Routing public traffic across county boundaries in Europe
I think this is a pretty dumb question, because I presume this is how most organisations save money and provide resilience. What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. I've done lots of searching and have our legal council investigating but I thought someone here might be able to point me in the direction of any legislation? (I'll summarise any off-list replies)... Thanks, -- Andy Loukes Senior Systems Architect The Cloud Networks http://www.thecloud.net/content.asp?section=1content=32
RE: Routing public traffic across county boundaries in Europe
Andy, I've always wondered this as well. Similar scenario, although not necessarily egress in a foreign country, but transiting through. For a brief period, we had an OC48 that carried packets on our network between Chicago and Seattle that traversed a router of ours in Vancouver, BC Canada. Any legal minds here that may know the answer? Randy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Loukes Sent: Thursday, July 26, 2007 3:53 AM To: nanog@merit.edu Subject: Routing public traffic across county boundaries in Europe I think this is a pretty dumb question, because I presume this is how most organisations save money and provide resilience. What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. I've done lots of searching and have our legal council investigating but I thought someone here might be able to point me in the direction of any legislation? (I'll summarise any off-list replies)... Thanks, -- Andy Loukes Senior Systems Architect The Cloud Networks http://www.thecloud.net/content.asp?section=1content=32
Re: iPhone and Network Disruptions ...
On Wed, Jul 25, 2007, Warren Kumari wrote: You have a couple of switches with STP turned off -- someone plugs in some random cable, forming a bridge loop... and everything continues running fine, until some time in the future when it all goes to hell in a hand-basket. Now, I could understand the system remaining stable until the first broadcast / unknown MAC caused flooding to happen, but I have seen this system remain stable for anywhere from a few days to in a few weeks before suddenly exploding. If you want to hear about something whacked along those lines - imagine two access points which had spanning tree disabled, connected to a pair of switches on a vlan which wasn't running stp (thanks to platform stp limitations, the switches running pvstp and said campus having 800 vlans), and said ap's would occasionally associate in infrastructure mode - which would cause a broadcast storm on that vlan and fill trunk pipes with spaf. Debugging that one was hilarious. Hum. Adrian
Re: An Internet IPv6 Transition Plan
On Wed, Jul 25, 2007 at 06:15:23PM -0500, Iljitsch van Beijnum wrote: On 25-jul-2007, at 6:30, Stephen Wilcox wrote: I think the combined effect of these things means - we will not be running into a wall at any time - availability of IPs will slowly decrease over time (as cost slowly increases) I have to disagree here. 10% of the requests are for 90% of the 170 - 200 million IPv4 addresses given out per year. These are going to large broadband ISPs in blocks of a quarter million or (much) larger, upto /8. At some point, the RIRs will be out of large enough blocks to satisfy these requests. Nothing to be done about that. um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Steve
Cogent issues in Chicago?
Anyone experiencing issues with their Cogent connectivity right now? -brandon
Re: An Internet IPv6 Transition Plan
At 2:01 PM +0100 7/26/07, Stephen Wilcox wrote: well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not Wow... you mean that they're not announcing general IPv6 availability two years before they have to? I'm so surprised. ;-) so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. The number of major backbone operators looking into IPv6 is already quite high, and will likely approach 100%. The alternative is carriers having to explain to the analyst community that they lack a business plan for new data customer growth once large IPv4 blocks are no longer generally available. /John
Re: History of the EPO (Emergency Power Off)
When I was designing a sizeable machine room at BU I remember getting into a bit of a debate with someone from buildings because they wanted (I think the numbers are right) 140F sprinklers and I wanted 175F sprinklers, images of an accidental sprinkler discharge dancing in my head (we had halon and all that, but 140F at the ceiling didn't seem all that high w/ all those big racks.) Me: *I've* got over $2M in computers in that room! Him: *I've* got over $20M building around that room! Me: You win! -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Why do we use facilities with EPO's?
I do. Hurricane Wilma, blew the roof off our building, water pouring in pooling under the floor and onto the PDUs and UPS (800amps of 480v). We wanted to save the data on the servers, had to hit the EPO to enter the room (anyone have an idea of how far that much power would arc?). It was STILL quite scary since the batteries were still charged, I actually flipped the breaker on the UPS. Not fun to be around that much power when there is a lot of water. Only time I've ever seen an EPO hit in person. Jerry Pasker wrote: I've always wondered who died or was injured and caused the EPO to come in to existence. There have been lots of EPO caused downtime stories, but does anyone on the NANOG list even have one single Thank God for the EPO story? I'll feel better about the general state of the world if I know that the EPO actually has a real valid use that has been ACTUALLY PROVEN IN PRACTICE rather than just in someone's mind. -Jerry Is so anti EPO, he has no remote EPO buttons, and even has the irrational fear about the jumper on the EPO terminal strip inside his UPSes coming undone.
Level3 / Qwest routing issues earlier today?
Hi Guys, Was anyone else seeing anything weird going on today? I have an OC-3 to Qwest, and another OC-3 to Level3, (among 2 others to different providers) and when all was well, I was receiving a little over 221,000 prefixes from L3. Then, intermittently I would start losing prefixes from L3 and it would get down to a little over 220,000. When this happened, I noticed I was having intermittent connectivity issues (atleast to one IP I was trying to get to). Doing a traceroute during the outage the packets would hit Qwest's network, then L3's, then drop, or sometimes not. I have since admin downed my BGP peer to L3 and everything has stabilized, but I was wondering if anyone else saw anything going on? Thanks, Chris
RE: Why do we use facilities with EPO's?
(snip) Put another way: Between a 120KVA UPS and a gang of experienced firefighters with charged hoses I'd put my money on the firefighters every time. -- -Barry Shein You realize the UPS systems we're speaking of are much larger? Usually 480 volt, many kVA. Randy
Re: Why do we use facilities with EPO's?
On July 25, 2007 at 14:49 [EMAIL PROTECTED] (George William Herbert) wrote: Seems like the EPO should be a logical AND with the fire alarm system - it only works AFTER you have an existing fire alarm in the building. No, no. If the fire alarm system fails, the fire responders need to be able to hit the EPO and be sure that it works anyways. It has to be an absolute - firefighters have to know that the thing they hit was the only, and right, thing, and that they aren't going to die because they sprayed water on an energized but on fire electrical system backed by a 120 KVA UPS or some such. I worked three years with the boston fire dept, albeit quite a few years ago, and rode into many fires and don't generally remember them being much concerned about hitting *anything* with a high-pressure stream of water if it's on fire. Remember all those rules you know about not using water on electrical or chemical fires? Doesn't really count if you have charged fire hoses and know what you're doing except in some special circumstances (they did foam things occasionally, very occasionally, foam costs money!) If they needed the power out, perhaps due to a gas hazard, they generally go for the power out in the street, calling in the power co if there's time or, well, one of the firefighters usually knows how to cut a building's power, between them they usually know just about everything they need to know about stuff like that. I have no doubt if they saw an EPO and the room on fire they'd hit it immediately, why not, as you say it can only make things safer (plus or minus emergency lighting working but they should have their own.) But unless there was an explosion hazard I don't remember there being much concern. Water pressure and getting the equipment positioned and working was a concern (after life and limb of course.) Put another way: Between a 120KVA UPS and a gang of experienced firefighters with charged hoses I'd put my money on the firefighters every time. -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
RE: Where did freeipdb IP utility site go?
Are there any good tools for IPv6 address management? --- Thanks, - Joseph W. Breu, CCNA phone : +1.319.268.5228 Senior Network Administratorfax : +1.319.266.8158 Cedar Falls Utilities cell : +1.319.493.1686 support: +1.319.268.5221 web: www.cfu.net
RE: Where did freeipdb IP utility site go?
Are there any good tools for IPv6 address management? There's so many bits they don't need managing brandon
Re: Why do we use facilities with EPO's?
Barry wrote: I worked three years with the boston fire dept, albeit quite a few years ago, and rode into many fires and don't generally remember them being much concerned about hitting *anything* with a high-pressure stream of water if it's on fire. Remember all those rules you know about not using water on electrical or chemical fires? Doesn't really count if you have charged fire hoses and know what you're doing except in some special circumstances (they did foam things occasionally, very occasionally, foam costs money!) Around here (Silli Valley) the firefighters I know are pretty aware of the risks of electricity. They say that some of them have been fried by UPSes. And hazmat; we have the large containers of WMD-grade-toxic silicon fab gases being shipped around. -george william herbert [EMAIL PROTECTED]
Re: Routing public traffic across county boundaries in Europe
good luck with that :) On 7/26/07, Scott Weeks [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? scott -- [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key
Re: An Internet IPv6 Transition Plan
--- David Freedman [EMAIL PROTECTED] wrote: I dont feel this sort of behaviour is helpful, I can understand asking for licensing fees for L2VPN/L3VPN technologies since these are products that service providers can levvy a reasonable charge for, but to charge for IPv6 routing capability alone, at the time where the discussion of which has never been so serious, leaves a bit of a bad taste in one's mouth. Not all equipment vendors do this, and this could be used as a discriminator between them when selecting new equipment (or could be a spur toward considering different platforms when upgrading). -David Barak David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
Re: Routing public traffic across county boundaries in Europe
--- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? scott
RE: Why do we use facilities with EPO's?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Warren Kumari Sent: Thursday, July 26, 2007 12:03 PM To: [EMAIL PROTECTED] Cc: Roy; nanog@merit.edu Subject: Re: Why do we use facilities with EPO's? On Jul 26, 2007, at 12:16 AM, [EMAIL PROTECTED] wrote: Sometime I really need to write down all of the funny things that have happened over the years... Actually, if anyone has other, random funny (?!) stories, pass them along and I'll make a compilation [Howard C. Berkowitz] While working at a distinguished university with a religious affiliation, I learned, as did one of the priest-biologists, not to refer to a piece of instrumentation as possessed. While one of the priest-theologians meant well, we learned what happened when holy water is sprinkled into the high voltage supply of a gas chromatograph. Beckman Instruments was so amused they didn't charge for equipment abuse not under maintenance contract.
Re: Why do we use facilities with EPO's?
On Jul 26, 2007, at 12:16 AM, [EMAIL PROTECTED] wrote: On Wed, 25 Jul 2007 12:43:17 PDT, Roy said: Funny story about that and the EPO we have here... ... Story #1 Story #2 Story #3 Story #4 I'm still working at the place mentioned in a previous post -- I was only there for 3 months (actually one day less than 3 month, I know this because the recruiter only got his commission when I was there for at least three months, if I'd know this I would have stuck it out for another few days), but have more funny stories from this place than any other, anyway, onto the story: One of the server rooms becomes unusable and needs to be rebuilt[0], so everything needs to be migrated out of the existing room and into new space -- this includes a large APC Symmetra UPS. We shut down the UPS and pull all of the batteries out of both it and the expansion shelves so that we can move it with a pallet lift. We move everything into the new space and its time to put the UPS back together. I quickly decide that lifting large numbers of heavy batteries into the shelves is not fun, so I show the random helper dude what to do... You pick up this big, heavy thing and put in into this cubbyhole type spot, then you connect this large connector and slide the battery back, lather, rinse, repeat I watch him do the first one and he seems to have it figured out... I wander off to go hook up some fiber or something and peer down the corridor every now and then to make sure he still has this under control. Surprisingly enough he is managing ok and hasn't wandered off to take a nap or anything. He gets down to the last few batteries and seems to be having some issues, but I figure he'll work it out, so I carry on with what I am doing... I peer down the corridor again and he is sitting on the floor with his back braced against something, pushing the battery into place with his feet... Whoa, this can't be good, I think, just as there is a LARGE bang, a big flash and much smoke and fire Turns out that for the last battery he managed to get the cables caught between the side if the battery and the side of the (sheet- metal) case. When it didn't just slide easily back, he pushed it really hard and the edge of the case chomped through the cable creating a dead short -- this literally vaporized a crescent of metal from the case around 5 inches in radius, flung bits of molten case and battery leads all over the place and ignited the cardboard that we put on the pallet to soften it... Much hilarity ensues... Sometime I really need to write down all of the funny things that have happened over the years... Actually, if anyone has other, random funny (?!) stories, pass them along and I'll make a compilation W [0]: Have you ever noticed that places that use gas fire suppression systems either have doors that open outwards and / or big dampers (like http://www.c-sgroup.com/product_home.php? section=exploventpage=3) ? Ever wonder why? :-) -- With Feudalism, it's your Count that votes.
AW: TWTC issue with Foundry routers?
Hello Ryan, There was a bug in one of the elder firmwares that caused bgp-sessions to be reset when prefixes with more than 4 or maybe 6 communities were received. You should update your firmware - I think this issue has been resolved a long while ago. You can also check the foundry-nsp-list/archives. Best regards, Gunther
Re: TWTC issue with Foundry routers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As a Foundry user utilizing Communities this caught my eye...I found a similar post to Nanog last year that pointed me in the right direction on this I think. It seems the author of that post seems to have hit the nail on th head. Your debugging shows Jul 25 15:57:21 BGP: 1.2.3.49 rcv invalid COMMUNITY attribute flag d0 Decoded, the Attribute flag 'd0' means the attribute is: Optional, transitive, and extended (greater than 255 octets) It seems when the FI400 receives the 'd0' flag stating that the next update has an extended attribute field, it borks. I'd guess this due to a large amount of Communities attached to that prefix for whatever reason. Though I suppose the upstream router could be at fault for flagging 'd0' and then sending a _non_ extended attribute. Its hard to tell. One would assume that the FI400 should merely discard that update rather than take the session down, but I need to read more into the RFC to know for sure. Sorry I don't have a definitive answer, but you might ask TWTC to _actually_ not send you communities and see if it goes away. :) Either way it seems a call to Foundry TAC is in order as this is unacceptable behavior. Original Post from 2006: http://www.merit.edu/mail.archives/nanog/2006-04/msg00034.html /Ryan David Hubbard wrote: Anyone know of any changes that were made with TWTC (AS 4323) last night that may have affected those running Foundry routers? We peer with a number of providers and last night our TWTC connection went down with: Jul 25 15:57:22:N:BGP Peer 1.2.3.49 DOWN (Attribute Flags Error) Jul 25 15:57:14:N:BGP Peer 1.2.3.49 UP (ESTABLISHED) If I debug updates on that session I get: (Lines added for readability) Jul 25 15:57:21 BGP: 1.2.3.49 rcv UPDATE 142.166.102.0/24 Jul 25 15:57:21 BGP: 1.2.3.49 rcv UPDATE w/attr: Origin=IGP AS_PATH=AS_SEQ(2) 4323 8881 8881 8881 30915 NextHop=1.2.3.49 COMMUNITY=4323:51 4323:501 4323:1003 4323:2001 4323:2503 4323:34510 4323:5 65101:1003 65102:4 65103:1 65104:301 Jul 25 15:57:21 BGP: 1.2.3.49 rcv UPDATE 193.27.220.0/23 Jul 25 15:57:21 BGP: 1.2.3.49 rcv UPDATE w/attr: Origin=IGP AS_PATH=AS_SEQ(2) 4323 2828 19092 14188 14188 14188 14188 14188 NextHop=1.2.3.49 COMMUNITY=4323:51 4323:501 4323:1015 4323:2503 4323:36410 4323:5 65101:1015 65102:4 65103:1 65104:301 Jul 25 15:57:21 BGP: 1.2.3.49 rcv UPDATE 64.13.0.0/22 Jul 25 15:57:21 BGP: 1.2.3.49 rcv invalid COMMUNITY attribute flag d0 Jul 25 15:57:21 BGP: 1.2.3.49 rcv UPDATE w/attr: Origin=IGP AS_PATH=AS_SEQ(2) 4323 12956 3352 NextHop=1.2.3.49 ATOMIC_AGGREGATE AGGREGATOR AS=3352 Speaker=81.46.63.133 The router is a Foundry NetIron 400 running their 7.8 code. We have two of these talking to Level 3, TWTC, Cogent, Uunet and ATT and only the TWTC had an issue. They sent me a default route instead of full routes and the session came up and was stable; go back to full routes and error. They admitted to me this afternoon that three other customers are having the same issue. That's when we started wondering if they changed something that the Foundry code doesn't like. Interesting though is that they claim to not be sending me communities while the output above indicates they are. Any ideas; be nice to get the link back up. :-) Thanks, David - -- Ryan M. Harden, BS, KC9IHX Office: 217-265-5192 CITES - Network Engineering Cell: 630-363-0365 2130 Digital Computer Lab Fax:217-244-7089 1304 W. Springfield email: [EMAIL PROTECTED] Urbana, IL 61801 University of Illinois - Urbana/Champaign - All your Base - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFGqLedtuPckBBbXboRAo+hAJ9lmxtsgZ5jCRN9K1LQYwxgaYHuGgCfeEkp aMi5H7z3nnAEu1v6jwpKth8= =HtEt -END PGP SIGNATURE-
Re: An Internet IPv6 Transition Plan
On Thu, Jul 26, 2007 at 06:21:59AM -0400, John Curran wrote: At 11:18 AM +0100 7/26/07, Stephen Wilcox wrote: um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Completely incorrect. In order that we can continue to have reasonable routing growth during new customer add, those 10% need to move to IPv6. While you don't have to move your entire infrastructure to IPv6, you need to add IPv6 to the public-facing servers that you'd like to still be Internet connected. well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. Steve
Re: An Internet IPv6 Transition Plan
At 11:18 AM +0100 7/26/07, Stephen Wilcox wrote: um, so thats consistent with what i said.. in fact it implies only a very small number of organisations need to pay close attention and those are the ones best suited to implementing policy changes to ensure their users continue to have a good service this means 90% of orgs can probably wait and see what the 10% do first.. Completely incorrect. In order that we can continue to have reasonable routing growth during new customer add, those 10% need to move to IPv6. While you don't have to move your entire infrastructure to IPv6, you need to add IPv6 to the public-facing servers that you'd like to still be Internet connected. /John
RE: Why do we use facilities with EPO's?
FWIW, do you imagine that's terribly large for urban firefighters in the big scheme of things, not just computer rooms? My memory could be wrong but I remember the John Hancock building, 60 stories, pulls about 1.5MW...I remember Boston Edison mentioning this in discussing a design I was working on of a supercomputer facility, that we were asking for more power than the hancock building which was ok but it presented...challenges. Factories can pull a lot of power also (that room was never built.) Anyhow, once you're beyond a pea-shooter I don't think procedures for firefighting vary a whole lot, other than some outliers. -b I guess my point was that it's safer to power off a UPS system as best you can before you shoot water at it. :) Most likely you are doing this at somewhat close proximity, with step-down transformers nearby, etc. An EPO not only shuts down the power feed to the UPS, but the UPS as well. Which is a good thing. A properly placed EPO and warning signs, as well as proper training of your customers and vendors should minimize the risks associated with an EPO. Look, if someone is hell bent to destroy your facility, EPO or not, they will succeed. Randy
RE: Why do we use facilities with EPO's?
On July 26, 2007 at 16:25 [EMAIL PROTECTED] (Randy Epstein) wrote: (snip) Put another way: Between a 120KVA UPS and a gang of experienced firefighters with charged hoses I'd put my money on the firefighters every time. -- -Barry Shein You realize the UPS systems we're speaking of are much larger? Usually 480 volt, many kVA. FWIW, do you imagine that's terribly large for urban firefighters in the big scheme of things, not just computer rooms? My memory could be wrong but I remember the John Hancock building, 60 stories, pulls about 1.5MW...I remember Boston Edison mentioning this in discussing a design I was working on of a supercomputer facility, that we were asking for more power than the hancock building which was ok but it presented...challenges. Factories can pull a lot of power also (that room was never built.) Anyhow, once you're beyond a pea-shooter I don't think procedures for firefighting vary a whole lot, other than some outliers. -b
Re: Routing public traffic across county boundaries in Europe
In article [EMAIL PROTECTED], Scott Weeks [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? I'm a Dutch network engineer and I have never heard of this. Mike.
Re: An Internet IPv6 Transition Plan
At 01:22 PM 7/26/2007, you wrote: Let us not forget that network vendors are now capitalising on the requirement to purchase expensive licensing for such features as native IPv6 routing and 6PE, on their mid to high end kit. I dont feel this sort of behaviour is helpful, I can understand asking for licensing fees for L2VPN/L3VPN technologies since these are products that service providers can levvy a reasonable charge for, but to charge for IPv6 routing capability alone, at the time where the discussion of which has never been so serious, leaves a bit of a bad taste in one's mouth. This is one reason we moved to the Foundry XMR. Their purchase price includes all features such as ISIS, BGP, MPLS, IPv6, etc. Since other vendors charge too much (imho) for licensing, some projects like MPLS enabling a network or moving to IPv6 will not happen right away. New services will not be added which will not lead to new gear being purchased to help keep up with the growth of new services. If a few engineers want to play with some features or add a new service for a single client or two as a trial, but it is a multi-million dollar exercise in licensing, it won't happen until there is a business case and by then you are following the herd and not leading it. By that time your people are 2-3 years behind their peers in learning how to implement and support the new technology and you've lost potential clients and services too. Just my $.02. -R Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin
Re: Why do we use facilities with EPO's?
On Wed, 25 Jul 2007 12:43:17 PDT, Roy said: Funny story about that and the EPO we have here... ... Story #1 Story #2 Story #3 So about 4 -5 years ago, we were in the middle of a major renovation of our server room. Moving machines all over the place, trying to clear about 6K contiguous square feet of floor space to drop a top-5 supercomputer in. Upgrading the power, bringing in another 1.5Mw feed, cooling to get the resulting BTUs *out*, etc. And we decide it's time to put in a new 600kw diesel backup generator to replace the old one that was way too small, for all the non-supercomputer systems in the room. So we take a multi-hour outage one Saturday for a full powerdown so we can wire all the new UPS gear in. And one of our scarier moments is rebooting the Sun E10K, because it was a bit long in the tooth, and had 400 disk drives, and hadn't been powered off in so long we weren't sure if it *would* power up again without field engineering assistance. And it *had* to come back up, because it had all the Oracle databases that had all our business records, HR, student records, everything. There's a few tense moments - we lose about a dozen drives, but fortunately they're all in RAID sets and no more than one drive per set died. We also notice that we dodged a bullet - the main boot drive was supposed to be mirrored, but due to a config error, wasn't. Tuesday, that boot drive is moved, it's now mirrored on 2 drives. Friday, some construction guys come in to move the main entrance door into the room - it has to move about 20 feet to the right so you can go *around* the supercomputer, rather than walk straight into it. And as per plan, one of them starts moving the kind of odd light switch junction box next to the door, to its new location next to the new door. Unfortunately, as *not* per plan, he fails to double-check with our Facilities team that it's been disarmed first... 5 seconds later, it's very quiet and foggy in the room, as the Halon has dumped and the interlock with the EPO has killed the power. Several hours later, we finally get to start powering up the Sun E10K. The good news: We only lost 2 drives out of 400 this time, rather than a dozen. The bad news: Guess which 2 failed. pgpWcJoYkImdr.pgp Description: PGP signature
Reliance / Flag telecom buys Yipes - $300m
http://www.thehindubusinessline.com/2007/07/18/stories/2007071850650400.htm -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Why do we use facilities with EPO's?
On Wed, Jul 25, 2007 at 07:47:48PM -0400, David Lesher wrote: I've never designed or looked into a EPO installation; but I'm astonished such does not use a Normally-Closed pushbutton in a fail-to-off circuit. Similarly... If you have electric locks on your exit doors; every installation I have seen has a couple of such aspects: a) You must have an exit override. If an electric strike, an interior knob is good. If a [Locknetics-style] mag-lock, you need an exit button. That button SHALL be a NC pushbutton in series with the magnet. [In other words... No, you can't have the pushbutton connected back to some controller box on the 3rd floor where it generates an interupt that will drop the lock power... or it's supposed to...] Sorry I've seen a few that dont have an exit override. b) When the building fire drop is pulled, you SHALL drop the lock power to the mag locks. I've seen at least one that does not do this. And while local fire codes vary widely; given those were in the rules for a USG SCIF I worked in; I somehow doubt you'll be able to get more lenient treatment based on the import of the data center's operation. That depends on a bunch of criteria.. override buttons and failure when power goes out create significant security risks. If you are a bank or have very secure data then you might consider these to be ways in which an intruder might compromise your security. From what I've seen tho, when you remove the ability to exit in this way then you also find you have a lot of control procedures imposed to avoid unnecessary risk to employees or visitors. Steve
RE: Level3 / Qwest routing issues earlier today?
From: Chris Riling Hi Guys, Was anyone else seeing anything weird going on today? I have an OC-3 to Qwest, and another OC-3 to Level3, (among 2 others to different providers) and when all was well, I was receiving a little over 221,000 prefixes from L3. Then, intermittently I would start losing prefixes from L3 and it would get down to a little over 220,000. When this happened, I noticed I was having intermittent connectivity issues (atleast to one IP I was trying to get to). Doing a traceroute during the outage the packets would hit Qwest's network, then L3's, then drop, or sometimes not. I have since admin downed my BGP peer to L3 and everything has stabilized, but I was wondering if anyone else saw anything going on? I think there was something going on between Qwest and L3, I saw the same thing with traffic coming from a network I have equipment on which is connected with Qwest and tracing to our home AS which has L3 amongst others. I set a community for L3 to not advertise my prefixes to Qwest to get around it. It appears back to normal now though, I just tested. Dave
Re: An Internet IPv6 Transition Plan
On Thu, Jul 26, 2007 at 01:25:51PM -0400, John Curran wrote: At 2:01 PM +0100 7/26/07, Stephen Wilcox wrote: well, the empirical data which is confirmed here is saying that those 10% are burning most of the v4 addresses and we are not seeing them rollout v6 whether they 'need to' or not Wow... you mean that they're not announcing general IPv6 availability two years before they have to? I'm so surprised. ;-) they need to be announcing availability well in advance of a forced need to transition and based on the projected timescales 2 yrs in advance has already passed them by so you sound right in theory, but in practice your data doesnt show that is occuring and it also suggests those 10% are actively supporting 'the wall' approach. The number of major backbone operators looking into IPv6 is already quite high, and will likely approach 100%. The alternative is carriers having to explain to the analyst community that they lack a business plan for new data customer growth once large IPv4 blocks are no longer generally available. ah yes of course.. looking into, producing reports. but where are they at really? : - how many of those have obtained address space sufficient to cover their customer base already? - how many of those networks have made the trivial step of announcing their v6 blocks in BGP? - how many of them have already got native v6 running in their backbones and on their services (mail, dns etc).. fundemental advance prerequisites to any complicated end user deployment i think the number with one of the above is a reasonable percentage, with two of the above is small and three of the above.. are there any? Steve
Re: San Francisco Power Outage
On 7/25/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ... fire department evacuating the data center, cutting off electricity in the area, and forbidding the diesel generators to be switched on? I know a guy who was at the US Data Centers Inc facility in Marlborough, MA (before USDCI failed). Soon after they first opened it up, they had a fire. The problem was the fire was *in* the giant APC/Silicon system they had. They had to kill the APC, and that took the load down too. So they installed an external transfer switch, rather than depending on the one built-in to the APC system. There was some SNAFU with the wiring, so right after the install, there was an electrical fire -- this time in the external transfer switch panel. While I suspect poor planning/testing contributed to their woes, it still goes to show: Some days you're the windshield, and some days you're the bug. -- Ben
DNSSEC deployment at IANA (was Re: DNS Hijacking by Cox)
On Sun, 22 Jul 2007, Steven M. Bellovin wrote: And people wonder why I support DNSsec Followups probably should go to the DNS mailing lists At IEPG, IANA gave an update on the progress being made to implement signing of the root/infrastructure-tlds zones. http://www.potaroo.net/iepg/2007-07-ietf69/notes.txt https://ns.iana.org/dnssec/status.html
Re: Routing public traffic across county boundaries in Europe
On Thu, Jul 26, 2007 at 08:52:55AM +0100, Andy Loukes wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. I'm not in a position where I would know for sure, but I'd be surprised if it were the case, in a atmosphere of European common market and police cooperation and all European police-judiciary trust all other European police-judiciary even more than the ones of US states do (as in a Dutch judge can issue a arrest warrant and French / German / ... police will execute it without intervention of a French / German / ... judge, nor decision by any administration, ... Possibly, it could be construed as a violation of the concept of European common market, and thus it is forbidden to forbid. What I would expect is that you still have to obey lawful intercept legislation, so you need to interconnect with the government black box rooms, and these are at the major IXs in the country. (And I've repeatedly heard that in the Netherlands, for some time in the past at least, the way the ISPs got rid of the lawful intercept obligation was to have the AMS-IX send a copy of *all* the traffic to the government black box. Not that they had to do that, but it was the easiest / cheapest way.) If there were any such obligation, I'd expect the real reason not to be the egress country can snoop, but it is harder for the originating country to snoop. Also, I've heard that Canada had (maybe still has) this legislation forbidding you to route intra-Canadian *telephone* traffic through another country. Something about else nobody would build a intercontinental coast-to-coast Canadian network, would just send long-distance traffic to the USA, go to other coast and send it back to Canada and being this dependent on a foreign country, that's bad. -- Lionel
Re: Where did freeipdb IP utility site go?
Incredibly enough, I contacted the maintainer about this a while ago. Here is the cut paste: Looks like we forgot to renew the domain registration. I was leaning towards the idea of moving it to something like sourceforge, but I wanted to clean up some things first. The page is available at: http://home.globalcrossing.net/~freeipdb/ -monte On Thu, Feb 01, 2007 at 03:36:52PM -0700, Randal Kohutek wrote: FreeIPdb - It seems like freeipdb.org is now owned by a domain squatter or something similar. Do you guys still have the code running around somewhere? I found some of it on archive.org, and would like to mirror it or something, as I like the product and work at a datacenter that can do that kind of thing. Please let me know! ## On 7/25/07, Brian Raaen [EMAIL PROTECTED] wrote: I was trying to investigate some the ip management tools and followed the link www.freeipdb.org and was more than a little upset with what I found. This domain name apparently has been taken by a porn site that is wanting to auction it off. does anyone know if the project died or if it changed domain names. I have removed the reference to it in the wiki page, but there are other references to the site on the NANOG site. I am not sure who will need to remove the links, but they no longer point to an ip management tool. If the utility still exist I would be intersted in finding it, as I saw not able to dig it up on a quick Google search. -- Brian Raaen Network Engineer [EMAIL PROTECTED]
Re: History of the EPO (Emergency Power Off)
Many years ago when we were much, much smaller, the EPO was wired to a special EPO circuit breaker on the main panel which fed the subpanel for the datacenter room. A short on that breaker was like pressing the test switch on a GFCI breaker. Do most people who do have functional (as opposed to decorative) EPO buttons have them connected to the building/suite mains disconnect? or to the output of your UPS units? to a special EPO panel which trips the EPO cutoffs on other units? I'd guess what you are describing is what is known as a SHUNT TRIP coil in the large breaker you need to trip. This is a readily available option even on relatively small breakers - just feed it power and it trips the breaker. However it does need seperate power run through the EPO button and fed from a small dedicated 15 or 20AMP normal branch circuit breaker. Once the inspector has permanently departed, that little breaker can be accidentally left tripped and then the EPO function does not work - no wiring/unwiring skills needed. Ususal issues of liability, so decide if/how to inform other staff.
Telenor AS8210 and AS8434 technical contact?
I must apologize for posting this anonymously. Can anybody provide me with a technical contact at Telenor (AS8210 and AS8434) to discuss European Teleport / VSAT network issues? Thanks...
Re: An Internet IPv6 Transition Plan
James R. Cutler wrote: Cost of operating v4/v6 combined for some time includes, among other things: 1. Help Desk calls resulting from confused customers wanting configuration help. 2. Memory for Routing Information for IPv4 plus IPv6. 3. Help Desk calls resulting from errors by confused engineers trying to work both protocols on too many devices. 4. Cost of documentation and training for Help Desk personnel. 5. Cost of Linksys WRT54G-IP6 or equivalent because of increased memory and programming requirements. 6. Cost of software maintenance for network core router software -- didn't we just go through getting rid of DECnet, SNA, IPX/SPX, and AppleTalk because of this, among other reasons?? 7. Marketing cost of being perceived as obsolete. 8. Opportunity cost due to more complex delivery configurations slowing down sales. 9. Cost of IP Naming and Addressing Management due to multiple protocol complexity -- didn't we just go through getting rid of DECnet, SNA, IPX/SPX, and AppleTalk because of this, among other reasons?? Let us not forget that network vendors are now capitalising on the requirement to purchase expensive licensing for such features as native IPv6 routing and 6PE, on their mid to high end kit. I dont feel this sort of behaviour is helpful, I can understand asking for licensing fees for L2VPN/L3VPN technologies since these are products that service providers can levvy a reasonable charge for, but to charge for IPv6 routing capability alone, at the time where the discussion of which has never been so serious, leaves a bit of a bad taste in one's mouth. Dave.
