Re: Cloudflare, dirty networks and politricks

2016-07-28 Thread Donn Lasher via NANOG 
On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo"  wrote:


>While many are chanting: #NetworkLivesMatter, I have yet
>to see, read, or hear about any network provider being
>the first to set precedence by either de-peering, or
>blocking traffic from Cloudflare. There is a lot of
>keyboard posturing: "I am mad and I am not going to take
>it anymore" hooplah but no one is lifting a finger to
>do anything other than regurgitate "I am mad... This is
>criminal."

(long discussion, was waiting for a place to jump in..)

If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
protect the website of seller of the product. We shouldn’t be de-peering Cloud 
Flare over sites they protect any more than we would de-peer GoDaddy over sites 
they host, some of which, no doubt, sell gray/black market/illegal 
items/services.

If, on the other hand,  you can find a specific network actually generating the 
volumes of DDoS, you should have a conversation about de-peering….

$0.02…

Re: I recommend dslreports.com/speedtest these days (was Speedtest.net not accessible in Chrome due to deceptive ads)

2016-07-21 Thread Donn Lasher via NANOG 
On 7/21/16, 2:19 PM, "NANOG on behalf of Jay R. Ashworth" 
 wrote:



>- Original Message -
>> From: "Janusz Jezowicz" 
>
>> Since this morning Speedtest.net is not accessible in Chrome
>> Reason:
>> https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=c.speedtest.net
>> 
>> For any ISPs/content providers linking to speedtest.net you may want to
>> swap links to a different website or host your own speed test.
>
>So far, I am very pleased with how it works, though I think it's letter
>grades on speed are a bit pessimistic (65Mbps is a "C").
>
>Specifically, it measures bufferbloat, with both a realtime graph and a 


Are you talking about the dslreports speedtest? I like that one, very detailed 
results.

http://speedtest.dslreports.com/


I’d agree with the pessimistic scoring.. 160Mbit was given a “B” grade.

Re: Netflix banning HE tunnels

2016-06-20 Thread Donn Lasher via NANOG 

On 6/20/16, 1:45 PM, "NANOG on behalf of Mark Andrews"  wrote:




>For a lot of homes it actually makes sense.  You laptops are safe
>as they are designed to be connected directly to the Internet.  We
>do this all the time.  Similarly phone and tablets are designed to
>be directly connected to the Internet.  I know that lots of us do
>this all the time.  Think about what happens at conferences.  There
>is no firewall there to save you but we all regularly connect our
>devices to the conference networks.
>
>Lots of other stuff is also designed to be directly connected to
>the Internet.


I’m sorry, but this just isn’t the reality of consumer devices. Expecting your 
off-the-shelf computer, video player, tv, fridge, etc, to be safe on public IP 
addresses is.. Unwise at best. Search any publicly available security list for 
dozens of known vulnerabilities in those devices, to say nothing of the private 
exploit databases.

To place them there, have them be owned, crash, or better yet, stream your 
midnight-milk-and-cookies-run-in-your-superman-undies to the public internet, 
and then expect the vendors to be responsible… is not a realistic expectation.

Re: Netflix banning HE tunnels

2016-06-15 Thread Donn Lasher via NANOG 
On 6/12/16, 8:10 PM, "NANOG on behalf of Seth Mattinen" 
 wrote:



>On 6/7/16 4:23 AM, Davide Davini wrote:
>> Today I discovered Netflix flagged my IPv6 IP block as "proxy/VPN" and I
>> can't use it if I don't disable the HE tunnel, which is the only way for
>> me to have IPv6 at the moment.
>
>
>This is a rights management issue not a technical one. Netflix is not to 
>blame, HE is not to blame. Hate on geolcaotion all you want, but that's 
>what the content owners insist upon and Netflix has no choice but to 
>disable access from sources that they can't geolocate well enough to 
>make the content owners happy.
>
>~Seth

As someone who has been trying to get solid, consistent IPv6 at home since 
2010, I continue to resort back to my HE tunnels, which have been both useful 
and dependable.

Given the data Netflix client has available to it (IPv4 address, IPv6 address, 
anything else exposed to android/IOS/windows/etc app) it’s surprising to me 
that missing/incorrect geolocation data on an IPv6 address is enough to block 
service.

The end result is, yet again, making IPv6 adoption harder than it needs to be.

Re: Mobile providers in the US for backup access

2016-04-20 Thread Donn Lasher via NANOG 

As a 3+ year “customer” of freedom-pop, I agree.

Their IP service was a bargain until the WiMax->LTE migration. Now the service 
is useless.
Their technical support continually redefines lack of effort.




On 4/20/16, 11:42 AM, "NANOG on behalf of Owen DeLong"  wrote:

>I had horrible experience when I tried to use Freedom POP many years ago.
>
>Their customer service is awful and completely uncooperative. Their equipment 
>did not work well
>in my environment at all.
>
>I would not wish them on my worst enemy.
>
>Owen
>
>> On Apr 20, 2016, at 1:35 PM, Mike Hammett  wrote:
>> 
>> I'd look at FreedomPOP's Netgear 341U. $20 - $50 NRC, single digit MRC for 
>> low usage. 
>> 
>> 
>> 
>> 
>> - 
>> Mike Hammett 
>> Intelligent Computing Solutions 
>> http://www.ics-il.com 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> http://www.midwest-ix.com 
>> 
>>

Re: Juniper vMX evaluation - how?

2016-04-13 Thread Donn Lasher via NANOG 

<2cents>

Avoid vMX 14.x - go straight to 15.x, save yourself worlds of pain. 15.x runs 
well kvm/esxi/etc.





On 4/13/16, 2:14 PM, "NANOG on behalf of Josh Baird" 
 
wrote:





>It was a struggle to get anywhere with vMX when we last tried ~8months
>ago.  Nobody at Juniper seemed to know anything about it or who to talk
>to.  In any event, you may be able to get more information by asking over
>at juniper-nsp@.
>
>Josh
>
>On Wed, Apr 13, 2016 at 4:58 PM, Jeremy Austin  wrote:
>
>> On Wed, Apr 13, 2016 at 12:54 PM, Bruce Simpson  wrote:
>>
>> >
>> > Is some special magic required to acquire an evaluation copy? The 60 day
>> > trial license is directly downloadable from the above link, but the
>> tarball
>> > is not. $CLIENT was just referred to it by $RESELLER.
>>
>>
>> I'd be interested as well — I submitted a form, nothing but crickets.
>>
>>
>> --
>> Jeremy Austin
>>
>> (907) 895-2311
>> (907) 803-5422
>> jhaus...@gmail.com
>>
>> Heritage NetWorks
>> Whitestone Power & Communications
>> Vertical Broadband, LLC
>>
>> Schedule a meeting: http://doodle.com/jermudgeon
>>

IPv6 Irony.

2015-10-12 Thread Donn Lasher 

Having just returned from NANOG65/ARIN36, and hearing about how far IPv6 has 
come.. I find my experience with  support today Ironic.

Oh wait..

Hi, my name is Donn, and I’m speaking for… myself.

Irony is a cable provider, one of the largest, and earliest adopters of IPv6, 
having ZERO IPv6 support available via phone, chat, or email. And being 
pointed, by all of those contact methods, to a single website. A static 
website. In 2015, when IPv4 is officially exhausted.

:sigh:

Re: Level3 routing issue US west coast?

2015-07-12 Thread Donn Lasher 

While I can¹t say with any degree of certainty it's related, it¹s somewhat
coincidental that one of one of their west coast customers (Daybreak Games
/ SOE) has been under a fairly hefty DDoS since mid-week. From what I
recall see Daybreak/SOE only uses Level3. (Lots to talk about in that
case.. They¹ve invaded his life.. Not sure I¹d react much better, albeit
privately..)

http://fortune.com/2015/07/10/john-smedley-vs-hackers/

http://eq2wire.com/2015/07/09/daybreak-ceo-to-convicted-lizard-squad-hacker
-im-coming-for-you/





On 7/10/15, 11:05 AM, Mr. NPP mr@nopatentpending.com wrote:

We took them down yesterday, and attempted to bring them back up midnight
PST, and still massive packet loss. so they remain down for now.

On Fri, Jul 10, 2015 at 9:44 AM, Jürgen Jaritsch j...@anexia.at wrote:

 Hi,

 No SLA broken cause A- and B-End were not directly our circuits ... but
it
 helps a lot to place some new orders ... at other partners :).


 best regards

 Jürgen Jaritsch


 -Ursprüngliche Nachricht-
 Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Jens Hoffmann
 Gesendet: Freitag, 10. Juli 2015 17:16
 An: nanog@nanog.org
 Betreff: AW: Level3 routing issue US west coast

 Hi,

 Wow  Level3 responded to me that they had an issue last night 
 but they simply did nothing ... for at least 10 hours they did nothing
to
 fix the issue:

 Any SLA broken? Probably not, that would be a reason to move.

 Kind regards,
 Jens

Re: mpls over microwave

2015-02-06 Thread Donn Lasher 
One more add:

Properly engineered, fixed wireless links can have better-than-wireline
availability. Two jobs ago, we had customer links with zero dropped
packets in 5 years, which is outstanding compared to most copper-based
services.

Properly engineered, however, is the key. Make sure whom-ever is building
your links looks at vendor specs, builds a real link budget (including
losses from connectors, cable, grounding, etc) properly weather seals
everything, and try to get at least a a 20db fade margin if you can. If
the things I just mentioned are confusing to your RF guy, you might want
to get outside help.




On 2/5/15, 3:17 PM, Scott Weeks sur...@mauigateway.com wrote:

Had to run off to a meeting.  Back now.  This is
one thing I was worried about.  I'm not doing the
radio part.  Someone else is.  I didn't know if
folks do pure Ethernet or if it's an IP hand off.

If it's an IP addressed hand off, I have to come
out of MPLS, cross the link, then go back into
MPLS.

Thanks for the pointers on packet size.  I will
be sure to check into that.

Scott