NANOG 38 - Prelliminary Agenda
Here's a very preliminary agenda for NANOG 38, October 8-10 in St. Louis. See http://www.nanog.org for more details. Also, a reminder that the early registration discount expires this Friday, September 15, and the hotel room block expires on Friday, September 22. See you in St. Louis! Steve Feldman PC CHair NANOG 38 - Preliminary Agenda (subject to change) Sunday, October 8 1:30 PM - 5:00 PM: Tutorials - BGP Multihoming Techniques - Philip Smith - Disaster Recovery and Global Site Load Balancing For Distributed Data Center Applications - Zeeshan Naseh, Cisco 5:00 PM - 7:00 PM: NANOG community meeting Monday, October 9 9:00 AM - 12:30 PM: Plenary I - Opening Remarks - How to Monitor SONET, TDM and Optical Transmission Devices Using TL1 and SMNP Monitoring Tools - Rachel K. Bicknell - Multi-Provider Ethernet Service Delivery - Ananda Rajagopal Foundry Networks - Peering Dragnet: Examining BGP routes received from peers - Tom Scholl, ATT Labs, Aman Shaikh, ATT Labs - Maximum-Prefix Tripping: The side effects of leaking on the Internet - Tom Scholl, ATT Labs - Deployment Experience With BGP Flow Specification - Raul Lozano and Derek Gassen (Time Warner Telecom), Danny McPherson and Craig labovitz (Arbor Networks) 2:00 PM - 5:30 PM: BOFs - Peering BOF XIII - Bill Norton, moderator - ISP Security BOF - Danny McPherson, Arbor Networks, moderator 5:30 PM - 7:30 PM: Beer and Gear 7:30 PM - 10:30 PM: Informal BOFs - A meeting room will be made availble for informal BOFs on Monday evening. Signups will be taken on-site. Tuesday, October 10 9:00 AM - 12:00 PM: Plenary II - PHAS: A Prefix Hijack Alert System - Mohit Lad Lixia Zhang (UCLA), Yan Chen Dan Massey (Colorado State University), Beichuan Zhang (University of Arizona) - Securing SIP: Scalable Mechanisms For Protecting SIP-Based - Dan McBride, CloudShield; Somdutt B. Patnaik, Eilon Yardeni, and Henning Schulzrinne, Columbia University; Gaston Ormazabal, Verizon Labs; David Helms, CloudShield Technologies - Resarch Forum: - Revealing Botnet Membership Using DNSBL Counter-Intelligence - Nick Feamster, Georgia Tech - Analyzing the Impact of Major Social Events on Internet eXchange Traffic - Yukiyasu Tarui, Internet Multifeeed Co. / JPNAP - Lightning Talks! 1:30 PM - 5:00 PM: Plenary III - PANEL: Pragmatismv6: a grown-up, critical examination of IPv6 - Todd Underwood (moderator), Daniel Golding, Jason Schiller, David Meyer - The NetIO stack in Windows Vista: Functionality and Deployment - Abolade Gbadegesin - Serious Progress on X.509 Certification of RIR Resource Allocations - Randy Bush, IIJ - Closing Remarks Various times: - PGP Key Signing - Joe Abley
Transport providers in UK
Hey guys, Looking for assistance in finding transport providers between either Amsterdam to Lisbon, or London to Lisbon. Preferably a wavelength service (OC48) providers that have a good track record would be fantastic! you can send all replies offlist Thanks, Payam T Chychi
Re: Commodity (was RE: [Fwd: Kremen ...])
Since IP addresses are tightly tied to the network architecture, how can they ever be liquid? How are PI addresses tightly tied to network architecture? What percentage of the total IPv4 address space is PI? If non-PI addresses are not property then how do PI addresses gain that attribute? --Michael Dillon P.S. PI addresses get configured into devices just the same as non-PI addresses. If you could sell a PI block then you would be faced with the prospect of renumbering all those devices. DHCP makes end-user devices pretty easy, but devices in the NETWORK ARCHITECTURE pose more of a problem. In addition there are some people who use IP addresses encoded in hardware in a non-mutable fashion. Those people will apply for PI allocations which, on average, makes PI addresses more tied to the hardware than non-PI. But the important points are not the ones mentioned in this postscript.
Re: Commodity (was RE: [Fwd: Kremen ...])
Erm, Uranium *is* a commodity. Last week's spot price was $52 a pound for U3O8. It's a small market in terms of numbers of players but it's still an open market in the economic sense. 102 million pounds were traded in 2004. Hedge funds are players in the uranium market (source: www.uxc.com, home page) I don't know where you got that figure but the website you reference states that in 2005 only 35 million pounds were traded in 107 transaction. I think most people will agree that any item for which only 107 transactions are concluded in a year is not terribly liquid. According to this http://www.cbot.com/cbot/pub/cont_detail/0,3206,1248+21215,00.html in Chicago alone, counting only trades for 100 oz. unit size, there were 15,544 contracts. Add to that the fact that you can buy and sell gold in any major bank in any major city as well as in most large jewellry stores and you have a very liquid commodity indeed. --Michael Dillon
RE: Kremen's Buddy?
It seems to me that this nicely illustrates a major problem with the current system. Here we have large blocks of IP space that, by their own rules, ARIN should take back. It all sounds nice on paper, but clearly there is a hole in the system whereby ARIN doesn't know and apparently has no way of figuring out that the space is no longer in use. Or maybe it means that ARIN has priorities and recovering this space is low on the priority list. Anyway, you are wrong. ARIN does have a way of figuring out that the space is no longer in use. When some sucker buys the addresses and tries to use them, they will find out that they must first update ARIN's records. And when they do that, ARIN will learn about the deal. At that point, they have to justify their address space just like anyone else, and only get to keep the amount of address space which they can justify. The fact that there are few suckers around to buy these addresses means that these block have been kicking around for a long time. But if there is ever a crunch for IPv4 address space, you can bet that ARIN members will empower ARIN to act unilaterally and take back the space. but the way things currently work it seems like if you can justify a block today, it's yours forever even if you stop actively using it. You haven't read through ARIN's policies yet, have you? --Michael Dillon
Re: Kremen's Buddy?
The fact that there is a lot of space assigned/allocated and not used in any easily observable way is well known to those who track the address exhaustion issue, I think. The fact that addresses are not used in an observable way does not imply that the addresses are not used at all. It simply means that the observation techniques used are not perfect. --Michael Dillon
Re: Commodity (was RE: [Fwd: Kremen ...])
On Sep 13, 2006, at 1:37 AM, [EMAIL PROTECTED] wrote: Since IP addresses are tightly tied to the network architecture, how can they ever be liquid? How are PI addresses tightly tied to network architecture? What percentage of the total IPv4 address space is PI? Good question. Perhaps someone from the RIRs could provide this information. What also might be interesting is the rate of change for PI allocations. My suspicion is the rate of PI allocations is increasing. Perhaps more interesting would be percentage and rate of change of PI IPv6 given scarcity isn't (yet?) an issue with IPv6. If non-PI addresses are not property then how do PI addresses gain that attribute? I suspect your position on whether or not PI addresses are property depends on whether it is yours or not. Rgds, -drc
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Sep 12, 2006, at 4:22 PM, Fred Baker wrote: IP Addresses have always been treated as a resource of the network since its inception. The fact that lawmakers don't understand or care to understand doesn't change the facts of the case. I'm sure the same argument was used for telephone numbers when technical folk were arguing against number portability. Rgds, -drc
Re: Qwest event 70 min ago?
We received the same report direct from Qwest last night.. they did have a major fiber cut in OK. We recieved word of resolution shortly after 2am CST. Charlie Watts wrote: On Tue, 12 Sep 2006, Charlie Watts wrote: Did anybody see a Qwest event ~70 minutes ago? A Qwest customer got me more information - Qwest reported a fiber cut in OK affecting much of their east-west traffic. Of course, that's hearsay twice removed at this point, so take it with a salt lick. -- -- Tom Sands Chief Network Engineer Rackspace Managed Hosting (210)447-4065 --
Re: Kremen's Buddy?
Richard A Steenbergen wrote: Ever notice the only folks happy with the status quo are the few who have already have an intimate knowledge of the ARIN allocation process, and/or have the right political connections to resolve the issues that come up when dealing with them? Try looking at it from an outsider's point of view instead. If you're new to dealing with ARIN, it is not uncommon to find the process is absolutely baffling, frustrating, slow, expensive, and requiring intrusive disclosure just shy of an anal cavity probe. I take offense to all this misinformation based on my not so long ago viewpoint as an outsider. Based on everything I heard here, I had a negative view of ARIN. After all, everyone here deals with them. If they hate dealing with ARIN, it must be horrible. Live an learn. My experiences with ARIN are simple. It was a lot of work. I didn't have any of my netblocks SWIP'd, hadn't analyzed my network in the way that ARIN wanted, and so I had to work to get all this information together the first time. However, I found ARIN easy to work with. They helped me out when I had questions, and when I was terrified that they wouldn't give me IPs, they were generous. My second time in dealing with them was aggravating, as I wanted more than what they issued (they use time between requests to determine a trend of actual IP utilization). However, they were right, and my last request expanded the previous request block out (I love contiguous when I can have it) and started a new one (yipee! another route!). Please remember the outsiders. They expect that everyone dealing with ARIN and talking bad about the process to know what they are talking about. ARIN may not be perfect, but newcomers shouldn't be afraid. The hardest part is information gathering to setup for the first time, as many people don't have the information ARIN requests readily available. After that, a little due diligence and it's a cake walk. -Jack
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
David Conrad wrote: I'm sure the same argument was used for telephone numbers when technical folk were arguing against number portability. Number portability is a different can of worms, and many telephone companies pushed for it. However, telephone numbers have been assigned in large blocks, when only 1 number might be needed. This was a big issue for CLEC dailups, where 999 numbers could go to waste. If ARIN handed out prefixes the same way, there wouldn't be any IPv4 space left. Dude! Check it! I got a /20 for my house, man! It was a steal. Remember in the day when ARIN wouldn't let me have it because I only have 2 hosts here? *insane laughter* or IPs for sale! We've acquired 20 /8 networks! How big do you want to go? (given that laws have indicated a dislike for domain squatting, I wonder how IP squatting would work?) -Jack
Re: Qwest event 70 min ago?
On Tue, Sep 12, 2006 at 08:07:57PM -0600, Charlie Watts wrote: Did anybody see a Qwest event ~70 minutes ago? I'm not a direct customer so they won't talk to me, but we lost connectivity to a number of Qwest-connected sites for about 12 minutes. The data is falling off of the 1hr report, but you can still see it now: http://www.internetpulse.net/ http://www.internetpulse.net/Main.aspx?OriginValue=QwestOriginLevel=1 Thanks! All we got was this, from one of our clients: DATE OF EVENT: 9/12/06 TIME OF EVENT: 18:59 MDT LOCATION: Network Outage - Multiple CyberCenters EVENT DESCRIPTION: This is to notify you that the Qwest Hosting Services has experienced core routing conflicts that may have impacted your service. This is the final notification of this event. An RFO will be available within 48 hours upon request. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networkinghttp://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Wed, 13 Sep 2006 05:37:05 -0700 David Conrad [EMAIL PROTECTED] wrote: I'm sure the same argument was used for telephone numbers when technical folk were arguing against number portability. Oh come on. You know perfectly well that phone numbers are not the same as IP. No one knows me by my IP address. They know me by my email address(es). Heck, even I don't know my own IP address without running ifconfig and I installed it and maintain the system. If we were still calling central and asking Hi Mabel, can you put me through to Doc, no one would give a rat's ass about phone number portability. Notice that no one is getting worked up about circuit number portability. -- D'Arcy J.M. Cain darcy@druid.net | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner.
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Wed, Sep 13, 2006 at 11:43:36AM -0400, D'Arcy J.M. Cain darcy@druid.net wrote a message of 20 lines which said: No one knows me by my IP address. They know me by my email address(es). It does not seem true. IP addresses are visible outside in: * DNS servers when you get a zone delegation (the most important reason why changing IP addresses is a pain), * some peer-to-peer networks like Freenet, which do not use the DNS. (There are also a lof of internal uses of IP addresses for instance in firewalls and SSH caches.) So, you actually have: 1) Phone numbers (very visible outside) 2) IP addresses (visible outside) 3) MAC addresses (completely invisible outside except for a few minutes in the ARP caches)
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Sep 13, 2006, at 8:43 AM, D'Arcy J.M. Cain wrote: On Wed, 13 Sep 2006 05:37:05 -0700 David Conrad [EMAIL PROTECTED] wrote: I'm sure the same argument was used for telephone numbers when technical folk were arguing against number portability. Oh come on. You know perfectly well that phone numbers are not the same as IP. No one knows me by my IP address. They know me by my email address(es). Heck, even I don't know my own IP address without running ifconfig and I installed it and maintain the system. If we were still calling central and asking Hi Mabel, can you put me through to Doc, no one would give a rat's ass about phone number portability. Notice that no one is getting worked up about circuit number portability. In point of fact, phone numbers as David is describing them are much more of a parallel to DNS than to IP. BTNs (Billing Telephone Numbers) which are not portable are like IP addresses. The way the telephone system works is when you dial a number, it is looked up in the SS7 database and mapped to a BTN. The call is then routed based on that BTN to its destination, with the dialed number in the DNIS field and the BTN in the destination field. Much like an HTTP request to a virtual server. Owen PGP.sig Description: This is a digitally signed message part
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
Le 2006-09-13 à 11:43, D'Arcy J.M. Cain a écrit : Notice that no one is getting worked up about circuit number portability. I don't know about that. I have always harboured a desire to visit ZOWISAP0001 in person. I hear Zoowie Island is quite lovely at this time of year. This is not a serious comment. I am just being CLLI. Joe
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Wed, 13 Sep 2006 17:53:04 +0200 Stephane Bortzmeyer [EMAIL PROTECTED] wrote: On Wed, Sep 13, 2006 at 11:43:36AM -0400, D'Arcy J.M. Cain darcy@druid.net wrote a message of 20 lines which said: No one knows me by my IP address. They know me by my email address(es). Huh? Are you trying to imply something? If your email software automatically adds that statement then please fix it. It's insulting when you trim the message to a shorter statement that you are responding to. The other 18 lines may not have been important to this particular response but they were not content free. It does not seem true. IP addresses are visible outside in: * DNS servers when you get a zone delegation (the most important reason why changing IP addresses is a pain), I reiterate, no one knows me by my IP address. The software (DNS) they use may and some people may need to make a change but the world in general does not need to know that. That's the whole point of DNS. My point is that my friends and aquaintences may remember my number or have it in their Rolodex but no one has to remember my IP address and very few ever have to even deal with it at all and those that do, only for a moment. OK, my real point is that phone numbers are not like IP addresses. You may find a dark corner that exhibits some similarity but the basic analogy is flawed. * some peer-to-peer networks like Freenet, which do not use the DNS. I don't know enough about Freenet but I am willing to bet that users don't need to remember IP addresses to get the benefits of it. (There are also a lof of internal uses of IP addresses for instance in firewalls and SSH caches.) I never said that IP addresses were never used anywhere. That would be ridiculous. They are entered into firewalls, routers, DNS servers and such. What I said was that users (remember them) don't have to memorize or track them. So, you actually have: 1) Phone numbers (very visible outside) 2) IP addresses (visible outside) 3) MAC addresses (completely invisible outside except for a few minutes in the ARP caches) Even number 3 does not leak out of the local area. However, I fail to see what conclusion you wish me to draw from this. I don't know anyone with any modicum of understanding of IP protocols that would dispute these statements other than my nit about number 3. -- D'Arcy J.M. Cain darcy@druid.net | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner.
Fwd: Blogger post failed
Apologies to the list, but, I have no other way to contact the person who thought thiswas a good idea...Could whoever thought it was a good idea to gateway NANOG messages to a bloggerplease fix their blogger gateway or turn it off.OwenBegin forwarded message:From: [EMAIL PROTECTED]Date: September 13, 2006 9:14:44 AM PDT (CA)To: [EMAIL PROTECTED]Subject: Blogger post failed Blogger does not accept multipart/signed files.Error code: 7.5CD98COriginal message:From: [EMAIL PROTECTED]Date: Wed, 13 Sep 2006 08:56:30 -0700Subject: Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]None
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Wed, Sep 13, 2006 at 12:17:59PM -0400, D'Arcy J.M. Cain wrote: I reiterate, no one knows me by my IP address. The software (DNS) they use may and some people may need to make a change but the world in general does not need to know that. That's the whole point of DNS. Let me adjust that for you: I reiterate, no one knows me by my phone number. The phone book they use may and some people may need to make a change but the world in general does not need to know that. That's the whole point of the phone book. My point is that my friends and aquaintences may remember my number or have it in their Rolodex but no one has to remember my IP address and very few ever have to even deal with it at all and those that do, only for a moment. Some people may know your phone number off the top of their heads, but most will have to look it up. The main difference I see is that there is a dynamic system for looking up IP addresses, so changes are easier to propagate. The Rolodex is the equivalent of a hosts file. The phone book roughly equates to mailing out a zone file periodically. Calling 411 is probably about as close to DNS as the phone system gets. We have phone numbers so the network knows where to send the call, not because they are convenient for people to remember. OK, my real point is that phone numbers are not like IP addresses. You may find a dark corner that exhibits some similarity but the basic analogy is flawed. They may not be identical, but I think the analogy works well. In both cases the numeric address is used to route to a destination device. In both cases, we have a reference system to resolve a name to said address. -c
Re: Kremen's Buddy?
Michael [mumble] spewed: ARIN does have a way of figuring out that the space is no longer in use. No, they don't. ARIN has problems around v4 allocation that need to be fixed for sure. I fit ras's mold of a person who is part of the machine and (I'll take a STEAK dinner ras, thank you) I disagree with some of his statements. Anyone could take someone elses documentation and exploit the system to some extent. I have a 105mb of zip you can use to acquire space if you need it _that bad_. You'd likely get the space as long as you changed some bits of information within it. I have found that the more legitimate your need the easier the process, right in line with membership expectation IMHO. Let use volume as the justification in this discussion and put it at at least a /16 for general purposes. Show up asking for the entire /16 you are going nowhere, but show that you have that many hosts that need access to the net and you are a service provider, you'll at least get started with something to get you on the road to a renumbering and return of provider space. It ain't that hard. How would you feel if along with the trust measure, some legal measures were added in? Perhaps this made it easy and eliminated the entire process of templates altogehter? - officers of applying companies sign a document stating that the demonstrated utilization is accurate and that the IP's will be used for purposes in compliance with Internet standards - companies agreed to have IP space allocation and utilization reviewed and certified by their auditors and results submitted to ARIN on a yearly basis as condition of use I'll see you in the lobby Sunday for my free trip to McCormack and Schmicks. ;-) -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
I'm sure the same argument was used for telephone numbers when technical folk were arguing against number portability. Oh come on. Where are we going? You know perfectly well that phone numbers are not the same as IP. Yes. I was making an analogy about what I suspect the technical arguments used during discussions on telephone numbering portability were. No one knows me by my IP address. Debatable (I'm sure if you engaged in sufficiently criminal activity over the Internet, you would be tracked down by the IP address you used). However, that is irrelevant. While you personally may not be referenced by IP address, the network interfaces used to reach you are known by IP address and those addresses cannot be changed without interrupting communication. They know me by my email address(es). Heck, even I don't know my own IP address without running ifconfig and I installed it and maintain the system. I have been told on numerous occasions that one of the reasons IPv6 has not seen significant deployment is because enterprises do not want to obtain their address space from their service provider due to (among other reasons) the cost of renumbering. Are you indicating you believe that renumbering is not an issue? Rgds, -drc
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Wed, 13 Sep 2006 10:38:49 -0700 Clay Fiske [EMAIL PROTECTED] wrote: On Wed, Sep 13, 2006 at 12:17:59PM -0400, D'Arcy J.M. Cain wrote: I reiterate, no one knows me by my IP address. The software (DNS) they use may and some people may need to make a change but the world in general does not need to know that. That's the whole point of DNS. Let me adjust that for you: No thanks. I reiterate, no one knows me by my phone number. The phone book they use may and some people may need to make a change but the world in general does not need to know that. That's the whole point of the phone book. I know many of my friends phone numbers by heart. I also know many businesses by their phone number. There is a popular pizza chain here that uses their phone number in their jingle. Just last night I noticed a vet across the street from a bar I was in who's phone number was 481-PETS. I would have no need to look that up in any book. There are many cases when we have to look up numbers but numbers is what we need in the end to phone someone. This is a weakness, one that the architects of the Internet fixed by introducing domains. Domains are what we have to remember, store in our rolodexes and look up in Internet phone books. My point is that my friends and aquaintences may remember my number or have it in their Rolodex but no one has to remember my IP address and very few ever have to even deal with it at all and those that do, only for a moment. Some people may know your phone number off the top of their heads, but most will have to look it up. The main difference I see is that there is a dynamic system for looking up IP addresses, so changes are easier If we know the domain which is the thing that users are required to remember. I deal with a music store called Long McQuade here in Toronto. The first few times I wanted to check out their web site I looked them up in the phone book (a.k.a. Google) but eventually I learned to remember Long-McQuade.com. I still can't remember their phone number. I generally go to the web site to get it. to propagate. The Rolodex is the equivalent of a hosts file. The phone book roughly equates to mailing out a zone file periodically. Calling 411 is probably about as close to DNS as the phone system gets. No, calling 411 is closer to hitting Google. I don't call 411 to get the BTN or circuit number. We have phone numbers so the network knows where to send the call, not because they are convenient for people to remember. The phone number system doesn't scale well. Too late to fix it now. OK, my real point is that phone numbers are not like IP addresses. You may find a dark corner that exhibits some similarity but the basic analogy is flawed. They may not be identical, but I think the analogy works well. In both cases the numeric address is used to route to a destination device. In both cases, we have a reference system to resolve a name to said address. I'm beginning to think I am feeding the troll here. I am sure that 99.9% of the people on this list understand that phone numbers are more analogous to domains than to IP addresses. Yes, it's a flawed analogy but less flawed than the other. I think I am done with this particular my analogy is bigger than your analogy war. Oops. Did I just make another analogy? :-) -- D'Arcy J.M. Cain darcy@druid.net | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner.
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
D'Arcy J.M. Cain darcy@druid.net wrote: If we were still calling central and asking Hi Mabel, can you put me through to Doc, no one would give a rat's ass about phone number portability. Notice that no one is getting worked up about circuit number portability. ... or street number portability. Thanks $deity. --Johnny
Bandwidth accounting recommendation?
Hi, I have been scouring the net searching for a good bandwidth accounting solution that would be appropriate for a hosting provider/carrier. We are more interested in the total amount of bandwidth the user has utilized in a 7/30/90/365 (whatever) day period of time than a Mbps 'graph' which MRTG would give you. It would also be great if it could allow us to assign logins to our users so they can view their utilization. So far I've looked at MRTG, Cacti, and RTG. Cacti was pretty good execept it doesn't appear to notice changes in a switch, sometimes more than 30 ports on 5 different switches change a day and we'd like something that automatically starts/stops monitoring utilization when the port status changes. I havent found a Netflow tool yet that I really like. Any suggestions? Thanks, Andrew
RE: Bandwidth accounting recommendation?
Hello, Hi, I have been scouring the net searching for a good bandwidth accounting solution that would be appropriate for a hosting provider/carrier. We are more interested in the total amount of bandwidth the user has utilized in a 7/30/90/365 (whatever) day period of time than a Mbps 'graph' which MRTG would give you. It would also be great if it could allow us to assign logins to our users so they can view their utilization. If you have a budget put together for this type of application (you'll need it!), Orion from Solarwinds (http://www.solarwinds.net) would suit your needs. I have used Orion for over 2 years now and quite satisfied with its features and performance. So far I've looked at MRTG, Cacti, and RTG. Cacti was pretty good execept it doesn't appear to notice changes in a switch, sometimes more than 30 ports on 5 different switches change a day and we'd like something that automatically starts/stops monitoring utilization when the port status changes. I havent found a Netflow tool yet that I really like. I don't fully understand your requirements here, but maybe the folks at Solarwinds can provide you with a solution here. Any suggestions? Thanks, Andrew Regards, Randy Epstein Email: repstein(at)chello.at
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
Johnny Eriksson wrote: D'Arcy J.M. Cain darcy@druid.net wrote: If we were still calling central and asking Hi Mabel, can you put me through to Doc, no one would give a rat's ass about phone number portability. Notice that no one is getting worked up about circuit number portability. ... or street number portability. Thanks $deity. Where is the Anti Digit Dialing League when you really need them? http://www.areacode-info.com/headline/1999/ca990503b.htm -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Watch your replies (was Kremen....)
It's insulting when you trim the message to a shorter statement that you are responding to. The other 18 lines may not have been important to this particular response but they were not content free. If your content was in any way, interesting, then people will have read it in the message that you posted. I see no need to repeat a bunch of irrelevant text when I am only replying to one point in your email. Personally, I wish more people would trim away all the irrelevant junk when replying. On the other hand, in the corporate world I find that the habit of top posting is very useful to me. I often see things that were never intended to be sent to me and I often discover that the previous replies in a thread betray the fact that the writer did not read or did not understand the original message. But on a mailing list, trimmed replies are superior. --Michael Dillon P.S. are the standards of this list so unclear that Darcy and I have to discuss this? Who is right?
Re: Watch your replies (was Kremen....)
Perhaps the list should be turned into a wiki; and no, while I'd like to, I'm not at this time volunteering to admin ;) Frank A. Coluccio DTI Consulting Inc. 212-587-8150 Office 347-526-6788 Mobile On Wed Sep 13 15:43 , [EMAIL PROTECTED] sent: It's insulting when you trim the message to a shorter statement that you are responding to. The other 18 lines may not have been important to this particular response but they were not content free. If your content was in any way, interesting, then people will have read it in the message that you posted. I see no need to repeat a bunch of irrelevant text when I am only replying to one point in your email. Personally, I wish more people would trim away all the irrelevant junk when replying. On the other hand, in the corporate world I find that the habit of top posting is very useful to me. I often see things that were never intended to be sent to me and I often discover that the previous replies in a thread betray the fact that the writer did not read or did not understand the original message. But on a mailing list, trimmed replies are superior. --Michael Dillon P.S. are the standards of this list so unclear that Darcy and I have to discuss this? Who is right?
Re: Watch your replies (was Kremen....)
Le 2006-09-13 à 15:43, [EMAIL PROTECTED] a écrit : P.S. are the standards of this list so unclear that Darcy and I have to discuss this? Who is right? http://nanog.cluepon.net/index.php/Posting_Style_Conventions Joe
RE: Watch your replies (was Kremen....)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Coluccio Sent: Wednesday, September 13, 2006 3:48 PM To: nanog@merit.edu; [EMAIL PROTECTED] Subject: Re: Watch your replies (was Kremen) Perhaps the list should be turned into a wiki; and no, while I'd like to, I'm not at this time volunteering to admin ;) I might just to watch the hilarity. Is there any real interest in this? MediaWiki with restricted editing for people on the NANOG list. Andrew
Cisco IOS VTP issues (fwd)
-- Forwarded message -- Date: Wed, 13 Sep 2006 14:18:41 +0200 From: FX [EMAIL PROTECTED] To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] Subject: Cisco IOS VTP issues Phenoelit Advisory wir-haben-auch-mal-was-gefunden #0815 +---+ [ Title ] Cisco Systems IOS VTP multiple vulnerabilities [ Authors ] FX [EMAIL PROTECTED] Phenoelit Group (http://www.phenoelit.de) Advisoryhttp://www.phenoelit.de/stuff/CiscoVTP.txt [ Affected Products ] Cisco IOS and CatOS Tested on: C3550 IOS 12.1(19) Cisco Bug ID: CSCei54611 CERT Vu ID: not assinged [ Vendor communication ] 06.07.05Initial Notification, [EMAIL PROTECTED] 12.07.05PSIRT member Wendy Garvin [EMAIL PROTECTED] took over 14.07.05Wendy states the there is a fix for one of the issues 19.07.05According to Wendy, Cisco has trouble reproducing the issues and finding the affected code 27.07.05Wendy notifies FX about fixed code 12.09.06Phenoelit advisory goes to Cisco (FX just forgot about it, too much to hack, too little time, but the PSIRT party in Vegas was a good reminder) 13.09.06Final advisory going public as coordinated release [ Overview ] Cisco Systems IOS contains bugs when handling the VLAN Trunking Protocol (VTP). Specially crafted packets may cause Denial of Service conditions, confusion of the network operator and a heap overflow with the possibility for arbitrary code execution. [ Description ] Cisco IOS suffers from several bugs in the VTP handling code. All issues require VTP to be in server or client mode. Transparent mode (default) is not affected. Issue 1: Denial of Service When sending a VTP version 1 summary frame to a Cisco IOS device and setting the VTP version field to value 2, the device stops working. Apparently, the VTP handling process will loop and is terminated by the systems watchdog process, reloading the device. Issue 2: Integer wrap in VTP revision If an attacker can send VTP updates (summary and sub) to a Cisco IOS or CatOS device, he can choose the revision of the VTP information. A revision of 0x7FFF will be accepted by IOS. When the switchs VLAN configuration is changed by an operator, IOS increases the revision, which becomes 0x8000 and seems to be internally tracked by a signed integer variable. The revision is therefore seen as large negative value. From this point in time on, the switch will not be able to communicate changed VLAN configurations, since the generated updates will be rejected by all other switches. Issue 3: VLAN name heap overflow If an attacker can send VTP updates to a Cisco IOS device, the type 2 frames contain records for each individual VLAN in the update. One field of the VTP records contains the name of the VLAN, another field the length of this name. Sending an update with VLAN name above 100 bytes and correctly reflecting the length in the VLAN name length field causes a heap overflow. The overflow can be exploited to execute arbitrary code on the receiving switch. The maximum length of a VLAN name in VTP is 255 bytes. [ Example ] The following is an example frame for issue 3. The appropriate VTP summary advertisement (type 1) must be sent before this frame. IEEE 802.3 Ethernet Destination: CDP/VTP (01:00:0c:cc:cc:cc) Source: any Length: 260 Logical-Link Control Virtual Trunking Protocol Version: 0x01 Code: Subset-Advert (0x02) Sequence Number: 1 Management Domain Length: 5 Management Domain: A Configuration Revision Number: 3 VLAN Information VLAN Information Length: 212 Status: 0x00 VLAN Type: Ethernet (0x01) VLAN Name Length: 200 ISL VLAN ID: 0x0001 MTU Size: 1500 802.10 Index: 0x000186a1 VLAN Name: A[...]AA (200 in total) 01 00 0c cc cc cc 00 fe fe c0 01 00 01 04 aa aa ...^ 0010 03 00 00 0c 20 03 01 02 01 05 41 41 41 41 41 00 .A. 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 03 d4 00 0040 01 c8 00 01 05 dc 00 01 86 a1 41 41 41 41 41 41 ..AA 0050 41
Re: ip reclamation was Re: Kremen's Buddy?
- Original Message Follows - From: william(at)elan.net [EMAIL PROTECTED] The fact that there is a lot of space assigned/allocated and not used in any easily observable way is well known to those who track the address exhaustion issue, I think. How much, though, is used, but not routed publically? Simple math from above: Allocated Not Routed: 3118838 (/24 blocks) - 21% I believe I wasn't clear. I meant to say, what fraction of this is in actual use, but not publically routed as opposed to the percent allocated and not in use, say, by defunct companies. Something that has been brought up from time to time here. It's not easily observable, but allowed. Not easily observable means some ip blocks maybe used but are not adverised in public BGP. This is a bit of an issue with certain part of US Gov. This is what I was getting at, but you've given an upper bound (21%) and I'm positive it's not even close to that. Still, it reduces the 21% to a amaller number. scott
Re: Watch your replies (was Kremen....)
Le 2006-09-13 à 15:59, Andrew Kirch a écrit : I might just to watch the hilarity. Is there any real interest in this? MediaWiki with restricted editing for people on the NANOG list. At the risk of repeating myself, http://nanog.cluepon.net/. This is a NANOG wiki with somewhat restricted editing (you have to register an account) running on MediaWiki. Joe
allocations from ARIN was Re: Kremen's Buddy?
- Original Message Follows - From: Richard A Steenbergen [EMAIL PROTECTED] Ever notice the only folks happy with the status quo are the few who have already have an intimate knowledge of the ARIN allocation process, and/or have the right political connections to resolve the issues that come up when dealing with them? Try looking at it from an outsider's point of view instead. If you're new to dealing with ARIN, it is not uncommon to find the process is absolutely baffling, frustrating, slow, expensive, and requiring intrusive disclosure just shy of an anal cavity probe. I am new to personally dealing with ARIN as of 1.5 years ago. I have had to get 5 seperate allocations in that time. I don't find this to be the case at all. They were very helpful and I was diligent in getting the things together necessary for the allocations and in my responses. It felt to me like teamwork rather than me against them. And, no, I didn't have to offer anyone free trips to Hawaii. ;-) scott
Re: Watch your replies (was Kremen....)
On Wed, 13 Sep 2006, [EMAIL PROTECTED] wrote: It's insulting when you trim the message to a shorter statement that you are responding to. The other 18 lines may not have been important to this particular response but they were not content free. If your content was in any way, interesting, then people will have read it in the message that you posted. I see no need to repeat a bunch of irrelevant text when I am only replying to one point in your email. Personally, I wish more people would trim away all the irrelevant junk when replying. I'm not singling any one person out, but when a thread that started off talking about RIR policy issues and IP address portability debate gets this far off track, then it's time for that thread to die or be taken out-of-band. Agreed? jms
renumbering IPv6
--- David Conrad [EMAIL PROTECTED] wrote: I have been told on numerous occasions that one of the reasons IPv6 has not seen significant deployment is because enterprises do not want to obtain their address space from their service provider due to (among other reasons) the cost of renumbering. The reasons I have been told by enterprises regarding lack of IPv6 deployment boil down to 1) lack of business driver (i.e. does it make money?) and 2) many/most medium-large enterprises neither qualify for PI addressing nor would be able to multihome using PA addressing. Issue #2 is being worked on now, but until a policy is securely in place, an enterprise adopting IPv6 is giving up capabilities they have today with IPv4. Are you indicating you believe that renumbering is not an issue? Renumbering is not THE issue. Renumbering sucks. However, there are policies in place to make it so that renumbering doesn't have to happen too much. Also, once renumbering is at the really unpleasant point, that's when an organization generally qualifies for PI space. Renumbering IP space is no different than renumbering postal addresses - the time spent to do so varies directly with the size of the organization, but it doesn't have to be done often. BTW, the telephone analogy folks have been missing here is that of the 8xx system, where the numbers themselves are leased due to intrinsic value, and then redirected to a different inbound trunk/call center/whatever. The 8xx system is the one which maps to domain names, not the standard land-line system. Note that 8xx numbers are not purchased, they are leased, as they consume resources - if 1-800-FLOWERS didn't pay their bill for a while, their whole business would vanish. Perhaps a customer who wanted to make IP addresses portable would pay a fee to the ISP whose addresses they are, and maintain redirection equipment to the real IPs... And perhaps the price of doing so would actually be higher than just keeping a T1 to that first provider... -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
In article [EMAIL PROTECTED], Clay Fiske [EMAIL PROTECTED] writes Some people may know your phone number off the top of their heads, but most will have to look it up. They will look mine up by reading my business card, reading my adverts, calling up my web page (OK, they are just an online advert), or looking at my email sig (OK, not the one I use here). But none of these says call 411 to get my number. In fact, I'm usually unlisted, to avoid getting unwanted calls from strangers. -- Roland Perry
Re: Kremen's Buddy?
On Tue, Sep 12, 2006 at 08:46:11PM -0400, Joe Abley [EMAIL PROTECTED] wrote a message of 45 lines which said: It's confusing to me that there appears to be no shortage of people who are prepared to learn the three hundred ways of doing the same thing with perl, or how to dissect a core dump, or how BGP works, but who at the same time are not interested in reading the ARIN policy manual before making a request for resources. I may be very special but I find learning a new programming language or a new protocol much more fun than reading thick and boring policy documents. I've heard that lawyers or accountants have different tastes but I believe they are rare on this mailing list.
Senate Hearings on ICANN
I only post this becuase of the ongoing thread re: Kremin v. ARIN. The Senate Committee on Commerce, Science and Transportation Subcommittee on Trade, Tourism, and Economic Development has announced a hearing on Internet Governance: The Future of ICANN. Wednesday, September 20th at 10:00 a.m. http://commerce.senate.gov/public/index.cfm?FuseAction=Hearings.HearingHearing_ID=1798 (Props to Bret Fausett.) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
ARIN to allocate from 2620:0000:/23
Hello- This announcement is being sent to multiple lists. Apologies for any duplicates. ARIN was issued the IPv6 address block 2620::/23 by the IANA on Sept. 12, 2006. ARIN will be making assignments of /48 and shorter from this block immediately in accordance with ARIN's recently implemented IPv6 end user assignment policy. Network operators may wish to adjust any filters in place accordingly. For informational purposes, a list of ARIN's currently administered IP blocks can be found at: http://www.arin.net/reference/ip_blocks.html Regards, Leslie Nobile Director, Registration Services American Registry for Internet Numbers (ARIN)
ARIN sucks? was Re: Kremen's Buddy?
I've heard the horror stories, and I remember that ARIN was difficult to deal with 10 years ago, but my recent experiences with them have been relatively painless. I expected the process to get worse as IPs become more scarce, but I haven't been seeing that. AFAICT they are more helpful and easier to work with right now than they have ever been. They came out with simplified templates last week and it looks like the process will now be even easier. Maybe it's harder for companies that don't run an rwhois server, and rwhois can be tricky to setup, but I was able to do it, and I would expect (or at least hope) that most of the people who are paid to run networks are in the same IQ range as me. What's so hard about this? http://www.arin.net/registration/templates/net-isp.txt Richard A Steenbergen wrote: Ever notice the only folks happy with the status quo are the few who have already have an intimate knowledge of the ARIN allocation process, and/or have the right political connections to resolve the issues that come up when dealing with them? Try looking at it from an outsider's point of view instead. If you're new to dealing with ARIN, it is not uncommon to find the process is absolutely baffling, frustrating, slow, expensive, and requiring intrusive disclosure just shy of an anal cavity probe.
Re: renumbering IPv6
David Barak wrote: 2) many/most medium-large enterprises neither qualify for PI addressing nor would be able to multihome using PA addressing. Issue #2 is being worked on now, but until a policy is securely in place, an enterprise adopting IPv6 is giving up capabilities they have today with IPv4. The ARIN IPv6 PI policy recently adopted is currently in effect and the application template is here: http://www.arin.net/registration/templates/v6-end-user.txt An org that already has IPv4 space from ARIN will find it trivial to complete. - Kevin
Re: renumbering IPv6
On Sep 13, 2006, at 1:27 PM, David Barak wrote: Perhaps a customer who wanted to make IP addresses portable would pay a fee to the ISP whose addresses they are, and maintain redirection equipment to the real IPs... And perhaps the price of doing so would actually be higher than just keeping a T1 to that first provider... from http://www.ietf.org/rfc/rfc4192.txt - Some took it on themselves to convince the authors that the concept of network renumbering as a normal or frequent procedure is daft. Their comments, if they result in improved address management practices in networks, may be the best contribution this note has to offer. - Without PI space for customers, both renumbering and traffic engineering/redundancy for the enterprise customer become a) horribly complex and b) subject to the whims of business relationships. Neither of these conditions is tolerable for those customers; turning every host on the network into a router via a Shim-6-like mechanism isn't, either (can you imagine help-desks who can barely cope with basic Windows issues trying to support Shim-6, heh?). Until these issues are resolved, widespread adoption of IPv6 by large enterprise customers for general-purpose networking will be problematic (note that these aren't the only issues, but they are gating issues which render the others moot) at best. Vendors, network operators and those participating in standards bodies must understand the seriousness of these issues for customers and work to address them (pardon the pun, heh). Roland Dobbins [EMAIL PROTECTED] // 408.527.6376 voice One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs. -- Robert Firth
Re: Kremen's Buddy?
- Original Message Follows - From: Stephane Bortzmeyer [EMAIL PROTECTED] On Tue, Sep 12, 2006 at 08:46:11PM -0400, Joe Abley [EMAIL PROTECTED] wrote to dissect a core dump, or how BGP works, but who at the same time are not interested in reading the ARIN policy manual before making a request for resources. I may be very special but I find learning a new programming language or a new protocol much more fun than reading thick and boring policy documents. Have you read the ARIN info regarding IPv4 allocations? If so, you're calling a few pages 'thick'. scott
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
On Wed, 13 Sep 2006, Johnny Eriksson wrote: D'Arcy J.M. Cain darcy@druid.net wrote: If we were still calling central and asking Hi Mabel, can you put me through to Doc, no one would give a rat's ass about phone number portability. Notice that no one is getting worked up about circuit number portability. ... or street number portability. Thanks $deity. Indeed - it's entirely sensible to me that buildings are numbered in order of construction in that particular region ... cheers! == A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now.
Re: [routing-wg]BGP Update Report
Marshall Eubanks writes: In a typical flight Europe / China I believe that there would be order 10-15 satellite transponder / ground station changes. The satellite footprints count for more that the geography. What I remember from the Connexion presentations is that they used only four ground stations to cover more or less the entire Northern hemisphere. I think the places were something like Lenk (Switzerland), Moscow, Tokyo, and somewhere in the Central U.S.. So a Europe-China flight should involve just one or two handoffs (Switzerland-Moscow(-Tokyo?)). Each ground station has a different ISP, and the airplane's /24 is re-announced from a different origin AS after the handoff. It's possible that there are additional satellite/transponder changes, but those wouldn't be visible in BGP. -- Simon.
IPv6 PI block is announced - update your filters 2620:0000::/23
It's update your IPv6 filters time: http://www.arin.net/reference/ip_blocks.html 8- IPv6 Assignment Blocks CIDR Block 2620::/23 -8 Expect blocks in between /40 and /48 there. That is enough space for best-case 2^(40-23) = 131.072 routes, worst case 2^(48-23) = 33.554.432 extra routes in your routing table, I hope Vendor C can handle it by the time that happens. In order words: better start saving up those bonus points, you will be buying quite a lot of new gear if this ever comes off the ground ;) Most likely case is a bit more optimistic if one takes /44's: 2.097.152 Still a lot more than the IPv4 routing table is now. It will take time, and possibly a lot, but it could just happen... On NANOG Roland Dobbins wrote: [..sarcasm mode..] turning every host on the network into a router via a Shim-6-like mechanism isn't, either If you would follow shim6 then you would notice that there is also an option for doing it side-wide. But I guess Vendor C doesn't like that option as then they can't sell bigger fatter routers ;) (can you imagine help-desks who can barely cope with basic Windows issues trying to support Shim-6, heh?). Ever tried to ask a help-desk if they knew what IPv4, BGP, ASN or any other simple term was? ;) Most times they don't even know what 'traceroute' means. [..] Vendors, network operators and those participating in standards bodies must understand the seriousness of these issues for customers and work to address them (pardon the pun, heh). Indeed a certain Vendor C should really start working on fixing a lot of bugs quickly. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: [routing-wg]BGP Update Report
Vince Fuller writes: On Mon, Sep 11, 2006 at 12:32:57PM +0200, Oliver Bartels wrote: Ceterum censeo: Nevertheless this moving-clients application shows some demand for a true-location-independend IP-addresses announcement feature (provider independend roaming) in IPv6, as in v4 (even thru this isn't the standard way, but Connexion is anything but standard). Shim etc. is not sufficient ... Ehm, well, Connexion by Boeing is maybe not such a good example for this demand. Leaving aside the question whether there is a business case, I remain unconvinced that using BGP for mobility is even worth the effort. It is obvious that it worked for Boeing in IPv4, for some value of worked, but the touted delay improvements on the terrestrial ISP path (ground station - user's home ISP) are probably lost in the noise compared to the 300ms of geostationary. But, hey, it's free - just deaggregate a few /19's worth of PA (what's that?) space into /24 and annouce and re-announce at will. Vince has an outline of an excellent solution that would have avoided all the load on the global routing system with (at least) the same performance (provided that the single network/VPN is announced to the Internet from good locations on multiple continents): One might also imagine that more globally-friendly way to implement this would have been to build a network (VPN would be adequate) between the ground stations and assign each plane a prefix out of a block whose subnets are only dynamically advertsed within that network/VPN. Doing that would prevent the rest of the global Internet from having to track 1000+ routing changes per prefix per day as satellite handoffs are performed. But that would have cost money! Probably just 1% of the marketing budget of the project or 3% of the cost of equipping a single plane with the bump for the antenna, but why bother? With IPv4 you get away with advertising de-aggregated /24s from PA space. At one of the Boeing presentations (NANOG or RIPE) I asked the presenter how they coped with ISPs who filter. Instead of responding, he asked me back are you from AS3303?. From which I deduce that there are about two ISPs left who filter such more-specifics (AS3303 and us :-). IMHO Connexion by Boeing's BGP hack, while cool, is a good example of an abomination that should have been avoided by having slightly stronger incentives against polluting the global routing system. Where's Sean Doran when you need him? -- Simon (AS559).
Re: [Fwd: Kremen VS Arin Antitrust Lawsuit - Anyone have feedback?]
Thus spake Johnny Eriksson [EMAIL PROTECTED] D'Arcy J.M. Cain darcy@druid.net wrote: If we were still calling central and asking Hi Mabel, can you put me through to Doc, no one would give a rat's ass about phone number portability. Notice that no one is getting worked up about circuit number portability. ... or street number portability. Thanks $deity. That's the canonical argument against address portability -- you can't take your street address with you when you move. ( I suppose now would be a bad time to point out I have a portable ZIP code: it's mine for life as long as I pay for the service it came with, no matter where I move. ) S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking
Re: IPv6 PI block is announced - update your filters 2620:0000::/23
Thus spake Jeroen Massar [EMAIL PROTECTED] 8- IPv6 Assignment Blocks CIDR Block 2620::/23 -8 Expect blocks in between /40 and /48 there. Expect mostly /48s and /44s, given that ARIN has not defined any criteria for what justifies more than a /48. Of course, some folks will announce a /44 instead since the block is reserved, but it should still only be one route. Still, even if every org that qualified for an assignment today got one, you're still only looking at a couple tens of thousands of routes max. ARIN using a /23 for PIv6 is either serious overkill or we'll never need to allocate another block at work. That is enough space for best-case 2^(40-23) = 131.072 routes, worst case 2^(48-23) = 33.554.432 extra routes in your routing table, I hope Vendor C can handle it by the time that happens. In order words: better start saving up those bonus points, you will be buying quite a lot of new gear if this ever comes off the ground ;) Most likely case is a bit more optimistic if one takes /44's: 2.097.152 Still a lot more than the IPv4 routing table is now. It will take time, and possibly a lot, but it could just happen... IMHO, BGP will fall over and die long before we get to that many ASNs. Remember, the goal in giving people really big v6 blocks, vs. IPv4-style multiple allocations/assignments, is to reduce the necessary number of routes to (roughly) the number of ASNs. If PIv6 folks start announcing absurd numbers of routes within their allocation, I'd expect ISPs to start filtering everything longer than /48 -- if they don't do so from the start. The next step is to filter everything longer than /44; since everyone is getting a reserved /44 at a minimum, that's safe (everyone just announces the /44 in addition to more-specifics). If filtering at /44 isn't enough, ISPs will just drop all PIv6 routes except for their customers' and the concept dies a quick death. No routers will be harmed in the making of this movie. It just occured to me that this policy is a perfect counterexample to Kremen's claims that ARIN is run by big ISPs for their own benefit. The big ISPs wailed and moaned and tried to stop it, and history may even prove them right one day, but the little guys won for now. Even if we're wrong, that's a good thing for a variety of reasons. S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking
kW Per Rack.
How many of you are currently cooling 7kW+ per cabinet.. are any of you cooling more than 15kW per rack, if so how large is your footprint? Are any of you using water cool racks, by tapping into house water? Rob
Re: kW Per Rack.
At 4:20 PM -0700 9/13/06, Robert Sherrard wrote: How many of you are currently cooling 7kW+ per cabinet.. are any of you cooling more than 15kW per rack, if so how large is your footprint? Are any of you using water cool racks, by tapping into house water? We're doing 7kW per cabinet via forced chilled air ducted directly into the top of hollow-post racks with ventilation slots opened on forward/side/back depending on the specific equipment needs. Air return is drawn off the structural floor (no raised floor) by computer room air chillers and then back into the duct system. We could increase density but only because the room is completely sealed with only penetrations for fiber, power, and chilled water loops. With a traditional raised-floor environment, you're in a very difficult situation at 15kW (~500 w/sqft). There's a couple of facilities in Northern VA with such a design point, but they very custom with 4 to 5 foot raised-floor due to the airflow. Water cooling to the rack (or at least to the aisle) almost required at that point. /John CTO, ServerVault
