Re: DDOS, IDS, RTBH, and Rate limiting
I've used the first one, and hacked on the second. WANGuard, when deployed properly, works amazingly well. ddosmon is only useful if you have netflow v5 flows (or sflow that can get converted to nfv5), but also works well when coupled with exabgp / openbgpd. I added some per ip limiting / exemption features to it (which may or may not work, I no longer use it. We've moved to something in house) -- available on this fork (https://github.com/Wintereise/ddosmon-mod) The atheme framework it's built on is fairly easy to extend as well. But yeah, automated rtbh is really easy (and cheap!) to do these days. On 11/9/2014 午前 11:56, srn.na...@prgmr.com wrote: http://www.andrisoft.com/software/wanguard/ddos-mitigation-protection https://bitbucket.org/tortoiselabs/ddosmon https://github.com/FastVPSEestiOu/fastnetmon I have no idea if any of them actually work. On 11/08/2014 05:10 PM, Eric C. Miller wrote: Today, we experienced (3) separate DDoS attacks from Eastern Asia, all generating 2Gbps towards a single IP address in our network. All 3 attacks targeted different IP addresses with dst UDP 19, and the attacks lasted for about 5 minutes and stopped as fast as they started. Does anyone have any suggestions for mitigating these type of attacks? A couple of things that we've done already... We set up BGP communities with our upstreams, and tested that RTBH can be set and it does work. However, by the time that we are able to trigger the black hole, the attack is almost always over. For now, we've blocked UDP 19 incoming at our edge, so that if future, similar attacks occur, it doesn't affect our internal links. What I think that I need is an IDS that can watch our edge traffic and automatically trigger a block hole advertisement for any internal IP beginning to receive 100Mbps of traffic. A few searches are initially coming up dry... Eric Miller, CCNP Network Engineering Consultant (407) 257-5115
Re: DDOS, IDS, RTBH, and Rate limiting
Roland Dobbins wrote: On 9 Nov 2014, at 10:37, Jon Lewis wrote: I'm sure it's not always the case, but in my experience as a SP, the victim virtually always did something to instigate the attack, and is usually someone you don't want as a customer. This may be a reflection of your experience and customer base, but it isn't a valid generalization. Legitimate customers are attacked all the time, for various reasons - including unknowingly having their servers compromised and used as CCs by miscreants, who're then attacked by other miscreants. But to say that attacks are 'virtually always' provoked by customers themselves simply isn't true. DDoS extortion, ideologically-motivated DDoS attacks, maskirovkas intended as a distraction away from other activities, simple nihilism, et. al. are, unfortunately, quite common. When I worked for a cloud hosting provider, the DDoS victims tended to be fraudulent signups who were doing malicious or anti-social things on the net and were not paying customers anyway. Many DDoS attacks are miscreant-vs.-miscreant, that's certainly true. Compromised machines are 'attractive nuisances', which is yet another reason it's important to have visibility into your network traffic (it's easy to get started with NetFlow and open-source tools). Granted, a sample size of 1 - but the most recent event where we were the vector for a reflection attack, the target was a game hosting system. Based on some interaction with their sysadmin, it became pretty clear that this is fairly common for them, and the motivations had more to do with hacking gameplay than anything else. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: Reporting DDOS reflection attacks
Also, abusix is not completely accurate (and they've never responded to my emails reporting problems). For example, any IPs from apnic and nic.ad.jp return the registry's abuse address, which doesn't do anything. Don't forget about all the providers with incorrect abuse contacts, or providers that require you to fill out some form, or providers that auto-respond with messages saying it's not their IP space (I'm looking at you charter... 71.90.222.x is definitely your space, despite what your abuse system thinks). Some tips: 1) Verify the servers are still vulnerable. This is pretty straightforward, and saves everyone involved some time 2) Your abuse emails should include tcpdump-like output (or you'll get tons of replies asking for logs) 3) Sticking to one abusive IP per email seems to get the best response rate (or you confuse all the automated systems for parsing these) 4) We provide instructions for fixing the issue for some common software... this seems to help some of the people who have no idea what they are doing. 5) Make sure you don't send this from your email address. It should definitely be it's own mailbox due to volume of bounces and autoreplies you'll see. Don't expect that sending abuse emails is going to have any noticeable effect on the size of the attacks you see. The openresolverproject stats show the scope of the issue: http://openresolverproject.org/breakdown.cgi On 11/8/2014 5:48 PM, Damian Menscher wrote: I've used https://abusix.com/contactdb.html Be prepared for a lot of backscatter. You'll get autoresponders, automated ticketing systems sending frequent updates, bounce messages (from full abuse@ inboxes), and be surveyed for how well they're not performing. Also, be prepared for ISPs / hosting providers to ask for additional information, like logs proving the attack came from their customer. Oh, and be prepared to feel sorry for their customers whose VMs are deleted for hacking, rather than being informed of their misconfiguration. On the bright side, some 10% will actually correct the problem, thereby costing the attacker a few minutes of work to re-scan for active amplifiers. :P Damian Professional Pessimist On Fri, Nov 7, 2014 at 10:56 AM, srn.na...@prgmr.com wrote: Like most small providers, we occasionally get hit by DoS attacks. We got hammered by an SSDP reflection attack (udp port 1900) last week. We took a 27 second log and from there extracted about 160k unique IPs. It is really difficult to find abuse emails for 160k IPs. We know about abuse.net but abuse.net requires hostnames, not IPs for lookups and not all IP addresses have valid DNS entries. The only other way we know of to report problems is to grab the abuse email addresses is whois. However, whois is not structured and is not set up to deal with this number of requests - even caching whois data based on subnets will result in many thousands of lookups. Long term it seems like structured data and some kind of authentication would be ideal for reporting attacks. But right now how should we be doing it?
Re: Reporting DDOS reflection attacks
On 11/09/2014 09:31 AM, Brian Rak wrote: Some tips: 1) Verify the servers are still vulnerable. This is pretty straightforward, and saves everyone involved some time For a DDOS, I'd be concerned that the provider would now think my activity was malicious. 2) Your abuse emails should include tcpdump-like output (or you'll get tons of replies asking for logs) Is the output from nfdump close enough? 3) Sticking to one abusive IP per email seems to get the best response rate (or you confuse all the automated systems for parsing these) The smallest email abuse report I sent last week contained over 15,000 IPs. Is it really better to send that many emails?
Re: DDOS, IDS, RTBH, and Rate limiting
Look at the products from RioRey (www.riorey.com). IMHO I think their technology is much better than some of the other players out here. On 11/08/2014 07:10 PM, Eric C. Miller wrote: Today, we experienced (3) separate DDoS attacks from Eastern Asia, all generating 2Gbps towards a single IP address in our network. All 3 attacks targeted different IP addresses with dst UDP 19, and the attacks lasted for about 5 minutes and stopped as fast as they started. Does anyone have any suggestions for mitigating these type of attacks? A couple of things that we've done already... We set up BGP communities with our upstreams, and tested that RTBH can be set and it does work. However, by the time that we are able to trigger the black hole, the attack is almost always over. For now, we've blocked UDP 19 incoming at our edge, so that if future, similar attacks occur, it doesn't affect our internal links. What I think that I need is an IDS that can watch our edge traffic and automatically trigger a block hole advertisement for any internal IP beginning to receive 100Mbps of traffic. A few searches are initially coming up dry... Eric Miller, CCNP Network Engineering Consultant (407) 257-5115 -- Joe Chisolm Computer Translations, Inc. Marble Falls, Tx. 830-265-8018 Public Key Available at www.sks-keyservers.net
Re: Reporting DDOS reflection attacks
On 11/8/14 6:33 PM, Roland Dobbins wrote: this is incorrect and harmful, and should be removed: iii.Consider dropping any DNS reply packets which are larger than 512 Bytes – these are commonly found in DNS DoS Amplification attacks. This *breaks the Internet*. Don't do it. +1
Re: Reporting DDOS reflection attacks
On 9November2014Sunday, at 11:40, Doug Barton do...@dougbarton.us wrote: On 11/8/14 6:33 PM, Roland Dobbins wrote: this is incorrect and harmful, and should be removed: iii.Consider dropping any DNS reply packets which are larger than 512 Bytes – these are commonly found in DNS DoS Amplification attacks. This *breaks the Internet*. Don't do it. +1 actually, if you think this will help you, by all means drop any DNS packets which are gt. 512bytes, not UDP, and not IPv4. /bill
Re: v6 cdn problems
On 11/8/14 1:02 PM, Frank Bulk wrote: The Google angle is also being discussed on outages. Initial suspicions are PTB packets not flowing through tunneled connections. you can also have problems in the other direction e.g. if your tunnel ingress sends a ptb towards a load balanced service it may not arrive. https://tools.ietf.org/html/draft-v6ops-pmtud-ecmp-problem-00 if you're tunneled it does help a lot if your mss reflects the cost of the tunnel you know exists. Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Pete Carah Sent: Saturday, November 08, 2014 4:56 PM To: nanog@nanog.org Subject: v6 cdn problems Prefix this - I'm on fios in the Baltimore area, using a HE tunnel terminating in ashburn. (*still* no native v6 on fios :-( Speedtest shows little or no congestion, and didn't change significantly when I reduced mtu by 8. (interestingly, speedtest.net usually reads faster than verizon's internal speedtest, and rarely averages less than my billed speed.) I've recently had problems (started a few weeks ago with www.att.com, 4-5 days ago with *.google.com) which unfortunately happy eyeballs doesn't help. att.com uses akamai, google uses their own cdn (per dns; I don't know if there are any connections behind the scenes.) This occurs on several google sites, all of which resolve to the same netblocks from here (maps.google.com, www.google.com, maps.gstatic.com, and at least one of the ad servers). Symptom with akamai is that it connects immediately then data transfer times out. With google, symptom involves both slow connection, and data transfer timing out. I don't know if chrome's happy eyeballs is working since if it was, and absent address caching, I shouldn't see the slow connection. v6 connections to my hosts in Los Angeles (not on HE address space, but we do peer with them on any2) work fine transferring graphics and large database files both ways, so I'm pretty sure I don't have an mtu problem nor some other fios or HE problem. Just to be sure, I dropped the 1500 to 1492 on the fios link and did the same adjustment to the mtu on my tunnel (becomes 1472). No change on my hosts. att.com appears a little better, though still very slow. Google shows no change at all. I saw some of the same problem yesterday from Frederick on comcast (only to google, didn't look at att), but couldn't take the time to do traceroutes. If desired, I'm likely to go out there tomorrow and can do that too. (we use a freebsd+pf router there). Is this a provisioning problem where v6 eyeballs are outstripping cdn provisioning (since win7 and 8 both default to v6)? Or is something else going on. Since this seems to affect more than one cdn, it seems odd. I run my own resolver locally instead of using verizon's. (and my own (vyatta) router instead of theirs. Actually I'm still using theirs as a bridge to talk to the set-top box (I don't know if Motorola still makes the coax terminal that would bridge it directly...) Resolve and traceroutes of relevant sites: [pete@port5 ~]$ host www.att.com www.att.com is an alias for prod-www.zr-att.com.akadns.net. prod-www.zr-att.com.akadns.net is an alias for www.att.com.edgekey.net. www.att.com.edgekey.net is an alias for e2318.dscb.akamaiedge.net. e2318.dscb.akamaiedge.net has address 23.76.217.145 e2318.dscb.akamaiedge.net has IPv6 address 2600:807:320:202:9200::90e e2318.dscb.akamaiedge.net has IPv6 address 2600:807:320:202:8600::90e Traceroute (v4) to this shows it is in Newark or environs: [pete@port5 ~]$ traceroute e2318.dscb.akamaiedge.net traceroute to e2318.dscb.akamaiedge.net (23.76.217.145), 30 hops max, 60 byte packets 1 rtr.east.altadena.net (192.168.170.1) 2.008 ms 2.450 ms 3.091 ms 2 L300.BLTMMD-VFTTP-64.verizon-gni.net (108.3.150.1) 9.021 ms 9.054 ms 9.045 ms 3 G0-7-4-5.BLTMMD-LCR-21.verizon-gni.net (100.41.195.94) 10.670 ms 10.683 ms 10.677 ms 4 ae4-0.RES-BB-RTR2.verizon-gni.net (130.81.209.230) 9.002 ms ae20-0.RES-BB-RTR1.verizon-gni.net (130.81.151.112) 8.995 ms so-1-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.199.2) 8.953 ms 5 * * * 6 * * * 7 0.xe-5-0-4.XL3.EWR6.ALTER.NET (140.222.225.73) 51.202 ms 41.102 ms 40.345 ms 8 0.ae1.XL4.EWR6.ALTER.NET (140.222.228.41) 33.065 ms TenGigE0-6-0-3.GW8.EWR6.ALTER.NET (152.63.19.158) 11.550 ms TenGigE0-6-0-6.GW8.EWR6.ALTER.NET (152.63.25.10) 11.659 ms 9 TenGigE0-7-0-1.GW8.EWR6.ALTER.NET (152.63.19.166) 19.854 ms akamai-gw.customer.alter.net (152.179.185.126) 1766.402 ms TenGigE0-7-0-7.GW8.EWR6.ALTER.NET (152.63.25.30) 18.227 ms 10 akamai-gw.customer.alter.net (152.179.185.126) 1747.269 ms a23-76-217-145.deploy.static.akamaitechnologies.com (23.76.217.145) 10.672 ms 11.263 ms Traceroute6 to it appears to be local (but is hard to tell. Next-to-last hop looks like either a router or load-balancer is overloaded. Same
Re: v6 cdn problems
On Sat, Nov 8, 2014 at 6:10 PM, Jeroen Massar jer...@massar.ch wrote: Google does not seem to be home. to be clear, folk who care do know about the problem and are working on a solution...
RE: Cisco CCNA Training
Holy molly, thankyou!! I just enrolled. On 08/11/14 23:00, nanog-requ...@nanog.org wrote: From: Wakefield, Thad M. twakefi...@stcloudstate.edu To: nanog@nanog.org nanog@nanog.org Subject: RE: Cisco CCNA Training Message-ID: b3093724fb4d2747ae895c89420a1edc0133ad7...@scsu83a.campus.stcloudstate.edu Content-Type: text/plain; charset=utf-8 Until midnight Monday this course is on sale for $24: https://www.udemy.com/collection/thankyou-400-24deal -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of scottie mac Sent: Tuesday, November 04, 2014 6:02 PM To:nanog@nanog.org Subject: Re: Cisco CCNA Training This course has 25 hours of video, I haven't started it yet but I've watched many of Laz's videos on Youtube, and he explains stuff very well. It is $399 though. They could share the Udemy account, and watch them in their free time. *I'm not affiliated with Udemy* https://www.udemy.com/the-complete-ccna-200-120-course
Re: Reporting DDOS reflection attacks
On 11/9/2014 13:40, Doug Barton wrote: On 11/8/14 6:33 PM, Roland Dobbins wrote: this is incorrect and harmful, and should be removed: iii.Consider dropping any DNS reply packets which are larger than 512 Bytes – these are commonly found in DNS DoS Amplification attacks. This *breaks the Internet*. Don't do it. +1 The whole thing Really? -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Reporting DDOS reflection attacks
On 10 Nov 2014, at 8:23, Larry Sheldon wrote: The whole thing Really? Breaking DNS for your customers pretty much breaks the Internet for them, yes. --- Roland Dobbins rdobb...@arbor.net
I am about to inherit 26 miles of dark fiber. What do I do with it?
All: A job opportunity just came my way to work with 26 miles of dark fiber in and around a city in Texas. The intent is for me to deliver internet and private network services to business customers in this area. I relish the thought of starting from scratch to build a network right from the start instead of inheriting and fixing someone else's mess. That being said, what suggestions does the group have for building a new network using existing dark fiber? MPLS backbone? Like all businesses these days, I will likely have to build the lit backbone as I add customers. So how would you recommend scaling the network? I have six strands of SMF that connect within municipal facilities. Each new customer will be a new build out from the nearest point. Because of having only six strands, I don't anticipate selling dark fiber. I believe I need to conserve fibers so that it would be lit services that I offer to customers. I would like to offer speeds up to 10 GB. Thoughts are appreciated! Sincerely, Lorell Hathcock
Re: FW: M-Lab-Related PCAPs
Thanks Jason. I've tried to organize them here: http://www1.icsi.berkeley.edu/~srikanth/tos.html So please send along any interesting traces, any ideas for tests, or comments! - Srikanth On 11/8/14 9:46 PM, Livingood, Jason wrote: FYI to this list since I suspect few of you are on the M-Lab Discuss list. Srikanth from ICSI has kindly taken on consolidating some PCAPs. If anyone wishes to send any to him, he is at srknt...@gmail.commailto:srknt...@gmail.com. JL On 11/6/14, 7:24 PM, Srikanth S srknt...@gmail.commailto:srknt...@gmail.com wrote: So it looks as though marking is not done for all MLab traffic. Also, some web traffic (to CNN) is marked at a lower priority than streaming (Netflix), which is strange as web traffic is likely more sensitive to degradation than streaming (?). Here are the traces: http://www1.icsi.berkeley.edu/~srikanth/pcaps/google.pcap http://www1.icsi.berkeley.edu/~srikanth/pcaps/youtube-image.pcap http://www1.icsi.berkeley.edu/~srikanth/pcaps/cnn.pcap http://www1.icsi.berkeley.edu/~srikanth/pcaps/netflix-streaming.pcap On Tuesday, November 4, 2014 1:29:16 PM UTC-8, Jason Livingood wrote: Another follow-up. Someone emailed me a PCAP off-list from an enterprise type of customer. Their PCAP was somewhat incomplete (so I still need more) but they noticed that some traffic at the next priority down from 0x48 at 0x28 (priority). And some other traffic was marked with the next priority down again at 0x00 (routine). So it appears there are three DSCP / ToS markings in use rather than just two (0x00, 0x28, 0x48). So safe to say more research is needed here – anyone collecting PCAPs should IMHO continue. :-) Jason
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
The below is a really sad story. Condolences on the coming trainwreck. I hope you get someone on staff or on consult that understands outside plant architecture, because it is much more important and complex topic than you seem to realize. On Sun, Nov 9, 2014 at 9:18 PM, Lorell Hathcock lor...@hathcock.org wrote: All: A job opportunity just came my way to work with 26 miles of dark fiber in and around a city in Texas. The intent is for me to deliver internet and private network services to business customers in this area. I relish the thought of starting from scratch to build a network right from the start instead of inheriting and fixing someone else's mess. That being said, what suggestions does the group have for building a new network using existing dark fiber? MPLS backbone? Like all businesses these days, I will likely have to build the lit backbone as I add customers. So how would you recommend scaling the network? I have six strands of SMF that connect within municipal facilities. Each new customer will be a new build out from the nearest point. Because of having only six strands, I don't anticipate selling dark fiber. I believe I need to conserve fibers so that it would be lit services that I offer to customers. I would like to offer speeds up to 10 GB. Thoughts are appreciated! Sincerely, Lorell Hathcock -- Fletcher Kittredge GWI 8 Pomerleau Street Biddeford, ME 04005-9457 207-602-1134
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
Hi, 26 miles is not a long distance when working with fiber. I would have just one active POPs (or two for redundancy). Use DWDM to expand your 6 strands into as many links as you need. You could also use GPON with splitters, although that will only deliver 1 Gbps (on a shared 2.4 Gbps) at this time. DWDM allows you to sell colored links to customers, that they can do anything with. MPLS might be overdoing it or not, depending on your background and experience. Using VLANs or layer 3 routing might get you the same thing. I would say the proposed network is small enough that you could get away with just about anything. Just remember that you need to protect your network from customers. Eg. you are using STP and the customer enables STP, you could very well end up with a disaster if not careful. Many network protocols have zero security and many switch configurations are vulnerable to simple mistakes by default. Regards, Baldur
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
WoW !.. that was a rather cruel and un-called for ! How does that saying go.Don't say anything, if you cannot say anything nice ! Faisal Imtiaz Snappy Internet Telecom - Original Message - From: Fletcher Kittredge fkitt...@gwi.net To: Lorell Hathcock lor...@hathcock.org Cc: nanog@nanog.org Sent: Sunday, November 9, 2014 9:56:08 PM Subject: Re: I am about to inherit 26 miles of dark fiber. What do I do with it? The below is a really sad story. Condolences on the coming trainwreck. I hope you get someone on staff or on consult that understands outside plant architecture, because it is much more important and complex topic than you seem to realize. On Sun, Nov 9, 2014 at 9:18 PM, Lorell Hathcock lor...@hathcock.org wrote: All: A job opportunity just came my way to work with 26 miles of dark fiber in and around a city in Texas. The intent is for me to deliver internet and private network services to business customers in this area. I relish the thought of starting from scratch to build a network right from the start instead of inheriting and fixing someone else's mess. That being said, what suggestions does the group have for building a new network using existing dark fiber? MPLS backbone? Like all businesses these days, I will likely have to build the lit backbone as I add customers. So how would you recommend scaling the network? I have six strands of SMF that connect within municipal facilities. Each new customer will be a new build out from the nearest point. Because of having only six strands, I don't anticipate selling dark fiber. I believe I need to conserve fibers so that it would be lit services that I offer to customers. I would like to offer speeds up to 10 GB. Thoughts are appreciated! Sincerely, Lorell Hathcock -- Fletcher Kittredge GWI 8 Pomerleau Street Biddeford, ME 04005-9457 207-602-1134
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
Hey come on. Yes it is complex but not impossible to learn on the job. You have absolutely no knowledge of his skills and know almost nothing about the project. How can you say anything about the impossibility of overcoming the challenges ahead? One thing that amazes me about NANOG is that while you often do get valuable advice, you also get a ton of hatemail from daring to ask or voice an opinion. Regards, Baldur On 10 November 2014 03:56, Fletcher Kittredge fkitt...@gwi.net wrote: The below is a really sad story. Condolences on the coming trainwreck. I hope you get someone on staff or on consult that understands outside plant architecture, because it is much more important and complex topic than you seem to realize. On Sun, Nov 9, 2014 at 9:18 PM, Lorell Hathcock lor...@hathcock.org wrote: All: A job opportunity just came my way to work with 26 miles of dark fiber in and around a city in Texas. The intent is for me to deliver internet and private network services to business customers in this area. I relish the thought of starting from scratch to build a network right from the start instead of inheriting and fixing someone else's mess. That being said, what suggestions does the group have for building a new network using existing dark fiber? MPLS backbone? Like all businesses these days, I will likely have to build the lit backbone as I add customers. So how would you recommend scaling the network? I have six strands of SMF that connect within municipal facilities. Each new customer will be a new build out from the nearest point. Because of having only six strands, I don't anticipate selling dark fiber. I believe I need to conserve fibers so that it would be lit services that I offer to customers. I would like to offer speeds up to 10 GB. Thoughts are appreciated! Sincerely, Lorell Hathcock -- Fletcher Kittredge GWI 8 Pomerleau Street Biddeford, ME 04005-9457 207-602-1134
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
On Sun, 9 Nov 2014, Lorell Hathcock wrote: A job opportunity just came my way to work with 26 miles of dark fiber in and around a city in Texas. How is the outside plant being built and supported? Who fixes fiber cuts? Who manages the fiber-cut-fixers? Who monitors the network and handles initial triage to determine if there is a fiber cut, as opposed to a hardware/optic failure? Those questions lead to many others, such as who has documentation and as-built drawings for the fiber plant? Are all of the access agreements, insurance certificates, letters of agency, etc. up to date and accurate? jms
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
I would suggest that you do some rapid field deployment education in regards to fiber networks. You might consider joining WISPA and or FISPA (two industry associations), where you have folks building out fiber networks, who are very willing to share their experience and tell you what is working and what is not working. Working with Dark fiber can be as simple as you like, or as complicated as you want it to be. However this is one area that it is not un-common to make things appear a lot more expensive and complicated then what they have to be... Depending on what you are inheriting, and what you have to be responsible for, I would suggest that you spend some time on the web, local library, and some of the OSP related publications to get a good understanding of what is done and whybefore just falling for industry jargon. I should be fun... :) Faisal Imtiaz Snappy Internet Telecom - Original Message - From: Lorell Hathcock lor...@hathcock.org To: nanog@nanog.org Sent: Sunday, November 9, 2014 9:18:15 PM Subject: I am about to inherit 26 miles of dark fiber. What do I do with it? All: A job opportunity just came my way to work with 26 miles of dark fiber in and around a city in Texas. The intent is for me to deliver internet and private network services to business customers in this area. I relish the thought of starting from scratch to build a network right from the start instead of inheriting and fixing someone else's mess. That being said, what suggestions does the group have for building a new network using existing dark fiber? MPLS backbone? Like all businesses these days, I will likely have to build the lit backbone as I add customers. So how would you recommend scaling the network? I have six strands of SMF that connect within municipal facilities. Each new customer will be a new build out from the nearest point. Because of having only six strands, I don't anticipate selling dark fiber. I believe I need to conserve fibers so that it would be lit services that I offer to customers. I would like to offer speeds up to 10 GB. Thoughts are appreciated! Sincerely, Lorell Hathcock
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
--- fkitt...@gwi.net wrote: From: Fletcher Kittredge fkitt...@gwi.net The below is a really sad story. Condolences on the coming trainwreck. I hope you get someone on staff or on consult that understands outside plant architecture, because it is much more important and complex topic than you seem to realize. - Help guide and build knowledge instead of publicly beat down. scott
Re: I am about to inherit 26 miles of dark fiber
Ah, the famous good-will of NANOG. I knew I would get some interesting responses. I was part of the Field Ops group of Enron Broadband years ago. We deployed DWDM extensively. Admittedly it has been a while. This 26 miles of dark fiber is deployed by a municipality in and around their fair city. Part of a deal with this new firm is that the firm will use the aforementioned six strands. So the fiber is deployed throughout this city that has been largely under-serviced. By lack of resources, the city could not deploy services to businesses/enterprises. So as I ponder the opportunity, I seek to tap the creative juices of NANOG. Thanks, Lorell Hathcock
Re: I am about to inherit 26 miles of dark fiber
:: Ah, the famous good-will of NANOG. But you got more of the good than the other. :: I knew I would get some interesting responses. And you got more of that than non-interesting... :-) scott
Re: v6 cdn problems
On 2014-11-09 23:00, Christopher Morrow wrote: On Sat, Nov 8, 2014 at 6:10 PM, Jeroen Massar jer...@massar.ch wrote: Google does not seem to be home. Note that you skipped the rest: Google does not seem to be home. They used to have a handy i...@google.com address, but alas, that does not exist anymore. There used to be a handy ipv6@google address for reporting things. This nowadays bounces. to be clear, folk who care do know about the problem and are working on a solution... The problem Google was having was already resolved according to Damian as noted on the outages list. Seems those archives don't update at the moment, hence: http://permalink.gmane.org/gmane.org.operators.ipv6/10232 Greets, Jeroen