Re: Best TAC Services from Equipment Vendors

2024-03-12 Thread Crist Clark 
I've been reading the "${VENDOR}'s support has really gotten worse lately"
threads for pretty much every vendor for the past twenty years. That's not
to say they've all been wrong. But it reminds me of those quotes you'll see
about how "these kids today are awful and society is going to pot" and then
the big reveal is that it was written in the 1950s, or 1920s, or just
before the peak of Rome, or something like that. The general tendency for
people to view the past as the good ol' days.

My most memorable Cisco TAC disaster story. Taking away "configure" from
TAC wouldn't have saved us. The guy simply reloaded the switch without
asking. The core switch for a building with hundreds of end users. In the
middle of the day. The building with most of the C-level execs. Our
management was pi-i-i-issed. That got escalated pretty high, pretty
quickly. And quick policy change that we did not give TAC keyboard control.
This was about ten years ago.

On Tue, Mar 12, 2024 at 7:47 AM Lyden, John C  wrote:

> > when a TAC engineer wanted to bounce our Voice VLAN SVI in the middle of
> an *airport* production day.
> > I about turned over my desk trying to wrest the remote control session
> back from him before he hit enter
> > on the shut. Since then, I have had to go through a not insignificant
> evaluation period of TAC engineers
> > before I let them take control of a remote session, and it is now simply
> pure instinct to log SSH sessions.
>
> Picture it, Cisco TAC, on a troubleshooting call, runs 'no ip routing' and
> hits enter before our engineer could scream "NO" at 11:30AM on a core L3 on
> a college campus.
>
> RCA afterwards:
>
> 1. "Always log all terminals (we prefer SecureCRT) from Windows bastion
> host to OneDrive or Google Drive"
> 2. New CiscoTAC TACACS login created allowing Enable but Denying
> "configure" as a command. When you troubleshoot, you log in as CiscoTAC.
>
> The CiscoTAC tacacs profile description in Clearpass makes it clear why
> it's there. I left the curse words out.
>
> -J
>
> John C. Lyden
> Associate Director, Network Operations
> Division of Information Resources & Technology
> Rowan University
>
>
>

Re: registry for onmicrosoft[dot]com

2024-03-12 Thread John Levine 
It appears that Sean Donelan  said:
>
>Microsoft's corporate email systems appear to silently drop email from 
>small domains (like mine). 

It can't be that simple -- I have some tiny domains and correspond with
Microsoft employees all the time.

R's,
John

[NANOG-announce] NANOG 91 Registration is now open

2024-03-12 Thread NANOG Support 
Dear NANOG Community,


NANOG 91 hybrid meeting, hosted by NOCIX will take
place June 10-12, 2024 in Kansas City, Missouri.


   1.

   Registration Fees + Deadlines
   2.

   Hotel Guest Room Block
   3.

   VISA Requests
   4.

   Midwest Peering Summit




   1.

   Registration Fees + Deadlines

NANOG registration fees are in USD and include access to general and
breakout sessions, breakfast daily, lunch on the first two days of the
event, entry to all social/networking events.

NANOG attendees are permitted to bring a guest to our social events for an
additional fee. Purchase is required with your registration.

Meeting Registration:  https://www.nanog.org/events/nanog-91/registration/

In person Registration

Start Date

End Date

Member

NonMember

Student

Early

March 12, 2024

April 8, 2024

$675

$700

$100

Standard

April 9, 2024

May 20, 2024

$775

$800

$100

Late

May 21, 2024

June 8, 2024

$875

$900

$100

Onsite

June 9, 2024

June 12, 2024

$1,075

$1,100

$100



Virtual Registration, available for $100, opens on May 21, 2024.

Social Event Guest Registration Pass:

Monday Social Event Guest Pass: $50 per guest (purchase separately when you
register, limit 2)

Tuesday Night Beer N Gear Pass: $50 per guest (purchase separately when you
register, limit 1)

Registration Cancellation Fees:

NANOG hopes everyone who registers for the meeting will be able to attend;
however, we know  extenuating circumstances do occur, therefore the
NANOG cancellation and refund policies are as follows:

   -

   Registrations canceled on 12 March, 2024 to 26 May, 2024 is refundable
   but will incur a $50.00 fee
   -

   Registrations canceled on 27 May, 2024 to 8 June , 2024 is refundable
   but will incur a $100.00 fee
   -

   Registrations canceled on or after 9 June, 2024 will not receive a refund


Substitutions are honored at any time. No-shows are not eligible for
refunds.



   1.

   Hotel Guest Room Block

Loews Kansas City Hotel

1515 Wyandotte Street

Kansas City, MO 64108

Online Reservations: Available to registered attendees only click here
 (must be registered to view
page)



Room Rate:

$229.00 USD  Standard Room Occupancy* (up to 2 people)

$249.00 USD Triple Occupancy*

$269.00 USD Quadruple Occupancy*

*PLUS tax at a rate of 18.35% and $1.50 Kansas City fee

Group Rate Expires: Thursday, 16 May, 2024 OR once the NANOG block is filled
Reservations: +1.816.897.7070 OR Toll Free 1.877.748.1451

Check In Time:  4:00PM
Check Out Time: 11:00AM

Hotel Cancellation Policy: Guests can cancel their reservations 72 hours
prior to their arrival to receive a full refund of their deposit. Any
reservation canceled after 72 priors to arrival will forfeit a fee of one
night's room and tax.

Parking Rates: (prices subject to change)

Self-Parking (Overnight) $24.00

Valet (Overnight)$34.00



   1.

   VISA Requests

A letter of invitation is issued solely for the purpose of assisting
participants with visa applications for their attendance at the conference.
If you require a letter of invitation, please register and pay for the
NANOG meeting. Once the payment has been received, all requests for Letters
of Invitation should be addressed by email directly to
nanog-supp...@nanog.org

The following information is required before a letter of invitation will be
issued:

   1.

   Name as it appears on your passport
   2.

   Passport Number
   3.

   Email Address
   4.

   Hotel name and reservation number
   5.

   Company name and address




   1.

   Midwest Peering Summit

Extend your stay in Kansas City and attend the Midwest Peering Summit
taking place 13-14 June, 2024. Learn more and register here:
https://www.eventcreate.com/e/mwps2024



If you have any questions about the NANOG meeting, please contact us
directly at: nanog-supp...@nanog.org.

We look forward to seeing you in Kansas City!

Sincerely,

the NANOG Staff

nanog-supp...@nanog.org
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

NANOG 91 Registration is now open

2024-03-12 Thread NANOG Support 
Dear NANOG Community,


NANOG 91 hybrid meeting, hosted by NOCIX will take
place June 10-12, 2024 in Kansas City, Missouri.


   1.

   Registration Fees + Deadlines
   2.

   Hotel Guest Room Block
   3.

   VISA Requests
   4.

   Midwest Peering Summit




   1.

   Registration Fees + Deadlines

NANOG registration fees are in USD and include access to general and
breakout sessions, breakfast daily, lunch on the first two days of the
event, entry to all social/networking events.

NANOG attendees are permitted to bring a guest to our social events for an
additional fee. Purchase is required with your registration.

Meeting Registration:  https://www.nanog.org/events/nanog-91/registration/

In person Registration

Start Date

End Date

Member

NonMember

Student

Early

March 12, 2024

April 8, 2024

$675

$700

$100

Standard

April 9, 2024

May 20, 2024

$775

$800

$100

Late

May 21, 2024

June 8, 2024

$875

$900

$100

Onsite

June 9, 2024

June 12, 2024

$1,075

$1,100

$100



Virtual Registration, available for $100, opens on May 21, 2024.

Social Event Guest Registration Pass:

Monday Social Event Guest Pass: $50 per guest (purchase separately when you
register, limit 2)

Tuesday Night Beer N Gear Pass: $50 per guest (purchase separately when you
register, limit 1)

Registration Cancellation Fees:

NANOG hopes everyone who registers for the meeting will be able to attend;
however, we know  extenuating circumstances do occur, therefore the
NANOG cancellation and refund policies are as follows:

   -

   Registrations canceled on 12 March, 2024 to 26 May, 2024 is refundable
   but will incur a $50.00 fee
   -

   Registrations canceled on 27 May, 2024 to 8 June , 2024 is refundable
   but will incur a $100.00 fee
   -

   Registrations canceled on or after 9 June, 2024 will not receive a refund


Substitutions are honored at any time. No-shows are not eligible for
refunds.



   1.

   Hotel Guest Room Block

Loews Kansas City Hotel

1515 Wyandotte Street

Kansas City, MO 64108

Online Reservations: Available to registered attendees only click here
 (must be registered to view
page)



Room Rate:

$229.00 USD  Standard Room Occupancy* (up to 2 people)

$249.00 USD Triple Occupancy*

$269.00 USD Quadruple Occupancy*

*PLUS tax at a rate of 18.35% and $1.50 Kansas City fee

Group Rate Expires: Thursday, 16 May, 2024 OR once the NANOG block is filled
Reservations: +1.816.897.7070 OR Toll Free 1.877.748.1451

Check In Time:  4:00PM
Check Out Time: 11:00AM

Hotel Cancellation Policy: Guests can cancel their reservations 72 hours
prior to their arrival to receive a full refund of their deposit. Any
reservation canceled after 72 priors to arrival will forfeit a fee of one
night's room and tax.

Parking Rates: (prices subject to change)

Self-Parking (Overnight) $24.00

Valet (Overnight)$34.00



   1.

   VISA Requests

A letter of invitation is issued solely for the purpose of assisting
participants with visa applications for their attendance at the conference.
If you require a letter of invitation, please register and pay for the
NANOG meeting. Once the payment has been received, all requests for Letters
of Invitation should be addressed by email directly to
nanog-supp...@nanog.org

The following information is required before a letter of invitation will be
issued:

   1.

   Name as it appears on your passport
   2.

   Passport Number
   3.

   Email Address
   4.

   Hotel name and reservation number
   5.

   Company name and address




   1.

   Midwest Peering Summit

Extend your stay in Kansas City and attend the Midwest Peering Summit
taking place 13-14 June, 2024. Learn more and register here:
https://www.eventcreate.com/e/mwps2024



If you have any questions about the NANOG meeting, please contact us
directly at: nanog-supp...@nanog.org.

We look forward to seeing you in Kansas City!

Sincerely,

the NANOG Staff

nanog-supp...@nanog.org

Re: registry for onmicrosoft[dot]com

2024-03-12 Thread Sean Donelan 



Microsoft's corporate email systems appear to silently drop email from 
small domains (like mine). Yes, I jumped through the public hoops already. 
Microsoft may have a great Trust and Safety Team, but their corporate 
infrastructure doesn't seem to want to hear from outsiders.


If the increasing bad reputation of *.onmicrosoft.com eventually causes 
sales/customer impact, then Microsoft's business decision makers may take 
an interest in fixing it.


If enough people just block *.onmicrosoft.com, it may finally get 
enough attention inside Microsoft to fix.


On Tue, 12 Mar 2024, Jeff Leung (List Account) via NANOG wrote:

In any case, Microsoft has a trust and safety team you can talk to if it is
causing issues…

Re: Best TAC Services from Equipment Vendors

2024-03-12 Thread Curtis L. Parish 
We were one of the earlier adopters of Cisco ACI.  Any issues with ACI were 
automatically escalated to an engineer that could fix almost anything.Now 
ACI tickets seem to go though a generic queue and the tech doesn't even know 
how to spell ACI.  

We continue to have the same type of failure with  Cisco DNA Center and TAC has 
to engage the business unit nearly every time to fix it.  Sometimes it is like 
presenting a case to the supreme court to get the business unit to engage.   
They collect so much data that I wonder if it would be easier to ship the 
servers to them. 

     Curtis Parish
 615.494.8861
Senior Network Engineer




IF CLASSIFICATION START

IF CLASSIFICATION END

Re: Best TAC Services from Equipment Vendors

2024-03-12 Thread Lyden, John C 
> when a TAC engineer wanted to bounce our Voice VLAN SVI in the middle of an 
> *airport* production day. 
> I about turned over my desk trying to wrest the remote control session back 
> from him before he hit enter 
> on the shut. Since then, I have had to go through a not insignificant 
> evaluation period of TAC engineers 
> before I let them take control of a remote session, and it is now simply pure 
> instinct to log SSH sessions.

Picture it, Cisco TAC, on a troubleshooting call, runs 'no ip routing' and hits 
enter before our engineer could scream "NO" at 11:30AM on a core L3 on a 
college campus.

RCA afterwards:

1. "Always log all terminals (we prefer SecureCRT) from Windows bastion host to 
OneDrive or Google Drive" 
2. New CiscoTAC TACACS login created allowing Enable but Denying "configure" as 
a command. When you troubleshoot, you log in as CiscoTAC. 

The CiscoTAC tacacs profile description in Clearpass makes it clear why it's 
there. I left the curse words out.

-J

John C. Lyden
Associate Director, Network Operations
Division of Information Resources & Technology
Rowan University

Re: registry for onmicrosoft[dot]com

2024-03-12 Thread Jeff Leung (List Account) via NANOG 
That’s the default domain for Exchange Online and Microsoft Azure AD 
identities. If the tenant is branded, it may show which company or organization 
that the onmicrosoft.com domain is associated to when someone tries to login to 
it with an application that is using Azure AD for SAML/OpenID connect.

In the context for Exchange Online, the onmicrosoft.com domain can be used as a 
routing mail domain if someone is still running a hybrid Exchange deployment in 
this age…

In any case, Microsoft has a trust and safety team you can talk to if it is 
causing issues…

From: NANOG  on behalf of Jay 
Acuna 
Sent: Saturday, March 9, 2024 8:26:44 AM
To: Travis Garrison 
Cc: nanog@nanog.org 
Subject: Re: registry for onmicrosoft[dot]com

CAUTION: External Sender


On Sat, Mar 9, 2024 at 8:11 AM Travis Garrison  wrote:
>
> This would be a company that has registered for an office365 account.

> Office 365 company accounts are registered as companyname [dot] onmicrosoft 
> [dot] com.

The "companyname" part is evidently Not reliable.   Often the  name
[dot] onmicrosoft [dot] com is unrelated
to Any recognizable business or company name.

Companies can generate extra  onmicrosoft[dot]com  domain names.
Possibly an existing tenant for some unrelated company could add
nanog[dot]onmicrosoft[dot]com
and change it to their default domain, if they wanted.

Even if it were; the information could be tampered with on a compromised tenant
where the spammers simply change the names after breaching the tenant.

Likewise spammers might use robots to Signup for 365 services online, and
that there's little verification a requestor's Name and Company name exist
beyond the ability to charge whatever stolen payment method was
provided by the spammer.

Because it behaves like a dynamic domain;  with very low friction for
scammers to
generate new ones quickly.  It seems that  Refusing all mail from subdomains of
that domain  by default Other than specific ones you whitelist would
be a good policy.


> You then add domain aliases if you want to use your own preferred domain name.

> Thanks
> Travis
--
-JH