Re: About inetnum "ownership"

[Jonas Bjork]

Hi,
shouldn't the same logic of ownership of DNS domain names apply to inetnum 
address space?

Best regards,
Jonas

Sent from my iPad

> On 02 Mar 2016, at 07:12, Karl Auer  wrote:
> 
>> On Wed, 2016-03-02 at 00:44 -0500, William Herrin wrote:
>> Do I have the legal right to exclude others from announcing my block
>> of IP addresses to the public Internet routing tables? It's not well
>> tested in court but the odds are exceptionally strong that I do.
> 
> If I own some property - say a field - the location of that field is
> with certain rare exceptions public information. I as the owner cannot
> enforce a requirement on you to NOT tell people where my field is. I
> can't demand that you NOT build roads past it, or that you NOT put up
> signs saying how to get to my field, or even that you NOT tell people
> who owns the field. I have the right to exclusive use of the property,
> but I have no rights to information about the property, nor any
> property rights outside the boundary of the property.
> 
> Testing in court the idea that you may not advertise my routes would be
> a fascinating exercise. If you falsely advertised them it would be a
> different matter.
> 
> Has this sort of thing been tested in the courts at all? In any
> jurisdiction?
> 
>> Indeed, the whole point of registration is to facilitate
>> determination
>> of -who- has the exclusive right over -which- blocks of addresses.
> 
> The problem is what rights we are talking about. I would say that
> practically speaking the only real right here is the right to configure
> an address on an interface. But anyone else can send packets to an
> address, or advertise to others the direction of travel towards that
> network. Malicious activity excluded of course - DoS attacks and so on,
> but I think the issues there are different. Also, contractually
> regulated relationships are different - if I connect something up to
> ISPX and have a contract with ISPX to NOT advertise the route to me,
> then ISPX is constrained.
> 
> Regards, K.
> 
> -- 
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> 
> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
> 
> 
> 

Re: Any large IPv4 space brokers?

[Jonas Bjork]

Hi, these sites sell PA network space, I assume? Where may I buy PI nets?

Best regards,
Jonas

Sent from my iPad

> On 02 Mar 2016, at 01:54, Jim Mercer  wrote:
> 
>> On Tue, Mar 01, 2016 at 05:32:44PM -0500, Paras Jha wrote:
>> Does anyone know of any IP space brokers other than Hilco Streambank? I'm
>> looking to get a feel for the market a little bit.
> 
> register with the ARIN STLS, there are some blocks available there too.
> 
> --jim
> 
> -- 
> Jim Mercer Reptilian Research  j...@reptiles.org+1 416 410-5633
> 
> Life should not be a journey to the grave with the intention of
> arriving safely in a pretty and well preserved body, but rather
> to skid in broadside in a cloud of smoke, thoroughly used up,
> totally worn out, and loudly proclaiming "Wow! What a Ride!"
> -- Hunter S. Thompson

Re: About inetnum "ownership"

[Karl Auer]

On Wed, 2016-03-02 at 00:44 -0500, William Herrin wrote:
> Do I have the legal right to exclude others from announcing my block
> of IP addresses to the public Internet routing tables? It's not well
> tested in court but the odds are exceptionally strong that I do.

If I own some property - say a field - the location of that field is
with certain rare exceptions public information. I as the owner cannot
enforce a requirement on you to NOT tell people where my field is. I
can't demand that you NOT build roads past it, or that you NOT put up
signs saying how to get to my field, or even that you NOT tell people
who owns the field. I have the right to exclusive use of the property,
but I have no rights to information about the property, nor any
property rights outside the boundary of the property.

Testing in court the idea that you may not advertise my routes would be
a fascinating exercise. If you falsely advertised them it would be a
different matter.

Has this sort of thing been tested in the courts at all? In any
jurisdiction?

> Indeed, the whole point of registration is to facilitate
> determination
> of -who- has the exclusive right over -which- blocks of addresses.

The problem is what rights we are talking about. I would say that
practically speaking the only real right here is the right to configure
an address on an interface. But anyone else can send packets to an
address, or advertise to others the direction of travel towards that
network. Malicious activity excluded of course - DoS attacks and so on,
but I think the issues there are different. Also, contractually
regulated relationships are different - if I connect something up to
ISPX and have a contract with ISPX to NOT advertise the route to me,
then ISPX is constrained.

Regards, K.

-- 
~~~
Karl Auer (ka...@biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4

Re: sFlow vs netFlow/IPFIX

[Mark Tinka]

On 2/Mar/16 08:04, Mark Tinka wrote:

> We were initially looking at at the Nexus 9000, but then moved to the
> 7700 because the Broadcom chip on the 7700 cannot do single flows larger
> than 40Gbps on the 100Gbps ports.

The Broadcom chip on the 9000, I meant...

Mark.

Re: sFlow vs netFlow/IPFIX

[Mark Tinka]

On 1/Mar/16 17:18, Peter Phaal wrote:

> It also appears that Cisco's merchant silicon based switches have a
> greater variety of orchestration capabilities, Python, NX-API,
> Ansible, etc.

We were initially looking at at the Nexus 9000, but then moved to the
7700 because the Broadcom chip on the 7700 cannot do single flows larger
than 40Gbps on the 100Gbps ports.

As a general note, I'm having to avoid merchant silicon
left-right-and-centre. Every time I try to give them a chance, they
don't cut the mustard. When the next chip solves the last issue, I
discover it can't support another feature. The cycle repeats.

Mark.

Re: About inetnum "ownership"

[William Herrin]

On Tue, Mar 1, 2016 at 6:55 PM, Owen DeLong  wrote:
> Unique registrations in the RIR databases may well be property.

Hi Owen,

Registration records property. Registrations are not the property recorded.

The U.S. Supreme Court talks about property this way: "The right to
exclude others [is] one of the most essential sticks in the bundle of
rights that are commonly characterized as property." (Kaiser Aetna v.
United States)

Do I have the legal right to exclude others from announcing my block
of IP addresses to the public Internet routing tables? It's not well
tested in court but the odds are exceptionally strong that I do.
Indeed, the whole point of registration is to facilitate determination
of -who- has the exclusive right over -which- blocks of addresses.

The right to exclude is not the only one in the bundle of rights that
is property but it is the primary and it is argued sufficient
condition of property.
http://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1492=nlr

Which brings us back around to what I said earlier: IP addresses are
property but the legal precedent isn't as strong as might be nice.


> IP addresses are so abstract and ephemeral in their nature
> as to be impossible to treat as property

Computers don't do abstraction. There's nothing abstract or
particularly ephemeral about the use of IP addresses on the public
Internet.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Mike Hammett]

If anyone has connections at Amazon in those areas, could you pass them my way? 
My IP peering contact (MMC) seems to have fallen off the face of the earth and 
I'm not sure that's his jurisdiction anyway. Their web site seems largely 
useless so far, catering more to the consultant and software dev guys than the 
infrastructure\transport guys. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Dave Cohen"  
To: "Mike Hammett"  
Cc: "North American Network Operators' Group"  
Sent: Tuesday, March 1, 2016 7:28:34 PM 
Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS 


I can confirm that AWS (and Equinix, by extension, from a facility operator 
perspective) permit carriers to have multiple end users share a physical 
interface into the AWS gateway. The key is whether the providers that are 
permitted into the DX environment (I believe AWS has limited the list to only 7 
or 8 in total - anyone else is reselling capacity off of those carriers) are 
willing to deal with the constraints of that configuration - essentially that 
the carrier needs to take responsibility of engaging directly with AWS to 
associate the EVC on the provider interface with the VPC on the AWS interface. 
I can confirm that at least one provider other than Equinix will do this. Point 
being, it's not an AWS restriction as much as whether the provider is willing 
to get its hands a bit dirtier. My $.02 at least. 


- Dave 


On Tue, Mar 1, 2016 at 7:59 PM, Mike Hammett < na...@ics-il.net > wrote: 


I haven't heard it from the horse's mouth, but I heard that the only way to 
have customers share an AWS DX (apparently) cross connect is through Equinix's 
cloud exchange service. Can anyone confirm that? It doesn't seem right that I 
could transport people to AWS all day long if they buy their own cross connect, 
but once we share, I have to go through someone offering a competitive service. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message - 

From: "Michael O'Connor" < m...@es.net > 
To: "Jay R. Ashworth" < j...@baylink.com > 
Cc: "North American Network Operators' Group" < nanog@nanog.org > 
Sent: Tuesday, March 1, 2016 2:41:35 PM 
Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS 

Jay, 

VPC is supported over IPsec if your public path is sufficient into the AWS 
cloud. 

AWS shortens DirectConnect to DX not DC for some reason. 

The AWS DirectConnect service is built on 10G infrastructure so using 
potentially larger interconnects over public peerings with IPsec could be 
advantageous. 

DX requires fiber cross connects in addition to any other AWS peerings that 
you may have at a particular location. 

-Mike O'Connor 


On Tue, Mar 1, 2016 at 12:16 PM, Jay R. Ashworth < j...@baylink.com > wrote: 

> Just got this dropped on my desk an hour ago, and I'm not finding as much 
> material online as I might have hoped for... 
> 
> It looks like the easiest solution is to just hang a router/firewall at 
> Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP 
> and 
> MPLS; is there a "native" way to do that from an AWS VPC instead? 
> 
> Any public or private replies cheerfully accepted; will summarize what I 
> can to the list. 
> 
> Cheers, 
> -- jra 
> 
> -- 
> Jay R. Ashworth Baylink 
> j...@baylink.com 
> Designer The Things I Think RFC 
> 2100 
> Ashworth & Associates http://www.bcp38.info 2000 Land 
> Rover DII 
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 
> 1274 
> 



-- 
Michael O'Connor 
ESnet Network Engineering 
m...@es.net 
631 344-7410 







-- 

- Dave Cohen 
eM: craetd...@gmail.com 
AIM: dCo says 

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Dave Cohen]

I can confirm that AWS (and Equinix, by extension, from a facility operator
perspective) permit carriers to have multiple end users share a physical
interface into the AWS gateway. The key is whether the providers that are
permitted into the DX environment (I believe AWS has limited the list to
only 7 or 8 in total - anyone else is reselling capacity off of those
carriers) are willing to deal with the constraints of that configuration -
essentially that the carrier needs to take responsibility of engaging
directly with AWS to associate the EVC on the provider interface with the
VPC on the AWS interface. I can confirm that at least one provider other
than Equinix will do this. Point being, it's not an AWS restriction as much
as whether the provider is willing to get its hands a bit dirtier. My $.02
at least.

- Dave

On Tue, Mar 1, 2016 at 7:59 PM, Mike Hammett  wrote:

> I haven't heard it from the horse's mouth, but I heard that the only way
> to have customers share an AWS DX (apparently) cross connect is through
> Equinix's cloud exchange service. Can anyone confirm that? It doesn't seem
> right that I could transport people to AWS all day long if they buy their
> own cross connect, but once we share, I have to go through someone offering
> a competitive service.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> - Original Message -
>
> From: "Michael O'Connor" 
> To: "Jay R. Ashworth" 
> Cc: "North American Network Operators' Group" 
> Sent: Tuesday, March 1, 2016 2:41:35 PM
> Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS
>
> Jay,
>
> VPC is supported over IPsec if your public path is sufficient into the AWS
> cloud.
>
> AWS shortens DirectConnect to DX not DC for some reason.
>
> The AWS DirectConnect service is built on 10G infrastructure so using
> potentially larger interconnects over public peerings with IPsec could be
> advantageous.
>
> DX requires fiber cross connects in addition to any other AWS peerings that
> you may have at a particular location.
>
> -Mike O'Connor
>
>
> On Tue, Mar 1, 2016 at 12:16 PM, Jay R. Ashworth  wrote:
>
> > Just got this dropped on my desk an hour ago, and I'm not finding as much
> > material online as I might have hoped for...
> >
> > It looks like the easiest solution is to just hang a router/firewall at
> > Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP
> > and
> > MPLS; is there a "native" way to do that from an AWS VPC instead?
> >
> > Any public or private replies cheerfully accepted; will summarize what I
> > can to the list.
> >
> > Cheers,
> > -- jra
> >
> > --
> > Jay R. Ashworth Baylink
> > j...@baylink.com
> > Designer The Things I Think RFC
> > 2100
> > Ashworth & Associates http://www.bcp38.info 2000 Land
> > Rover DII
> > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
> > 1274
> >
>
>
>
> --
> Michael O'Connor
> ESnet Network Engineering
> m...@es.net
> 631 344-7410
>
>


-- 
- Dave Cohen
eM: craetd...@gmail.com
AIM: dCo says

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Mike Hammett]

I haven't heard it from the horse's mouth, but I heard that the only way to 
have customers share an AWS DX (apparently) cross connect is through Equinix's 
cloud exchange service. Can anyone confirm that? It doesn't seem right that I 
could transport people to AWS all day long if they buy their own cross connect, 
but once we share, I have to go through someone offering a competitive service. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Michael O'Connor"  
To: "Jay R. Ashworth"  
Cc: "North American Network Operators' Group"  
Sent: Tuesday, March 1, 2016 2:41:35 PM 
Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS 

Jay, 

VPC is supported over IPsec if your public path is sufficient into the AWS 
cloud. 

AWS shortens DirectConnect to DX not DC for some reason. 

The AWS DirectConnect service is built on 10G infrastructure so using 
potentially larger interconnects over public peerings with IPsec could be 
advantageous. 

DX requires fiber cross connects in addition to any other AWS peerings that 
you may have at a particular location. 

-Mike O'Connor 


On Tue, Mar 1, 2016 at 12:16 PM, Jay R. Ashworth  wrote: 

> Just got this dropped on my desk an hour ago, and I'm not finding as much 
> material online as I might have hoped for... 
> 
> It looks like the easiest solution is to just hang a router/firewall at 
> Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP 
> and 
> MPLS; is there a "native" way to do that from an AWS VPC instead? 
> 
> Any public or private replies cheerfully accepted; will summarize what I 
> can to the list. 
> 
> Cheers, 
> -- jra 
> 
> -- 
> Jay R. Ashworth Baylink 
> j...@baylink.com 
> Designer The Things I Think RFC 
> 2100 
> Ashworth & Associates http://www.bcp38.info 2000 Land 
> Rover DII 
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 
> 1274 
> 



-- 
Michael O'Connor 
ESnet Network Engineering 
m...@es.net 
631 344-7410 

Re: Any large IPv4 space brokers?

[Jim Mercer]

On Tue, Mar 01, 2016 at 05:32:44PM -0500, Paras Jha wrote:
> Does anyone know of any IP space brokers other than Hilco Streambank? I'm
> looking to get a feel for the market a little bit.

register with the ARIN STLS, there are some blocks available there too.

--jim

-- 
Jim Mercer Reptilian Research  j...@reptiles.org+1 416 410-5633

Life should not be a journey to the grave with the intention of
arriving safely in a pretty and well preserved body, but rather
to skid in broadside in a cloud of smoke, thoroughly used up,
totally worn out, and loudly proclaiming "Wow! What a Ride!"
 -- Hunter S. Thompson

Re: Any large IPv4 space brokers?

[Jon Lewis]

On Tue, 1 Mar 2016, Paras Jha wrote:


Does anyone know of any IP space brokers other than Hilco Streambank? I'm
looking to get a feel for the market a little bit.


Addrex.net

--
 Jon Lewis, MCP :)   |  I route
 |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: About inetnum "ownership"

[Owen DeLong]

> On Feb 22, 2016, at 08:57 , William Herrin  wrote:
> 
> On Mon, Feb 22, 2016 at 5:03 AM, Jérôme Nicolle  wrote:
>> It's my understanding that the IP adress space is nothing but numbers
>> and that RIR/LIRs are only responsible for the uniqueness of allocations
>> and assignements, that is, a transfer of liability over a shared and
>> common immaterial resource, between community members.
> 
> Hi Jérôme,
> 
> The short version is this:
> 
> IP addresses are property. A few people get really bent out of shape
> if you say that IP addresses are property. And while extant, the legal
> precedent for IP addresses as property isn't as strong as might be
> nice. So, we mostly pay lip service to the folks who still want to
> claim that IP addresses are just integers even as we treat IP
> addresses like property.

I would argue that it is the other way around.

Unique registrations in the RIR databases may well be property.

IP addresses are so abstract and ephemeral in their nature as to be impossible 
to treat as property other than by creating some sort of statutory system 
requiring all network operators to obey a certain set of cooperating registries 
for said numbers and then using those unique registrations mentioned above to 
convey property rights in the operational deployment of the ephemeral numbers 
referenced.

Ownership of the rights to control (convey, modify, update) a registration 
record are tangible and can be property.

The control over how a network operator interprets, deploys, uses, or otherwise 
manipulates a particular integer or packets containing a particular integer in 
a particular field of the packet is not actually subject to any sort of 
enforceable property rights.

For example, if you have gotten a registration for A.B.C.0/24 from an RIR and 
you then purchase internet access from $PROVIDER_A, you have nothing which will 
force $PROVIDER_A to convey all packets to A.B.C.0/24 to your network unless 
that’s what you add to your contract. 

Further, if some other customer of $PROVIDER_B convinces them to treat 
A.B.C.0/24 differently within $PROVIDER_B’s network, there’s no law which 
prohibits that and no way for you to enforce any sort of restraint on their 
choice to do so.

You might… _MIGHT_ have a case for tortious interference if $PROVIDER_B 
advertises A.B.C.0/24 to some other provider in a way that negatively impacts 
your network, but to the best of my knowledge, even that is relatively untested.

So far, resolving any such conflicts has depended almost entirely on the fact 
that ISPs generally cooperate with the RIR system and treat it as an 
authoritative list for granting permission to use addresses in their networks.

If ISPs start opting out of that particular choice, life gets much more 
interesting, but I don’t think there’s any sort of ownership conveyed in an RIR 
registration that allows you to prevent an ISP that you aren’t in a contract 
with from doing so.

Owen

Re: About inetnum "ownership"

[Owen DeLong]

> On Feb 22, 2016, at 08:50 , Naslund, Steve  wrote:
> 
> Oh, and I forgot to add...the number in and of itself does not have a value.  
> The right to use that number within the Internet connected network is what 
> has value.


But that’s not what RIRs give you.

RIRs have no control over your right to use the number within the context of 
any network.

RIRs merely provide a record of unique registrations among cooperating 
registries.

Most network operators currently use this database as a basis for granting 
permissions to use the numbers within their network contexts, but any network 
operator that wants to is free to assign any number they wish to any purpose or 
entity they so choose. Your network, your rules.

Turns out, that since most network operators follow the RIR database, it’s hard 
to find peers that will accept your announcement of “off-list” usage of 
addresses, but that’s not an inherent right conveyed in the registration of an 
address within the RIR system.

Owen

> 
> Steven Naslund
> Chicago IL
> 
> 
> Simple to answer.  
> 
> 1. Address space is finite in size, therefore in the V4 space more people 
> want addresses than there is available space.  Hence it has value because 
> demand exceeds supply.
> 
> 2.  Managing address space allocations is not a zero cost effort, therefore 
> the RIRs charge a price for that.  Anything that costs money to acquire 
> presumably has value.
> 
> Steven Naslund
> Chicago IL
> 
>> On Feb 22, 2016, at 2:03 AM, Jérôme Nicolle  wrote:
>> 
>> Hi,
>> 
>> How come we've had an inetnum market in place whereas an inetnum 
>> cannot have a market value ?
>> 
>> It's my understanding that the IP adress space is nothing but numbers 
>> and that RIR/LIRs are only responsible for the uniqueness of 
>> allocations and assignements, that is, a transfer of liability over a 
>> shared and common immaterial resource, between community members.
>> 
>> I'm wondering how did we made "Temporary and conditionnal liabality 
>> transfer" a synonym of "perpetual and inconditional usufruct transfer".
>> 
>> May you please enlight me ?
>> 
>> Thanks !
>> 
>> --
>> Jérôme Nicolle
>> +33 6 19 31 27 14

Re: mrtg alternative

[Jeff Gehlbach]

Similar in name but more comprehensive in scope, OpenNMS may also be worth a 
look. Disclosure: I work for the project's primary maintainer.

On March 1, 2016 5:50:07 PM EST, Alessandro Martins 
 wrote:
>Hey,
>
>LibreNMS is an opensource Observium's fork with some extra addons...
>
>Take a look: http://www.librenms.org
>
>-- 
>Alessandro Martins
>On Feb 27, 2016 20:37, "Peter Loron"  wrote:
>
>> We’re using Observium for trend collecting, graphing, and alerting.
>>
>> -Pete
>>
>>
>>
>>
>> On 2/27/16, 13:12, "NANOG on behalf of Rafael Ganascim" <
>> nanog-boun...@nanog.org on behalf of rganas...@gmail.com> wrote:
>>
>> >I like cacti:
>> >
>> >http://www.cacti.net
>> >
>> >
>> >
>> >2016-02-26 20:18 GMT-03:00 Baldur Norddahl
>:
>> >
>> >> Hi
>> >>
>> >> I am currently using MRTG and RRD to make traffic graphs. I am
>searching
>> >> for more modern alternatives that allows the user to dynamically
>zoom
>> and
>> >> scroll the timeline.
>> >>
>> >> Bonus points if the user can customize the graphs directly in the
>> >> webbrowse. For example he might be able to add or remove
>individual
>> peers
>> >> from the graph by simply clicking a checkbox.
>> >>
>> >> What is the 2016 tool for this?
>> >>
>> >> Regards,
>> >>
>> >> Baldur
>> >>
>> >
>>
>>


-jeff

Re: mrtg alternative

[Alessandro Martins]

Hey,

LibreNMS is an opensource Observium's fork with some extra addons...

Take a look: http://www.librenms.org

-- 
Alessandro Martins
On Feb 27, 2016 20:37, "Peter Loron"  wrote:

> We’re using Observium for trend collecting, graphing, and alerting.
>
> -Pete
>
>
>
>
> On 2/27/16, 13:12, "NANOG on behalf of Rafael Ganascim" <
> nanog-boun...@nanog.org on behalf of rganas...@gmail.com> wrote:
>
> >I like cacti:
> >
> >http://www.cacti.net
> >
> >
> >
> >2016-02-26 20:18 GMT-03:00 Baldur Norddahl :
> >
> >> Hi
> >>
> >> I am currently using MRTG and RRD to make traffic graphs. I am searching
> >> for more modern alternatives that allows the user to dynamically zoom
> and
> >> scroll the timeline.
> >>
> >> Bonus points if the user can customize the graphs directly in the
> >> webbrowse. For example he might be able to add or remove individual
> peers
> >> from the graph by simply clicking a checkbox.
> >>
> >> What is the 2016 tool for this?
> >>
> >> Regards,
> >>
> >> Baldur
> >>
> >
>
>

Any large IPv4 space brokers?

[Paras Jha]

Does anyone know of any IP space brokers other than Hilco Streambank? I'm
looking to get a feel for the market a little bit.

Regards
Paras

Re: Thank you, Comcast. (aka patch your D-Link gear)

[Scott Weeks]

--- jason_living...@comcast.com wrote:

As noted last week we're ...


Thank you for sharing this and all the other stuff over 
the years with the NANOG community.

scott

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Michael O'Connor]

Jay,

VPC is supported over IPsec if your public path is sufficient into the AWS
cloud.

AWS shortens DirectConnect to DX not DC for some reason.

The AWS DirectConnect service is built on 10G infrastructure so using
potentially larger interconnects over public peerings with IPsec could be
advantageous.

DX requires fiber cross connects in addition to any other AWS peerings that
you may have at a particular location.

-Mike O'Connor


On Tue, Mar 1, 2016 at 12:16 PM, Jay R. Ashworth  wrote:

> Just got this dropped on my desk an hour ago, and I'm not finding as much
> material online as I might have hoped for...
>
> It looks like the easiest solution is to just hang a router/firewall at
> Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP
> and
> MPLS; is there a "native" way to do that from an AWS VPC instead?
>
> Any public or private replies cheerfully accepted; will summarize what I
> can to the list.
>
> Cheers,
> -- jra
>
> --
> Jay R. Ashworth  Baylink
> j...@baylink.com
> Designer The Things I Think   RFC
> 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land
> Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647
> 1274
>



-- 
Michael O'Connor
ESnet Network Engineering
m...@es.net
631 344-7410

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Luan Nguyen]

Not sure about AWS, but if you are a client of Dimension Data cloud, you
don't need to do anything. Everything will be taking care off from the
provider perspective. Didata will peer with your tier 1/MPLS - acts as
CPE...etc  I am pretty sure AWS does that for you as well.
Else you could spin up a CSR1000v inside the AWS and ask them to connect
you.

On Tue, Mar 1, 2016 at 2:25 PM, George Herbert 
wrote:

>
> If you're asking if one can get a provider's router to handle the outside
> physical part of a DC connection... As an ISP service so you don't need
> your own router hardware...
>
> I was working on this for a recent ex client and asked Level 3 exactly
> that question.  I believe I had the right network guy on the phone and it
> was a firm no.
>
> I was going to check all the other Direct Connect providers but client ran
> out of $$.
>
> If anyone does do that, I would like to know and pass it along to ex
> client for their information.
>
>
> George William Herbert
> Sent from my iPhone
>
> > On Mar 1, 2016, at 9:16 AM, "Jay R. Ashworth"  wrote:
> >
> > Just got this dropped on my desk an hour ago, and I'm not finding as much
> > material online as I might have hoped for...
> >
> > It looks like the easiest solution is to just hang a router/firewall at
> > Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP
> and
> > MPLS; is there a "native" way to do that from an AWS VPC instead?
> >
> > Any public or private replies cheerfully accepted; will summarize what I
> > can to the list.
> >
> > Cheers,
> > -- jra
> >
> > --
> > Jay R. Ashworth  Baylink
> j...@baylink.com
> > Designer The Things I Think
>  RFC 2100
> > Ashworth & Associates   http://www.bcp38.info  2000 Land
> Rover DII
> > St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727
> 647 1274
>

Re: Thank you, Comcast. (aka patch your D-Link gear)

[Livingood, Jason]

As a followup to this issue, and looking specifically at SSDP abuse (not the 
DNS amplification noted in the 1st email), one point of commonality we have 
identified in many customers is a D-Link device (range of different models). If 
you or someone you know uses a D-Link device, please see this page as you may 
need to upgrade your firmware: 
http://support.dlink.ca/FAQView.aspx?f=sY5vcvfAuAV6bXgi%2F8WoVw%3D%3D

As noted last week we're continuing to examine whether / how / when to update 
our blocked port list.

Jason / Comcast

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[George Herbert]

If you're asking if one can get a provider's router to handle the outside 
physical part of a DC connection... As an ISP service so you don't need your 
own router hardware...

I was working on this for a recent ex client and asked Level 3 exactly that 
question.  I believe I had the right network guy on the phone and it was a firm 
no.

I was going to check all the other Direct Connect providers but client ran out 
of $$.

If anyone does do that, I would like to know and pass it along to ex client for 
their information.


George William Herbert
Sent from my iPhone

> On Mar 1, 2016, at 9:16 AM, "Jay R. Ashworth"  wrote:
> 
> Just got this dropped on my desk an hour ago, and I'm not finding as much
> material online as I might have hoped for...
> 
> It looks like the easiest solution is to just hang a router/firewall at
> Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP and
> MPLS; is there a "native" way to do that from an AWS VPC instead?
> 
> Any public or private replies cheerfully accepted; will summarize what I
> can to the list.
> 
> Cheers,
> -- jra
> 
> -- 
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Jay R. Ashworth]

Just got this dropped on my desk an hour ago, and I'm not finding as much
material online as I might have hoped for...

It looks like the easiest solution is to just hang a router/firewall at
Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP and
MPLS; is there a "native" way to do that from an AWS VPC instead?

Any public or private replies cheerfully accepted; will summarize what I
can to the list.

Cheers,
-- jra

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: sFlow vs netFlow/IPFIX

[Peter Phaal]

On Tue, Mar 1, 2016 at 6:13 AM, Mark Tinka  wrote:
>
>
> On 29/Feb/16 12:15, Nikolay Shopik wrote:
>
>> Cisco Nexus switches support sflow, since they are broadcom based.
>
> Not all of them, just the Nexus 9000, IIRC.
>

The situation in the Cisco Nexus line is confusing. In addition, to
the Nexus 9000 series, the Nexus 3000 series and 3100 series are also
Broadcom based and also support sFlow. The Nexus 3500 series and 6000
series use Cisco ASICs and don't have sFlow or NetFlow support.

It also appears that Cisco's merchant silicon based switches have a
greater variety of orchestration capabilities, Python, NX-API,
Ansible, etc.

Re: sFlow vs netFlow/IPFIX

[Nikolay Shopik]

On 01/03/16 10:44, Pavel Odintsov wrote:
> But unfortunately they (Cisco Nexus) are pretty expensive and fairly
> new for DC and ISP market. It's pretty rare to find big company with
> switching backbone on Nexus switches.

You could go with withbox switches, which is based on same broadcom
ASIC, but this means you have to deal with new commercial NOS and learn
its quirks.

Or you could hack around with OpenSwitch and ask Broadcom to include you
favorite vendor/model into OpenNSL, so you could actually use ASIC w/o
siging NDA.

Re: sFlow vs netFlow/IPFIX

[Nikolay Shopik]

On 01/03/16 17:13, Mark Tinka wrote:
> 
> 
> On 29/Feb/16 12:15, Nikolay Shopik wrote:
> 
>> Cisco Nexus switches support sflow, since they are broadcom based.
> 
> Not all of them, just the Nexus 9000, IIRC.
> 

Nexus 3000 also broadcom, but maybe not all models.

Re: sFlow vs netFlow/IPFIX

[Josh Reynolds]

Brocade as well.
On Mar 1, 2016 8:39 AM, "David Bass"  wrote:

> I don't agree with that statement (about rare to find big companies using
> Nexus).  If you want 10 gig/40 gig (or 100 gig soon) your options are Cisco
> Nexus/Arista/Juniper QFX...some periphery devices as well, but the majority
> use one of those 3.
>
> The merchant silicon based switches are pretty reasonably priced too.
>
>
>
> > On Mar 1, 2016, at 9:24 AM, Mark Tinka  wrote:
> >
> >
> >
> >> On 1/Mar/16 09:44, Pavel Odintsov wrote:
> >> But unfortunately they (Cisco Nexus) are pretty expensive and fairly
> >> new for DC and ISP market. It's pretty rare to find big company with
> >> switching backbone on Nexus switches.
> >
> > As opposed to?
> >
> > We are looking at the Nexus 7700 for 100Gbps core switching.
> >
> > Mark.
>

Re: sFlow vs netFlow/IPFIX

[Pavel Odintsov]

Yep, actually do not mean. I've never used Nexus and haven't any
experience with it :) I mentioned this in original message. I'm pretty
sure it's awesome switch. But as I haven't any experience I do not
known cons and pros about it.

On Tue, Mar 1, 2016 at 5:38 PM, Mark Tinka  wrote:
>
>
> On 1/Mar/16 16:33, Pavel Odintsov wrote:
>
>> As opposed to older Cisco switches.
>
> Well, every vendor has older switches.
>
>>  Btw, 100GE is pretty new and
>> actually I have experience only with Extreme Black Diamond 8.
>
> Does not mean the Nexus is a bad choice for high capacity core
> switching. Just means you know Extreme.
>
> Mark.



-- 
Sincerely yours, Pavel Odintsov

Re: sFlow vs netFlow/IPFIX

[Mark Tinka]

On 1/Mar/16 16:33, Pavel Odintsov wrote:

> As opposed to older Cisco switches.

Well, every vendor has older switches.

>  Btw, 100GE is pretty new and
> actually I have experience only with Extreme Black Diamond 8.

Does not mean the Nexus is a bad choice for high capacity core
switching. Just means you know Extreme.

Mark.

Re: sFlow vs netFlow/IPFIX

[David Bass]

I don't agree with that statement (about rare to find big companies using 
Nexus).  If you want 10 gig/40 gig (or 100 gig soon) your options are Cisco 
Nexus/Arista/Juniper QFX...some periphery devices as well, but the majority use 
one of those 3. 

The merchant silicon based switches are pretty reasonably priced too. 



> On Mar 1, 2016, at 9:24 AM, Mark Tinka  wrote:
> 
> 
> 
>> On 1/Mar/16 09:44, Pavel Odintsov wrote:
>> But unfortunately they (Cisco Nexus) are pretty expensive and fairly
>> new for DC and ISP market. It's pretty rare to find big company with
>> switching backbone on Nexus switches.
> 
> As opposed to?
> 
> We are looking at the Nexus 7700 for 100Gbps core switching.
> 
> Mark.

Re: sFlow vs netFlow/IPFIX

[Pavel Odintsov]

As opposed to older Cisco switches. Btw, 100GE is pretty new and
actually I have experience only with Extreme Black Diamond 8.

On Tue, Mar 1, 2016 at 5:24 PM, Mark Tinka  wrote:
>
>
> On 1/Mar/16 09:44, Pavel Odintsov wrote:
>> But unfortunately they (Cisco Nexus) are pretty expensive and fairly
>> new for DC and ISP market. It's pretty rare to find big company with
>> switching backbone on Nexus switches.
>
> As opposed to?
>
> We are looking at the Nexus 7700 for 100Gbps core switching.
>
> Mark.



-- 
Sincerely yours, Pavel Odintsov

Re: sFlow vs netFlow/IPFIX

[Mark Tinka]

On 1/Mar/16 09:44, Pavel Odintsov wrote:
> But unfortunately they (Cisco Nexus) are pretty expensive and fairly
> new for DC and ISP market. It's pretty rare to find big company with
> switching backbone on Nexus switches.

As opposed to?

We are looking at the Nexus 7700 for 100Gbps core switching.

Mark.

Re: sFlow vs netFlow/IPFIX

[Mark Tinka]

On 29/Feb/16 12:15, Nikolay Shopik wrote:

> Cisco Nexus switches support sflow, since they are broadcom based.

Not all of them, just the Nexus 9000, IIRC.

Mark.

New survey report published: The regulatory conditions of internet interconnection

[Uta Meier-Hahn]

Hi,

A couple of months ago, I asked you to share your experiences with regards to 
public regulation of internet interconnection in a survey. Many networkers from 
around the globe participated. Thank you!

The report has now been published. I’m including the executive summary below. 
The full paper can be downloaded at 
. Feel free to 
share this link wherever you see fit.

Thanks again for providing your highly valuable input. I will be happy to hear 
what you think about the results.

Best wishes,

Uta


# Exploring the regulatory conditions of internet interconnection

## Executive summary

Network interconnection is a central feature of the internet that has been 
subject to only little formal regulation. However, local public regulation is 
starting to emerge – be it through disclosure regulations, mandatory peering or 
licensing terms. Due to the networked nature of the internet, local rules may 
acquire a global scope.

This report explores internet interconnection professionals’ encounters with 
public regulation and it provides an initial overview about how this regulation 
affects internet connectivity. On the basis of a convenience sample of 163 
survey submissions, the following has been found:

* Nine out of ten kinds of regulation presented to the participants have been 
encountered by more than half of them. This result gives reason to revisit the 
widespread notion that internet interconnection is an unregulated space. 66% of 
the participants have encountered a regulatory authority that imposes its own 
technical or operational standards. Moreover, imposition of regulatory 
standards was regarded to be the most influential on internet interconnection 
practices, together with competition laws (both 67%).

* Local regulation of internet interconnection creates a tension between the 
regulated and the unregulated space in the internet. In order to overcome the 
normative difference, network operators need to make an extra effort. The 
degree to which network operators are affected by local regulation depends on a 
networks’ structure rather than on its size. Local regulation raises more 
difficulties for the kinds of infrastructural innovations that depend on having 
many points of presence.

* For networkers, public regulation of internet interconnection is relevant in 
three thematic domains: 1) in the economies of internet interconnection, 2) in 
engineering and operations, and 3) in the modes of governance.

* Overarching observations note that public regulation of internet 
interconnection contributes to a formalisation of the otherwise very informal 
sector. It also shines a spotlight on how networks are categorised and are 
thereby “prepared” for the application of regulation. Further, various examples 
highlight how regulatory authorities co-opt internet infrastructure for new 
policy purposes that were previously not understood as central to internet 
operations, e.g., data retention.

* Local networkers value the presence of international network operators not 
only as potential peering partners but also as mediators for know-how about 
best practices and advanced modes of internet interconnection.

* Networkers are very critical about regulations that contradict engineering 
principles. The most accepted forms of regulation also apply in other societal 
spheres: basic rights for citizens, e.g., for broadband, and competition 
regulation.

—
Uta Meier-Hahn | Doctoral Researcher
Alexander von Humboldt Institute for Internet and Society
Französische Straße 9 | 10117 Berlin
Phone +49 30 200 760-82 | http://www.hiig.de/en


signature.asc
Description: Message signed with OpenPGP using GPGMail