Re: Outgoing SMTP Servers
Mark Andrews ma...@isc.org writes: In message 4ea8a021.9000...@blakjak.net, Mark Foster writes: Why? It's a reasonable position; end users in the generic sense are sending to whatever their client has set up for SMTP, fire-and-forget. Again, I feel like folks are taking their relatively complicated use-cases and treating them as the norm. It's ths whole attitude that end users are incapable on doing thing correctly. Most user are prefectly fine with having their mail go through a ISP's servers but there are exceptions and when people start say only a ISP can do this or only business need this by BS detector goes off because individuals do need to do the same sorts of things. Yes. Moving behind the BS, it's most likely a well calculated difference between designing a product for 99% of the users or going for the full 100%. The problem is that some of the less technical ISP staff, who often are involved in product definitons or financial and marketing decisions, will think that 99% is everyone :-) FWIW, we've been running a 25/tcp filter by default for a few years now, offering a knob to turn it off from the start. The knob is one of very few settings the users are offered in their self-service web UI, along with change my password, upgrade my account and similar. Disabling the filter is of course free of charge. And when initially enabling the filter, all users were informed about the possibility to turn it off. Current status is that approx 1% of our users have disabled the filter so far. I assume most of them did so because they actually need access to port 25/tcp, but some may have just turned it off to see what happened and forgot about it. Filters will rarely be enabled again when first disabled, as disabled filters naturally are unnoticable. This makes the number of users disabling any given filter service aggregate over time. Anyway, that's the number we see. YMMV Whether that 1% of users are important to you or not will probably depend on a lot of factors. But I believe it's safe to say that those users can be classified as power users, who will have a much higher tendency to buy more expensive products and to discuss their their ISP experiences with other power users. This makes them a lot more valuable than the number itself would indicate. Bjørn
Re: Outgoing SMTP Servers
Owen DeLong o...@delong.com writes: On Oct 26, 2011, at 8:07 PM, Scott Howard wrote: As much as some ISPs still resist blocking port 25 for residential customers, it does have a major impact on the volume of spam leaving your network. I've worked with numerous ISPs as they have gone through the process of blocking port 25 outbound. In every case the number of end-user complaints has been low enough to be basically considered background noise, but the benefits have been significant - including one ISP who removed not only themselves but also their entire country from most of the 'Top 10 Spammers' list when they did it! Blocking outbound port 25 would not reduce the already infinitesimal volume of spam leaving my network in the least. It would, however, block a lot of legitimate traffic. No thanks. I understand that. But you may want to say Yes, please to having port 25 blocked by default while having the ability to turn that filter off. As a residential user, the IP address you use to connect to MXs will inevitably be one carved out of a pool allocated to residential users. This is completely independent of whether you are using IPv4 or IPv6, or having static or dynamic addresses. You buy a residential product = you get a residential address. What that means to you, is that the filters running on all the MXs around the world will classify *you* based on the observed behaviour of all the residential customers of your ISP (among other factors of course, but that's not relevant for this discussion). If your ISP offers an open port 25 to everyone policy, then you may experience that your legitimate traffic drowns in a large volume of worm or virus initiated traffic, making a number of MXs drop your traffic with the rest of the bunch. If, on the other hand, your ISP block port 25 by default and let you disable the filter, then your traffic will probably account for a significant part of the traffic the MXs of the world see from that address pool. This increases the probability that they classify the pool as friendly, and end up accepting your traffic. Most MXs will probably have a sane enough policy to make them accept your mail in either case. But some won't. And as I'm sure you are aware of: You can influence your local policy by choosing your ISP, but you can rarely influence the policies of the MXs you want to talk to. That's why you would want to say yes, please to the filter by default but offer a disable knob service. Bjørn
Recommendation for customer monitoring network tool/portal for a large ISP
Hello, What solutions do you guys in the fixed network business/ISPs use to provide customer portals for network KPI reporting to customers in a fixed network on real time basis. The KPI in question are network availability, utilization, memory/cpu of managed routers/firewall, jitter, packet loss etc in a multi vendor environment. What would you recommend especially in the licensed/supported options and not the free ones like Zabbix, Cacti, MRTG etc. This solution should scale well for hundreds of thousand of clients. We have been using Orion NPM and it pretty much does the job but would wish to move to something more scalable for SP environment. Regards, Alex.
Re: Recommendation for customer monitoring network tool/portal for a large ISP
I looked at Statseeker a while back and it was very good. -- Leigh On 27 Oct 2011, at 09:47, Alex Nderitu nderitua...@gmail.com wrote: Hello, What solutions do you guys in the fixed network business/ISPs use to provide customer portals for network KPI reporting to customers in a fixed network on real time basis. The KPI in question are network availability, utilization, memory/cpu of managed routers/firewall, jitter, packet loss etc in a multi vendor environment. What would you recommend especially in the licensed/supported options and not the free ones like Zabbix, Cacti, MRTG etc. This solution should scale well for hundreds of thousand of clients. We have been using Orion NPM and it pretty much does the job but would wish to move to something more scalable for SP environment. Regards, Alex. __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
RE: Outgoing SMTP Servers
I find that large network providers have less issues with this issue. As a small regional provider, implementing a sane port 25 filter has saved us a lot of money and customer headaches over the years. Our costs would be much higher if we could not save labor hours by implementing this. Possibly making service costs even more prohibitive. Pre implementation of these filters we had lower customer satisfaction, and were contemplating hiring more people to handle the labor load, due to UCE issues. It is interesting that some people who fully understand that the Internet is composed of many networks run by people with different interests can say what is best for the Internet as a whole. How my organization (or yours or anybody else's) runs our network, is between us and our paying users. But this thread has been interesting to follow. :) - Brian J. -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: Wednesday, October 26, 2011 11:42 PM To: Scott Howard Cc: nanog@nanog.org Subject: Re: Outgoing SMTP Servers On Oct 26, 2011, at 8:07 PM, Scott Howard wrote: On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong o...@delong.com wrote: Interesting... Most people I know run the same policy on 25 and 587 these days... to-local-domain, no auth needed. relay, auth needed. auth required == TLS required. Anything else on either port seems not best practice to me. RFC 5068 covers the best practice, and it's not what you've got above. Allowing unauthenticated inbound mail on port 587 defeats the entire purpose of blocking port 25 - the front door is now closed to spammers, but you've left the back door open! (Security through obscurity saves you here in that spammers rarely use port 587 - yet). There isn't a single situations where you should be expecting an unauthenticated inbound message on the 'Submission' port (is, 587) I still believe that that RFC is not correct. That blocking port 25 has too much collateral damage and is not a best practice. As such, you are correct, I am not following RFC 5068. A certain amount of spam does hit my system, but, the hosts that deliver it are identified and blocked reasonably quickly. As much as some ISPs still resist blocking port 25 for residential customers, it does have a major impact on the volume of spam leaving your network. I've worked with numerous ISPs as they have gone through the process of blocking port 25 outbound. In every case the number of end-user complaints has been low enough to be basically considered background noise, but the benefits have been significant - including one ISP who removed not only themselves but also their entire country from most of the 'Top 10 Spammers' list when they did it! Blocking outbound port 25 would not reduce the already infinitesimal volume of spam leaving my network in the least. It would, however, block a lot of legitimate traffic. No thanks. Owen
Re: Colocation providers and ACL requests
2011/10/26 Jay Ashworth j...@baylink.com - Original Message - From: Keegan Holley keegan.hol...@sungard.com - Original Message - From: Keegan Holley keegan.hol...@sungard.com I'm assuming colo means hosting, and the OP misspoke. Most colo providers don't provide active network for colo (as in power and rack only) customers. Most? I'm sure there are exceptions to that rule. It's better than YMMV. Perhaps I look at a different category of colo provider, then, but I'm accustomed to seeing it be well up into double-digit percentage of the ones I've ever looked at. Hosting, to me, means provider's hardware, not just local blended bandwidth. I think you may have misunderstood me. I mean local blended bandwidth to be a colo provider offering extra services. Hosting is provider hardware and there should be a certain level of quality to the services and operation. A colo provider providing the same service as either courtesy access or a low cost alternative to access from an ISP wouldn't be held to the same standard for obvious reasons. There's also virtual hosting which can be nothing other than local blended bandwidth. But none of those webfarm types would be on a list like this right?? ;)
Re: Outgoing SMTP Servers
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: It is interesting that some people who fully understand that the Internet is composed of many networks run by people with different interests can say what is best for the Internet as a whole. How my organization (or yours or anybody else's) runs our network, is between us and our paying users. The fact that a behavior is best for your network does in no way, shape, or form, say anything about what's best for the Internet as a whole. In fact, it's well-understood that there are entire classes of behaviors that are optimal for single actors, but fail when deployed widely. https://en.wikipedia.org/wiki/Tragedy_of_the_commons pgpsP4OkXvIcU.pgp Description: PGP signature
Re: Outgoing SMTP Servers
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: It is interesting that some people who fully understand that the Internet is composed of many networks run by people with different interests can say what is best for the Internet as a whole. How my organization (or yours or anybody else's) runs our network, is between us and our paying users. That claim is true *ONLY* to the extent that 'how your organization runs your network' does _not_ have an adverse effect on other peoples networks. The fact of the matter is that you do not have a viable business without the collective 'tolerance'/'approval' of the rest of the world. You, and your organization, need them far more than they need you. _How_ you pro-actively ensure spam does not exit from your network IS your business. That you *do* do so _is_ within the action purveiw of the 'rest of the world'. Doing so requires that you _actively_ monitor the behavior of your customers and have 'ways and means' in place to (a) detect, and (b) _stop_ immediately upon detection, such abusive behavior by your customers. One of the 'easiest', and most _cost-effective_ ways of doing so *is* to force all outgoing mail from your customers through a 'choke point' for examination/filtering/blckcing. The simplest way of doing that, *without* running afoul of 'wiretapping' statutes. is to require, by policy and by blocking direct external access, that customer out-bound email traffic go through your servers, and doing the necessary 'inspection' there.
RE: Outgoing SMTP Servers
-Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: Thursday, October 27, 2011 10:24 AM To: Brian Johnson Cc: nanog@nanog.org Subject: Re: Outgoing SMTP Servers On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: It is interesting that some people who fully understand that the Internet is composed of many networks run by people with different interests can say what is best for the Internet as a whole. How my organization (or yours or anybody else's) runs our network, is between us and our paying users. The fact that a behavior is best for your network does in no way, shape, or form, say anything about what's best for the Internet as a whole. In fact, it's well-understood that there are entire classes of behaviors that are optimal for single actors, but fail when deployed widely. https://en.wikipedia.org/wiki/Tragedy_of_the_commons So... I'm in complete agreement with your statement, but The Wikipedia reference is not pertinent (and a little sophomoric). :)
RE: Outgoing SMTP Servers
-Original Message- From: Robert Bonomi [mailto:bon...@mail.r-bonomi.com] Sent: Thursday, October 27, 2011 12:50 PM To: nanog@nanog.org Subject: Re: Outgoing SMTP Servers On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: It is interesting that some people who fully understand that the Internet is composed of many networks run by people with different interests can say what is best for the Internet as a whole. How my organization (or yours or anybody else's) runs our network, is between us and our paying users. That claim is true *ONLY* to the extent that 'how your organization runs your network' does _not_ have an adverse effect on other peoples networks. The fact of the matter is that you do not have a viable business without the collective 'tolerance'/'approval' of the rest of the world. OK. You, and your organization, need them far more than they need you. Argumentative and unnecessary. _How_ you pro-actively ensure spam does not exit from your network IS your business. That you *do* do so _is_ within the action purveiw of the 'rest of the world'. Judge me as you will. My customers will determine if I change this policy. Their judgment is all that matters in this circumstance as the external Internet community has the access that the Internet community needs relative to this instance. Doing so requires that you _actively_ monitor the behavior of your customers and have 'ways and means' in place to (a) detect, and (b) _stop_ immediately upon detection, such abusive behavior by your customers. One of the 'easiest', and most _cost-effective_ ways of doing so *is* to force all outgoing mail from your customers through a 'choke point' for examination/filtering/blckcing. The simplest way of doing that, *without* running afoul of 'wiretapping' statutes. is to require, by policy and by blocking direct external access, that customer out-bound email traffic go through your servers, and doing the necessary 'inspection' there. I think you support my position, but I could be convinced otherwise. :) Be careful with you punctuation. I got lost a few times there :) - Brian
Re: XSServer / Taking down a spam friendly provider
On Wed, Oct 26, 2011 at 08:22:53PM -0400, Chris wrote: For folks who say hosting companies are not helpful: Linode, Amazon, BurstNET, Ubiquity Servers and others are extremely responsive to abuse complaints. Burstnet is one of the filthiest sewers on the entire Internet. Has been for many years. They are vehemently pro-spam. See, for example: http://groups.google.com/group/news.admin.net-abuse.email/msg/fba14415f70e08c8 They are thus not a good counterexample to use in this case. ---rsk
BGP AS question
Greetings. We have a few facilities within a 30 mile radius, and each has an ISP link. We use P2P links at the edge to make certain traffic sourcing from one facility, and destined to the Public IPs at another, stay on the dirty links rather than punting out to the ISP. All sites use the same BGP AS. Recently, we were required to turn up an additional facility in a short time frame. It also uses the same BGP AS. However, it does not have a dirty cross-connect link. So, even though this facility has unique /24 public IP blocks, it still has the same AS. One thing we are noticing is that some ISPs don't seem to have a problem allowing this traffic, and some do. I suspect some don't like traffic with the same source and destination BGP AS, even though the prefixes are different at each location. But other ISPs seem to permit this with no problem. My question is: is normal BGP default behavior to permit or to allow this type of traffic? Also, would it be easier to ask the ISP to make an exception, or to buy another AS for the rogue facility? Thanks. Clifford W Bowles, Technical Director Apollo Group | IT Services | Network Engineering 4025 S. Riverpoint Parkway | CF-C201 | Phoenix, AZ 85040 phone: 602-557-6762 | fax: 602-557-6607 | email: cliff.bow...@apollogrp.edumailto:cliff.bow...@apollogrp.edu This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
RE: Recommendation for customer monitoring network tool/portal for a large ISP
I'm getting ready to do an eval of Monolith Software's monitoring/management product. They have some very nice multi-tenant dashboarding and reporting capabilities and are extremely scalable. -Gabriel -Original Message- From: Alex Nderitu [mailto:nderitua...@gmail.com] Sent: Thursday, October 27, 2011 4:45 AM To: nanog@nanog.org Subject: Recommendation for customer monitoring network tool/portal for a large ISP Hello, What solutions do you guys in the fixed network business/ISPs use to provide customer portals for network KPI reporting to customers in a fixed network on real time basis. The KPI in question are network availability, utilization, memory/cpu of managed routers/firewall, jitter, packet loss etc in a multi vendor environment. What would you recommend especially in the licensed/supported options and not the free ones like Zabbix, Cacti, MRTG etc. This solution should scale well for hundreds of thousand of clients. We have been using Orion NPM and it pretty much does the job but would wish to move to something more scalable for SP environment. Regards, Alex.
Need photographs of IT/Telecom gear/rooms
Greetings, I have been given the opportunity to teach the mechanics of the Internet to a group of 6 - 12'th grade students, and as an engineer and owner of an ISP I have it in mind to really get into this and show these kids how, really, all this stuff works and to make it fun and exciting. I can't take them on a tour of an ATT central office to show off one of my DSLAMs for example, nor can I really show them what a colocation or IX looks like since they are too far away to drive. I was hoping any of you would be kind enough to provide pictures of these types of environments, especially rack mounted switch/router hardware, fiber optic cabling short and long haul, international undersea cable anchor points, or anything else that would make for a good slide presentation in this context. These kids are in a very rural community where marijuana is the main source of income (followed by meth), and have little access to adults doing this type of stuff in the real world. My focus will also include introducing these kids to the concept of having something better such as a career in information technology and talking about ways they themselves might get involved and on track that way, so these photographs would be extremely helpful to light their young minds and get them thinking about their futures. Thank you all. Mike-
Re: Outgoing SMTP Servers
On Thu, Oct 27, 2011 at 1:50 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote: On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: As a small regional provider, implementing a sane port 25 filter has saved us a lot of money and customer headaches over the years. It is interesting that some people who fully understand that the Internet is composed of many networks run by people with different interests can say what is best for the Internet as a whole. How my organization (or yours or anybody else's) runs our network, is between us and our paying users. That claim is true *ONLY* to the extent that 'how your organization runs your network' does _not_ have an adverse effect on other peoples networks. What I *prevent* from entering or leaving my network is *my business*, between me and my customers. What I allow to leave my network can become yours. As with all rules, there's at least one exception: the monopoly or duopoly vendor has an obligation to ensure that restrictions don't abuse his position in the market. Nevertheless, Mr. Small Business, you shouldn't be blocking that packet, it's bad for the Internet, is not for you or anyone else to say. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Need photographs of IT/Telecom gear/rooms
Mike, You might be able to glean some interesting pictures from: http://www.reddit.com/r/cableporn http://www.reddit.com/r/datacenter http://www.flickr.com/groups/cableporn/ * That's actual cables and racks and such, not cinemax late night video =) --chip On Thu, Oct 27, 2011 at 3:30 PM, Mike mike-na...@tiedyenetworks.com wrote: Greetings, I have been given the opportunity to teach the mechanics of the Internet to a group of 6 - 12'th grade students, and as an engineer and owner of an ISP I have it in mind to really get into this and show these kids how, really, all this stuff works and to make it fun and exciting. I can't take them on a tour of an ATT central office to show off one of my DSLAMs for example, nor can I really show them what a colocation or IX looks like since they are too far away to drive. I was hoping any of you would be kind enough to provide pictures of these types of environments, especially rack mounted switch/router hardware, fiber optic cabling short and long haul, international undersea cable anchor points, or anything else that would make for a good slide presentation in this context. These kids are in a very rural community where marijuana is the main source of income (followed by meth), and have little access to adults doing this type of stuff in the real world. My focus will also include introducing these kids to the concept of having something better such as a career in information technology and talking about ways they themselves might get involved and on track that way, so these photographs would be extremely helpful to light their young minds and get them thinking about their futures. Thank you all. Mike- -- Just my $.02, your mileage may vary, batteries not included, etc
Re: XSServer / Taking down a spam friendly provider
On Thu, Oct 27, 2011 at 1:52 AM, William Pitcock neno...@systeminplace.net wrote: On Wed, 26 Oct 2011 20:22:53 -0400 Chris cal...@gmail.com wrote: This is a huge business. Shady SEO companies are charging individuals at least $250 per month to use their spam tools of choice to spam forums and Wordpress blogs. I got one of the major players on the run right now because he cannot seem to keep his business page hosted with a company longer than a few weeks and I keep playing whack-a-mole with him. McColo and Atrivo were not terminated because of spam. If you believe they are, then you are simply misinformed. Atrivo and McColo were terminated over their network being used extensively for botnet control centers. William, Atrivo and McColo were terminated _late_. As an industry, might we not consider finding a reasonable way to do a more effective job identifying and dealing with shops who can't seem to keep out the customers who use those facilities to hurt and abuse the rest of us? If we fail to adequately self-regulate, the courts and entities like the U.S. Congress will surely find a way to do it for us. And they won't care nearly as much about the technical constraints as we do. I make no judgment about XSServer and offer no solution. I merely suggest that Chris has posed a legitimate operational problem that our community may wish to redress while the while the details of such a choice are still in our hands. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Recommendation for customer monitoring network tool/portal for a large ISP
You can all so look at Zenoss Sent from my iPhone On 2011-10-27, at 4:47 AM, Leigh Porter leigh.por...@ukbroadband.com wrote: I looked at Statseeker a while back and it was very good. -- Leigh On 27 Oct 2011, at 09:47, Alex Nderitu nderitua...@gmail.com wrote: Hello, What solutions do you guys in the fixed network business/ISPs use to provide customer portals for network KPI reporting to customers in a fixed network on real time basis. The KPI in question are network availability, utilization, memory/cpu of managed routers/firewall, jitter, packet loss etc in a multi vendor environment. What would you recommend especially in the licensed/supported options and not the free ones like Zabbix, Cacti, MRTG etc. This solution should scale well for hundreds of thousand of clients. We have been using Orion NPM and it pretty much does the job but would wish to move to something more scalable for SP environment. Regards, Alex. __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: Recommendation for customer monitoring network tool/portal for a large ISP
Might want to check out NimSoft as well. Multitenancy built in. http://www.nimsoft.com/solutions On Thu, Oct 27, 2011 at 4:45 AM, Alex Nderitu nderitua...@gmail.com wrote: Hello, What solutions do you guys in the fixed network business/ISPs use to provide customer portals for network KPI reporting to customers in a fixed network on real time basis. The KPI in question are network availability, utilization, memory/cpu of managed routers/firewall, jitter, packet loss etc in a multi vendor environment. What would you recommend especially in the licensed/supported options and not the free ones like Zabbix, Cacti, MRTG etc. This solution should scale well for hundreds of thousand of clients. We have been using Orion NPM and it pretty much does the job but would wish to move to something more scalable for SP environment. Regards, Alex. -- Just my $.02, your mileage may vary, batteries not included, etc
Re: Recommendation for customer monitoring network tool/portal for a large ISP
We've just deployed Intermapper to do all of our device polling, link status and topology mapping. Works very well and looks real pretty. For graphing, we use cacti with the Discovery and Autom8 plugins. For SNMP trap parsing, we use SNMPTT. We're currently evaluating Splunk to eat the SNMP trap and syslog data from our gear and do cool stuff with it. Last on my list of tools to try is Cisco NCM as a replacement for RANCID. RANCID is amazing, but when we have hundreds of devices with exactly the same base configs on them, something a little more sophisticated than RANCID is required to keep all of those configs in sync. On 2011-10-27, at 4:45 AM, Alex Nderitu wrote: Hello, What solutions do you guys in the fixed network business/ISPs use to provide customer portals for network KPI reporting to customers in a fixed network on real time basis. The KPI in question are network availability, utilization, memory/cpu of managed routers/firewall, jitter, packet loss etc in a multi vendor environment. What would you recommend especially in the licensed/supported options and not the free ones like Zabbix, Cacti, MRTG etc. This solution should scale well for hundreds of thousand of clients. We have been using Orion NPM and it pretty much does the job but would wish to move to something more scalable for SP environment. Regards, Alex.
Fiber in Atlantic City, NJ
Hello, If anyone has/knows of contacts among the fiber providers in Atlantic City, NJ as close to the Broadwalk as possible ( especially those that might have a leg to Philadelphia, PA ), could you kindly reply off list? Thank you, Alex
Re: Fiber in Atlantic City, NJ
On Thu, Oct 27, 2011 at 5:16 PM, alex-lists-na...@yuriev.com wrote: Hello, If anyone has/knows of contacts among the fiber providers in Atlantic City, NJ as close to the Broadwalk as possible ( especially those that might have a leg to Philadelphia, PA ), could you kindly reply off list? sounds like quite the gamble... not sure I'd roll the dice on this business plan...
Re: Outgoing SMTP Servers
On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: So... I'm in complete agreement with your statement, but The Wikipedia reference is not pertinent. So I point out the tragedy of the commons, you agree with it, but the Wikipedia reference that talks about the same exact thing isn't pertinent? How does that follow? :) pgp9hn3urpTqJ.pgp Description: PGP signature
Re: Need photographs of IT/Telecom gear/rooms
I did this at career day last spring for my daughter's fifth grade class. They were a bit young to get too deep into the nitty gritty, but they completely ate up the presentation and it was really gratifying to get notes and emails (all voluntarily sent) from some of the kids talking about how much they learned. All the kids love the Internet and using computers and other related gadgets, so I was a total hit. I'm sure you will be too. Enjoy the experience. On Thu, Oct 27, 2011 at 3:30 PM, Mike mike-na...@tiedyenetworks.com wrote: Greetings, I have been given the opportunity to teach the mechanics of the Internet to a group of 6 - 12'th grade students, .
Re: Outgoing SMTP Servers
On 10/27/2011 05:38 PM, valdis.kletni...@vt.edu wrote: On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: So... I'm in complete agreement with your statement, but The Wikipedia reference is not pertinent. So I point out the tragedy of the commons, you agree with it, but the Wikipedia reference that talks about the same exact thing isn't pertinent? How does that follow? :) Maybe he is concerned that the Wikipedia article gets into nit-picking about the ownership of the commons that isn't relevant to our problem, and also is rather long-winded. Hardin got into some things at the end of his paper that probably aren't either (but then, he was a population biologist and not an economist). BTW - that paper is a good read and not too long. The journal link (reference 1 in the wikipedia article) actually works openly (AAAS only blocks full access for a while...) For our purpose, the ownership of the commons in question truly isn't relevant; the fundamental statement of the tragedy for us is that a useful resource that is incrementally free (or even cheap enough) to a large number of participants will get exploited and probably overused. I'm not aware of any solution to this problem with commons that doesn't involve a central authority :-( In feudal practice the landlord could do some enforcement; the spanish alcaldes were another good example of a semi-central solution to the commons problem (water rights in their origins, though their authority grew over time). Classic economics says that market pricing is the solution, but that tends to result in another kind of tragedy. -- Pete
Google+ now available for Google Apps domains
Y'all ragged on me because Google+ was only available to gmail users... Well, now you can enable it for your users from the control panel on your Google Apps domains... Google Apps administrators can manually turn on Google+http://www.google.com/support/a/bin/answer.py?answer=1631744 for their organization. Once Google+ is turned on, users will need to sign up at google.com/+ http://www.google.com/+ to get started. For customers who use Google Apps for Business or the free version of Google Apps and who have chosen to automatically enable new serviceshttp://www.google.com/support/a/bin/answer.py?answer=82691, Google+ will automatically become available to all of your users over the next several days. *Editions included:* Google Apps, Google Apps for Business, Government and Education* http://googleappsupdates.blogspot.com/2011/10/google-now-available-for-google-apps.html Now, do I toss the last 1.5 years of posts and use my apps domain, or stay as my gmail user account. Decisions, decisions... Methjinks history is the better part of valor, so I will stay using my gmail account. It would be cool if you could link them. -- steve pirk yensid father... the sleeper has awakened... paul atreides - dune kexp.org member august '09 - Google+ pirk.com
Re: Google+ now available for Google Apps domains
On Oct 27, 2011, at 6:32 PM, steve pirk [egrep] wrote: Y'all ragged on me because Google+ was only available to gmail users... Well, now you can enable it for your users from the control panel on your Google Apps domains... Google Apps administrators can manually turn on Google+http://www.google.com/support/a/bin/answer.py?answer=1631744 for their organization. Once Google+ is turned on, users will need to sign up at google.com/+ http://www.google.com/+ to get started. For customers who use Google Apps for Business or the free version of Google Apps and who have chosen to automatically enable new serviceshttp://www.google.com/support/a/bin/answer.py?answer=82691, Google+ will automatically become available to all of your users over the next several days. *Editions included:* Google Apps, Google Apps for Business, Government and Education* http://googleappsupdates.blogspot.com/2011/10/google-now-available-for-google-apps.html Now, do I toss the last 1.5 years of posts and use my apps domain, or stay as my gmail user account. Decisions, decisions... Methjinks history is the better part of valor, so I will stay using my gmail account. It would be cool if you could link them. From http://googleenterprise.blogspot.com/2011/10/google-is-now-available-with-google.html For those of you who’ve already started using Google+ with a personal Google Account and would prefer to use your Google Apps account, we’re building a migration tool to help you move over. With this tool, you won’t have to rebuild your circles, and people who’ve already added you to their circles will automatically be connected to your new profile. We expect this migration option to be ready in a few weeks, so if you’d like, you can go ahead and get started with your Apps account today and merge your connections once the tool is available. Once that tool is complete, you should be able to merge/migrate your gmail G+ account to your Google Apps account. You can already do so with most of the numerous other Google properties. Justin Seabrook-Rocha -- Xenith || xen...@xenith.org || http://xenith.org/ Jabber: xen...@xenith.org || AIM: JustinR98 signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Colocation providers and ACL requests
Christopher, This is pretty common policy. Not many datacenters of any size is going to act differently. If you don't purchase this service then you will not get the service. They may be willing work work with you on black-holing problem IPs though. This is pretty common, but don't expect a filtering package without purchasing it. James - Original Message - From: Christopher Pilkington c...@0x1.net To: NANOG mailing list nanog@nanog.org Sent: Tuesday, October 25, 2011 2:43:00 PM Subject: Colocation providers and ACL requests Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product? -cjp
Mexico?
If I want to get a block of IP's issued for a network within Mexico who do I talk with? I have been told arin does not cover Mexico. It was my understand arin covers North America. Cheers Ryan
Re: Mexico?
On Oct 28, 2011, at 3:24 AM, Ryan Finnesey wrote: If I want to get a block of IP's issued for a network within Mexico who do I talk with? I have been told arin does not cover Mexico. It was my understand arin covers North America. Hi Ryan - ARIN used to cover the entire global minus the RIPE NCC and APNIC regions. When LACNIC was formed, it made sense to have ARIN handle Canada and US from NA, and have LACNIC handle Mexico. Look into www.lacnic.net and also www.nic.mx (NIC Mexico) Thanks! /John John Curran President and CEO ARIN
Re: Mexico?
On 10/27/11 20:24 , Ryan Finnesey wrote: If I want to get a block of IP's issued for a network within Mexico who do I talk with? I have been told arin does not cover Mexico. It was my understand arin covers North America. mexico moved to the lacnic region with the formation of the lacnic rir. NIC mexico was deeply involved if not instrumental in the formation of lacnic. Cheers Ryan
RE: Need photographs of IT/Telecom gear/rooms
There are some fairly interesting photos of the Verizon CO that took a hit on 9/11 at http://www.slideshare.net/datacenters/verizon-contingency-planning-for-coop I recall far back in my memory some posts on this from a decade ago that pointed to some websites that had more photos. Was kind of surreal to see switch gear and open air in the same photo. EKG -Original Message- From: Drew Linsalata [mailto:drew.linsal...@gmail.com] Sent: Thursday, October 27, 2011 5:41 PM To: Mike Cc: nanog@nanog.org Subject: Re: Need photographs of IT/Telecom gear/rooms I did this at career day last spring for my daughter's fifth grade class. They were a bit young to get too deep into the nitty gritty, but they completely ate up the presentation and it was really gratifying to get notes and emails (all voluntarily sent) from some of the kids talking about how much they learned. All the kids love the Internet and using computers and other related gadgets, so I was a total hit. I'm sure you will be too. Enjoy the experience. On Thu, Oct 27, 2011 at 3:30 PM, Mike mike-na...@tiedyenetworks.com wrote: Greetings, I have been given the opportunity to teach the mechanics of the Internet to a group of 6 - 12'th grade students, .
Re: Outgoing SMTP Servers
On Thu, Oct 27, 2011 at 9:29 PM, Pete Carah p...@altadena.net wrote: On 10/27/2011 05:38 PM, valdis.kletni...@vt.edu wrote: On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: So... I'm in complete agreement with your statement, but The Wikipedia reference is not pertinent. For our purpose, the ownership of the commons in question truly isn't relevant; Pete, For our purpose, describing the Internet as a commons fundamentally misunderstands its nature. A commons is jointly owned, either by a non-trivial number of private owners or by all citizens of a government. For example, I own a 3/11,000ths share of a private road network. Those roads are a commons. The Internet is not jointly owned. You do not own a one seven billionth share of the network in my basement and I do not a own one seven billionth of yours. Rather, the Internet is a cooperative effort of the sole owners of its distinct individual pieces. As the owner of the network in my basement, it is my privilege alone to decide how you may and may not use it. The same goes for the respective owners of every other piece of the Internet. Nor is the data transiting these networks a commons. The air over my land is a commons. I don't control it. If I pollute it or if I don't, it promptly travels over someone else's land. According to intellectual property law, the data transiting the Internet is owned by its originator. That ownership does not change as the packets move between my network and yours. The point is, at every step with the Internet there is always a specific owner whose property is either being used with his permission or abused against his wishes. At no point is it a commons. You must understand the Internet's nature before you can properly consider my responsibility for the instructions passed from or through my network which direct the action of computers in yours. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Update Bogon Lists
Hi, We have been allocated the IP range: 101.0.64.0/18 And have had issues with 2 networks in regards to bogon filtering. It would be appreciated if everyone can remove it from their bogon lists. Regards, Ross Annetts Systems Administrator Digital Pacific http://www.digitalpacific.com.au - ph: 1300 694 678
Re: Update Bogon Lists
On Thu, Oct 27, 2011 at 11:49 PM, Ross Annetts ross.anne...@digitalpacific.com.au wrote: Hi, We have been allocated the IP range: 101.0.64.0/18 http://www.rfc-editor.org/queue.html#draft-ietf-grow-no-more-unallocated-slash8s (soon-to-be-released rfc about same) And have had issues with 2 networks in regards to bogon filtering. It would be appreciated if everyone can remove it from their bogon lists. Regards, Ross Annetts Systems Administrator Digital Pacific http://www.digitalpacific.com.au - ph: 1300 694 678
Re: Outgoing SMTP Servers
On 10/28/2011 5:44 AM, William Herrin wrote: A commons is jointly owned, either by a non-trivial number of private owners or by all citizens of a government. The practical use of the term is a bit broader: http://en.wikipedia.org/wiki/Commons As rule, the term gets applied to situations of fate-sharing when actions by some affect utility for many. You cited air pollution. The Internet can suffer comparable effects. Spam can reasonably be called pollution and it has a systemic effect on all users. For such an issue, it's reasonable and even helpful to view it as a commons. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: Mexico?
Hi Ryan...well, a late response, but actually you should take a look in the www.lacnic.net (Latin-america's RIR) and www.nic.mx (Network Information Center of Mexico) webpages and contact someone there to get all the information you need in order to obtain a IP addresses block. Regards If I want to get a block of IP's issued for a network within Mexico who do I talk with? I have been told arin does not cover Mexico. It was my understand arin covers North America. -- Daniel Espejel Pérez Técnico Académico D.G.T.I.C. - U.N.A.M. GT-IPv6 CLARA / GT-IPv6 U.N.A.M.
Re: Outgoing SMTP Servers
On Thu, Oct 27, 2011 at 11:59 PM, Dave CROCKER d...@dcrocker.net wrote: On 10/28/2011 5:44 AM, William Herrin wrote: A commons is jointly owned, either by a non-trivial number of private owners or by all citizens of a government. The practical use of the term is a bit broader: http://en.wikipedia.org/wiki/Commons As rule, the term gets applied to situations of fate-sharing when actions by some affect utility for many. You cited air pollution. The Internet can suffer comparable effects. Spam can reasonably be called pollution and it has a systemic effect on all users. For such an issue, it's reasonable and even helpful to view it as a commons. Dave, I respectfully disagree. If you throw pollution into the air, it may eventually impact me or it may blow somewhere else. Mostly it'll blow somewhere else. But as lots of people throw pollution into the air, some non-trivial portion of that pollution will drift over me. This is the so-called tragedy. By contrast, if you send me spam email, you are directly abusing my computer. The linkage is not at all amorphous. You send to me. I receive from you. There is no all world or local area destination. If you send without some specific pointer in my direction, I won't receive it. Ever. Imagining spam as a tragedy of the commons disguises its true nature as a massive quantity of one-on-one abuses of individual owners' computers. Worse, it forgives the owners of the intermediate networks for shrugging their shoulders and turning a blind eye to the abusers. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Outgoing SMTP Servers
Email as facility is a public good whether it constitutes a commons or not... If wasn't you wouldn't bother putting up a server that would accept unsolicited incoming connections on behalf of yourself and others, doing so is generically non-rival and non-excludable although not perfectly so in either case (what public good is). On 10/27/11 21:26 , William Herrin wrote: On Thu, Oct 27, 2011 at 11:59 PM, Dave CROCKER d...@dcrocker.net wrote: On 10/28/2011 5:44 AM, William Herrin wrote: A commons is jointly owned, either by a non-trivial number of private owners or by all citizens of a government. The practical use of the term is a bit broader: http://en.wikipedia.org/wiki/Commons As rule, the term gets applied to situations of fate-sharing when actions by some affect utility for many. You cited air pollution. The Internet can suffer comparable effects. Spam can reasonably be called pollution and it has a systemic effect on all users. For such an issue, it's reasonable and even helpful to view it as a commons. Dave, I respectfully disagree. If you throw pollution into the air, it may eventually impact me or it may blow somewhere else. Mostly it'll blow somewhere else. But as lots of people throw pollution into the air, some non-trivial portion of that pollution will drift over me. This is the so-called tragedy. By contrast, if you send me spam email, you are directly abusing my computer. The linkage is not at all amorphous. You send to me. I receive from you. There is no all world or local area destination. If you send without some specific pointer in my direction, I won't receive it. Ever. Imagining spam as a tragedy of the commons disguises its true nature as a massive quantity of one-on-one abuses of individual owners' computers. Worse, it forgives the owners of the intermediate networks for shrugging their shoulders and turning a blind eye to the abusers. Regards, Bill Herrin