844 INWATS prefix activated
Note, if you're the PBX guy somewhere, too, that the +1 844 toll free prefix was activated at 1200EST today. Cheers, -- jra -- Make Election Day a federal holiday: http://wh.gov/lBm94 100k sigs by 12/14 Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Cogent & Level 3 routing issue?
Possibly related to their mass outage last night around 5:12am CST (ticket number HD005596458). We're connected at their 427 S La Salle POP in Chicago. brandon On Sat, Dec 7, 2013 at 6:58 PM, Matthew Crocker wrote: > > On Dec 7, 2013, at 3:40 PM, Jason Canady wrote: > >> Unfortunately Cogent has a lot of peering issues. We use them in our >> network blend and we have been having lots of problems with traffic outbound >> to Comcast. It looks like from South Bend, Indiana on Cogent to Chicago / >> Level 3 we are getting a very tiny amount of packet loss and a higher than >> 'normal' latency of 35ms+. > > Yeah, I know they are always my secondary, never my primary >> >> Where are you connected to Cogent at? And what destination are you going to >> on Level 3? >> > > Boston (300 Bent) but I think they haul it to 1 Summer St > > A bunch of sites fail but www.cnn.com is one that comes to mind. > >> Best Regards, >> >> -- >> >> Jason Canady >> Unlimited Net, LLC >> Responsive, Reliable, Secure >> >> www.unlimitednet.us >> ja...@unlimitednet.us >> twitter: @unlimitednet >> >> On 12/7/13 3:14 PM, Matthew Crocker wrote: >>> Anyone seeing issues between Cogent & Level3 in NYC? >>> >>> I have Sprint & Cogent for bandwidth. Everything has been humming along >>> for a couple years just fine. Yesterday around 8:00AM my BGP session with >>> Cogent flapped. Now, when my Cogent BGP is up I get 100% packet loss in >>> level3 land. When Cogent BGP is down (i.e. I’m running solely on Sprint) >>> Everything is fine. >>> >>> I have an open ticket with Cogent. They say they have a ‘capacity issue’ >>> with level3 that has been escalated to executive levels. >>> >>> With Sprint & Cogent BGP UP >>> I see traceroutes showing traffic leaving me on Sprint but returning on >>> Cogent (and failing at level3). I’m guessing it is the level3/cogent border >>> >>> With Sprint UP & Cogent Down >>> I see trace routes showing traffic on to/from on Sprint just fine. >>> >>> >>> Anyone else having issues? >>> >>> -Matt >>> >>> -- >>> Matthew S. Crocker >>> President >>> Crocker Communications, Inc. >>> PO BOX 710 >>> Greenfield, MA 01302-0710 >>> >>> E: matt...@crocker.com >>> P: (413) 746-2760 >>> F: (413) 746-3704 >>> W: http://www.crocker.com >>> >>> >>> >>> >> >> >> > >
Re: Cogent & Level 3 routing issue?
On Dec 7, 2013, at 3:40 PM, Jason Canady wrote: > Unfortunately Cogent has a lot of peering issues. We use them in our network > blend and we have been having lots of problems with traffic outbound to > Comcast. It looks like from South Bend, Indiana on Cogent to Chicago / Level > 3 we are getting a very tiny amount of packet loss and a higher than 'normal' > latency of 35ms+. Yeah, I know they are always my secondary, never my primary > > Where are you connected to Cogent at? And what destination are you going to > on Level 3? > Boston (300 Bent) but I think they haul it to 1 Summer St A bunch of sites fail but www.cnn.com is one that comes to mind. > Best Regards, > > -- > > Jason Canady > Unlimited Net, LLC > Responsive, Reliable, Secure > > www.unlimitednet.us > ja...@unlimitednet.us > twitter: @unlimitednet > > On 12/7/13 3:14 PM, Matthew Crocker wrote: >> Anyone seeing issues between Cogent & Level3 in NYC? >> >> I have Sprint & Cogent for bandwidth. Everything has been humming along >> for a couple years just fine. Yesterday around 8:00AM my BGP session with >> Cogent flapped. Now, when my Cogent BGP is up I get 100% packet loss in >> level3 land. When Cogent BGP is down (i.e. I’m running solely on Sprint) >> Everything is fine. >> >> I have an open ticket with Cogent. They say they have a ‘capacity issue’ >> with level3 that has been escalated to executive levels. >> >> With Sprint & Cogent BGP UP >> I see traceroutes showing traffic leaving me on Sprint but returning on >> Cogent (and failing at level3). I’m guessing it is the level3/cogent border >> >> With Sprint UP & Cogent Down >> I see trace routes showing traffic on to/from on Sprint just fine. >> >> >> Anyone else having issues? >> >> -Matt >> >> -- >> Matthew S. Crocker >> President >> Crocker Communications, Inc. >> PO BOX 710 >> Greenfield, MA 01302-0710 >> >> E: matt...@crocker.com >> P: (413) 746-2760 >> F: (413) 746-3704 >> W: http://www.crocker.com >> >> >> >> > > >
Re: Cogent & Level 3 routing issue?
Honestly from the Internet Health Report, I've noticed connections between Level3 and Cogent are red quite a bit. http://www.internethealthreport.com/ Bad samples or peering issues could be the cause either way, but it's been ongoing for awhile. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 On Dec 7, 2013, at 3:40 PM, Jason Canady wrote: > Unfortunately Cogent has a lot of peering issues. We use them in our network > blend and we have been having lots of problems with traffic outbound to > Comcast. It looks like from South Bend, Indiana on Cogent to Chicago / Level > 3 we are getting a very tiny amount of packet loss and a higher than 'normal' > latency of 35ms+. > > Where are you connected to Cogent at? And what destination are you going to > on Level 3? > > Best Regards, > > -- > > Jason Canady > Unlimited Net, LLC > Responsive, Reliable, Secure > > www.unlimitednet.us > ja...@unlimitednet.us > twitter: @unlimitednet > > On 12/7/13 3:14 PM, Matthew Crocker wrote: >> Anyone seeing issues between Cogent & Level3 in NYC? >> >> I have Sprint & Cogent for bandwidth. Everything has been humming along >> for a couple years just fine. Yesterday around 8:00AM my BGP session with >> Cogent flapped. Now, when my Cogent BGP is up I get 100% packet loss in >> level3 land. When Cogent BGP is down (i.e. I’m running solely on Sprint) >> Everything is fine. >> >> I have an open ticket with Cogent. They say they have a ‘capacity issue’ >> with level3 that has been escalated to executive levels. >> >> With Sprint & Cogent BGP UP >> I see traceroutes showing traffic leaving me on Sprint but returning on >> Cogent (and failing at level3). I’m guessing it is the level3/cogent border >> >> With Sprint UP & Cogent Down >> I see trace routes showing traffic on to/from on Sprint just fine. >> >> >> Anyone else having issues? >> >> -Matt >> >> -- >> Matthew S. Crocker >> President >> Crocker Communications, Inc. >> PO BOX 710 >> Greenfield, MA 01302-0710 >> >> E: matt...@crocker.com >> P: (413) 746-2760 >> F: (413) 746-3704 >> W: http://www.crocker.com >> >> >> >> > >
Re: Cogent & Level 3 routing issue?
Unfortunately Cogent has a lot of peering issues. We use them in our network blend and we have been having lots of problems with traffic outbound to Comcast. It looks like from South Bend, Indiana on Cogent to Chicago / Level 3 we are getting a very tiny amount of packet loss and a higher than 'normal' latency of 35ms+. Where are you connected to Cogent at? And what destination are you going to on Level 3? Best Regards, -- Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure www.unlimitednet.us ja...@unlimitednet.us twitter: @unlimitednet On 12/7/13 3:14 PM, Matthew Crocker wrote: Anyone seeing issues between Cogent & Level3 in NYC? I have Sprint & Cogent for bandwidth. Everything has been humming along for a couple years just fine. Yesterday around 8:00AM my BGP session with Cogent flapped. Now, when my Cogent BGP is up I get 100% packet loss in level3 land. When Cogent BGP is down (i.e. I’m running solely on Sprint) Everything is fine. I have an open ticket with Cogent. They say they have a ‘capacity issue’ with level3 that has been escalated to executive levels. With Sprint & Cogent BGP UP I see traceroutes showing traffic leaving me on Sprint but returning on Cogent (and failing at level3). I’m guessing it is the level3/cogent border With Sprint UP & Cogent Down I see trace routes showing traffic on to/from on Sprint just fine. Anyone else having issues? -Matt -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
Cogent & Level 3 routing issue?
Anyone seeing issues between Cogent & Level3 in NYC? I have Sprint & Cogent for bandwidth. Everything has been humming along for a couple years just fine. Yesterday around 8:00AM my BGP session with Cogent flapped. Now, when my Cogent BGP is up I get 100% packet loss in level3 land. When Cogent BGP is down (i.e. I’m running solely on Sprint) Everything is fine. I have an open ticket with Cogent. They say they have a ‘capacity issue’ with level3 that has been escalated to executive levels. With Sprint & Cogent BGP UP I see traceroutes showing traffic leaving me on Sprint but returning on Cogent (and failing at level3). I’m guessing it is the level3/cogent border With Sprint UP & Cogent Down I see trace routes showing traffic on to/from on Sprint just fine. Anyone else having issues? -Matt -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
On Dec 6, 2013, at 2:57 PM, Stephane Bortzmeyer wrote: > On Fri, Dec 06, 2013 at 01:05:54PM -0500, > Jared Mauch wrote > a message of 36 lines which said: > >> I've detected 11.6 million of these events since 2008 just looking at the >> route-views data. Most recently the past two days 701 has done a large MITM >> of >> traffic. > > The big novelty in the Renesys paper is the proof (with traceroute) > that there was a return path, something which did not exist in the > famous Pakistan Telecom case, or in most (all?) other BGP > hijackings. This return path allows to attacker to really get access > to the data with little chance of the victim noticing. That's > something new. I've been sending the traceroutes to networks for years to get them to clean up their acts. I guess the lesson is publish often? Folks can see the prefixes involved here: http://puck.nether.net/bgp/leakinfo.cgi The ASN search works best. I'll work on optimizing the prefix stuff as it's not returning "promptly". - Jared
Re: blogs.cisco.com not available via IPv6
*Has a Rick Perry "Oops." moment*. Thanks, Jared. ..Again. :) -j
Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
Original Message - > From: "Christopher Morrow" > > MPLS != Encryption. MPLS VPN = "Stick a label before the still > > unencrypted IP packet". > > great, now how do I get a private link? > > > MPLS doesn't secure your data, you are responsible for keeping it > > secure on the wire. > > but, but,but! they told me it was private! As someone -- I think it might have been you, Chris :-) -- pointed out to me about 6 months ago when I scoffed at SCADA networks that weren't properly air-gapped, you can't even trust a "private T-1" -- how do you know that an attacker hasn't put a mid-span DACS in monitor mode? Unless you have copper conductivity from end to end, and pressurized conduit with monitors, you can't bet on anything. Cheers, -- jra -- Make Election Day a federal holiday: http://wh.gov/lBm94 100k sigs by 12/14 Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: blogs.cisco.com not available via IPv6
Jamie, methinks you are confusing 2002 with 2001 Jared Mauch > On Dec 7, 2013, at 11:26 AM, jamie rishaw wrote: > > (A little late but) it's reachable for me -- Funny tho that something at > cisco is IPv6 via a v4<->v6 (2001::) :-) > > jamie > > >> On Thu, Dec 5, 2013 at 8:16 PM, Geraint Jones wrote: >> >> Its the reason deduplication makes the storage savings it does :) >> -- >> Geraint Jones >> >> >> >> >>> On 6/12/13 2:52 pm, "Richard Porter" wrote: >>> >>> *Sarcasm* but lawyers seem to think it is REALLY important to add that >>> load to email servers, backup servers and storage :). I wonder how much >>> extra storage those simple extra bits/bytes have taken over the years? >>> >>> ~Richard >>> >>> On Dec 5, 2013, at 6:39 PM, Rogan Schlassa >>> wrote: >>> Please dont reply back with such legal disclaimers. It is basically SPAM and of course nonsense. The thought that you can send a email and force your companies terms on us is rediculous. If CISCO forces that in your sig then for one tell them to fuck off and two use a different email. On Dec 5, 2013 3:56 PM, "John Stuppi (jstuppi)" wrote: > Thanks folks. Blogs.cisco.com should be back up now for both IPv4 and > v6. > > Thanks, > John > > "We can't help everyone, but everyone can help someone." > > > > > John Stuppi, CISSP > Technical Leader > Strategic Security Research > jstu...@cisco.com > Phone: +1 732 516 5994 > Mobile: 732 319 3886 > > CCIE, Security - 11154 > Cisco Systems > Mail Stop INJ01/2/ > 111 Wood Avenue South > Iselin, New Jersey 08830 > United States > Cisco.com > > > > Think before you print. > This email may contain confidential and privileged material for the > sole > use of the intended recipient. Any review, use, distribution or > disclosure > by others is strictly prohibited. If you are not the intended > recipient (or > authorized to receive for the recipient), please contact the sender by > reply email and delete all copies of this message. > For corporate legal information go to: > http://www.cisco.com/web/about/doing_business/legal/cri/index.html > > > > > > -Original Message- > From: Jared Mauch [mailto:ja...@puck.nether.net] > Sent: Wednesday, December 04, 2013 9:23 AM > To: Henri Wahl > Cc: NANOG list > Subject: Re: blogs.cisco.com not available via IPv6 > > I'm seeing it down via IPv6: > > * Trying 2600:1407:9:295::90... > * Connected to www.cisco.com (2600:1407:9:295::90) port 80 (#0) >> GET / HTTP/1.1 >> User-Agent: curl/7.30.0 >> Host: www.cisco.com >> Accept: */* > < HTTP/1.1 200 OK > * Server Apache is not blacklisted > > > * About to connect() to blogs.cisco.com port 80 (#0) > * Trying 2001:4800:13c1:10::178... > ^C > > - Jared > >> On Dec 4, 2013, at 8:37 AM, Henri Wahl wrote: >> >> Hi, >> can anybody from Cisco confirm that blogs.cisco.com >> (2001:4800:13c1:10::178) is not available via IPv6? >> Regards >> >> -- >> Henri Wahl >> >> IT Department >> Leibniz-Institut fuer Festkoerper- u. >> Werkstoffforschung Dresden >> >> tel: (03 51) 46 59 - 797 >> email: h.w...@ifw-dresden.de >> http://www.ifw-dresden.de >> >> Nagios status monitor Nagstamon: >> http://nagstamon.ifw-dresden.de >> >> DHCPv6 server dhcpy6d: >> http://dhcpy6d.ifw-dresden.de >> >> IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. >> 1369 >> Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle >> <0x1FBA0942.asc> > > > -- > "sharp, dry wit and brash in his dealings with contestants." - Forbes > If voting didn't matter, the GOP wouldn't make it more difficult than > buying a gun. > /* - teh jamie. ; uri -> http://about.me/jgr */
Re: blogs.cisco.com not available via IPv6
On Dec 7, 2013, at 8:26 AM, jamie rishaw wrote: > (A little late but) it's reachable for me -- Funny tho that something at > cisco is IPv6 via a v4<->v6 (2001::) :-) > > jamie Huh? 2001:4800::/29 is owned by Rackspace. It's native all the way from "here" anyway. Mike
Re: blogs.cisco.com not available via IPv6
(A little late but) it's reachable for me -- Funny tho that something at cisco is IPv6 via a v4<->v6 (2001::) :-) jamie On Thu, Dec 5, 2013 at 8:16 PM, Geraint Jones wrote: > Its the reason deduplication makes the storage savings it does :) > -- > Geraint Jones > > > > > On 6/12/13 2:52 pm, "Richard Porter" wrote: > > >*Sarcasm* but lawyers seem to think it is REALLY important to add that > >load to email servers, backup servers and storage :). I wonder how much > >extra storage those simple extra bits/bytes have taken over the years? > > > >~Richard > > > >On Dec 5, 2013, at 6:39 PM, Rogan Schlassa > >wrote: > > > >> Please dont reply back with such legal disclaimers. It is basically > >>SPAM > >> and of course nonsense. > >> > >> The thought that you can send a email and force your companies terms on > >>us > >> is rediculous. > >> > >> If CISCO forces that in your sig then for one tell them to fuck off and > >>two > >> use a different email. > >> On Dec 5, 2013 3:56 PM, "John Stuppi (jstuppi)" > >>wrote: > >> > >>> Thanks folks. Blogs.cisco.com should be back up now for both IPv4 and > >>>v6. > >>> > >>> Thanks, > >>> John > >>> > >>> "We can't help everyone, but everyone can help someone." > >>> > >>> > >>> > >>> > >>> John Stuppi, CISSP > >>> Technical Leader > >>> Strategic Security Research > >>> jstu...@cisco.com > >>> Phone: +1 732 516 5994 > >>> Mobile: 732 319 3886 > >>> > >>> CCIE, Security - 11154 > >>> Cisco Systems > >>> Mail Stop INJ01/2/ > >>> 111 Wood Avenue South > >>> Iselin, New Jersey 08830 > >>> United States > >>> Cisco.com > >>> > >>> > >>> > >>> Think before you print. > >>> This email may contain confidential and privileged material for the > >>>sole > >>> use of the intended recipient. Any review, use, distribution or > >>>disclosure > >>> by others is strictly prohibited. If you are not the intended > >>>recipient (or > >>> authorized to receive for the recipient), please contact the sender by > >>> reply email and delete all copies of this message. > >>> For corporate legal information go to: > >>> http://www.cisco.com/web/about/doing_business/legal/cri/index.html > >>> > >>> > >>> > >>> > >>> > >>> -Original Message- > >>> From: Jared Mauch [mailto:ja...@puck.nether.net] > >>> Sent: Wednesday, December 04, 2013 9:23 AM > >>> To: Henri Wahl > >>> Cc: NANOG list > >>> Subject: Re: blogs.cisco.com not available via IPv6 > >>> > >>> I'm seeing it down via IPv6: > >>> > >>> * Trying 2600:1407:9:295::90... > >>> * Connected to www.cisco.com (2600:1407:9:295::90) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.30.0 > Host: www.cisco.com > Accept: */* > > >>> < HTTP/1.1 200 OK > >>> * Server Apache is not blacklisted > >>> > >>> > >>> * About to connect() to blogs.cisco.com port 80 (#0) > >>> * Trying 2001:4800:13c1:10::178... > >>> ^C > >>> > >>> - Jared > >>> > >>> On Dec 4, 2013, at 8:37 AM, Henri Wahl wrote: > >>> > Hi, > can anybody from Cisco confirm that blogs.cisco.com > (2001:4800:13c1:10::178) is not available via IPv6? > Regards > > -- > Henri Wahl > > IT Department > Leibniz-Institut fuer Festkoerper- u. > Werkstoffforschung Dresden > > tel: (03 51) 46 59 - 797 > email: h.w...@ifw-dresden.de > http://www.ifw-dresden.de > > Nagios status monitor Nagstamon: > http://nagstamon.ifw-dresden.de > > DHCPv6 server dhcpy6d: > http://dhcpy6d.ifw-dresden.de > > IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr. > 1369 > Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle > <0x1FBA0942.asc> > >>> > >>> > >>> > >>> > > > > > > -- "sharp, dry wit and brash in his dealings with contestants." - Forbes If voting didn't matter, the GOP wouldn't make it more difficult than buying a gun. /* - teh jamie. ; uri -> http://about.me/jgr */