Re: Smaller than a /24 for BGP?

[Donald Eastlake]

Use Multipath TCP
https://datatracker.ietf.org/group/mptcp/documents/

Thanks,
Donald
===
 Donald E. Eastlake 3rd
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com


On Sat, Jan 28, 2023 at 10:07 AM William Herrin  wrote:

> On Fri, Jan 27, 2023 at 9:49 PM Masataka Ohta
>  wrote:
> > That multihomed sites are relying on the entire Internet
> > for computation of the best ways to reach them is not
> > healthy way of multihoming.
>
> This was studied in the IRTF RRG about a decade ago. There aren't any
> other workable ways of multihoming compatible with the TCP protocol,
> not even in theory. Every other mechanism imagined failed some basic
> system constraint, usually the requirement that packets have
> administrative permission to cross an intermediate network. So,
> another way of multihoming critically depends on replacing the layer-4
> protocols with something that doesn't intermingle the IP address with
> the connection identifier.
>
> For clarity: TCP's connection identifier consists of the source and
> destination IP addresses plus the source and destination ports. Those
> four elements, unique when combined, identify exactly one ongoing TCP
> connection. Because of this, the connection must fail if the source or
> destination IP addresses are no longer available to the source or
> destination hosts. From this fact, we get the requirement that the
> entire Internet learn when a particular IP address has changed its
> position within the network.
>
> Regards,
> Bill Herrin
>
>
> --
> For hire. https://bill.herrin.us/resume/
>

Re: Jon Postel Re: 202210301538.AYC

[Donald Eastlake]

an effect where it gets harder
and harder to imagine someone else in the position, etc.  But I
wouldn't necessarily call it "totalitarian" and the length of time is
much more important than the number of terms. If someone is elected
Speaker of the US House of Representatives for 3 successive
Congresses, thus serving for 6 years (3 terms) in that office, they
will have substantial clout because of this but they can't rule the
House like a dictator against the wishes of a majority of the
representatives of their party who can vote them out of the Speaker's
office and elect someone else whenever they want. The fact that it is
possible for a Speaker to be so elected for 6 or more years and that
this has happened does not make the US House of Representatives a
"totalitarian" organization and I would not call it that.

Thanks,
Donald

> Even if he would say that there is a mechanism for it.
> Eduard
> -Original Message-
> From: Donald Eastlake [mailto:d3e...@gmail.com]
> Sent: Monday, October 31, 2022 4:28 PM
> To: Vasilenko Eduard ; North American Network 
> Operators' Group 
> Subject: Re: Jon Postel Re: 202210301538.AYC
>
> On Mon, Oct 31, 2022 at 2:37 AM Vasilenko Eduard via NANOG  
> wrote:
> >
> > 1.   What is going on on the Internet is not democracy even formally, 
> > because there is no formal voting.
> > 3GPP, ETSI, 802.11 have voting. IETF decisions are made by bosses who did 
> > manage to gain power (primarily by establishing a proper network of 
> > relationships).
> > It could be even called “totalitarian” because IETF bosses could stay in 
> > one position for decades.
>
> I do not see how it can be called totalitarian given the IETF Nomcom 
> appointment and recall mechanisms. Admittedly it is not full on Sortition 
> (https://en.wikipedia.org/wiki/Sortition) but it is just one level of 
> indirection from Sortition. (See
> https://www.forbes.com/sites/forbestechcouncil/2020/08/20/indirection-the-unsung-hero-of-software-engineering/?sh=2cc673587f47)
>
> Thanks,
> Donald
>
> >  ...
> >
> > Eduard

Re: Jon Postel Re: 202210301538.AYC

[Donald Eastlake]

On Mon, Oct 31, 2022 at 2:37 AM Vasilenko Eduard via NANOG
 wrote:
>
> 1.   What is going on on the Internet is not democracy even formally, 
> because there is no formal voting.
> 3GPP, ETSI, 802.11 have voting. IETF decisions are made by bosses who did 
> manage to gain power (primarily by establishing a proper network of 
> relationships).
> It could be even called “totalitarian” because IETF bosses could stay in one 
> position for decades.

I do not see how it can be called totalitarian given the IETF Nomcom
appointment and recall mechanisms. Admittedly it is not full on
Sortition (https://en.wikipedia.org/wiki/Sortition) but it is just one
level of indirection from Sortition. (See
https://www.forbes.com/sites/forbestechcouncil/2020/08/20/indirection-the-unsung-hero-of-software-engineering/?sh=2cc673587f47)

Thanks,
Donald

>  ...
>
> Eduard

Re: how networking happens in Hawaii

[Donald Eastlake]

See official apology of the United State to Hawaii
https://www.govinfo.gov/content/pkg/STATUTE-107/pdf/STATUTE-107-Pg1510.pdf
which includes these words:
"apologizes to Native Hawaiians on behalf of the people of the United
States for the overthrow of the Kingdom of Hawaii on January 17, 1893 with
the participation of agents and citizens of the United States, and the
deprivation of the rights of Native Hawaiians to self-determination;"

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com


On Sat, Apr 30, 2022 at 7:09 PM scott via NANOG  wrote:

>
>
> On 4/30/2022 12:19 PM, Randy Bush wrote:
> >> This reads a lot like dsl wars between ilecs and clecs in the late 90s
> and
> >> early 2ks.
> >
> > compounded by a 100+ year old military occupation
> ---
> Hee is definitely acting in an old school (meaning 60s/70s) Hawaii
> manner... ;)
>
> Also, for the others here...on the occupation.  I haven't read this
> particular article, but I'm sure it covers the basics. The main question
> is 'was it a nation when the US gov't overthrew Hawaii or was it a group
> of individual kingdoms?'  Many get that wrong and that's what matters to
> international courts on the current issue of Hawaiian sovereignty.  For
> sure, it was a nation due to a forced treaty agreement with Kaumuali`i.
>   The rest of the individual island kingdoms were conquered with
> violence by Kamehameha who then created a lahui..a nation.  Therefore,
> it is a military occupation.
>
> https://en.wikipedia.org/wiki/Overthrow_of_the_Hawaiian_Kingdom
>
>
> scott
>
> well, that does it for the history lesson. ;-)
>

Re: Nice work Ron

[Donald Eastlake]

On Fri, Jan 22, 2021 at 9:07 PM Mark Andrews  wrote:
> Majority only means >50%
> when there are 2 parties.
>
> When there is more than 2 parties the majority can be less than 50%.   When 
> there is more than 2 parties, one uses the term “absolute majority” to 
> indicate >50%.

At least in American English, less than 50% is not a "majority". The
option getting the most votes, but less than 50%, among more than 2 is
said to have a "plurality" of the votes. See
https://en.wikipedia.org/wiki/Plurality

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com

> There are more than 2 RIRs.
>
> If 40% of address are used in LACNIC, 30% in APNIC and 30% in RIPE then the 
> majority of addresses by region are in the LACNIC region.
>
> --
> Mark Andrews
>
> > On 22 Jan 2021, at 23:48, JORDI PALET MARTINEZ via NANOG  
> > wrote:
> >
> > 
> >
> > El 22/1/21 13:25, "NANOG en nombre de Masataka Ohta" 
> >  > mo...@necom830.hpcl.titech.ac.jp> escribió:
> >
> >JORDI PALET MARTINEZ via NANOG wrote:
> >
> >> My proposal added the clarification that "majority" is understood as "over 
> >> 50%".
> >
> >And the proposal is denied to be unreasonable by Toma and, more
> >aggressively, by me.
> >
> >So?
> >
> > [Jordi] The proposal, on this specific point, only made a "clarification", 
> > didn't mean an actual policy change. The existing policy already had 
> > "majority", so unless you believe that majority means something different 
> > than more than 50% (in the context of the full text), the change was 
> > "neutral". If anyone disagree with a policy in any region, MUST DO 
> > SOMETHING ABOUT THAT: "bring the problem to the policy list, discuss it 
> > with the community, and if needed make a policy proposal". In Spain we say 
> > "barking dogs seldom bite" and in this context means "if you complain, but 
> > don't act, then you have nothing to do".
> >
> >> The staff was already interpreting the policy like that, because
> >> usually when you say majority, you mean more than half. Do you
> >> agree on that?
> >
> >How can you ask such a question. already opposed by Toma and,
> >more aggressively, by me, to me?
> >
> > [Jordi] I think if we don't agree what means majority, then it is difficult 
> > to get us understanding among ourselves, so that's why I'm asking if you 
> > agree that in English, majority means more than half. In Spanish it means 
> > that.
> >
> >My point is that locality requirement, whether it is 50% or 40%, is
> >impractical and, with operational practices today, is not and can
> >not be enforced.
> >
> > [Jordi] Then you need to come to the right mailing list and discuss that 
> > with the community. It is not me who decides that!
> >
> >>> The community decided that my proposal to add the explicit "footnote"
> >
> >Then, the "footnote" might be applicable to *SOME* part of "the
> >community" but definitely not beyond it.
> >
> > [Jordi] A footnote in the policy manual is a clarification to the manual 
> > text, and of course *applies* to anyone who signs a contract with the RIR 
> > to obtain resources.
> >
> >Masataka Ohta

Re: shouting draft resisters, Parler

[Donald Eastlake]

Hi,

On Mon, Jan 11, 2021 at 8:23 PM John R. Levine  wrote:
> > I think it is reasonably clear this was a reference to the Iroquois Theatre
> > fire where 602 people died.
>
> Not at all.  The actual quote is
>
>   The most stringent protection of free speech would not protect a man
>   falsely shouting fire in a theatre and causing a panic.
>
> The Iroquois fire was unfortunately all too real.

As you can see by looking at your own quote, there is nothing about
whether or not there actually is smoke or is a fire in the "crowded
theater". Certainly the operators, owners, and builders of the
Iroquois Theater all claimed that the exists were more than adequate
and it was entirely the fault of the people who died from being
crushed/trampled because they should have remained calm.

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com

> As soon as the US entered WW I the first amendment basically went out the
> window with the Espionage Act.  Schenck was part of that.
>
> R's,
> John

Re: shouting draft resisters, Parler

[Donald Eastlake]

I think it is reasonably clear this was a reference to the Iroquois Theatre
fire where 602 people died.
https://en.wikipedia.org/wiki/Iroquois_Theatre_fire
https://www.smithsonianmag.com/history/how-theater-blaze-killed-hundreds-forever-changed-way-we-approach-fire-safety-180969315/

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com


On Mon, Jan 11, 2021 at 5:56 PM John Levine  wrote:

> In article <35226213b6fcdc4a9c94f0bf30472...@mail.dessus.com> you write:
> >
> >That would make me wonder how many cases there have been of someone
> >"shouting fire in a crowded theatre" where there was no fire and at
> >least one person died as a result; ...
>
> Probably none. That metaphor was used by Justice Holmes in a
> now-discredited Supreme Court decision Schenck v. U.S., which was
> actually about handing out anti-draft leaflets during WW I. It was
> overwrought then and has never been a useful guide to free speech law.
>
> This seems a wee bit distant from Parler or TOS or Sec 230.
>
> R's,
> John
>

Re: "Hacking" these days - purpose?

[Donald Eastlake]

On Mon, Dec 14, 2020 at 12:10 PM Miles Fidelman 
wrote:

> David Bass wrote:
> > It becomes more clear when you think about the options out there, and
> > get a little creative.  Now a days it’s definitely chess that’s being
> > played.
> And here I thought the purpose of hacking is (still) having fun - you
> know... hacking.
>
> As to chess... I've begun to think that the game to master is now Go...
> capturing territory, not pieces, and instantaneous global state changes.


https://fortune.com/2016/03/12/googles-go-computer-vs-human

Donald
 d3e...@gmail.com

Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
>
> Theory is when you know everything but nothing works.
> Practice is when everything works but no one knows why.
> In our lab, theory and practice are combined:
> nothing works and no one knows why.  ... unknown
>

Re: RIPE our of IPv4

[Donald Eastlake]

I think it is less historic than when IANA ran out of blocks to
delegate to the regional registries.
https://en.wikipedia.org/wiki/IPv4_address_exhaustion

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com

On Mon, Nov 25, 2019 at 10:34 AM Tei  wrote:
>
> Nice!
>
> Is this what I think it is?a historical moment for the internet
> for the story books?
>
> On Mon, 25 Nov 2019 at 15:59, Dmitry Sherman  wrote:
> >
> > Just received a mail that RIPE is out of IPv4:
> >
> > Dear colleagues,
> >
> > Today, at 15:35 UTC+1 on 25 November 2019, we made our final /22 IPv4 
> > allocation from the last remaining addresses in our available pool. We have 
> > now run out of IPv4 addresses.
> >
> >
> > Best regards,
> > Dmitry Sherman
> > Interhost Networks
> > www.interhost.co.il
> > dmi...@interhost.net
> > Mob: 054-3181182
> > Sent from Steve's creature
>
>
>
> --
> --
> ℱin del ℳensaje.

Re: Google DNS intermittent ServFail for Disney subdomain

[Donald Eastlake]

Looks like some Disney services are/have been down.
http://downdetector.com/status/disneyworld

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

On Thu, Oct 19, 2017 at 11:41 PM, David Sotnick 
wrote:

> Hi Nanog,
>
> I am principal network engineer for sister-studio to Disney Studios. They
> have been struggling with DNS issues since Thursday 12th October.
>
> By all accounts it appears as though *some* of the Google DNS resolvers
> cannot reach the authoritative nameservers for "studio.disney.com".
>
> This is causing ~20-30% of all DNS requests against Google Public DNS
> 8.8.8.8 / 8.8.4.4 to fail for requests in this subdomain.
>
> The name servers reside in 153.7.233.0/24.
>
> Might someone be able to *connect me* with someone at Google to assist my
> poor colleagues who are banging their heads against a brick wall here.
>
> Thank you,
> David
>

Re: Russian diplomats lingering near fiber optic cables

[Donald Eastlake]

On Thu, Jun 1, 2017 at 10:15 PM, Joe Hamelin  wrote:
>
> The Seattle Russian Embassy is in the Westin Building just 4 floors above
> the fiber meet-me-room ...

The only real Russian Embassy in the US is in Washington where their
Ambassador is stationed, although arguably their UN Office in NYC has
the status of am Embassy. Embassies have to do with international
diplomacy. Their Seattle office is a consulate, which is what most
people deal with for passports, visas, import/export permits, and
similar personal/commercial stuff rather than diplomatic stuff.
Commonly the Embassy of a country is also a consulate or, as it is
sometimes described, has a consular affairs branch.
See http://www.russianembassy.org/page/russian-consulates-in-the-u-s

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

> --
> Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474

Re: TRILL

[Donald Eastlake]

On Fri, Mar 24, 2017 at 8:46 AM,  wrote:
>
> Hi all!
>
> Can anybody recommend any good resources on TRILL? Particularly anything that 
> addresses do's and don'ts or any problems and pitfalls. Also any experiences 
> deploying and using TRILL in networks that anybody would like to share would 
> be welcome.

That might depend on your application and to some extent whose
equipment you are using.

You might want to contact the people at
http://www.six.sk/?lang=en= or SANET
https://www.infinera.com/how-sanet-created-a-different-kind-of-network-backbone-a-discussion-between-marian-durkovic-sanet-and-geoff-bennett-infinera/

Thanks,
Donald
===
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

> For clarity, this is the TRILL I'm referring to:
> https://en.m.wikipedia.org/wiki/TRILL_(computing)
>
> Jared

Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6

[Donald Eastlake]

On Sat, Jun 27, 2015 at 1:23 PM, Lyndon Nerenberg lyn...@orthanc.ca wrote:

 On Jun 27, 2015, at 5:35 AM, Rafael Possamai raf...@gav.ufsc.br wrote:

  How long do you think it will take to completely get rid of IPv4? Or is it
  even going to happen at all?

 IPX ruled the roost, very popularly, for a little while.  How long did it 
 take to die?  Why did it die?  What were the triggers that pushed it over the 
 cliff?  I think there's a lot to be learned from that piece of recent 
 history.  Specifically, as a demonstration of how a most popular protocol 
 can find itself ejected from the arena in the blink of an eye.  I knew 
 several people who built their career path on the assumptions of IPX.  Ouch.

There are reasonable arguments that IPX was better than IPv4 but IPv4
had all the mind share as the standard and IPX was the proprietary
alternative. So everyone switched but more than a few were not happy
afterward when the noticed the features they had lost.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

 --lyndon

Re: What would you do about questionable domain pointing A record to your IP address?

[Donald Eastlake]

Hi,

On Fri, Feb 20, 2015 at 12:08 PM, Anne P. Mitchell, Esq.
amitch...@isipp.com wrote:
 All,

 We have a rather strange situation (well, strange to me, at least).

 We have an email reputation accreditation applicant, who otherwise looks 
 clean, however there is a very strange and somewhat concerning domain being 
 pointed to one of the applicant's IP addresses  Let's call the domain 
 example.com, and the IP address 127.0.0.1, for these purposes.

 Applicant is assigned 127.0.0.1.  the rDNS correctly goes to their own domain.

 However, example.com (which in reality is a concerning domain name) claims 
 127.0.0.1 as their A record.

I don't think having an A record in the DNS is really a claim. Let's
say I want to send mail to company.example.com but I don't like them
so much so I set up companySUCKS.foo.example.com pointing at their
mail server either through an A record or a CNAME... Then, I believe,
inside my mail, the mail could appear to be to
per...@companysucks.foo.example.com if it wasn't blocked by some
security mechanism. Perhaps this is protected speech or, with a few
changes, a parody or something.

See Section 4.1.3 You Can't Control What Names Point At You in my
RFC http://tools.ietf.org/html/rfc3675

A somewhat similar thing is in Section 4.1.4.1 of that RFC where I was
on social mailing list with an innocuous name and someone had long set
up a forwarder so that if you sent email to
cat-torturers@other.example (real left hand side, obviously not the
real right hand side). It would get sent to the social mailing list
and the that address would appear in the to: line inside the mail.
For that particular crowd, most people thought this was pretty funny,
but it is the same sort of thing.

 Of course, example.com is registered privately, and their DNS provider is one 
 who is...umm... known to provide dns for domains seen in spam.

 As I see it, the applicant's options are:

 a) just not worry about it and keep an eye on it

 b) publish a really tight spf record on it, so if they are somehow 
 compromised, email appearing to come from example.com and 127.0.0.1 should be 
 denied

 c) not use the IP address at all (it's part of a substantially larger block)

 d) two or more of the above.

 Thoughts?  What would you do?

If it isn't actually causing a problem, a) seems viable but you could
certainly do b) or c) or both if you feel like it.

Anyway, I'm not a lawyer... :-)

Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

 Thanks!

 Anne

 Anne P. Mitchell, Esq.
 CEO/President
 ISIPP SuretyMail Email Reputation, Accreditation  Certification
 Your mail system + SuretyMail accreditation = delivered to their inbox!
 http://www.SuretyMail.com/
 http://www.SuretyMail.eu/

 Author: Section 6 of the Federal CAN-SPAM Act of 2003
 Member, California Bar Cyberspace Law Committee
 Ret. Professor of Law, Lincoln Law School of San Jose
 303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell

Re: Why is .gov only for US government agencies?

[Donald Eastlake]

Why is the Greek flag always flow at the Olympics as well as the
Olympic and host nation flags? Why is Britain the only country
allowed, under Universal Postal Union regulations to have no national
identification on its stamps used in international mail? Basically, if
you are first, you tend to get extra privileges. Same with .gov for
the US government.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com


On Sun, Oct 19, 2014 at 8:05 AM, Matthew Petach mpet...@netflight.com wrote:
 Wondering if some of the long-time list members
 can shed some light on the question--why is the
 .gov top level domain only for use by US
 government agencies?  Where do other world
 powers put their government agency domains?

 With the exception of the cctlds, shouldn't the
 top-level gtlds be generically open to anyone
 regardless of borders?

 Would love to get any info about the history
 of the decision to make it US-only.

 Thanks!

 Matt

Re: Marriott wifi blocking

[Donald Eastlake]

IANAL but no, I think it most certainly does not, at least in the USA,
depend on the terms of your *lease* agreement. In particular, I refer
you to
http://apps.fcc.gov/ecfs/document/view;?id=6518608517
where in the US Federal Communications Commission (FCC) specifically
voided terms restricting Wi-Fi in space leased from the Massachusetts
Port Authority at Boston airport as in violation of the OTARD (Over
The Air Reception Device) FCC rules. This probably doesn't apply if
you are a mere licensee but if you are a leaseholder, including being
a tenant-in-possession, as you are if you rent a hotel room, I think
they do apply.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com


On Fri, Oct 3, 2014 at 7:12 PM, Wayne E Bouchard w...@typo.org wrote:
 On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote:
  The question here is what is authorized and what is not.  Was this to 
  protect their network from rogues, or protect revenue from captive 
  customers.

 I can't imagine that any 'AP-squashing' packets are ever authorized,
 outside of a lab. The wireless spectrum is shared by all, regardless of
 physical locality. Because it's your building doesn't mean you own the
 spectrum.


 I think that depends on the terms of your lease agreement. Could not
 a hotel or conference center operate reserve the right to employ
 active devices to disable any unauthorized wireless systems? Perhaps
 because they want to charge to provide that service, because they
 don't want errant signals leaking from their building, a rogue device
 could be considered an intruder and represent a risk to the network,
 or because they don't want someone setting up a system that would
 interfere with their wireless gear and take down other clients who are
 on premesis...

 Would not such an active device be quite appropriate there?

 -Wayne

 ---
 Wayne Bouchard
 w...@typo.org
 Network Dude
 http://www.typo.org/~web/

Re: Huawei Atom Router

[Donald Eastlake]

Huawei has sales personal in the US and does sell here. See
http://huawei.com/us/about-huawei/contact-us/index.htm

And for a more recent Huawei management statement, see
http://usa.chinadaily.com.cn/epaper/2014-04/28/content_17470474.htm
Huawei executive says it still seeks US sales

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com


On Mon, Aug 4, 2014 at 4:41 PM, Alain Hebert aheb...@pubnix.net wrote:
 Well,

 Wasn't the Huawei CEO that stated that they where not interested
 into the US market.
 ( And by proxy ... the Canadian one )

 http://www.theregister.co.uk/2013/04/23/huawei_not_interested_in_us/

 And a bunch of ban's around Oct 2013 from a wide variety of countries...

 That's maybe why not many people are talking about their products in
 our corner of the world =D

 -
 Alain Hebertaheb...@pubnix.net
 PubNIX Inc.
 50 boul. St-Charles
 P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
 Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

 On 08/04/14 15:56, Eric Dugas wrote:
 Has anyone seen/touched Huawei's Atom Router? It was announced at the Mobile 
 World Congress 2014.. haven't seen anything on the Interweb since. I'd be 
 interested in getting one or two units to play in my lab!

 http://www.huawei.com/mwc2014/en/articles/hw-328011.htm

 Eric

Re: US patent 5473599

[Donald Eastlake]

Hi,

See below

On Wed, Apr 23, 2014 at 12:47 PM, Henning Brauer hb-na...@bsws.de wrote:
 * Paul WALL pauldotw...@gmail.com [2014-04-22 19:30]:
 Both CARP and VRRP use virtual router MAC addresses that start with
 00:00:5e.  This organizational unique identifier (OUI) is assigned to
 IANA, not OpenBSD or a related project.  The CARP authors could have
 gotten their own from IEEE.  OUIs are not free but the cost is quite
 reasonable (and was even more reasonable years ago when this
 unfortunate decision was made).

 we're an open source project, running on a rather small budget almost
 exclusively from donations, so quite reasonable doesn't cut it.

While it is at the discretion of the IEEE Registration Authority,
generally the IEEE RA will grant code point for standards use without
any fee. While this is not all that clear from their web site,
http://standards.ieee.org/develop/regauth/, except for standards use
group (multicast) MAC addresses which are only for standards use and
for which there is no charge, it is their policy.

 The next two octets for IPv4 VRRP are 00:01.  Highly coincidentally,
 the CARP folks *also* decided to use 00:01 after they got upset at the
 IETF for dissing their slide deck.

 you're interpreting way too much in here.
 carp has been based on an earlier, never published vrrp implementatoin
 we had before realizing the patent problem.
 i don't remember any discussion about the OUI or, more general, the mac
 address choice. it's 10 years ago now, so i don't remember every
 single detail, changing the mac addr has pbly just been forgotten.
 not at least using sth but 00:01 for the 4th and 5th octet was likely
 a mistake. changing that now - wether just 4th/5th octet or to an
 entirely different, donated OUI - wouldn't be easy, unfortunately.
 acadmic discussion as long as we don't have a suitable OUI anyway.

 If either of these decisions had not been made, we would not be having
 this discussion today.

 we weren't really given a choice.
 as I said before, I'd much prefer we had just been given a multicast
 address etc. we tried. the IEEE/IETF/IANA processes have been an utter
 failure in our (limited) experience, not just in this case. might be
 different if you're $big_vendor with deep pockets, but that doesn't
 help either.

That seems like a very scatter-shot claim. The process for applying
for MAC addresses under the IANA OUI was regularized in RFC 5342,
since updated to and replaced by RFC 7042. See
http://www.rfc-editor.org/rfc/rfc7042.txt. Perhaps you were trying
before RFC 5342?

To get an assignment under IANA it must bet or standard use that is
either an IETF standard or related to an IETF standard but it doesn't
say what the relationship has to be. It must also be documented in an
Internet Draft or an RFC but there is no technical screening for
posting an Internet Draft so that doesn't seem like a barrier. It is
subject to expert review.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

 ...
 ...
 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de
 Full-Service ISP - Secure Hosting, Mail and DNS Services
 Dedicated Servers, Rootservers, Application Hosting

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

[Donald Eastlake]

Matthew,

On Mon, Apr 14, 2014 at 10:48 AM, Matthew Black matthew.bl...@csulb.eduwrote:

 Also on this same idea, in his book The Puzzle Palace, James Bamford
 claims that we knew of the pending attack on Pearl Harbor but did nothing,
 because that would compromise we broke the Japanese Purple Cipher.


I assume you refers to pages 36 through 39 of The Puzzle Palace which is
almost entirely a recounting of bureaucratic fumbling and delay. The
sensitivity of a Purple Cipher decode did cause the intercepted information
to be sent by a less immediate means to the US Naval authorities in Hawaii.
Nevertheless, it was sent with every expectation that those authorities
would receive it before the time of the attack. We do not know what those
authorities would have done it they had received the intercept information
as expected, instead of receiving it about 6 hours after the first bomb
struck Pearl Harbor. Your implication that Bamford says we decided to do
nothing bears no relationship to what Bamford actually wrote.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

matthew black
 california state university, long beach


 -Original Message-
 From: William Herrin [mailto:b...@herrin.us]
 Sent: Friday, April 11, 2014 2:06 PM
 To: nanog@nanog.org
 Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for
 Years]

 On Fri, Apr 11, 2014 at 4:10 PM, Niels Bakker niels=na...@bakker.net
 wrote:
  Please go read up on some recent and less recent history before making
  judgments on what would be unusually gutsy for that group of people.
 
  I'm not saying this has been happening but you will have to come up
  with a better defense than it seems unlikely to me personally.

 Let me know when someone finds the second shooter on the grassy knoll.
 As for me, I do have some first hand knowledge as to exactly how sensitive
 several portions of the federal government are to the security of the
 servers which hold their data. They may not hold YOUR data in high
 regard... but the word sensitive does not do justice to the attention
 lavished on THEIR servers' security.

 In WW2 we protected the secret of having cracked enigma by deliberately
 ignoring a lot of the knowledge we gained. So such things have happened.
 But we didn't use enigma ourselves -- none of our secrets were at risk. And
 our adversaries today have no secrets more valuable than our own.

 -Bill

Pearl Harbor

[Donald Eastlake]

This is getting pretty far afield so I thought I should at least
change the subject.

There was no initial withdrawal of the Japanese ambassador - it was
the Japanese withdrawing from negotiations with the USA over USA
demands -- essentially Japan declaring that it had given up on finding
compromise and would not accede to USA demands for Japanese troop
withdrawals.

There were two messages related to the negotiations from the Japanese
government to their embassy in Washington. The first was so long and
meandering, that it has to be broken into 14 parts for transmission.
Only in the final and 14th part, which was transmitted more than 24
hours after the first 13 parts were sent, did it direct the withdrawal
from negotiations. This was considered within the Japanese government
as tantamount to a declaration of war and it was felt that the attack
would be dishonorable if it was not communicated to the USA government
before the attack. Thus, there was a second much shorter message that
specifically directed that the withdrawal be communicated to the US
Government, if possible to the US Secretary of State, no later than
1pm later that day, Sunday December 7th. (It was immediately apparent
to the American's reading this message that 1pm in Washington was dawn
in Hawaii and probably the time of an attack.)

There were some other messages sent about the same time including one
ordering the Japanese embassy to destroy all cipher machines and
codes. There were delays in USA decryption and translation of all of
these messages. Then there was delay in getting what was clearly a
threat of war to someone in Washington high enough to take action. But
those were accomplished more than two hours before the attack. (The
Japanese embassy in Washington was by no means immune to bureaucracy
and delay and did not read the messages in time to implement then
before the attack.)

The fastest way to communicate with the US military in Hawaii would
have been analog scrambled telephone which was, correctly, considered
to be insecure and inappropriate for information derived from a Purple
intercept. Such scrambled calls had been unscrambled by other
countries before. So, it was given to the War Department's message
center, who said that it would be delivered directly within a half an
hour, after they encrypted it and sent it by radio. However,
atmospheric conditions blocked that method and the encrypted message
was given by the message center to a commercial wire carrier to send.
It arrived and was printed out at the carrier's office in Honolulu at
7:33am local time, 22 minutes before the first bomb fell. Although
obviously encrypted, it was apparently not marked for any special
urgent handling -- remember the sender had though it would arrive
directly at the military authorities in Hawaii over an hour earlier.
As a result, it was not actually delivered to those authorities until
2:40pm, after the attack was over, and not read until 20 minutes later
after decryption.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

On Mon, Apr 14, 2014 at 6:09 PM, Matthew Black matthew.bl...@csulb.edu wrote:

 IIRC, the message was sent via courier instead of cable or telephone to 
 prevent interception. Did the military not even trust its own cryptographic 
 methods? Or did they not think withdrawal of the Japanese ambassador was not 
 very critical?



 matthew black

 california state university, long beach



 From: Donald Eastlake [mailto:d3e...@gmail.com]
 Sent: Monday, April 14, 2014 8:28 AM
 To: Matthew Black
 Cc: William Herrin; nanog@nanog.org


 Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]



 Matthew,



 On Mon, Apr 14, 2014 at 10:48 AM, Matthew Black matthew.bl...@csulb.edu 
 wrote:

 Also on this same idea, in his book The Puzzle Palace, James Bamford claims 
 that we knew of the pending attack on Pearl Harbor but did nothing, because 
 that would compromise we broke the Japanese Purple Cipher.



 I assume you refers to pages 36 through 39 of The Puzzle Palace which is 
 almost entirely a recounting of bureaucratic fumbling and delay. The 
 sensitivity of a Purple Cipher decode did cause the intercepted information 
 to be sent by a less immediate means to the US Naval authorities in Hawaii. 
 Nevertheless, it was sent with every expectation that those authorities would 
 receive it before the time of the attack. We do not know what those 
 authorities would have done it they had received the intercept information as 
 expected, instead of receiving it about 6 hours after the first bomb struck 
 Pearl Harbor. Your implication that Bamford says we decided to do nothing 
 bears no relationship to what Bamford actually wrote.


 Thanks,
 Donald
 =
  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
  155 Beaver Street, Milford, MA 01757 USA
  d3e...@gmail.com



 matthew

Re: Big Temporary Networks

[Donald Eastlake]

The 2015 WorldCon site selection is contested. There is a group
seeking selection for the Disney Coronado Spring Resort in Florida but
also competing groups seeking Spokane, Washington, and Helsinki,
Finland.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com


On Thu, Sep 13, 2012 at 10:29 AM, Jay Ashworth j...@baylink.com wrote:
 My best friend just got back from Chicon 7 last week, this year's World
 Science Fiction Convention.  He tells me that the networking at the con hotel,
 the Chicago Hyatt, was miserable, whether wired or wireless... and that Sprint
 4G wasn't much better.

 I'm talking to the people who will probably be, in 2015, running the first
 Worldcon I can practically drive to, in Orlando, at -- I think -- the Disney
 World Resort.  I've told them how critical the issue is for this market; they,
 predictably, replied We look forward to your patch.  :-}

 I know without a doubt that this is a problem NANOG PCs deal with 3 times a
 year; is there any collected wisdom on the web already about how this has
 been dealt with, that I can pore over?  Pointers to good archive threads?

 If not, do any of the people who've already done have 5 minutes to chime in
 on what they did and what they learned?

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink   
 j...@baylink.com
 Designer The Things I Think   RFC 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
 St Petersburg FL USA   #natog  +1 727 647 1274

Re: F-ckin Leap Seconds, how do they work?

[Donald Eastlake]

See International Earth Rotation Service, http://www.iers.org/, particularly
http://data.iers.org/products/6/15003/orig/bulletina-xxv-026.txt

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

On Sat, Jun 30, 2012 at 9:16 PM, Paul WALL pauldotw...@gmail.com wrote:
 Comments?

 Drive Slow
 Paul

Re: Iran blocking essentially all encyrpted protocols

[Donald Eastlake]

Probably better than Iran doing man-in-the-middle...

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com


On Fri, Feb 10, 2012 at 1:26 PM, Ryan Malayter malay...@gmail.com wrote:
 Haven't seen this come through on NANOG yet:
 http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars

 Can anyone with the ability confirm that TCP/443 traffic from Iran has
 stopped?

Re: Megaupload.com seized

[Donald Eastlake]

I have always had a certain fondness for paper.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

On Sat, Jan 21, 2012 at 3:19 PM, George Bonser gbon...@seven.com wrote:

 Sure, but balance that with podunk.usa's possibly incompetent IT staff?
 It costs a lot of money to run a state of the art shop, but only
 incrementally more as you add more and more instances of essentially
 identical shops. I guess I have more trust that Google is going to get
 the redundancy, etc right than your average IT operation.

 Now whether you should *trust* Google with all of that information from
 a security standpoint is another kettle of fish.

 Mike

 I agree, Mike.  Problem is that the communications infrastructure that 
 enables these sorts of options is generally so reliable people don't think 
 about what will happen if something happens between them and their data that 
 takes out their access to those services.  Imagine a situation where several 
 municipal governments in, say, Santa Cruz County, California are using such 
 services and there is a repeat of the Loma Prieta quake.  Their data survives 
 in Santa Clara county, their city offices survive but there is considerable 
 damage to infrastructure and structures in their jurisdiction.  But the 
 communications is cut off between them and their data and time to repair is 
 unknown.  The city is now without email service.  Employees in one department 
 can't communicate with other departments.  Access to their files is gone.  
 They can't get the maps that show where those gas lines are.  The local file 
 server that had all that information was retired after the documents were 
 transferred to the cloud and the same happened to the local mail server.  
 At this point they are flying blind or relying on people's memories or 
 maybe a scattering of documents people had printed out or saved local copies 
 of.  It's going to be a mess.

 The point is that the cloud seems like a great option but it relies on 
 being able to reach that cloud.  Your data may be safe and sound and your 
 office may have survived without much wear, but if something happens in 
 between, you might be sunk.  And out in Podunk, there aren't often multiple 
 paths.  You are stuck with what you get.

 Or your cloud provider might announce they are going out of that business 
 next week.

Re: ICANN approves .XXX red-light district for the Internet

[Donald Eastlake]

See http://www.rfc-editor.org/rfc/rfc3675.txt.

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street
 Milford, MA 01757 USA
 d3e...@gmail.com



On Sat, Mar 26, 2011 at 6:21 PM, William Herrin b...@herrin.us wrote:
 On Sat, Mar 26, 2011 at 5:43 PM, John R. Levine jo...@iecc.com wrote:
 US Code TITLE 18  PART I  CHAPTER 71  § 1470
 http://www.law.cornell.edu/uscode/18/usc_sec_18_1470000-.html

 That law includes the phrase knowing that such other individual has not
 attained the age of 16 years.  That's why porn sites have a home page that
 asks you how old you are.

 In court, willful negligence is generally the same thing as knowing.


 As far as I can tell from looking for case law,
 all the 1470 cases are basically child molestation cases where the 1470
 count was piled on in addition to the real charges, unrelated to kids
 looking for porn sites.

 It gets messy because obscenity hinges on local community standards.
 But that's the rub -- as a porn purveyor  you can't know what the
 community standards are in the user's community. Not many examples of
 web sites being taken to task for web content, not yet, but lots of
 examples of mail-order porn owners having a really bad year year,
 legally speaking.


 So, in short, there's no problem for .XXX to solve.

 Suppose, just for the sake of the argument, that a statute or
 precedent came about to the effect that a community which permits
 access to .xxx sites (by not censoring the DNS) implicitly accepts
 that kind of thing isn't obscenity under local law. Further, suppose
 its found that the individual in such communities circumventing the
 technical safeguards in place to censor his access to .xxx is solely
 liable for such access, that the porn purveyor is -presumed- to have a
 reasonable belief that said individual's activity was lawful... merely
 because they access the site using the .xxx extension.

 Suppose, in other words, it comes to be that an internet porn purveyor
 is protected from local community standards for obscenity so he need
 only worry about staying away from stuff that's illegal in his own
 back yard. Where the prosecution has to support a claim that the site
 is accessible other than through the .xxx name in order to survive an
 early motion to dismiss.

 -Bill




 --
 William D. Herrin  her...@dirtside.com  b...@herrin.us
 3005 Crane Dr. .. Web: http://bill.herrin.us/
 Falls Church, VA 22042-3004

Re: so big earthquake in JP

[Donald Eastlake]

USGS now says magnitude 8.9. And there seem to have been three
aftershocks so far, two in the 7.x range...

Thanks,
Donald

On Fri, Mar 11, 2011 at 2:13 AM, Khurram Khan brokenf...@gmail.com wrote:
 bbc reports 8.8 magnitude with a tsunami.

 http://www.bbc.co.uk/news/world-asia-pacific-12709598



 On Fri, Mar 11, 2011 at 12:08 AM, Bryan Irvine sparcta...@gmail.com wrote:
 On Thu, Mar 10, 2011 at 10:19 PM, Tomoya Yoshida yosh...@nttv6.jp wrote:
 Japan had so big terrible earthquake

 How big?  I see reports of Tokyo, was Kyoto affected?

Re: Pica8 - Open Source Cloud Switch

[Donald Eastlake]

On Tue, Oct 19, 2010 at 11:00 AM, Peter Ashwood-Smith
peter.ashwoodsm...@huawei.com wrote:
 ...

 a) bigger layer 2 networks with Vmware type mobility and no IP address
 changes. Technolgies in this space are much more than just L2 switching, its
 L2 switching on larger scales with encapsulation, multipathing etc. This is
 where technologies like IEEE 802.1aq Shortest Path Bridging, IEEE 802.1ah
 mac-in-mac come to play. These tend to be appropriate for existing
 enterprise applications (or complete virtual desktops) and simply make
 existing DC L2 fabrics bigger and availale for virtualization. No
 application software changes required, its done under them and end hosts
 can't tell whats happening.

And the IETF TRILL protocol.

Donald

 ...

 Peter

DNS performance...

[Donald Eastlake]

Hi,

There are a large number of DNS servers available. See for example
http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software

Does anyone know of good performance comparisons, especially for high
end applications with lots of data/zones and/or high query/update
rates?

Thanks,
Donald
=
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street
 Milford, MA 01757 USA
 d3e...@gmail.com

Re: DNS performance...

[Donald Eastlake]

On Wed, May 5, 2010 at 10:48 AM, Simon Perreault
simon.perrea...@viagenie.ca wrote:
 On 2010-05-05 10:41, Donald Eastlake wrote:

 Does anyone know of good performance comparisons, especially for high
 end applications with lots of data/zones and/or high query/update
 rates?

 Recursive or authoritative?

I'm actually interested in both. Thanks for the pointer!

Donald

 For recursive, there are pretty good graphs here:
 http://unbound.net/documentation/ripe56_unbound_02.pdf

 Simon
 --
 NAT64/DNS64 open-source -- http://ecdysis.viagenie.ca
 STUN/TURN server        -- http://numb.viagenie.ca
 vCard 4.0               -- http://www.vcarddav.org

Re: DNS performance...

[Donald Eastlake]

On Wed, May 5, 2010 at 1:45 PM, Mark Scholten m...@streamservice.nl wrote:
 -Original Message-
 From: Donald Eastlake [mailto:d3e...@gmail.com]
 Sent: Wednesday, May 05, 2010 4:41 PM
 ...

 Hi,

 There are a large number of DNS servers available. See for example
 http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software

 Does anyone know of good performance comparisons, especially for high
 end applications with lots of data/zones and/or high query/update
 rates?

 One of the links below should have information about this:
 - http://tin2.nixcartel.org/~devdas/presentation/dns-scalability.pdf
 - http://tin2.nixcartel.org/~devdas/presentation/dnsdb.pdf

Thanks for these pointers.

For others who may be interested, the dns-scalability.pdf presentation
appears to be a superset of the dnsdb.pdf presentation.

Donald

 Please note this reports are not created by me.

 Regards, Mark

 Thanks,
 Donald
 =
  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
  155 Beaver Street
  Milford, MA 01757 USA
  d3e...@gmail.com