Re: Fiber Network Equipment Commercial Norms

[Seth Mattinen]

On 9/22/21 6:12 PM, Lady Benjamin Cannon of Glencoe, ASCE wrote:

If someone were to make us remove a redundant DWDM node, we’d charge them list 
price to ever consider putting it back*, plus a deposit, plus our costs for the 
removal in the first place.  Bad move.  Enjoy the $8million, it could cost more 
than that to undo this mistake.

*you’d actually never ever get it back in the form you’d want. We’ll never 
trust the site again and won’t place critical infrastructure there, we’d only 
build back what’s needed to serve the use.




Buy the building then. Owners change and some are more friendly than 
others. Why would someone ever place critical infrastructure at a site 
without a solid agreement that prohibits removal, or at least making 
them whole financially so they don't have to take it out on the next 
person that comes along? I'd hate to be the poor customer that gets 
treated as lesser class because a previous owner caused hurt feelings.

Re: DNS & IP address management

[Owen DeLong via NANOG]

Many organizations will use their in-addr.arpa zone(s) as an alternative form 
of poor-man’s IPAM.

It looks like you’ve come across some such organizations.

Likely those are simply the free (unassigned) addresses within the 
organization. Likely there are other similar host names in other /24s in the 
same organization if they have more than a /24 of total address space.

OTOH, organizations which do this tend to be relatively small as it doesn’t 
scale well to multiple administrators managing the same free pool.

Owen


> On Sep 22, 2021, at 07:12 , Joel Sommers  wrote:
> 
> Hello all -
> 
> I am a researcher at Colgate University, working with colleagues at the 
> University of Wisconsin and Boston University on studying aspects of the DNS.
> 
> We're wondering if anyone here would be willing to share some insight into an 
> apparent IP address management practice we have observed that is evident 
> through the DNS.  In particular, we've seen a number of organizations that 
> have a fairly large number of IPv4 addresses (typically all within the same 
> /24 aggregate or similar) all associated with a single FQDN, where the name 
> is typically something like "reserved.52net.example.tld".  Besides the common 
> "reserved" keyword in the FQDN, we also see names like 
> "not-in-use.example.tld", again with quite a few addresses all mapped to that 
> one name.  The naming appears to suggest that this is an on-the-cheap IP 
> address management practice, but we are wondering if there are other 
> operational reasons that might be behind what we observe.
> 
> Thank you for any insights you have -- please feel free to respond off-list.
> 
> Regards,
> Joel Sommers

Re: IPv6 woes - RFC

[Owen DeLong via NANOG]

> On Sep 22, 2021, at 07:47 , Masataka Ohta  
> wrote:
> 
> Owen DeLong wrote:
> 
>>> As mergers of ASes increases the number of announcements and IPv4
>>> addresses were allocated a lot earlier than those of IPv6,
>>> comparing the current numbers of announcements is not meaningful.
>> Mergers of ASes does not increase announcements in IPv4 nearly as
>> much as slow-start and repeated expanding requests for additional
>> IPv4 space have.
> 
> That *was* a factor, when increased number of subscribers
> meant more free addresses.

It’s still a factor as many providers are purchasing addresses rather than 
deploy CGN
because they don’t want the expensive phone calls CGN causes.

> Today, as /24 can afford hundreds of thousands of subscribers
> by NAT, only very large retail ISPs need more than one
> announcement for IPv4.

I fail to grasp this desire to move the majority of users from second class 
citizens of the
network to third class all in the interests of forestalling the inevitable.

> 
>>> As a result, size of global routing table will keep increasing
>>> unless there are other factors to limit it.
>> Sure, but it’s very clear that the rate of increase for IPv6 appears
>> to be roughly 1/8th that of IPv4,
> 
> It merely means IPv6 is not deployed at all by small ISPs
> and multihomed sites.

Not true. Judging by the number of /48s in the table, IPv6 is relatively
widely deployed by multi homed end sites and judging by the number
of /32 to /40 prefixes, also widely deployed by small-iso ISPs.

> 
> > The reality is that IPv4 will never be completely disaggregated into
> > /24s
> 
> You are so optimistic.

Yes, I’ll be surprised if (e.g. Apple, HP) part out their /8s in to /24s.

I’ll be surprised if a bunch of large organizations fully part out
their /16s and such.

I doubt any major eyeball ISPs will be significantly disbursing or
disaggregating any of their large blocks any time soon.

I suppose you can call that optimism. I call it realism.

Frankly, the faster IPv4 fully fragments, the better because that only
serves to make continuing to carry it all the more expensive, further
making the case for IPv6.

> 
> > and IPv6 will never be completely disaggregated into /48s, so
> > this is actually meaningless and not predictive in any way.
> 
> That IPv6 will be disaggregated into /40 or even /32 is disastrous.

Which it won’t.

It’s unlikely we will fully deploy 2000::/3 in the lifetime of anyone
on this list today.

>> There is no need for such motivation in IPv6 and better yet,
> 
> Then, in a long run, IPv6 will be disaggregated into /32 or /40.

Not likely… Too many providers and large organizations getting
/20s and /24s for that to happen.

>> since
>> the two organizations have fully globally unique addresses deployed
>> throughout their network, there's no risk of collisions in RFC-1918
>> space necessitating large renumbering projects to merge the networks.
> 
> You fully misunderstand why NAT is so popular today defeating IPv6.

Maybe… I certainly don’t understand why it is popular. It’s simply awful.

> Even if two organizations are merged, sites of the organizations
> are, in general, not merged.

Seems rather pointless and counterproductive.

> As private address space behind NAT is used by each site
> independently, there is no renumbering occur for the private
> addresses.

Well, as GUA would be globally unique to each site, there would be
a full ability to merge the sites _AND_ no renumbering cost.

Can you explain any way in which NAT is somehow better?

Owen

Re: Fiber Network Equipment Commercial Norms

[Lady Benjamin Cannon of Glencoe, ASCE]

If someone were to make us remove a redundant DWDM node, we’d charge them list 
price to ever consider putting it back*, plus a deposit, plus our costs for the 
removal in the first place.  Bad move.  Enjoy the $8million, it could cost more 
than that to undo this mistake.

*you’d actually never ever get it back in the form you’d want. We’ll never 
trust the site again and won’t place critical infrastructure there, we’d only 
build back what’s needed to serve the use.

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
l...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the 
world.”

FCC License KJ6FJJ

Sent from my iPhone via RFC1149.

> On Sep 22, 2021, at 9:58 AM, William Herrin  wrote:
> 
> On Wed, Sep 22, 2021 at 9:29 AM  wrote:
>> A few of the buildings that my firm represents have the local telco’s fiber 
>> distribution and/or repeater equipment located on the premises. My 
>> understanding is that when one of these links go down, (we’ve occasionally 
>> had to interrupt circuit power to do maintenance in a building for one 
>> reason or another), a local engineering tech always comes running to restore 
>> the link. The tech has led our maintenance staff to believe that these 
>> repeaters are an integral part of the local ring, which fits my 
>> understanding.
>> 
>> When a network operator has equipment located at a third party premises, 
>> what is the norm for commercial contractual terms regarding the siting of 
>> that equipment? Any network equipment on site pre-dates my client’s 
>> ownership of the buildings, and they have no record of any agreements or 
>> easements governing who is responsible for power, maintenance, liability, 
>> etc.
>> 
>> My client has no philosophical objection to having the equipment on site, 
>> but he’s asked why he has had to pay to power and cool this equipment for 
>> almost 20 years when it serves him no benefit (he is not utilizing that 
>> company’s services). I figure some of you may be able to give me an insight 
>> as to what is normal and reasonable. Feel free to contact me directly if 
>> this message is not suitable for this distribution list.
> 
> 
> The equipment is generally there at the invitation of someone who has
> purchased services from the operator with the typically verbal
> permission of the building owner. It will be removed more or less
> promptly on demand, but you don't want to do that. When you or a
> tenant want to buy their services, getting them to bring the equipment
> in is difficult and generally not timely. And having previously
> hassled them, it would certainly not come without cost.
> 
> The immediate availability of services from the vendor positively
> impacts the utility of the whole building. This is a plus for you at
> the relatively modest cost of providing some electricity.
> 
> The equipment should be battery backed with at least a day's worth of
> power. If it isn't, tell them you're doing renovations and can't
> guarantee uninterrupted power. Advise them to upgrade or replace the
> battery string. What they do beyond that is up to them.
> 
> The equipment is likely part of the local ring but if they permanently
> remove it, they'll simply splice the fiber removing that stop on the
> ring. So it isn't a huge deal to remove it, but it'll be a big deal to
> ever put it back. Even if you pay them.
> 
> The above primarily applies to the local telephone company equipment.
> There are also non-phone company network operators who site things
> which are intended to service the surrounding area rather than the
> building itself. Those typically have a more formal agreement, either
> a rent payment or comped services. The company will be able to produce
> that agreement (or at least relate its terms) upon request.
> 
> Regards,
> Bill Herrin
> 
> -- 
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/

Re: IPv6 woes - RFC

[Mark Andrews]

And how many apartments where covered by that single IP address? Was this
where there is a restriction on other providers so the occupants had no
choice of wireline ISP?

> On 23 Sep 2021, at 09:38, Colton Conor  wrote:
> 
> Where does this "You can only have about 200-300 subscribers per IPv4
> address on a CGN." limit come from? I have seen several apartment
> complexes run on a single static IPv4 address using a Mikrotik with
> NAT.
> 
> On Wed, Sep 22, 2021 at 2:49 PM Baldur Norddahl
>  wrote:
>> 
>> 
>> 
>> On Wed, 22 Sept 2021 at 16:48, Masataka Ohta 
>>  wrote:
>>> 
>>> Today, as /24 can afford hundreds of thousands of subscribers
>>> by NAT, only very large retail ISPs need more than one
>>> announcement for IPv4.
>> 
>> 
>> You can only have about 200-300 subscribers per IPv4 address on a CGN. If 
>> you try to go further than that, for example by using symmetric NAT, you 
>> will increase the number of customers that want to get a public IPv4 of 
>> their own. That will actually decrease the combined efficiency and cause you 
>> to need more, not less, IPv4 addresses.
>> 
>> Without checking our numbers, I believe we have at least 10% of the 
>> customers that are paying for a public IPv4 to escape our CGN. This means a 
>> /24 will only be enough for about 2500 customers maximum. The "nat escapers" 
>> drown out the efficiency of the NAT pool.
>> 
>> The optimization you need to do is to make the CGN as customer friendly as 
>> possible instead of trying to squeeze the maximum customers per CGN IPv4 
>> address.
>> 
>> Perhaps IPv6 can lower the number of people that need to escape IPv4 nat. If 
>> it helps just a little bit, that alone will make implementing IPv6 worth it 
>> for smaller emerging operators. Buying IPv4 has become very expensive. Yes 
>> you can profit from selling a public IPv4 address to the customer, but there 
>> is also the risk that the customer just goes to the incumbent, which has old 
>> large pools of IPv4 and provides it for free.
>> 
>> Regards,
>> 
>> Baldur
>> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Re: Fiber Network Equipment Commercial Norms

[Lady Benjamin Cannon of Glencoe, ASCE]

Yes that’s correct, however the definition of “reasonable” appears to have been 
decided to be “what they charge the other carriers, if anything”

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
l...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the 
world.”

FCC License KJ6FJJ

Sent from my iPhone via RFC1149.

> On Sep 22, 2021, at 9:53 AM, sro...@ronan-online.com wrote:
> 
> It gives them the right to enter the building, but the building can charge 
> “a reasonable fee” for things like power/space/cooling.
> 
> Shane Ronan
> 
>>> On Sep 22, 2021, at 12:45 PM, Lady Benjamin Cannon of Glencoe, ASCE 
>>>  wrote:
>>> 
>> Fiber in a building adds 8% to the value of that building.  Half-penny 
>> pinching “mah powah” landlords are especially annoying in a cosmic sense - 
>> and just make me want to replace them.
>> 
>> The telecommunications act of 1934 permits telcos to enter a building with 
>> their equipment. 
>> 
>> I’d upgrade the MPOE do a datacenter with 2N generators and UPS - then 
>> upsell them colo.
>> 
>> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
>> 6x7 Networks & 6x7 Telecom, LLC 
>> CEO 
>> l...@6by7.net
>> "The only fully end-to-end encrypted global telecommunications company in 
>> the world.”
>> 
>> FCC License KJ6FJJ
>> 
>> Sent from my iPhone via RFC1149.
>> 
 On Sep 22, 2021, at 9:28 AM, jra...@gmail.com wrote:
 
>>> 
>>> A few of the buildings that my firm represents have the local telco’s fiber 
>>> distribution and/or repeater equipment located on the premises. My 
>>> understanding is that when one of these links go down, (we’ve occasionally 
>>> had to interrupt circuit power to do maintenance in a building for one 
>>> reason or another), a local engineering tech always comes running to 
>>> restore the link. The tech has led our maintenance staff to believe that 
>>> these repeaters are an integral part of the local ring, which fits my 
>>> understanding.
>>>  
>>> When a network operator has equipment located at a third party premises, 
>>> what is the norm for commercial contractual terms regarding the siting of 
>>> that equipment? Any network equipment on site pre-dates my client’s 
>>> ownership of the buildings, and they have no record of any agreements or 
>>> easements governing who is responsible for power, maintenance, liability, 
>>> etc.
>>>  
>>> My client has no philosophical objection to having the equipment on site, 
>>> but he’s asked why he has had to pay to power and cool this equipment for 
>>> almost 20 years when it serves him no benefit (he is not utilizing that 
>>> company’s services). I figure some of you may be able to give me an insight 
>>> as to what is normal and reasonable. Feel free to contact me directly if 
>>> this message is not suitable for this distribution list.
>>>  
>>> Appreciate the insight,
>>>  
>>>  
>>> Jeff Ray
>>> O:  (956) 542-3642
>>> C:  (956) 592-2019
>>> jra...@gmail.com
>>>  
>>>  
>>> This message has been sent as a part of a discussion between Jeff Ray and 
>>> the intended recipient identified above. Some topics may be sensitive and 
>>> subject to legal privilege, confidentiality, or other non-disclosure 
>>> agreement. Should you receive this message by mistake, we would be most 
>>> grateful if you informed us that the message has been sent to you. In that 
>>> case, we also ask that you delete this message from your mailbox, and do 
>>> not forward or speak of it (or its contents) to anyone else. Thank you for 
>>> your cooperation and understanding.
>>>  

Re: Fiber Network Equipment Commercial Norms

[Julien Goodwin]

On 23/9/21 3:01 am, Grant Taylor via NANOG wrote:
> On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
>> Half-penny pinching “mah powah” landlords are especially annoying in a
>> cosmic sense
> 
> I know someone who had a bit of a different experience.
> 
> Someone, purportedly the telco but I'm not sure who, had telco equipment
> in a building and the batteries hadn't been serviced in the better part
> of a decade and there was a strong smell of battery acid in the room.
> 
> I heard that building management put a hard line of something like 36
> hours for the equipment owner to address the problem, or at least
> respond with an acceptable time line, lest the building electrician
> would remove the batteries as a health and safety concern.
> 
> The equipment owner materialized and removed the batteries within 72
> hours.  The bulk of the equipment was removed the following month.

Potential acid leaks are nothing to sneeze at. Maybe two years ago we
were doing an audit to see if we could find where all the analog phone
lines we were paying for in a building were. As part of this was some
waiting around in the MDF room while one of my coworkers dug through
patch logs. I noticed what looked near certain to be internal battery
acid leakage within one of the telco racks in the room, called the telco
on their infrastructure faults line (outsourced to a foreign country of
course, but still), and *within an hour* had a tech outside the building.

A friend of mine has also had success pointing out (to the same normally
recalcitrant telco) that the building was being demolished, and their
equipment was going whether they liked it or not, which solved a then
months-ongoing problem.

Re: IPv6 woes - RFC

[Colton Conor]

Where does this "You can only have about 200-300 subscribers per IPv4
address on a CGN." limit come from? I have seen several apartment
complexes run on a single static IPv4 address using a Mikrotik with
NAT.

On Wed, Sep 22, 2021 at 2:49 PM Baldur Norddahl
 wrote:
>
>
>
> On Wed, 22 Sept 2021 at 16:48, Masataka Ohta 
>  wrote:
>>
>> Today, as /24 can afford hundreds of thousands of subscribers
>> by NAT, only very large retail ISPs need more than one
>> announcement for IPv4.
>
>
> You can only have about 200-300 subscribers per IPv4 address on a CGN. If you 
> try to go further than that, for example by using symmetric NAT, you will 
> increase the number of customers that want to get a public IPv4 of their own. 
> That will actually decrease the combined efficiency and cause you to need 
> more, not less, IPv4 addresses.
>
> Without checking our numbers, I believe we have at least 10% of the customers 
> that are paying for a public IPv4 to escape our CGN. This means a /24 will 
> only be enough for about 2500 customers maximum. The "nat escapers" drown out 
> the efficiency of the NAT pool.
>
> The optimization you need to do is to make the CGN as customer friendly as 
> possible instead of trying to squeeze the maximum customers per CGN IPv4 
> address.
>
> Perhaps IPv6 can lower the number of people that need to escape IPv4 nat. If 
> it helps just a little bit, that alone will make implementing IPv6 worth it 
> for smaller emerging operators. Buying IPv4 has become very expensive. Yes 
> you can profit from selling a public IPv4 address to the customer, but there 
> is also the risk that the customer just goes to the incumbent, which has old 
> large pools of IPv4 and provides it for free.
>
> Regards,
>
> Baldur
>

Only 5 Short Weeks Left to Register + More

[Nanog News]

Register Now for NANOG 83







*NANOG 83 is only five short weeks away. Get ready for a jam-packed
schedule of incredible programming that is sure to educate + inspire our
community.  Our first hybrid meeting will take place in person in
Minneapolis + virtually (stream + interact live) Nov. 1-3. NANOG is taking
every precaution to ensure a safe event. To learn more about our safety
protocols, click here.
Whether in-person
screen or through our virtual platform, we can't wait to see you
there! REGISTER NOW  *
VIDEO | Ep. 2 Trailer
"Internet Innovators" w/ Geoff Huston
Why the Internet is "busted," according to this Internet Pioneer
“The Internet is a gigantic vanity reinforcing distorted tick-tock
selfie-and web security is the punch line to some demented sick joke,”
 -
Geoff Huston

*Join us next week: *According to the Internet Hall of Fame global
connector + chief scientist for Telstra, Geoff Huston, *the Emperor has no
clothes. *Leave it to Huston to make the hairy + scary parts of the
Internet almost sound charming.

Maybe it's his sparkling wit, charming demeanor, (or maybe even) the
Australian accent that makes all pills a little easier to swallow.  Huston
joined us for a raw conversation about the future of the Internet and left
no elephant in the room untouched.

*Watch the full episode:* Ep. 2 will be released next week (Sept. 29) here.
 In the meantime,



*watch the trailer here.  WATCH EP. 2
TRAILER  *
Future Engineers:
Stay Ahead of this Curve
What might surprise you about Network Engineering
*According to an eWeek
report,*
 Network Engineering has been rated one of the  ‘Hottest’ IT jobs. The
field of Network Engineering is thrilling, but not for the faint of tech
heart. This industry beckons the easy adapters and those who can stay ahead
(and ride) all the curves of the technology world.

In exchange for keeping up in this fast-paced industry, one can expect
rewards in long-term skill development and high average salaries. As we
kick off the 2021-22 school season, it’s a perfect time to assess the
industry.

So, where is it now? And where is it going?

*READ MORE *

Re: Fiber Network Equipment Commercial Norms

[Lady Benjamin Cannon of Glencoe, ASCE]

Those, as well as cable and label tags with the NOC nunber, are worth their 
weight in gold to be honest.

Almost any telco should give you a Right of Entry agreement that codified 
things like insurance, etc.  It’s “our gear” so of course we are responsible 
for it, but you should codify it in an agreement 

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
l...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the 
world.”

FCC License KJ6FJJ

Sent from my iPhone via RFC1149.

> On Sep 22, 2021, at 3:33 PM, Tim Howe  wrote:
> 
> On Wed, 22 Sep 2021 14:47:32 -0500
>  wrote:
> 
>> Whatever it is, the owner comes running when the local maintenance
>> apprentice unplugs it…. He tells me they show up within 30-45 minutes.
> 
>We've attempted to address this problem by having plastic tags
> on the power cords that basically say "don't unplug me!".  I call them
> "no no tags".  They were about $1.25 per to have them printed; they are
> about 7 x 3 inches.  I think our only issue has been an "IT Guy" who
> thought unplugging everything in the room would be a good first step to
> solving his unrelated network problems.
> 
> --TimH

Re: Fiber Network Equipment Commercial Norms

[Tim Howe]

On Wed, 22 Sep 2021 14:47:32 -0500
 wrote:

> Whatever it is, the owner comes running when the local maintenance
> apprentice unplugs it…. He tells me they show up within 30-45 minutes.

We've attempted to address this problem by having plastic tags
on the power cords that basically say "don't unplug me!".  I call them
"no no tags".  They were about $1.25 per to have them printed; they are
about 7 x 3 inches.  I think our only issue has been an "IT Guy" who
thought unplugging everything in the room would be a good first step to
solving his unrelated network problems.

--TimH

RE: Fiber Network Equipment Commercial Norms

[jray06]

Appreciate everyone’s comments here. Lots of good responses. I think the client 
isn’t really looking to squeeze the equipment owner here, more so just looking 
for a formal agreement that codifies responsibility, insurance, points of 
contact for notifications, etc… (the leaking battery example is a great example 
here). 

 

Tim has a good point, based on what I know about the building, I believe it to 
be part of a metro ring or backbone. This isn’t an MDU, but rather an 
institutional building where they previously brought in 4” cables full of 
twisted pair back in the 70’s. That’s all been replaced by the fiber now. 

 

Whatever it is, the owner comes running when the local maintenance apprentice 
unplugs it…. He tells me they show up within 30-45 minutes.

 

Thanks for everyone’s insight!

 

Thanks,

 

Jeff Ray

956-592-2019

jra...@gmail.com  

  

Re: IPv6 woes - RFC

[Baldur Norddahl]

On Wed, 22 Sept 2021 at 16:48, Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:

> Today, as /24 can afford hundreds of thousands of subscribers
> by NAT, only very large retail ISPs need more than one
> announcement for IPv4.
>

You can only have about 200-300 subscribers per IPv4 address on a CGN. If
you try to go further than that, for example by using symmetric NAT, you
will increase the number of customers that want to get a public IPv4 of
their own. That will actually decrease the combined efficiency and cause
you to need more, not less, IPv4 addresses.

Without checking our numbers, I believe we have at least 10% of the
customers that are paying for a public IPv4 to escape our CGN. This means a
/24 will only be enough for about 2500 customers maximum. The "nat
escapers" drown out the efficiency of the NAT pool.

The optimization you need to do is to make the CGN as customer friendly as
possible instead of trying to squeeze the maximum customers per CGN IPv4
address.

Perhaps IPv6 can lower the number of people that need to escape IPv4 nat.
If it helps just a little bit, that alone will make implementing IPv6 worth
it for smaller emerging operators. Buying IPv4 has become very expensive.
Yes you can profit from selling a public IPv4 address to the customer, but
there is also the risk that the customer just goes to the incumbent, which
has old large pools of IPv4 and provides it for free.

Regards,

Baldur

Re: [EXTERNAL] Re: VoIP Provider DDoSes

[K. Scott Helms]

The problem with this approach, and with scrubbing centers more generally,
is that while the cure might be better than the disease it doesn't result
in usable VOIP.  Voice customers don't care if things are _better_ but
their MOS scores are still below 2.

Scott Helms



On Wed, Sep 22, 2021 at 11:58 AM Compton, Rich A 
wrote:

> FYI, UTRS (Unwanted Traffic Removal Service
> https://team-cymru.com/community-services/utrs/) from Team Cymru is a
> free service where you can send a blackhole advertisement (sacrificing the
> one IP that’s under attack to save the rest of the network) and they will
> propagate that via BGP to hundreds of other ASNs which will then blackhole
> traffic to that IP.  This can drastically reduce the amount of DDoS traffic
> that is received by the victim network.
>
>
>
> -Rich
>
>
>
> *From: *NANOG  on
> behalf of Mike Hammett 
> *Date: *Wednesday, September 22, 2021 at 9:29 AM
> *To: *Terrance Devor 
> *Cc: *NANOG list 
> *Subject: *[EXTERNAL] Re: VoIP Provider DDoSes
>
>
>
> *CAUTION:* The e-mail below is from an external source. Please exercise
> caution before opening attachments, clicking links, or following guidance.
>
> Fail2Ban on a couple of dozen servers may not be sufficient to address 400
> gigs of traffic.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
>
> --
>
> *From: *"Terrance Devor" 
> *To: *"Mike Hammett" 
> *Cc: *"NANOG" 
> *Sent: *Wednesday, September 22, 2021 10:24:07 AM
> *Subject: *Re: VoIP Provider DDoSes
>
> Fail2Ban and give ourselves a pat on the back..
>
>
>
> On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett  wrote:
>
> https://twit.tv/shows/security-now/episodes/837?autostart=false
>
>
>
>
>
> It looks like Security Now covered this yesterday. They claimed that,
> "There  is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS
>  protection."
>
>
>
> Are any of the cloud DDoS mitigation services offering a service like this.
> --
>
> *From: *"Mike Hammett" 
> *To: *"NANOG" 
> *Sent: *Tuesday, September 21, 2021 4:19:42 PM
> *Subject: *VoIP Provider DDoSes
>
> As many may know, a particular VoIP supplier is suffering a DDoS.
> https://twitter.com/voipms
>
>
>
> Are your garden variety DDoS mitigation platforms or services equipped to
> handle DDoSes of VoIP services? What nuances does one have to be cognizant
> of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
>
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
>
>
>
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.
>

Re: VoIP Provider DDoSes

[Christopher Morrow]

On Wed, Sep 22, 2021 at 11:27 AM Mike Hammett  wrote:

> Fail2Ban on a couple of dozen servers may not be sufficient to address 400
> gigs of traffic.
>
>


Also, also.. keep in mind that 'fail2ban' does some processing on the log
messages to which it MAY take action.
It's taking, essentially, untrusted external input and ... acting as 'root'.

that sounds like a recipe for a disaster, to me... is the code utf-8 safe?
are the actions it takes safe in the context of whatever PTR record content
may come down the pipe? or apache(equivalent) log message parsing?




>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> --
> *From: *"Terrance Devor" 
> *To: *"Mike Hammett" 
> *Cc: *"NANOG" 
> *Sent: *Wednesday, September 22, 2021 10:24:07 AM
> *Subject: *Re: VoIP Provider DDoSes
>
> Fail2Ban and give ourselves a pat on the back..
>
> On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett  wrote:
>
>> https://twit.tv/shows/security-now/episodes/837?autostart=false
>>
>>
>> It looks like Security Now covered this yesterday. They claimed that,
>> "There  is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS
>>  protection."
>>
>> Are any of the cloud DDoS mitigation services offering a service like
>> this.
>>
>> --
>> *From: *"Mike Hammett" 
>> *To: *"NANOG" 
>> *Sent: *Tuesday, September 21, 2021 4:19:42 PM
>> *Subject: *VoIP Provider DDoSes
>>
>> As many may know, a particular VoIP supplier is suffering a DDoS.
>> https://twitter.com/voipms
>>
>> Are your garden variety DDoS mitigation platforms or services equipped to
>> handle DDoSes of VoIP services? What nuances does one have to be cognizant
>> of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>>
>> Midwest-IX
>> http://www.midwest-ix.com
>>
>>
>

Re: EXTERNAL: Re: VoIP Provider DDoSes

[K. Scott Helms]

I'm going to be reaching out to both of the organizations you listed, but I
don't see any of their documentation mentioning SIP, RTP, or any of the
"normal" VOIP protocols or use cases.

Scott Helms



On Wed, Sep 22, 2021 at 9:18 AM Ray Orsini  wrote:

> Yes there are. I was about to message Steve about the correction. Corero
> and path.net are options. There are others.
> [image: OIT Website] 
> Ray Orsini​
> Chief Executive Officer
> OIT, LLC
>  *305.967.6756 x1009* <305.967.6756%20x1009>  |   *305.571.6272*
>  *r...@oit.co*   |  [image: https://www.oit.co]
>  * www.oit.co* 
>  oit.co/ray
> [image: Facebook] 
> [image: LinkedIn] 
> [image: Twitter] 
> [image: YouTube] 
>
> *How are we doing? We'd love to hear your feedback. https://go.oit.co/review*
> 
> --
> *From:* NANOG  on behalf of Mike
> Hammett 
> *Sent:* Wednesday, September 22, 2021 9:08:22 AM
> *To:* NANOG 
> *Subject:* EXTERNAL: Re: VoIP Provider DDoSes
>
>
> CAUTION: This email originated from outside of the organization. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe. If you are unsure, please forward this email to the
> CSE team for review.
>
> https://twit.tv/shows/security-now/episodes/837?autostart=false
>
>
> It looks like Security Now covered this yesterday. They claimed that,
> "There  is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS
>  protection."
>
> Are any of the cloud DDoS mitigation services offering a service like this.
>
> --
> *From: *"Mike Hammett" 
> *To: *"NANOG" 
> *Sent: *Tuesday, September 21, 2021 4:19:42 PM
> *Subject: *VoIP Provider DDoSes
>
> As many may know, a particular VoIP supplier is suffering a DDoS.
> https://twitter.com/voipms
>
> Are your garden variety DDoS mitigation platforms or services equipped to
> handle DDoSes of VoIP services? What nuances does one have to be cognizant
> of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
>

Re: Fiber Network Equipment Commercial Norms

[Tim Howe]

Forgive the top post...

This issue /can/ be complicated, but I have some direct
experience with a lot of variations on this.

It sounds like this particular situation might involve
equipment that is part of a Metro ring.  This is pretty nice because it
might mean there is redundancy to the building and that a high quality
service is available to the tennants.  Years ago we started doing
installations like this, and their uniqueness in the market made them a
bit difficult to explain.  Also, it is possible to currently have no
tennants in your building using the service, but the equipment there
might still be integral to the overall Metro ring.  This is usually not
a problem since excellent Internet service is a great amenity to a
commercial rental property and these locations usually provide
facilities and power for other comm equipment.  We also often have
emergency off-hours access.
The lack of an agreement might be a sticking point.  We worked
with a couple of the largest commercial property management companies
in our area to craft an entrance agreement that included a provision
for the equipment being on-site even if it was not currently providing
service to an existing tennant.  The equipment can still be removed,
but we require a few months notice to do it properly in order to avoid
service degradations.  This has /so far/ not been an issue as the amenity
is valued.

In the case of other shared equipment such as for MDUs or,
voice, etc...  (long list of possibilities) lack of a current tennant
using them usually means their uptime is less important, and agreements
for placement are rare in my experience (some facilities are required
for occupancy).

Shared outdoor ONTs for duplex or quadplex townhomes is an
interesting case as you need to think about whose power is lighting the
ONT.  Providing fiber drops for every possible tennant could change the
ROI enough that we avoid it (YMMV).  The solution (for us) is often to
use dual-feed UPS setups.  What you are trying to avoid is one tennant
cutting service for others, or one tennant paying to power someone
else's service when they don't use it.  In some cases access to
facility power (for lighting and/or irrigation) that is independent of
any tennant power can be negotiated.
The power issue also comes up a occasionally in multi-tennant
buildings, especially if they weren't designed to be multi-tennant when
built.

We also have some situations where shared equipment is passive,
which is nice, but not always feasible with fiber.

--TimH

On Wed, 22 Sep 2021 11:23:25 -0500
 wrote:

> A few of the buildings that my firm represents have the local telco's fiber
> distribution and/or repeater equipment located on the premises. My
> understanding is that when one of these links go down, (we've occasionally
> had to interrupt circuit power to do maintenance in a building for one
> reason or another), a local engineering tech always comes running to restore
> the link. The tech has led our maintenance staff to believe that these
> repeaters are an integral part of the local ring, which fits my
> understanding.
> 
>  
> 
> When a network operator has equipment located at a third party premises,
> what is the norm for commercial contractual terms regarding the siting of
> that equipment? Any network equipment on site pre-dates my client's
> ownership of the buildings, and they have no record of any agreements or
> easements governing who is responsible for power, maintenance, liability,
> etc. 
> 
>  
> 
> My client has no philosophical objection to having the equipment on site,
> but he's asked why he has had to pay to power and cool this equipment for
> almost 20 years when it serves him no benefit (he is not utilizing that
> company's services). I figure some of you may be able to give me an insight
> as to what is normal and reasonable. Feel free to contact me directly if
> this message is not suitable for this distribution list. 
> 
>  
> 
> Appreciate the insight,
> 
>  
> 
>  
> 
> Jeff Ray
> 
> O:  (956) 542-3642
> 
> C:  (956) 592-2019
> 
> jra...@gmail.com

Re: Fiber Network Equipment Commercial Norms

[Brandon Svec via NANOG]

Everything is negotiable.  The building owner/representative can negotiate
with the telco any terms they wish.


On Wed, Sep 22, 2021 at 9:30 AM  wrote:

> A few of the buildings that my firm represents have the local telco’s
> fiber distribution and/or repeater equipment located on the premises. My
> understanding is that when one of these links go down, (we’ve occasionally
> had to interrupt circuit power to do maintenance in a building for one
> reason or another), a local engineering tech always comes running to
> restore the link. The tech has led our maintenance staff to believe that
> these repeaters are an integral part of the local ring, which fits my
> understanding.
>
>
>
> When a network operator has equipment located at a third party premises,
> what is the norm for commercial contractual terms regarding the siting of
> that equipment? Any network equipment on site pre-dates my client’s
> ownership of the buildings, and they have no record of any agreements or
> easements governing who is responsible for power, maintenance, liability,
> etc.
>
>
>
> My client has no philosophical objection to having the equipment on site,
> but he’s asked why he has had to pay to power and cool this equipment for
> almost 20 years when it serves him no benefit (he is not utilizing that
> company’s services). I figure some of you may be able to give me an insight
> as to what is normal and reasonable. Feel free to contact me directly if
> this message is not suitable for this distribution list.
>
>
>
> Appreciate the insight,
>
>
>
>
>
> *Jeff Ray*
>
> O:  (956) 542-3642
>
> C:  (956) 592-2019
>
> jra...@gmail.com
>
>
>
>
>
> This message has been sent as a part of a discussion between Jeff Ray and
> the intended recipient identified above. Some topics may be sensitive and
> subject to legal privilege, confidentiality, or other non-disclosure
> agreement. Should you receive this message by mistake, we would be most
> grateful if you informed us that the message has been sent to you. In that
> case, we also ask that you delete this message from your mailbox, and do
> not forward or speak of it (or its contents) to anyone else. Thank you for
> your cooperation and understanding.
>
>
>

Re: Fiber Network Equipment Commercial Norms

[Matt Erculiani]

If they're regularly sending people out to maintain the gear, and saying
it's part of a "ring" that means it's probably part of their
infrastructure and not just a local customer edge device for the building.
If you opt to bill them and they decide to pull out, they're still "on-net"
meaning at any point in the future if someone adds their services at the
building, they can re-install gear or just deliver it directly over the
fiber; they're not gone permanently.

I see this a pretty much a mathematical cost equation for the billing:

Have an electrician come out and perform a power audit on the circuit
you're using. It'll cost you $300-ish and you'll have a baseline number you
can use for billing.
The electrician will give you a wattage for the rack, and it's
non-intrusive so they don't have to shut everything off. It's up to you if
you want to notify the telco or not, but it would be courteous to do so.

Multiply that wattage by 0.001 (convert to KW) times 24 (hours per day)
then by 30.5 (days per month).
Now you have their monthly KWh usage, which is what your electric bill
uses. Divide out their proportion of the total KWh on your monthly electric
bill.
Then, multiply that figure by 1.5 to account for cooling costs being
roughly half of the rack's load (assuming a 1.5 PUE, which is high, but not
unreasonably so for billing purposes)
Next, take your standard price per square foot rate and multiply that by 6
per rack of equipment they have to account for their physical footprint in
the building. This is not necessarily needed depending on how generous
you're feeling, as footprint in an MDF doesn't particularly "cost" you
anything unless space there is tight.
Finally, average out the number of dispatches they do per month and what
that costs you to pay someone to escort them. Figure 2x the person's wage
to account for possible overtime and administrative overhead.

IMO this is an incredibly fair way to go about this. You're essentially
billing them power/cooling at rough cost and charging them what you'd
charge anyone else for presence in the building.
You're right, you shouldn't have to pay for their electricity, especially
if neither your client, nor any tenants are using them as a service
provider.
Take this opportunity to codify their use of the space in writing, citing
that they're guaranteed that space for X number of years with this
agreement. Make sure there's a provision where the power piece of the bill
can be adjusted if they add or remove equipment.

On Wed, Sep 22, 2021 at 11:05 AM Grant Taylor via NANOG 
wrote:

> On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
> > Half-penny pinching “mah powah” landlords are especially annoying in a
> > cosmic sense
>
> I know someone who had a bit of a different experience.
>
> Someone, purportedly the telco but I'm not sure who, had telco equipment
> in a building and the batteries hadn't been serviced in the better part
> of a decade and there was a strong smell of battery acid in the room.
>
> I heard that building management put a hard line of something like 36
> hours for the equipment owner to address the problem, or at least
> respond with an acceptable time line, lest the building electrician
> would remove the batteries as a health and safety concern.
>
> The equipment owner materialized and removed the batteries within 72
> hours.  The bulk of the equipment was removed the following month.
>
>
>
> --
> Grant. . . .
> unix || die
>
>

-- 
Matt Erculiani
ERCUL-ARIN

Re: Fiber Network Equipment Commercial Norms

[Shawn L via NANOG]

This one is always a bit tricky. 
 
For example, if you have an apartment building with say 8 apartments, the 
provider can install a larger MDU in a centralized location and potentially 
utilized existing internal cabling in the building to get to each apartment 
that would like service.  It's a fairly quick and easy install.  Though someone 
(building owner usually) has to provide the power for the MDU.
 
In the same building, if you cannot install a large MDU somewhere, the provider 
needs to figure out how to get a fiber to each apartment that wants service.  
In most cases it's a pain.  In others, it's not possible or prohibitively 
expensive.  The customer doesn't want to pay that much for installation, 
because they only rent an apartment and could move out at any time.  The 
building owner doesn't want to pay it either.
 
In most cases, the owner is willing to provide a little power to be able to say 
"apartments in my building all have fiber Internet".  And potentially charge a 
little more in the rent.
 
Shawn


-Original Message-
From: "Grant Taylor via NANOG" 
Sent: Wednesday, September 22, 2021 1:01pm
To: nanog@nanog.org
Subject: Re: Fiber Network Equipment Commercial Norms



On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
> Half-penny pinching “mah powah” landlords are especially annoying in a 
> cosmic sense

I know someone who had a bit of a different experience.

Someone, purportedly the telco but I'm not sure who, had telco equipment 
in a building and the batteries hadn't been serviced in the better part 
of a decade and there was a strong smell of battery acid in the room.

I heard that building management put a hard line of something like 36 
hours for the equipment owner to address the problem, or at least 
respond with an acceptable time line, lest the building electrician 
would remove the batteries as a health and safety concern.

The equipment owner materialized and removed the batteries within 72 
hours. The bulk of the equipment was removed the following month.



-- 
Grant. . . .
unix || die

Re: Fiber Network Equipment Commercial Norms

[Grant Taylor via NANOG]

On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
Half-penny pinching “mah powah” landlords are especially annoying in a 
cosmic sense


I know someone who had a bit of a different experience.

Someone, purportedly the telco but I'm not sure who, had telco equipment 
in a building and the batteries hadn't been serviced in the better part 
of a decade and there was a strong smell of battery acid in the room.


I heard that building management put a hard line of something like 36 
hours for the equipment owner to address the problem, or at least 
respond with an acceptable time line, lest the building electrician 
would remove the batteries as a health and safety concern.


The equipment owner materialized and removed the batteries within 72 
hours.  The bulk of the equipment was removed the following month.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Fiber Network Equipment Commercial Norms

[Aaron Wendel]

The building owner has no obligation to the provider.  If it provides no 
value, call them and tell them to remove the equipment if you don't want 
it in your building.


Aaron


On 9/22/2021 11:23 AM, jra...@gmail.com wrote:


A few of the buildings that my firm represents have the local telco’s 
fiber distribution and/or repeater equipment located on the premises. 
My understanding is that when one of these links go down, (we’ve 
occasionally had to interrupt circuit power to do maintenance in a 
building for one reason or another), a local engineering tech always 
comes running to restore the link. The tech has led our maintenance 
staff to believe that these repeaters are an integral part of the 
local ring, which fits my understanding.


When a network operator has equipment located at a third party 
premises, what is the norm for commercial contractual terms regarding 
the siting of that equipment? Any network equipment on site pre-dates 
my client’s ownership of the buildings, and they have no record of any 
agreements or easements governing who is responsible for power, 
maintenance, liability, etc.


My client has no philosophical objection to having the equipment on 
site, but he’s asked why he has had to pay to power and cool this 
equipment for almost 20 years when it serves him no benefit (he is not 
utilizing that company’s services). I figure some of you may be able 
to give me an insight as to what is normal and reasonable. Feel free 
to contact me directly if this message is not suitable for this 
distribution list.


Appreciate the insight,

*Jeff Ray*

O:  (956) 542-3642

C:  (956) 592-2019

jra...@gmail.com

This message has been sent as a part of a discussion between Jeff Ray 
and the intended recipient identified above. Some topics may be 
sensitive and subject to legal privilege, confidentiality, or other 
non-disclosure agreement. Should you receive this message by mistake, 
we would be most grateful if you informed us that the message has been 
sent to you. In that case, we also ask that you delete this message 
from your mailbox, and do not forward or speak of it (or its contents) 
to anyone else. Thank you for your cooperation and understanding.




--

Aaron Wendel
Chief Technical Officer
Wholesale Internet, Inc. (AS 32097)
(816)550-9030
http://www.wholesaleinternet.com

Re: Fiber Network Equipment Commercial Norms

[William Herrin]

On Wed, Sep 22, 2021 at 9:29 AM  wrote:
> A few of the buildings that my firm represents have the local telco’s fiber 
> distribution and/or repeater equipment located on the premises. My 
> understanding is that when one of these links go down, (we’ve occasionally 
> had to interrupt circuit power to do maintenance in a building for one reason 
> or another), a local engineering tech always comes running to restore the 
> link. The tech has led our maintenance staff to believe that these repeaters 
> are an integral part of the local ring, which fits my understanding.
>
> When a network operator has equipment located at a third party premises, what 
> is the norm for commercial contractual terms regarding the siting of that 
> equipment? Any network equipment on site pre-dates my client’s ownership of 
> the buildings, and they have no record of any agreements or easements 
> governing who is responsible for power, maintenance, liability, etc.
>
> My client has no philosophical objection to having the equipment on site, but 
> he’s asked why he has had to pay to power and cool this equipment for almost 
> 20 years when it serves him no benefit (he is not utilizing that company’s 
> services). I figure some of you may be able to give me an insight as to what 
> is normal and reasonable. Feel free to contact me directly if this message is 
> not suitable for this distribution list.


The equipment is generally there at the invitation of someone who has
purchased services from the operator with the typically verbal
permission of the building owner. It will be removed more or less
promptly on demand, but you don't want to do that. When you or a
tenant want to buy their services, getting them to bring the equipment
in is difficult and generally not timely. And having previously
hassled them, it would certainly not come without cost.

The immediate availability of services from the vendor positively
impacts the utility of the whole building. This is a plus for you at
the relatively modest cost of providing some electricity.

The equipment should be battery backed with at least a day's worth of
power. If it isn't, tell them you're doing renovations and can't
guarantee uninterrupted power. Advise them to upgrade or replace the
battery string. What they do beyond that is up to them.

The equipment is likely part of the local ring but if they permanently
remove it, they'll simply splice the fiber removing that stop on the
ring. So it isn't a huge deal to remove it, but it'll be a big deal to
ever put it back. Even if you pay them.

The above primarily applies to the local telephone company equipment.
There are also non-phone company network operators who site things
which are intended to service the surrounding area rather than the
building itself. Those typically have a more formal agreement, either
a rent payment or comped services. The company will be able to produce
that agreement (or at least relate its terms) upon request.

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: Fiber Network Equipment Commercial Norms

[sronan]

It gives them the right to enter the building, but the building can charge “a 
reasonable fee” for things like power/space/cooling.

Shane Ronan

> On Sep 22, 2021, at 12:45 PM, Lady Benjamin Cannon of Glencoe, ASCE 
>  wrote:
> 
> Fiber in a building adds 8% to the value of that building.  Half-penny 
> pinching “mah powah” landlords are especially annoying in a cosmic sense - 
> and just make me want to replace them.
> 
> The telecommunications act of 1934 permits telcos to enter a building with 
> their equipment. 
> 
> I’d upgrade the MPOE do a datacenter with 2N generators and UPS - then upsell 
> them colo.
> 
> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
> 6x7 Networks & 6x7 Telecom, LLC 
> CEO 
> l...@6by7.net
> "The only fully end-to-end encrypted global telecommunications company in the 
> world.”
> 
> FCC License KJ6FJJ
> 
> Sent from my iPhone via RFC1149.
> 
>>> On Sep 22, 2021, at 9:28 AM, jra...@gmail.com wrote:
>>> 
>> 
>> A few of the buildings that my firm represents have the local telco’s fiber 
>> distribution and/or repeater equipment located on the premises. My 
>> understanding is that when one of these links go down, (we’ve occasionally 
>> had to interrupt circuit power to do maintenance in a building for one 
>> reason or another), a local engineering tech always comes running to restore 
>> the link. The tech has led our maintenance staff to believe that these 
>> repeaters are an integral part of the local ring, which fits my 
>> understanding.
>>  
>> When a network operator has equipment located at a third party premises, 
>> what is the norm for commercial contractual terms regarding the siting of 
>> that equipment? Any network equipment on site pre-dates my client’s 
>> ownership of the buildings, and they have no record of any agreements or 
>> easements governing who is responsible for power, maintenance, liability, 
>> etc.
>>  
>> My client has no philosophical objection to having the equipment on site, 
>> but he’s asked why he has had to pay to power and cool this equipment for 
>> almost 20 years when it serves him no benefit (he is not utilizing that 
>> company’s services). I figure some of you may be able to give me an insight 
>> as to what is normal and reasonable. Feel free to contact me directly if 
>> this message is not suitable for this distribution list.
>>  
>> Appreciate the insight,
>>  
>>  
>> Jeff Ray
>> O:  (956) 542-3642
>> C:  (956) 592-2019
>> jra...@gmail.com
>>  
>>  
>> This message has been sent as a part of a discussion between Jeff Ray and 
>> the intended recipient identified above. Some topics may be sensitive and 
>> subject to legal privilege, confidentiality, or other non-disclosure 
>> agreement. Should you receive this message by mistake, we would be most 
>> grateful if you informed us that the message has been sent to you. In that 
>> case, we also ask that you delete this message from your mailbox, and do not 
>> forward or speak of it (or its contents) to anyone else. Thank you for your 
>> cooperation and understanding.
>>  

QVC Contact

[Joshua Pool via NANOG]

 Does anyone have technical contacts for QVC?   Our customers are getting
Access Denied across all of our subnets.   We need to get this resolved and
I am looking for anyone that has some contacts as calling their phone
number and leaving messages as well as emailing their noc has resulted in
crickets.

Regards,
  Josh


Thanks,
  Josh

Re: IPv6 woes - RFC

[Denys Fedoryshchenko]

On 2021-09-19 09:20, Masataka Ohta wrote:

John Levine wrote:


Unless their infrastructure runs significantly on hardware and
software pre-2004 (unlikely), so does the cost of adding IPv6 to
their content servers. Especially if they’re using a CDN such as
Akamai.


I wasn't talking about switches and routers.


But, on routers, IPv6 costs four times more than IPv4 to
look up routing table with TCAM or Patricia tree.

It is not a problem yet, merely because full routing table of
IPv6 is a lot smaller than that of IPv4, which means most
small ISPs and multihomed sites do not support IPv6.


Mark Andrews wrote:


There is nothing at the protocol level stopping AT offering a
similar level of service.


Setting up reverse DNS lookup for 16B address is annoying,
which may stop AT offering it.


Don’t equate poor implementation with the protocol being broken.


IPv6 is broken in several ways. One of the worst thing is its
address length.

Masataka Ohta

+1
Different scope problem: on inexpensive software BRAS solutions 
(PPPoE/IPoE). Enabling ipv6 just jacked up neighbour table usage and 
lookups cost in benchmark profiling, because now it have to keep for all 
users IPv6 /64 + MAC entries.
Another drop is neighbor discovery on device with 10k IPOE termination 
vlans and privacy extensions.
Also, i wonder how this changed? 
https://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/
Another problem is privacy extension and IoT, they are not supported in 
lwip stack shipped with most of IoT SoC. As far as i see in git it is 
not added yet too.
And SLAAC vs DHCPv6, again, first lacking some critical features, and 
second is often not implemented properly.


As many say - this is tiny, a drops of mess and complexities, but the 
ocean is made up of tiny drops. All these little things lead to the fact 
that very few want to mess with v6.

Re: Fiber Network Equipment Commercial Norms

[Lady Benjamin Cannon of Glencoe, ASCE]

Fiber in a building adds 8% to the value of that building.  Half-penny pinching 
“mah powah” landlords are especially annoying in a cosmic sense - and just make 
me want to replace them.

The telecommunications act of 1934 permits telcos to enter a building with 
their equipment. 

I’d upgrade the MPOE do a datacenter with 2N generators and UPS - then upsell 
them colo.

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
l...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the 
world.”

FCC License KJ6FJJ

Sent from my iPhone via RFC1149.

> On Sep 22, 2021, at 9:28 AM, jra...@gmail.com wrote:
> 
> 
> A few of the buildings that my firm represents have the local telco’s fiber 
> distribution and/or repeater equipment located on the premises. My 
> understanding is that when one of these links go down, (we’ve occasionally 
> had to interrupt circuit power to do maintenance in a building for one reason 
> or another), a local engineering tech always comes running to restore the 
> link. The tech has led our maintenance staff to believe that these repeaters 
> are an integral part of the local ring, which fits my understanding.
>  
> When a network operator has equipment located at a third party premises, what 
> is the norm for commercial contractual terms regarding the siting of that 
> equipment? Any network equipment on site pre-dates my client’s ownership of 
> the buildings, and they have no record of any agreements or easements 
> governing who is responsible for power, maintenance, liability, etc.
>  
> My client has no philosophical objection to having the equipment on site, but 
> he’s asked why he has had to pay to power and cool this equipment for almost 
> 20 years when it serves him no benefit (he is not utilizing that company’s 
> services). I figure some of you may be able to give me an insight as to what 
> is normal and reasonable. Feel free to contact me directly if this message is 
> not suitable for this distribution list.
>  
> Appreciate the insight,
>  
>  
> Jeff Ray
> O:  (956) 542-3642
> C:  (956) 592-2019
> jra...@gmail.com
>  
>  
> This message has been sent as a part of a discussion between Jeff Ray and the 
> intended recipient identified above. Some topics may be sensitive and subject 
> to legal privilege, confidentiality, or other non-disclosure agreement. 
> Should you receive this message by mistake, we would be most grateful if you 
> informed us that the message has been sent to you. In that case, we also ask 
> that you delete this message from your mailbox, and do not forward or speak 
> of it (or its contents) to anyone else. Thank you for your cooperation and 
> understanding.
>  

Fiber Network Equipment Commercial Norms

[jray06]

A few of the buildings that my firm represents have the local telco's fiber
distribution and/or repeater equipment located on the premises. My
understanding is that when one of these links go down, (we've occasionally
had to interrupt circuit power to do maintenance in a building for one
reason or another), a local engineering tech always comes running to restore
the link. The tech has led our maintenance staff to believe that these
repeaters are an integral part of the local ring, which fits my
understanding.

 

When a network operator has equipment located at a third party premises,
what is the norm for commercial contractual terms regarding the siting of
that equipment? Any network equipment on site pre-dates my client's
ownership of the buildings, and they have no record of any agreements or
easements governing who is responsible for power, maintenance, liability,
etc. 

 

My client has no philosophical objection to having the equipment on site,
but he's asked why he has had to pay to power and cool this equipment for
almost 20 years when it serves him no benefit (he is not utilizing that
company's services). I figure some of you may be able to give me an insight
as to what is normal and reasonable. Feel free to contact me directly if
this message is not suitable for this distribution list. 

 

Appreciate the insight,

 

 

Jeff Ray

O:  (956) 542-3642

C:  (956) 592-2019

jra...@gmail.com

 

 

This message has been sent as a part of a discussion between Jeff Ray and
the intended recipient identified above. Some topics may be sensitive and
subject to legal privilege, confidentiality, or other non-disclosure
agreement. Should you receive this message by mistake, we would be most
grateful if you informed us that the message has been sent to you. In that
case, we also ask that you delete this message from your mailbox, and do not
forward or speak of it (or its contents) to anyone else. Thank you for your
cooperation and understanding.

 

Re: [EXTERNAL] Re: VoIP Provider DDoSes

[Compton, Rich A]

FYI, UTRS (Unwanted Traffic Removal Service 
https://team-cymru.com/community-services/utrs/) from Team Cymru is a free 
service where you can send a blackhole advertisement (sacrificing the one IP 
that’s under attack to save the rest of the network) and they will propagate 
that via BGP to hundreds of other ASNs which will then blackhole traffic to 
that IP.  This can drastically reduce the amount of DDoS traffic that is 
received by the victim network.

-Rich

From: NANOG  on behalf of 
Mike Hammett 
Date: Wednesday, September 22, 2021 at 9:29 AM
To: Terrance Devor 
Cc: NANOG list 
Subject: [EXTERNAL] Re: VoIP Provider DDoSes

CAUTION: The e-mail below is from an external source. Please exercise caution 
before opening attachments, clicking links, or following guidance.
Fail2Ban on a couple of dozen servers may not be sufficient to address 400 gigs 
of traffic.


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Terrance Devor" 
To: "Mike Hammett" 
Cc: "NANOG" 
Sent: Wednesday, September 22, 2021 10:24:07 AM
Subject: Re: VoIP Provider DDoSes
Fail2Ban and give ourselves a pat on the back..

On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett 
mailto:na...@ics-il.net>> wrote:
https://twit.tv/shows/security-now/episodes/837?autostart=false


It looks like Security Now covered this yesterday. They claimed that, "There  
is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS  protection."

Are any of the cloud DDoS mitigation services offering a service like this.

From: "Mike Hammett" mailto:na...@ics-il.net>>
To: "NANOG" mailto:nanog@nanog.org>>
Sent: Tuesday, September 21, 2021 4:19:42 PM
Subject: VoIP Provider DDoSes
As many may know, a particular VoIP supplier is suffering a DDoS. 
https://twitter.com/voipms

Are your garden variety DDoS mitigation platforms or services equipped to 
handle DDoSes of VoIP services? What nuances does one have to be cognizant of? 
A WAF doesn't mean much to SIP, IAX2, RTP, etc.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: DNS & IP address management

[Warren Kumari]

On Wed, Sep 22, 2021 at 11:15 AM Andy Smith  wrote:

> Hi Joel,
>
> On Wed, Sep 22, 2021 at 10:12:26AM -0400, Joel Sommers wrote:
> > Besides the common "reserved" keyword in the FQDN, we also see
> > names like "not-in-use.example.tld", again with quite a few
> > addresses all mapped to that one name.
>
> I assume you are seeing this by resolving the reverse DNS of each IP
> address in the range.
>
> > The naming appears to suggest that this is an on-the-cheap IP
> > address management practice, but we are wondering if there are
> > other operational reasons that might be behind what we observe.
>
> The purpose is generally informational, for those without access to
> the internal address management system (or quick hint to those who
> do have access).
>
> If one sees traffic from such an IP address and then sees it
> being marked as reserved or not in use, then one knows that
> something is up, either with the presence of the traffic or the lack
> of an update to the reverse mapping. If there had been simply no
> reverse mapping then this information would not have been conveyed.
>
> It doesn't imply a lack of an address management system or an
> attempt to use DNS to manage "on the cheap" - though it doesn't
> exclude those possibilities either.
>

Yup. Some IPAM tools will generate / populate zone files with this sort of
thing for you.

This sort of thing used to be more common when people would use things
like  "101.92.140.39.dynamic.isp.com" or "cable-78-109-33-05.provider.net"
to signal that the address was in use by dynamic customer (and so shouldn't
be sending mail directly),  "reserved-10.10.10.100.example.com" (or
'unused' or whatever) to signal that it isn't in use (and so shouldn't be
sending mail at all), and "mx-17.exmaple.net" to signal that it is a "real"
mailserver.
I suspect that the "on the cheap" is more places that don't have working
reverse DNS at all

W


> Thanks,
> Andy
>


-- 
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra

Re: VoIP Provider DDoSes

[Mike Hammett]

Fail2Ban on a couple of dozen servers may not be sufficient to address 400 gigs 
of traffic. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Terrance Devor"  
To: "Mike Hammett"  
Cc: "NANOG"  
Sent: Wednesday, September 22, 2021 10:24:07 AM 
Subject: Re: VoIP Provider DDoSes 


Fail2Ban and give ourselves a pat on the back.. 


On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett < na...@ics-il.net > wrote: 




https://twit.tv/shows/security-now/episodes/837?autostart=false 




It looks like Security Now covered this yesterday. They claimed that, "There is 
currently no provider of large pipe VoIP protocol DDoS protection." 


Are any of the cloud DDoS mitigation services offering a service like this. 



From: "Mike Hammett" < na...@ics-il.net > 
To: "NANOG" < nanog@nanog.org > 
Sent: Tuesday, September 21, 2021 4:19:42 PM 
Subject: VoIP Provider DDoSes 


As many may know, a particular VoIP supplier is suffering a DDoS. 
https://twitter.com/voipms 


Are your garden variety DDoS mitigation platforms or services equipped to 
handle DDoSes of VoIP services? What nuances does one have to be cognizant of? 
A WAF doesn't mean much to SIP, IAX2, RTP, etc. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

Re: VoIP Provider DDoSes

[Terrance Devor]

Fail2Ban and give ourselves a pat on the back..

On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett  wrote:

> https://twit.tv/shows/security-now/episodes/837?autostart=false
>
>
> It looks like Security Now covered this yesterday. They claimed that,
> "There  is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS
>  protection."
>
> Are any of the cloud DDoS mitigation services offering a service like this.
>
> --
> *From: *"Mike Hammett" 
> *To: *"NANOG" 
> *Sent: *Tuesday, September 21, 2021 4:19:42 PM
> *Subject: *VoIP Provider DDoSes
>
> As many may know, a particular VoIP supplier is suffering a DDoS.
> https://twitter.com/voipms
>
> Are your garden variety DDoS mitigation platforms or services equipped to
> handle DDoSes of VoIP services? What nuances does one have to be cognizant
> of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
>

Re: DNS & IP address management

[Andy Smith]

Hi Joel,

On Wed, Sep 22, 2021 at 10:12:26AM -0400, Joel Sommers wrote:
> Besides the common "reserved" keyword in the FQDN, we also see
> names like "not-in-use.example.tld", again with quite a few
> addresses all mapped to that one name.

I assume you are seeing this by resolving the reverse DNS of each IP
address in the range.

> The naming appears to suggest that this is an on-the-cheap IP
> address management practice, but we are wondering if there are
> other operational reasons that might be behind what we observe.

The purpose is generally informational, for those without access to
the internal address management system (or quick hint to those who
do have access).

If one sees traffic from such an IP address and then sees it
being marked as reserved or not in use, then one knows that
something is up, either with the presence of the traffic or the lack
of an update to the reverse mapping. If there had been simply no
reverse mapping then this information would not have been conveyed.

It doesn't imply a lack of an address management system or an
attempt to use DNS to manage "on the cheap" - though it doesn't
exclude those possibilities either.

Thanks,
Andy

QVC

[Joshua Pool via NANOG]

Does anyone have a technical contacts for QVC?   Our customers are getting
Access Denied across our entire /20.   We need to get this resolved and I
am looking for anyone that has some contacts as calling their phone number
and leaving messages as well as emailing their noc has resulted in
crickets.


Thanks,
  Josh

DNS & IP address management

[Joel Sommers]

Hello all -

I am a researcher at Colgate University, working with colleagues at the 
University of Wisconsin and Boston University on studying aspects of the DNS.

We're wondering if anyone here would be willing to share some insight into an 
apparent IP address management practice we have observed that is evident 
through the DNS.  In particular, we've seen a number of organizations that have 
a fairly large number of IPv4 addresses (typically all within the same /24 
aggregate or similar) all associated with a single FQDN, where the name is 
typically something like "reserved.52net.example.tld".  Besides the common 
"reserved" keyword in the FQDN, we also see names like 
"not-in-use.example.tld", again with quite a few addresses all mapped to that 
one name.  The naming appears to suggest that this is an on-the-cheap IP 
address management practice, but we are wondering if there are other 
operational reasons that might be behind what we observe.

Thank you for any insights you have -- please feel free to respond off-list.

Regards,
Joel Sommers

Re: IPv6 woes - RFC

[Masataka Ohta]

Owen DeLong wrote:


As mergers of ASes increases the number of announcements and IPv4
addresses were allocated a lot earlier than those of IPv6,
comparing the current numbers of announcements is not meaningful.


Mergers of ASes does not increase announcements in IPv4 nearly as
much as slow-start and repeated expanding requests for additional
IPv4 space have.


That *was* a factor, when increased number of subscribers
meant more free addresses.

Today, as /24 can afford hundreds of thousands of subscribers
by NAT, only very large retail ISPs need more than one
announcement for IPv4.


As a result, size of global routing table will keep increasing
unless there are other factors to limit it.


Sure, but it’s very clear that the rate of increase for IPv6 appears
to be roughly 1/8th that of IPv4,


It merely means IPv6 is not deployed at all by small ISPs
and multihomed sites.

> The reality is that IPv4 will never be completely disaggregated into
> /24s

You are so optimistic.

> and IPv6 will never be completely disaggregated into /48s, so
> this is actually meaningless and not predictive in any way.

That IPv6 will be disaggregated into /40 or even /32 is disastrous.


There is no need for such motivation in IPv6 and better yet,


Then, in a long run, IPv6 will be disaggregated into /32 or /40.


since
the two organizations have fully globally unique addresses deployed
throughout their network, there's no risk of collisions in RFC-1918
space necessitating large renumbering projects to merge the networks.


You fully misunderstand why NAT is so popular today defeating IPv6.

Even if two organizations are merged, sites of the organizations
are, in general, not merged.

As private address space behind NAT is used by each site
independently, there is no renumbering occur for the private
addresses.

Masataka Ohta

Re: EXTERNAL: Re: VoIP Provider DDoSes

[Ray Orsini]

Yes there are. I was about to message Steve about the correction. Corero and 
path.net are options. There are others.


Ray Orsini
Chief Executive Officer
OIT, LLC
 305.967.6756 x1009 |  305.571.6272
 r...@oit.co |  www.oit.co
 oit.co/ray
How are we doing? We'd love to hear your feedback. https://go.oit.co/review
From: NANOG  on behalf of Mike Hammett 

Sent: Wednesday, September 22, 2021 9:08:22 AM
To: NANOG 
Subject: EXTERNAL: Re: VoIP Provider DDoSes


CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe. If you are unsure, please forward this email to the CSE team for 
review.


https://twit.tv/shows/security-now/episodes/837?autostart=false


It looks like Security Now covered this yesterday. They claimed that, "There  
is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS  protection."

Are any of the cloud DDoS mitigation services offering a service like this.


From: "Mike Hammett" 
To: "NANOG" 
Sent: Tuesday, September 21, 2021 4:19:42 PM
Subject: VoIP Provider DDoSes

As many may know, a particular VoIP supplier is suffering a DDoS. 
https://twitter.com/voipms

Are your garden variety DDoS mitigation platforms or services equipped to 
handle DDoSes of VoIP services? What nuances does one have to be cognizant of? 
A WAF doesn't mean much to SIP, IAX2, RTP, etc.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

Re: VoIP Provider DDoSes

[Mike Hammett]

https://twit.tv/shows/security-now/episodes/837?autostart=false 




It looks like Security Now covered this yesterday. They claimed that, "There is 
currently no provider of large pipe VoIP protocol DDoS protection." 


Are any of the cloud DDoS mitigation services offering a service like this. 

- Original Message -

From: "Mike Hammett"  
To: "NANOG"  
Sent: Tuesday, September 21, 2021 4:19:42 PM 
Subject: VoIP Provider DDoSes 


As many may know, a particular VoIP supplier is suffering a DDoS. 
https://twitter.com/voipms 


Are your garden variety DDoS mitigation platforms or services equipped to 
handle DDoSes of VoIP services? What nuances does one have to be cognizant of? 
A WAF doesn't mean much to SIP, IAX2, RTP, etc. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

RE: [EXTERNAL] VoIP Provider DDoSes

[Brian Turnbow via NANOG]

Hi

>Something you may want to consider is to put ACLs as far upstream as possible 
>from your SBCs and only allow through what you need to the SBCs.  For example, 
>apply a filter only permitting UDP 5060 and your RTP port range to your SBCs 
>and then blocking everything else.  This is free and should stop a lot of 
>>common DDoS attacks before they ever get to your SBCs.  Even better if you 
>can get your upstream ISP to apply the ACL.  DDoS attack traffic should be 
>dropped as close to the source as possible.

Yes Attacks on voip have become more prevalent unfortunately.
Another thing to consider is blocking fragments , which have been a major 
factor in the attacks I have seen in sip.
But to do this you need to make sure that you are not exceeding mtu length in 
Invites, or block fragments only from untrusted IPs.

Brian