Re: Apple updates - Akamai effect
Baskett, Andrew wrote: > Hi J, > > As Patrick mentioned, on-net private Akamai clusters should not be serving > out of your network unless you desire them to or there is a configuration > mistake. > > There is a small caveat; we direct users by which DNS they use and not by > end user IP address. So if a user has switched ISPs and not updated their > DNS, they could still be directed to the previous ISP's on-net cluster. > Of course, this would be viewed as serving offnet but usually makes up a > very small % of traffic (think <1%) > > Unfortunately, Akamai has no control over this aspect but ISPs have a few > options to mitigate it. > > If you can let me know more info about what you are seeing, we would be > happy to investigate & help further. > > Thanks, > > Andrew Baskett > Senior Network Support - Akamai Technologies - Cambridge, MA USA > 888-421-1003 or +1-617-444-0089 - netsupport-...@akamai.com > http://www.akamai.com Andrew, Actually, I've already been talking to you somewhat about our upgrades in the area, I believe. I'm mostly curious about what the user impact is on the cluster and link upgrades in terms of experience when that happens. This seems to be a common progression, so I'm curious ahead of time. > -- Forwarded message -- > From: "Patrick W. Gilmore" > To: North American Operators' Group > Date: Sat, 15 Oct 2011 20:43:20 -0400 > Subject: Re: Apple updates - Akamai effect > On Oct 15, 2011, at 20:06, J wrote: >> Simon Leinen wrote: > >>> Guess it was a good idea to upgrade that Akamai cluster's uplink to >>> 10GE, even though 2*GE (or was it 4*GE) looked sufficient at the time. >>> Remember folks, "overprovisioning" is a misnomer, it should be called >>> "provisioning for robustness and growth". >> If I may change the thrust a bit, this is of interest to me. >> >> Just because we're in the midst of similar - changing from 2xGE to 10GE >> and >> increasing the number of Akamai nodes. >> >> Anyone have similar stats on that sort of conversion, and what to expect? >> From what I can tell, there's a fair bit of local, off-net traffic >> coming to >> ours, so I'm curious what the turn-up may look like. > > It sounds like you have what Akamai calls an "AANP" deployment. In > general, that should not serve users outside your network. There are > reasons it can, and you should talk to Akamai about it if you think it is. > > If you have questions about an on-net node, feel free to email Akamai's > Network Support group, netsupp...@akamai.com. They are only M-F, but they > can answer any questions you have. > > -- > TTFN, > patrick
Re: The Cidr Report
On Sun, 16 Oct 2011 10:06:10 EDT, "William F. Maton Sotomayor" said: > A similar thing was done at a USENIX in Monterey over a decade ago. The > point behind that one was to drive home how bad it was for the attendees > to use telnet to their boxes at the mothership. Nothing like seeing > people watch their passwords put up on two screens to teach them about > SSH. Did something similar at a SANS-EDU class a few years back, maybe 300 or so attendees. The first morning, I ran several carefully crafted tcpdumps on the wireless network to get just the SYN packets for telnet, ssh, rlogin/rsh, and POP in cleartext and over SSL. Then just before class started up after lunch, I announced the counts (was about 1/3 encrypted, 2/3 cleartext). When the slide with the numbers hit the screen, a predictable 2/3 suddenly got outraged "You have no right to grab our passwords/ that's irresponsible behaior for a security professional/ etc". So I joked "See Randy, I *told* you we wouldn't have to map from IP to MAC to conference registration to tell who they were" which didn't help matters much. ;) Then I tell them that yes, it *would* be irresponsible for me to snarf passwords, so I only grabbed SYN packets. The room got quiet, till I added "but those random people sitting out in the atrium aren't security professionals, and we have no control over whether they grab passwords or not, so you probably want to change your passwords." Sudden flurry of typing from 2/3 of the people. "Over a secure channel, of course". Sudden lack of typing and a lot of deer-in-headlights looks, and one voice from the back of the room "Well played" ;) pgpIJhXHHkkFv.pgp Description: PGP signature
Re: [routing-wg] BGP Update Report
On Sun, 16 Oct 2011 14:25:56 -0400 valdis.kletni...@vt.edu wrote: > On Sun, 16 Oct 2011 09:39:13 EDT, John Peach said: > > not really, given that he is not the sender, the mailing list is > > We want to get pedantic, who generated the Message-ID: for the > mail in question? ;) I had no intentions of being pedantic; just pointing out that once the mail had gone to the mailing list there was no need to ever accept it back again -- John
Re: [routing-wg] BGP Update Report
On Sun, 16 Oct 2011 09:39:13 EDT, John Peach said: > not really, given that he is not the sender, the mailing list is We want to get pedantic, who generated the Message-ID: for the mail in question? ;) pgp3yje0gvcXQ.pgp Description: PGP signature
Re: The Cidr Report
On Sun, 16 Oct 2011, Aftab Siddiqui wrote: I seriously don't understand that why an RIR can't send atleast a notice to those announcing bogus prefixes. A letter in RED mailed to the business address would help. The RIRs have indicated in the past that they don't see this as their job even though we keep asking for it. Instead, the RIRs do other things with our membership dues that we do not ask for. Go figure. -Hank
Re: 13 years ago today - October 16, 1998...
On Oct 15, 2011, at 11:20 58PM, Jay Ashworth wrote: > - Original Message - >> From: "Rodney Joffe" > >> Subject: 13 years ago today - October 16, 1998... >> we lost Jon. >> >> It feels like just yesterday. >> >> http://www.apps.ietf.org/rfc/rfc2468.html > > My path didn't cross Jon's much... but he was nice enough to reserve the > really cool RFC number that graces my AFJ contribution from 1997 -- 3 or 4 > RFCs with higher numbers came out in March. Ah, I'm not the only one he did that for. I asked if the IAB/IESG statement on crypto could by RFC 1984. He told me that he never reserved RFC numbers -- but that coincidences could happen... --Steve Bellovin, https://www.cs.columbia.edu/~smb
Re: [routing-wg] The Cidr Report
- Original Message - > From: "Graham Beneke" > Perhaps a "biggest climbers & fallers" list would also have more > relevance for the regular report. The "Top 30" list doesn't seem to > change very often... ;-) "And now... with the top 30 prefixes in the United States for the week ending October 16th, Two Thousand Eleven, I'm Casey Kasem... (Shuckatoom[1] plays)" Cheers, -- jra [1]http://www.youtube.com/watch?v=zhM4Y3Bo2jM -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: The Cidr Report
> So, any chance of putting a banner of top polluters in next APRICOT. :) ^ a/p i will try to work with the organizers on this randy
Re: The Cidr Report
>> I seriously don't understand that why an RIR can't send atleast a >> notice to those announcing bogus prefixes. A letter in RED mailed to >> the business address would help. > > RIRs claimed in the past that they have nothing to do with routing. of > course, rpki-based origin validation changes this. but i suspect that > they may still want to keep as distant as possible. > well IMHO, that's "stealing of resource." Yes if they have nothing to do with routing than atleast they should do somethin to safe guard what they are providing to thr members. So, any chance of putting a banner of top polluters in next APRICOT. :) -- Regards, Aftab A. Siddiqui
Re: The Cidr Report
On Sun, 16 Oct 2011, Aftab Siddiqui wrote: success. what would help? I guess rpki would help and a banner during every NOG/RIR meeting showing top polluters. A similar thing was done at a USENIX in Monterey over a decade ago. The point behind that one was to drive home how bad it was for the attendees to use telnet to their boxes at the mothership. Nothing like seeing people watch their passwords put up on two screens to teach them about SSH. Granted, placing the CIDR report up on a screen may not have the same effect, but as NANOGs get video recorded, it's a lot harder to explain in the future why you were on that list. Somehow the visual is more powerful than pretending an erased email doesn't make it into a web archive. I seriously don't understand that why an RIR can't send atleast a notice to those announcing bogus prefixes. A letter in RED mailed to the business address would help. May be a useful angle for the RIRs to pursue - but are RIRs in the routing police business? wfms
Re: The Cidr Report
>>> Me and few bunch of self acclaimed geeks of our region read it and >>> have done our level best to remove few polluters but with very less >>> success. >> what would help? > I guess rpki would help working on it. it will lessen the perceived security benefit of fragging. > and a banner during every NOG/RIR meeting showing top polluters. NOGs could do that for the polluting operators their region. this may actually be implementable! hey EOF, if you have not been completely digested by the NCC, perhaps this would be good in wien. > I seriously don't understand that why an RIR can't send atleast a > notice to those announcing bogus prefixes. A letter in RED mailed to > the business address would help. RIRs claimed in the past that they have nothing to do with routing. of course, rpki-based origin validation changes this. but i suspect that they may still want to keep as distant as possible. randy
Re: [routing-wg] BGP Update Report
On Sat, 15 Oct 2011, Keegan Holley wrote: +1 good to get a view from multiple sources even if they are automated. Should be easy enough to filter for those that do not want them. Plus it's helped me in the past catch a very massive (well, OK, it was a less than a hundred unaggregated routes run off into the Internet) leak, which forced me to learn about prefix-lists and such. So for those that care enough about their own networks, it can be catalyst to learning something new. 2011/10/15 William F. Maton Sotomayor On Sat, 15 Oct 2011, Lynda wrote: On 10/15/2011 4:26 AM, Geoff Huston wrote: While I am at it, does anyone read this report, or is this weekly report also just part of the spam load on this list? I read both of them, and also the Weekly Routing Report. I will regret the loss, and consider all three to be far more valuable than 90% of the traffic on the list. +1 The reports are also useful to do a double-check on changes I've made from the perspective of others (even if they are automated tools). wfms wfms
Re: The Cidr Report
> >> Me and few bunch of self acclaimed geeks of our region read it and >> have done our level best to remove few polluters but with very less >> success. > > what would help? I guess rpki would help and a banner during every NOG/RIR meeting showing top polluters. I seriously don't understand that why an RIR can't send atleast a notice to those announcing bogus prefixes. A letter in RED mailed to the business address would help. m2c of bad geekness -- Regards, Aftab A. Siddiqui
Re: The Cidr Report
aftab, > yes, our ASN landed on polluter list once and we fixed it. I think > there is nothing wrong in sharing that. thank you, thank you. > Me and few bunch of self acclaimed geeks of our region read it and > have done our level best to remove few polluters but with very less > success. what would help? randy
Re: The Cidr Report
Randy, yes, our ASN landed on polluter list once and we fixed it. I think there is nothing wrong in sharing that. Me and few bunch of self acclaimed geeks of our region read it and have done our level best to remove few polluters but with very less success. Seems like those who should be reading it are either too busy polluting or using hushmail. Geof, this is very useful stuff for many. so how many uniqe hits you get on the website? On Sunday, October 16, 2011, Randy Bush wrote: >> I read it every week. It's a finger on the pulse of a system on which >> I am totally dependent... > > the email i want to see here is "i wuz a polluter, but i read the cidr > report, i haz seen the light, and i'm gonna stop polluting." > > no, i am not holding my breath. > > randy > > -- Regards, Aftab A. Siddiqui
Re: [routing-wg] BGP Update Report
On Sun, 16 Oct 2011 03:50:08 + Skeeve Stevens wrote: > John, > > Bit hard for Geoff to devnull them, he is the author ;-) not really, given that he is not the sender, the mailing list is > > [snip] > -- > John > > -- John
Re: [routing-wg] The Cidr Report
On 15. Oct 2011, at 19:25 , Geoff Huston wrote: > Does anyone give a s**t about this any more? Yes, and if only to tell people that we could do a lot better if we'd care more about the Net than .. (?)economics(?) ..? I keep wondering if people generate more elaborated filters based on the overall data to get down table sizes rather than saying >=/24 only or similar? To me it reads as we'd still be below 256k then rather than close to 400k? Or more realistically 300k-ish? Anyone done any research how that would affect various numbers in forwarding paths? *hide* > From what I learned at the latest NANOG it's very clear that nobody reads > this any more. Read? Or act? Where are the BNOsFH these days? > Is there any good reason to persist in spamming the nanog list with this > report? A good reason would be to add the same damned thing for IPv6 as well to avoid us starting with the same *beep* there already. There was a great number of noise in the table when I last looked myself (given it's been a longer while). Now we want to encourage people to deploy IPv6 and not make it harder for them but a lot of obstacles in policies from the very early days are gone these days and could be cleaned up before it's too late and in addition if people roll it out now, why not do it once and do it right from the beginning, but where's the education on `eek not the same *beep* as with legacy IP again`, as some people are trapped in BBCP (bad best current practices)? Well I know you have it online, but polling a website is harder than getting it delivered to the inbox every week;) /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.
Re: [routing-wg] The Cidr Report
On 15/10/2011 21:25, Geoff Huston wrote: Does anyone give a s**t about this any more? I do. While most of the content of the actual mail has very little relevance to me, it does provide useful leverage and motivation to fix some of the networks where I do have influence. From what I learned at the latest NANOG it's very clear that nobody reads this any more. I often don't have the time to read every report in detail and much of it applies to networks outside of my circles. Every few weeks it does however prompt me to go and review my own network (and sometimes wave a stick at few ops people) Is there any good reason to persist in spamming the nanog list with this report? I definitely think its still useful for the community. Perhaps the frequency could be dialed back a little? I'm sure that there are many people who don't really notice it any more due to their mental white noise filters. Perhaps some slightly different presentations of the data would also make it more useful. I am quite interested in the number of prefixes of various lengths that are seen in the table and that doesn't get included in the mailed report. Perhaps a "biggest climbers & fallers" list would also have more relevance for the regular report. The "Top 30" list doesn't seem to change very often... ;-) -- Graham Beneke