Re: Internet Traffic Begins to Bypass the U.S.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Jim Mercer <[EMAIL PROTECTED]> wrote: >UAE/Dubai is a major landing point for many asian/indian ocean fibers, but >there is no equivilent of One Wilshire/60 Hudson/etc. > >so, as the data finds more and better direct routes to the end user, >reducing the need to route through the US, there is still a penchant for >hosting the primary data there. A direct route to the criminals, too: http://www.arabianbusiness.com/530800-uae-banks-step-up-security-after-card - -theft - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIzf5Nq1pz9mNUZTMRAjcnAKC6o9PncwyXAQ3P8kIZC1Ca0n60nACeNLzV P/rKYAjJGGKbp1GDaMvgx2Y= =lbak -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Internet Traffic Begins to Bypass the U.S.
On Mon, Sep 15, 2008 at 06:11:28AM +0530, Murtaza wrote: > Nothing if the reason isn't to avoid the US to prevent interception. ie. > my point was the people are doing this for engineering reasons not > political ones as was implied by that article. > > I don't see it sinister even if someone wants to avoid US due to > interception. But, yes I agree people are doing for engineering reasons. > But, it still is impossible in many asses, as ISPs in many countries are > still not cooperating with each other. speaking from the middle east, i have been advising my clients against co-location/hosting in the US due to potential political issues. the current US policy of "detain first, question later" has the potential for serious customer relations issues, should one of the TLAs become interested in your data. oddly enough, the ISP's in the region have not caught on to the potential winfall of providing cost effective hosting locally, so therefore, the bulk of the hosting for companies in the region is primarily done in the US, then in EU, then, maybe locally. if you drive down Sheikh Zayed Road in Dubai, and check where the hosting is for 90% of the URL's on the billboards (even those with .ae domains), you will find that they follow the above pattern. a primary example is that of du.ae, one of the only two incumbent/dual-opoly providers for the UAE, hosts its own website and customer portal in Canada, even though it has a perfectly fine data center (if not more than one) in Dubai. UAE/Dubai is a major landing point for many asian/indian ocean fibers, but there is no equivilent of One Wilshire/60 Hudson/etc. so, as the data finds more and better direct routes to the end user, reducing the need to route through the US, there is still a penchant for hosting the primary data there. -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 "I'm Prime Minister of Canada, I live here and I'm going to take a leak." - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, "Who are you and where are you going?"
Re: Internet Traffic Begins to Bypass the U.S.
Other cable systems predated FLAG (at least for voice). SEA-ME-WE predates FLAG by almost a decade. I'm sure some digging would reveal a bit more on that path either submarine or terrestrial. MMC On 15/09/2008, at 11:06 AM, Joe Abley wrote: On 14 Sep 2008, at 19:41, Jean-François Mezei wrote: Did western europe ever really have a primary route via the USA to reach asia ? Yes, I think so. If I remember correctly, before FLAG started laying cables, there was no terrestrial route to Asia from Europe that didn't involve North America. Joe -- Matthew Moyle-Croft Internode/Agile Peering and Core Networks Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia Email: [EMAIL PROTECTED]Web: http://www.on.net Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999Fax: +61-8-8235-6909
RE: ARP Table Timeout and Mac-Address-Table Timeout
Steven: This was recently discussed on cisco-nsp: http://marc.info/?l=cisco-nsp&m=121316151010190&w=2 Frank -Original Message- From: Steven King [mailto:[EMAIL PROTECTED] Sent: Sunday, September 14, 2008 7:27 PM To: nanog@nanog.org Subject: ARP Table Timeout and Mac-Address-Table Timeout I am a network engineer for a large web hosting company. We are having an issue with our distribution routers flooding traffic in one of our VLANs. We have a customer with a routed mode ASA 5550. They have their own private VLAN that is a /23 This VLAN is 145. The outside interface of the firewall is in VLAN 132. We are routing all traffic for VLAN 145 to the IP of the outside interface of the firewall in VLAN 132. VLAN 132 is Layer3 routable and VLAN 145 is only Layer2 switchable. We have two distribution switches which are redundant with HSRP. Dist1 is the active forwarder in this case. Traffic coming into these two routers are load balanced between Dist1 and Dist2 with EIGRP routes with equal cost. We have found that traffic coming into Dist2 (the standby) is flooding traffic destined for the firewall outside interface. But Dist1 is not. We have tracked down the cause of this to the MAC-Address-Table timing out before the ARP table times out. We leave these values at the Cisco default. ARP = 4hr MAC = 5 minutes. Since Dist2 is not receiving any traffic from the firewall going out to the internet, it is not updating the MAC-Address-Table after it expires. Instead, it waits 4 hours for the ARP cache to expire for that IP, and then updates everything. But Dist2 ends up flooding traffic for that 4 hours causing latency. We have done some research on this problem and have found so far the best solution to be to make the ARP timeout less than the MAC-Address-Table aging-timer.We have set the ARP = 1hr and MAC = 2hrs in this case to correct the problem. So when the ARP entry times out before the MAC entry, the forced update of the ARP entry before the MAC timeout causes the MAC entry age to reset. Indeed this does correct the problem. Is this the best solution to the problem, or is there another preferred solution? Has anyone ran into this in their own Enterprise Networks? Please let me know if I didn't explain anything well enough. -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA Network+ Certified Professional CompTIA A+ Certified Professional
Re: Internet Traffic Begins to Bypass the U.S.
On 14 Sep 2008, at 19:41, Jean-François Mezei wrote: Did western europe ever really have a primary route via the USA to reach asia ? Yes, I think so. If I remember correctly, before FLAG started laying cables, there was no terrestrial route to Asia from Europe that didn't involve North America. Joe
Re: Internet Traffic Begins to Bypass the U.S.
On 15/09/2008, at 10:46 AM, Jean-François Mezei wrote: Matthew Moyle-Croft wrote: Most Asian providers (at least Northern Asia) use USA, Atlantic path to get to Europe. The capacity going Westt isn't that high in comparision, so the extra latency hit is well offset by the much reduced cost. I take it voice would have priority for use of the existing europe- asian links ? Probably - voice is pretty small in the scheme of things (my estimate is less than 1% of used capacity out of Australia (used not lit)). But, from Australia to Europe the difference in latency East vs West may not make a LOT of difference to voice where 150ms-200ms one way isn't too bad. When there were a number of cable cuts in middle east last year, I remember BBC mentioning that internet access to asia was much slowed due (this was significant to those companies who had outsourced a lot of stuff from europe to India). I guess this would have been more of media hype than reality ? I suspect it did slow it down - I was talking more Northern Asia (China, Japan, Korea) than India. Companies who relied on purchasing, corporate links between India and Europe (for example) would probably be happy to pay the premium for low latency path direct, whereas IP transit providers want cheap, bulk capacity that the Northern Pacific routers offer. For instance, out of Australia we have a single, old cable going West out of Perth to Singapore (SEA-ME-WE3) which allows only low speed circuits, Was there any thought about building cables to singapore from darwin now that it has had fibre links to the rest of australia for over a decade ? Ha! Darwin has the incumbent only. It's cheaper to go around the world than from Australia to Darwin. Perth will be the place again as there is a reasonable amount of trans- Australian capacity across the Nullabour. Although a Darwin break out from such a cable would be welcome, but the small population in the Northern Territory maybe doesn't make it viable unless a big mining /oil drilling/gas firm wants a lot of capacity. Hopefully the extension of the Singapore->Indonesia cable Matrix have/ are building to Perth will happen in 2010/11. Although, personally, I'd love to see a Perth-Chennai cable given what's going on in India. MMC -- Matthew Moyle-Croft Internode/Agile Peering and Core Networks
Re: Internet Traffic Begins to Bypass the U.S.
Matthew Moyle-Croft wrote: > Most Asian providers (at least Northern Asia) use USA, Atlantic path to > get to Europe. The capacity going Westt isn't that high in comparision, > so the extra latency hit is well offset by the much reduced cost. I take it voice would have priority for use of the existing europe-asian links ? When there were a number of cable cuts in middle east last year, I remember BBC mentioning that internet access to asia was much slowed due (this was significant to those companies who had outsourced a lot of stuff from europe to India). I guess this would have been more of media hype than reality ? > For instance, out of Australia we have a single, old cable going West > out of Perth to Singapore (SEA-ME-WE3) which allows only low speed > circuits, Was there any thought about building cables to singapore from darwin now that it has had fibre links to the rest of australia for over a decade ?
Re: Internet Traffic Begins to Bypass the U.S.
But, it still is impossible in many asses, as ISPs in many countries are still not cooperating with each other. But, it still is impossible in many cases, On Mon, Sep 15, 2008 at 6:11 AM, Murtaza <[EMAIL PROTECTED]>wrote: > Nothing if the reason isn't to avoid the US to prevent interception. ie. > my point was the people are doing this for engineering reasons not > political ones as was implied by that article. > > I don't see it sinister even if someone wants to avoid US due to > interception. But, yes I agree people are doing for engineering reasons. > But, it still is impossible in many asses, as ISPs in many countries are > still not cooperating with each other. > > > On Mon, Sep 15, 2008 at 5:22 AM, Matthew Moyle-Croft <[EMAIL PROTECTED] > > wrote: > >> >> Pardon my ignorance here, but isn't this more of a case of traffic >>> growing outside of the USA which means that traffic within the USA >>> represents a smaller share of the total internet traffic ? >>> >>> >> I suspect so - especially with CDN/Content providers pushing traffic out >> to the edge it means that we (the rest of the world) don't pay so much to >> haul it back from Northern America! (Thanks to those who are doing it - >> you know who you are and we love you for it!). >> >> Japan has 80% of it's internet traffic as domestic, as do a lot of Asian >> countries. As China, Korea and others grow their domestic volumes the %age >> coming from the USA is a lot less. >> >>> >>> Did western europe ever really have a primary route via the USA to reach >>> asia ? (I realise that during the cable cuts in middle east last year, >>> traffic might have been rerouted via USA but this would be a temporary >>> situation). >>> >>> >> Most Asian providers (at least Northern Asia) use USA, Atlantic path to >> get to Europe. The capacity going Westt isn't that high in comparision, so >> the extra latency hit is well offset by the much reduced cost. My point in >> my first post is that this is changing rapidly as people (eg Reliance/Flag) >> are building more capacity West to Europe plus the Trans-Russian terrestrial >> (eg. TEA) are going for fast (and expensive from my understanding). >> >> For instance, out of Australia we have a single, old cable going West out >> of Perth to Singapore (SEA-ME-WE3) which allows only low speed circuits, but >> we've got almost 4 (as of next year) cables going North and East out of >> Sydney. So most Europe traffic to/from Australia is via the USA. >> >> MMC >> >> -- >> Matthew Moyle-Croft - Internode/Agile - Networks >> Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia >> Email: [EMAIL PROTECTED] Web: http://www.on.net >> Direct: +61-8-8228-2909 Mobile: +61-419-900-366 >> Reception: +61-8-8228-2999 Fax: +61-8-8235-6909 >> >> >> > > > -- > Ghulam Murtaza > > -- Ghulam Murtaza Lahore University of Management Sciences
Re: Internet Traffic Begins to Bypass the U.S.
Nothing if the reason isn't to avoid the US to prevent interception. ie. my point was the people are doing this for engineering reasons not political ones as was implied by that article. I don't see it sinister even if someone wants to avoid US due to interception. But, yes I agree people are doing for engineering reasons. But, it still is impossible in many asses, as ISPs in many countries are still not cooperating with each other. On Mon, Sep 15, 2008 at 5:22 AM, Matthew Moyle-Croft <[EMAIL PROTECTED]>wrote: > > Pardon my ignorance here, but isn't this more of a case of traffic >> growing outside of the USA which means that traffic within the USA >> represents a smaller share of the total internet traffic ? >> >> > I suspect so - especially with CDN/Content providers pushing traffic out to > the edge it means that we (the rest of the world) don't pay so much to haul > it back from Northern America! (Thanks to those who are doing it - you > know who you are and we love you for it!). > > Japan has 80% of it's internet traffic as domestic, as do a lot of Asian > countries. As China, Korea and others grow their domestic volumes the %age > coming from the USA is a lot less. > >> >> Did western europe ever really have a primary route via the USA to reach >> asia ? (I realise that during the cable cuts in middle east last year, >> traffic might have been rerouted via USA but this would be a temporary >> situation). >> >> > Most Asian providers (at least Northern Asia) use USA, Atlantic path to get > to Europe. The capacity going Westt isn't that high in comparision, so the > extra latency hit is well offset by the much reduced cost. My point in my > first post is that this is changing rapidly as people (eg Reliance/Flag) are > building more capacity West to Europe plus the Trans-Russian terrestrial > (eg. TEA) are going for fast (and expensive from my understanding). > > For instance, out of Australia we have a single, old cable going West out > of Perth to Singapore (SEA-ME-WE3) which allows only low speed circuits, but > we've got almost 4 (as of next year) cables going North and East out of > Sydney. So most Europe traffic to/from Australia is via the USA. > > MMC > > -- > Matthew Moyle-Croft - Internode/Agile - Networks > Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia > Email: [EMAIL PROTECTED] Web: http://www.on.net > Direct: +61-8-8228-2909 Mobile: +61-419-900-366 > Reception: +61-8-8228-2999 Fax: +61-8-8235-6909 > > > -- Ghulam Murtaza
Re: Internet Traffic Begins to Bypass the U.S.
> For instance, out of Australia we have a single, old cable going West out of > Perth to Singapore (SEA-ME-WE3) which allows only low speed circuits, but > we've got almost 4 (as of next year) cables going North and East out of > Sydney. So most Europe traffic to/from Australia is via the USA. Which is not a political problem, as Australia, New Zealand, Canada, Great Britain and the USA share Echelon and other intelligence systems... Russia, France and Germain might have other feelings about traffic going through the USA or UK when it is not directed to one of above. Rubens
ARP Table Timeout and Mac-Address-Table Timeout
I am a network engineer for a large web hosting company. We are having an issue with our distribution routers flooding traffic in one of our VLANs. We have a customer with a routed mode ASA 5550. They have their own private VLAN that is a /23 This VLAN is 145. The outside interface of the firewall is in VLAN 132. We are routing all traffic for VLAN 145 to the IP of the outside interface of the firewall in VLAN 132. VLAN 132 is Layer3 routable and VLAN 145 is only Layer2 switchable. We have two distribution switches which are redundant with HSRP. Dist1 is the active forwarder in this case. Traffic coming into these two routers are load balanced between Dist1 and Dist2 with EIGRP routes with equal cost. We have found that traffic coming into Dist2 (the standby) is flooding traffic destined for the firewall outside interface. But Dist1 is not. We have tracked down the cause of this to the MAC-Address-Table timing out before the ARP table times out. We leave these values at the Cisco default. ARP = 4hr MAC = 5 minutes. Since Dist2 is not receiving any traffic from the firewall going out to the internet, it is not updating the MAC-Address-Table after it expires. Instead, it waits 4 hours for the ARP cache to expire for that IP, and then updates everything. But Dist2 ends up flooding traffic for that 4 hours causing latency. We have done some research on this problem and have found so far the best solution to be to make the ARP timeout less than the MAC-Address-Table aging-timer.We have set the ARP = 1hr and MAC = 2hrs in this case to correct the problem. So when the ARP entry times out before the MAC entry, the forced update of the ARP entry before the MAC timeout causes the MAC entry age to reset. Indeed this does correct the problem. Is this the best solution to the problem, or is there another preferred solution? Has anyone ran into this in their own Enterprise Networks? Please let me know if I didn't explain anything well enough. -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA Network+ Certified Professional CompTIA A+ Certified Professional
Re: Internet Traffic Begins to Bypass the U.S.
Pardon my ignorance here, but isn't this more of a case of traffic growing outside of the USA which means that traffic within the USA represents a smaller share of the total internet traffic ? I suspect so - especially with CDN/Content providers pushing traffic out to the edge it means that we (the rest of the world) don't pay so much to haul it back from Northern America! (Thanks to those who are doing it - you know who you are and we love you for it!). Japan has 80% of it's internet traffic as domestic, as do a lot of Asian countries. As China, Korea and others grow their domestic volumes the %age coming from the USA is a lot less. Did western europe ever really have a primary route via the USA to reach asia ? (I realise that during the cable cuts in middle east last year, traffic might have been rerouted via USA but this would be a temporary situation). Most Asian providers (at least Northern Asia) use USA, Atlantic path to get to Europe. The capacity going Westt isn't that high in comparision, so the extra latency hit is well offset by the much reduced cost. My point in my first post is that this is changing rapidly as people (eg Reliance/Flag) are building more capacity West to Europe plus the Trans-Russian terrestrial (eg. TEA) are going for fast (and expensive from my understanding). For instance, out of Australia we have a single, old cable going West out of Perth to Singapore (SEA-ME-WE3) which allows only low speed circuits, but we've got almost 4 (as of next year) cables going North and East out of Sydney. So most Europe traffic to/from Australia is via the USA. MMC -- Matthew Moyle-Croft - Internode/Agile - Networks Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia Email: [EMAIL PROTECTED] Web: http://www.on.net Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999 Fax: +61-8-8235-6909
Re: Internet Traffic Begins to Bypass the U.S.
Jamie A Lawrence wrote: What exactly would be sinister about moving traffic through routes that didn't intersect the U.S. border? Nothing if the reason isn't to avoid the US to prevent interception. ie. my point was the people are doing this for engineering reasons not political ones as was implied by that article. We have connectivity to Japan to reduce latency to Asia from Australia (ie. remove the trombone via the US) - this is purely an engineering/commercial decision to improve latency. MMC -- Matthew Moyle-Croft - Internode/Agile - Networks
Re: Internet Traffic Begins to Bypass the U.S.
Hank Nussbacher wrote: > http://www.nytimes.com/2008/08/30/business/30pipes.html?partner=rssuserland&emc=rss&pagewanted=all Pardon my ignorance here, but isn't this more of a case of traffic growing outside of the USA which means that traffic within the USA represents a smaller share of the total internet traffic ? Did western europe ever really have a primary route via the USA to reach asia ? (I realise that during the cable cuts in middle east last year, traffic might have been rerouted via USA but this would be a temporary situation). There may be political issues since the USA decided that there was to be no privacy with regards to traffic flowing to/from non-USA countries (so the 3 letter acronym orgs could spy/record that traffic without warrant). However, I am not sure if other transit providers would have built cables designed to avoid transit via the USA since then. It takes time to build a cable.
Re: Internet Traffic Begins to Bypass the U.S.
I don't think any of this will be because of sinister reasons, just for good engineering reasons and probably just to guarantee, without a doubt, that your circuit does NOT go through One Wilshire! What exactly would be sinister about moving traffic through routes that didn't intersect the U.S. border? -j
Re: Internet Traffic Begins to Bypass the U.S.
Matthew Moyle-Croft wrote: I don't think any of this will be because of sinister reasons, just for good engineering reasons and probably just to guarantee, without a doubt, that your circuit does NOT go through One Wilshire! Just to ensure no confusion - this was just about redundancy and diversity to ensure that not all your circuits go through OW, which is a common US West Coast issue. MMC
Re: InterCage, Inc. (NOT Atrivo)
On Sep 12, 2008, at 3:02 PM, Steve Gibbard wrote: On Fri, 12 Sep 2008, Patrick W. Gilmore wrote: Going back a bit in case you forgot, we were discussing the fact you have NO RIGHT to connect to my network, it is a privilege, not a right. You responded with: "If I have either a peering agreement ... then that contract supports my 'rights' under that contract persuant to my responsibilities being fulfilled." Then you posted this contract as an example of those "rights". From the contract you claim to be "a great model": It's probably correct that any individual player in this industry not under other regulatory restrictions can refuse to do business with somebody they don't like, sometimes. Probably? For the industry as a whole to make a group decision to not do business with somebody who may be a competitor seems more legally risky. Engaging in that sort of thing without getting some good legal advice first would certainly make me nervous. "The industry as a whole"? And who in their right minds considers Atrivo or InterCage a competitor? Are you upset at InterCage for lost child pr0n customers? Since this appears to be somebody who is contracting with lots of US providers, their identity is presumably known. This discussion has now been going on for long enough that it's presumably passed the emergency, "act now; think later," phase. Should what they're doing be a law enforcement issue, rather than a "they've got cooties" issue? You have been around more than long enough to know better than that Steve. And you should be more consistent. Is this a US problem or an Internet problem? -- TTFN, patrick
Re: community real-time BGP hijack notification service
On Sun, 14 Sep 2008, Hank Nussbacher wrote: I have used IAR, PHAS and MyASN and I can say I would not recommend myASN. It is a cumbersome system and very non-intuitive. It is based on an ASN-centric model, whereby each ASN is in its own realm. So if you manage *one* ASN, perhaps this system might work for you. But if you have about 10 ASNs you want to manage, in one central spot, you are out of luck here. Also, you would expect the system to "auto-learn" what prefixes exist under your ASN and then you would have perhaps check boxes to disable or enable monitoring for specific prefixes. With myASN you have to manually type in each and every prefix you have. The same holds true for the newer http://ripe.net/is/alarms/. They also differentiate between origin and transit ASN. Their summary view doesn't show which prefixes are being monitored. No help or FAQ available yet on the beta alarms system. I think I'll need to chime in here, being a user of myASN. I have not tested other systems. To me it seems to work OK. Manual typing etc. is minimized because you can export and import XML; this is the way I entered our prefix information in the database (though if the prefixes change often, maybe updates would be a chore). The database itself AFAIR does not have any restriction on what it's monitoring when you use the advanced interface -- you can insert any AS-path regexes you want, and that way we're managing prefixes from some ~5-10 ASNs. AFAICS, the ASN in login form is only used for identification purposes and in some shortcuts in the basic interface. I agree that to kickstart monitoring, an auto-learning feature could be used. And that documentation is somewhat sparse :-). I've gotten a couple of alarms which may or may have been bogus. One academic site was purpotedly advertising one of our prefixes duing one day for a couple of 1-2 hour periods. Upon asking they said they had not done anything special, and said that their upstreams wouldn't accept that kind of prefix from them anyway. Not sure if that was true, but I didn't purse this further. -- Pekka Savola "You each name yourselves king, yet the Netcore Oykingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
RE: community real-time BGP hijack notification service
The best system so far would be IAR: http://iar.cs.unm.edu/ The email notices are pretty much on time and accurate. Problem is they have changed the system and I believe some forum page/link has gone lost that allows one to manage existing subscriptions as per: http://iar.cs.unm.edu/alerts.php#email Correction: the page exists although difficult to find. As per Josh: "Once you login on the IAR forums, toward the top left of the page is a "user control panel" button. Click that and go to the "profile" tab. At the bottom of that page is a field: "user_ases". -Hank
Re: community real-time BGP hijack notification service
At 03:07 PM 12-09-08 +0100, Andy Davidson wrote: On 12 Sep 2008, at 13:49, Nathan Ward wrote: On 12/09/2008, at 10:42 PM, Gadi Evron wrote: Hi, WatchMy.Net is a new community service to alert you when your prefix has been hijacked, in real-time. I just had a quick play with this, as I've been considering hacking together something similar. Everyone with any interest in this topic should look at the MyASN service from the RIPE NCC (which I use and think is brilliant). http://www.ris.ripe.net/myasn.html " The MyASN service notifies network operators when a prefix is announced with an incorrect AS path. An AS path is seen as incorrect when it does not match with a regular expression. As not everyone is familiar with regular expressions, MyASN provides several easy ways to define typical checks, like "the origin of this prefix must be AS x" or "the origin of this prefix must be AS x and transit may be provided through y or z". However, as any AS path regular expression can be set, the MyASN service is suitable for regular expressions gurus as well. " To address Nathan's point, I recommend the RIPE service because for such a service to be ubiquitously useful, it needs to have many eyes (a view of routing tables at lots of points on the internet) which is where the very well peered situation of RIS comes into effect. At the last RIPE meeting I think i saw RIS had over 600 peers, which it collects at internet exchange points all over the world. I have used IAR, PHAS and MyASN and I can say I would not recommend myASN. It is a cumbersome system and very non-intuitive. It is based on an ASN-centric model, whereby each ASN is in its own realm. So if you manage *one* ASN, perhaps this system might work for you. But if you have about 10 ASNs you want to manage, in one central spot, you are out of luck here. Also, you would expect the system to "auto-learn" what prefixes exist under your ASN and then you would have perhaps check boxes to disable or enable monitoring for specific prefixes. With myASN you have to manually type in each and every prefix you have. The same holds true for the newer http://ripe.net/is/alarms/. They also differentiate between origin and transit ASN. Their summary view doesn't show which prefixes are being monitored. No help or FAQ available yet on the beta alarms system. PHAS doesn't look at ASNs just prefixes. You have to register each and every prefix via their site at: http://phas.netsec.colostate.edu/subscribe.html Problem is to remove prefixes you have to totally unsubscribe via: http://phas.netsec.colostate.edu/unsubscribe.html You can't manage/unsubscribe individual prefixes. And if you registered years ago before they instituted the ID and key factor for unsubscribing (as I did), you have no way to figure out how to unsubscribe from their email notices. Their notices provide many false alarms based on my observation over the past few years. The best system so far would be IAR: http://iar.cs.unm.edu/ The email notices are pretty much on time and accurate. Problem is they have changed the system and I believe some forum page/link has gone lost that allows one to manage existing subscriptions as per: http://iar.cs.unm.edu/alerts.php#email Now for the new boy in town - Watchmy.net. When you register it doesn't say you need at least an 8 char pswd. I did 7. So it wipes out all form data entered (name, phone number, etc.) and makes you start again from scratch. The Web interface seems the most intuitive of all 4 but since I am just starting to use it - I will only discover the warts over the next week. In general, academic systems like UNM and Colostate are the baby of some post-doc and then disappear after they leave or move on. By nature, CS and EE departments don't like ot care to run production systems. That is why I had high hopes for the RIPE system, which unfortunately, IMHO, is the worst. It is funded via membership dues and one would expect that the authors would poll the RIPE community for what functionality they would need. That has not been done. Even when they get feedback (as far back as 2003) they just ignore it and continue doing the development based on what they *believe* is what we need, rather than *asking* what we need. That is why I am hoping that Watchmy.Net will not only listen to the community needs, but also have a committment for long term maintenance. Regards, Hank best wishes Andy
Re: Internet Traffic Begins to Bypass the U.S.
I think it began a while ago, but I suspect it'll increase. There's now two trans-Russian terrestrial systems, and more investment in Asia - Europe cables. Initially the capacity will be used for redundancy and to shorten latencies (ie. just to go around the other way and because it's quicker than going US->Atlantic->Europe from Asia). I don't think any of this will be because of sinister reasons, just for good engineering reasons and probably just to guarantee, without a doubt, that your circuit does NOT go through One Wilshire! MMC Hank Nussbacher wrote: http://www.nytimes.com/2008/08/30/business/30pipes.html?partner=rssuserland&emc=rss&pagewanted=all -Hank -- Matthew Moyle-Croft - Internode/Agile - Networks Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia Email: [EMAIL PROTECTED] Web: http://www.on.net Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999 Fax: +61-8-8235-6909