Re: Muni fiber: L1 or L2?

[Owen DeLong]

On Jan 31, 2013, at 19:21 , Scott Helms  wrote:

> Fletcher nailed it, if you want the architecture you're describing then you 
> simply don't want PON.  Its built around lower cost and a big part of that 
> lower cost is minimizing the fiber costs by serving splitters (and thus many 
> homes) from a single fiber that back hauls to the CO.  The other reason PON 
> won't work for what you want is the splitters are passive and completely 
> static in their operation.  Here's an image of one that may make this clearer:
> 
> http://media.wholesale-electrical-electronics.com/product/imgage/Electrical&Electronics/2010101220/6dc7c82d59d9fd931bfba560a3e85031.jpg
> 

I know what a splitter is and how they work. I understand PON really quite a 
bit better than you imagine I do.

Bottom line, you've got OLT -> FIBER(of length n) -> splitter -> fiber-drops to 
each house -> ONT.

All I'm proposing is making n really short and making "fiber-drops to each 
house" really long.
I'm not proposing changing the fundamental architecture. Yes, I recognize this 
changes the economics and may well make PON less attractive than other 
alternatives. I don't care. That's not a primary concern. The question is "can 
PON be made to work in this environment?" It appears to me that it can.

It will work as I've described, but, yes, it's very suboptimal from a cost 
perspective if your only goal is to deploy PON for a single provider.

If, OTOH, your goal is to have a fiber infrastructure in the neighborhoods that 
can support a multitude of possible services of which PON from a number of 
providers is just one such possible service, then, the PON operators can, in 
fact, install in the MMR and do the splitting at the MMR end of the subscriber 
fiber with home-runs from the MMR to each home.

True, PON is probably not the best technology fit for this. Ethernet probably 
makes more sense in most cases. However, if you have providers that do PON 
everywhere else and they don't want to support "exception equipment" for your 
facility, then it allows them to install PON just like their other deployments, 
only the splitter is next to the OLT instead of out near a collection of ONTs.

> If you have to either run several (or more) fibers to a neighborhood or have 
> managed neighborhood elements then you've simply destroyed the use case for 
> PON.  Luckily this use case matches pretty exactly for Ethernet, but you must 
> do your wholesale play at layer 2 IMO to work economically.
> 

I disagree.  If you have home-run fiber to a large bank of patch panels in an 
MMR that can serve a ~8km radius of subscribers and providers can colocate 
whatever L2+ equipment they want to in said MMR with said fibers available for 
lease on equal footing to all providers, then the providers can deploy whatever 
makes the most sense to them whether that's SONET, Ethernet, PON, or optical 
tin cans over your fiber-string.

Yes, this is more expensive for the fiber deployment than running FTTH from the 
local BBox and having splitters in the BBox, but if it's being done 
intelligently, especially in areas of greenfield deployment, then it doesn't 
have to be a lot more expensive.

I get roughly 201 Sq. Km. as the area of an 8km radius circle (For the 
metrically challenged, that's roughly 77 Sq. Mi. or an area a little larger 
than Washington DC (68.3 sq. mi according to wikipedia).

If you're willing to require more expensive optics, you could go to a larger 
area served to accommodate lower population densities and for higher density 
areas, it might make economic sense to make the service radius smaller and have 
more centers. I don't know what the economically ideal subscriber volume per 
center would be. That would have to be calculated.

Owen

> 
> On Thu, Jan 31, 2013 at 6:28 PM, Owen DeLong  wrote:
> 
> On Jan 31, 2013, at 13:57 , Fletcher Kittredge  wrote:
> 
>> 
>> 
>> 
>> On Thu, Jan 31, 2013 at 4:36 PM, Owen DeLong  wrote:
>> If you have an MMR where all of the customers come together, then you
>> can cross-connect all of $PROVIDER_1's customers to a splitter provided
>> by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
>> a splitter provided by $PROVIDER_2, etc.
>> 
>> If the splitter is out in the neighborhood, then $PROVIDER_1 and $PROVIDER_2
>> and... all need to build out to every neighborhood.
>> 
>> If you have the splitter next to the PON gear instead of next to the 
>> subscribers,
>> then you remove the relevance of the inability to connect a splitter to 
>> multiple
>> OLTs. The splitter becomes the provider interface to the open fiber plant
>> 
>> Owen;
>> 
>> Interesting.   Do you then lose the cost advantage because you need home run 
>> fiber back to the MMR?   Do you have examples of plants built with this 
>> architecture (I know of one such plant, but I am hoping you will turn up 
>> more examples.)
>> 
> 
> I don't know of any. Yes, it would eliminate part of the theoretical cost 
> savings of the PON architectur

Re: Muni fiber: L1 or L2?

[Dan Armstrong]

I don't have specific data to point you to.  I am speaking from my experience, 
in large cities.  Totally different story in rural or suburban areas.

In general, if a municipality builds an L1 or L2 network it removes so many 
barriers of competition  that  many idiots get into the business.   The 
consumer ends up suffering, because the market is overwhelmed with inferior 
products.  The few that do things 'right' get lost in the sea of bottom feeders 
looking for a quick buck.   Unlike a hamburger, or a t-shirt - telecom is a 
complex product that most consumers are unable to appreciate the details of.  
They aren't going to educate themselves on the nuances of quality, so the 
people offering a better product have no way of getting ahead in this 
near-perfect competitive situation.

A city government benefits from economic prosperity, which comes from 
businesses within it's boundaries being prosperous.  Access to great telecom 
services is one factor in that prosperity.  That is the business model for a 
municipality to want good telecom.  

A municipality can lease out conduits, for a small fee - there is still a 
reasonable barrier to entry.  People have to pull cable, splice it, manage it, 
light it, sell it, and do all the stuff a telco has to do before they receive 
revenue.  This filters out (most) of the opportunists… but makes it easy enough 
for entrepreneurs with a great idea to get started without having to come up 
with billions of $ in capital to open-trench the streets in the entire city.   
In the case of a growing municipality, if they play their cards right they can 
pay for the entire conduit system from development fees collected from land or 
re-zoning deals, which furthers the virtuous circle of growth.









On 2013-01-31, at 10:18 PM, Eric Brunner-Williams  wrote:

> On 1/31/13 6:28 PM, Dan Armstrong wrote:
>> But the most successful municipal undertaking to support telecom I have ever 
>> seen is a municipally owned conduit system…. 
> 
> Could you be a bit more specific? What is the muni, and where can the
> business model data be found?
> 
> Also, what was the muni's ROW compensation prior to doing the
> right-of-way buildout, and after?
> 
> Eric
> 
> 

Re: Muni fiber: L1 or L2?

[Scott Helms]

Fletcher nailed it, if you want the architecture you're describing then you
simply don't want PON.  Its built around lower cost and a big part of that
lower cost is minimizing the fiber costs by serving splitters (and thus
many homes) from a single fiber that back hauls to the CO.  The other
reason PON won't work for what you want is the splitters are passive and
completely static in their operation.  Here's an image of one that may make
this clearer:

http://media.wholesale-electrical-electronics.com/product/imgage/Electrical&Electronics/2010101220/6dc7c82d59d9fd931bfba560a3e85031.jpg

If you have to either run several (or more) fibers to a neighborhood or
have managed neighborhood elements then you've simply destroyed the use
case for PON.  Luckily this use case matches pretty exactly for Ethernet,
but you must do your wholesale play at layer 2 IMO to work economically.


On Thu, Jan 31, 2013 at 6:28 PM, Owen DeLong  wrote:

>
> On Jan 31, 2013, at 13:57 , Fletcher Kittredge  wrote:
>
>
>
>
> On Thu, Jan 31, 2013 at 4:36 PM, Owen DeLong  wrote:
>
>> If you have an MMR where all of the customers come together, then you
>> can cross-connect all of $PROVIDER_1's customers to a splitter provided
>> by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
>> a splitter provided by $PROVIDER_2, etc.
>>
>> If the splitter is out in the neighborhood, then $PROVIDER_1 and
>> $PROVIDER_2
>> and... all need to build out to every neighborhood.
>>
>> If you have the splitter next to the PON gear instead of next to the
>> subscribers,
>> then you remove the relevance of the inability to connect a splitter to
>> multiple
>> OLTs. The splitter becomes the provider interface to the open fiber plant
>
>
> Owen;
>
> Interesting.   Do you then lose the cost advantage because you need home
> run fiber back to the MMR?   Do you have examples of plants built with this
> architecture (I know of one such plant, but I am hoping you will turn up
> more examples.)
>
>
> I don't know of any. Yes, it would eliminate part of the theoretical cost
> savings of the PON architecture, but the point is that it would provide a
> technology agnostic last mile infrastructure that could easily be used by
> multiple competing providers and would not prevent a provider from using
> PON if they chose to do so for other reasons.
>
> Owen
>
>


-- 
Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: Muni fiber: L1 or L2?

[Eric Brunner-Williams]

On 1/31/13 6:28 PM, Dan Armstrong wrote:
> But the most successful municipal undertaking to support telecom I have ever 
> seen is a municipally owned conduit system…. 

Could you be a bit more specific? What is the muni, and where can the
business model data be found?

Also, what was the muni's ROW compensation prior to doing the
right-of-way buildout, and after?

Eric

Re: Ddos mitigation service

[Ameen Pishdadi]

Hi Matt ,

Are you still looking for ddos protection? 

Thanks,
Ameen Pishdadi


On Jan 31, 2013, at 12:13 PM, matt kelly  wrote:

> Can anyone recommended ddos mitigation companies with US east coast
> presence that provide the services via bgp?  We are not interested in an
> appliance but rather offloading the traffic.
> 
> Thanks.

Re: Muni fiber: L1 or L2?

[Dan Armstrong]

Sorry for jumping into this discussion so late…. and I apologize if this has 
already been talked about (this has been a long thread)

But the most successful municipal undertaking to support telecom I have ever 
seen is a municipally owned conduit system….  Any infrastructure L1, L2, or 
anything is too complex to be commercially viable if owned by one entity.  

Putting everybody on a level playing field removes the value from everybody, 
and therefore removes the commercial interest to DO anything, so nothing 
happens.

Unless somebody is able to build a product that everybody can't just have 
without any obstacles, nobody is going to do anything, and we end up with 
nothing.

A city owned conduit system is the best balance between fairness for the 
consumer, and supporting a competitive environment for service providers to 
offer something John Q public can't get on his own.




On 2013-01-31, at 9:10 PM, Owen DeLong  wrote:

> 
> On Jan 31, 2013, at 5:08 PM, Ray Soucy  wrote:
> 
>>> 1.  Must sell dark fiber to any purchaser.
>>> 2.  Must sell dark fiber to all purchasers on equal terms.
>>>   (There must be a published price list and there cannot be deviations
>>>   from that price list. If the price list is modified, existing 
>>> customers
>>>   receive the new pricing at the beginning of their next billing cycle.)
>>> 3.  May provide value-added L2 services
>>> 4.  If L2 services are provided, they are also subject to rule 2.
>>> 5.  May not sell L3 or higher level services.
>>> 6.  May not hold ownership or build any form of alliance or affiliation 
>>> with
>>>   a provider of L3 or higher level services.
>> 
>> I think rule #3 is the kind of thing that sounds like a good idea, but
>> ends up being abused in practice.
>> 
> 
> Certainly without rule 4, yes. However, with rules 4,5,6, I think that
> overcomes most of the issues that result from rule 3.
> 
> If you don't have rule 3, there are a lot of areas where it simply won't
> be cost effective for ANYONE to come to the MMR and thus you don't get
> any benefit.
> 
>> My personal view is that you really want that separation in place.
>> You don't want a situation where the dark fiber provider gives
>> priority to their L2 outages and get's around to their competitors
>> later.
>> 
> 
> Ideally, I agree with you, but to cover all cases, you also have to make
> sure that you have some set of L2 providers before you can do that.
> 
> Further, I'm suggesting that the natural place for this in most cases
> is to be operated by the muni not a business.
> 
>> Businesses are in the business of profit.  Nothing wrong with that,
>> but if you want it to be a fair playing field you need to avoid this
>> kind of conflict of interest.
> 
> Agreed.
> 
>> We've seen the same behavior with ILECs and small ISPs.  They were
>> required to open up their network to competing ISPs, but did
>> everything they could to make it as difficult as possible.  You really
>> want to create a situation where that temptation isn't even there.
> 
> Except this kind of chicanery has always involved L3+ services in the past.
> 
>> We've also seen that when left up to the private sector even last-mile
>> solutions suffer from the same cherry-picking of "profitable"
>> locations to service: example would be an apartment complex having
>> fiber delivered vs. a house next door not having fiber delivered.  You
>> can't really blame the private sector for it, but if you want the idea
>> of FTTH to be a universal service, you really need to apply the public
>> utility model to it.
> 
> Yep.
> 
> Owen
> 
> 

Re: Muni fiber: L1 or L2?

[Owen DeLong]

On Jan 31, 2013, at 5:08 PM, Ray Soucy  wrote:

>> 1.  Must sell dark fiber to any purchaser.
>> 2.  Must sell dark fiber to all purchasers on equal terms.
>>(There must be a published price list and there cannot be deviations
>>from that price list. If the price list is modified, existing 
>> customers
>>receive the new pricing at the beginning of their next billing cycle.)
>> 3.  May provide value-added L2 services
>> 4.  If L2 services are provided, they are also subject to rule 2.
>> 5.  May not sell L3 or higher level services.
>> 6.  May not hold ownership or build any form of alliance or affiliation 
>> with
>>a provider of L3 or higher level services.
> 
> I think rule #3 is the kind of thing that sounds like a good idea, but
> ends up being abused in practice.
> 

Certainly without rule 4, yes. However, with rules 4,5,6, I think that
overcomes most of the issues that result from rule 3.

If you don't have rule 3, there are a lot of areas where it simply won't
be cost effective for ANYONE to come to the MMR and thus you don't get
any benefit.

> My personal view is that you really want that separation in place.
> You don't want a situation where the dark fiber provider gives
> priority to their L2 outages and get's around to their competitors
> later.
> 

Ideally, I agree with you, but to cover all cases, you also have to make
sure that you have some set of L2 providers before you can do that.

Further, I'm suggesting that the natural place for this in most cases
is to be operated by the muni not a business.

> Businesses are in the business of profit.  Nothing wrong with that,
> but if you want it to be a fair playing field you need to avoid this
> kind of conflict of interest.

Agreed.

> We've seen the same behavior with ILECs and small ISPs.  They were
> required to open up their network to competing ISPs, but did
> everything they could to make it as difficult as possible.  You really
> want to create a situation where that temptation isn't even there.

Except this kind of chicanery has always involved L3+ services in the past.

> We've also seen that when left up to the private sector even last-mile
> solutions suffer from the same cherry-picking of "profitable"
> locations to service: example would be an apartment complex having
> fiber delivered vs. a house next door not having fiber delivered.  You
> can't really blame the private sector for it, but if you want the idea
> of FTTH to be a universal service, you really need to apply the public
> utility model to it.

Yep.

Owen

Re: Muni fiber: L1 or L2?

[Owen DeLong]

On Jan 31, 2013, at 4:36 PM, Brandon Butterworth  wrote:

>> I'm saying you put the splitter next to the OLT and then
>> run multiple fibers from there to the subscribers IN THE MMR
> 
> That's the way I'd expect it to be done if planning ahead,
> GPON is today technology and new things always come
> 
> I can see why they don't do this though
> 
> 1. reduced build cost today - smaller MMR, fewer fibres to the
> roadside.

Tradeoff: It only works for one provider and a competitive provider
has to put in their own full build of fiber.

> 
> 2. gpon makes it harder for competing unbundlers to get share
> in your investment
> 

Which is why this whole discussion is about ways to implement
an MMR and take the L1 out of the service provider picture and
make it an independent municipal service.

> 3. no home run fibres means no competitors running their own
> GPON or Ethernet. Why invest in making it easier for the
> competition
> 

The point here is to eliminate that problem. Thank you for making
my point.

Owen

Re: Muni fiber: L1 or L2?

[Ray Soucy]

> 1.  Must sell dark fiber to any purchaser.
> 2.  Must sell dark fiber to all purchasers on equal terms.
> (There must be a published price list and there cannot be deviations
> from that price list. If the price list is modified, existing 
> customers
> receive the new pricing at the beginning of their next billing cycle.)
> 3.  May provide value-added L2 services
> 4.  If L2 services are provided, they are also subject to rule 2.
> 5.  May not sell L3 or higher level services.
> 6.  May not hold ownership or build any form of alliance or affiliation 
> with
> a provider of L3 or higher level services.

I think rule #3 is the kind of thing that sounds like a good idea, but
ends up being abused in practice.

My personal view is that you really want that separation in place.
You don't want a situation where the dark fiber provider gives
priority to their L2 outages and get's around to their competitors
later.

Businesses are in the business of profit.  Nothing wrong with that,
but if you want it to be a fair playing field you need to avoid this
kind of conflict of interest.

We've seen the same behavior with ILECs and small ISPs.  They were
required to open up their network to competing ISPs, but did
everything they could to make it as difficult as possible.  You really
want to create a situation where that temptation isn't even there.

We've also seen that when left up to the private sector even last-mile
solutions suffer from the same cherry-picking of "profitable"
locations to service: example would be an apartment complex having
fiber delivered vs. a house next door not having fiber delivered.  You
can't really blame the private sector for it, but if you want the idea
of FTTH to be a universal service, you really need to apply the public
utility model to it.




P.S.Fletcher Kittredge is the "private" side of the public-private
partnership that made Maine Fiber Company possible and deserves at
least 50% of the credit if not more (Google him).  Great to see him
on-list.

P.P.S. I should also note that my boss, Jeff, would be the "public"
side of that, and he isn't quite on board with my position on
extending FTTH as a public utility.  He still has faith in the private
sector to take care of it.  ;-)  I mostly stand on the sidelines and
provide commentary, I'm not suited for the level of political
involvement it actually takes to make the magic happen.

-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

Re: Muni fiber: L1 or L2?

[Brandon Butterworth]

> I'm saying you put the splitter next to the OLT and then
> run multiple fibers from there to the subscribers IN THE MMR

That's the way I'd expect it to be done if planning ahead,
GPON is today technology and new things always come

I can see why they don't do this though

1. reduced build cost today - smaller MMR, fewer fibres to the
roadside.

2. gpon makes it harder for competing unbundlers to get share
in your investment

3. no home run fibres means no competitors running their own
GPON or Ethernet. Why invest in making it easier for the
competition

brandon

Re: Muni fiber: L1 or L2?

[Jean-Francois Mezei]

On 13-01-31 17:04, Scott Helms wrote:

> switch you can VLAN.  One fiber goes to the splitter on the provider side
> and then from there it splits into 8/16/32/64 connections that go to
> customers.  You can't exchange one of the customer side ports to make
> another provider interface. 


Actually you can.

Say you have 3 ISPs service a neighbouhood. 3 separate OLTs. Each with 1
line going to the "connect to customers room".

So in that room, you have say 100 fibres serving 100 homes. You have the
3 lines that come from the 3 OLTs, and splitter 1, splitter 2, splitter
3 attached to each of those lines from OLTs.

If I am home #57 and I want to be with ISP#2, then they will patch fibre
strand #57 into splitter #2.

You could theoretically have the splitters at the neighbouhood too. 3
splitters in the box, and when a customer subiscribes, its link is
attached to whcihever splitter is associated with the ISP.

HOWEVER:

This means that each ISP need to have an OLT in the MMR premises, buy
their own 32 way splitter etc.  An ISP will be losing mega money at
first because the initial investment will be grossly underused.

If you have a single FTTH plant with single OLT that is shared, then new
ISPs can easily add one or 2 customers in a neighbouhood using existing
infrastructure ad contributing their fair share of the cost of the
shared OLT.

And this makes it much easier  for a small ISP to serve a larger region
(and hence raise chances of growing and gaining enough customers to be
viable)

Canada went through this "facilities based" debate in 2009-2010 and the
CRTC's decision was quite clear. Their mandate was to go facilities
based (where small ISPs would put their own equipment in CO and in
neighbouhoods), but the process clearly showed it was not a viable
solution to enable small ISPs to grow sufficiently to provide real
competition to the incumbents. So the CRTC rules that incumbents had to
continue to share not only the very last mile, but also aggregation
networks to enable a viable competitive environment that spanned the
incumbent's whoe territory instead of small pockets where there might be
competition (small pockets being down to single multi dwelling units for
instance).

Re: Muni fiber: L1 or L2?

[Owen DeLong]

On Jan 31, 2013, at 13:57 , Fletcher Kittredge  wrote:

> 
> 
> 
> On Thu, Jan 31, 2013 at 4:36 PM, Owen DeLong  wrote:
> If you have an MMR where all of the customers come together, then you
> can cross-connect all of $PROVIDER_1's customers to a splitter provided
> by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
> a splitter provided by $PROVIDER_2, etc.
> 
> If the splitter is out in the neighborhood, then $PROVIDER_1 and $PROVIDER_2
> and... all need to build out to every neighborhood.
> 
> If you have the splitter next to the PON gear instead of next to the 
> subscribers,
> then you remove the relevance of the inability to connect a splitter to 
> multiple
> OLTs. The splitter becomes the provider interface to the open fiber plant
> 
> Owen;
> 
> Interesting.   Do you then lose the cost advantage because you need home run 
> fiber back to the MMR?   Do you have examples of plants built with this 
> architecture (I know of one such plant, but I am hoping you will turn up more 
> examples.)
> 

I don't know of any. Yes, it would eliminate part of the theoretical cost 
savings of the PON architecture, but the point is that it would provide a 
technology agnostic last mile infrastructure that could easily be used by 
multiple competing providers and would not prevent a provider from using PON if 
they chose to do so for other reasons.

Owen

Re: Muni fiber: L1 or L2?

[Owen DeLong]

Scott,

Respectfully, you appear to be misinterpreting what I am saying.

I'm saying you put the splitter next to the OLT and then run multiple fibers 
from there to the subscribers IN THE MMR.
Each provider has their own splitters and OLTs, but all the splitters are in 
the MMR and the customers have home
run fiber to the MMR.

In other words:

OLT->SPLITTER->XC to customer port in MMR->Last mile 
infrastructure->ONT->Customer.
instead of the traditional
OLT->Last mile infrastructure->Splitter->ONT->Customer.

All I'm doing is moving the location of the split closer to the OLT and making 
the customer fiber run
longer.

I'm not proposing multiple providers sharing a splitter. I'm proposing longer 
customer runs to the
splitter and putting all of the splitters from all of the providers in the same 
room.

Owen

On Jan 31, 2013, at 14:04 , Scott Helms  wrote:

> Owen,
> 
> Respectfully, it doesn't work that way.  You have to understand that the 
> splitter is a specific part of the PON architecture and they don't have 
> multiple outputs to connect to several OLTs like a patch panel or even a 
> switch you can VLAN.  One fiber goes to the splitter on the provider side and 
> then from there it splits into 8/16/32/64 connections that go to customers.  
> You can't exchange one of the customer side ports to make another provider 
> interface.  That's not to say you couldn't build a splitter to do just that, 
> but to do that you have to get the vendors on board and currently they simply 
> aren't nor are the people who build PON networks asking for that feature.  
> You also have to deal with the mechanics of turning up the port, ie deciding 
> which OLT to send that color to, which kind of kills the passive part of PON.
> 
> 
> On Thu, Jan 31, 2013 at 4:36 PM, Owen DeLong  wrote:
> 
> On Jan 31, 2013, at 13:27 , Scott Helms  wrote:
> 
>> Owen,
>> 
>> You can't share access from one splitter to multiple OLTs so the location of 
>> the splitter isn't important.  AFAIK there is simply no concept for that 
>> idea in any of the PON specs and its certainly not something that 
>> Calix/Adtran/Zhone/Alcatel/$gear_maker are building right now.  For that 
>> matter I can't think of a single piece of gear beyond DWDM/CWDM that 
>> actually operates are layer 1 to allow that kind of split and then its very 
>> limited in terms of the channels available and not suitable for the kind of 
>> deployment I think you're describing.
>> 
> 
> 
> Sure it is...
> 
> If you have an MMR where all of the customers come together, then you
> can cross-connect all of $PROVIDER_1's customers to a splitter provided
> by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
> a splitter provided by $PROVIDER_2, etc.
> 
> If the splitter is out in the neighborhood, then $PROVIDER_1 and $PROVIDER_2
> and... all need to build out to every neighborhood.
> 
> If you have the splitter next to the PON gear instead of next to the 
> subscribers,
> then you remove the relevance of the inability to connect a splitter to 
> multiple
> OLTs. The splitter becomes the provider interface to the open fiber plant.
> 
> Owen
> 
>> 
>> On Thu, Jan 31, 2013 at 4:15 PM, Owen DeLong  wrote:
>> That's why I'm not advocating for open access, I'm advocating for L1/L2 
>> provider
>> separation and a requirement that the L1 access itself be open.
>> 
>> I have yet to get a firm answer, but as I understand PON, it doesn't 
>> actually matter
>> so much whether you put the splitter/combiner in an MMR or near the CPE.
>> Obviously, most of the "economy" of PON comes from putting the splitter near
>> the subscriber, but so does the loss of open access at L1.
>> 
>> OTOH, if you build out fiber from a city or neighborhood or whatever to an
>> independent MMR, I don't believe there's any reason you couldn't 
>> cross-connect
>> various users home-run fibers to splitter/combiners inside the MMR and then
>> run that to a PON system (if you really wanted to for some reason).
>> 
>> Owen
>> 
>> On Jan 31, 2013, at 12:45 , Scott Helms  wrote:
>> 
>>> Owen,
>>> 
>>> The short answer is that you don't today and it will be a long time (if 
>>> ever) before its feasible.  Europe is commonly held up as an example of an 
>>> area where open access works and if you stick to DSL networks that's true.  
>>> The problem is that the DSL networks (by and large) in Europe aren't 
>>> expanding and are being overtaken by FTTx and to a lesser extent DOCSIS.  
>>> The reasons why this is so can be debated, but it is definitely happening 
>>> and given that trend there is very little incentive for the equipment 
>>> manufacturers and protocol groups to build in open access as a core part of 
>>> their design as it was in DSL, especially with PPPoX authentication.  
>>> 
>>> Now, once networks get to purely active Ethernet things get more simple 
>>> technically, after all you easily do QinQ tagging, but there has been 
>>> little movement even in regulation tolerant Europe to forc

Re: Muni fiber: L1 or L2?

[Scott Helms]

Owen,

Respectfully, it doesn't work that way.  You have to understand that the
splitter is a specific part of the PON architecture and they don't have
multiple outputs to connect to several OLTs like a patch panel or even a
switch you can VLAN.  One fiber goes to the splitter on the provider side
and then from there it splits into 8/16/32/64 connections that go to
customers.  You can't exchange one of the customer side ports to make
another provider interface.  That's not to say you couldn't build a
splitter to do just that, but to do that you have to get the vendors on
board and currently they simply aren't nor are the people who build PON
networks asking for that feature.  You also have to deal with the mechanics
of turning up the port, ie deciding which OLT to send that color to, which
kind of kills the passive part of PON.


On Thu, Jan 31, 2013 at 4:36 PM, Owen DeLong  wrote:

>
> On Jan 31, 2013, at 13:27 , Scott Helms  wrote:
>
> Owen,
>
> You can't share access from one splitter to multiple OLTs so the location
> of the splitter isn't important.  AFAIK there is simply no concept for that
> idea in any of the PON specs and its certainly not something that
> Calix/Adtran/Zhone/Alcatel/$gear_maker are building right now.  For that
> matter I can't think of a single piece of gear beyond DWDM/CWDM that
> actually operates are layer 1 to allow that kind of split and then its very
> limited in terms of the channels available and not suitable for the kind of
> deployment I think you're describing.
>
>
>
> Sure it is...
>
> If you have an MMR where all of the customers come together, then you
> can cross-connect all of $PROVIDER_1's customers to a splitter provided
> by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
> a splitter provided by $PROVIDER_2, etc.
>
> If the splitter is out in the neighborhood, then $PROVIDER_1 and
> $PROVIDER_2
> and... all need to build out to every neighborhood.
>
> If you have the splitter next to the PON gear instead of next to the
> subscribers,
> then you remove the relevance of the inability to connect a splitter to
> multiple
> OLTs. The splitter becomes the provider interface to the open fiber plant.
>
> Owen
>
>
> On Thu, Jan 31, 2013 at 4:15 PM, Owen DeLong  wrote:
>
>> That's why I'm not advocating for open access, I'm advocating for L1/L2
>> provider
>> separation and a requirement that the L1 access itself be open.
>>
>> I have yet to get a firm answer, but as I understand PON, it doesn't
>> actually matter
>> so much whether you put the splitter/combiner in an MMR or near the CPE.
>> Obviously, most of the "economy" of PON comes from putting the splitter
>> near
>> the subscriber, but so does the loss of open access at L1.
>>
>> OTOH, if you build out fiber from a city or neighborhood or whatever to an
>> independent MMR, I don't believe there's any reason you couldn't
>> cross-connect
>> various users home-run fibers to splitter/combiners inside the MMR and
>> then
>> run that to a PON system (if you really wanted to for some reason).
>>
>> Owen
>>
>> On Jan 31, 2013, at 12:45 , Scott Helms  wrote:
>>
>> Owen,
>>
>> The short answer is that you don't today and it will be a long time (if
>> ever) before its feasible.  Europe is commonly held up as an example of an
>> area where open access works and if you stick to DSL networks that's true.
>>  The problem is that the DSL networks (by and large) in Europe aren't
>> expanding and are being overtaken by FTTx and to a lesser extent DOCSIS.
>>  The reasons why this is so can be debated, but it is definitely happening
>> and given that trend there is very little incentive for the equipment
>> manufacturers and protocol groups to build in open access as a core part of
>> their design as it was in DSL, especially with PPPoX authentication.
>>
>> Now, once networks get to purely active Ethernet things get more simple
>> technically, after all you easily do QinQ tagging, but there has been
>> little movement even in regulation tolerant Europe to force operators to
>> open up and its much less likely to happen here in the US.  Whats more many
>> of the FTTx builds aren't Ethernet today and doing open access on any
>> flavor of PON is so painful operationally that it simply won't happen.
>>
>>
>> On Thu, Jan 31, 2013 at 3:31 PM, Owen DeLong  wrote:
>>
>>>
>>> On Jan 31, 2013, at 07:07 , Ray Soucy  wrote:
>>>
>>> > Late to the conversation, but I'll chime in that we established a
>>> > model in Maine that is working pretty well, at least for middle-mile
>>> > fiber.
>>> >
>>> > When we started building out MaineREN (our RON) we decided that having
>>> > the University own the fiber would tie it up in political red tape.
>>> > So much so that it would ultimately not be made available to the
>>> > private sector (because incumbents would accuse us of competing with
>>> > them using public funds).  We knew this because we had already spent a
>>> > year in the legislature fighting off industry lobbyists.
>>> >
>

Re: Muni fiber: L1 or L2?

[Fletcher Kittredge]

On Thu, Jan 31, 2013 at 4:36 PM, Owen DeLong  wrote:

> If you have an MMR where all of the customers come together, then you
> can cross-connect all of $PROVIDER_1's customers to a splitter provided
> by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
> a splitter provided by $PROVIDER_2, etc.
>
> If the splitter is out in the neighborhood, then $PROVIDER_1 and
> $PROVIDER_2
> and... all need to build out to every neighborhood.
>
> If you have the splitter next to the PON gear instead of next to the
> subscribers,
> then you remove the relevance of the inability to connect a splitter to
> multiple
> OLTs. The splitter becomes the provider interface to the open fiber plant


Owen;

Interesting.   Do you then lose the cost advantage because you need home
run fiber back to the MMR?   Do you have examples of plants built with this
architecture (I know of one such plant, but I am hoping you will turn up
more examples.)

regards,
Fletcher
-- 
Fletcher Kittredge
GWI
8 Pomerleau Street
Biddeford, ME 04005-9457
207-602-1134

Re: Muni fiber: L1 or L2?

[Owen DeLong]

On Jan 31, 2013, at 13:27 , Scott Helms  wrote:

> Owen,
> 
> You can't share access from one splitter to multiple OLTs so the location of 
> the splitter isn't important.  AFAIK there is simply no concept for that idea 
> in any of the PON specs and its certainly not something that 
> Calix/Adtran/Zhone/Alcatel/$gear_maker are building right now.  For that 
> matter I can't think of a single piece of gear beyond DWDM/CWDM that actually 
> operates are layer 1 to allow that kind of split and then its very limited in 
> terms of the channels available and not suitable for the kind of deployment I 
> think you're describing.
> 


Sure it is...

If you have an MMR where all of the customers come together, then you
can cross-connect all of $PROVIDER_1's customers to a splitter provided
by $PROVIDER_1 and cross connect all of $PROVIDER_2's customers to
a splitter provided by $PROVIDER_2, etc.

If the splitter is out in the neighborhood, then $PROVIDER_1 and $PROVIDER_2
and... all need to build out to every neighborhood.

If you have the splitter next to the PON gear instead of next to the 
subscribers,
then you remove the relevance of the inability to connect a splitter to multiple
OLTs. The splitter becomes the provider interface to the open fiber plant.

Owen

> 
> On Thu, Jan 31, 2013 at 4:15 PM, Owen DeLong  wrote:
> That's why I'm not advocating for open access, I'm advocating for L1/L2 
> provider
> separation and a requirement that the L1 access itself be open.
> 
> I have yet to get a firm answer, but as I understand PON, it doesn't actually 
> matter
> so much whether you put the splitter/combiner in an MMR or near the CPE.
> Obviously, most of the "economy" of PON comes from putting the splitter near
> the subscriber, but so does the loss of open access at L1.
> 
> OTOH, if you build out fiber from a city or neighborhood or whatever to an
> independent MMR, I don't believe there's any reason you couldn't cross-connect
> various users home-run fibers to splitter/combiners inside the MMR and then
> run that to a PON system (if you really wanted to for some reason).
> 
> Owen
> 
> On Jan 31, 2013, at 12:45 , Scott Helms  wrote:
> 
>> Owen,
>> 
>> The short answer is that you don't today and it will be a long time (if 
>> ever) before its feasible.  Europe is commonly held up as an example of an 
>> area where open access works and if you stick to DSL networks that's true.  
>> The problem is that the DSL networks (by and large) in Europe aren't 
>> expanding and are being overtaken by FTTx and to a lesser extent DOCSIS.  
>> The reasons why this is so can be debated, but it is definitely happening 
>> and given that trend there is very little incentive for the equipment 
>> manufacturers and protocol groups to build in open access as a core part of 
>> their design as it was in DSL, especially with PPPoX authentication.  
>> 
>> Now, once networks get to purely active Ethernet things get more simple 
>> technically, after all you easily do QinQ tagging, but there has been little 
>> movement even in regulation tolerant Europe to force operators to open up 
>> and its much less likely to happen here in the US.  Whats more many of the 
>> FTTx builds aren't Ethernet today and doing open access on any flavor of PON 
>> is so painful operationally that it simply won't happen.
>> 
>> 
>> On Thu, Jan 31, 2013 at 3:31 PM, Owen DeLong  wrote:
>> 
>> On Jan 31, 2013, at 07:07 , Ray Soucy  wrote:
>> 
>> > Late to the conversation, but I'll chime in that we established a
>> > model in Maine that is working pretty well, at least for middle-mile
>> > fiber.
>> >
>> > When we started building out MaineREN (our RON) we decided that having
>> > the University own the fiber would tie it up in political red tape.
>> > So much so that it would ultimately not be made available to the
>> > private sector (because incumbents would accuse us of competing with
>> > them using public funds).  We knew this because we had already spent a
>> > year in the legislature fighting off industry lobbyists.
>> >
>> > Obviously there are considerable investments in such infrastructure
>> > that many private companies are unwilling or unable to make in rural
>> > areas (ROI takes too long), so we really wanted to make sure that
>> > future facilities would be built out in a way that would allow service
>> > providers to expand into the state cheaply, encourage competition, and
>> > ultimately provide better services at lower costs.
>> >
>> > The goal was to establish geographically diverse, high stand-count,
>> > rings to reach the majority of the state, so we pitched it in a
>> > public-private partnership to go after Recovery Act funding.
>> >
>> 
>> That's also a worthy goal, but it doesn't address the issues that
>> are the subject of this conversation. Middle-mile solutions
>> like this are not all that uncommon, even in such backwards
>> places (when it comes to networking infrastructure) as silicon
>> valley.
>> 
>> Where we still ha

Re: Muni fiber: L1 or L2?

[Scott Helms]

Owen,

You can't share access from one splitter to multiple OLTs so the location
of the splitter isn't important.  AFAIK there is simply no concept for that
idea in any of the PON specs and its certainly not something that
Calix/Adtran/Zhone/Alcatel/$gear_maker are building right now.  For that
matter I can't think of a single piece of gear beyond DWDM/CWDM that
actually operates are layer 1 to allow that kind of split and then its very
limited in terms of the channels available and not suitable for the kind of
deployment I think you're describing.


On Thu, Jan 31, 2013 at 4:15 PM, Owen DeLong  wrote:

> That's why I'm not advocating for open access, I'm advocating for L1/L2
> provider
> separation and a requirement that the L1 access itself be open.
>
> I have yet to get a firm answer, but as I understand PON, it doesn't
> actually matter
> so much whether you put the splitter/combiner in an MMR or near the CPE.
> Obviously, most of the "economy" of PON comes from putting the splitter
> near
> the subscriber, but so does the loss of open access at L1.
>
> OTOH, if you build out fiber from a city or neighborhood or whatever to an
> independent MMR, I don't believe there's any reason you couldn't
> cross-connect
> various users home-run fibers to splitter/combiners inside the MMR and then
> run that to a PON system (if you really wanted to for some reason).
>
> Owen
>
> On Jan 31, 2013, at 12:45 , Scott Helms  wrote:
>
> Owen,
>
> The short answer is that you don't today and it will be a long time (if
> ever) before its feasible.  Europe is commonly held up as an example of an
> area where open access works and if you stick to DSL networks that's true.
>  The problem is that the DSL networks (by and large) in Europe aren't
> expanding and are being overtaken by FTTx and to a lesser extent DOCSIS.
>  The reasons why this is so can be debated, but it is definitely happening
> and given that trend there is very little incentive for the equipment
> manufacturers and protocol groups to build in open access as a core part of
> their design as it was in DSL, especially with PPPoX authentication.
>
> Now, once networks get to purely active Ethernet things get more simple
> technically, after all you easily do QinQ tagging, but there has been
> little movement even in regulation tolerant Europe to force operators to
> open up and its much less likely to happen here in the US.  Whats more many
> of the FTTx builds aren't Ethernet today and doing open access on any
> flavor of PON is so painful operationally that it simply won't happen.
>
>
> On Thu, Jan 31, 2013 at 3:31 PM, Owen DeLong  wrote:
>
>>
>> On Jan 31, 2013, at 07:07 , Ray Soucy  wrote:
>>
>> > Late to the conversation, but I'll chime in that we established a
>> > model in Maine that is working pretty well, at least for middle-mile
>> > fiber.
>> >
>> > When we started building out MaineREN (our RON) we decided that having
>> > the University own the fiber would tie it up in political red tape.
>> > So much so that it would ultimately not be made available to the
>> > private sector (because incumbents would accuse us of competing with
>> > them using public funds).  We knew this because we had already spent a
>> > year in the legislature fighting off industry lobbyists.
>> >
>> > Obviously there are considerable investments in such infrastructure
>> > that many private companies are unwilling or unable to make in rural
>> > areas (ROI takes too long), so we really wanted to make sure that
>> > future facilities would be built out in a way that would allow service
>> > providers to expand into the state cheaply, encourage competition, and
>> > ultimately provide better services at lower costs.
>> >
>> > The goal was to establish geographically diverse, high stand-count,
>> > rings to reach the majority of the state, so we pitched it in a
>> > public-private partnership to go after Recovery Act funding.
>> >
>>
>> That's also a worthy goal, but it doesn't address the issues that
>> are the subject of this conversation. Middle-mile solutions
>> like this are not all that uncommon, even in such backwards
>> places (when it comes to networking infrastructure) as silicon
>> valley.
>>
>> Where we still have a serious lack of deployment and virtually no
>> competition, even in most major metros, is the last mile.
>>
>> > As of a few months ago the build-out is complete, and the first
>> > networks to make use of the fiber are starting to come online
>> > (including MaineREN).
>> >
>> > The way we did it was to have the state government create a new public
>> > utility designation of "Dark Fiber Provider".  There are a few rules
>> > in place to keep things fair: Mainly they're forbidden to provide lit
>> > services and they're required to provide open access to anyone at
>> > published rates.
>> >
>>
>> This is definitely a good first step if you can get it through the
>> legislative
>> process without having the $TELCOS and $CABLECOS lobby against
>> it to the 

Re: Muni fiber: L1 or L2?

[Owen DeLong]

That's why I'm not advocating for open access, I'm advocating for L1/L2 provider
separation and a requirement that the L1 access itself be open.

I have yet to get a firm answer, but as I understand PON, it doesn't actually 
matter
so much whether you put the splitter/combiner in an MMR or near the CPE.
Obviously, most of the "economy" of PON comes from putting the splitter near
the subscriber, but so does the loss of open access at L1.

OTOH, if you build out fiber from a city or neighborhood or whatever to an
independent MMR, I don't believe there's any reason you couldn't cross-connect
various users home-run fibers to splitter/combiners inside the MMR and then
run that to a PON system (if you really wanted to for some reason).

Owen

On Jan 31, 2013, at 12:45 , Scott Helms  wrote:

> Owen,
> 
> The short answer is that you don't today and it will be a long time (if ever) 
> before its feasible.  Europe is commonly held up as an example of an area 
> where open access works and if you stick to DSL networks that's true.  The 
> problem is that the DSL networks (by and large) in Europe aren't expanding 
> and are being overtaken by FTTx and to a lesser extent DOCSIS.  The reasons 
> why this is so can be debated, but it is definitely happening and given that 
> trend there is very little incentive for the equipment manufacturers and 
> protocol groups to build in open access as a core part of their design as it 
> was in DSL, especially with PPPoX authentication.  
> 
> Now, once networks get to purely active Ethernet things get more simple 
> technically, after all you easily do QinQ tagging, but there has been little 
> movement even in regulation tolerant Europe to force operators to open up and 
> its much less likely to happen here in the US.  Whats more many of the FTTx 
> builds aren't Ethernet today and doing open access on any flavor of PON is so 
> painful operationally that it simply won't happen.
> 
> 
> On Thu, Jan 31, 2013 at 3:31 PM, Owen DeLong  wrote:
> 
> On Jan 31, 2013, at 07:07 , Ray Soucy  wrote:
> 
> > Late to the conversation, but I'll chime in that we established a
> > model in Maine that is working pretty well, at least for middle-mile
> > fiber.
> >
> > When we started building out MaineREN (our RON) we decided that having
> > the University own the fiber would tie it up in political red tape.
> > So much so that it would ultimately not be made available to the
> > private sector (because incumbents would accuse us of competing with
> > them using public funds).  We knew this because we had already spent a
> > year in the legislature fighting off industry lobbyists.
> >
> > Obviously there are considerable investments in such infrastructure
> > that many private companies are unwilling or unable to make in rural
> > areas (ROI takes too long), so we really wanted to make sure that
> > future facilities would be built out in a way that would allow service
> > providers to expand into the state cheaply, encourage competition, and
> > ultimately provide better services at lower costs.
> >
> > The goal was to establish geographically diverse, high stand-count,
> > rings to reach the majority of the state, so we pitched it in a
> > public-private partnership to go after Recovery Act funding.
> >
> 
> That's also a worthy goal, but it doesn't address the issues that
> are the subject of this conversation. Middle-mile solutions
> like this are not all that uncommon, even in such backwards
> places (when it comes to networking infrastructure) as silicon
> valley.
> 
> Where we still have a serious lack of deployment and virtually no
> competition, even in most major metros, is the last mile.
> 
> > As of a few months ago the build-out is complete, and the first
> > networks to make use of the fiber are starting to come online
> > (including MaineREN).
> >
> > The way we did it was to have the state government create a new public
> > utility designation of "Dark Fiber Provider".  There are a few rules
> > in place to keep things fair: Mainly they're forbidden to provide lit
> > services and they're required to provide open access to anyone at
> > published rates.
> >
> 
> This is definitely a good first step if you can get it through the legislative
> process without having the $TELCOS and $CABLECOS lobby against
> it to the point of death or dismemberment.
> 
> > The result is "Maine Fiber Company":
> >
> > http://www.mainefiberco.com/
> >
> > It's still early on, but I'm anxious to see how things look in 10 years or 
> > so.
> >
> 
> Sounds great... Now, the $50,000,000 question... How do we replicate
> that model at the consumer level?
> 
> > A lot of people who like the idea of what we've done aren't sure if
> > it's a good model to apply for last mile fiber.  Personally, I think
> > replicating this model to deliver dark fiber to the home (much like
> > electricity) is the only way we'll be able to shield providers from
> > having to make major investments to deliver the level of ser

Re: NANOG Digest, Vol 60, Issue 113

[Brzozowski, John]

http://mydeviceinfo.comcast.net is up to date and will have more devices
this year.  If the device is a standalone modem and has IPv6 checked you
need to make sure your customer owned CPE supports IPv6 *AND* is enabled.
Otherwise if it is an integrated device provided by Comcast or via
retails, once the IPv6 checked box is checked IPv6 support will be enabled
by default.  However, please note in cases where the router can be
disabled I will not override your selection.  Integrated devices in router
mode will be IPv6 enabled by default.

John
=
John Jason Brzozowski
Comcast Cable
m) +1-609-377-6594
e) mailto:john_brzozow...@cable.comcast.com
o) +1-484-962-0060
w) http://www.comcast6.net
=





-Original Message-
From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 9:20 PM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 113

>Looking at http://mydeviceinfo.comcast.net you get a choice of wireless
>or IPv6 in Arris.

Re: NANOG Digest, Vol 60, Issue 113

[Brzozowski, John]

Original Message-

From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 9:20 PM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 113

>On Jan 30, 2013, at 7:52 PM, Mark Andrews  wrote:
>The update you sent is lovely, except I can tell you that the one (also
>an Arris, running DOCSIS 3.0) which was installed in late October in my
>house in Washington simply does not run v6 with the pre-installed load.
>Now, is there some firmware upgrade which could fix this?  Maybe, but it
>sure would be nice if the folks who answer the phone in support could
>direct me to someone who has heard of this technology.  So no, as I said
>before, Comcast has *not* removed the v6 barrier here.  I'd like it to
>"just work", please.
[jjmb] We are working on an image that will enable IPv6, it will not be
long.

Re: NANOG Digest, Vol 60, Issue 113

[Brzozowski, John]

This is news, it would be great if more details were available.  Anyone?

=
John Jason Brzozowski
Comcast Cable
m) +1-609-377-6594
e) mailto:john_brzozow...@cable.comcast.com
o) +1-484-962-0060
w) http://www.comcast6.net
=





-Original Message-
From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 9:20 PM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 113

>Message: 1
>Date: Wed, 30 Jan 2013 22:16:40 -0500 (EST)
>From: "Justin M. Streiner" 
>To: Cutler James R 
>Cc: nanog@nanog.org
>Subject: Re: "Programmers can't get IPv6 thus that is why they do not
>   have IPv6 in their applications"
>Message-ID: 
>Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
>On Wed, 30 Jan 2013, David Barak wrote:
>
>>Comcast removed the "no IPv6" excuse?  That removal somehow skipped my
>>house in Washington DC where they installed (last October) a router
>>which does not even support it (an Arrus voice gateway- the one where
>>you can't turn of the crummy 2.4g wireless radio) and none of the
>>folks I've spoken to on the phone can tell me when or if it will be
>>coming.
>
>I know Verizon is rolling out v6 in some areas of their FiOS footprint.
>The router they provided supports it, but what I got from their customer
>service people was that they ran into some sort of issue with their TV
>set-top boxes working properly with IPv6 or at least in a dual-stack
>environment.  At least that's where things stand in Pittsburgh.
>
>I don't think they've provided training to their customer service people
>on IPv6 yet.  The rep I spoke with a few weeks ago told me I was the first
>customer that has asked her about it.
>
>Looking forward to native v6 / dual-stack here...
>
>jms
>

Re: NANOG Digest, Vol 60, Issue 111

[Brzozowski, John]

There is a lot more to come this year, so stay tuned. ;)

John

-Original Message-
From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 7:01 PM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 111

>Message: 1
>Date: Thu, 31 Jan 2013 11:52:39 +1100
>From: Mark Andrews 
>To: David Barak 
>Cc: nanog@nanog.org
>Subject: Re: "Programmers can't get IPv6 thus that is why they do not
>   have IPv6 in their applications"
>Message-ID: <20130131005239.c2de52e94...@drugs.dv.isc.org>
>
>
>In message <1359591223.5270.yahoomailmob...@web31809.mail.mud.yahoo.com>,
>David
>Barak writes:
>>Comcast removed the "no IPv6" excuse?  That removal somehow skipped my
>>house
>>in Washington DC where they installed (last October) a router which does
>>not
>>even support it (an Arrus voice gateway- the one where you can't
>>turn of
>>the crummy 2.4g wireless radio) and none of the folks I've spoken to
>>on t
>>he phone can tell me when or if it will be coming.
>>I look forward to Comcast giving me native v6 at home.
>>David Barak
>
>Firstly fix your mail client.  What's this "'" garbage in text/plain?
>
>Deployment Update
>
>Published on Tuesday, October 23, 2012
>
>IPv6 has been launched on all Arris DOCSIS 3.0 C4 CMTSes, covering
>over 50% our network.  We are targeting completion of the rest of
>the network by mid-2013. Our progress has led to nearly 2.5% of our
>Xfinity Internet customers  actively using native dual stack.
>Additionally, IPv6 traffic has increased 375% since World IPv6 Day
>in June 2011.  Following World IPv6 Launch in June 2012 Comcast
>also observed that approximately 6% of the 2012 Olympics served
>over YouTube to Comcast customers was over IPv6.
>
>http://www.comcast6.net
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
>
>

Re: NANOG Digest, Vol 60, Issue 110

[Brzozowski, John]

-Original Message-

From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 5:13 PM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 110

>Message: 9
>Date: Wed, 30 Jan 2013 16:13:43 -0800 (PST)
>From: David Barak 
>To: Cutler James R , nanog@nanog.org
>Subject: Re: "Programmers can't get IPv6 thus that is why they do not
>   have IPv6 in their applications"
>Message-ID:
>   <1359591223.5270.yahoomailmob...@web31809.mail.mud.yahoo.com>
>Content-Type: text/plain; charset=us-ascii
>
>Comcast removed the "no IPv6" excuse?  That removal somehow skipped my
>house in Washington DC where they installed (last October) a router which
>does not even support it (an Arrus voice gateway- the one where you
>can't turn of the crummy 2.4g wireless radio) and none of the folks
>I've spoken to on the phone can tell me when or if it will be coming.
[jjmb] feel free to contact me offline, your device will soon be enabled
with IPv6 support.  I can add you to early trials for the same if you are
interested.
>
>I look forward to Comcast giving me native v6 at home.
[jjmb] IPv6 is launched in your area across our broadband network, we did
not enable IPv6 for the device you have for a variety of reasons.  See my
other email about managing customer experience, the last thing I imagine
you would want me to do is carelessly deploy software with issues.
>
>David Barak

Re: NANOG Digest, Vol 60, Issue 110

[Brzozowski, John]

-Original Message-
From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 5:13 PM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 110

>Message: 7
>Date: Thu, 31 Jan 2013 10:00:22 +1100
>From: Mark Andrews 
>To: Michael Thomas 
>Cc: NANOG list 
>Subject: Re: "Programmers can't get IPv6 thus that is why they do not
>   have IPv6 in their applications"
>Message-ID: <20130130230022.e74bd2e93...@drugs.dv.isc.org>
>
>
>In message <51099c0f.5040...@mtcc.com>, Michael Thomas writes:
>>On 01/30/2013 01:51 PM, Cutler James R wrote:
>>> On Jan 30, 2013, at 12:43 PM, joel jaeggli  wrote:
>>>
 As a product of having a motorola sb6121 and a netgear wndr3700 both
of wh
>>ich I bought at frys I have ipv6 in my house with dhcp pd curtesy of
>>commcast
>>. If it was any simpler somebody else would have had to install it.

>>> Except that Apple Airport Extreme users must have one of the newer
>>>hardware
>>  versions, that is my experience as well.
>>>
>>> And, even before Comcast and new AEBS, Hurricane Electric removed all
>>>other
>>  excuses for claiming "no IPv6".
>>"Remove excuses" != "Create incentive". There are an infinite number of
>>things I can do to "remove excuses". Unless they're in my face (read:
>>causing
>>me headaches), they do not "create incentive". My using my or my
>>company's
>>software which doesn't work in my own environment (= work, home, phone,
>>etc)
>>"creates incentive". Lecturing me about how I can get a HE tunnel and
>>that if
>>I don't i'm ugly and my mother dresses me funny, otoh, just "creates
>>vexation
>>".
>>Mike
>>
>
>Just having IPv6 doesn't create incentives to make their code work
>with IPv6.  People just trundle along using IPv4.  Turning off IPv4
>creates incentives.  Reducing IPv4's capabilities creates incentives.
>Being told this needs to work and be tested with IPv6 creates
>incentives.
[jjmb] turning off IPv4 is not realistic at this time and there are other
ways to encourage the use and adoption of IPv6.  Enabling by default,
requesting upgrades for existing products that introduce support for IPv6.
 Enabling IPv6 alone is a significant statement especially when your
business relies on the same.  The absence of IPv6 or broken IPv6 when your
business relies on it are no longer options.
>
>Broken networks get people to fix things.  Unfortunately most
>developers don't test with broken networks.  If they did "Happy
>Eyeballs" would not have happened.  The applications would have
>coped with only some address of a multi-homed server working.
>
>Mark
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
>

Re: NANOG Digest, Vol 60, Issue 107

[Brzozowski, John]

See below.


John

-Original Message-
From: "nanog-requ...@nanog.org" 
Reply-To: NANOG 
Date: Wednesday, January 30, 2013 11:18 AM
To: NANOG 
Subject: NANOG Digest, Vol 60, Issue 107

>Date: Wed, 30 Jan 2013 09:43:10 -0800
>From: joel jaeggli 
>To: "Dobbins, Roland" , NANOG list
>   
>Subject: Re: "Programmers can't get IPv6 thus that is why they do not
>   have IPv6 in their applications"
>Message-ID: <51095bae.2020...@bogus.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>On 11/28/12 4:17 PM, Dobbins, Roland wrote:
>>On Nov 29, 2012, at 3:04 AM, Tony Hain wrote:
>>
>>>Getting the cpe vendors to ship in quantity requires the ISP
>>>engineering organizations to say in unison "we are deploying IPv6 and
>>>will only recommend products that pass testing".
>>Do you see any evidence of that occurring?  I don't.
[jjmb] I do, where I have control and/or influence over products we
absolutely require this or the device (or software) does not get deployed
or enabled.  There are cases where we deploy software that supports IPv6
but it is disabled.  This is largely to ensure that my customers are not
adversely impacted or have a poor customer experience.  I admit getting
quality implementations is not a trivial exercise even where good
specifications are available.  I view this as part of my job as such we
are looking at techniques to streamline this process.

>>
>>Also, a lot of broadband consumers and enterprise organizations buy and
>>deploy their own CPE.  Do you see a lot of IPv6 activity there?
>As a product of having a motorola sb6121 and a netgear wndr3700 both of
>which I bought at frys I have ipv6 in my house with dhcp pd curtesy of
>commcast. If it was any simpler somebody else would have had to install
>it.
[jjmb] this is our goal simple and seamless.

>>   I don't, excepting an IPv6 RFP checkbox for enterprises, which
>>doesn't have any formal requirements and is essentially meaningless
>>because of that fact.
[jjmb] an IPv6 check box on an RFP means almost nothing, IPv6 has never
been a one check box item.  The rubber meets the road when a company
chooses to buy based on IPv6 functionality or better yet swaps products
out due to lack of IPv6 functionality.

>>>You claim to be looking for the economic incentive, but are looking
>>>with such a short time horizon that all you see are the 'waste'
>>>products vendors
>>>are pushing to make a quick sale, knowing that you will eventually come
>>>back for yet-another-hack to delay transition, and prop up your
>>>expertise in a
>>>legacy technology.
>>No.
>>
>>What I am looking for is an economic incentive which will justify the
>>[IMHO] wildly overoptimisitic claims which some are making in re
>>ubiquitous end-to-end native IPv6 deployment.
>>
>>Otherwise, I believe it will be a much more gradual adoption curve, as
>>you indicate.
[jjmb] ubiquitous IPv6 deployment and use requires work, it is not going
to happen automatically and will require effort.

>>
>>>The same thing happened with the SNA faithful 15 years ago, and history
>>>shows what happened there.
>>You attribute circumstances and motivations to me which do not apply.
>>
>>---
>>Roland Dobbins  // 
>>
>>Luck is the residue of opportunity and design.
>>
>> -- John Milton
>>
>>
>>
>

Re: Ddos mitigation service

[Alain Hebert]

Look up DOSArrest.  (dosarrest.com)

3 permanent cases easily solved with them.

And no, I'm not one of their sales rep =D

-
Alain Hebertaheb...@pubnix.net   
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

On 01/31/13 13:13, matt kelly wrote:
> Can anyone recommended ddos mitigation companies with US east coast
> presence that provide the services via bgp?  We are not interested in an
> appliance but rather offloading the traffic.
>
> Thanks.
>
>

Re: TOR fiber patch panels

[Owen DeLong]

FWIW, you can get 1U 48-pair LC patch panels, or, you can get Keystone
panels and LC duplex snapins. I believe Panduit, among others make
these products.

I've used them in the past. The snapins and the panels both expect an LC
termination of the back side fiber as well. They don't provide protection or
spooling trays.

Panels that provide protection and/or spooling trays don't work well in 1U
in my experience.

Owen
On Jan 31, 2013, at 09:44 , Chuck Anderson  wrote:

> I'm looking for better Top-Of-Rack fiber patch panels than the ones
> I've been using up to this point.  I'm looking for something that is
> 1U, holds 12 to 24 strands of SC, ST, or LC, has fiber jumper
> management rings, and has a door that doesn't interfere with the U
> below (a server might be mounted immediately below the fiber patch
> panel).  I prefer one that doesn't have a sliding mechanism, because
> I've had issues with fiber installers not installing those properly,
> causing fiber to be crunched and broken when the tray is slid out/in
> during patching.  Of course, I would still like one that is easy to
> get your fingers into to install and remove fiber jumpers.
> 
> Does such a thing exist?  What are people's favorite fiber patch
> panels?
> 
> Thanks.

Re: Muni fiber: L1 or L2?

[Scott Helms]

Owen,

The short answer is that you don't today and it will be a long time (if
ever) before its feasible.  Europe is commonly held up as an example of an
area where open access works and if you stick to DSL networks that's true.
 The problem is that the DSL networks (by and large) in Europe aren't
expanding and are being overtaken by FTTx and to a lesser extent DOCSIS.
 The reasons why this is so can be debated, but it is definitely happening
and given that trend there is very little incentive for the equipment
manufacturers and protocol groups to build in open access as a core part of
their design as it was in DSL, especially with PPPoX authentication.

Now, once networks get to purely active Ethernet things get more simple
technically, after all you easily do QinQ tagging, but there has been
little movement even in regulation tolerant Europe to force operators to
open up and its much less likely to happen here in the US.  Whats more many
of the FTTx builds aren't Ethernet today and doing open access on any
flavor of PON is so painful operationally that it simply won't happen.


On Thu, Jan 31, 2013 at 3:31 PM, Owen DeLong  wrote:

>
> On Jan 31, 2013, at 07:07 , Ray Soucy  wrote:
>
> > Late to the conversation, but I'll chime in that we established a
> > model in Maine that is working pretty well, at least for middle-mile
> > fiber.
> >
> > When we started building out MaineREN (our RON) we decided that having
> > the University own the fiber would tie it up in political red tape.
> > So much so that it would ultimately not be made available to the
> > private sector (because incumbents would accuse us of competing with
> > them using public funds).  We knew this because we had already spent a
> > year in the legislature fighting off industry lobbyists.
> >
> > Obviously there are considerable investments in such infrastructure
> > that many private companies are unwilling or unable to make in rural
> > areas (ROI takes too long), so we really wanted to make sure that
> > future facilities would be built out in a way that would allow service
> > providers to expand into the state cheaply, encourage competition, and
> > ultimately provide better services at lower costs.
> >
> > The goal was to establish geographically diverse, high stand-count,
> > rings to reach the majority of the state, so we pitched it in a
> > public-private partnership to go after Recovery Act funding.
> >
>
> That's also a worthy goal, but it doesn't address the issues that
> are the subject of this conversation. Middle-mile solutions
> like this are not all that uncommon, even in such backwards
> places (when it comes to networking infrastructure) as silicon
> valley.
>
> Where we still have a serious lack of deployment and virtually no
> competition, even in most major metros, is the last mile.
>
> > As of a few months ago the build-out is complete, and the first
> > networks to make use of the fiber are starting to come online
> > (including MaineREN).
> >
> > The way we did it was to have the state government create a new public
> > utility designation of "Dark Fiber Provider".  There are a few rules
> > in place to keep things fair: Mainly they're forbidden to provide lit
> > services and they're required to provide open access to anyone at
> > published rates.
> >
>
> This is definitely a good first step if you can get it through the
> legislative
> process without having the $TELCOS and $CABLECOS lobby against
> it to the point of death or dismemberment.
>
> > The result is "Maine Fiber Company":
> >
> > http://www.mainefiberco.com/
> >
> > It's still early on, but I'm anxious to see how things look in 10 years
> or so.
> >
>
> Sounds great... Now, the $50,000,000 question... How do we replicate
> that model at the consumer level?
>
> > A lot of people who like the idea of what we've done aren't sure if
> > it's a good model to apply for last mile fiber.  Personally, I think
> > replicating this model to deliver dark fiber to the home (much like
> > electricity) is the only way we'll be able to shield providers from
> > having to make major investments to deliver the level of service we
> > really need.  By keeping it as a dark-fiber only service, you create
> > an environment where there is competition instead of one provider
> > keeping speeds low and prices high.
>
> That's certainly the ideal, yes.
>
> > I initially thought having L2 separation would be good in that service
> > changes could be done remotely, etc.  But after giving it some
> > thought, I think it places way too much potential for L2 to be the
> > bottleneck or source of problematic service and if it's provided by a
> > public utility or municipality it could take very long to fix (if it
> > get's fixed at all) due to politics and budget hawks.  I really want
> > to have choice between providers even at the L2 level.
>
> There are cases where the lack of L2 services could pose a barrier
> to entry for competition. That's why I proposed the following requi

Re: Muni fiber: L1 or L2?

[Owen DeLong]

On Jan 31, 2013, at 07:07 , Ray Soucy  wrote:

> Late to the conversation, but I'll chime in that we established a
> model in Maine that is working pretty well, at least for middle-mile
> fiber.
> 
> When we started building out MaineREN (our RON) we decided that having
> the University own the fiber would tie it up in political red tape.
> So much so that it would ultimately not be made available to the
> private sector (because incumbents would accuse us of competing with
> them using public funds).  We knew this because we had already spent a
> year in the legislature fighting off industry lobbyists.
> 
> Obviously there are considerable investments in such infrastructure
> that many private companies are unwilling or unable to make in rural
> areas (ROI takes too long), so we really wanted to make sure that
> future facilities would be built out in a way that would allow service
> providers to expand into the state cheaply, encourage competition, and
> ultimately provide better services at lower costs.
> 
> The goal was to establish geographically diverse, high stand-count,
> rings to reach the majority of the state, so we pitched it in a
> public-private partnership to go after Recovery Act funding.
> 

That's also a worthy goal, but it doesn't address the issues that
are the subject of this conversation. Middle-mile solutions
like this are not all that uncommon, even in such backwards
places (when it comes to networking infrastructure) as silicon
valley.

Where we still have a serious lack of deployment and virtually no
competition, even in most major metros, is the last mile.

> As of a few months ago the build-out is complete, and the first
> networks to make use of the fiber are starting to come online
> (including MaineREN).
> 
> The way we did it was to have the state government create a new public
> utility designation of "Dark Fiber Provider".  There are a few rules
> in place to keep things fair: Mainly they're forbidden to provide lit
> services and they're required to provide open access to anyone at
> published rates.
> 

This is definitely a good first step if you can get it through the legislative
process without having the $TELCOS and $CABLECOS lobby against
it to the point of death or dismemberment.

> The result is "Maine Fiber Company":
> 
> http://www.mainefiberco.com/
> 
> It's still early on, but I'm anxious to see how things look in 10 years or so.
> 

Sounds great... Now, the $50,000,000 question... How do we replicate
that model at the consumer level?

> A lot of people who like the idea of what we've done aren't sure if
> it's a good model to apply for last mile fiber.  Personally, I think
> replicating this model to deliver dark fiber to the home (much like
> electricity) is the only way we'll be able to shield providers from
> having to make major investments to deliver the level of service we
> really need.  By keeping it as a dark-fiber only service, you create
> an environment where there is competition instead of one provider
> keeping speeds low and prices high.

That's certainly the ideal, yes.

> I initially thought having L2 separation would be good in that service
> changes could be done remotely, etc.  But after giving it some
> thought, I think it places way too much potential for L2 to be the
> bottleneck or source of problematic service and if it's provided by a
> public utility or municipality it could take very long to fix (if it
> get's fixed at all) due to politics and budget hawks.  I really want
> to have choice between providers even at the L2 level.

There are cases where the lack of L2 services could pose a barrier
to entry for competition. That's why I proposed the following requirements:

1.  Must sell dark fiber to any purchaser.
2.  Must sell dark fiber to all purchasers on equal terms.
(There must be a published price list and there cannot be deviations
from that price list. If the price list is modified, existing customers
receive the new pricing at the beginning of their next billing cycle.)
3.  May provide value-added L2 services 
4.  If L2 services are provided, they are also subject to rule 2.
5.  May not sell L3 or higher level services.
6.  May not hold ownership or build any form of alliance or affiliation with
a provider of L3 or higher level services.

Owen

> 
> 
> 
> 
> On Tue, Jan 29, 2013 at 12:54 PM, Jay Ashworth  wrote:
>> - Original Message -
>>> From: "Leo Bicknell" 
>> 
>>> I am a big proponent of muni-owned dark fiber networks. I want to
>>> be 100% clear about what I advocate here:
>>> 
>>> - Muni-owned MMR space, fiber only, no active equipment allowed. A
>>> big cross connect room, where the muni-fiber ends and providers are
>>> all allowed to colocate their fiber term on non-discriminatory terms.
>> 
>>> - 4-6 strands per home, home run back to the muni-owned MMR space.
>>> No splitters, WDM, etc, home run glass. Terminating on an optical
>>> handoff inside the

Re: OOB core router connectivity wish list

[Steven Bellovin]

On Jan 9, 2013, at 1:18 PM, Leo Bicknell  wrote:

> In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael 
> Abrahamsson wrote:
>> IPMI is exactly what we're going for.
> 
> For Vendors that use a "PC" motherboard, IPMI would probably not be
> difficult at all! :)
> 
> I think IPMI is a pretty terrible solution though, so if that's your
> target I do think it's a step backwards.  Most IPMI cards are prime
> examples of my worries, Linux images years out of date, riddled with
> security holes and universally not trusted.  You're going to need a
> "firewall" in front of any such solution to deploy it, so you can't
> really eliminate the extra box I proposed just change its nature.
> 

https://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html


--Steve Bellovin, https://www.cs.columbia.edu/~smb

RE: box against dos/ddos

[Dixon, Justin]

> -Original Message-
> From: Carlos Kamtha [mailto:kam...@ak-labs.net]
> Sent: Thursday, January 31, 2013 13:53
> To: Piotr
> Cc: nanog@nanog.org
> Subject: Re: box against dos/ddos
> 
> 
> Arbour Peakflow is probably the way to go.
> 
> However if you don't want to spend a ton of money, you might
> want to consider using a stub router +bgp coupled with a server
> running the appropriate SNMP tools (perhaps cacti) to publish your desired
> data.
> 
> It's not the most convenient solution but it should do..
> 
> Cheers.
> 
> -CK
> 
> On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
> > Hi,
> >
> > I looking some box (vendor, model), which i can put out of the
> > main/product network,  which can analyze packets  netflow,sflow,syslog
> > from bgp router(s) and after discover some anomaly it can do some
> > action, for example:
> >
> > - Box have bgp session with bgp router and advertise attacked ip prefix
> > with some community. Bgp router set next-hop for this prefix to
> /dev/null
> >
> > Normal traffic via bgp router is about 1G/s in and 10G/s out
> >
> > What is worth of looking and what you suggest ?
> >
> > thanks for help,
> > Piotr




Most larger ISPs offer this as a service that you can add on with existing 
contracts. They usually guarantee up to a certain bandwidth level what they 
will provide as "clean pipe service". Be advised most ISPs are only able to 
scrub to L3, anything higher and you have to start looking at Verisign, 
Prolexic or similar and/or something in house. Especially for SSL based attacks.

Thanks.
Justin

Re: HSRP vs VRRP for IPv6 on IOS-XE - rekindling an old flame

[Nick Hilliard]

On 20/08/2012 15:51, Nick Hilliard wrote:
> Last time I looked, the support looked like this:
> 
> XR:  v4: HSRPv1, VRRP v6: VRRP
> IOS: v4: HSRPv1, HSRPv2, VRRP, GLBP   v6: HSRPv2, GLBP
> 
> You'll notice a certain lack of joined-up thinking here.

Looks like IOS 15.2(4)M finally supports VRRPv3, which supports ipv6.

> http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-4MNEWF.html#wp63073

This is really useful - finally you can either or both of vanilla IOS or XR
to provide VRRP resilient first hop for ipv6.

Nick

Re: box against dos/ddos

[Carlos Kamtha]

Arbour Peakflow is probably the way to go. 

However if you don't want to spend a ton of money, you might
want to consider using a stub router +bgp coupled with a server 
running the appropriate SNMP tools (perhaps cacti) to publish your desired data.

It's not the most convenient solution but it should do..

Cheers.

-CK

On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
> Hi,
> 
> I looking some box (vendor, model), which i can put out of the 
> main/product network,  which can analyze packets  netflow,sflow,syslog 
> from bgp router(s) and after discover some anomaly it can do some 
> action, for example:
> 
> - Box have bgp session with bgp router and advertise attacked ip prefix 
> with some community. Bgp router set next-hop for this prefix to /dev/null
> 
> Normal traffic via bgp router is about 1G/s in and 10G/s out
> 
> What is worth of looking and what you suggest ?
> 
> thanks for help,
> Piotr

Re: box against dos/ddos

[Kenneth McRae]

I think Radware has to sit inline. I do not believe they offer BGP offramp,
so keep that in mind.

On Thu, Jan 31, 2013 at 10:39 AM, Jay Coley  wrote:

> +1 for Radware
>
> On 31/01/2013 18:36, dennis wrote:
> > Agreed, my shortlist for evaluation would include  Arbor, Radware and
> > Genie NRM.   New players to the market include just about every IPS and
> > application load balancing solution out there.
> >
> >
> > --
> > From: "Suresh Ramasubramanian" 
> > Sent: Thursday, January 31, 2013 10:23 AM
> > To: "Piotr" 
> > Cc: 
> > Subject: Re: box against dos/ddos
> >
> >> arbor peakflow to start with?
> >>
> >> On Thursday, January 31, 2013, Piotr wrote:
> >>
> >>> Hi,
> >>>
> >>> I looking some box (vendor, model), which i can put out of the
> >>> main/product network,  which can analyze packets
> >>> netflow,sflow,syslog from
> >>> bgp router(s) and after discover some anomaly it can do some action,
> for
> >>> example:
> >>>
> >>> - Box have bgp session with bgp router and advertise attacked ip prefix
> >>> with some community. Bgp router set next-hop for this prefix to
> >>> /dev/null
> >>>
> >>> Normal traffic via bgp router is about 1G/s in and 10G/s out
> >>>
> >>> What is worth of looking and what you suggest ?
> >>>
> >>> thanks for help,
> >>> Piotr
> >>>
> >>>
> >>
> >> --
> >> --srs (iPad)
> >>
> >
> >
> >
>
>
>
>
>

Re: box against dos/ddos

[Jay Coley]

+1 for Radware

On 31/01/2013 18:36, dennis wrote:
> Agreed, my shortlist for evaluation would include  Arbor, Radware and
> Genie NRM.   New players to the market include just about every IPS and
> application load balancing solution out there.
> 
> 
> --
> From: "Suresh Ramasubramanian" 
> Sent: Thursday, January 31, 2013 10:23 AM
> To: "Piotr" 
> Cc: 
> Subject: Re: box against dos/ddos
> 
>> arbor peakflow to start with?
>>
>> On Thursday, January 31, 2013, Piotr wrote:
>>
>>> Hi,
>>>
>>> I looking some box (vendor, model), which i can put out of the
>>> main/product network,  which can analyze packets 
>>> netflow,sflow,syslog from
>>> bgp router(s) and after discover some anomaly it can do some action, for
>>> example:
>>>
>>> - Box have bgp session with bgp router and advertise attacked ip prefix
>>> with some community. Bgp router set next-hop for this prefix to
>>> /dev/null
>>>
>>> Normal traffic via bgp router is about 1G/s in and 10G/s out
>>>
>>> What is worth of looking and what you suggest ?
>>>
>>> thanks for help,
>>> Piotr
>>>
>>>
>>
>> -- 
>> --srs (iPad)
>>
> 
> 
> 

Re: Ddos mitigation service

[Allan Liska]

On Thu, Jan 31, 2013 at 1:13 PM, matt kelly  wrote:

> Can anyone recommended ddos mitigation companies with US east coast
> presence that provide the services via bgp?  We are not interested in an
> appliance but rather offloading the traffic.
>

I would look at Verisign's VIDN product:


http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/ddos/index.xhtml


allan

Re: box against dos/ddos

[dennis]

Agreed, my shortlist for evaluation would include  Arbor, Radware and Genie 
NRM.   New players to the market include just about every IPS and 
application load balancing solution out there.



--
From: "Suresh Ramasubramanian" 
Sent: Thursday, January 31, 2013 10:23 AM
To: "Piotr" 
Cc: 
Subject: Re: box against dos/ddos


arbor peakflow to start with?

On Thursday, January 31, 2013, Piotr wrote:


Hi,

I looking some box (vendor, model), which i can put out of the
main/product network,  which can analyze packets  netflow,sflow,syslog 
from

bgp router(s) and after discover some anomaly it can do some action, for
example:

- Box have bgp session with bgp router and advertise attacked ip prefix
with some community. Bgp router set next-hop for this prefix to /dev/null

Normal traffic via bgp router is about 1G/s in and 10G/s out

What is worth of looking and what you suggest ?

thanks for help,
Piotr




--
--srs (iPad)

RE: TOR fiber patch panels

[Scott Berkman]

Might also want to take a look at stuff from Cablesys:

http://www.cablesys.com/p/2277/fiber-patch-panel-lc-quad-ceramic
http://www.cablesys.com/p/2300/enclosure-1-rms-slide-3-panel

Only requirement from below missing is they don't usually have doors.  I'm
not sure much in a 1U panel does these days.

Panduit also has some very similar parts.

-Scott

-Original Message-
From: Josh Hoppes [mailto:josh.hop...@gmail.com] 
Sent: Thursday, January 31, 2013 1:02 PM
To: nanog
Subject: Re: TOR fiber patch panels

Have you looked at anything from Clear Field, just as an example something
like this.

http://www.clearfieldconnection.com/products/panels/fieldsmart-small-count-d
elivery-scd-1ru-rack-mount-cabinet-mount-panel.html

On Thu, Jan 31, 2013 at 11:44 AM, Chuck Anderson  wrote:
> I'm looking for better Top-Of-Rack fiber patch panels than the ones 
> I've been using up to this point.  I'm looking for something that is 
> 1U, holds 12 to 24 strands of SC, ST, or LC, has fiber jumper 
> management rings, and has a door that doesn't interfere with the U 
> below (a server might be mounted immediately below the fiber patch 
> panel).  I prefer one that doesn't have a sliding mechanism, because 
> I've had issues with fiber installers not installing those properly, 
> causing fiber to be crunched and broken when the tray is slid out/in 
> during patching.  Of course, I would still like one that is easy to 
> get your fingers into to install and remove fiber jumpers.
>
> Does such a thing exist?  What are people's favorite fiber patch 
> panels?
>
> Thanks.
>

Re: Ddos mitigation service

[Seth Mattinen]

On 1/31/13 10:13 AM, matt kelly wrote:
> Can anyone recommended ddos mitigation companies with US east coast
> presence that provide the services via bgp?  We are not interested in an
> appliance but rather offloading the traffic.
> 

Prolexic.

Re: Ddos mitigation service

[Kenneth McRae]

Arbor Networks..

On Thu, Jan 31, 2013 at 10:13 AM, matt kelly  wrote:

> Can anyone recommended ddos mitigation companies with US east coast
> presence that provide the services via bgp?  We are not interested in an
> appliance but rather offloading the traffic.
>
> Thanks.
>



-- 
Best Regards,



Kenneth McRae
*Director, Network Operations*
kenneth.mc...@dreamhost.com
Ph: 818-447-2589
www.dreamhost.com

Re: TOR fiber patch panels

[Josh Hoppes]

Have you looked at anything from Clear Field, just as an example
something like this.

http://www.clearfieldconnection.com/products/panels/fieldsmart-small-count-delivery-scd-1ru-rack-mount-cabinet-mount-panel.html

On Thu, Jan 31, 2013 at 11:44 AM, Chuck Anderson  wrote:
> I'm looking for better Top-Of-Rack fiber patch panels than the ones
> I've been using up to this point.  I'm looking for something that is
> 1U, holds 12 to 24 strands of SC, ST, or LC, has fiber jumper
> management rings, and has a door that doesn't interfere with the U
> below (a server might be mounted immediately below the fiber patch
> panel).  I prefer one that doesn't have a sliding mechanism, because
> I've had issues with fiber installers not installing those properly,
> causing fiber to be crunched and broken when the tray is slid out/in
> during patching.  Of course, I would still like one that is easy to
> get your fingers into to install and remove fiber jumpers.
>
> Does such a thing exist?  What are people's favorite fiber patch
> panels?
>
> Thanks.
>

TOR fiber patch panels

[Chuck Anderson]

I'm looking for better Top-Of-Rack fiber patch panels than the ones
I've been using up to this point.  I'm looking for something that is
1U, holds 12 to 24 strands of SC, ST, or LC, has fiber jumper
management rings, and has a door that doesn't interfere with the U
below (a server might be mounted immediately below the fiber patch
panel).  I prefer one that doesn't have a sliding mechanism, because
I've had issues with fiber installers not installing those properly,
causing fiber to be crunched and broken when the tray is slid out/in
during patching.  Of course, I would still like one that is easy to
get your fingers into to install and remove fiber jumpers.

Does such a thing exist?  What are people's favorite fiber patch
panels?

Thanks.

Re: box against dos/ddos

[Kenneth McRae]

2nd the Peakflow recommendation.

On Thu, Jan 31, 2013 at 7:23 AM, Suresh Ramasubramanian  wrote:

> arbor peakflow to start with?
>
> On Thursday, January 31, 2013, Piotr wrote:
>
> > Hi,
> >
> > I looking some box (vendor, model), which i can put out of the
> > main/product network,  which can analyze packets  netflow,sflow,syslog
> from
> > bgp router(s) and after discover some anomaly it can do some action, for
> > example:
> >
> > - Box have bgp session with bgp router and advertise attacked ip prefix
> > with some community. Bgp router set next-hop for this prefix to /dev/null
> >
> > Normal traffic via bgp router is about 1G/s in and 10G/s out
> >
> > What is worth of looking and what you suggest ?
> >
> > thanks for help,
> > Piotr
> >
> >
>
> --
> --srs (iPad)
>



-- 
Best Regards,



Kenneth McRae
*Director, Network Operations*
kenneth.mc...@dreamhost.com
Ph: 818-447-2589
www.dreamhost.com

Re: box against dos/ddos

[Suresh Ramasubramanian]

arbor peakflow to start with?

On Thursday, January 31, 2013, Piotr wrote:

> Hi,
>
> I looking some box (vendor, model), which i can put out of the
> main/product network,  which can analyze packets  netflow,sflow,syslog from
> bgp router(s) and after discover some anomaly it can do some action, for
> example:
>
> - Box have bgp session with bgp router and advertise attacked ip prefix
> with some community. Bgp router set next-hop for this prefix to /dev/null
>
> Normal traffic via bgp router is about 1G/s in and 10G/s out
>
> What is worth of looking and what you suggest ?
>
> thanks for help,
> Piotr
>
>

-- 
--srs (iPad)

Re: DDoS Attacks Cause of Game Servers

[Jeroen Massar]

On 2013-01-31 08:53 , Shahab Vahabzadeh wrote:
> Those ip addresses I send were only sample, its 5 page :D and not only
> those addresses.
> And you are looking to target 128.141.X.Y its mine

128.141.0.0/16 is CERN in Switzerland.

Thus not yours, but "owned"(*) by n...@cern.ch.
(unless you work there, but I don't think that is the case...)

If you have the need to hide your IP addresses, then do so properly by
marking them as x.x.x.x, don't use other people's IP addresses as
examples that only causes alarm bells to ring and people to do
unnecessary work. And then the next time you complain people will nicely
just ignore you.

> and I change it
> because of mailing list, maybe attackers are here.

Obviously you have something to hide from and something that those
attackers want to attack.

That is the first problem that you need to solve IMHO, not having
anything that needs to be attacked is a very good strategy.

Greets,
 Jeroen


(* = pre-RIR alloc, then then it is more 'owned' right? :)

Re: DDoS Attacks Cause of Game Servers

[Jeroen Massar]

On 2013-01-31 08:04 , Shahab Vahabzadeh wrote:
> Hi everybody,
> Last two days I was under an interesting attack which comes from multiple
> sources to three of my ADSL users destination.

You say that it comes from multiple sources to 3 of your DSL users.

The below source/dest though shows that the destination is from CERN in
Switzerland, you know the people who build black holes ;)

The IP does not ping at the moment, but the whois indicates 'dyn' in the
netname thus that is not too unsurprising.

> The attack make router to ran out of CPU and we had to reload it to solve.
> I ask those three users and they said we are only game players and all of
> them were kids, I think they told the true, they told we are playing:
> http://intl.garena.com/

Looks not like a game, just another messenger / IM client.

> Attacks takes only 20 or 30 minutes and it happens only 4 times in two days.
> I could'nt capture any packet but this is out put of my "show ip
> accounting" that time:

You'll be needing a bit more info than that... and 117 packets with a
total of 5148 bytes is not a lot of traffic to put anything down (unless
it is a targeted attack)

You might though contact the CERN NOC, if you really think something is
funny there. Timestamps might be very useful to provide though,
especially if the IP is really dynamic.

Greets,
 Jeroen

Re: Muni fiber: L1 or L2?

[Ray Soucy]

Late to the conversation, but I'll chime in that we established a
model in Maine that is working pretty well, at least for middle-mile
fiber.

When we started building out MaineREN (our RON) we decided that having
the University own the fiber would tie it up in political red tape.
So much so that it would ultimately not be made available to the
private sector (because incumbents would accuse us of competing with
them using public funds).  We knew this because we had already spent a
year in the legislature fighting off industry lobbyists.

Obviously there are considerable investments in such infrastructure
that many private companies are unwilling or unable to make in rural
areas (ROI takes too long), so we really wanted to make sure that
future facilities would be built out in a way that would allow service
providers to expand into the state cheaply, encourage competition, and
ultimately provide better services at lower costs.

The goal was to establish geographically diverse, high stand-count,
rings to reach the majority of the state, so we pitched it in a
public-private partnership to go after Recovery Act funding.

As of a few months ago the build-out is complete, and the first
networks to make use of the fiber are starting to come online
(including MaineREN).

The way we did it was to have the state government create a new public
utility designation of "Dark Fiber Provider".  There are a few rules
in place to keep things fair: Mainly they're forbidden to provide lit
services and they're required to provide open access to anyone at
published rates.

The result is "Maine Fiber Company":

http://www.mainefiberco.com/

It's still early on, but I'm anxious to see how things look in 10 years or so.

A lot of people who like the idea of what we've done aren't sure if
it's a good model to apply for last mile fiber.  Personally, I think
replicating this model to deliver dark fiber to the home (much like
electricity) is the only way we'll be able to shield providers from
having to make major investments to deliver the level of service we
really need.  By keeping it as a dark-fiber only service, you create
an environment where there is competition instead of one provider
keeping speeds low and prices high.

I initially thought having L2 separation would be good in that service
changes could be done remotely, etc.  But after giving it some
thought, I think it places way too much potential for L2 to be the
bottleneck or source of problematic service and if it's provided by a
public utility or municipality it could take very long to fix (if it
get's fixed at all) due to politics and budget hawks.  I really want
to have choice between providers even at the L2 level.




On Tue, Jan 29, 2013 at 12:54 PM, Jay Ashworth  wrote:
> - Original Message -
>> From: "Leo Bicknell" 
>
>> I am a big proponent of muni-owned dark fiber networks. I want to
>> be 100% clear about what I advocate here:
>>
>> - Muni-owned MMR space, fiber only, no active equipment allowed. A
>> big cross connect room, where the muni-fiber ends and providers are
>> all allowed to colocate their fiber term on non-discriminatory terms.
>
>> - 4-6 strands per home, home run back to the muni-owned MMR space.
>> No splitters, WDM, etc, home run glass. Terminating on an optical
>> handoff inside the home.
>
> Hmmm.  I tend to be a Layer-2-available guy, cause I think it lets smaller
> players play.  Does your position (likely more deeply thought out than
> mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients
> are *also* permitted to get a Layer 1 patch to a provider in the fashion you
> suggest?
>
> (I concur with your 3-pair delivery, which makes this more practical on an
> M-A-C basis, even if it might require some users to have multiple ONTs...)
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
> St Petersburg FL USA   #natog  +1 727 647 1274
>



-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

Re: "Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications"....

[Robert Drake]

On 1/30/2013 9:10 PM, David Barak wrote:


IPv6 has been launched on all Arris DOCSIS 3.0 C4 CMTSes, covering
over 50% our network.


The update you sent is lovely, except I can tell you that the one (also an 
Arris, running DOCSIS 3.0) which was installed in late October in my house in 
Washington simply does not run v6 with the pre-installed load.
In this particular case "C4 CMTSes" is the important bit of that 
update.   The CMTS is what your modem connects to on the other end. You 
might be connected to a different type of CMTS which doesn't support or 
isn't configured for IPv6.  You wouldn't be able to know that without 
contacting someone with a good knowledge of the network at Comcast though.


It could be as you say, that the modem only supports it when wireless is 
disabled and that is the only thing stopping it from working for you.  
If that was the case I would ask for a different modem, or go buy a 
modem that you think will work.

Re: Muni fiber: L1 or L2?

[Scott Helms]

Except for the fact that the people waiting for their gold shipment
expect it to be treated as gold and not kaolin or chickens.  At the
end of the day the ISP is who gets called first and sometime they're
the only person an end user can reach.  Try this one day if you're
ready for some frustration as a normal end user try and contact Google
about emails not getting to your Gmail box.

On Wed, Jan 30, 2013 at 11:43 PM, Jason Baugher  wrote:
> Working in a mixed TDM and IP world, it's such a stark difference between
> freely available RFCs and $900 per pop Telcordia docs.
>
>
>
> On Wed, Jan 30, 2013 at 10:24 PM, Jay Ashworth  wrote:
>
>> - Original Message -
>> > From: "Jason Baugher" 
>>
>> > I can't vouch for these yet, since I haven't used one so far.
>> >
>> http://www.calix.com/systems/p-series/calix_residential_services_gateways.html
>>
>> Yeah; see my other reply a few minutes ago.
>>
>> > It looks to be a Broadband Forum spec,
>> > http://en.wikipedia.org/wiki/TR-069.
>> > I'm not using it yet either, but find it interesting.
>>
>> I see that it is, and I'm frankly *amazed* that it's gotten industry
>> uptake to the point people will quote it on ticklists.  Probably, everyone
>> *else* thinks it's a bellcore standard, like I did.  :-)
>>
>> Can't wait for Telcordia to try to sue them over the prefix.
>>
>> Cheers,
>> -- jra
>> --
>> Jay R. Ashworth  Baylink
>> j...@baylink.com
>> Designer The Things I Think   RFC
>> 2100
>> Ashworth & Associates http://baylink.pitas.com 2000 Land
>> Rover DII
>> St Petersburg FL USA   #natog  +1 727 647
>> 1274
>>
>>



-- 
Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: Muni fiber: L1 or L2?

[Scott Helms]

TR-069 (part of which is CWMP) has been around a long long time and
Telcodria is well aware of it.  The real problem is getting it
actually implemented well on CPE gear since the TM Forum didn't even
have a certification process until this year.

On Wed, Jan 30, 2013 at 11:24 PM, Jay Ashworth  wrote:
> - Original Message -
>> From: "Jason Baugher" 
>
>> I can't vouch for these yet, since I haven't used one so far.
>> http://www.calix.com/systems/p-series/calix_residential_services_gateways.html
>
> Yeah; see my other reply a few minutes ago.
>
>> It looks to be a Broadband Forum spec,
>> http://en.wikipedia.org/wiki/TR-069.
>> I'm not using it yet either, but find it interesting.
>
> I see that it is, and I'm frankly *amazed* that it's gotten industry
> uptake to the point people will quote it on ticklists.  Probably, everyone
> *else* thinks it's a bellcore standard, like I did.  :-)
>
> Can't wait for Telcordia to try to sue them over the prefix.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
> St Petersburg FL USA   #natog  +1 727 647 1274
>



-- 
Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000

http://twitter.com/kscotthelms

Re: DDoS Attacks Cause of Game Servers

[John Kristoff]

On Thu, 31 Jan 2013 10:34:29 +0330
Shahab Vahabzadeh  wrote:

> Attacks takes only 20 or 30 minutes and it happens only 4 times in
> two days. I could'nt capture any packet but this is out put of my
> "show ip accounting" that time:

Attacks on gaming systems or at the gamers themselves are unfortunately
quite common.  Many of the DNS 'IN ANY' amplification and reflection
attacks for instance appear to involve online games.  We've also seen
some similar reflection attacks involving CoD systems as someone else
alluded in a link post.  Dissimilar in attack profile, but similar in
target were the frequent, but brief Xbox packet floods that attempted
to disrupt a gamer's session.

It can be extremely difficult to assign attribution for any particular
attack without a great deal of effort on your part, often in being
prepared with lots of data collection in advance, plus the selfless
cooperation of other network operators.  The latter is often the
biggest challenge given that you're often relying on the good will and
limited available time of 3rd parties to work on it.

While many of the most recent attacks are performing address spoofing,
collecting raw packet detail and knowing where it enters your network
can offer at least the start of where to look for it.  You can at least
start with your peer or upstream.  Examine IP TTLs to gauge at least
how far back those packets are coming from.  If your network is
diverse enough from a global routing perspective, you may be able to
triangulate it better.

I'd be particularly interested in working with folks in tracking down
the DNS 'IN ANY' style attacks to the attack code or source attacks.
Please shoot me an email off list or see me at NANOG 57 to discuss.

John

box against dos/ddos

[Piotr]

Hi,

I looking some box (vendor, model), which i can put out of the 
main/product network,  which can analyze packets  netflow,sflow,syslog 
from bgp router(s) and after discover some anomaly it can do some 
action, for example:


- Box have bgp session with bgp router and advertise attacked ip prefix 
with some community. Bgp router set next-hop for this prefix to /dev/null


Normal traffic via bgp router is about 1G/s in and 10G/s out

What is worth of looking and what you suggest ?

thanks for help,
Piotr

Re: Muni fiber: L1 or L2?

[Leo Bicknell]

In a message written on Wed, Jan 30, 2013 at 09:30:31PM -0800, Owen DeLong 
wrote:
> > I would like to build an infrastrucutre that could last 50-100 years,
> > like the telephone twisted pair of the last century.  The only tech I
> > can see that can do that is home run single mode fiber to the home.
> > Anything with electronics has no chance of that lifespan.  Anything with
> > splitters and such will be problematic down the road.  Simpler is
> > better.
> 
> An interesting claim given that the Telco twisted pair you are holding up
> as a shining example did involve electronics, splitters (known as bridge
> taps) etc.

Actually, you're making my point for me.  Telcos have spent billions
removing the electronics, splitters, and bridge taps so they can
have unadulterated copper for higher speed DSL.  To make the new
tech work all of the old tech had to be removed from the plant.

Those things may have seemed cheaper/better at the time, but in the
end I don't think their lifecycle cost was lower.  Private industry
is capital sensitive to a higher degree than government; if a telco
could save $1 of capital cost with a bridge tap, use it for 30
years, and then spend $500 to remove the bridge tap that looked
"better" in their captial model.  I'm suggesting it's better to
spend the $1 up front, and never pay the $500 down the road.

The real win isn't the $500 savings, it's the _opportunity_.
Customers in some parts of the US have waited _years_ for high speed
DSL because of the time it takes to remove bridge taps and otherwise
groom the copper plant.  That's years they are behind other citizens
who aren't on plants with that problem.  Had that junk never been
there in the first place they could have received upgrades much faster.

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpUYahuo4sOC.pgp
Description: PGP signature

Re: "Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications"....

[David Barak]

> Looking at http://mydeviceinfo.comcast.net you get a choice of wireless
> or IPv6 in Arris.
> 
I Wish they would ask which you want before install: I already have better 
wireless, and the Arris ones don't let you disable theirs :/

Thank you for the pointer - perhaps a swap is in order.

David Barak
Sent from a mobile device, please forgive autocorrection.

Re: DDoS Attacks Cause of Game Servers

[Fredrik Holmqvist / I2B]

Hi.

The IPs you see is the exploited gameservers, so "just" contact them, 
and send them the link below.


There is a workaround for it:
http://rankgamehosting.ru/index.php?showtopic=1320

We have had problem with this in the past. Usually we get "abuse 
complaints" from the admin of the game server(s) claiming one of our 
customers is DDoSing them, when in fact their servers are used to DDoS 
our customer(s).
After explaining how the DDoS works and sending them the link above, 
they fix the problem on their side.


We have also tried to send abuse messages to the ISPs of the exploited 
servers, and can't say that we are pleased with the response, the small 
ISPs responded and took care of the issue (talked with their customers), 
most big ones didn't even send a ACK back.
When this attack type was used (1+ year ago) we had aprox 3.5 Gbit 
coming from the gameservers.



On 2013-01-31 07:02, Stephane Bortzmeyer wrote:

On Thu, Jan 31, 2013 at 11:23:11AM +0330,
 Shahab Vahabzadeh  wrote
 a message of 55 lines which said:


Those ip addresses I send were only sample, its 5 page :D and not
only those addresses.


Because the attacker attacks when they have a new opponent. They DoS
it long enough to win a race, then start a new fight in the game.

And you are looking to target 128.141.X.Y its mine and I change it 
because

of mailing list, maybe attackers are here.
You must check the sources not destination.


What Jeroen said is that source IP addresses are spoofed (which is
common with UDP-based protocols such as the DNS). They are the
victim's addresses, not the attacker's.


--
Fredrik Holmqvist
I2B (Internet 2 Business)
070-740 5033

Re: DDoS Attacks Cause of Game Servers

[Stephane Bortzmeyer]

On Thu, Jan 31, 2013 at 11:23:11AM +0330,
 Shahab Vahabzadeh  wrote 
 a message of 55 lines which said:

> Those ip addresses I send were only sample, its 5 page :D and not
> only those addresses.

Because the attacker attacks when they have a new opponent. They DoS
it long enough to win a race, then start a new fight in the game.

> And you are looking to target 128.141.X.Y its mine and I change it because
> of mailing list, maybe attackers are here.
> You must check the sources not destination.

What Jeroen said is that source IP addresses are spoofed (which is
common with UDP-based protocols such as the DNS). They are the
victim's addresses, not the attacker's.