: ARIN, was Re: 72/8 friendly reminder
> I agree, I'd certainly like to see more people actively participate in > the process. If nanog folks believe that the ARIN membership is not > getting the right stuff done... How do we fix this problem? How do we > get more operators involved and active in the RIRs? > I'd like to point out that ARIN policy is _NOT_ controlled by ARIN membership. While the ARIN BOT has final approval/disapproval authority over proposed policies, this is akin to a presidential VETO. The ARIN AC has the primary role in policy development and responsibility for judging community consensus around policies. The ARIN AC is elected by the ARIN membership, but, ARIN membership is not a requirement to run for or be elected to the AC. Further, policy proposals may be made by any member of the community, not just ARIN members. I have been an active participant in ARIN for several years now, and, only for part of that time was I affiliated with an ARIN member. In fact, I ran for AC while I was not an ARIN member. I came within a few votes of being elected. I will run again this year. It is unlikely that I will be an ARIN member when I do. > I think colocating 1 ARIN meeting/per year with Nanog in the fall has > been a help. > Yes. Personally, I think ARIN is not all that dysfunctional. I think it is a lot less dysfunctional than IETF at this point. Owen -- If it wasn't crypto-signed, it probably didn't come from me. pgpQguX9bOxGd.pgp Description: PGP signature
Re: Vonage SUED over not clearly informing customers re 911 service lacking
On 2005-03-24-14:02:26, "Network.Security" <[EMAIL PROTECTED]> wrote: > I'm not saying (nor do I hope the PSAPs are either) that Vonage > should cease and desist service because of the 911 issues, rather > greater partnership needs to be initiated to insure that VoIP > service and POTS have the same priority for 911 [...] Actually, I believe it would be a step in the right direction. I've had an opportunity to use a CLEC-resold version of the Intrado service, which I believe is what Vonage uses to provide its customers with "911" capabilities. Intrado's job is not an easy one, and given the technical, regulatory, and demand-related obstacles they face, they do a decent job at what they do. (With that said, accidents can happen, mostly in the form of the LEC neglecting to contact Intrado and inform them of a subscriber's address, or Intrado neglecting to enter that information in the database, and there's no real way to detect this shy of placing test calls to 911, but I digress...) Rather, the problem we face is that VoIP, despite working "good enough" 99% of the time, is susceptible to failure modes above and beyond POTS: loss of power and/or IP connectivity, to name a couple. The likelihood of these failure modes surfacing in the event of a fire, flood, theft, or other event requiring a 911 dispatch, is a non-trivial concern. What Vonage (or any operator in their position really) should do is tell its customers, in no uncertain terms, that their service does not exist as a replacement for a land line, and to keep a cellular or POTS phone available for use in case of an emergency. And if a subscriber chooses to dial 911 anyway, present them with either a reorder tone, or a recording instructing them to hang up and proceed to the nearest land/cell phone. Of course, the likelihood of this happening out of moral responsibility, and without any -- dare I say -- federal mandate, is unfortunately slim, and goes against the way these services are presently marketed to consumers... My $0.02, -a
Re: ARIN, was Re: 72/8 friendly reminder
At 17:01 + 3/24/05, Andrew Dul wrote: I agree, I'd certainly like to see more people actively participate in the process. If nanog folks believe that the ARIN membership is not getting the right stuff done... How do we fix this problem? How do we get more operators involved and active in the RIRs? In the spirit of cart and horse, it's not about getting more operators involved in ARIN. It's about getting operators to use ARIN as a resource in the proper way. (I'm addressing operators here as this is NANOG.) What do operators expect from ARIN? Most ARIN policies are centered on the administrative function of allocation of address space and AS numbers. Is that all there is? Are the existing policies all that are needed? Are there concerns about the live-in-the-network registry services like WhoIs, DNS, IRIS, routing registry? There are not many policy proposals (lame delegations, privacy concerns with WhoIs) in play covering operational considerations. ARIN staff has begun work on documenting the registry service level agreements, there was a presentation on this in October. There has been little discussion on this by anyone since the presentation. If WhoIs is out, reports fly on NANOG. But has anyone ever tried to quantify what level of service is expected of ARIN's computing facilities? If the staff is doing a good thing by documenting SLA's, then they should be encouraged to continue. There is routing security research work that would require the RIR's to issue certificates for use in route update validation. I would hope that someday, before anything goes live, there are operator-led tests involving support from ARIN. I think colocating 1 ARIN meeting/per year with Nanog in the fall has been a help. I would caution that "attending meetings" is neither a sign of contribution nor a sign of progress. Don't get me wrong, making meetings easier to attend is good, but we shouldn't attend meetings because it is easy, fun or entertaining. I prefer to have fun at home. ARIN isn't perfect but it could be a lot worse. In some ways I think the issue you describe is an industry wide problem. There are many different groups (RIRs, ICANN, IETF, Nanogs, etc...) and participating in all of them is a lot of effort, especially when most of us already have full-time jobs. Participating in all of them *is* a full-time job. ;) We could of course create a huge beuarcratcy with lots of people to study the issues and make policy, but that hasn't been the way the Internet has developed and is counter to what many operators think is best for the Internet. That also requires money. Is that what people want? I don't think so, but I could be wrong. One the one hand, what built the Internet isn't what will maintain it. A bureaucracy will be needed, the challenge isn't to prevent it but to build the best one possible. If ARIN goes unchecked it'll either be a weakened organization unable to serve the community (chaos ensues) or it will become an ogre, burdening the community (suffocation). It benefits operators to be involved, but the real trick is to realize what kind of involvement is needed. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Achieving total enlightenment has taught me that ignorance is bliss.
Re: Tier-2 reachability and multihoming
On Thu, 24 Mar 2005, G Pavan Kumar wrote: > Actually, I am not doing what you think I am. I am using the RouteViews > aggregation of the BGP routing tables. RouteViews is a project at the > univ. of Oregon that peers with backbones. Really? Could you tell us more about it? I thought there was just one Internet backbone. > I am looking at almost full and fresh data. So what value do you assign to "almost full?" There's a difference between "best" and "complete," which you may not be entirely appreciating. -Bill
Re: Please verify RFC1918 filters
> try 172.128.1.1 thanks. yummy. randy
Re: Please verify RFC1918 filters
On Tue, Mar 22, 2005 at 03:13:07PM -0800, Randy Bush wrote: > y'all might give us something pingable in that space so we can > do a primitive and incomplete test in a simple fashion. > > randy > try 172.128.1.1 /vijay
RE: Vonage SUED over not clearly informing customers re 911 service lacking
Re: "Your Call Will Go To A General Access Line at the Public Safety Answering Point (PSAP). This is different from the 911 Emergency Response Center where traditional 911 calls go." In talking with my local PSAP about VoIP services and this particular issue, they (PSAPs collectively) are fairly displeased with Vonage-like services and how it introduces delay into their process which is all about time sensitive information. With the advances in E911, cell phone location services, etc. which all increased the speed of identifying caller location and identity, residential VoIP services have set things back a fair amount. The "General Access" line that Vonage's text mentions means different things to different PSAPs and some (mine anyway) prioritize calls coming in on this line to the lowest queue and with some areas it may not even be answered outside of core operating hours or during high-call periods. I'm not saying (nor do I hope the PSAPs are either) that Vonage should cease and desist service because of the 911 issues, rather greater partnership needs to be initiated to insure that VoIP service and POTS have the same priority for 911 and that all possible information is transmitted in a timely manner for 911 dispatchers to get the right services to you as fast as possible. I read on a Vonage customer forum about "testing" your 911 service with them, I don't know that I'd advocate that as the PSAPs will likely be ticked. But again, it emphasizes a point about collaboration between Vonage and the areas it supports to insure customer safety. If you are a Vonage customer, I'd urge you to verify your 911 info with them. Sure you'll hopefully never need the service, but if your house is on fire or your child is choking or whatever the unfortunate event is, will you really be able to give them your full address and call-back number in a time of crisis? I hope so... Sorry about the soapbox, I have strong feelings on this one... - Scott [EMAIL PROTECTED] Paid-on-call firefighter and network guy
RE: Vonage SUED over not clearly informing customers re 911 service lacking
At 01:38 PM 3/24/2005, Oren Levin wrote: > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J.D. Falk > Sent: Thursday, March 24, 2005 1:37 AM > > On 03/23/05, "Sam Hayes Merritt, III" <[EMAIL PROTECTED]> wrote: > >> Subject: Re: Vonage sold over not clearly informing customers re 911 service lacking >> http://www.cnn.com/2005/TECH/internet/03/23/internet.phones.911.ap/index.htm l > > That's "sued," not "sold." > > And it's a silly case, 'cause Vonage goes to great lengths to > remind new subscribers to configure the service with the real, > physical location of their phone. Or at least, they bugged me a > lot when I signed up late last year. Or it's not so silly. The 911 service Vonage prodded you to configure is not quite the same as calling 911 from a landline (see below). So even though you told Vonage where you are and they send your call to the right building you still need to be transferred to the 9-11 call center and you still need to tell them where you are. I'm not sure why Vonage couldn't offer a service to have 911 ring to a number you specify. In our town, the alarm companies and anyone on a cell phone who wants to reach the proper police department knows to call the "non-emergency" number at the dispatch center. Though the call doesn't come in over the official 911 circuit, our dispatchers do not treat that line as less important. Why not just let us map 911 to that number? As you note, they offer to map it to some other location, which isn't in the same place. My impression is you get a middleman like you would with OnStar or similar.
RE: Vonage SUED over not clearly informing customers re 911 service lacking
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J.D. Falk > Sent: Thursday, March 24, 2005 1:37 AM > > On 03/23/05, "Sam Hayes Merritt, III" <[EMAIL PROTECTED]> wrote: > >> Subject: Re: Vonage sold over not clearly informing customers re 911 service lacking >> http://www.cnn.com/2005/TECH/internet/03/23/internet.phones.911.ap/index.htm l > > That's "sued," not "sold." > > And it's a silly case, 'cause Vonage goes to great lengths to > remind new subscribers to configure the service with the real, > physical location of their phone. Or at least, they bugged me a > lot when I signed up late last year. Or it's not so silly. The 911 service Vonage prodded you to configure is not quite the same as calling 911 from a landline (see below). So even though you told Vonage where you are and they send your call to the right building you still need to be transferred to the 9-11 call center and you still need to tell them where you are. >From http://www.vonage.com/features.php?feature=911 Your Call Will Go To A General Access Line at the Public Safety Answering Point (PSAP). This is different from the 911 Emergency Response Center where traditional 911 calls go. * This means your call goes to a different phone number than traditional 911 calls. Also, you will need to state the nature of your emergency promptly and clearly, including your location and telephone number, as Public Safety Answering Point (PSAP) personnel will NOT have this information on hand. - Oren Levin, Senior Developer [EMAIL PROTECTED], 973.837.2811 "Audible.com ranks among the Web's best services." CNet.com, July 2004
Re: ARIN, was Re: 72/8 friendly reminder
>From: Michael.Dillon >Date: Thu Mar 24 11:34:52 2005 > > > >> The other consequence is that the membership takes on the >> responsibility for ARIN's actions. Not the staff's actions, but >> ARIN's actions. If there is any dysfunction in ARIN, I suspect that >> it lay here. > >Yes, this is what I believe. The ARIN membership is more >passive than I think is healthy for the organization. >Thus, the organization is dysfunctional. I agree, I'd certainly like to see more people actively participate in the process. If nanog folks believe that the ARIN membership is not getting the right stuff done... How do we fix this problem? How do we get more operators involved and active in the RIRs? I think colocating 1 ARIN meeting/per year with Nanog in the fall has been a help. ARIN isn't perfect but it could be a lot worse. In some ways I think the issue you describe is an industry wide problem. There are many different groups (RIRs, ICANN, IETF, Nanogs, etc...) and participating in all of them is a lot of effort, especially when most of us already have full-time jobs. We could of course create a huge beuarcratcy with lots of people to study the issues and make policy, but that hasn't been the way the Internet has developed and is counter to what many operators think is best for the Internet. That also requires money. Is that what people want? I don't think so, but I could be wrong. Andrew (also a member of the ARIN Advisory Council)
Re: IBM to offer service to bounce unwanted e-mail back to the
> If FairUCE can't verify sender identity, then it goes into > challenge-response mode, sending a challenge email to the sender, Let me rephrase that more accurately: "...spamming everyone who has been so unfortunate as to have their address forged into a mail message..." Challenges thus issued are unsolicited: the challenged party had aboslutely nothing to do with the inbound mail message. If such a system is used in production, then challenges will, inevitably, be sent in bulk. I trust it's clear that these challenges are email. "unsolicited bulk email", or UBE, is the canonical and only correct definition of [SMTP] spam. So not only does FairUCE ignore a fundamental principle of competent anti-spam defense (e.g. "do not generate still more junk mail traffic at a time when we are drowning in junk mail traffic") it does so by generating outbound spam. How very nice. See, BTW, for some background info: http://www.techzoom.net/paper-mailbomb.asp which discusses similar issues. (Thanks to Bruce Gingery for pointing this out.) Beyond that, as Lycos Europe has already belatedly figured out, attempts to strike back at spammers which presume (as FairUCE naively does) that spammers themselves will not rapidly deploy effective countermeasures are doomed to fail and, in all probability, doomed to abuse innocent third parties. This is why responsible anti-spam techniques do not even *attempt* to fight abuse with abuse. I suggest further discussion be moved to Spam-L (a) before NANOG is overrun with it again and (b) because the most anti-spam experts and other interested parties may primarily be found there, not here -- and extensive discussion of this particular issue is already in progress anyway. ---Rsk
Re: 72/8 friendly reminder
On Thu, 24 Mar 2005, Christopher L. Morrow wrote: > > > > is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly > > > > informed' admins the problem? > > > > > >Lazy/misguided/ex admins / downsized networks are the problem. ARIN is in > > >a unique position to be able to do something to at least try to mitigate > > >the problem without too much effort before handing "damaged IP space" out > > >to members. The current situation frustrates those who don't know what to > > >do, and encourages them to look elsewhere for the IP space they need. > > > > I think it's important to remember the "lazy/dumb/mistaken/poorly informed" > > folk alluded to above are NOT the ones receiving IP address space, but > > people elsewhere in (and all over) the world. > > of course, I should have been more clear, sorry :) That was totally clear to me. It's the people who set and forget about (or set and get laid off) bogon packet/route filters that have caused this problem. The unfortunate thing is that they don't seem to learn from their mistakes. Each time a new /8 goes from bogon to RIR assigned, the end users of those new allocations end up dealing with the same problems each former bogon /8 did before them. How many times does a network have to be contacted by users of 69/8, 70/8, 71/8, before they stop and think "hey, maybe these static bogon filters weren't such a great idea...how about we just scrap them?"...or maybe its just that new static bogon filters are being put in place and forgotten...so a network that didn't have bogon filters when 69/8 went into use does now. > > The idea of ARIN temporarily lighting address space in any new block, and > > providing a test target is reasonable, relatively inexpensive and sensible. > > this requires the above lazy/dumb/mistaken/poorly-informed masses to want > to hit the targets as well, eh? :( Exactly why even though it may help a little, it's not a solution. The solution has to be more active (vs passive). Setup something in that new IP space, and do reachability testing (or let others do it as RIPE has done). That's quite a bit more involved than just setting up a host and saying "hey, ping this", but how else are you going to know where the filters are? If ARIN did this, they could setup something very similar to what I did on 69box, and have a "hall of shame" page listing the networks (IPs) unreachable from the new space, but reachable from older space. At least then members given former bogon IP blocks could go to that page, see if there are any networks listed that they might care about reachability to, and try to make contact themselves with those networks they care about in order to get their bogon issues resolved. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Utah governor signs Net-porn bill
--- William Allen Simpson <[EMAIL PROTECTED]> wrote: > I'm assuming that you really operate an ISP in Utah. > And that you are > willing to spend some time in jail at various times, > have $10,000 or so > for bail, and a few $100,000 for attorney fees -- > none of which you'll > get back even should you win. wouldn't it be cheaper and easier to simply get a lawyer and an engineer in the same room and brainstorm until you came up with something which pretty-much-worked(tm) and was at least arguably compliant with the law? There have been a couple of ideas bandied about on this list which are arguably compliant and technically simple. > > I've spent time in jail on principle. I'm glad to > see others are still > willing to stand up and be counted! This isn't a principle for which I'd gladly go to jail.All I'm saying is that it isn't the doom&gloom you're portraying - Utah politicians being difficult doesn't mean the end of free speech forever. Why not wait and see what happens? -David Barak need Geek-rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: ARIN, was Re: 72/8 friendly reminder
> The other consequence is that the membership takes on the > responsibility for ARIN's actions. Not the staff's actions, but > ARIN's actions. If there is any dysfunction in ARIN, I suspect that > it lay here. Yes, this is what I believe. The ARIN membership is more passive than I think is healthy for the organization. Thus, the organization is dysfunctional. > I want to make it clear that any lack of change or innovation is not > something that the staff has caused. I'm not knocking the staff. And I'm also not suggesting that people should pester the staff if they want ARIN to act on something. The Board of Trustees is responsible for instructing the staff to act, and therefore, ARIN members and others should either communicate directly with the Trustees, or through the public policy process. However, this public policy process is itself suffering as the result of extremely low involvement by ARIN members and by other interested parties. > But, the point is taken that ARIN would be much more "useful" to the > Internet if there was a change in participation. Point taken. My goal is to see more participation so that more diverse viewpoints are involved in the discussion. When there are only a handful of people making all the decisions, then it is much easier to make mistakes, to misunderstand the situation, and to be blind to possibilities. Democractic oversight and review cannot happen when the number of people involved is very low. > But a lot of times people confuse the ARIN staff > with the ARIN membership organization. That's why I didn't mention the staff and repeatedly pointed the finger at the apathy of the IP network operators who form ARIN's membership. --Michael Dillon
ARIN, was Re: 72/8 friendly reminder
At 15:17 + 3/24/05, [EMAIL PROTECTED] wrote: To begin with, nothing I have to say here has any bearing on the other IRR's. There is a reason there are 4-5 IRRs, each should be tuned to local sensibilities. However, ARIN today is a very dysfunctional organization. That is a very brash statement, one that is easily misinterpreted, one that may be simply wrong, or a statement that has an element of truth. The tone of this statement is why I am bothering to reply. First, distinguish between ARIN staff and ARIN membership. The staff at ARIN go to great lengths to respond to what the membership - and the public at large - ask ARIN to do. Note - NOT JUST membership. This is why there are open policy discussions, and open mics. (Sessions are webcast, the public policy mailing list is free to join.) Of course, membership does control the bounds of ARIN's response, including that of the staff, which is why there is also a member-only meeting on the last day of the conference. ARIN's staff is to fairly and equitably execute the policies that the membership organization has put into play. (I won't split hairs on the Advisory Council or the Board's roles, this can be learned by starting with ARIN's web site, http://www.arin.net.) This has two consequences. One is that it means the staff should not go and try to set the agenda for how ARIN operates. It it beneficial if the staff is involved to educate the members on the reality of running the registry. It the staff goes further, they are potentially disrupting an otherwise level playing field. The other consequence is that the membership takes on the responsibility for ARIN's actions. Not the staff's actions, but ARIN's actions. If there is any dysfunction in ARIN, I suspect that it lay here. I do not mean to infer that there is a problem, but I think this is where the largest misunderstanding of ARIN's role exists. I also do not demean the efforts of those who do take the time to participate, they are the ones heading in the "right" direction, no matter whether I agree with the opinions I hear. One question does haunt me about how the operations community views ARIN. Most ARIN policies are concerned with address allocation, reporting, and such. There are not many policies regarding the functional role ARIN plays in the Internet, the only one that leaps to mind is a lame delegation policy under discussion. The (haunting) question is whether the operations community feels that there should be operational policies put before ARIN. E.g., support for secure routing - when a concrete approach is defined that needs RIR input, should ARIN play? Is there a feeling within the operator community that ARIN is... Most ARIN members seem to view ARIN as a distant regulatory agency to whom they must regularly burn incense and make sacrifices in order for the ARIN gods to bestow IP addresses upon the unworthy network operator. The result is that there is little participation by ARIN members in monitoring and governing ARIN. And therefore, ARIN does what it has always done without changing or innovating. Oh, that's was where I was going. Is that the case? If so, then there is a dysfunction. I want to make it clear that any lack of change or innovation is not something that the staff has caused. (By design the staff is in reaction mode.) The lack of change or innovation is the motivation for the haunting question above. that ARIN carries a big stick like the FCC. The fault is not with the people involved in ARIN; the fault is with the majority of IP network operators who do not get involved with ARIN. I don't like "fault", it implies that there is something seriously broken. For the most part, things are working fairly well. Maybe at the operator level we see ways the world would be much better if we ruled things, but to the general public, the Internet is making things better. (Maybe for just some, but you have to admit overall things are better.) But, the point is taken that ARIN would be much more "useful" to the Internet if there was a change in participation. However, the improvement is not in the demographics of the participation, but in the content of the participation. If the content of the participation was well-balanced, then the demographics will follow. After all, if the policies ARIN membership were "perfect" now and into the future, there's no longer a need for the membership to steer the staff. The only thing the staff would have to do is execute the (benevolent, perfect) bureaucracy. ;) PS - I think my response to Michael is not so much an opposing view, but a slightly different emphasis in where improvements may lie. I really don't think Michael is trying to "stick it to the staff." (I hope he's not.) But a lot of times people confuse the ARIN staff with the ARIN membership organization. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lew
Re: 72/8 friendly reminder
On Thu, 24 Mar 2005, Randy Bush wrote: > > ARIN is in a unique position to be able to do something to at > > least try to mitigate the problem without too much effort before > > handing "damaged IP space" out to members. > > damaged? so you will do your bit to undamage unused ip space by > not bogon filtering on your network? I don't do bogon filtering. I do take a bogon route feed from team cymru, but that won't stop me from reaching any announced subnets within "bogon space"[1]. And cymru has been pretty good about keeping up with the changes wrt what's a bogon and what's not. What I will do, next time we get space from ARIN (which I suspect isn't too far off) is setup 72box (or whatever /8 they're allocating from now) and repeat the exercise I did with 69/8 space so I have some idea where the idiot networks are (and try contacting them) before we start using or assigning IP's from that space. [1] at least not until cisco adds a feature allowing you to ignore new BGP routes for subnets of a bogon feed. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Utah governor signs Net-porn bill
David Barak wrote: For crying out loud - this is UTAH, not the moon: the people there are just like people everywhere. Yeah, they tend to be a bit more socially conservative than the libertarian-leaning NANOG membership is used to, but it's not like they've got 2 heads and three arms - if you prick them, they'll bleed... From their hands, and feet, like in Stigmata ? Remind me not to visit Utah, on Easter. :} FWIW, they are doing articles right now, on how the evangelicals, thanks to "Faith Based Initiative" are using the money funneled into them, and their new close associations, to influence policy in US Government. So much for the "Wall of Separation". :\ Prepare for a lot more of it to come down the road. The Schiavo case is a great example. From a legal standpoint, they have -nothing- to stand on... 20 judges have said so. The parents gave up, and signed the "right of attorney" over to the husband, years ago. End of _legal_ story. But, this administration, and a mob of RRR, don't really care about the law, as much as appearances, and grandstanding. So, the _exact_same_man_ who signed into law the Governments right to pop the plug on the poor, _irrespective_ of the wishes of the caregiver, -or- family, is leading the mob with pitchforks against just such an action. Go Figure. Like I said, "The Moral Majority were Neither". so while I agree that this is a goofy law which was poorly written - there IS a demand for this type of service, and we'll see how it plays out. If there is a demand for the service, someone will be _more_ than happy to sell it to them, however, you -don't- need a law, just the demand. Just think, anyone who tries to offer this service, if he were to have an error, or a mistake, will face criminal charges, as well as the potential Civil Lawsuit, similar to Vonage. Double Jeopardy for trying to do "the right thing". And something else to remember about those "Blue Laws", they are usually old and antiquated.. not, passed in the last 6 months. Who would have thought the "Dark Ages" would have a revival, post 2000 ? -David Barak need Geek Rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: 72/8 friendly reminder
On Thu, 24 Mar 2005, Daniel Senie wrote: > > At 10:06 AM 3/24/2005, Jon Lewis wrote: > > >On Thu, 24 Mar 2005, Christopher L. Morrow wrote: > > > > > On Thu, 24 Mar 2005 [EMAIL PROTECTED] wrote: > > > > > > > In any case, it is not important how the message > > > > gets communicated to ARIN. What is important is for > > > > network operators to *TELL* ARIN what they need ARIN > > > > > > is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly > > > informed' admins the problem? > > > >Lazy/misguided/ex admins / downsized networks are the problem. ARIN is in > >a unique position to be able to do something to at least try to mitigate > >the problem without too much effort before handing "damaged IP space" out > >to members. The current situation frustrates those who don't know what to > >do, and encourages them to look elsewhere for the IP space they need. > > I think it's important to remember the "lazy/dumb/mistaken/poorly informed" > folk alluded to above are NOT the ones receiving IP address space, but > people elsewhere in (and all over) the world. of course, I should have been more clear, sorry :) > > The idea of ARIN temporarily lighting address space in any new block, and > providing a test target is reasonable, relatively inexpensive and sensible. this requires the above lazy/dumb/mistaken/poorly-informed masses to want to hit the targets as well, eh? :( > > Paying members of ARIN are today negativelty impacted by receiving > assignments that remain in filters. It clearly makes little sense for those > receiving address space to each have to expend significant time and effort > to turn the address space into usable space. As such, the paying customers > & members should consider requesting this be a function that could be best > handled centrally by ARIN. I think I'm unclear how having arin/ripe/apnic/iana/god put up pingable/http-able/ftp-able ips from 'new' blocks is going to help, when the problem is at the far-end, and the 'user' or 'admin' there is one of the: "lazy/dumb/mistaken/poorly-informed" who already doesn't care enough to keep their filters up to date. Additionally, there is still the distinction between firewall/acl blocks and 'route filter' blocks. They may have the same effect in the end, but the target for who might have to repair that problem is likely different. -Chris
Re: Utah governor signs Net-porn bill
David Barak wrote: Planned Parenthood is quite alive and well in Utah. Contraceptives are freely advertised on TV and given out on campus at the U of U. All of the other stuff you're seeing is either: 1) unenforcable old blue laws similar to ... Don't know about Utah, but do know about Michigan: 1998 Aug 15 -- 24-year-old computer programmer hit a rock with his canoe. Began cussing. Charged with a 19th century law banning profanity within earshot of women and children. Convicted by jury. Took 4 years to overturn on appeal. Tens of thousands of dollars. Is only 1 of many such cases across the country that the ACLU has fought. So, I wouldn't bank on "unenforceable" 2) political posturing by elected officials (also relatively common in other parts of the world. c.f. US Congress, both parties) I've previously written here about RECENT Michigan laws on sex between unmarried persons, called "lascivious" conduct here (as opposed to "fornication" in Utah). And just like RECENT Utah, Michigan has RECENTLY enacted clearly unconstitutional laws on abortion, in the hopes that some future Supreme Court will reverse Roe v Wade, at which time all those invalid laws will become operative. 3) Something which, while it COULD be extended to mean something ridiculous, will NOT be. Great! If you truly believe this, just volunteer to be the test case. All you have to do is host a computer site, and refuse to label the content. Heck, AFAICT, a FTP-only site would be a good case. Or simply refuse to offer the blocking service. I'm assuming that you really operate an ISP in Utah. And that you are willing to spend some time in jail at various times, have $10,000 or so for bail, and a few $100,000 for attorney fees -- none of which you'll get back even should you win. I've spent time in jail on principle. I'm glad to see others are still willing to stand up and be counted! For the rest of you, wouldn't it just be cheaper and more cost effective to send some money to CDT? -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
RE: 72/8 friendly reminder
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Randy Bush > Sent: Thursday, March 24, 2005 9:45 AM > To: [EMAIL PROTECTED] > Cc: nanog@merit.edu > Subject: Re: 72/8 friendly reminder > > > > > In any case, it is not important how the message > > gets communicated to ARIN. What is important is for > > network operators to *TELL* ARIN what they need ARIN > > to do. One way to talk to ARIN is through the public > > meetings and another way is to email one of the > > trustees. > > and one is to send an email to arin's external relations or ops > folk, which i did a while ago. i suspect they also read this > list. They do. They're also pretty good about responding. -M<
Re: 72/8 friendly reminder
>> is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly >> informed' admins the problem? > Lazy/misguided/ex admins / downsized networks are the problem. if aol is not worried enough to tell us an address to ping, perhaps you can see why we prospective pingers are not getting our undies in a knot. and, to carry it a step further, one might then infer why arin has not seen it as a priority. i suspect this discussion will change the latter. dunno what will change the former. > ARIN is in a unique position to be able to do something to at > least try to mitigate the problem without too much effort before > handing "damaged IP space" out to members. damaged? so you will do your bit to undamage unused ip space by not bogon filtering on your network? randy
Re: 72/8 friendly reminder
At 10:06 AM 3/24/2005, Jon Lewis wrote: On Thu, 24 Mar 2005, Christopher L. Morrow wrote: > On Thu, 24 Mar 2005 [EMAIL PROTECTED] wrote: > > > In any case, it is not important how the message > > gets communicated to ARIN. What is important is for > > network operators to *TELL* ARIN what they need ARIN > > is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly > informed' admins the problem? Lazy/misguided/ex admins / downsized networks are the problem. ARIN is in a unique position to be able to do something to at least try to mitigate the problem without too much effort before handing "damaged IP space" out to members. The current situation frustrates those who don't know what to do, and encourages them to look elsewhere for the IP space they need. I think it's important to remember the "lazy/dumb/mistaken/poorly informed" folk alluded to above are NOT the ones receiving IP address space, but people elsewhere in (and all over) the world. ARIN does not provide any statement of suitability of the address space for any purpose. That's nice for the lawyers, but pretty useless from a customer satisfaction and network operations standpoint. The idea of ARIN temporarily lighting address space in any new block, and providing a test target is reasonable, relatively inexpensive and sensible. Paying members of ARIN are today negativelty impacted by receiving assignments that remain in filters. It clearly makes little sense for those receiving address space to each have to expend significant time and effort to turn the address space into usable space. As such, the paying customers & members should consider requesting this be a function that could be best handled centrally by ARIN.
Re: 72/8 friendly reminder
> > In any case, it is not important how the message > > gets communicated to ARIN. What is important is for > > network operators to *TELL* ARIN what they need ARIN > > is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly > informed' admins the problem? ARIN is not part of the problem, but ARIN *IS* part of the solution. If ARIN was really a functional organization, i.e. driven by its members, then we wouldn't even be talking about this here. It would have been done long ago. However, ARIN today is a very dysfunctional organization. Most ARIN members seem to view ARIN as a distant regulatory agency to whom they must regularly burn incense and make sacrifices in order for the ARIN gods to bestow IP addresses upon the unworthy network operator. The result is that there is little participation by ARIN members in monitoring and governing ARIN. And therefore, ARIN does what it has always done without changing or innovating. Is this bad? Yes, it is bad that so many ARIN members remain at arms length. It is bad that so many ARIN members do not understand ARIN and do not drive ARIN towards better meeting the needs of the IP network operations industry. It is bad that so many network operators fear ARIN and think that ARIN carries a big stick like the FCC. The fault is not with the people involved in ARIN; the fault is with the majority of IP network operators who do not get involved with ARIN. --Michael Dillon
Re: 72/8 friendly reminder
On Thu, 24 Mar 2005, Christopher L. Morrow wrote: > On Thu, 24 Mar 2005 [EMAIL PROTECTED] wrote: > > > In any case, it is not important how the message > > gets communicated to ARIN. What is important is for > > network operators to *TELL* ARIN what they need ARIN > > is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly > informed' admins the problem? Lazy/misguided/ex admins / downsized networks are the problem. ARIN is in a unique position to be able to do something to at least try to mitigate the problem without too much effort before handing "damaged IP space" out to members. The current situation frustrates those who don't know what to do, and encourages them to look elsewhere for the IP space they need. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: 72/8 friendly reminder
On Thu, 24 Mar 2005 [EMAIL PROTECTED] wrote: > In any case, it is not important how the message > gets communicated to ARIN. What is important is for > network operators to *TELL* ARIN what they need ARIN is arin the problem here? or are 'lazy'/'dumb'/'mistaken'/'poorly informed' admins the problem?
Re: 72/8 friendly reminder
> In any case, it is not important how the message > gets communicated to ARIN. What is important is for > network operators to *TELL* ARIN what they need ARIN > to do. One way to talk to ARIN is through the public > meetings and another way is to email one of the > trustees. and one is to send an email to arin's external relations or ops folk, which i did a while ago. i suspect they also read this list. you can now return to pontificating on law and morals in a mostly rural western us state, always a productive activity for ops folk. randy
Re: Utah governor signs Net-porn bill
> 1) unenforcable old blue laws similar to how Native > Americans need to be escorted by police in > Massachussetts (i.e. they never got around to fixing > old bad law, but noone cares anymore) Actually, Indian towns were goverened by Blue Laws up the second half of the 20th century. Not every law against snowfall was enforced at all times, but one shouldn't infer that all laws relating to fallend snow were moot for all time.
Re: 72/8 friendly reminder
> it seems that even bureaucrazy ripe managed to do it without > holding policy discussions; see henk's posting. I believe that RIPE does these things BECAUSE it is more bureaucratic than ARIN. As a result, RIPE staff feel more empowered to do sensible projects outside of the policy process. In any case, it is not important how the message gets communicated to ARIN. What is important is for network operators to *TELL* ARIN what they need ARIN to do. One way to talk to ARIN is through the public meetings and another way is to email one of the trustees. --Michael Dillon
Re: Utah governor signs Net-porn bill
> so while I agree that this is a goofy law which was > poorly written - there IS a demand for this type of > service, and we'll see how it plays out. Right! Not everyone needs or wants plain old raw Internet access. That is a commodity service which appealed to the early adopters who were technically literate. But in order to make the Internet into a true universal utility which is connected everywhere, all of the time, we need to develop some value-added services in addition to the plain-jane commodity access. So far most product innovation has come about by applying different types of technology to the last mile access and to the network core. Or by subtracting from the standard bundle of services offered by ISPs in 1995. Now it is time for people to look at adding to the plain-jane access service. One way to do this is by supplying managed (or partially managed) boxes to subscribers in their premises. SIP-based telephony services are an example of this. Most SIP-phones are partially managed boxes that call home when they are reset to download some config info. Most ISPs offer managed access or VPN services where the CPE router and/or firewall is managed by the ISP. Shifting the managed service into the ISP premises rather than the customer premises is not a big deal from the technology point of view and enables an ISP to provide more solid guarantees of security to the customer. This is especially appealing to home users since the home environment is generally less secure than a corporate environment where IT rooms and telecom closets are locked and access-controlled. The Internet services business has gotten rather too conservative lately. Where is the innovation gone? Why are so many people in the business satisfied to rest on their laurels and point to their accomplishments back in the 90's? I would have thought, that tough economic times would spur people to greater innovation not less. --Michael Dillon
Re: 72/8 friendly reminder
>> a bit more coffee made me realize that what might best occur would >> be for the rir, some weeks BEFORE assigning from a new block issued >> by the iana, put up a pingable for that space and announce it on >> the lists so we can all test BEFORE someone uses space from that >> block. > ARIN meeting happens in Orlando in about 1 month > from now. There is at least one open mike session > on the agenda and there is also a new policy workshop > if folks think that this practice needs to be made > into a formal policy. it doesn't. it's not policy. it's a simple ops hack. let's not see how complex we can make it or how much bureaucrazy we can wrap around it. it seems that even bureaucrazy ripe managed to do it without holding policy discussions; see henk's posting. randy
Re: Utah governor signs Net-porn bill
Well, here's an update: Utah Internet Porn Law May Face Challenge By The Associated Press "SALT LAKE CITY - Internet service providers that operate in Utah must offer customers a way to block porn sites under a law signed this week. ISPs complained that the law adds nothing to the fight against pornography, and said a legal challenge is likely." http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=3&u=/ap/20050324/ap_on_hi_te/internet_porn&sid=95573501 - ferg -- David Barak <[EMAIL PROTECTED]> wrote: so while I agree that this is a goofy law which was poorly written - there IS a demand for this type of service, and we'll see how it plays out. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
Re: Utah governor signs Net-porn bill
--- William Allen Simpson <[EMAIL PROTECTED]> wrote: > So, Utah law _already_ means no links to Planned > Parenthood et alia. > Planned Parenthood is quite alive and well in Utah. Contraceptives are freely advertised on TV and given out on campus at the U of U. All of the other stuff you're seeing is either: 1) unenforcable old blue laws similar to how Native Americans need to be escorted by police in Massachussetts (i.e. they never got around to fixing old bad law, but noone cares anymore) 2) political posturing by elected officials (also relatively common in other parts of the world. c.f. US Congress, both parties) 3) Something which, while it COULD be extended to mean something ridiculous, will NOT be. For crying out loud - this is UTAH, not the moon: the people there are just like people everywhere. Yeah, they tend to be a bit more socially conservative than the libertarian-leaning NANOG membership is used to, but it's not like they've got 2 heads and three arms - if you prick them, they'll bleed... so while I agree that this is a goofy law which was poorly written - there IS a demand for this type of service, and we'll see how it plays out. -David Barak need Geek Rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: 72/8 friendly reminder
a bit more coffee made me realize that what might best occur would be for the rir, some weeks BEFORE assigning from a new block issued by the iana, put up a pingable for that space and announce it on the lists so we can all test BEFORE someone uses space from that block. Based on what I've seen in last 2 years for all new IANA allocations to RIR, the assignments from the ip blocks do not happen on day one and in fact it takes RIR about 2-3 months before they start using that ip block. During that first couple months RIR makes announcements about the ip block (and we can possibly ask them to make additional announcement around week prior to when ip block first allocation is expected to be made) and some RIRs like RIPE use those 2 months to check reachability of the ips within the block. One of the problems for North America though is that ARIN does not seem to want to get involved in the operation aspects and so it does not do quite as much as for example RIPE. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: 72/8 friendly reminder
> a bit more coffee made me realize that what might best occur would > be for the rir, some weeks BEFORE assigning from a new block issued > by the iana, put up a pingable for that space and announce it on > the lists so we can all test BEFORE someone uses space from that > block. ARIN meeting happens in Orlando in about 1 month from now. There is at least one open mike session on the agenda and there is also a new policy workshop if folks think that this practice needs to be made into a formal policy. Also, on the ARIN website at http://www.arin.net/about_us/ab_org_bot.html you can find contact info for the Board of Trustees. These are the people who can decide that something makes perfect sense and instruct staff to just do it without going through the process of changing policies. Seems to me that this idea falls into the "just do it" category, i.e. it's operational best practice. So if you want this feature, tell ARIN about it! --Michael Dillon P.S. there is an upcoming RIPE meeting in Stockholm at the end of May. As above, tell them that this is important for them to be doing.
Re: 72/8 friendly reminder
At 20:05 23/03/2005, Steven M. Bellovin wrote: In message <[EMAIL PROTECTED]>, Randy Bush writes: > >>> We were recently assigned a 72.244/16 allocation from ARIN. Friendly >>> reminder that ARIN started allocating 72/8 since Aug. If you have a >>> static bogon filters, can you please make sure they are updated. Thank >> if you are really worried about this, and i can understand your >> being so, then make it easy for the busy folk here (not those >> pontificating on law and morals in the rocky mountains) to test. >> give us an address we can ping. > >a bit more coffee made me realize that what might best occur would >be for the rir, some weeks BEFORE assigning from a new block issued >by the iana, put up a pingable for that space and announce it on >the lists so we can all test BEFORE someone uses space from that >block. > That's a good idea. Maybe we can take it a step further: let each AS owner register an IP address with IANA or their RIR, and use this test box to ping the AS owner. It should be scalable -- there are only about 20k ASs, as I recall. The real expense, other than the single box per RIR, is developing the software that lets each AS register an IP address and an email address to contact if the pings fail. You mean something like: http://www.ris.ripe.net/debogon/debogon.html? Addresses are for each /8 that the RIPE NCC gets from IANA, they are announced from the day we get them from IANA until the time we start allocating from this /8. Henk -- Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.amsterdamned.org/~henk P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The NetherlandsThe NetherlandsMobile: +31.6.55861746 -- Look here junior, don't you be so happy. And for Heaven's sake, don't you be so sad. (Tom Verlaine)
Re: Tier-2 reachability and multihoming
G Pavan Kumar wrote:
I have been working on characterizing the internet hierarchy.
I noticed that 27% of the total possible tier-2 provider node pairs are
unreachable i.e., they dont have any tier-1 node connecting them nor a
direct peering link between them.
Multihoming can be used as a predominant reason for the
reachability of tier-3 nodes which are customers of these nodes, but what
about the reachability of tier-2 nodes themselves and its customers which
cannot afford to multihoming? How does BGP solve this reachability problem
when it gets a request to a prefix unreachable?
1tier-1
/
2 4 tier-2
/ \/ \
5 6 7 8 tier-3
here, nodes 2 and 4 have no reachability,
1
/ |
2 3 4
/ \ \/ \
5 6 7 8
now, node 7 is reachable from 2 and its lower level nodes, but what
about
node 4 and 8, and as a typical case, suppose nodes 4 and 8 have no
multihoming whatsoever, what then?
I suspect there are many cases (ok, I know from experience, but couldn't
tell you off the top of my head which ones) of networks that can't reach
other networks, but it's probably a tiny fraction of a percent, not the
27% you came up with.
It looks like the flaws in your methodology are to assume a far more rigid
hierarchy than is actually there, and to ignore peering.
If we assume the strict tiered hierarchy that you show in this example:
1tier-1
/
2 4 tier-2
/ \/ \
5 6 7 8 tier-3
It's unlikely that network 4 would lack a transit provider. Network 4
might not be buying transit from the same tier 1 as network 2, but they
would be buying from a different tier 1, who would peer with network 1.
It would look something like this:
1--9 tier-1
| |
2 4 tier-2
/ \/ \
5 6 7 8 tier-3
These do show up in the route-views data. To see some networks that are
reachable from one tier 1 through another tier 1, you can use the command
"show ip bgp regex ^2914_701$".
In the real world, the tier structure isn't nearly as clearly defined.
There are also lots of interconnections ("peering") in places other than
the top of the hierarchy, to the point where it isn't quite clear what the
hierarchy is. So, taking the above example, it could also look something
like this:
1--9 tier-1
| |
| 4
| / \
27 __8
/ \/
5 6---
In this case, 2 has gotten tired of paying 1 to reach 7, and 7 has gotten
tired of paying 9 and 4 to reach 2, so they've peered directly. A lot of
these arrangements won't show up in route-views, since the routes learned
from peers are generally only announced to customers, not to upstreams or
other peers. So, if route-views had a feed from 2, 5, or 7, but not from
6 or 8, route-views would see the adjacency between 2 and 7, but not the
adjacency between 6 and 8.
To answer your question about what BGP does when it doesn't find any
reachability data for a network, it declares the network to be unreachable
and drops the packets. In the real world, you generally see this only
when somebody is trying to send data to a network that doesn't exist, or
when something is broken.
We've got some different routing data at http://lg.pch.net/, which shows
what some networks are announcing to their peers, which might be useful to
you. However, our data doesn't tell you anything about our peers other
peering or transit relationships, and there are a lot of networks we don't
have peering data from (and it assumes they announce the same set of
routes to all peers, which is a bad assumption in some cases). I don't
know if that's useful to you or not.
If this and the other replies you've gotten don't make sense, and you've
still got a pair of networks you think don't talk to eachother, I'd be
happy to look at the specific case and explain what's happening there.
-Steve
