Re: Monitoring service that has a human component?
Hi David - Just a bit of insight from my own experience: Common issues when monitoring (and the associated escalation processes) don't work and similar issues are seen as you described: - Inconsistent HTTP response codes across services and service layers (nginx vs the backend tomcat), means you can't use them properly. - Monitoring on arbitrary metrics (90% of something) as opposed to metrics linked to an actual outcome (response times for example). - No runbook in place (engineer to change some setting to switch on/off maintenance mode). - No central view of what engineer is doing what to which systems. Some fairly simple example of when I've seen things work pretty well: Organisation uses HTTP code monitoring, alerting on 5xx but not 503. Services configured (and tested!) to return other, specific 5xx errors, but keep 503 as a 'known and expected maintenance' mode. Runbook in place to let other engineers know what's happening (slack message for example) and then maintenance page on the reverse proxy. Monitor and report on the common 90% metrics (disk space, memory) but no alerts. Don't fill up the disk with logs, only to delete them and let it fill up again.. :) Remove all non-actionable alerts. Of course a good solution could be to implement a rolling-upgrade / ha maintenance strategy, but in reality (depending on how ancient the app is) this can be quite hard. ps. This is a really good read: https://landing.google.com/sre/sre-book/toc/index.html Cheers Heath On Thu, Dec 6, 2018 at 9:03 AM David H wrote: > Hey all, was curious if anyone knows of a website monitoring service that > has the option to incorporate a human component into the decision and > escalation tree? I’m trying to help a customer find a way around false > positives bogging down their NOC staff, by having a human determine the > difference between a real error, desired (but different) content, or > something in between like “Hey it’s 3am and we’ve taken our website offline > for maintenance, we’ll be back up by 6am.” Automated systems tend to only > know if test A, or steps A through C, are failing, then this is ‘down’ and > do my preconfigured thing, but that ends up needlessly taking NOC time if > the customer themselves is performing work on their own site, or just > changed it and whatever content was being watched, is now gone. So, the > goal would be to have the end user be the first point of contact if it > looks like more of a customer-side issue. If they can’t be reached to > confirm, THEN contact NOC, and unlike email alerts, keep contacting until a > human acknowledges receipt of the alert. > > > > Thanks >
Re: Traffic Burstiness Survey
Hi Monia, 'Burst' is a very broad term. It would be useful to clarify to what you are referring.. I can think of a few possibilities: - Data Transmission: The length of an uninterrupted flow of information. - Traffic Engineering: The ability for traffic to temporarily exceed it's allocated (average) bandwidth share. - Internal Event: A backup (scheduled) or a server failure (adhoc) altering traffic patterns. - External Event: Marketing campaign / event coinciding with increased traffic towards say, a website. Perhaps - Over what period of time is a 'Burst'..? Cheers, Heath On Sun, Sep 9, 2012 at 10:23 AM, Monia Ghobadi mo...@cs.toronto.edu wrote: Dear Nanog members, I am a PhD student at University of Toronto and I am working on traffic burstiness in data centers. In the following I am asking two questions to raise motivation for my research. I appreciate if anyone could answer these questions to their best knowledge. *The questions are:* 1) ‘Bursty’ is a word with no agreed meaning. How do you define a bursty traffic? 2) If you are involved with a data center, is your data center traffic bursty? -- If yes, -- Do you think that it will be useful to supress the burstiness in your traffic? (For example by pacing the traffic into shorter bursts) -- If no: -- Are you already supressing the burstiness? How? -- Would you anticipate the traffic becoming burstier in the future? Thanks, Monia -- Monia Ghobadi PhD Student University of Toronto http://www.cs.utoronto.ca/~monia/
Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.
I wonder if this is possible: - Take a hash of the original file. Keep a counter. - Generate data in some sequential method on sender side (for example simply starting at 0 and iterating until you generate the same as the original data) - Each time you iterate, take the hash of the generated data. If it matches the hash of the original file, increment counter. - Send the hash and the counter value to recipient. - Recipient performs same sequential generation method, stopping when counter reached. Any thoughts? Heath On 18 May 2011 21:07, Landon Stewart lstew...@superb.net wrote: Lets say you had a file that was 1,000,000,000 characters consisting of 8,000,000,000bits. What if instead of transferring that file through the interwebs you transmitted a mathematical equation to tell a computer on the other end how to *construct* that file. First you'd feed the file into a cruncher of some type to reduce the pattern of 8,000,000,000 bits into an equation somehow. Sure this would take time, I realize that. The equation would then be transmitted to the other computer where it would use its mad-math-skillz to *figure out the answer* which would theoretically be the same pattern of bits. Thus the same file would emerge on the other end. The real question here is how long would it take for a regular computer to do this kind of math? Just a weird idea I had. If it's a good idea then please consider this intellectual property. LOL -- Landon Stewart lstew...@superb.net SuperbHosting.Net by Superb Internet Corp. Toll Free (US/Canada): 888-354-6128 x 4199 Direct: 206-438-5879 Web hosting and more Ahead of the Rest: http://www.superbhosting.net
Re: Had an idea - looking for a math buff to tell me if it's possible
My point here is it IS possible to transfer just a hash and counter value and effectively generate identical data at the remote end. The limit that will be hit is the difficulty of generating and comparing hash values with current processing power. I'm proposing iterating through generated data up until the actual data. It's not even a storage issue, as once you have incremented the data you don't need to store old data or hash values - just the counter. No massive hash tables. It's a CPU issue. Heath On 19 May 2011 00:42, valdis.kletni...@vt.edu wrote: On Thu, 19 May 2011 00:26:26 BST, Heath Jones said: I wonder if this is possible: - Take a hash of the original file. Keep a counter. - Generate data in some sequential method on sender side (for example simply starting at 0 and iterating until you generate the same as the original data) - Each time you iterate, take the hash of the generated data. If it matches the hash of the original file, increment counter. - Send the hash and the counter value to recipient. - Recipient performs same sequential generation method, stopping when counter reached. MD5 is a 128 bit hash. 2^128 is 340,282,366,920,938,463,463,374,607,431,768,211,456 - you're welcome to iterate that many times to find a duplicate. You may get lucky and get a hit in the first trillion or so attempts - but you may get unlucky and not get a hit until the *last* few trillion attempts. On average you'll have to iterate about half that huge number before you get a hit. And it's lossy - if you hash all the possible 4K blocks with MD5, you'll find that each of those 2^128 hashes has been hit about 256 times - and no indication in the hash of *which* of the 256 colliding 4K blocks you have on this iteration. (The only reason that companies can do block-level de-duplication by saving a hash as an index to one copy shared by all blocks with the same hash value is because you have a *very small* fraction of the possibilities covered, so if you saved a 4K block of data from somebody's system32 folder under a given MD5 hash, it's *far* more likely that another block with that same hash is from another copy of another identical system32 folder, than it is an actual accidental collision.) Protip: A good hash function is by definition one-way - given the data, it's easy to generate the hash - but reversing it to find the pre-image (the data that *generated* the hash) is massively difficult.
Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.
My point here is it IS possible to transfer just a hash and counter value and effectively generate identical data at the remote end. The limit that will be hit is the difficulty of generating and comparing hash values with current processing power. I'm proposing iterating through generated data up until the actual data. It's not even a storage issue, as once you have incremented the data you don't need to store old data or hash values - just the counter. No massive hash tables. It's a CPU issue. On 19 May 2011 00:42, valdis.kletni...@vt.edu wrote: On Thu, 19 May 2011 00:26:26 BST, Heath Jones said: I wonder if this is possible: - Take a hash of the original file. Keep a counter. - Generate data in some sequential method on sender side (for example simply starting at 0 and iterating until you generate the same as the original data) - Each time you iterate, take the hash of the generated data. If it matches the hash of the original file, increment counter. - Send the hash and the counter value to recipient. - Recipient performs same sequential generation method, stopping when counter reached. MD5 is a 128 bit hash. 2^128 is 340,282,366,920,938,463,463,374,607,431,768,211,456 - you're welcome to iterate that many times to find a duplicate. You may get lucky and get a hit in the first trillion or so attempts - but you may get unlucky and not get a hit until the *last* few trillion attempts. On average you'll have to iterate about half that huge number before you get a hit. And it's lossy - if you hash all the possible 4K blocks with MD5, you'll find that each of those 2^128 hashes has been hit about 256 times - and no indication in the hash of *which* of the 256 colliding 4K blocks you have on this iteration. (The only reason that companies can do block-level de-duplication by saving a hash as an index to one copy shared by all blocks with the same hash value is because you have a *very small* fraction of the possibilities covered, so if you saved a 4K block of data from somebody's system32 folder under a given MD5 hash, it's *far* more likely that another block with that same hash is from another copy of another identical system32 folder, than it is an actual accidental collision.) Protip: A good hash function is by definition one-way - given the data, it's easy to generate the hash - but reversing it to find the pre-image (the data that *generated* the hash) is massively difficult.
Re: Had an idea - looking for a math buff to tell me if it's possible
My point here is it IS possible to transfer just a hash and counter value and effectively generate identical data at the remote end. Nope. Let's use phone numbers as an example. I want to send you the phone number 540-231-6000. The hash function is number mod 17 plus 5. So 5402316000 mod 17 plus 5 is '7'. OK. counter = 0. Hash that, we got 5. increment and hash, we get 6. Increment and hash, we got 7. If we keep incrementing and hashing, we'll also get 7 for 19, 36, 53, 70, and roughly 317,783,289 other numbers before you get to my phone number. Now if I send you 2 and 7, how do you get that phone number back out, and be sure you wanted *that* phone number and not 212-555-3488, which *also* ends up with a hash of 7, so you'd send a counter of 2? The correct values I would send for that hash function are 7 and the approximate 317783289, the counter is incremented each time a data value is reached with a matching hash to the data that is to be communicated, *not hashing of the counter*.. Example: I want to send you the number 1. The MD5 hash of this is f59a3651eafa7c4dbbb547dd7d6b41d7. I generate data 0,1,2,3,4,5.. all the way up to 1, observing the hash value of the data just generated each time. Whenever the hash matches f59a3651eafa7c4dbbb547dd7d6b41d7 , I increment a counter. Once I have reached the number I want to send you, I send the hash value and the counter value. You perform the same function starting at 0 and working your way up until you have a matching counter value. The number of collisions in the range 0 - target is represented by the counter value, and as long as both sides are performing the same sequence this will work. Obviously this is completely crazy and would never happen with current processing power... It's just theoretical nonsense, but answers the OP's question.
Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.
Ha! I was wondering this the whole time - if the size of the counter would make it a zero sum game. That sux! :) On 19 May 2011 03:52, Brett Frankenberger rbf+na...@panix.com wrote: On Thu, May 19, 2011 at 12:26:26AM +0100, Heath Jones wrote: I wonder if this is possible: - Take a hash of the original file. Keep a counter. - Generate data in some sequential method on sender side (for example simply starting at 0 and iterating until you generate the same as the original data) - Each time you iterate, take the hash of the generated data. If it matches the hash of the original file, increment counter. - Send the hash and the counter value to recipient. - Recipient performs same sequential generation method, stopping when counter reached. Any thoughts? That will work. Of course, the CPU usage will be overwhelming -- longer than the age of the universe to do a large file -- but, theoretically, with enough CPU power, it will work. For a 8,000,000,000 bit file and a 128 bit hash, you will need a counter of at least 7,999,999,872 bits to cover the number of possible collisions. So you will need at leat 7,999,999,872 + 128 = 8,000,000,000 bits to send your 8,000,000,000 bit file. If your goal is to reduce the number of bits you send, this wouldn't be a good choice. -- Brett
Re: Pica8 - Open Source Cloud Switch
We are starting to distribute Pica8 Open Source Cloud Switches : http://www.pica8.com/ Seeing as you claim they are opensource, could you please point to the documentation of the hardware? Specifically, I am looking for information regarding the FPGA/ASIC's used for forwarding circuit diagrams. Cheers Heath
Re: Pica8 - Open Source Cloud Switch
We have dedicated servers. You get a 10 GHz 24-core CPU with 1TB of RAM. That's pretty clear and familiar to server geeks. Is that 10 as in Ten?
Re: neglected route-servers
If anyone from TWTelecom is here, it's probably time to swap out that NPE300 for something with more than 256MB RAM. It's running out of RAM and resetting all the BGP sessions before they finish getting full routes. And they have CDP turned on for you?
Re: reachability problems Europe-US?
Seems to be only source-prefix-based, but several ISPs in europe are affected. Can you post source and destination IP's ?
Re: reachability problems Europe-US?
Seems to be only source-prefix-based, but several ISPs in europe are affected. source: 131.220.0.0/16, 212.201.68.0/22, 212.201.72.0/21, destination: 65.122.178.73, 63.228.223.104 traceroute to 65.122.178.73 (65.122.178.73), 30 hops max, 40 byte packets 1 er-rz-gig-3-3.stw-bonn.de (131.220.99.62) 1.792 ms 1.275 ms 1.125 ms 2 xr-bon1-te2-3.x-win.dfn.de (188.1.233.193) 0.705 ms 2.132 ms 0.755 ms 3 xr-bir1-te2-3.x-win.dfn.de (188.1.144.9) 1.477 ms 1.936 ms 1.051 ms 4 zr-fra1-te0-7-0-5.x-win.dfn.de (188.1.145.46) 4.034 ms 3.734 ms 4.957 ms 5 64.213.78.237 (64.213.78.237) 3.866 ms 3.295 ms 26.854 ms 6 jfk-brdr-04.inet.qwest.net (63.146.26.225) 119.511 ms 92.735 ms 99.019 ms Based on all that, it looks like Qwest is not propogating your routes within their network. I was going to recommend route-views, but it might not reflect that now if you have dropped GBLX. Historical routing updates will show though if Qwest were advertising reachability to you (which would be a good indicator if they were filtering at their edge)
Re: AS6517 - Reliance Globalcom -- routing three more hijacked blocks
Well, anyway, here's three more hijacked blocks that they (AS6517) are routing. This is in addition to the 75 such blocks I've already reported. (I guess that makes 78 hijacked blocks for them, in total.) Out of curiosity, are you also reporting these blocks to Spamhaus? I expect their DROP list maintainers would be interested. With an IP space of just 2^32, I'd suspect they are better off maintaining a whitelist ;)
Re: reachability problems Europe-US?
... random traffic (into) their network via our transit link gets black-holed. So for the same source destination, sometimes it works, sometimes it doesn't?
Re: reachability problems Europe-US?
It seemed from the symptoms OP was seeing, that Qwest was the issue. Has GLBX reported to you that they are having a fault? If not, perhaps try tagging your exported routes to GLBX with 8010 as per this: http://onesc.net/communities/as3549/ On 7 October 2010 16:59, John van Oppen jvanop...@spectrumnet.us wrote: Global crossing is having major issues (since yesterday actually) in Seattle. Every path I see to dfn.de is via gblx and Microsoft hosts most of those sites out of the seattle area so they may be seeing the same issue. Based on what we can see gblx has a broken port-channel or something similar here as random traffic (into) their network via our transit link gets black-holed. We could not even reach global crossing's own name servers for a while. We gave up and turned down BGP yesterday until we hear from them. Based on graphs at the time things broke they appeared to be black-holing roughly 1/4 of what we were sending them. Thanks, John van Oppen Spectrum Networks / AS 11404 -Original Message- From: Thomas Schmid [mailto:sch...@dfn.de] Sent: Thursday, October 07, 2010 6:10 AM To: Heath Jones Cc: nanog@nanog.org Subject: Re: reachability problems Europe-US? Hi, On 07.10.2010 14:35, Heath Jones wrote: Seems to be only source-prefix-based, but several ISPs in europe are affected. Can you post source and destination IP's ? source: 131.220.0.0/16, 212.201.68.0/22, 212.201.72.0/21, destination: 65.122.178.73, 63.228.223.104 traceroute to 65.122.178.73 (65.122.178.73), 30 hops max, 40 byte packets 1 er-rz-gig-3-3.stw-bonn.de (131.220.99.62) 1.792 ms 1.275 ms 1.125 ms 2 xr-bon1-te2-3.x-win.dfn.de (188.1.233.193) 0.705 ms 2.132 ms 0.755 ms 3 xr-bir1-te2-3.x-win.dfn.de (188.1.144.9) 1.477 ms 1.936 ms 1.051 ms 4 zr-fra1-te0-7-0-5.x-win.dfn.de (188.1.145.46) 4.034 ms 3.734 ms 4.957 ms 5 64.213.78.237 (64.213.78.237) 3.866 ms 3.295 ms 26.854 ms 6 jfk-brdr-04.inet.qwest.net (63.146.26.225) 119.511 ms 92.735 ms 99.019 ms 7 * * * or quote from DE-CIX tech-list: [www.microsoft.com] --- We also have some connectivity problems to ms, changing the bgp routing to another tier 1 carrier don t resolve the problem --- Cheers, Thomas
Re: New hijacking - Done via via good old-fashioned Identity Theft
Certainly, fine folks at Reliance Globalcom Services, Inc. could tell us who is paying them to connect these hijacked blocks to their network, but I rather doubt that they are actually going to come clean and do that. Ron, I haven't been following this anti-spam stuff much since it went political with ARIN but I do have a few quick questions (relating to US law and spam). 1) Is spamming from within the US criminal activity? What constitutes spam in that case? 2) If you could justify the incoming spam as a DOS, is that criminal activity? Could you justify it as a DOS? 3) Is providing ARIN with bogus information just to get around their processes criminal activity? 4) Is obtaining disused IP space / AS allocations from assigned entity, and not updating ARIN criminal activity? 5) Is advertising Prefixes or AS number assigned to another entity criminal activity? 6) If any of the above could be classed as criminal activity, are Reliance Globalcom (in this case) legally obligated to cut them off?, or just help by switching on a packet capture (new law coming into effect i think??) Cheers Heath
Re: New hijacking - Done via via good old-fashioned Identity Theft
1) Is spamming from within the US criminal activity? Sadly, it appears not. In many cases it is however actionable. (And in other cases involving actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and related activity in connection with computers', it may, I think, be considered as an aggravating factor in determining punishments.) Wouldn't it have to be illegal before punishments could be determined? Isn't this kind of key to the whole issue of fighting spam?? (Is there even a point if you cant nail them for it?) What constitutes spam in that case? Are you asking what I think? Or what the majority of netizens think? Or are you asking what U.S. courts think? Those are three different answers. With regards to US court. 2) If you could justify the incoming spam as a DOS, is that criminal activity? Could you justify it as a DOS? Yes. No. Ok. 3) Is providing ARIN with bogus information just to get around their processes criminal activity? In this case, nobody provided ARIN with *any* bogus information, ever. (So your question is utterly irrelevant to this particular case.) Not at all irrelevant, I'm talking generically here (not specific to this case). Trying to cover all bases. 4) Is obtaining disused IP space / AS allocations from assigned entity, and not updating ARIN criminal activity? In this particular case, nobody appears to have ``obtained'' IP space from the various High Schools, Middle Schools, and Elementary schools involved, other than via deceit, trickery, and fraud. Were the various schools involved here ripped off? I would say yes. Does the fraud in this case rise to the level of being either criminal or actionable? I am not a lawyer, but my guess is that the answer is probably yes to both... *IF* anybody cared enough to persue it. I base that opinion stictly and only on the definition of the English language word `fraud' as given at www.merriam-webster.com. As regards to updating ARIN, or the lack thereof, the _absence_ of such ``updating'', in this case... i.e. the absence of any notice to ARIN that these blocks were being glomed onto... is part of the overall pattern of fraud in this case which, as I have said, I believe to be potentially both criminal and actionable... if anybody cared enough to persue it. But that's just my opinion, and I am not a lawyer. Perhaps there is a method of class action, as opposed to individual companies trying to sue? 5) Is advertising Prefixes or AS number assigned to another entity criminal activity? If it constitutes criminal fraud which deprives some party of some property, or some right, or the full enjoyment of some property or some right, to which they are otherwise entitled, under law, then yes, although I am not a lawyer, my limited understanding of the law in these United States indicates to me that yes, most probably such activity may well be considered criminal, in at least some circumstances, perhaps including the ones being discussed in this thread. Well that might possibly be a start of a legal avenue..? 6) If any of the above could be classed as criminal activity, are Reliance Globalcom (in this case) legally obligated to cut them off?, The answer to that depends, I think, upon whether they are _knowing_ participants in the fraud. If they merely got duped... which is indeed what is suggested by that fact that somebody paid $4,000 to get a specific domain name so that they could then dupe _somebody_ (where that somebody who was to be duped, in this case was clearly _not_ ARIN)... then in that case, Reliance Globalcom is just another one of the victims, and not one of the perpetrators. Hypothetically, if, once they have been duly informed that this particular fraud is ongoing, they do nothing, and continue announcing the routes even after allowing them a reasonable amount of time to properly investigate what is going on here, then at that point I think that yes, then they might in fact be criminally liable, civilly liable, or both. Might be worth pointing that out to them? Most companies don't like risk.. or just help by switching on a packet capture What would be the point of that?? I can already tell you what the blocks in question are most probably being used for, and have done so already, I think. I was referring to new legislation coming into effect that gives the FBI? the power to say 'flick the switch on now' and they then can log traffic.. All in all, it just seems pretty pointless trying to fight spam if the law isnt backing you. Filtering yes, fighting no.. Perhaps the law is what needs to be worked on? (As a general comment to all) Cheers Heath
Re: A New TransAtlantic Cable System
What's that quote again...? Oh, that's it: The more you know, the more you know you don't. It feels very appropriate now :) I was wondering for quite some time if there was a scientific term for that effect, since many of us seem to run into the opposite quite often. It turns out that it's the Dunning-Kruger effect: http://en.wikipedia.org/wiki/Dunning-Kruger_effect Ignorant bliss! :)
Re: Anyone can share the Network card experience
It depends on the speed of the PCI slot. In saying that, you are only trying to transfer 1Gb/s. http://en.wikipedia.org/wiki/PCI_Express Note the thoughts on there about full duplex.. PCI Express 1.0a In 2003, PCI-SIG introduced PCIe 1.0a, with a data rate of 250 MB/s and a transfer rate of 2.5 GT/s. PCI Express 2.0 PCI-SIG announced the availability of the PCI Express Base 2.0 specification on 15 January 2007.[9] The PCIe 2.0 standard doubles the per-lane throughput from the PCIe 1.0 standard's 250 MB/s to 500 MB/s. This means a 32-lane PCI connector (x32) can support throughput up to 16 GB/s aggregate. The PCIe 2.0 standard uses a base clock speed of 5.0 GHz, while the first version operates at 2.5 GHz. I can't give you practical advice, but its a good place to start your reading... Cheers Heath On 5 October 2010 15:01, Deric Kwok deric.kwok2...@gmail.com wrote: Hi Anyone can share the Network card experience ls onborad PCI Expresscard better or Plug in slot PCI Express card good? How are their performance in Gig transfer rate? Thank you so much
Re: Anyone can share the Network card experience
For 10Gbit we use Intel cards for production service machines, and ConnextX/Intel in the HPC cluster. Greg - I've not been exposed to 10G on the server side.. Does the server handle the traffic load well (even with offloading) - that's a LOT of web requests / app queries per second! Or are you using 10G mainly for iSCSI / file serving / static content? Cheers
Re: A New TransAtlantic Cable System
Erbium Doped Fiber Amplifiers (EDFAs) do not re-shape or re-time the signals (the last 2 R's in 3R -- re-amplification, re-shaping, and re-timing) Thanks Chris - even more reading to do :) It's interesting stuff that's for sure. This is also pretty cool: http://en.wikipedia.org/wiki/Chirped-pulse_amplification I just had a thought about EFDA - please forgive my lack of terminology though, i'll try to explain: Say you have signal coming in to EFDA, the signal is just amplified (as you said, also noise - the whole source signal). Would it be possible to extract via PLL or similar the source clock and use that to modulate the amplifier power? Does it work with QPSK / whatever keying is used? Would that even help with the noise issue at all, or am I way off? Cheers
Re: A New TransAtlantic Cable System
Would it be possible to extract via PLL or similar the source clock and use that to modulate the amplifier power? Although you can amplify just a single wavelength with an EDFA (has to be in the 1550nm range, not 1310nm), most deployments are using EDFAs in a DWDM environment. The C-band alone consists of ~5THz (5000GHz) of spectrum between 191.00-195.95 Thz. Some systems pack 40 wavelengths into this space at 100GHz spacing, some 80 channels @ 50GHz spacing, others 160 @ 25GHz. Each of these signals is independent, they can each be using different modulation/bitrate/etc. The amplifiers are completely ignorant to what is going on with each channel, only the devices performing conversion back to the electrical domain need to care about these details (after the incoming light has been demultiplexed into individual signals, of course). I'm wondering if it could be done per wavelength? I guess that would be pretty ridiculous having demux + 160 * decoder + 160 * efda + mux.. Just wondering if the theory works though?
Re: A New TransAtlantic Cable System
By the way, my recollection is the undersea regenerators do purely optical regeneration. There is no O-E conversions undersea, only at the landing stations and terrestrial components. I'm not clever enough to know of some way that you could do optical regeneration without converting the signal to electrical and retransmitting back as optical.. How is that done?
Re: A New TransAtlantic Cable System
What's that quote again...? Oh, that's it: The more you know, the more you know you don't. It feels very appropriate now :) Cheers Patrick for that great info to everyone who contacted me off-list also! A halfway-decent description of the physics of how this is done, is covered in Neal Stephenson's excellent article on Wired: http://www.wired.com/wired/archive/4.12/ffglass.html
Re: A New TransAtlantic Cable System
On 2 October 2010 10:52, Rod Beck rod.b...@hiberniaatlantic.com wrote: Is that a straight line calculation or did you take into account that a straight line is not the shortest path on a curved surface? Well that is pretty obvious to most, but no - I didn't go to the effort of factoring in curvature of the earth - especially given that 1.5 is very rough figure anyway for RI of glass. If anything, my comment was compliment to your network being close to minimum possible latency!
Re: ARIN IP/AS Assignment
On 2 October 2010 08:17, Imran Moin imranm...@gmail.com wrote: Hello All, I was wondering how long it is taking ARIN these days to assign new IP block and AS Number. We are a new startup and looking to build our network over the next few months. I think they are a bit preoccupied at the moment... ;) ps. I'm not really sure of their timescales..
Re: router lifetime
How long do you keep a router in production? What is your cycle for replacement of equipment? Hi Franck It really depends on the type of network you are running, the rate at which new features bandwidth are required, and the availability of software and hardware upgrades. Also, in a lot of cases it is vendor driven - devices that are still very much in production are forced to be replaced because of vendor product lifecycle and the phasing out of support, even when serving their requirements well. Care to elaborate a little more on your planned scenario? Cheers Heath
Re: AS11296 -- Hijacked?
On 1 October 2010 06:47, Ronald F. Guilmette r...@tristatelogic.com wrote: I hope this may ally some of the concern that has been expressed about me not being more forthcomeing about the details of this case. Cheers Ron for coming forth with your reasoning, it is appreciated. Your bit of trust in me/us has gone a long way, and its good to understand your motivation and how you came to your conclusions. I'm actually quite surprised that you have found so much spam coming out of the US! I would have thought less developed countries where its easy to obtain unregulated connections, with little legal repercussion would be more popular. Then again, I personally have not done a lot of research in the field. Good luck with your endeavour. Heath
Re: RIP Justification
RIPv2 is great for simple route injection. I'm talking really simple, just to avoid statics. And there, my friend, is the crux of the matter. There's almost no place imagineable where injecting routes from RIPv2 is superior to statics. Well, let me stimulate your imagination.. IPVPN cloud provided by carrier. Head office is ethernet into cloud. Remote sites are DSL, so terminating on LNS within cloud, and have one or more prefixes behind CPE. Pretty simple stuff. Now, when traffic comes from head office destined for a site prefix, it hits the provider gear. That provider gear will need routing information to head to a particular site. If you wanted to use statics, you will need to fill out a form each time you add/remove a prefix for a site and the provider must manage that. Its called a 'pain in the arse'. Enter RIPv2.
Re: BGP next-hop
Section 9.1.2.1 of RFC 4271 seems to address this. A few points from that section: - The BGP NEXT_HOP can not recursively resolve (directly or indirectly) through the BGP route. - Only the longest matching route should be considered when resolving the BGP NEXT_HOP. - Do not consider feasible routes that would become unresolvable if they were installed. There are 2 ways of reading that.. Perhaps i'll go and look at the it in more details. I'm trying to think of a scenario where following this or something similar would break it: - Don't use BGP prefixes to resolve next-hop. - You can use 0/0 or any route with a lower administrative distance to resolve the next-top. With that in mind, I wonder if it works with Juniper (ad = 170 vs 20 from memory)..
Re: ARIN Fraud Reporting Form ... Don't waste your time
Come one mate, there's no need to be just outright insulting people. Sure everyone disagrees on some things, but still... Lets play out this scenario then. What would you recommend ARIN actually do? I don't mean 'take a stance' or 'have an opinion', but rather what process should in your mind they be following? There are still other avenues. I mentioned in a previous email about IETF or a working group to come up with ideas and methods to combat spam and abuse. If you put as much time into one of them as you do fighting with the spammers directly and ARIN, then you might actually end up solving the problem at the core! I really don't want to drag this anti-spam stuff out. There's been a huge amount of posting these last few days over this (of which I am a culprit also), but I do think its valuable to hit this nail on the head. In other words, perhaps other people on this list are getting a bit fed up with it, so lets just sort it out and quickly..
Re: RIP Justification
On 1 October 2010 12:19, Tim Franklin t...@pelican.org wrote: Or BGP. Why not? Of course, technically you could use almost any routing protocol. OSPF and IS-IS would require more configuration and maintenance, BGP even more still. I think this is a pretty good example though of how RIPv2 is probably the most appropriate for the job. It doesnt require further configuration from the provider side as new sites are added and is very simple to set up and maintain.
Re: A New TransAtlantic Cable System
http://finance.yahoo.com/news/Hibernia-Atlantic-to-bw-3184701710.html?x=0.v=1 Roderick S. Beck Director of European Sales Hibernia Atlantic Sales spam - but still - very close to minimum possible latency! 3471 miles @ 186,282 miles/s * 1.5 in glass * 2 round trip = 55.9ms.
Re: A New TransAtlantic Cable System
Yeah, I wonder when we're gonna see cable that's pumped down to a vacuum in the center? :) Start pumping.. :) Actually, to my surprise, the refractive index in air is quite close to a vacuum - so I figured we could set up a laser link between NY and London, with 'yo mama' sitting in a boat in the middle of the Atlantic to give it the required bend... ps. that concludes my very poor attempt at humour.
Re: RIP Justification
Tim hit the nail on the head. Maintaining statics on a large network would become a huge problem. Human error will eventually occur. The network scenario I am speaking of is DSL/Cable type setups, where a customer could move from router to router(DSLAM/CMTS) due to capacity re-combines. Utilizing a dynamic routing protocol makes these types of changes easier to digest. Just to be perfectly clear with the scenario I was referring to (L3VPN with all remote sites hitting provider router) that Tim was responding to.. The kit is all managed - customer has no access to it. I should have mentioned that before, as it's a pretty key point to the example, perhaps it was thought the customer could touch it? What is needed is simply one step above statics so the provider does not have to maintain them. Loops or hop count are a non-issue, and the customer sites have no redundancy. It's not even a requirement to have fast convergence. All that is required is to have the CPE say 'here is 10.0.0/24', or at a later date, '10.0.1/24' without any work on any other equipment. Nice and easy. RIPv2. Arguing that BGP should be used over RIPv2 in this scenario becomes interesting, as BGP would offer no real advantages and requires further configuration in most cases for each site deployed. It also introduces more overhead for the carrier, the same with OSPF and IS-IS. In other scenarios - of course choose a different protocol - but for this one, I think its a good example for the OP as to why RIPv2 is still used.
BGP next-hop
Hi all, Is there an easy way to see which iBGP routes are not being selected due to next-hop not being in IGP? Before and after IGP route added shown below, note both are marked as valid.. -- BEFORE IGP-- AS5000_LA#show ip bgp BGP table version is 5, local router ID is 10.0.0.5 Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * i100.10.0.0/1610.0.0.100100 0 2000 3000 ? * 10.0.0.6 0 1000 3000 3000 ? -- AFTER IGP-- AS5000_LA#show ip bgp BGP table version is 6, local router ID is 10.0.0.5 Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *i100.10.0.0/1610.0.0.100100 0 2000 3000 ? * 10.0.0.6 0 1000 3000 3000 ? Cheers Heath ps. I've posted this to cisco-nsp also (a day ago) - so apologies in advance if you are on both and seeing it twice.
Re: BGP next-hop
Cheers Jeff. I thought i'd give that a go, but it doesnt seem to be working for some reason! (This is without next-hop in IGP) AS5000_LA#show ip bgp BGP table version is 3, local router ID is 10.0.0.5 Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 100.10.0.0/1610.0.0.6 0 1000 3000 3000 ? * i 10.0.0.100100 0 2000 3000 ? AS5000_LA#show ip bgp rib-failure NetworkNext Hop RIB-failure RIB-NH Matches AS5000_LA# AS5000_LA#show ip bgp 100.10.0.0 BGP routing table entry for 100.10.0.0/16, version 3 Paths: (2 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Advertised to update-groups: 2 1000 3000 3000 10.0.0.6 from 10.0.0.6 (10.0.0.13) Origin incomplete, localpref 100, valid, external, best 2000 3000 10.0.0.10 (inaccessible) from 10.0.0.2 (10.0.0.9) Origin incomplete, metric 0, localpref 100, valid, internal From the detail view, the route is marked as inaccessible. Perhaps this is the only way to get to it.. Heath
Re: RIP Justification
On 30 September 2010 22:11, Jack Carrozzo j...@crepinc.com wrote: As it was explained to me, the main difference is that you can have $lots of prefixes in IS-IS without it falling over, whereas Dijkstra is far more resource-intensive and as such OSPF doesn't get too happy after $a_lot_less prefixes. Those numbers can be debated as you like, but I think if you were to redist bgp ospf on a lab machine you'd get the point. Both OSPF and IS-IS use Dijkstra. IS-IS isn't as widely used because of the ISO addressing. Atleast thats my take on it.. RIPv2 is great for simple route injection. I'm talking really simple, just to avoid statics.
Re: BGP next-hop
show bgp ipv4 unicast 100.10.0.0/16 why-chosen Would be insanely useful. Been in JUNOS show route since day one, and IMHO is easily in the top 10 list of why I still buy Juniper instead of Cisco despite all the $%^*ing bugs these days. Its interesting, I was heavy into cisco years back and then juniper for a while. Going back to cisco now is great (always good for me to keep my exposure up), but there is just so much unclear in it's CLI. It wasn't until going back that I realised. I guess they would have to balance keeping the old timers scripts etc happy VS bringing in new features that make the output look different.. Do you keep something that isn't perfect but people know how to use, or change it and cause more issues than good? ps. Juniper has really gone to $h!t lately. There's a website called glassdoor.com that I found - go look up what employees have to say about it.. reflects exactly the support we were getting, even as as an 'elite' partner..
Re: RIP Justification
Haha It's all good :) You are right about IS-IS being less resource intensive than OSPF, and that it scales better! On 30 September 2010 23:50, Jack Carrozzo j...@crepinc.com wrote: Both OSPF and IS-IS use Dijkstra. IS-IS isn't as widely used because of the ISO addressing. Atleast thats my take on it.. Sorry, my mistake. I'll go sit in my corner now... -Jack
Re: BGP next-hop
it seems it gets the bgp route for 147.28.0.0/16 and then can not resolve the next hop. it would not recurse to the default exit. of course it was solved by ip route 147.28.0.0 255.255.0.0 42.666.77.11 but i do not really understand in my heart why i needed to do this. Neither do I, Randy. I have seen recursive routing done - perhaps on a juniper - i really cannot remember. Given that the packet would be originating from the device itself (not hardware forwarded), it would make sense that it should be able to perform a recursive lookup. I'd put it down to an implementation thing.. Unrelated, I was doing some thinking about a multihomed site and using BGP advertisments sent out one link (provider 1) to influence the sending of the advertisments out of the other link (provider 2). Long story short I needed to know how long bgp nlri's take to traverse the net, and subsequently have a paper that you co-authored open in another tab - well done! :)
Re: AS11296 -- Hijacked?
Out of curiosity, what led you to this conclusion? A number of factors, actually. Although I had started to type up a lengthy and elaborate response to your eminently reasonable question, on second thought, I don't think that I actually want to go into detail on this case, as anything I might say as regards to how I detected this would just allow future hijackers to evade me that much more effectively. So I'm sorry to be giving you a non-answer, but actually, I think that's best for now. Let me reword... What is stopping someone coming on the list, making a claim like you have in an attempt to actually cause a DOS attack, by having some clumsy network engineers starting to block traffic in reaction to your post? I'm sure that you've done your investigation (dont get me wrong) and your might sure be right in your assertions, nevertheless evidence is pretty much needed for a claim like that! In any case, further discussion of this particular case now appears to be moot. Ok, but back to my point - what is the evidence and how are people to trust what your saying? P.S. Yes, I actually _am_ blocking inbound e-mail from google/gmail. Too much spam from there, and far too little action to correct the abundant problem(s). (Can you spell E-V-I-L?) Also blocked here: Yahoo and Hotmail, for the same reasons. (To big to fail? No. Just too big to care. They don't need me, and I sure as hell don't need them.) Let me get this right.. You use your own mail server and have problems filtering spam. I use gmail and don't have that problem. I guess you don't have a real mail server of your own that you can use. For that, you have my sympathies. The only time I have problems is when I try and send an email to some muppet that has blocked gmail hotmail god knows what else. Perhaps you should do yourself a favour, turn off your mail server and open up a gmail/hotmail account like the rest of the population.
Re: AS11296 -- Hijacked?
As to his decision to block Gmail (or any other freemail provider), everyone with sufficient knowledge in the field knows that these operations are prolific and habitual sources of spam (via multiple vectors, not just SMTP; Google accounts for more Usenet spam hitting my filters than all other sources combined). It's thus not at all unreasonable for some operations to revoke (some oor all of) their privileges by way of self-defense. So I think a better response would be to skip the snark and instead reconsider the decision to use a freemail provider for professional (outbound [1]) communications. They are also prolific and habitual sources of people who might want to use email.. By your measure (and everyone that blocks these services), when is it appropriate to have a gmail/hotmail account? Are you saying that the general population are all doing it wrong and that we should all change? Or am I missing your point entirely?
Re: Software-based Border Router
What's the real-world power consumption and heat like? 455 days shows some pretty good reliability! Cheers for the info Curtis
Re: AS11296 -- Hijacked?
Bottom line, there is more to it than someone just popping up on a list saying something. If you have the time to go and investigate all of that yourself, its good to know you've thought about the metrics you would use. Sometimes, people do this thing called 'referencing'. Its basically where you list your sources of information and associated evidence that led you to your conclusion :) My question is a pretty simple one Out of curiosity, what led you to this conclusion?, because there were no references.. Apparantly he has super-duper top secret methods that he doesn't want to share. That's fine - I won't waste my time with it anymore.
Re: RIP Justification
IPVPN arrangement with multiple sites no redundancy for each small site. RIP to advertise networks from each site towards cloud, quick and easy.
Re: AS11296 -- Hijacked?
Robert, I dont think you quite get it. Don't worry, you don't seem to be alone. The point here is simple. If someone posts making a recommendation for every AS to filter some prefixes, not provide any references by default, its not helpful. When questioned about the rationale, if said person then declines to provide evidence, the picture starts to form. It is relatively easy to detect spam, it is easy to have enough honeypots filters matching corresponding bgp lookups to find out path information. Immediately you have a technique which - regardless of the lists a spammer reads - will catch spammer. By working as a community, the accuracy and speed of detection increases. By sharing information, things improve. The problem is certainly not detection!! (in contrast to the clamed need to hide detection methods) Posting to a list like this telling everyone to block traffic might be in some people's eyes as ok, but there are a few problems: 1) No peer review. The data has not been checked, the prefixes might be incorrect. The methods might be completely wrong - who knows! This is certainly the #1 issue. 2) Length of time to implement. Most serious ASs would do sanity checking and even possibly a change window or atleast a signoff. 2) Post advertisment removal. What process to ASs have in place to check and remove these rules? More sanity checking and another change. 3) The comment about ARIN, as if to imply that they are supposed to somehow 'police' the internet. This shows a complete lack of understanding of the architecture of the internet. 4) A person who blocks gmail for their own - non customer affecting - mail server cannot be in a position to advise of real - customer affecting - changes, and shows a recklessness towards adhoc blocking of anything. As a hypothetical situation, say a new customer pops up on a network with a prefix and origin that haven't been seen before. This customer badly configured their mail server, its an open relay. Spammers being smart, watch new BGP advertisments knowing that this might be the case. Some kind sir sees the spam coming from the open relay and posts on here, telling everyone to block it, thus completely killling the new customer network before its even got off the ground properly. By the time it has come around, half the ISPs are blocking it and they are completely screwed all because of 1 mistake and someone not having their information peer reviewed and no action to notify or help out the isp. Posting ASs prefixes for people to block without any questioning is just plain stupid and not the way to handle it. If the goal is to get rid of spam, then why not put brains together and come up with a much better system. IETF? Independant working group? I can think of a number of ideas as I am typing this that could be beneficial. I am happy of course to share with anyone interested. Sure, people can post pretty much what they want and people can choose to use or ignore, but we are a bit past that argument now. There has been (to use your method) *zero* technical reasons supporting the argument of blocking these prefixes. If you know of one, please voice it. ps. I have also received posts offline about the support for blocking gmail / hotmail / whatever. I can appreciate that it is your own personal infrastructure, you have your reasons, and if it works for you then good. I certainly wouldn't do it for my customers, otherwise they would constantly call. Phone spam :)
Re: RIP Justification
This is why they need a 'like' button on nanog!! :) I once had cause to write a RIP broadcast daemon while on-site with a client; they had some specific brokenness with a Novell server and some other gear that was fixed by a UNIX box, a C compiler, and maybe 20 or 30 minutes of programming (mostly to remember the grimy specifics of UDP broadcast programming). I do not recall the specific routing issue, but being able to just inject a periodic spoofed packet was sufficient to repair them.
Re: AS11296 -- Hijacked?
This is not what the Team Cymru Bogons list for? http://www.team-cymru.org/Services/Bogons/ I just had a very quick look at that site and it seems at first glance to just be providing information on unallocated prefixes/ASs.. They are prefixes/ASs that spammers can and do use, but if you have a look at cidr report or potaroo then you will see that an ISP who filters based on that will cause some issues (allocation records are not always up to date). List bad ASNs after proper investigation? Not really, just based on registry information as far as I can see. For instance, if a known and stable AS suddenly started originating spam, it doesnt look like that would appear on the site. It then depends if you trust Team Cymru or not, like you would trust or not Spamhaus... Trust will always be the issue. Peer review and communication is one way of building trust.
Re: Software-based Border Router
He must have meant the actual chassis/box/case... Vyatta has hardware forwarding? Real hardware forwarding? Where? -Original Message- From: Curtis Maurand [mailto:cmaur...@xyonet.com] Vyatta has support contracts. If you want hardware, they've got that, too.
Re: AS11296 -- Hijacked?
Out of curiosity, what led you to this conclusion? Evidence strongly suggests that AS11296 together with all of the IPv4 space it is currently announcing routes for, i.e.: have all been hijacked. I will be reporting this formally to ARIN today, via their helpful fraud reporting web form.
Re: AS11296 -- Hijacked?
He blocked google mail? WTF? -- Forwarded message -- From: Mail Delivery Subsystem mailer-dae...@googlemail.com Date: 28 September 2010 20:49 Subject: Delivery Status Notification (Failure) To: hj1...@gmail.com Delivery to the following recipient failed permanently: r...@tristatelogic.com Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 mail-qy0-f176.google.com[209.85.216.176]: Client host rejected: Domain google.com BLACKLISTED - Use http://www.tristatelogic.com/contact.html (state 14). - Original message - MIME-Version: 1.0 Received: by 10.224.62.217 with SMTP id y25mr308053qah.193.1285703359508; Tue, 28 Sep 2010 12:49:19 -0700 (PDT) Received: by 10.229.226.204 with HTTP; Tue, 28 Sep 2010 12:49:12 -0700 (PDT) In-Reply-To: 63619.1285701...@tristatelogic.com References: 63619.1285701...@tristatelogic.com Date: Tue, 28 Sep 2010 20:49:12 +0100 Message-ID: aanlkti=qx7cx4f3y_az803wdpmkmtc_hzzpsmdqs1...@mail.gmail.com Subject: Re: AS11296 -- Hijacked? From: Heath Jones hj1...@gmail.com To: Ronald F. Guilmette r...@tristatelogic.com Cc: nanog@nanog.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Out of curiosity, what led you to this conclusion? Evidence strongly suggests that AS11296 together with all of the IPv4 space it is currently announcing routes for, i.e.: have all been hijacked. I will be reporting this formally to ARIN today, via their helpful fraud reporting web form.
Re: Software-based Border Router
Do jitter sensitive applications have problems at all running? What would you say is the point at which people should be looking for a hardware forwarding solution? Differences: - Hardware forwarding - Interface options - Port density - Redundancy - Power consumption - Service Provider stuff - MPLS TE? VPLS? VRF?? Any others?
Re: Software-based Border Router
Oh, support contract!!? Differences: - Hardware forwarding - Interface options - Port density - Redundancy - Power consumption - Service Provider stuff - MPLS TE? VPLS? VRF?? Any others?
Re: large icmp packet issue
How can i be sure even if a device blocks my ping , it might have policy blocking ping at it at all. Correct in a lot of cases and that is why icmp should not be used by itself when diagnosing issues. I am having problem getting ping to work to a specific destination host when using large size icmp packet and i am hoping someone here can offer some suggestion. With regular ping, i can ping this remote host without any problem, but if i crank up the packet size to above 1500 (1500 still works), i won't get any icmp reply. My first thought was this was a pmtu issue. but when I ran tcpdump on this remote host, i saw the incoming ping requests and this host actually sent back icmp replies, so it appears that there is some device in between blocking these large size icmp reply packets. It is possible that the MTU for interface facing you and interface facing away from you are different on some middle hop. It is interesting that you state the packet size to be 1500, are you talking about jumbo frames? (and do you mean frame size, not packet size?) Here is the question, how can i find out which hop on the path is causing this behavior? Robert is correct. You need to use traceroute, or alter the TTL values when you send the icmp requests. By setting dont-fragment and varying ttl frame sizes, you should find your issue.
Re: Routers in Data Centers
I'm more than interested in developing a much cheaper, hardware forwarding router.. I think there is a lot of room for innovation - especially at the target market in this thread. If anyone wants to work with me on this, just let me know! I've got a tonne of ideas and a bit of free time.. NetFPGA is a good platform, im saving my pennies to buy one and do some development. Its only a 4 port device, so not a device you would really use in production however. I hate to sound (more) like a broken record but if people want to see open source hardware forwarding platforms succeeding (and the software platforms get better), then look at trying to be involved in their development.
Re: Facebook Issues/Outage in Southeast?
I can ping them but not access them over Cogent here in Tysons Corner, Virginia - looks like a server issue to me. Want to see something funnier: http://downrightnow.com/ Exactly the same as what your seeing for facebook. Working icmp, broken http. I wonder if 10^234 people are all trying to find out if facebook is down by going to this site, and crashing it.. :)
Odd BGP AS Path
Hi all, Probably a silly question, but can anyone explain to me this: 3561 3356 9031 {35821,35821,35821,35821} i To explain it a bit better, I'm looking at real routing information from routeviews (#3). According to RFC 4271 (9.2.2.2 Aggregating Routing Information): For the purpose of aggregating AS_PATH attributes, we model each AS within the AS_PATH attribute as a tuple type, value, where type identifies a type of the path segment the AS belongs to (e.g., AS_SEQUENCE, AS_SET), and value identifies the AS number. ... No tuple of type AS_SET with the same value SHALL appear more than once in the aggregated AS_PATH. Am I misreading things, or is this path information out of spec? Cheers Heath
Re: Odd BGP AS Path
please support draft-wkumari-deprecate-as-sets-00.txt I just noticed that then - looking through idr list archives. I'll give it a read.. What is the best way to support, just email the list? Cheers