Barracuda Networks is at it again: Any Suggestions as to an Alternative
You get their filtering power for free and don't have to deal with the hardware, if you don't particularly like it. http://www.barracudacentral.org/ That's not completely true; the Barracuda appliance uses both block-lists and content-based filtering. The block-list is free for anyone who wants it, but the content-based filtering is not. However, the block-list *is* now one of the best ones out there. They had a rocky start, but in the last year they have consistently outperformed most of the other no-charge block-lists both in terms of catch rate and false positive rate. Spamhaus has long been one of my favorites for its performance, but I am now seeing Barracuda beat them each month in catch rate, sometimes by a nice margin. (FP rate for both lists is about the same; VERY close to zero.) If you like Spamhaus, you should try Barracuda block-list and see if it helps in your mail stream. (Every stream is different, so my results may not match your results.) jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
RE: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
I wonder if there's a filter for top-postings in list that have a bottom-posting rule? This thread is very operationally interesting to me but I've lost the plot :( http://www.nanog.org/mailinglist/listfaqs/generalfaq.php?qt=convent refers. PS: I know that some devices actually prevent bottom-posting by default. Workarounds are possible and are evident in other recent posts to this list. Additionally, may I suggest you file a bug report with your vendors or switch to a device that you can control properly :) -- CTRL-d
Re: Barracuda Networks is at it again: Any Suggestions as to anAlternative?
gord wrote: I wonder if there's a filter for top-postings in list that have a bottom-posting rule? This thread is very operationally interesting to me but I've lost the plot :( http://www.nanog.org/mailinglist/listfaqs/generalfaq.php?qt=convent refers. PS: I know that some devices actually prevent bottom-posting by default. Workarounds are possible and are evident in other recent posts to this list. Additionally, may I suggest you file a bug report with your vendors or switch to a device that you can control properly :) It makes the thread very hard to follow. Why not? Please don't top post! I used to have this available for a 'signature', but, with a few exceptions, it seems to fall on blind eyes these days.sigh
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
On 2011/04/09 11:38 AM, Phil Regnauld wrote: Tim Chown (tjc) writes: I don't know quite how high a performance you need. If it's just email spam/viruses you are concerned with, you can run MailScanner for free, see http://www.mailscanner.info. It's been around for 10 years now and used by a lot of big organisations, many of which are listed on the web site. Written by a colleague here at University of Southampton, hence the plug. If you install and run it yourself, there's a good community mail list for support and tips. ... or just run amavisd. MailScanner used to do Bad Things with the Postfix queue, but since then I think they have fixed that, but I will admit to not having any experience with it. I have 6 MailScanner servers in production running with Postfix, not had any 'real' issues in the last few years. As to amavisd: http://www.ijs.si/software/amavisd/ Have been using it on 1 million mails / day with satisfaction
RE: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
On Mon, 11 Apr 2011, Ray Corbin wrote: rantI had experience with Barracuda as outbound anti-spam filters for a very large hosting provider and I won't use Barracuda again. Some of their methods for blocking spam are a tad extreme. At one point they decided to block both yahoo.com and google.com in their domain filters because neither company responded timely to their complaint emails and wanted their attention. Those both have pretty poor reputations for handling outgoing spam and other abuse issues. Yahoo is notorious for the the message in your complaint did not come from our servers response, when any idiot who can read headers can see that it clearly did come from their servers. They've gone a step beyond this recently by refusing to accept spam complaints to ab...@yahoo.com unless they're in ARF format. That raises the bar high enough that unless you have the skills to easily turn yahoo spam into ARF-compliant reports, you can no longer send them complaints when you receive spam from their servers. Google (gmail.com) is the only free-mail provider I'm aware of that hides the spammer's originating IP. All sorts of abuses seem to be tolerated there for much longer spans of time than you'd think it would take the brightest of the brightest to lock things down. i.e. URL redirectors used by spammers for months, phishing collectors reported to Google security, and nothing apparently done about them. Sometimes, the only way to get an appropriate reaction from an org that just doesn't seem to care about its abuse issues is to make those abuse issues cause them some pain. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
RE: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
I don't think they had blocked mail coming/going from yahoo.com/google.com which would have been more careless to their subscribers (especially when our outbound units were processing a few million emails a day from our customers). They blocked the domains so you couldn't have a link to google/yahoo in the body and then set that as an update for all of their devices. I believe it was something about a URL redirect on each site that spammers were using..but this was a several years ago so I don't recall exactly. -r -Original Message- From: Jon Lewis [mailto:jle...@lewis.org] Sent: Monday, April 11, 2011 7:56 AM To: Ray Corbin Cc: nanog@nanog.org Subject: RE: Barracuda Networks is at it again: Any Suggestions as to an Alternative? On Mon, 11 Apr 2011, Ray Corbin wrote: rantI had experience with Barracuda as outbound anti-spam filters for a very large hosting provider and I won't use Barracuda again. Some of their methods for blocking spam are a tad extreme. At one point they decided to block both yahoo.com and google.com in their domain filters because neither company responded timely to their complaint emails and wanted their attention. Those both have pretty poor reputations for handling outgoing spam and other abuse issues. Yahoo is notorious for the the message in your complaint did not come from our servers response, when any idiot who can read headers can see that it clearly did come from their servers. They've gone a step beyond this recently by refusing to accept spam complaints to ab...@yahoo.com unless they're in ARF format. That raises the bar high enough that unless you have the skills to easily turn yahoo spam into ARF-compliant reports, you can no longer send them complaints when you receive spam from their servers. Google (gmail.com) is the only free-mail provider I'm aware of that hides the spammer's originating IP. All sorts of abuses seem to be tolerated there for much longer spans of time than you'd think it would take the brightest of the brightest to lock things down. i.e. URL redirectors used by spammers for months, phishing collectors reported to Google security, and nothing apparently done about them. Sometimes, the only way to get an appropriate reaction from an org that just doesn't seem to care about its abuse issues is to make those abuse issues cause them some pain. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On 9, Apr, 2011, at 16:00 , Owen DeLong wrote: Sent from my iPad On Apr 9, 2011, at 4:31 AM, Job Snijders j...@instituut.net wrote: Dear All, On 8 Apr 2011, at 19:34, Lori Jakab wrote: On 04/08/2011 06:39 PM, Owen DeLong wrote: LISP can also be a good option. Comes with slightly more overhead in terms of encapsulation/etc. than the GRE tunnels I use and has limited (if any) functionality for IPv4 (which GRE supports nicely). Maybe you meant ILNP here? AFAIK, IPv4 and IPv6 are equal citizens for LISP. Comparing GRE with LISP is like comparing /etc/hosts with the global DNS system. ;-) I don't understand the comments about LISP and IPv4. IPv4 works just excellent with LISP. I have a IPv4 block at home which I multi-home over my IPv6-only DSL and IPv4-only FTTH line. LISP is pretty address family agnostic: IPv4 over IPv4, IPv4 over IPv6, IPv6 over IPv4, IPv6 over IPv6, all work without problems. Kind regards, Job Doing IPv4 LISP on any kind of scale requires significant additional prefixes which at this time doesn't seem so practical to me. This is not accurate IMO. To inject prefixes in the BGP is needed only to make non-LISP sites talk to LISP sites. Even there you can aggressively aggregate, as explained in draft-ietf-lisp-interworking. As long as the LISP deployment progress you can even withdraw some prefixes from the BGP infrastructure and advertise only a larger aggregate in order for legacy site to reach the new LISP site. Luigi Owen
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
On Mon, 2011-04-11 at 12:10 +0200, Gabriel Marais wrote: I have 6 MailScanner servers in production running with Postfix, not had any 'real' issues in the last few years. We have just as many -- and yes, it's great. The only thing I'd prefer would be Exim over Postfix, but Mailscanner does make things very pleasant to use. Tom
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
We have just as many -- and yes, it's great. The only thing I'd prefer would be Exim over Postfix, but Mailscanner does make things very pleasant to use. +1 for Exim, although development stalled for a while when Philip Hazel retired its now back on track. Also not happy with Barracuda, have a couple of hosts which are blocked by their blocking list and they've refused to tell me why. Chris
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Apr 11, 2011, at 5:12 AM, Luigi Iannone wrote: On 9, Apr, 2011, at 16:00 , Owen DeLong wrote: Sent from my iPad On Apr 9, 2011, at 4:31 AM, Job Snijders j...@instituut.net wrote: Dear All, On 8 Apr 2011, at 19:34, Lori Jakab wrote: On 04/08/2011 06:39 PM, Owen DeLong wrote: LISP can also be a good option. Comes with slightly more overhead in terms of encapsulation/etc. than the GRE tunnels I use and has limited (if any) functionality for IPv4 (which GRE supports nicely). Maybe you meant ILNP here? AFAIK, IPv4 and IPv6 are equal citizens for LISP. Comparing GRE with LISP is like comparing /etc/hosts with the global DNS system. ;-) I don't understand the comments about LISP and IPv4. IPv4 works just excellent with LISP. I have a IPv4 block at home which I multi-home over my IPv6-only DSL and IPv4-only FTTH line. LISP is pretty address family agnostic: IPv4 over IPv4, IPv4 over IPv6, IPv6 over IPv4, IPv6 over IPv6, all work without problems. Kind regards, Job Doing IPv4 LISP on any kind of scale requires significant additional prefixes which at this time doesn't seem so practical to me. This is not accurate IMO. To inject prefixes in the BGP is needed only to make non-LISP sites talk to LISP sites. Even there you can aggressively aggregate, as explained in draft-ietf-lisp-interworking. As long as the LISP deployment progress you can even withdraw some prefixes from the BGP infrastructure and advertise only a larger aggregate in order for legacy site to reach the new LISP site. Luigi Who said anything about BGP? I was talking about the amount of additional IP space needed vs. the amount of IPv4 free space remaining. Owen
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On 11, Apr, 2011, at 15:17 , Owen DeLong wrote: [snip] Doing IPv4 LISP on any kind of scale requires significant additional prefixes which at this time doesn't seem so practical to me. This is not accurate IMO. To inject prefixes in the BGP is needed only to make non-LISP sites talk to LISP sites. Even there you can aggressively aggregate, as explained in draft-ietf-lisp-interworking. As long as the LISP deployment progress you can even withdraw some prefixes from the BGP infrastructure and advertise only a larger aggregate in order for legacy site to reach the new LISP site. Luigi Who said anything about BGP? I was talking about the amount of additional IP space needed vs. the amount of IPv4 free space remaining. Sorry. I misunderstood. But can you explain better? Why should LISP require more IP space than normal IPv4 deployment? If you are a new site, you ask for an IP block. This is independent from whether or not you will use LISP. If you are an existing site and you want to switch to LISP why you need more space? you can re-use what you have? Or I missed the point again? thanks Luigi Owen
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
On Mon, 11 Apr 2011, Tom Hill wrote: On Mon, 2011-04-11 at 12:10 +0200, Gabriel Marais wrote: I have 6 MailScanner servers in production running with Postfix, not had any 'real' issues in the last few years. We have just as many -- and yes, it's great. The only thing I'd prefer would be Exim over Postfix, but Mailscanner does make things very pleasant to use. I think you guys are missing the point, which is that Barracuda and similar products are marketed primarily to people who don't know what qmail, postfix, exim, clamav, mailscanner, etc. are and certainly don't have any experience installing or maintaining them. Some places just want a black box where you have a web GUI to configure it, and then it mostly takes care of itself...and if it breaks, you call tech support. Sure, you can probably get most of the functionality and better filtering with roll your own solutions and careful DNSBL selection...but not everyone is capable or has the man power to devote to it. To most of us on this list, sure, it's an overpriced piece of commodity x86 hardware with someone else's roll your own stuff on it, backed by an ill-defined DNSBL of questionable quality and integrity, but it must work well enough as it's kept them in business and I even know a few people who've owned them and been happy with them. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Apr 11, 2011, at 6:30 AM, Luigi Iannone wrote: On 11, Apr, 2011, at 15:17 , Owen DeLong wrote: [snip] Doing IPv4 LISP on any kind of scale requires significant additional prefixes which at this time doesn't seem so practical to me. This is not accurate IMO. To inject prefixes in the BGP is needed only to make non-LISP sites talk to LISP sites. Even there you can aggressively aggregate, as explained in draft-ietf-lisp-interworking. As long as the LISP deployment progress you can even withdraw some prefixes from the BGP infrastructure and advertise only a larger aggregate in order for legacy site to reach the new LISP site. Luigi Who said anything about BGP? I was talking about the amount of additional IP space needed vs. the amount of IPv4 free space remaining. Sorry. I misunderstood. But can you explain better? Why should LISP require more IP space than normal IPv4 deployment? If you are a new site, you ask for an IP block. This is independent from whether or not you will use LISP. Sure, but, if you also need locators, don't you need additional IP space to use for locators? If you are an existing site and you want to switch to LISP why you need more space? you can re-use what you have? Perhaps I misunderstand LISP, but, I though you needed space to use for locators and space to use for IDs if you are an independently routed multi-homed site. If you are not an independently routed multi-homed site, then, don't you need a set of host IDs to go with each of your upstream locators? As I understand LISP, it's basically a dynamic tunneling system where you have two discrete, but non-overlapping address spaces, one inside the tunnels and one outside. If that's the case, then, I believe it leads to at least some amount of duplicate consumption of IP numbers. Or I missed the point again? Or perhaps the complexity of LISP in the details still confuses me, despite people's insistence that it is not complex. Owen thanks Luigi Owen
Level 3 Agrees to Purchase Global Crossing
http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. “This is what telecom has needed for a long time,” said Denver-based Jaegers, who recommends buying both stocks. “You have way too many players.”
Re: Level 3 Agrees to Purchase Global Crossing
- Original Message - From: William Allen Simpson william.allen.simp...@gmail.com http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, Apr 11, 2011 at 10:22 AM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: William Allen Simpson william.allen.simp...@gmail.com http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra Well, maybe they're just admitting it will slow the rate at which prices go down :)
Re: Level 3 Agrees to Purchase Global Crossing
- Original Message - From: Dorn Hetzel d...@hetzel.org Well, maybe they're just admitting it will slow the rate at which prices go down :) Cause L3 and GBLX are Too Big To Fail, right? Furrfu. Cheers, -- jra
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
Not an appliance but a really amazing job at stopping spam, www.messagelabs.com (purchased by Symantec). We went from messagelabs service to barracuda appliance and the difference is astronomical, whereas before i might get one or two spams a day using MessageLabs now with the barracuda I get an average of 25 to 30. -- Michael Gatti cell.703.347.4412 ekim.it...@gmail.com On Apr 8, 2011, at 11:51 PM, John Palmer (NANOG Acct) wrote: OK, its been a year since my Barracuda subscription expired. The unit still stops some spam. I figured that I would go and see what they would do if I tried to renew my subscription EXACTLY one year after it expired. Would their renewal website say Oh, you are at your anniversary date, and renew me for a year? No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did NOT receive service and then for the current (upcoming year). Sorry - I don't allow myself to be ripped off like that. Sorry Barracuda - you get no money from me and I'll tell everyone I know about this policy of yours. I posted an article about this unscrupulous practice on my blog last year at http://www.john-palmer.net/wordpress/?p=46 My question is - does anyone have any suggestions for another e-mail appliance like the Barracuda Spam Firewall that doesn't try to charge their customers for time not used. I should be able to shut off the unit for a year or whatever and simply renew from the point that I re-activate the unit instead of having to pay for back-years that I didn't use. Thanks
RE: Level 3 Agrees to Purchase Global Crossing
I find it amusing that the article says - The deal will combine two unprofitable companies So I guess the thinking is that two negatives make a positive? -Mike -Original Message- From: Dorn Hetzel [mailto:d...@hetzel.org] Sent: Monday, April 11, 2011 10:26 AM To: Jay Ashworth Cc: NANOG Subject: Re: Level 3 Agrees to Purchase Global Crossing On Mon, Apr 11, 2011 at 10:22 AM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: William Allen Simpson william.allen.simp...@gmail.com http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra Well, maybe they're just admitting it will slow the rate at which prices go down :)
Re: Level 3 Agrees to Purchase Global Crossing
On 4/11/11 10:41 AM, Mike Walter wrote: I find it amusing that the article says - The deal will combine two unprofitable companies So I guess the thinking is that two negatives make a positive? -Mike Since they will be saving a whole $40mm annually, profitability is pretty much guaranteed - right? ;-) Wasn't there a telco CEO who would blow that much in strip clubs? Savvis springs to mind, but I don't remember. David
Re: Level 3 Agrees to Purchase Global Crossing
combining the companies will allow them to maximize efficeinecies by the elimination of overlapping functions, hopefully paving the way to profitability. Job cuts here we come Mike On Mon, Apr 11, 2011 at 10:41 AM, Mike Walter mwal...@3z.net wrote: I find it amusing that the article says - The deal will combine two unprofitable companies So I guess the thinking is that two negatives make a positive? -Mike -Original Message- From: Dorn Hetzel [mailto:d...@hetzel.org] Sent: Monday, April 11, 2011 10:26 AM To: Jay Ashworth Cc: NANOG Subject: Re: Level 3 Agrees to Purchase Global Crossing On Mon, Apr 11, 2011 at 10:22 AM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: William Allen Simpson william.allen.simp...@gmail.com http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra Well, maybe they're just admitting it will slow the rate at which prices go down :)
LISP
All, One of our ISP is planning to do a LISP deployment. (1) Does anyone know if Sprint uses LISP? (2) Does anyone know of any good guides/documentation of LISP? Thank you, Christina Klam
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, Apr 11, 2011 at 02:41:18PM +, Mike Walter wrote: I find it amusing that the article says - The deal will combine two unprofitable companies So I guess the thinking is that two negatives make a positive? They may lose on every subscriber, but now they'll make it up in volume. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: LISP
http://www.lisp4.net/ Mike On Mon, Apr 11, 2011 at 10:49 AM, Christina Klam ck...@ias.edu wrote: All, One of our ISP is planning to do a LISP deployment. (1) Does anyone know if Sprint uses LISP? (2) Does anyone know of any good guides/documentation of LISP? Thank you, Christina Klam
Re: LISP
Hi, I think that the best repository of documentation is lisp4.net. I would also have a look to https://datatracker.ietf.org/doc/draft-jakab-lisp-deployment/ Luigi On 11, Apr, 2011, at 16:49 , Christina Klam wrote: All, One of our ISP is planning to do a LISP deployment. (1) Does anyone know if Sprint uses LISP? (2) Does anyone know of any good guides/documentation of LISP? Thank you, Christina Klam
Re: LISP
Thank you all. On Apr 11, 2011, at 11:07 AM, Luigi Iannone wrote: Hi, I think that the best repository of documentation is lisp4.net. I would also have a look to https://datatracker.ietf.org/doc/draft-jakab-lisp-deployment/ Luigi On 11, Apr, 2011, at 16:49 , Christina Klam wrote: All, One of our ISP is planning to do a LISP deployment. (1) Does anyone know if Sprint uses LISP? (2) Does anyone know of any good guides/documentation of LISP? Thank you, Christina Klam Christina Klam Network Administrator Institute for Advanced Study Email: ck...@ias.edu Einstein Drive Telephone: 609-734-8154 Princeton, NJ 08540 Fax: 609-951-4418
Re: Top-posting (was: Barracuda Networks is at it again: Any Suggestions as to anAlternative? )
From: Michael Painter tvhaw...@shaka.com Date: Sun, 10 Apr 2011 23:11:44 -1000 gord wrote: I wonder if there's a filter for top-postings in list that have a bottom-posting rule? This thread is very operationally interesting to me but I've lost the plot :( http://www.nanog.org/mailinglist/listfaqs/generalfaq.php?qt=convent refers. PS: I know that some devices actually prevent bottom-posting by default. Workarounds are possible and are evident in other recent posts to this list. Additionally, may I suggest you file a bug report with your vendors or switch to a device that you can control properly :) It makes the thread very hard to follow. Why not? Please don't top post! I used to have this available for a 'signature', but, with a few exceptions, it seems to fall on blind eyes these days.sigh I put nearly identical text in response to top-posted messages and, if it was not too difficult, move the top-posted response to the end, before my response. Of late I have started to get responses from people (not even the person who top-posted) saying that I should f*** off and that they would post however they wanted. Very hostile and even threatening. I even manage to bottom post from my iPod. With cut and paste, it's really not hard, but I guess it's just beyond the capacities of some and somehow offensive to others. **Sigh** -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Apr 11, 2011, at 8:15 AM, Luigi Iannone wrote: On 11, Apr, 2011, at 15:37 , Owen DeLong wrote: On Apr 11, 2011, at 6:30 AM, Luigi Iannone wrote: On 11, Apr, 2011, at 15:17 , Owen DeLong wrote: [snip] Doing IPv4 LISP on any kind of scale requires significant additional prefixes which at this time doesn't seem so practical to me. This is not accurate IMO. To inject prefixes in the BGP is needed only to make non-LISP sites talk to LISP sites. Even there you can aggressively aggregate, as explained in draft-ietf-lisp-interworking. As long as the LISP deployment progress you can even withdraw some prefixes from the BGP infrastructure and advertise only a larger aggregate in order for legacy site to reach the new LISP site. Luigi Who said anything about BGP? I was talking about the amount of additional IP space needed vs. the amount of IPv4 free space remaining. Sorry. I misunderstood. But can you explain better? Why should LISP require more IP space than normal IPv4 deployment? If you are a new site, you ask for an IP block. This is independent from whether or not you will use LISP. Sure, but, if you also need locators, don't you need additional IP space to use for locators? No, those are the IP address that you provider gives to your border router. Right... In addition to my provider independent addresses... That's more address space than is required if I am not using LISP. If you are an existing site and you want to switch to LISP why you need more space? you can re-use what you have? Perhaps I misunderstand LISP, but, I though you needed space to use for locators and space to use for IDs if you are an independently routed multi-homed site. Not exactly. You do not need more space. You re-use what you have. Still confused, then. This seems antithetical to what you said above and below... If you are not an independently routed multi-homed site, then, don't you need a set of host IDs to go with each of your upstream locators? As I understand LISP, it's basically a dynamic tunneling system where you have two discrete, but non-overlapping address spaces, one inside the tunnels and one outside. If that's the case, then, I believe it leads to at least some amount of duplicate consumption of IP numbers. No true. I ask for a PI block that I will use as EID-Prefix, then the locators are part of the address space of my providers. There is no duplication. Right... Ordinarily, without LISP, I get a PI block and use that for EID and the routing is based on the EID prefix. With LISP, the EID prefix is PI and I use additional PA resources to do the routing locators. That's what I meant by duplication. There are additional PA resources required on top of the PI in order to make LISP work. Or I missed the point again? Or perhaps the complexity of LISP in the details still confuses me, despite people's insistence that it is not complex. IMHO it is very simple. As any new technology there is just a learning curve to follow, but for LISP it is not steep ;-) I'd agree with you if it weren't for the fact I keep thinking I just about understand LISP and then get told that my understanding is incorrect (repeatedly). Owen Luigi Owen thanks Luigi Owen
Re: LISP
Dear Christina, On 11 Apr 2011, at 16:49, Christina Klam wrote: One of our ISP is planning to do a LISP deployment. (1) Does anyone know if Sprint uses LISP? (2) Does anyone know of any good guides/documentation of LISP? I cannot answer question 1. But I do work for an ISP that's rolling out LISP. :-) Here is some links that might help answer questions 2: Some of the following links are slightly dated because some LISP implementations have been actively developed the last year. This is a multi-organisation website, to coordinate the LISP beta network and provide general information: http://www.lisp4.net/ Here is cisco's configuration guide: http://www.cisco.com/en/US/docs/ios/lisp/configuration/guide LISP_configuration_guide.pdf Here are some nice blogposts that cover various subjects: http://blog.fryguy.net/2011/04/07/lisp-locator-identifier-separation-protocol-say-what/ http://blog.fryguy.net/2011/04/08/more-lisp-using-it-to-enable-ipv6-over-ipv4/ http://blog.pattincon.com/lisp-data-plane http://blog.pattincon.com/practical-lisp-basic-control-plane http://blog.pattincon.com/lisp http://blog.snijders-it.nl/2010/11/lisp-getvpn-as-alternative-for.html http://blog.ine.com/2010/07/05/a-high-level-overview-of-lisp/ Kind regards, Job
Re: Level 3 Agrees to Purchase Global Crossing
Well, this will be the third time that Level3 has purchased my primary upstream provider. Maybe this will be different than with Genuity and Wiltel, but Level3 needs to either stop using the word legacy or educate their employees so they know that legacy is good and not bad. -mark
RE: Level 3 Agrees to Purchase Global Crossing
Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra I don't think it means so much that prices will go up, just that it will slow the decline. But having said that, it appears that we are in for a spate of inflation generally and the prices of everything are going to rise fairly quickly, starting about now. That would be across the economy as a whole and not anything specific to the telecommunications sector.
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Mon, Apr 11, 2011 at 11:26 AM, Owen DeLong o...@delong.com wrote: I'd agree with you if it weren't for the fact I keep thinking I just about understand LISP and then get told that my understanding is incorrect (repeatedly). I agree it is not simple. At a conceptual level, we can think of existing multi-homing practices as falling into one of three broad categories: 1) more state in DFZ -- end-site injects a route into BGP 2) triangular routing -- tunnel/circuits/etc to one or more upstream routers while not injecting anything to DFZ 3) added work/complexity on end-host -- SCTP and friends LISP is a compromise of all these things, except #3 happens on a router which does tunneling, not the end-host. Whether you think it's the best of both [three?] worlds, or the worst of them, is up to you. I personally believe LISP is a horrible idea that will have trouble scaling up, because a large table of LISP mappings is not any easier to store in FIB than a larger DFZ. The solution the LISP folks think works for this is a side-chain mapping service which the router can query to setup encapsulation next-hops on-demand, which means if your FIB isn't big enough to hold every mapping entry, you are essentially doing flow-based routing, but with flows defined as being toward a remotely-defined end-site rather than toward an individual IP address (so not quite as bad as flow-based routing of the past, but still bad.) Maybe I also don't understand LISP and need to RTFM more, but my current understanding is that it is a dead-end technology without the ability to dramatically scale up the number of multi-homed end-sites in a cheaper manner than what is done today with BGP. I think we would be better off with more work on things like SCTP. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, 11 Apr 2011, David Coulson wrote: Wasn't there a telco CEO who would blow that much in strip clubs? Savvis springs to mind, but I don't remember. I seem to recall several dot-com-era CxOs spending very lavishly on themselves, or getting their employers to give them large 'loans' that were never paid back. Ken Lay, Jeff Skilling, Bernie Ebbers, Gary Winnick, Joe Nacchio, etc... The story of former Tyco CEO Dennis Kozlowski spending $2 million on his wife's 40th birthday party springs to mind... Tyco paid for half of it, under the guise of the party being a shareholder meeting... jms
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, Apr 11, 2011 at 08:55:05AM -0700, George Bonser wrote: Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra I don't think it means so much that prices will go up, just that it will slow the decline. Oh, trust me. I fully believe it will make prices go up. Anytime you take a major competitor out of the ball game, the negotiations shift towards center mass. That's just the way things go. The only saving grace may be that it opens the door for one of the little guys to get a bit bigger and start drawing cash away from the behemoths out there. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Level 3 Agrees to Purchase Global Crossing
On 4/11/11 12:24 PM, Justin M. Streiner wrote: I seem to recall several dot-com-era CxOs spending very lavishly on themselves, or getting their employers to give them large 'loans' that were never paid back. Ken Lay, Jeff Skilling, Bernie Ebbers, Gary Winnick, Joe Nacchio, etc... This is what I was thinking of - Awesome photo too. http://www.msnbc.msn.com/id/9750948/ns/business-small_business/ The story of former Tyco CEO Dennis Kozlowski spending $2 million on his wife's 40th birthday party springs to mind... Tyco paid for half of it, under the guise of the party being a shareholder meeting... Wish I could have been a fly on the wall during the meeting when someone suggested that idea. David
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Mon, Apr 11, 2011 at 9:19 AM, Jeff Wheeler j...@inconcepts.biz wrote: On Mon, Apr 11, 2011 at 11:26 AM, Owen DeLong o...@delong.com wrote: I'd agree with you if it weren't for the fact I keep thinking I just about understand LISP and then get told that my understanding is incorrect (repeatedly). I agree it is not simple. At a conceptual level, we can think of existing multi-homing practices as falling into one of three broad categories: 1) more state in DFZ -- end-site injects a route into BGP 2) triangular routing -- tunnel/circuits/etc to one or more upstream routers while not injecting anything to DFZ 3) added work/complexity on end-host -- SCTP and friends LISP is a compromise of all these things, except #3 happens on a router which does tunneling, not the end-host. Whether you think it's the best of both [three?] worlds, or the worst of them, is up to you. I personally believe LISP is a horrible idea that will have trouble Yep. scaling up, because a large table of LISP mappings is not any easier to store in FIB than a larger DFZ. The solution the LISP folks think works for this is a side-chain mapping service which the router can query to setup encapsulation next-hops on-demand, which means if your FIB isn't big enough to hold every mapping entry, you are essentially doing flow-based routing, but with flows defined as being toward a remotely-defined end-site rather than toward an individual IP address (so not quite as bad as flow-based routing of the past, but still bad.) Maybe I also don't understand LISP and need to RTFM more, but my current understanding is that it is a dead-end technology without the ability to dramatically scale up the number of multi-homed end-sites in a cheaper manner than what is done today with BGP. I think we would be better off with more work on things like SCTP. +1 SCTP and IPv6, then ILNP. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Apr 11, 2011, at 9:19 AM, Jeff Wheeler wrote: On Mon, Apr 11, 2011 at 11:26 AM, Owen DeLong o...@delong.com wrote: I'd agree with you if it weren't for the fact I keep thinking I just about understand LISP and then get told that my understanding is incorrect (repeatedly). I agree it is not simple. At a conceptual level, we can think of existing multi-homing practices as falling into one of three broad categories: 1) more state in DFZ -- end-site injects a route into BGP Yep... This is clearly the best currently available mechanism. 2) triangular routing -- tunnel/circuits/etc to one or more upstream routers while not injecting anything to DFZ I think what I am currently doing is a form of 1.5 for lack of a better term. I have multiple tunnels to multiple providers over multiple other connections. 3) added work/complexity on end-host -- SCTP and friends Ah, yes, I think SHIM6 shows up here, too, no? LISP is a compromise of all these things, except #3 happens on a router which does tunneling, not the end-host. Whether you think it's the best of both [three?] worlds, or the worst of them, is up to you. I'm not convinced one way or the other yet since I haven't been able to wrap my (admittedly perhaps limited) brain around LISP well enough to become convinced I understand it enough to make said call. I do tend to think that any technology sufficiently confusing that I cannot understand it well after reasonable effort is of questionable value for wide deployment. I personally believe LISP is a horrible idea that will have trouble scaling up, because a large table of LISP mappings is not any easier to store in FIB than a larger DFZ. The solution the LISP folks think works for this is a side-chain mapping service which the router can query to setup encapsulation next-hops on-demand, which means if your FIB isn't big enough to hold every mapping entry, you are essentially doing flow-based routing, but with flows defined as being toward a remotely-defined end-site rather than toward an individual IP address (so not quite as bad as flow-based routing of the past, but still bad.) This is one of the few parts of LISP I do understand and I'm not entirely convinced that it is all that bad because you don't have to do this on core routers, you can push it out pretty close to the customer edge, possibly even on the customer side of said edge. Maybe I also don't understand LISP and need to RTFM more, but my current understanding is that it is a dead-end technology without the ability to dramatically scale up the number of multi-homed end-sites in a cheaper manner than what is done today with BGP. I'm not 100% convinced of that. I think we would be better off with more work on things like SCTP. I'm not a fan of SCTP, and I think getting enough application level support for it is going to be a bigger uphill battle between chickens and eggs than the IPv6 deployment efforts of the last 5 years. Owen
Re: Top-posting (was: Barracuda Networks is at it again: Any Suggestions as to anAlternative? )
On Mon, Apr 11, 2011 at 8:21 AM, Kevin Oberman ober...@es.net wrote: Of late I have started to get responses from people (not even the person who top-posted) saying that I should f*** off and that they would post however they wanted. Very hostile and even threatening. My wife complained once that my responses are hard to read and that I should just put at the top like the rest of the Internet. I fear I have been passed by... -- Regards... Todd It is the nature of the human species to reject what is true but unpleasant and to embrace what is obviously false but comforting. You might be a skeptic if you have pedantically argued the topic of pedantry.
Re: Top-posting (was: Barracuda Networks is at it again: Any Suggestions as to anAlternative? )
It's really impressive how insular a bunch of old timers can be. Coming up next: rants about HTML mail! R's, John In article BANLkTi=v11tghfgmxstjxscjtgpb6ct...@mail.gmail.com you write: On Mon, Apr 11, 2011 at 8:21 AM, Kevin Oberman ober...@es.net wrote: Of late I have started to get responses from people (not even the person who top-posted) saying that I should f*** off and that they would post however they wanted. Very hostile and even threatening. My wife complained once that my responses are hard to read and that I should just put at the top like the rest of the Internet. I fear I have been passed by...
altdb
I'm trying to register my maintainor object to altdb. Is there any documentation on how to do this? Here is what I sent to auto-...@altdb.net mntner: MAINT-JIVE descr: Jive Communications, Inc. admin-c:BEP7-ARIN tech-c: BEP7-ARIN upd-to: rout...@getjive.com mnt-nfy:rout...@getjive.com auth: MD5-PW 2a930d2ac634aa45e4224e575d2a1bdb mnt-by: MAINT-JIVE changed:rout...@getjive.com 20110411 source: ALTDB Thanks, Bret
Re: LISP
- Original Message - From: harbor235 harbor...@gmail.com http://www.lisp4.net/ So, for The Rest Of Ustm, LISP is an attempt to reduce the impact of PI space on router tables in the DFZ? WADR, to hell with them; they have a *lot* more money than I do. :-) Cheers, -- jra
Re: Top-posting (was: Barracuda Networks is at it again: Any Suggestions as to anAlternative? )
- Original Message - From: Kevin Oberman ober...@es.net Subject: Re: Top-posting Of late I have started to get responses from people (not even the person who top-posted) saying that I should f*** off and that they would post however they wanted. Very hostile and even threatening. I even manage to bottom post from my iPod. With cut and paste, it's really not hard, but I guess it's just beyond the capacities of some and somehow offensive to others. Standard threaded (IE: not top-posted) replies have been the standard for technical mailing lists on the net since I first joined one. In 1983. Anyone who has a problem with it can, in short, go bugger off. Really. (And like you, Keith, because my current MUA, Zimbra, is moronic, I too have to rethread myself by hand, quite a lot of the time. And I do it, because -- like you -- I believe in The Commons) Cheers, -- jra
Re: Top-posting (was: Barracuda Networks is at it again: Any Suggestions as to anAlternative? )
- Original Message - From: John Levine jo...@iecc.com It's really impressive how insular a bunch of old timers can be. Coming up next: rants about HTML mail! I never thought I'd say this about John, but PDFTT, folks. :-) Cheers, -- jra
internet probe can track you within 690 m
http://www.newscientist.com/article/dn20336-internet-probe-can-track-you-down-to-within-690-metres.html The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometres. (..) Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target. The result can never be entirely accurate, but it's much better than trying to determine a location by converting the initial delay into a distance or the next best IP-based method. On average their method gets to within 690 metres of the target and can be as close as 100 metres – good enough to identify the target computer's location to within a few streets. It seems to me to be a rather flaky way of finding out your estimated location. But I guess it could be helpful when the objective is just to create some global database of demographics for marketing and privacy invasion purposes, where specifics of an individual's exact location don't really matter. Besides the latter can always be subpoenaed. ;-) One more reason to use VPN and other such techniques to hide your location. Greetings, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
Re: internet probe can track you within 690 m
On Apr 11, 2011, at 4:25 PM, Scott Morris wrote: Aren't they already confused enough when any time I use my EVDO or 3G Tether that someone believes I've been magically transported to New Jersey or wherever the handoff is? ;) Understand the logic behind it, but you probably statistically have just as much chance of being correct as you do incorrect. Just like the old days with AOL their proxies. There are not as many 3G or proxy / VPN users are there are standard users. Therefore, it works - mostly. (Or can work, I have no idea if the particular company / tool under discussion is actually useful.) Data is data. It can be misinterpreted, but it is still data. -- TTFN, patrick On 4/11/11 4:10 PM, Jeroen van Aart wrote: [1]http://www.newscientist.com/article/dn20336-internet-probe-can-tr ack-you-down-to-within-690-metres.html The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance - a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometres. (..) Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target. The result can never be entirely accurate, but it's much better than trying to determine a location by converting the initial delay into a distance or the next best IP-based method. On average their method gets to within 690 metres of the target and can be as close as 100 metres - good enough to identify the target computer's location to within a few streets. It seems to me to be a rather flaky way of finding out your estimated location. But I guess it could be helpful when the objective is just to create some global database of demographics for marketing and privacy invasion purposes, where specifics of an individual's exact location don't really matter. Besides the latter can always be subpoenaed. ;-) One more reason to use VPN and other such techniques to hide your location. Greetings, Jeroen References 1. http://www.newscientist.com/article/dn20336-internet-probe-can-track-you-down-to-within-690-metres.html
Re: internet probe can track you within 690 m
Don't forget the use for 911 type services. On 4/12/11 8:10 , Jeroen van Aart jer...@mompl.net wrote: http://www.newscientist.com/article/dn20336-internet-probe-can-track-you-d own-to-within-690-metres.html The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometres. (..) Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target. The result can never be entirely accurate, but it's much better than trying to determine a location by converting the initial delay into a distance or the next best IP-based method. On average their method gets to within 690 metres of the target and can be as close as 100 metres good enough to identify the target computer's location to within a few streets. It seems to me to be a rather flaky way of finding out your estimated locat
Re: Implementations/suggestions for Multihoming IPv6 for DSL sites
On Mon, Apr 11, 2011 at 2:03 PM, Owen DeLong o...@delong.com wrote: I do tend to think that any technology sufficiently confusing that I cannot understand it well after reasonable effort is of questionable value for wide deployment. The secret is to ignore all the crazy acronyms and boil it down to this -- LISP sets up tunnels to remote end-points based on what it learns from a mapping server, and these tunnels may be used by one or more end-to-end flows. I personally believe LISP is a horrible idea that will have trouble scaling up, because a large table of LISP mappings is not any easier to store in FIB than a larger DFZ. The solution the LISP folks This is one of the few parts of LISP I do understand and I'm not entirely convinced that it is all that bad because you don't have to do this on core routers, you can push it out pretty close to the customer edge, possibly even on the customer side of said edge. We already have this in the core today, thanks to MPLS. The problem with LISP is the router that does encapsulation, which you can think of as conceptually identical to a PE router, must have a large enough FIB for all simultaneous flows out of the customers behind that PE router. This may be a very large number for an end-user PE router with a bunch of subscribers behind it running P2P file sharing, and may also be very large for a hosting shop with end-users from all over the globe downloading content. In the case of a CDN, one distributed CDN node may have far fewer active flows (installed in FIB) than the size of the DFZ, since the CDN would intend to direct end-users to a geographically-local CDN node. As you know, I like to think of what happens when you receive a DDoS. In the case of LISP, if there are a huge number of source addresses sending just one packet to you that generates some kind of reply, your PE router will query its mapping server, install a new tunnel/next-hop, and transmit the reply packet. If the FIB is not large enough to install every flow, it will churn, creating a DoS condition essentially identical to what we saw with older flow-cache based routers when they were subjected to traffic to/from a very large number of hosts. Like you, I am not 100% sure of my position on LISP, but I do think I understand it has a very serious design limit that probably doesn't make things look any better than polluting the DFZ from the perspective of content providers or end-user ISPs. It does have benefits from the carrier perspective because, as you say, it can move the PE router into the customer's network and move state information from the carrier to the edge; but I think this comes at a high complexity cost and might result in overall more work/cost for everyone. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
altdb.net: password length
Is there a limit of 8 characters for the CRYPT-PW? -Bret
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
TR Shaw wrote: Get a linux box or whatever and roll your own. ASSP, DSPAM, Spamassin, or other open source ASSP + exim, on Debian, for sure. BUT, ASSP as of now does not support IPv6 so I am not able to hang my spamfilter on an IPv6 address. :-( Contacting the maintainers is met with utter silence. Another proof there's still a long way to go to get people to change... Greetings, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
RE: Level 3 Agrees to Purchase Global Crossing
Way too many players ... means that the telecom marketplace is good for the consumer, with competition keeping prices low. Many network users feel that prices are still way too high, particularly for high speed circuits and dark fiber, areas in which Level 3 and Global Crossing have specialized. -Original Message- From: William Allen Simpson [mailto:william.allen.simp...@gmail.com] Sent: Monday, April 11, 2011 7:14 AM To: NANOG list Subject: Level 3 Agrees to Purchase Global Crossing http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. This is what telecom has needed for a long time, said Denver-based Jaegers, who recommends buying both stocks. You have way too many players. This communication, together with any attachments or embedded links, is for the sole use of the intended recipient(s) and may contain information that is confidential or legally protected. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by return e-mail message and delete the original and all copies of the communication, along with any attachments or embedded links, from your system.
Re: internet probe can track you within 690 m
On Mon, Apr 11, 2011 at 2:29 PM, Marshall Eubanks t...@americafree.tv wrote: ... It would also be easy to institute something like the old GPS selective availability, with a software tunnel randomly adding a variable delay (say, varying by up to 50 msec every 100 seconds). Regards Marshall Heck...with the amount of buffer bloat in place, I just keep a few torrents running on my T1, and the buffer bloat ensures there's always a nice 100-200msec of extra variability on the RTTs, no extra tunnels needed. ;-) Matt
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, Apr 11, 2011 at 03:49:43PM -0700, Holmes,David A wrote: Way too many players ... means that the telecom marketplace is good for the consumer, with competition keeping prices low. Many network users feel that prices are still way too high, particularly for high speed circuits and dark fiber, areas in which Level 3 and Global Crossing have specialized. Cute theory, but unfortunately this has no basis in reality. Users can feel any way they'd like, but the truth is that the current market prices for wholesale IP transit, in which Level 3 and Global Crossing specialize, are far below cost and are impossible for any carrier to sustain long term. I'm not saying that either L3 or GX runs a completely optimal network (infact I'd say that GX may well be a case study in failure to do so :P), but a simple analysis of the costs of routers, colo, power, crossconnects, optical gear, etc, makes it abundantly clear that the current rush to the bottom pricing cannot possibly be supported even under optimal conditions and ignoring other overhead. The situation isn't significantly different for high-speed longhaul capacity, the revenue these these circuits generate at current market prices is barely offsetting their capex on the optical gear at this point. Anyone who told you that there is a cash cow in this particular market is woefully mistaken, any serious money to be had is coming from enterprise customers who can only be reached via unique metro assets. I have no doubt that there will be some modest reduction in competition following the acquisition, but I honestly don't think it is anything to get too worried about. Unlike L3's previous acquisitions (such as Wiltel, Telcove, Looking Glass, etc), it isn't really possible for them to disappear the assets from the market following the purchase. GX's longhaul fiber footprint is mostly still owned and operated by Qwest, they were never a big player in IRU dark sales to begin with, and they don't have much in the way of metro fiber assets to speak of. The two companies also not really in any danger of being able to stop the current tide of market transit prices, since this are being driven by many other companies. And L3 has already learned what happens to their market share when they try to alter market pricing by themselves, which is what led to their current Comcast debacle in the first place. The best case scenario that I see here is L3 being able to provide some technical leadership to significantly reduce GX's overhead, and hopefully fix some of their other problem areas too. But personally I'm not convinced that L3 is the technical or market force they used to be, and thus I question whether they'll be able to get it right themselves. Remember, it taks a LOT of work for a big telco to put all the pieces in place correctly, and any mistakes on their part will open the door for smaller carriers to show off the advantages of being nimble. If there is any significant reduction in competition that comes to either carrier, it will do exactly that. Infact, I encourage them to try, it will probably be good for my business. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Alternatives to GSLB ?
Just wanted to thank everyone who replied to my question on the list and off-list. Cheers, Jeff On Tue, Apr 5, 2011 at 12:31 PM, Paul W. Roach III p...@isaroach.comwrote: The downside of anycast for TCP services require state to be replicated in realtime across all app servers to prevent crappy user experience in the case where I switch servers mid-transaction. On Tue, Apr 5, 2011 at 3:17 PM, Jack Carrozzo j...@crepinc.com wrote: Anycast works. [...] we are looking for ideas on how to 1) ensure clients are routed to the closest geographical server 2) ensure the client hits the server(s) with the shortest path. No need to deal with that yourself when BGP eats that problem for breakfast lunch and dinner. -Jack Carrozzo
Re: Level 3 Agrees to Purchase Global Crossing
If I were a large tier-2 with SFI to one, but not both, of Level3 and GBLX, I would see this acquisition as an opportunity to squeeze peering out of the other network, or eventual combination of both, in trade for not stirring the pot with regulators. Perhaps AS3356 will carry AS6939 IPv6 routes soon, etc. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
Facebook Opens Up Its Hardware Secrets
FYI Just weeks before switching on a massive, super-efficient data center in rural Oregon, Facebook is giving away the designs and specifications to the whole thing online. In doing so, the company is breaking a long-established unwritten rule for Web companies: don't share the secrets of your server-stuffed data warehouses http://www.technologyreview.com/computing/37317/?a=f Bruce Williams Concepts, like individuals, have their histories and are just as incapable of withstanding the ravages of time as are individuals. But in and through all this they retain a kind of homesickness for the scenes of their childhood. Soren Kierkegaard
Re: Top-posting
- Original Message - From: Daniel Staal dst...@usa.net --As of April 11, 2011 3:11:15 PM -0400, Jay Ashworth is alleged to have said: Nope; I really said it. :-) Standard threaded (IE: not top-posted) replies have been the standard for technical mailing lists on the net since I first joined one. In 1983. Footnote: Maybe that was more Usenet, that early. :-) Anyone who has a problem with it can, in short, go bugger off. Really. --As for the rest, it is mine. I've found my mail has fallen into three basic categories over time: 1) Mailing list, technical or otherwise. 2) Personal discussions. 3) 'Official' work email, of one form or another. Of the three, #1 almost always is either bottom posted, or fully intermixed. #2 I often introduce people to the idea, but once they get it they like it. In both of these it is more important what is replying to what, and what the *current state* of the conversation is. Either one I can rely on the other participants to have the history (or at least have access to it). Top-posting in either context is non-helpful. Well put. #3, is always top-posted, and I've grown to like that in that context. The most current post serves as a 'this is where we are right now, and what needs to be done', while the rest tends to preserve the *entire* history, including any parts I was not a part of initially. (For instance: A user sends an email to their boss, who emails the helpdesk, who emails back for clarification, and then forwards on that reply to me. At that point it's often nice to know what the original issue was, or to be able to reach the user directly instead of through several layers of intermediary.) I sorely hate to admit it, but you're right. I tried doing traditional quoting on emails in my last position (as IT director in a call center), and everyone else's heads came off and rolled around on the floor; my boss, the controller, actually *asked me to stop*. It has different strengths and weaknesses, and can be useful in it's place. Mailing lists are not top-posting's place. ;) We clearly agree, here. Hopefully, we've clarified the reasons why, for anyone who was on the fence. (As for HTML email... I've yet to meet an actual human who routinely used HTML-only emails. They are a sure sign of a marketing department's involvement.) I have. No, not necessarily. Cheers, -- jra
Re: [Nanog] Re: LISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 11, 2011, at 11:02 AM, harbor235 wrote: http://www.lisp4.net/ This sounds a lot like LNP in the telco world. Is the goal here to make IP's portable ? Or is this a viable way to access IPv6 from either an IPv4 host or an IPv6 host unfortunate enough to not have full IPv6 tables? And do all of the networks you pass through have to be LISP enabled? Mike On Mon, Apr 11, 2011 at 10:49 AM, Christina Klam ck...@ias.edu wrote: - - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - - --- Any sufficiently advanced magic is indistinguishable from technology. - - - Niven's Inverse of Clarke's Third Law - -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk2jl6UACgkQ8CjzPZyTUTSmRACeJWp4KxPgZAgIJJBHOXwmPybS Nb0An1KzzLMxBqHP7Yu4pgW4tcA5EcoK =HJL5 - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk2jmOEACgkQ8CjzPZyTUTS6lwCfRmo+6dRqPA7wUgFCAIBB9Xym joEAoIy7OK17bRKN+dfKNwzRcFmpRmSN =lqbk -END PGP SIGNATURE-
Re: Top-posting
interleaved posting is considered harmful. /bill On Mon, Apr 11, 2011 at 08:05:51PM -0400, Jay Ashworth wrote: - Original Message - From: Daniel Staal dst...@usa.net --As of April 11, 2011 3:11:15 PM -0400, Jay Ashworth is alleged to have said: Nope; I really said it. :-) Standard threaded (IE: not top-posted) replies have been the standard for technical mailing lists on the net since I first joined one. In 1983. Footnote: Maybe that was more Usenet, that early. :-) Anyone who has a problem with it can, in short, go bugger off. Really. --As for the rest, it is mine. I've found my mail has fallen into three basic categories over time: 1) Mailing list, technical or otherwise. 2) Personal discussions. 3) 'Official' work email, of one form or another. Of the three, #1 almost always is either bottom posted, or fully intermixed. #2 I often introduce people to the idea, but once they get it they like it. In both of these it is more important what is replying to what, and what the *current state* of the conversation is. Either one I can rely on the other participants to have the history (or at least have access to it). Top-posting in either context is non-helpful. Well put. #3, is always top-posted, and I've grown to like that in that context. The most current post serves as a 'this is where we are right now, and what needs to be done', while the rest tends to preserve the *entire* history, including any parts I was not a part of initially. (For instance: A user sends an email to their boss, who emails the helpdesk, who emails back for clarification, and then forwards on that reply to me. At that point it's often nice to know what the original issue was, or to be able to reach the user directly instead of through several layers of intermediary.) I sorely hate to admit it, but you're right. I tried doing traditional quoting on emails in my last position (as IT director in a call center), and everyone else's heads came off and rolled around on the floor; my boss, the controller, actually *asked me to stop*. It has different strengths and weaknesses, and can be useful in it's place. Mailing lists are not top-posting's place. ;) We clearly agree, here. Hopefully, we've clarified the reasons why, for anyone who was on the fence. (As for HTML email... I've yet to meet an actual human who routinely used HTML-only emails. They are a sure sign of a marketing department's involvement.) I have. No, not necessarily. Cheers, -- jra
Re: altdb.net: password length
Yep! It sure did. Phew I don't need to re-submit. Thanks guys! I received many responses. -Bret On Apr 11, 2011, at 5:22 PM, Andrew Jones wrote: My understanding is that the implementation of the DES algorithm used ignores any characters after the first 8, so basically yes. -Jonesy On Mon, 11 Apr 2011 16:43:06 -0600, Bret Palsson b...@getjive.com wrote: Is there a limit of 8 characters for the CRYPT-PW? -Bret
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, 11 Apr 2011 10:27:44 EDT, Jay Ashworth said: - Original Message - From: Dorn Hetzel d...@hetzel.org Well, maybe they're just admitting it will slow the rate at which prices go down :) Cause L3 and GBLX are Too Big To Fail, right? Yes, but the *real* question is - will they be able to depeer Cogent? ;) pgpLlzmPlZBRF.pgp Description: PGP signature
Re: Top-posting
On Mon, 2011-04-11 at 19:39 -0400, Daniel Staal wrote: Of late I have started to get responses from people (not even the person who top-posted) saying that I should f*** off and that they would post however they wanted. Very hostile and even threatening. Too many Outlook users. With just about any other email client it is very easy to bottom post. To those who wish to post as they want demonstrates a certain something about being a professional and an additional personality component that need not be mentioned. Richard Golodner
Re: Top-posting (was: Barracuda Networks is at it again: Any Suggestions as to anAlternative? )
On Mon, 11 Apr 2011 18:15:33 -, John Levine said: It's really impressive how insular a bunch of old timers can be. Coming up next: rants about HTML mail! Vern Schryver once pointed out that a multipart/alternative with a text/plain and text/html was *always* incorrect - if the semantic content was the same, the html coipy was superfluous and shouldn't have been sent, and if the semantic content was different because the html added to it, the text/plain was therefor misleading and shouldn't have been sent. pgprZGZyNQfrS.pgp Description: PGP signature
Yahoo! Mail Technical Contact
Hi All, Is there by any chance a Yahoo! Mail Technical Contact is subscribed in this mailing list? Please reply directly to my email. Thank you very much. -nathan
Re: Top-posting
On 4/11/2011 21:22, Richard Golodner wrote: Too many Outlook users. With just about any other email client it is very easy to bottom post. To those who wish to post as they want demonstrates a certain something about being a professional and an additional personality component that need not be mentioned. The issue with outlook/exchange is there is no way to use another client with it. I cannot even force plain text to the internet, the server send it as quoted printable even if I strip all formatting. The outlook email client does not support wrapping text at a given line length either. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
Re: Top-posting
On Apr 11, 2011, at 8:59 PM, Bryan Fields br...@bryanfields.net wrote: On 4/11/2011 21:22, Richard Golodner wrote: Too many Outlook users. With just about any other email client it is very easy to bottom post. To those who wish to post as they want demonstrates a certain something about being a professional and an additional personality component that need not be mentioned. The issue with outlook/exchange is there is no way to use another client with it. I cannot even force plain text to the internet, the server send it as quoted printable even if I strip all formatting. The outlook email client does not support wrapping text at a given line length either. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net Ewe bad memmories. Can we clean up our language on this list a bit. Throwing words out like Exchange and Outlook make my teeth grind. Thanks for considering my request.
Re: Top-posting
On Mon, 11 Apr 2011 22:58:11 EDT, Bryan Fields said: The issue with outlook/exchange is there is no way to use another client with it. I cannot even force plain text to the internet, the server send it as quoted printable even if I strip all formatting. If the entire body part is expressible in US-ASCII, then the case can be made that using quoted-printable *anyhow* is a bug because it's using an un-necessary encoding.. The outlook email client does not support wrapping text at a given line length either. Except for RFC2045, section 6.7, which addresses this: A body which is entirely US-ASCII may also be encoded in Quoted-Printable to ensure the integrity of the data should the message pass through a character-translating, and/or line-wrapping gateway. In other words, since we can't wrap at anyplace sane, we're worried that a line pretending to be a paragraph will hit the 998-octet SMTP linelength limit. pgpkEYoPHlItu.pgp Description: PGP signature
Re: Yahoo! Mail Issue
On Mon, Apr 11, 2011 at 9:28 PM, Nathanael C. Cariaga nccari...@stluke.com.ph wrote: Hi All, It seems that we're having some problems receiving emails from selected Yahoo! Mail Accounts. I noticed that there is a commonality between the accounts that fails when sending an email to our domain (see email header below) From: mailer-dae...@nm1.bullet.mail.sg1.yahoo.com mailer-dae...@nm1.bullet.mail.sg1.yahoo.com To: *-*-*-*-*a...@yahoo.com Sent: Fri, April 8, 2011 6:26:08 PM Subject: Failure Notice Sorry, we were unable to deliver your message to the following address. xxx...@stluke.com.ph: Mail server for stluke.com.ph unreachable for too long Um...it might be easier to get mail, if your host didn't close the connection with a 5xx error. :/ mpetach@hinotori:~ host -t mx stluke.com.ph stluke.com.ph mail is handled by 20 qc.stluke.com.ph. stluke.com.ph mail is handled by 20 mx1.stluke.com.ph. stluke.com.ph mail is handled by 40 gc.stluke.com.ph. mpetach@hinotori:~ nslookup qc.stluke.com.ph. Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: qc.stluke.com.ph Address: 219.90.94.56 mpetach@hinotori:~ mpetach@opstools1:~ telnet 219.90.94.56 25 Trying 219.90.94.56... Connected to static-host-219-90-94-56.tri.ph. Escape character is '^]'. ehlo yahoo.com 554 SMTP synchronization error Connection closed by foreign host. mpetach@opstools1:~ I imagine when port 25 stops giving 5xx failure message back, mail reception might improve. ^_^; Matt
Re: Yahoo! Mail Issue
On 4/11/11 10:47 PM, Matthew Petach wrote: mpetach@opstools1:~ telnet 219.90.94.56 25 Trying 219.90.94.56... Connected to static-host-219-90-94-56.tri.ph. Escape character is '^]'. ehlo yahoo.com 554 SMTP synchronization error Connection closed by foreign host. mpetach@opstools1:~ I imagine when port 25 stops giving 5xx failure message back, mail reception might improve. ^_^; Works fine for me, your getting an error because your trying to send a command before receiving the first 220, aka RFC violation. As long as you connect, wait a moment without trying to send a command, your fine. telnet 219.90.94.56 25 Trying 219.90.94.56... Connected to static-host-219-90-94-56.tri.ph. Escape character is '^]'. 220 stluke.com.ph ESMTP MailCleaner (Community Edition 2010 beta 3) Tue, 12 Apr 2011 12:51:38 +0800 My systems do it too if you try to send a command before waiting for the 220s to finish: telnet mail.sosdg.org 25 Trying 2620:64:0:1::2... Connected to mail.sosdg.org. Escape character is '^]'. 554 SMTP synchronization error Connection closed by foreign host. Its an effective antispam method, because bots rarely bother to wait. They just blast away -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Yahoo! Mail Issue
On Mon, Apr 11, 2011 at 9:54 PM, Brielle Bruns br...@2mbit.com wrote: On 4/11/11 10:47 PM, Matthew Petach wrote: mpetach@opstools1:~ telnet 219.90.94.56 25 Trying 219.90.94.56... Connected to static-host-219-90-94-56.tri.ph. Escape character is '^]'. ehlo yahoo.com 554 SMTP synchronization error Connection closed by foreign host. mpetach@opstools1:~ I imagine when port 25 stops giving 5xx failure message back, mail reception might improve. ^_^; Works fine for me, your getting an error because your trying to send a command before receiving the first 220, aka RFC violation. As long as you connect, wait a moment without trying to send a command, your fine. Doh! See, that's what happens when you ask networking people to try to troubleshoot mail issues. ^_^;; Sorry about that. :( Matt
Re: Yahoo! Mail Issue
Thanks anyway. I just find this issue intriguing since not all Yahoo mail accounts are affected. In addition, incoming mails from other domain doesn't seem to be affected. That is why I want to check if it is a network issue :) -nathan On 4/12/2011 1:17 PM, Matthew Petach wrote: On Mon, Apr 11, 2011 at 9:54 PM, Brielle Brunsbr...@2mbit.com wrote: On 4/11/11 10:47 PM, Matthew Petach wrote: mpetach@opstools1:~telnet 219.90.94.56 25 Trying 219.90.94.56... Connected to static-host-219-90-94-56.tri.ph. Escape character is '^]'. ehlo yahoo.com 554 SMTP synchronization error Connection closed by foreign host. mpetach@opstools1:~ I imagine when port 25 stops giving 5xx failure message back, mail reception might improve. ^_^; Works fine for me, your getting an error because your trying to send a command before receiving the first 220, aka RFC violation. As long as you connect, wait a moment without trying to send a command, your fine. Doh! See, that's what happens when you ask networking people to try to troubleshoot mail issues. ^_^;; Sorry about that. :( Matt -- Nathanael C. Cariaga Network Security Administrator St Luke's Medical Center Tel (QC) : +63 2 723 0101 ext 5520 / 4206 Tel (GC) : +63 2 789 7700 ext 6035 / 6036 Tel : +63 2 356 5686 Mobile : +63 922 8735686 EMail: nccari...@stluke.com.ph
Re: Top-posting
I sincerely On Apr 11, 2011, at 5:12 PM, bmann...@vacation.karoshi.com wrote: interleaved posting is considered harmful. Disagree. Owen /bill On Mon, Apr 11, 2011 at 08:05:51PM -0400, Jay Ashworth wrote: - Original Message - From: Daniel Staal dst...@usa.net --As of April 11, 2011 3:11:15 PM -0400, Jay Ashworth is alleged to have said: Nope; I really said it. :-) Standard threaded (IE: not top-posted) replies have been the standard for technical mailing lists on the net since I first joined one. In 1983. Footnote: Maybe that was more Usenet, that early. :-) Anyone who has a problem with it can, in short, go bugger off. Really. --As for the rest, it is mine. I've found my mail has fallen into three basic categories over time: 1) Mailing list, technical or otherwise. 2) Personal discussions. 3) 'Official' work email, of one form or another. Of the three, #1 almost always is either bottom posted, or fully intermixed. #2 I often introduce people to the idea, but once they get it they like it. In both of these it is more important what is replying to what, and what the *current state* of the conversation is. Either one I can rely on the other participants to have the history (or at least have access to it). Top-posting in either context is non-helpful. Well put. #3, is always top-posted, and I've grown to like that in that context. The most current post serves as a 'this is where we are right now, and what needs to be done', while the rest tends to preserve the *entire* history, including any parts I was not a part of initially. (For instance: A user sends an email to their boss, who emails the helpdesk, who emails back for clarification, and then forwards on that reply to me. At that point it's often nice to know what the original issue was, or to be able to reach the user directly instead of through several layers of intermediary.) I sorely hate to admit it, but you're right. I tried doing traditional quoting on emails in my last position (as IT director in a call center), and everyone else's heads came off and rolled around on the floor; my boss, the controller, actually *asked me to stop*. It has different strengths and weaknesses, and can be useful in it's place. Mailing lists are not top-posting's place. ;) We clearly agree, here. Hopefully, we've clarified the reasons why, for anyone who was on the fence. (As for HTML email... I've yet to meet an actual human who routinely used HTML-only emails. They are a sure sign of a marketing department's involvement.) I have. No, not necessarily. Cheers, -- jra
Re: Top-posting
On Apr 11, 2011, at 7:58 PM, Bryan Fields wrote: On 4/11/2011 21:22, Richard Golodner wrote: Too many Outlook users. With just about any other email client it is very easy to bottom post. To those who wish to post as they want demonstrates a certain something about being a professional and an additional personality component that need not be mentioned. The issue with outlook/exchange is there is no way to use another client with it. I cannot even force plain text to the internet, the server send it as quoted printable even if I strip all formatting. I have used Evolution and IMAP with exchange servers in the past, so, I'm not convinced this is an entirely accurate statement. The outlook email client does not support wrapping text at a given line length either. I'll skip the obvious conclusion about the quality of the product in question. Owen
Re: Top-posting
On Apr 12, 2011, at 12:42 PM, Owen DeLong wrote: I have used Evolution and IMAP with exchange servers in the past, so, I'm not convinced this is an entirely accurate statement. And in fact, I'm posting this message in plain-text via the OSX Mail.app connected via native Exchange protocols to an Exchange server. There's even a plug-in for Mail.app in order to make inline posting easier. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com The basis of optimism is sheer terror. -- Oscar Wilde