Re: [Nanog-futures] Admission for Committee Members
On Fri, Sep 2, 2011 at 10:19 AM, Jorge Amodio wrote: > admission fee waived or reduced, all the rest MUST pay, even if you > give a talk or serve in other capacity. > As others said you are doing a "public service" to the rest of the > community and if you give a nice and valuable talk you will get the You know what I would suggest. Give presenters who committed a sufficient time in advance an option to have free admission, and an option to pay and donate their free admission opportunity back. Whether something is a "public service" or not is a matter of perspective. Attending and paying admission is presumptively a public service also. Should one interested in performing one public service be forced to perform another? Assume for the sake of argument, it's a more valuable service for a person to present than to pay admission, because if there's noone presenting, then interest and attendance fall. As long as you are not encountering abuses such as 'faux presenters' just presenting for admission. Not all public service is free to the public. Presumably there must be some motivation for a speaker to present; sometimes that is altruistic, sometimes that is not. If that motivation is free admission, but for the community their service is still valuable, then who am I to argue with that? One question you could ask... would the person even be there if they were not giving a presentation? If they would not, then making them pay to come donate their time sounds like a proposition that is more adverse to the presenter. In regards to 'fairness', waiving admission for a presenter is not unfair, if any attendee had an equal opportunity for proposing to present; those paying simply did not avail themselves or perhaps did not have a meaningful thing to present > It will be really unfair for those paying (even if their companies do -- -JH
The Cidr Report
This report has been generated at Fri Sep 2 21:12:31 2011 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date PrefixesCIDR Agg 26-08-11372363 219515 27-08-11372436 219493 28-08-11372391 219336 29-08-11372153 219814 30-08-11372732 219517 31-08-11372442 219383 01-09-11371724 219713 02-09-11373096 219844 AS Summary 38765 Number of ASes in routing system 16349 Number of ASes announcing only one prefix 3564 Largest number of prefixes announced by an AS AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc. 108360672 Largest address span announced by an AS (/32s) AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 02Sep11 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 373662 219871 15379141.2% All ASes AS6389 3564 230 333493.5% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS4766 2508 973 153561.2% KIXS-AS-KR Korea Telecom AS18566 1913 379 153480.2% COVAD - Covad Communications Co. AS22773 1452 108 134492.6% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4755 1536 215 132186.0% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS4323 1626 398 122875.5% TWTC - tw telecom holdings, inc. AS1785 1825 776 104957.5% AS-PAETEC-NET - PaeTec Communications, Inc. AS19262 1393 400 99371.3% VZGNI-TRANSIT - Verizon Online LLC AS10620 1628 688 94057.7% Telmex Colombia S.A. AS28573 1283 344 93973.2% NET Servicos de Comunicao S.A. AS7552 991 165 82683.4% VIETEL-AS-AP Vietel Corporation AS18101 951 145 80684.8% RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI AS24560 1195 397 79866.8% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS8151 1411 653 75853.7% Uninet S.A. de C.V. AS7303 1058 316 74270.1% Telecom Argentina S.A. AS4808 1073 336 73768.7% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS7545 1577 860 71745.5% TPG-INTERNET-AP TPG Internet Pty Ltd AS3356 1107 452 65559.2% LEVEL3 Level 3 Communications AS20115 1591 954 63740.0% CHARTER-NET-HKY-NC - Charter Communications AS17488 1033 397 63661.6% HATHWAY-NET-AP Hathway IP Over Cable Internet AS14420 715 92 62387.1% CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP AS3549 1061 448 61357.8% GBLX Global Crossing Ltd. AS17676 675 70 60589.6% GIGAINFRA Softbank BB Corp. AS22561 967 364 60362.4% DIGITAL-TELEPORT - Digital Teleport Inc. AS4804 659 86 57386.9% MPX-AS Microplex PTY LTD AS17974 1949 1380 56929.2% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia AS4780 758 199 55973.7% SEEDNET Digital United Inc. AS22047 579 32 54794.5% VTR BANDA ANCHA S.A. AS7011 1183 656 52744.5% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS26496 526 24 50295.4% PAH-INC - GoD
BGP Update Report
BGP Update Report Interval: 25-Aug-11 -to- 01-Sep-11 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS329240954 2.6% 87.0 -- TDC TDC Data Networks 2 - AS38040 34921 2.2%3492.1 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 3 - AS982919696 1.2% 19.3 -- BSNL-NIB National Internet Backbone 4 - AS38543 18185 1.1%4546.2 -- IBM-TH-AS-AP IBM THAILAND NETWORK 5 - AS631617500 1.1%1166.7 -- AS-PAETEC-NET - PaeTec Communications, Inc. 6 - AS17974 15047 0.9% 16.0 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 7 - AS32528 14994 0.9%2142.0 -- ABBOTT Abbot Labs 8 - AS650314448 0.9% 7.3 -- Axtel, S.A.B. de C.V. 9 - AS29381 12851 0.8% 988.5 -- INET-AS Internet Service Provider 10 - AS12993 12825 0.8% 675.0 -- DEAC-AS SIA Digitalas Ekonomikas Attistibas Centrs 11 - AS949812204 0.8% 147.0 -- BBIL-AP BHARTI Airtel Ltd. 12 - AS201811393 0.7% 148.0 -- TENET-1 13 - AS19262 11302 0.7% 8.0 -- VZGNI-TRANSIT - Verizon Online LLC 14 - AS116649838 0.6% 46.2 -- Techtel LMDS Comunicaciones Interactivas S.A. 15 - AS455959564 0.6% 22.1 -- PKTELECOM-AS-PK Pakistan Telecom Company Limited 16 - AS7552 9327 0.6% 9.0 -- VIETEL-AS-AP Vietel Corporation 17 - AS144208977 0.6% 12.6 -- CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP 18 - AS5800 8770 0.6% 47.2 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 19 - AS160628733 0.6% 873.3 -- Latvijas Tikli Ltd. 20 - AS122528310 0.5% 80.7 -- Telmex Peru S.A. TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS38543 18185 1.1%4546.2 -- IBM-TH-AS-AP IBM THAILAND NETWORK 2 - AS38040 34921 2.2%3492.1 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 3 - AS3976 3394 0.2%3394.0 -- ERX-NURI-ASN I.Net Technologies Inc. 4 - AS32528 14994 0.9%2142.0 -- ABBOTT Abbot Labs 5 - AS3454 8042 0.5%2010.5 -- Universidad Autonoma de Nuevo Leon 6 - AS393655299 0.3%1324.8 -- MICROLINES-AS MICROLINES ISP 7 - AS353331244 0.1%1244.0 -- CITYNET-AS SIA CITYNET 8 - AS346201223 0.1%1223.0 -- MIKRONET_LTD-AS Mikronet SIA 9 - AS2588 3520 0.2%1173.3 -- LATNETSERVISS-AS LATNET ISP 10 - AS444831171 0.1%1171.0 -- ELEKTRONS-AS Elektrons-k 11 - AS631617500 1.1%1166.7 -- AS-PAETEC-NET - PaeTec Communications, Inc. 12 - AS349944642 0.3%1160.5 -- LVBP-AS Baltic Pro SIA 13 - AS354841155 0.1%1155.0 -- GNT-LATVIJA-AS GNT Latvija 14 - AS429793412 0.2%1137.3 -- ASGLBLCOM GlobalCom-LV Autonomous System 15 - AS433401137 0.1%1137.0 -- LR_EM Ministry of Economics of Republic of Latvia 16 - AS431881133 0.1%1133.0 -- LDC_AS V/A "Lauksaimniecibas Datu Centrs" 17 - AS485461122 0.1%1122.0 -- LETA_LV SIA LETA AS 18 - AS446981109 0.1%1109.0 -- VPK-AS Chancery of the President of Latvia 19 - AS441051104 0.1%1104.0 -- DROSIBA-AS Datu Drosiba, SIA 20 - AS436151028 0.1%1028.0 -- MONITORINGA_CENTRS_AS SIA Monitoringa Centrs TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 202.92.235.0/24 11656 0.7% AS9498 -- BBIL-AP BHARTI Airtel Ltd. 2 - 200.23.202.0/248025 0.5% AS3454 -- Universidad Autonoma de Nuevo Leon 3 - 130.36.34.0/24 7489 0.4% AS32528 -- ABBOTT Abbot Labs 4 - 130.36.35.0/24 7489 0.4% AS32528 -- ABBOTT Abbot Labs 5 - 213.16.48.0/24 6593 0.4% AS8866 -- BTC-AS Bulgarian Telecommunication Company Plc. 6 - 66.248.120.0/216400 0.4% AS6316 -- AS-PAETEC-NET - PaeTec Communications, Inc. 7 - 66.248.104.0/216323 0.4% AS6316 -- AS-PAETEC-NET - PaeTec Communications, Inc. 8 - 61.90.164.0/24 6319 0.4% AS38543 -- IBM-TH-AS-AP IBM THAILAND NETWORK 9 - 58.97.61.0/24 6315 0.4% AS38543 -- IBM-TH-AS-AP IBM THAILAND NETWORK 10 - 180.180.251.0/24 6055 0.4% AS38040 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 11 - 180.180.253.0/24 6053 0.4% AS38040 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 12 - 180.180.248.0/24 6050 0.4% AS38040 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 13 - 180.180.250.0/24 6050 0.4% AS38040 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 14 - 180.180.249.0/24 5890 0.3% AS38040 -- GLOBAL-TRANSIT-TOT-IIG-TH TOT Public Company Limited 15 - 58.137.200.0/245540 0.3% AS3854
Re: [Nanog-futures] Admission for Committee Members
On Fri, Sep 02, 2011 at 10:19:34AM -0500, Jorge Amodio wrote: > As others said you are doing a "public service" to the rest of the > community and if you give a nice and valuable talk you will get the > recognition of the NANOG community and your colleagues, and we can put > into consideration including a gold star sticker for your service. Field observations suggest that presenters are more likely to be heckled than recognized for said service to the NANOG community. (c: As hard as it can be to find good talks for the program, giving people incentive to take time out of their busy work schedules to prepare a good talk does not seem unreasonable. > It will be really unfair for those paying (even if their companies do > it for them or don't care because they have a mountain of cash) if > there is a special benefit for some so they don't pay. So far the speaker exemption doesn't seem to have been very contentious unless I've missed something. --msa
Re: Prefix hijacking by Michael Lindsay via Internap
On Wed, Aug 31, 2011 at 12:56 PM, Denis Spirin wrote: (snip) > So, noone is protected from IP network stealing. And noone cares. If > Internap or it's uplinks was more clever and more insistent - we really had > a chance to lost our networks forever. Denis, I think you handled it pretty well from your end. > I definitely sure we need to found and implement some practice for prevent IP > hijacking. I dug a lot of things about secure routing, PKI signing and so on - > there are no working solutions now, as well as will not be in near future. As has been referred in this thread a few times already, there's been a long recent discussion on BGPSEC+RPKI in RIPE's address-policy working group. Because big red "remove-it" buttons inevitably leads to things like http://www.guardian.co.uk/world/2011/aug/30/pakistan-bans-encryption-software : "Recently the regulator made it impossible for Pakistanis to access the website of Rolling Stone magazine, after it published an article on the high proportion of the national budget in Pakistan that goes on its military." > But it is possible to negotiate and arrange the formal (administrative) best > practice for resolving and preventing such issues. Is there any ideas? I offer: Keep records, talk to people, keep domain names. Network with people, use GPG (perhaps even put fingerprint on business card?), and so on. With the latest incarnation of utter failure of the CA trust model/design for websites, there seems to be renewed energy into providing alternative ways to model (distributed) trust. It looks like to me that we're moving towards a multi-source based trust system more and more ( http://perspectives-project.org/ , http://convergence.io/ ). I guess something similar will happen with BGP data (it's suggested to be one of several metrics in convergence), or they may just end up being pretty much the same system. *This* is the general path forward for a robust future Internet... Best regards, Martin
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith . Routing Table Report 04:00 +10GMT Sat 03 Sep, 2011 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 370062 Prefixes after maximum aggregation: 167213 Deaggregation factor: 2.21 Unique aggregates announced to Internet: 183305 Total ASes present in the Internet Routing Table: 38662 Prefixes per ASN: 9.57 Origin-only ASes present in the Internet Routing Table: 32065 Origin ASes announcing only one prefix: 15405 Transit ASes present in the Internet Routing Table:5220 Transit-only ASes present in the Internet Routing Table:139 Average AS path length visible in the Internet Routing Table: 4.3 Max AS path length visible: 36 Max AS path prepend of ASN (22394) 33 Prefixes from unregistered ASNs in the Routing Table: 1179 Unregistered ASNs in the Routing Table: 675 Number of 32-bit ASNs allocated by the RIRs: 1700 Number of 32-bit ASNs visible in the Routing Table:1377 Prefixes from 32-bit ASNs in the Routing Table:3177 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:110 Number of addresses announced to Internet: 2472185408 Equivalent to 147 /8s, 90 /16s and 142 /24s Percentage of available address space announced: 66.7 Percentage of allocated address space announced: 66.7 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 91.2 Total number of prefixes smaller than registry allocations: 154267 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:93241 Total APNIC prefixes after maximum aggregation: 30588 APNIC Deaggregation factor:3.05 Prefixes being announced from the APNIC address blocks: 89767 Unique aggregates announced from the APNIC address blocks:38038 APNIC Region origin ASes present in the Internet Routing Table:4545 APNIC Prefixes per ASN: 19.75 APNIC Region origin ASes announcing only one prefix: 1248 APNIC Region transit ASes present in the Internet Routing Table:709 Average APNIC Region AS path length visible:4.5 Max APNIC Region AS path length visible: 18 Number of APNIC region 32-bit ASNs visible in the Routing Table: 79 Number of APNIC addresses announced to Internet: 625813024 Equivalent to 37 /8s, 77 /16s and 38 /24s Percentage of available APNIC address space announced: 79.4 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-132095, 132096-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:142899 Total ARIN prefixes after maximum aggregation:73449 ARIN Deaggregation factor: 1.95 Prefixes being announced from the ARIN address blocks: 114823 Unique aggregates announced from the ARIN address blocks: 47244 ARIN Region origin ASes present in the Internet Routing Table:14626 ARIN Prefixes per ASN: 7.85 ARIN Region origin ASes announcing only one prefix:5626 ARIN Region t
[Semi-OT] - SIP/PRI Voice Origination & LNP for Jackson, MO
Hi there, Casting a large net here ... any Ops on this list that has an already established interconnect or resell services agreement with the folling CLECs? Jackson, MO is apparently a black hole and I can't get any ratecenters for LNP with Level3/GBLX/Paetec, so our normal SIP Origination channels are no good. Here are the companies that apparently can handle LNP and Originate for Jackson. ** SBC/AT&T - While we can get PRIs and/or their IP Flex, they won't allow us to port numbers in that aren't ours - ie. we can't become a reseller. ** Charter Fiberlink - Not getting anywhere with them. No good sales contact info that has a clue. Anyone have a good sales contact? ** Big River Telephone - initially sounded interested in selling us their services, but won't return my follow up calls. Maybe we too small of a fish or maybe they dont like the competition? ** Teleport Communications Group - Not getting anywhere with them. No good sales contact info that has a clue. Anyone have a good sales contact? What we need ... to be able to LNP 573-204 and 573-243 and have the inbound calls come to us, either via SIP or a NxPRI there at our remote POP in Jackson. To start, we're looking to LNP about 300 to 400 numbers and have about 50 concurrent calls. This will be ramping up ... I would appreciate any and all replies off-list please. Thanks! -graham
Re: NAT444 or ?
On 9/1/11 11:52 AM, Cameron Byrne wrote: On Thu, Sep 1, 2011 at 11:36 AM, Serge Vautour wrote: Hello, Things I understand: IPv6 is the long term solution to IPv4 exhaustion. For IPv6 to work correctly, most of the IPv4 content has to be on IPv6. That's not there yet. IPv6 deployment to end users is not trivial (end user support, CPE support, etc...). Translation techniques are generally evil. IPv6->IPv4 still requires 1 IPv4 IP per end user or else you're doing NAT. IPv4->IPv6 (1-1) doesn't solve our main problem of giving users access to the IPv4 Internet. Correct, all content is not there yet... but World IPv6 Day showed that Google, Facebook, Yahoo, Microsoft and 400+ others are just about ready to go. http://en.wikipedia.org/wiki/World_IPv6_Day IPv6->IPv4 does not require 1 to 1, any protocol translation is a form of NATish things, and stateful NAT64 has many desirable properties IF you already do NAT44. Specifically, it is nice that IPv6 flows bypass the NAT and as more content becomes IPv6, NAT becomes less and less used. In this way, unlike NAT44 or NAT444, NAT64 has an exit strategy that ends with proper E2E networking with IPv6... the technology and economic incentives push the right way (more IPv6...) Have a look at http://tools.ietf.org/html/rfc6146 There are multiple opensource and big vendor (C, J, B, LB guys...) implementation of NAT64 / DNS64 ... I have trialed it and plan to deploy it, YMMV... It works great for web and email, not so great for gaming and Skype. http://tools.ietf.org/html/rfc6333 http://tools.ietf.org/html/draft-bpw-pcp-nat-pmp-interworking-00 moves CPE NAT to the ISP tunneled over 192.0.0.0/29. Has anyone deployed NAT444? Can folks share their experiences? Does it really break this many apps? What other options do we have? Yes, expect it to be deployed in places where the access gear can only do IPv4 and there is no money or technology available to bring in IPv6. A false economy when support outweigh CPE cost. -Doug
admission rulz
kind of old-skool, but I figured that NANOG was a group of peers meeting to learn/share with each other. most of the time i would expect each particpant to pay her own way... under -limited- hardship cases, as a member, i'd be happy to have my dues contribute to a stellar speaker who is otherwise unable to attend. but that should be a rare thing. otherwise, i'd want the other members to occasionally pay for me to attend. IMHO. /bill On Fri, Sep 02, 2011 at 10:19:34AM -0500, Jorge Amodio wrote: > I agree that only those organizing or with a real need of financial > support (folks from developing countries or from non-profit orgs or > some students without substantial resources) could have their > admission fee waived or reduced, all the rest MUST pay, even if you > give a talk or serve in other capacity. > > As others said you are doing a "public service" to the rest of the > community and if you give a nice and valuable talk you will get the > recognition of the NANOG community and your colleagues, and we can put > into consideration including a gold star sticker for your service. > > It will be really unfair for those paying (even if their companies do > it for them or don't care because they have a mountain of cash) if > there is a special benefit for some so they don't pay. > > My .02 > -J
Re: [Nanog-futures] Admission for Committee Members
> The SC did not receive comp registration any time while I was serving > on it. aha! sorry. my memory is not what it used to be. > I do feel the need to suggest that Dorian/Randy are on the mark here, > most of these people would pay anyways. as i said, if nanog has the funds, i would support general hardship support with a very low bar. randy
ISP Two-Way Utilization Studies between Subscriber and Network
Can anyone point me to useful recent studies showing the ratio of downstream to upstream traffic loading for a typical home Internet user? Broken out by traffic type would be really nice but not holding my breath. Thanks, -Donner
Re: Silently dropping QoS marked packets on the greater Internet
On (2011-09-02 12:02 -0400), valdis.kletni...@vt.edu wrote: > Except you can't actually *guarantee* that QoS works every packet, every time, > during congestion even within the same network. Remember - QoS is just a > marking to shoot the other guy first. If a link ends up overcommitted with > QoS > traffic, you're still screwed. And there's a second-order effect as well - if I guess you're trying to say, if the protected traffic class is out-of-contract you're still out of luck, that is true. If you're trying to say that any link which which is overcomitted is lost cause anyhow, QoS or not, this of course is not true, if link is not overcommitted QoS makes no sense. > your net is running sufficiently close to the capacity edge that QoS actually > matters, there's probably other engineering deficiencies that are just waiting > to screw you up. Lot of customers have low speed DSL connections and want to run VoIP over that, even if whole office is surfing lolcats. This works, and it works perfectly when configured correctly, of course if VoIP traffic would exceed capacity, you're still screwed, this is where planning comes in, you will sell only X VoIP lines which will always fit, just lolcats will load slower. If this link gets uncontrollable priority traffic from Internet, all bets are off, hence the options in the first post -- ++ytti
Re: [Nanog-futures] Admission for Committee Members
I think a co-pay would be be reasonable.If I human manually did a refund I'm sure the process could ne 'fixed'. It would be interesting to know how many people, based on paste events this would impact. I agree in that I as well suspect its a very low number. -jim On Fri, Sep 2, 2011 at 12:55 PM, Jared Mauch wrote: > Two comments here: > > In the past a human would review and refund speakers if they paid. > > A nominal co-pay may be appropriate, even if it's just $10. Students qualify > for lower rates last I recall as well. We are talking about a small number of > people here, at most 1-2 per conference I suspect based on historical chats. > > Jared Mauch > > On Sep 2, 2011, at 11:27 AM, jim deleskie wrote: > >> If a >> members company is willing to pay anyway, then people always have the >> option of not accepting the free entrance. As for people 'hardship' >> cases, how ever you want to define it, there is no revenue loss here >> as they would be unlikely so spend $ to attend anyway if they had to >> pay. >
Re: Silently dropping QoS marked packets on the greater Internet
On Fri, 02 Sep 2011 17:48:17 +0300, Saku Ytti said: > Seems in this instance someone has deployed QoS and is trusting markings from > Internet, which is just broken, as they cannot anymore guarantee that customer > video/voice etc works during congestion, so the QoS product is broken. Except you can't actually *guarantee* that QoS works every packet, every time, during congestion even within the same network. Remember - QoS is just a marking to shoot the other guy first. If a link ends up overcommitted with QoS traffic, you're still screwed. And there's a second-order effect as well - if your net is running sufficiently close to the capacity edge that QoS actually matters, there's probably other engineering deficiencies that are just waiting to screw you up. Is the story I've heard about people managing to saturate a link with QoS'ed traffic, and then having the link drop because network management traffic was basically DoS'ed, apocryphal, or have people shot themselves in the foot that way? pgpDYYi5gv4pi.pgp Description: PGP signature
Re: Silently dropping QoS marked packets on the greater Internet
On 9/2/11 10:24 AM, Jesse McGraw wrote: I've recently run into a hard-to-troubleshoot issue where, somewhere out in the greater Internet, someone was silently dropping packets from my company that happened to be marked with DSCP AF21. I'd fully expect others to either ignore these markings or zero them out but just silently dropping them seems unnecessary. So, how do you guys treat marked packets that come into/through your networks? Generally strip at the border the specific DSCP values that would trigger reserved bandwidth / priority handling in the distribution and last mile network.Otherwise we leave them alone. -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015
Re: [Nanog-futures] Admission for Committee Members
Two comments here: In the past a human would review and refund speakers if they paid. A nominal co-pay may be appropriate, even if it's just $10. Students qualify for lower rates last I recall as well. We are talking about a small number of people here, at most 1-2 per conference I suspect based on historical chats. Jared Mauch On Sep 2, 2011, at 11:27 AM, jim deleskie wrote: > If a > members company is willing to pay anyway, then people always have the > option of not accepting the free entrance. As for people 'hardship' > cases, how ever you want to define it, there is no revenue loss here > as they would be unlikely so spend $ to attend anyway if they had to > pay.
Re: [Nanog-futures] Admission for Committee Members
I have no problem with speakers getting in free. Speakers may or may not be active in the community and if you want to continue to draw quality speakers this is truly the least the community can do. Many conferences will pick up travel costs, or even token 'gifts' for speakers. As for committee members I have no problem with them getting in free. Unless you have 50-60 free attendees at a conference I don't expect its going to cause financial hardship on the org. If a members company is willing to pay anyway, then people always have the option of not accepting the free entrance. As for people 'hardship' cases, how ever you want to define it, there is no revenue loss here as they would be unlikely so spend $ to attend anyway if they had to pay. -jim On Fri, Sep 2, 2011 at 12:19 PM, Jorge Amodio wrote: > I agree that only those organizing or with a real need of financial > support (folks from developing countries or from non-profit orgs or > some students without substantial resources) could have their > admission fee waived or reduced, all the rest MUST pay, even if you > give a talk or serve in other capacity. > > As others said you are doing a "public service" to the rest of the > community and if you give a nice and valuable talk you will get the > recognition of the NANOG community and your colleagues, and we can put > into consideration including a gold star sticker for your service. > > It will be really unfair for those paying (even if their companies do > it for them or don't care because they have a mountain of cash) if > there is a special benefit for some so they don't pay. > > My .02 > -J > >
Re: [Nanog-futures] Admission for Committee Members
I agree that only those organizing or with a real need of financial support (folks from developing countries or from non-profit orgs or some students without substantial resources) could have their admission fee waived or reduced, all the rest MUST pay, even if you give a talk or serve in other capacity. As others said you are doing a "public service" to the rest of the community and if you give a nice and valuable talk you will get the recognition of the NANOG community and your colleagues, and we can put into consideration including a gold star sticker for your service. It will be really unfair for those paying (even if their companies do it for them or don't care because they have a mountain of cash) if there is a special benefit for some so they don't pay. My .02 -J
Re: [Nanog-futures] Admission for Committee Members
The SC did not receive comp registration any time while I was serving on it. It was possible to be comped for one of a few reasons: 1) Host 2) Speaker 3) Merit 4) B&G Sponsor (i think they got 2 comp registrations) 5) the ARIN scholarship thing. I was on the SC and also on a panel in Dallas (the case I'm thinking of). The meetings covered Feb 14th and a snowstorm that kept people from making it. It was a "big deal" at the time for the merit/nanog finances. I do feel the need to suggest that Dorian/Randy are on the mark here, most of these people would pay anyways. - Jared On Sep 1, 2011, at 8:56 PM, Randy Bush wrote: >> For context in this discussion, how many times have you personally >> accepted free registration in return for presenting? > > no idea. i also think i was comped for being on the SC. like jared, i > would have paid. > > randy
RE: Silently dropping QoS marked packets on the greater Internet
I must say, that seems not terribly sporting. :-) Seriously, I would expect that most public Internet carriers, unless you paid them extra fees to pay attention to the DSCP markings, would completely ignore them and treat it all as best-effort traffic, right up to and including the last-mile circuit that should be the congestion point at which QoS would be most useful to differentiate. I don't think it would be the stated policy of any public ISP to drop other-than-zero-marked packets, especially if it's a transit somewhere that's out of reach of either you or the other customer you're trying to reach. But I know from personal experience that some pieces of Ethernet switch gear can have policies, even at Layer 2, which affect traffic in ways that were not obvious when the human engineers deployed them. I ran into one such problem while deploying a straight-up Internet service to a customer on some GPON gear, and I used a built-in filter to select traffic on a VLAN basis, but I didn't realize that the filter also (unconditionally) matched on Layer 2 QoS markings (802.1p in the VLAN tag) at the same time. And my core Ethernet switch had QoS globally enabled, which meant that it was snooping at the Layer 3 DSCP tag and adapting it (dividing by 8, basically) and placing it into the 802.1p field on the way out the trunk port to the GPON gear. This didn't affect anything until the customer started using a remote backup service -- Mozy, I believe -- which, in a lame attempt to obtain better transit "for free" from ISPs who accidentally pay attention to markings, marked its own HTTPS traffic higher than zero. So my customer could reach anyplace on the Internet except for this backup service -- pings to them worked, but starting a Web session or a backup to the same exact IP address would return no packets. And when I tried from our core (not going through the GPON), it worked perfectly. It was a bit of a head-scratcher until we tcpdump'ed the traffic and looked at it carefully. I assume the same thing would have happened had one of my customers tried to use a SIP VoIP carrier through our Internet. So, in short, I would guess that your upstream's dropping problem was *probably* accidental rather than intentional, and if you can bring it to the attention of the right people at that ISP, they'd probably be grateful. -- Jeff Saxe Blue Ridge InternetWorks Charlottesville, VA From: Jesse McGraw [jlmcg...@gmail.com] Sent: Friday, September 02, 2011 10:24 AM To: nanog@nanog.org Subject: Silently dropping QoS marked packets on the greater Internet I've recently run into a hard-to-troubleshoot issue where, somewhere out in the greater Internet, someone was silently dropping packets from my company that happened to be marked with DSCP AF21. I'd fully expect others to either ignore these markings or zero them out but just silently dropping them seems unnecessary. So, how do you guys treat marked packets that come into/through your networks?
Re: Silently dropping QoS marked packets on the greater Internet
On (2011-09-02 10:24 -0400), Jesse McGraw wrote: > I've recently run into a hard-to-troubleshoot issue where, > somewhere out in the greater Internet, someone was silently dropping > packets from my company that happened to be marked with DSCP AF21. > I'd fully expect others to either ignore these markings or zero them > out but just silently dropping them seems unnecessary. > > So, how do you guys treat marked packets that come into/through your > networks? There really are three options. 1. Zero them out (or mark what ever value you handle as 'public internet' 2. Leave them alone, and never use them (either you don't have QoS deployed, or you trust MPLS EXP or comparable marking in other layer than IP, which is explictly coloured to reflect 'public internet' 3. Have mutual trust between both parties how traffic market and trusted, this will never work for IP transit. Seems in this instance someone has deployed QoS and is trusting markings from Internet, which is just broken, as they cannot anymore guarantee that customer video/voice etc works during congestion, so the QoS product is broken. -- ++ytti
Silently dropping QoS marked packets on the greater Internet
I've recently run into a hard-to-troubleshoot issue where, somewhere out in the greater Internet, someone was silently dropping packets from my company that happened to be marked with DSCP AF21. I'd fully expect others to either ignore these markings or zero them out but just silently dropping them seems unnecessary. So, how do you guys treat marked packets that come into/through your networks?
Re: [Nanog-futures] Admission for Committee Members
> > > To bring it closer to home - we give our presenters a free admission - > > should we also stop that? > > i am ambivalent. i think there is some sort of untested assumption that > this attracts an otherwise unattracted resources we need. > > otoh, committees seem to attract flies. i will not comment on their > quality. > Flies, ouch. Or maybe gadflies? ;-) >From personal experience-- volunteering through committee work is fairly easy when NANOG is an important focus for the employer/employing group. It is very very difficult if one's management has no interest in NANOG or its products. For most of the time I was on the PC, I was also a full-time student, and needed the help of student pricing to fulfill my commitment to the community. Even with student pricing, however, travel and hotels each year would run into the thousands. Given a choice between supporting NANOG, or taking those thousands and increasing my support to my parents... once my term was up, the parents won. For all the griping and moaning that goes on, I do think that valuable work goes on at NANOG. I just can't afford to participate on an individual basis. That may or may not be a loss to the community. ;-) _kobi
RE: serviceproviderworld.com
Hehe... I said almost the exact same thing - oh well, give it some time and I'm sure it'll be "prettier"...;) From: brandon.j@live.com [mailto:brandon.j@live.com] On Behalf Of Brandon Kim Sent: September-02-11 9:21 AM To: p...@paulstewart.org; nanog group Subject: RE: serviceproviderworld.com I agree, this sounds like a great idea. Just checked it out, they could "lose" the 90's style logo though.try web 2.0...at the very least... haha... =)
RE: serviceproviderworld.com
I agree, this sounds like a great idea. Just checked it out, they could "lose" the 90's style logo though.try web 2.0...at the very least... haha... =) > From: p...@paulstewart.org > To: nanog@nanog.org > Subject: serviceproviderworld.com > Date: Thu, 1 Sep 2011 21:58:01 -0400 > > Hey folks... > > > > I know a couple of folks behind this new site and thought it would be > worthwhile for the NANOG community to be made aware of it. > http://www.serviceproviderworld.com/ > > > > It's basically going to be a directory of service providers across the world > - that's the plan as I understand it. End-users can visit and review their > service providers etc. > > > > Personally, I think this is a great concept - I've seen some online > directories of providers and most of them are either entirely Canada based > or US based and in my opinion not that great. Please bear in mind that this > site is literally getting started - there is an email link I found at the > bottom of the site where you can email the group for > assistance/questions/feedback. > > > > Just an FYI ... > > > > Thanks, > > > > Paul > > >
Re: DNS: 8.8.8.8 won't resolve noaa.gov sites?
On 09/01/11 21:41, Jay Ashworth wrote: [ Cross-posted to NANOG and Outages; replies to outages or outages-discussion; I would set the header, but Zimbra sucks. :-) ] I've had my home box set to use 8.8.8.8 as its primary resolver, falling back to the BBN anycast. Sometime today, 8.8.8.8 appears to have stopped resolving www.noaa.gov and www.nhc.noaa.gov: ;<<>> DiG 9.7.3-P3<<>> @8.8.8.8 www.noaa.gov ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34999 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.noaa.gov. IN A ;; Query time: 33 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Sep 1 22:38:11 2011 ;; MSG SIZE rcvd: 30 though it resolves Yahoo and Google and Akamai.com and everything else I throw at it. Digging noaa.gov at 4.2.2.1 returns what I expect. Interesting, too, that Firefox 5.0 wouldn't DTRT, even though 4.2.2.1-3 were the backup nameservers in my resolv.conf. Road Runner Tampa Bay connection. Can anyone confirm or deny? Google DNS or NOAA people here, before I go ping NOAA staff on Twitter? Cheers, -- jra Jay, wonder if this has anything to do with DNSSEC? These records were resigned on Sept 2 at 08:50 GMT. If the signature expired and they were late in resigning the records... I just discovered a minor issue with dnssec tools and zonesigner in there. Zonesigner defaults to a 30 day expiration and they recommend running it once a month. What happens in months with 31 days? Lyle Giese LCR Computer Services, Inc.
Re: Access and Session Control System?
On Thu, 1 Sep 2011 17:45:55 -0400 Rafael Rodriguez wrote: > I recommend you look into the Juniper SSL VPN products (SA Series). Very > power boxes, intuitive admin interface (web driven) and are perfect for the > "Vendor Access" type of applications. They work fine (mostly), but your definition of intuitive obviously does not coincide with mine. > > Sent from my iPhone > > On Sep 1, 2011, at 16:30, "Jones, Barry" wrote: > > > > > Hello all. > > I am looking at a variety of systems/methods to provide (vendor, employee) > > access into my dmz's. I want to reduce the FW rule sets and connections to > > as minimal as possible. And I want the accessing party to only get to the > > destination I define (like a fw rule). > > > > When I refer to access, I'm referring to the ability of a vendor or > > employee to perform maintenance tasks on a server(s). The server(s) will be > > running apps for doing different tasks - such as Shavlik, etc.., > > (patching, reports, logging, etc..), so I am envisioning allowing an > > outside vendor/employee (from the internet or corp. net) to RDP or SSH to a > > given Windows or Unix based machines, then perform their application work > > from that jumping off point - kind of like a terminal server; but I'd like > > to control and audit the sessions as well. > > > > Overall, I can allow a host/port through the FW to a single host, but I > > wanted to be able to do the session management and endpoint controls. FW's > > are ok, but you know as well as I that I now deal with lots of rules sets. > > And I need to also authenticate the user. > > > > We are a couple smaller facilities (150 hosts each) and I need to be able > > to control and audit the sessions when requested. I have considered doing a > > meetingplace server, then providing escorted access for them, or doing just > > the FW and a "jump" host - but need the endpoint and session solution, or > > just using VPN - but don't want to install a host on the vendor machines. I > > also have looked at a product called EDMZ - wondered if anyone had > > experience with it? > > > > And did I say I wanted to keep it as simple as possible? :-) It's been a > > few years since I've done hands-on networking work, so excuse the > > long-winded letter. Feel free to email me directly too. > > > > Sincerely > > Barry Jones > > CISSP, GSNA > -- john
Axtel Contact Information (AS6503)
Does anyone have a technical or peering contact at Axtel / AS6503 to address an apparent netblock hijacking issue? Axtel is advertising the 2.5.6.0/24 address space to some of their peers which is under AS3215 management. No answer from ipmaster@axtel... / noc@avantel... Any suggestions? -- Sarah