RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

[Jason Baugher]

John Levine said:

> It appears that Brandon Martin  said:
>>I think the issue with their lack of effectiveness on spam calls is due
>>to the comparatively small number of players in the PSTN (speaking of
>>both classic TDM and modern IP voice-carrying and signaling networks)
>>world allowing lots of regulatory capture.

> It's the opposite. SS7 was designed for a world with a handful of large 
> trustworthy telcos. But now that we have VoIP, it's a world of a zillion 
> sleasy little VoIP carriers stuffing junk into the network.
> The real telcos have no desire to deliver spam calls. Everything is bill and 
> keep so they get no revenue and a lot of complaints.

> Mike is right that STIR/SHAKEN is more complex than it needs to be but even 
> after it was widely deployed, the telcos had to argue with the FCC to change 
> the rules so they were allowed to drop spam calls which only changed > 
> recently. That's why you see PROBABLE SPAM rather than just not getting the 
> call.

STIR/SHAKEN is more complex than it needs to be, sure, but for the time being 
it's effectively broken anyway. If you're in an area where you have to connect 
to an ancient TDM-only LATA tandem, even though you'd like to do STIR/SHAKEN, 
it can't be done over an SS7 call. The call gets to the terminating carrier, 
who decides in their infinite wisdom that since it's not signed, to tell their 
customer it's SPAM-LIKELY. Well, that's helpful. STIR/SHAKEN implementation 
deadlines should have started at the core of the PSTN - transit and tandems - 
and moved out towards the edge. Instead it started at the edge, we all got 
complaint, and we still can't deliver calls because the core of the PSTN is 
lagging.

Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

RE: Should FCC look at SS7 vulnerabilities or BGP vulnerabilities

[Jason Baugher]

On Thursday, May 16, 2024 6:18 PM, Brandon Martin wrote:

> On 5/16/24 16:05, Josh Luthman wrote:
>> The FCC has spent the last several years hounding us voice providers
>> over spam calls.  They've implemented laws.  They have required us to
>> do paperwork.  Have they been successful in that task?
>>
>> Now do you think they're going to properly understand what an SS7 or
>> vulnerability is?

> The FCC absolutely is going to have experts in house who know what SS7 is and 
> who are likely aware of the basics of how it works and what vulnerabilities 
> that might "obviously" lead to.  Whether they have anyone in house who knows 
> it in technical detail and would be able to audit it from a protocol and 
> implementation level to come up with novel vulnerabilities or even really 
> understand in detail how published vulnerabilities work is perhaps another 
> matter, but they don't necessarily need that to come up with effective 
> advisory guidelines or even mandatory regulations if they invite proper 
> comment from the industry and review them.

I'm not so sure about the FCC or any government agency having technical experts 
in-house. Possibly they exist, but the chances of their voices being heard are 
low. Not only that, but I feel that any time an expert isn't actually working 
actively in their field, they quickly stop being an expert.

> Regulating the phone system is not exactly a new thing for the FCC, after all.

No, it isn't. And yet, the same old problems seem to persist, primarily caused 
by the same companies, doing the same things they've always done. When the 
fines are far lower than the profits, nothing will really change. See rural 
call termination as an example.

> I think the issue with their lack of effectiveness on spam calls is due to 
> the comparatively small number of players in the PSTN (speaking of both 
> classic TDM and modern IP voice-carrying and signaling networks) world 
> allowing lots of regulatory capture.  That's going to keep the FCC from 
> issuing mandatory rules much beyond what much of the industry is on the road 
> to implementing already to keep their customers placated.

Rules are issued and the big companies use armies of lawyers to either 
influence the writing of the regulations or avoid them completely. In the rare 
case that a fine is levied, it's negotiated down by the same armies of lawyers 
to the point where it has no impact on the behavior.

> The Internet is at least a little different in that it is set up more as a 
> system where every player has some degree of parity in operation regardless 
> of their size or footprint, and the self-governance rulemaking is much more 
> out in the open.  I suspect that's why we've had some success with getting 
> BGP security not just addressed in guidance but actually practically improved.

So, the Internet has done a better job of self-regulating than the PSTN being 
regulated by the FCC? It seems then that the better plan would be to not 
increase regulation, but decrease it.

> That self-governance and openness also improves the FCC's ability to gather 
> information and I suspect also improves the quality and relevance of official 
> public comments that they receive.

The FCC is unfortunately ultimately a political organization. The amount and 
type of regulation waxes and wanes depending on which party holds the majority 
of chairs. It would be amazing if that wasn't the case, but it's clear that 
unless something changes drastically in how the org is structured, that's the 
reality we have to deal with. Remove politics and money from the process, and 
we'd see different results.

> I do think the FCC should at least consider looking at SS7 security...and 
> perhaps they should attempt to just get rid of it.  It's really only relevant 
> for legacy TDM networks at this point, from what I can tell, with essentially 
> all modern IP voice-carrying networks instead using SIP.  Maybe it's time for 
> it to just die along with the TDM PSTN which a lot of states are essentially 
> killing off by removing mandatory service offering, anyway.

As much as most of us would like to be 100% SIP, it's the big guys holding us 
back with legacy TDM networks and lata tandems. There are plenty of telcos that 
are completely IP-based voice within their networks, and still have to use SS7 
connectivity to connect outside. When - RBOC of your choice here - won't 
connect via SIP, they're stuck with keeping SS7 going. It's getting better, 
because there are more options all the time to move away from that RBOC 
connectivity, but we'd have done it years ago if we'd had any cooperation from 
the RBOCs and tandems. Any order from the FCC to put an end date on SS7 would 
need to start with forcing the RBOC's and tandems to upgrade their networks to 
actually support SIP. Good luck with that w

RE: maximum ipv4 bgp prefix length of /24 ?

[Jason Baugher]

Let me see if I can summarize, tell me where I’m wrong…

You: Give me this for free, give me that for free, sponsor me, why isn’t HE 
giving me something for free, everyone else should spend money to upgrade 
infrastructure to handle my request for /27, but I shouldn’t have to pay for 
anything…

Jason

From: NANOG  On Behalf Of 
VOLKAN SALIH
Sent: Friday, September 29, 2023 2:45 AM
To: Vasilenko Eduard ; Owen DeLong 

Cc: nanog@nanog.org
Subject: Re: maximum ipv4 bgp prefix length of /24 ?

CAUTION: This email is from OUTSIDE our organization.
Please do not open/download any attachment or click any link unless you know 
it's safe.

Many people from big companies/networks are either member of NANOG or 
following/reading NANOG from archives.

I was also going to ask if anyone / any company can sponsor (feeless) IPv4 /24 
prefix for my educational research network? (as209395)

We do not do or allow SPAM/spoofing and other illegal stuff, we have RPKI 
records and check RPKI of BGP peers.

We also consider to have BGP session with HE.net and CogentCo in the future, so 
we can re-announce their single-homed prefixes to each other, as charity. For 
the good of everyone on the internet..

Mr. M.Leber from He.net also stopped feeless BGP tunnel service, as he has not 
seen financial benefit, while still talking about community-give-back?! And he 
still seeks feeless peering from CogentCo, you get what you give.whatever goes 
around comes around

Thanks for reading, best regards and wishes


29.09.2023 09:57 tarihinde Vasilenko Eduard yazdı:
Well, it depends.
The question below was evidently related to business.
IPv6 does not have yet a normal way of multihoming for PA prefixes.
If IETF (and some OTTs) would win blocking NAT66,
Then /48 propoisiton is the proposition for PA (to support multihoming).
Unfortunately, it is at least a 10M global routing table as it has been shown 
by Brian Carpenter.
Reminder, The IPv6 scale on all routers is 2x smaller (if people would use DHCP 
and longer than/64 then the scale would drop 2x additionally).
Hence, /48 proposition may become 20x worse for scale than proposed initially 
in this thread.
Eduard
From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei@nanog.org] On 
Behalf Of Owen DeLong via NANOG
Sent: Friday, September 29, 2023 7:11 AM
To: VOLKAN SALİH <mailto:volkan.salih...@gmail.com>
Cc: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: Re: maximum ipv4 bgp prefix length of /24 ?

Wouldn’t /48s be a better solution to this need?

Owen




On Sep 28, 2023, at 14:25, VOLKAN SALİH 
mailto:volkan.salih...@gmail.com>> wrote:


hello,

I believe, ISPs should also allow ipv4 prefixes with length between /25-/27 
instead of limiting maximum length to /24..

I also believe that RIRs and LIRs should allocate /27s which has 32 IPv4 
address. considering IPv4 world is now mostly NAT'ed, 32 IPv4s are sufficient 
for most of the small and medium sized organizations and also home office 
workers like youtubers, and professional gamers and webmasters!

It is because BGP research and experiment networks can not get /24 due to high 
IPv4 prices, but they have to get an IPv4 prefix to learn BGP in IPv4 world.

What do you think about this?

What could be done here?

Is it unacceptable; considering most big networks that do full-table-routing 
also use multi-core routers with lots of RAM? those would probably handle /27s 
and while small networks mostly use default routing, it should be reasonable to 
allow /25-/27?

Thanks for reading, regards..


Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

RE: "Permanent" DST

[Jason Baugher]

In the 70's, you couldn't check your smartphone to find out when a business was 
open, so there was a certain assumption that it would be open not only during 
"normal business hours", but that it would be consistent throughout the year. 
We live in a completely different world today, where I'd venture to say that 
the majority of the population isn't starting their day at dawn and ending it 
at dusk. Farmers work on that kind of schedule, but they don't care what the 
clock says anyway. In today's world, it's pretty trivial for businesses to 
notify customers of schedule changes.

So I agree, we should stick with UTC offset, or standard time, and let 
businesses handle changing their hours during the summer to earlier if they 
want to give their employees more "daytime".

Jason



From: NANOG  On Behalf Of 
Eric Tykwinski
Sent: Tuesday, March 15, 2022 3:37 PM
To: nanog@nanog.org list 
Subject: Re: "Permanent" DST

What I don't understand, is why change time, just change working hours.
I'm all for giving up the time change, but the standard should probably still 
be UTC offset.
If you work 9-5, change it to 10-6.  Every company can post working hours on 
their website.
Obviously for most of us, it's a moot point.

P.S.  Anyone working at NIST or a similar org probably needs a raise for 
dealing with all the exceptions.

On Mar 15, 2022, at 4:16 PM, Joly MacFie 
mailto:j...@punkcast.com>> wrote:

WaPo has a been there done that item today.

https://www.washingtonian.com/2022/03/15/the-us-tried-permanent-daylight-saving-time-in-the-70s-people-hated-it/

On Tue, Mar 15, 2022 at 3:11 PM Jay R. Ashworth 
mailto:j...@baylink.com>> wrote:
In a unanimous vote today, the US Senate approved a bill which would

1) Cancel DST permanently, and
2) Move every square inch of US territory 15 degrees to the east.

My opinion of this ought to be obvious from my rhetoric.  Hopefully, it will
fail, because it's likely to be the end of rational time worldwide, and even
if you do log in UTC, it will still make your life difficult.

I'm poleaxed; I can't even decide which grounds to scream about this on...

Hopefully, the House or the White House will be more coherent in their
decision on this engineering construct.

Cheers,
-- jra

--
Jay R. Ashworth  Baylink   
j...@baylink.com<mailto:j...@baylink.com>
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info<http://www.bcp38.info/>   
   2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274


--
--
Joly MacFie  +12185659365
--
-


Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

RE: "Permanent" DST

[Jason Baugher]

Agreed, it seems pretty foolish to move us to “permanent” DST instead of just 
going with standard time, as far as offset from UTC goes.

If I had my way, the world would just use UTC and drop all the timezone stuff. 
But small steps, getting rid of the DST change is a good start.

Jason

From: NANOG  On Behalf Of 
Brian R
Sent: Tuesday, March 15, 2022 2:45 PM
Cc: nanog@nanog.org list 
Subject: Re: "Permanent" DST

Thanks for finding the clarification on this Ray.

I'm with the OP Jay that this will cause long term problems.  The 15 degrees is 
not mentioned in the document just the change from "Standard Time" to "Daylight 
Time" permanently (they probably don't even understand it is in 15 degree 
increments).  This will cause problems in systems across many sectors.  The 
entire world works on UTC + or - on a 15 degree scale.  Except now the US which 
will be 15 degree scale -15 degrees.  I doubt Canada, Central, or South 
Americas are going to follow this so the United States will always be 15 
degrees off of what is considered "Standard Time" by the world.
The better solution would be to remove DST all together and tell everyone in 
the US to start work at 07:00 and get off work at 16:00 every day.

Brian

From: NANOG 
mailto:nanog-bounces+briansupport=hotmail@nanog.org>>
 on behalf of Ray Van Dolson via NANOG mailto:nanog@nanog.org>>
Sent: Tuesday, March 15, 2022 12:26 PM
To: Mel Beckman mailto:m...@beckman.org>>; Jay R. Ashworth 
mailto:j...@baylink.com>>
Cc: nanog@nanog.org<mailto:nanog@nanog.org> list 
mailto:nanog@nanog.org>>
Subject: RE: "Permanent" DST

I think this is essentially the bill:

https://www.congress.gov/bill/117th-congress/house-bill/69/text

Not finding anything about 15 degrees.

Ray

-Original Message-
From: NANOG 
mailto:nanog-bounces+rvandolson=esri@nanog.org>>
 On Behalf Of Mel Beckman
Sent: Tuesday, March 15, 2022 12:19 PM
To: Jay R. Ashworth mailto:j...@baylink.com>>
Cc: nanog@nanog.org<mailto:nanog@nanog.org> list 
mailto:nanog@nanog.org>>
Subject: Re: "Permanent" DST

I don’t follow why cancelling DST has the effect of moving the US fifteen 
degrees to the east. Also, your subject line reads “permanent DST”, but from 
your language the bill will be permanent standard time.

I haven’t read the bill, but I’m hoping you can explain your position more 
clearly.

-mel via cell

> On Mar 15, 2022, at 3:13 PM, Jay R. Ashworth 
> mailto:j...@baylink.com>> wrote:
>
> In a unanimous vote today, the US Senate approved a bill which would
>
> 1) Cancel DST permanently, and
> 2) Move every square inch of US territory 15 degrees to the east.
>
> My opinion of this ought to be obvious from my rhetoric.  Hopefully,
> it will fail, because it's likely to be the end of rational time
> worldwide, and even if you do log in UTC, it will still make your life 
> difficult.
>
> I'm poleaxed; I can't even decide which grounds to scream about this on...
>
> Hopefully, the House or the White House will be more coherent in their
> decision on this engineering construct.
>
> Cheers,
> -- jra
>
> --
> Jay R. Ashworth  Baylink   
> j...@baylink.com<mailto:j...@baylink.com>
> Designer The Things I Think   RFC 2100
> Ashworth & Associates   
> https://urldefense.com/v3/__http://www.bcp38.info__;!!CKZwjTOV!jlq104a9OT4LH-Gk4LCElbaWSsLXzHYDHHpxEqU0OZW56655xb8Df0mA4p1wvA$<https://urldefense.com/v3/__http:/www.bcp38.info__;!!CKZwjTOV!jlq104a9OT4LH-Gk4LCElbaWSsLXzHYDHHpxEqU0OZW56655xb8Df0mA4p1wvA$>
>  [bcp38[.]info]  2000 Land Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

RE: "Permanent" DST

[Jason Baugher]

Probably worse for the people who border Indiana; we always wonder if we're on 
the same time as who we're dealing with, depending on where in Indiana the 
other person is.

From: NANOG  On Behalf Of 
Paul Ebersman
Sent: Tuesday, March 15, 2022 3:35 PM
To: Eric Kuhnke 
Cc: nanog@nanog.org list 
Subject: Re: "Permanent" DST

eric> If Canada doesn't do the same thing at the same time, it'll be a
eric> real hassle, dealing with a change from -8 to -7 crossing the
eric> border between BC and WA, for instance. It has to be done
eric> consistently throughout North America.

You must not have ever dealt with Indiana, where it was DST or not by
choice per county. It wasn't quite the cluster***k you'd think.

Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

RE: "Permanent" DST

[Jason Baugher]

Not sure about your state, but in mine we’re mandated by law to have the new 
smoke/co2 detectors with 10-year sealed batteries in place by Jan 2023. I’m not 
sure I can even buy one locally that isn’t a 10-year.

Jason

From: NANOG  On Behalf Of PJ 
Capelli via NANOG
Sent: Tuesday, March 15, 2022 2:35 PM
To: Dave ; Jay R. Ashworth 
Cc: nanog@nanog.org
Subject: Re: "Permanent" DST

But how will we remember to change the batteries in our smoke and CO2 detectors 
then?

Sent from ProtonMail for iOS


On Tue, Mar 15, 2022 at 3:19 PM, Dave 
mailto:dedel...@iname.com>> wrote:
Ending DST is a really good idea.

Moving 15 degrees East not so much but let’s face it, the environmental impact 
statement will take forever to write

Dave

> On Mar 15, 2022, at 3:11 PM, Jay R. Ashworth 
> mailto:j...@baylink.com>> wrote:
>
> In a unanimous vote today, the US Senate approved a bill which would
>
> 1) Cancel DST permanently, and
> 2) Move every square inch of US territory 15 degrees to the east.
>
> My opinion of this ought to be obvious from my rhetoric. Hopefully, it will
> fail, because it's likely to be the end of rational time worldwide, and even
> if you do log in UTC, it will still make your life difficult.
>
> I'm poleaxed; I can't even decide which grounds to scream about this on...
>
> Hopefully, the House or the White House will be more coherent in their
> decision on this engineering construct.
>
> Cheers,
> -- jra
>
> --
> Jay R. Ashworth Baylink j...@baylink.com<mailto:j...@baylink.com>
> Designer The Things I Think RFC 2100
> Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274

Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P (217) 696-4411 | F (217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

Re: IP Dslams

[Jason Baugher]

Most of my experience is with Calix C7 and E7 DSL, fan of both. Recently 
learning the Adtran TA5000, not impressed. Hardware may be solid, but 
management is ugly and painful.



Sent from my U.S. Cellular® Smartphone


 Original message 
From: Erik Sundberg 
Date: 12/31/18 1:32 PM (GMT-06:00)
To: Nick Edwards 
Cc: nanog@nanog.org
Subject: RE: IP Dslams

I haven’t used any of theses…

Check out Adtran Total Access 5000 Platform…. Used by a lot of EoC / EoDS1 
carriers


Google: Ethernet Extender DSLAM
https://enableit.com/rackmount-extender/


From: NANOG  On Behalf Of Nick Edwards
Sent: Friday, December 28, 2018 7:36 PM
To: nanog@nanog.org
Subject: IP Dslams

Howdy,
We have a requirement for an aged care facility to provide voice and data, we 
have the voice worked out, but data, WiFi is out of the question, so are 
looking for IP-Dslams, preferably a system that is all-in-one, or self 
contained, as in contains its own BBRAS/LNS/PPP server/Radius, such as has a 
property managment API, or even just a webpage manager where admin can add in 
new residents when they arive, or delete when they depart I know these used to 
be available  many years ago, but that vendor has like many vanished, only 
requirement is for ADSL2+, prefer units with either 48 ports or multiples of 
(192 etc) and have filtered voice out ports (telco50/rj21 etc)
If anyone knows of such units, would appreciate some details on them,  
brand/model suppliers if known, etc, we can try get out google fu back if we 
have some steering:)
Thank Y'all
(resent - original never made it to the list for some gremlin reason)



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

Jason Baugher, Network Operations Manager
405 Emminga Road | PO Box 217 | Golden, IL 62339-0217
P:(217) 696-4411 | F:(217) 696-4811 | www.adams.net<http://www.adams.net/>
[Adams-Logo]<http://adams.net/>

The information contained in this email message is PRIVILEGED AND CONFIDENTIAL, 
and is intended for the use of the addressee and no one else. If you are not 
the intended recipient, please do not read, distribute, reproduce or use this 
email message (or the attachments) and notify the sender of the mistaken 
transmission. Thank you.

Re: Hurricane Maria: Summary of communication status - and lack of

[Jason Baugher]

The more I read about this, the more disturbed I get. On the one hand, we
keep hearing that the trucks aren't moving because roads are impassable.
Then I read that government officials are driving from their remote areas
to San Juan to ask why no aid is coming, disputing the claims about the
roads. We hear that there isn't fuel for the trucks, then a reporter from
CNBC disputes that claim as well. The only thing that seems to be a common
thread is that there are massive amounts of supplies sitting in San Juan
and that they can't get truck drivers to deliver them.

Do FEMA and the National Guard have the authority to commandeer the trucks
and deliver the containers themselves? The telcom companies aren't going to
be able to do much by way of repairs without supplies.

On Sun, Oct 1, 2017 at 9:28 PM, Javier J  wrote:

> At this point, I wouldn't trust status.pr and any media reports without
> verifying information. As far as LibertyPR is concerned my cousin who lives
> in Carolina, PR told me thieves were stealing fiber optic cable after the
> storm. I trust the Seon Donelan, FCC, US Military, FEMA reports in that
> order. There was a report that 33% of cell phone service was reported. That
> is BS. We know from FCC reports it is still at ~90% out as far as number of
> operational cell sites.
>
>
> The media here in the states is no better. I have multiple confirmations
> and am looking for hard proof but the Teamsters Puerto Rico trucking union
> is refusing to move containers out of the port. Only 20% of truckers showed
> up for work. Perhaps someone who works at Crowley can give us more concrete
> info but if you can't even move supplies out of the port, how the heck are
> you supposed to replace wires/fiber/fuel etc?
>
>
> Here is a CNBC report:  https://www.youtube.com/watch?v=f4Z01o4tBlI
>
> - Javier
>
>
>
>
>
>
>
> On Sat, Sep 30, 2017 at 4:39 PM, Sean Donelan  wrote:
>
> > On Sat, 30 Sep 2017, Sean Donelan wrote:
> >
> >> The first public statement I've seen from LibertyPR was yesterday. Their
> >> network was completely down.  They've restored some of their main
> >> infrastructure, i.e. cable headends and main fiber connections.
> >> 100% of subscribers are out of service.
> >>
> >> I've seen pictures on twitter of LibertyPR crews fixing cables and poles
> >> on the island.
> >>
> >
> > Liberty cable Puerto Rico has put out a press release today.
> >
> > LibertyPR is opening one public WiFi hot spot in Bahia Urbana in San Juan
> > from 3pm to 7pm Saturday, and 8am to 7pm daily starting Sunday.
> >
> > Additional hot spots will be announced by LibertyPR via press release in
> > the future.
> >
> > I guess this is a sign LibertyPR's public relations office is back in
> > operation.
> >
>

Re: Moving fibre trunks: interruptions?

[Jason Baugher]

The the USA, we have tornadoes, hurricanes, nasty wind and lightning, ice
accumulation on lines, and idiot squirrels that like to eat fiber. Buried
fiber over time will end up being cheaper than aerial once you factor in
maintenance and repair. Add to that the additional cost of pole studies,
replacement and attachments that the electric utility demands to be on
their poles. When you're paying them for a pole study so that they can tell
you that the pole isn't strong enough or tall enough to provide clearance,
then paying them to replace the pole to make it sufficient, and then paying
them monthly after that to be on the pole, just putting it in the ground
starts making a lot of sense.

We were affected by a fiber cut a while back caused by a truck that wiped
out several electric poles. It was over 24 hours before the fiber company
was even allowed access to the poles, because the electric utility wouldn't
release them until they were finished. There's a lot to be said about
controlling your own destiny by putting the fiber in the ground where you
can work on it whenever you need to.

You need insurance regardless of aerial or buried. 1/2 mile might be an
exaggeration. Telcom doesn't do much trenching. Vibratory plow in open
areas where there's nothing to contend with, but in urban, it's almost
always directional boring. The only time we hit anything is when the other
utilities fail to locate at all or fail to locate correctly.

The easiest thing is to contract with a cable construction company that
already has all the skills, insurance and equipment, and let them deal with
it.

On Fri, Sep 1, 2017 at 5:38 PM, Ricky Beam  wrote:

> On Fri, 01 Sep 2017 15:52:40 -0400, Rod Beck <
> rod.b...@unitedcablecompany.com> wrote:
>
>> I don't think there is virtually any aerial in Europe. So given the cost
>> difference why is virtually all fiber buried on this side of the Atlantic?
>>
>
> Aerial is simple and fast... pull the cable through a stringer, move to
> the next pole and repeat; when a section (about a mile) is done, it's
> hoisted into the air and tied to the pole. The stringers are then moved to
> the next mile of poles and the process repeats.
>
> Buried stuff requires a great deal of planning, permitting, and insurance.
> You have to know everything that's ever been stuffed in the ground within
> half a mile of where you're working to avoid the inevitable cutting of
> something important -- gas, water, sewer, power, other telcom, even vacuum
> tube lines and subways. And then you need trenching gear to get stuff in
> the ground, and crews to come along behind to remediate the "environmental
> damage".
>
> (Once the conduit is in the ground, it's a trivial matter to blow whatever
> you need through it.)
>

DMCA processing software

[Jason Baugher]

I'm curious what people are using to manage DMCA takedown notices in
mid-sized networks. I've been searching, and have found the ACNS spec, and
a few obscure references to an RT plugin, but not much else. As the ISP I
work for grows, manual handling of notices is starting to be a problem. I'd
prefer something open-source so we can extend it to hook into our other
systems, but primarily I need something to parse the notice emails, store
the information, track the number of incidents over time, and generate
letters to users.

If nothing exists, and everyone just has in-house proprietary systems, then
we'll start down the same road, but I don't like to re-invent the wheel if
I can help it.

Thanks

Re: Netflix banning HE tunnels

[Jason Baugher]

Wait, is this April Fools? The way to make device manufacturers tighten up
their security holes is to stick them on the public Internet? That's a hoot.
On Jun 20, 2016 6:57 PM, "Mark Andrews"  wrote:

>
> In message <28657bed-e262-452d-b218-7b39b17f3...@delong.com>, Owen DeLong
> writes:
> >
> > > On Jun 20, 2016, at 13:45 , Mark Andrews  wrote:
> > >
> > >
> > > In message , Owen
> DeLong writes:
> > >>
> > >>> On Jun 17, 2016, at 10:10 , Mark Milhollan 
> wrote:
> > >>>
> > >>> On Tue, 14 Jun 2016, Owen DeLong wrote:
> >  On Jun 14, 2016, at 11:57 , Ricky Beam  wrote:
> > >>>
> > > I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6
> > >> traffic.
> > 
> >  Those are by definition poorly designed CPE.
> > >>>
> > >>> This (open by default vs closed) has been discussed before, with
> > >>> plenty of people on either side.
> > >>>
> > >>>
> > >>> /mark
> > >>
> > >> I’m unaware of anyone advocating open inbound by default residential
> > >> CPE.
> > >>
> > >> I’m not saying they don’t exist, but I can’t imagine how anyone could
> > >> possibly defend that position rationally.
> > >>
> > >> I’m pretty much in favor of open by default in most things, but for
> > >> inbound traffic to residential CPE? Even I find that hard to
> > >> rationalize.
> > >>
> > >> Owen
> > >>
> > >
> > > For a lot of homes it actually makes sense.  You laptops are safe
> > > as they are designed to be connected directly to the Internet.  We
> > > do this all the time.  Similarly phone and tablets are designed to
> > > be directly connected to the Internet.  I know that lots of us do
> > > this all the time.  Think about what happens at conferences.  There
> > > is no firewall there to save you but we all regularly connect our
> > > devices to the conference networks.
> > >
> > > Lots of other stuff is also designed to be directly connected to
> > > the Internet.
> > >
> > > Finding ways to successfully attack a machine from outside is
> > > actually hard and has been for many years now.
> > >
> > > There is lots of FUD being thrown around about IoT.  Some machines
> > > will be compromised but as a class of devices there is no reason
> > > to assume that manufactures haven't learn from what happened to
> > > other Internet connected products.
> >
> > I dare you to purchase a Yamaha amplifier with an ethernet interface,
> > connect it to a good set of speakers within range to make it loud in
> > your bedroom and provide me with your timezone and the IP address
> > of the Yamaha in its default configuration.
>
> I don't want a Yamaha amplifier.  If you have one and if it is not
> FIT FOR PURPOSE sent it back and demand your money back.  You should
> be able to connect any equipement to a network and not have it be
> owned.
>
> > You can call it FUD all you want, but the average ethernet-connected
> > printer is quite vulnerable. So are many of the smart media devices
> > floating around out there.
>
> The internet printers I have contain access controls.  They don't need
> a CPE firewall.
>
> > Same with many of the network-connected thermostats I have experimented
> > with.
>
> Well send them back and demand your money back saying why you are sending
> the back.
>
> > For anyone who knows enough to understand the risk they are or are not
> > taking by opening things up, it’s trivial to program in the desired
> > exceptions or turn off the default deny.
> >
> > For everyone else, we should protect the internet from letting them
> > shoot themselves in the head in such a way that we get hit with the
> > back splatter.
>
> And that comes with a significant future cost.  Every piece of
> software that wants to accept connections from outside now needs
> to be able to not only update the devices configuration but also
> the firewalls configuration.
>
> > > The thing you need from all manufactures is a commitment to release
> > > fixes (no necessarially feature upgrades) for the devices they ship
> > > for the real life the product and for users to upgrade the products.
> >
> > Certainly that helps, but it’s a fantasy in too many cases to act like
> > it is a foregone conclusion or fait accompli.
>
> Actually if we ship CPE devices with firewalls off, IoT manufactures
> will tighten the security of their devices.  It will lead to better
> products overall.
>
> > > Software doesn't wear out.  Bugs just get found and design flaws
> > > discovered.  The existing warranty policies are designed around
> > > products that physically wear out.
> >
> > Sure, but until that is actually changed, a default permit policy on a
> > home gateway remains one of the worst ideas I can imagine.
>
> Actually it is one of the best things we can do.  Yes, there will
> be a short term cost but it comes with benefits of a less complicated
> network where everything works.
>
> Firewalls should be filtering out 

Re: 10gig pricing with Verizon crazy?

[Jason Baugher]

We were talking to AT once about using them for last-mile in their
territories. The first pricing we got was astronomical. One we recovered
from the shock and scrolled down, we saw all the 98%discount this, 95%
discount that tables, which after being applied brought them into the
ballpark. I seem to remember the initial price being their tariff rate.
Verizon may be playing the same games.

On Wed, Mar 16, 2016 at 4:48 PM, David Hubbard <
dhubb...@dino.hostasaurus.com> wrote:

> Curious if anyone has had similar experience; looking for a 10gig transit
> circuit at a colo, contacted VZ as they’re on net in the facility, quoted
> me an astronomical amount at 10-20x going rates these days.  I’m curious if
> I just happened across a bad rep and should dig further, or that’s par for
> the course?  Rep was comfortable talking about BGP, v4/v6, etc. so I felt
> like I was talking to the right person until I saw the price lol.
>
> Thanks,
>
> David
>

Re: Broadband Router Comparisons

[Jason Baugher]

Providing a managed service is the direction we're going. In our case,
since we're a Calix shop, we're using their GigaCenters, but I'm sure there
are other vendor options out there.

Early indications are that 95+% of our residential customers would rather
pay a nominal "maintenance" fee and use our managed router than purchase
their own. From our end, we get a little more revenue, we ensure our
customers aren't blaming us for problems caused by junk routers, and we
provide a level of service and support that the big guys can't even come
close to matching.

On Thu, Dec 24, 2015 at 9:40 AM, Justin Wilson  wrote:

> The trend is a managed router service.  This way the ISP can control the
> customer experience a little better.  It also gives the ISP a DMARC point
> to test from, which is not as reliant on getting the customer involved.
>
> Mikrotik makes the hAP lite, which has a retail of $21.95.
> http://www.balticnetworks.com/mikrotik-hap-lite-tc-2-4ghz-indoor-access-point-tower-case-built-in-1-5dbi-antenna.html
> <
> http://www.balticnetworks.com/mikrotik-hap-lite-tc-2-4ghz-indoor-access-point-tower-case-built-in-1-5dbi-antenna.html>
> .  This is *nix based router you can cheaply deploy even if a customer
> doesn’t want a managed router.  I have clients who deploy this as a “modem”
> if the customer chooses their own router.  By doing this the ISP can run
> pings, traceroutes, see usage, and other useful tools from the customer
> side.
>
> Once you figure on your average support call on troubleshooting a customer
> router $21.95 is a drop in the bucket. Having a place to test from the
> customer side is invaluable.  Tons of tricks you can do too.  Turn on the
> wireless and have the customer connect to it.  Block out all traffic except
> what the customer is using for tests (i.e. wireless) so you can see if
> there are devices hogging the pipe.   You can do frequency scans to see how
> bad 2.4 is.You can get a dual band hAP router with AC.  It is more
> expensive so deploying one of those at every customer might not be feasible.
>
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
>
> > On Dec 24, 2015, at 10:05 AM, Baldur Norddahl 
> wrote:
> >
> > I have reasonable success with simply lending the customer a router. In
> > most cases they will then buy it afterwards, because it turns out that
> > their old router was indeed bad.
> >
> > But you can not win them all. Sometimes it is the other equipment that is
> > bad, or the customer is clueless. They might even be lying because
> everyone
> > knows you have to pretend it is worse than it actually is to get the
> doctor
> > to take you seriously. Also who here can honestly say you never pretended
> > to power cycle your Windows 95 when asked by the support bot on the
> phone,
> > while actually running Linux, because that is the only way to get passed
> on
> > to second tier support?
> >
> > Just last week I had a customer complaining his router was bad. I went
> out
> > there and found it in the basement, on the floor, under a bed with a ton
> of
> > crap on top. He said it was so much worse than his old internet, where he
> > had the router in the center of the house in his living room. Not too
> > surprisingly? He claimed the routers were located the same place until I
> > turned up at his house and asked to see it...
> >
> > I do not think you will have much success at pointing to a list of
> > supposedly bad routers. The world is just too complex. A bad experience
> can
> > be due to anything really. Most likely they are on 2,4 GHz and the
> spectrum
> > is crowded. Combine with an old computer (or even brand new!) that has
> crap
> > 2,4 GHz wifi - nothing a router can do about that. I demonstrate that it
> > can work with my own computer and then advise the customer on what to
> buy.
> >
> > Regards,
> >
> > Baldur
> >
>
>

Re: Nat

[Jason Baugher]

In the real world of service providers and customers, people don't "choose
to be the authors". To choose, they would have to know the options. If I
were to randomly poll 1000 of our residential customers to ask them about
their L2/L3 networks, firewall policies, etc..., they'd have no idea what I
was talking about. The majority of our small business customers are in the
same situation. The larger businesses with their own IT staff are in a
little better shape. The network consultants in the area barely understand
these subjects better than their customers.

Whether we're talking about Joe Sixpack or John SMB, they pay for a service
and expect that service to magically work. They've used phones for years
without understanding the PSTN. We gave them cellphones without making them
understand RF/LTE/GPRS/etc They drive cars every day without the first
clue about how internal combustion engines work. Why should data networks
be any different? Sure, I'm oversimplifying things, but that's how
non-technical people think. They should be able to spend money on cool
and/or useful gadgets, connect those gadgets to their networks, and use
them. It's tough enough to try and explain why the neighbor's wi-fi parked
on channel 8 is an interferer. L2, L3, IPv4/6 and Multicast? Good luck.

>From a service provider perspective, I feel we have 2 choices. The first is
to spend a lot of time trying to educate our customers on how networks work
and how to manage theirs. Personally, I'd rather have my fingernails pulled
out. The second, and I feel much less likely to fail, is to spend time
developing technology and service offerings to give our customers the easy,
spoon-fed experience they're looking for - and charge them for it
accordingly.





On Sun, Dec 20, 2015 at 10:06 PM, Keith Medcalf  wrote:

>
> You can lead a horse to water, but you cannot make it drink.  If people
> choose to be the authors of their own misfortunes, that is their choice.  I
> know a good many folks who are not members of NANOG yet have multiple
> separate L2 and L3 networks to keep the "crap" isolated.
>
> > -Original Message-
> > From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On
> Behalf
> > Of Mike Hammett
> > Sent: Sunday, 20 December, 2015 20:37
> > Cc: North American Network Operators Group
> > Subject: Re: Nat
> >
> > We can't get people to use passwords judiciously (create them at all for
> > WiFi, change them, use more than one, etc.) and now you want them to
> > manage networks?
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> > http://www.ics-il.com
> >
> > - Original Message -
> >
> > From: "Randy Fischer" 
> > To: "Mike Hammett" 
> > Cc: "North American Network Operators Group" 
> > Sent: Sunday, December 20, 2015 9:34:16 PM
> > Subject: Re: Nat
> >
> >
> >
> >
> >
> > On Sun, Dec 20, 2015 at 10:15 PM, Mike Hammett < na...@ics-il.net >
> wrote:
> >
> >
> > Most people couldn't care less and just want the Internet on their device
> > to work.
> >
> >
> >
> >
> > Well, if the best practice for CPE routers included as a matter of course
> > the subnets "connected to internet", "local only (e.g. IoT)" and "guest
> > network", and if they just worked, then they wouldn't mind that either.
> >
> >
> > A friend of mine used to refer to this as 'refrigerator consciousness" -
> > he was a gearhead, so it was a pejorative. Instead, I think of it as a
> > design goal.
> >
> >
> > -Randy Fischer
> >
> >
> >
>
>
>
>
>

RE: Favorite GPON Vendor?

[Jason Baugher]

Too bad they require registration, don't need yet another sales person
calling me.

The abstract reads more or less like what Calix is promoting with their
product development.
On Nov 12, 2015 6:25 PM, "Scott Helms"  wrote:

> Frank,
>
> Take a look at this webinar.
>
> https://www.webcaster4.com/Webcast/Page?companyId=116=10264
> On Nov 12, 2015 7:03 PM, "Frank Bulk"  wrote:
>
> > What does ADTRAN's NG-PON2 upgrade path have over Calix's?
> >
> > Frank
> >
> > -Original Message-
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Josh Reynolds
> > Sent: Wednesday, November 11, 2015 8:49 PM
> > To: NANOG 
> > Subject: Re: Favorite GPON Vendor?
> >
> > We are about do deploy Calix, but after hearing about $company
> > deploying Adtran and liking their chassis features and NG-PON2 upgrade
> > path, we are now open to other vendors. Price IS a concern for us, but
> > not THE concern.
> >
> > This may sound "wacky" to some, but if anybody on here is using Huawei
> > GPON gear, could you contact me off list? Thanks
> > (josh AT kyneticwifi.com)
> >
> > On Mon, Nov 9, 2015 at 8:49 AM, Jay Patel  wrote:
> > > Who is your favorite GPON  OLT/ONU Vendor? Why?   I am looking for
> > > recommendations
> > >
> > > I apologize in advance , if you feel my question is inappropriate for
> > this
> > > mailing list ( feel free to point me to right forum/mailing list).
> > >
> > > Regards,
> > > Jay.
> >
> >
> >
>

Re: Favorite GPON Vendor?

[Jason Baugher]

That is the case with Calix Active Ethernet ONT's, but not with GPON. AE
ONT's need a tftp server on boot to get a configuration.
On Nov 11, 2015 2:00 PM, "Brian R"  wrote:

> Previously I had stated we tested Calix equipment.  That was wrong, we had
> deployed Tellabs GPON equipment.  That was what we had had problems with
> and had not received much support on.
> Apologies for the error.
>
> I believe the reason we chose not to go with Calix was the requirement to
> have a constant connection between the configuration server/hardware and
> the ONTs.  If there was a problem with the configuration server or if the
> ONT reloaded and was not able to reach the configuration server the ONT
> would not configure.  We like the fact that the Adtrans were configured
> directly off their uplink hardware and that they were capable of storing
> the configuration on the ONT.
> We did not have any problems with Calix support that I can recall.
>
> Brian
> 
> From: NANOG  on behalf of Brian R <
> briansupp...@hotmail.com>
> Sent: Tuesday, November 10, 2015 11:32 AM
> To: Art Plato
> Cc: nanog
> Subject: Re: Favorite GPON Vendor?
>
> Art,
>
> I can't say we have a lot of experience with the Adtran GPON units.  On
> the Active Ethernet side if we assign an IP to the ONT we can view all the
> stats going back to the TA5K.  From the TA5K we can also view the
> individual Ethernet ports.  I will send you directly some examples.  I
> don't think NANOG wants to see a bunch of Adtran "show ..." commands  : ]
>
> As far as Shawns Calix experiences the last time we tried Calix GPON was
> 5-6 years ago.  The CPE seemed solid but the POP side was in constant need
> of rebooting and we gave it up after about 8-12 months of customer
> frustrations.  At that time we did not get much help on the problems.
>
> Brian
>
> 
> From: NANOG  on behalf of Art Plato <
> apl...@coldwater.org>
> Sent: Tuesday, November 10, 2015 5:32 AM
> To: Shawn L
> Cc: nanog
> Subject: Re: Favorite GPON Vendor?
>
> Awesome. Thanks for the feedback Brian. Price is important, but not the be
> all of the consideration process. Troubleshooting ease matters just as much.
>
> - Original Message -
> From: "Shawn L" 
> To: "nanog" 
> Sent: Tuesday, November 10, 2015 8:27:46 AM
> Subject: Re: Favorite GPON Vendor?
>
>
> We like Calix's gpon gear, especially the E7 series.  Though it's on the
> higher side price-wise than others.  Manageable through their CMS software,
> the web, or command line.  We tend to use their CMS software for most
> things, but the CLI is decent, and gives you access to anything you'd want.
>
>
> -Original Message-
> From: "Art Plato" 
> Sent: Monday, November 9, 2015 2:38pm
> To:
> Cc: nanog@nanog.org
> Subject: Re: Favorite GPON Vendor?
>
>
>
> Brian,
> How complex is the troubleshooting side of the Adtran? We Use the
> Enablence Wave7 and getting any useful information from the CPE via the CLI
> is like pulling hens teeth. I have yet to see a way to view the actual
> throughput on the ethernet interfaces, only total bits passed, or the light
> levels at the CPE fiber interface. A bit annoying actually. It means a
> truck roll to get light levels at the CPE.
>
> Art.
>
> - Original Message -
> From: "Brian R" 
> To: "Eric Rogers" , "Jay Patel" <
> cle...@gmail.com>
> Cc: nanog@nanog.org
> Sent: Monday, November 9, 2015 2:25:44 PM
> Subject: Re: Favorite GPON Vendor?
>
> We use the Adtran ONT solutions. We are using AE (Active Ethernet) not
> GPON but the solutions are similar for Adtran. We are providing IP and
> Analog this way. If used in the specified scope only there have been very
> little problems. Adtran is constantly updating their firmware, this can be
> a positive and negative at times. LoL
>
> The configuration is Adtran TA5000 with an Active Ethernet 24-Port Module
> (1187562F1) feeding an ONT TA324E (1287737G2) at the customer premise.
> For power we are using the Cyber Power CSN27U12v-NA3 units.
> The clam shell we are using to put the ONT in is TA350 ONT NID HSG SPLICE
> (1187770G1)
> All of these part numbers should be available on Adtrans website to look
> up.
>
> We are also testing some iPhotonix ONTs but have not gotten to the point
> we are sure we want to deploy them.
>
> Brian
>
> PS I will post this in voiceops as well (it may be more relevant there)
>
> 
> From: NANOG  on behalf of Eric Rogers <
> ecrog...@precisionds.com>
> Sent: Monday, November 9, 2015 10:09 AM
> To: Jay Patel; nanog@nanog.org
> Subject: RE: Favorite GPON Vendor?
>
> I Personally would like to know as well. We are just getting into GPON and
> the equipment we have been evaluating is clunky at best... 

Re: Fw: new message

[Jason Baugher]

This is getting really old.
On Oct 25, 2015 3:50 PM, "Philippe Baucherel"  wrote:

> Hey!
>
>
>
> New message, please read 
>
>
>
> Philippe Baucherel
>
>

Re: Spamhaus contact needed

[Jason Baugher]

I felt I should mention, Spamhaus was quick to respond to my email and gave
me excellent information on what was triggering the blacklisting.


On Thu, Oct 15, 2015 at 1:29 PM, Larry Sheldon <larryshel...@cox.net> wrote:

> On 10/15/2015 13:27, Larry Sheldon wrote:
>
>> On 10/15/2015 12:32, Larry Sheldon wrote:
>>
>>> On 10/15/2015 00:27, Jason Baugher wrote:
>>>
>>>> Sorry to clutter up this list with an email issue, but hopefully
>>>> someone is
>>>> here from Spamhaus that can contact me off-list. I have a customer
>>>> whose IP
>>>> keeps getting listed in the CBL, and even after doing packet captures of
>>>> everything in and out of their network, I still can't find a reason
>>>> for it.
>>>>
>>>
>>> I have been off the line for quite a while, but as I recollect there is
>>> no "Spamhaus contact" aside from the search engine they provide for
>>> their database.
>>>
>>> You look-up your IP, they tell you what the problem is, you fix it, and
>>> the block goes away.
>>>
>>> It always used to work.  Every time.
>>>
>>
>> WAIT A MINUTE!  "CBL" is not "Spamhaus", is it?!
>>
>> http://www.abuseat.org/
>>
>
>
> MY BAD!  Yes, it is "spamhaus".
>
> Sorry.
>
>
>
> --
> sed quis custodiet ipsos custodes? (Juvenal)
>

Re: Spamhaus contact needed

[Jason Baugher]

When all it says is, "spam-sending trojan, malicious link, or some type of
botnet", it's not a lot to go on. I've seen examples where their lookup
tool provides more details, but in this case, the response is generic.

In fact, usually when this happens to a customer, they're able to figure
out the problem without a lot of fuss and keep it from happening again.
Sometimes we have to help them, but it's always something fairly obvious.
It's only in this one case that we're struggling to identify the cause.

Thank you to those that pointed out their email address on the FAQ page.
How I managed to read through there and miss it, I'll never know.






On Thu, Oct 15, 2015 at 12:32 PM, Larry Sheldon <larryshel...@cox.net>
wrote:

> On 10/15/2015 00:27, Jason Baugher wrote:
>
>> Sorry to clutter up this list with an email issue, but hopefully someone
>> is
>> here from Spamhaus that can contact me off-list. I have a customer whose
>> IP
>> keeps getting listed in the CBL, and even after doing packet captures of
>> everything in and out of their network, I still can't find a reason for
>> it.
>>
>
> I have been off the line for quite a while, but as I recollect there is no
> "Spamhaus contact" aside from the search engine they provide for their
> database.
>
> You look-up you IP, they tell you what the problem is, you fix it, and the
> block goes away.
>
> It always used to work.  Every time.
>
>
> --
> sed quis custodiet ipsos custodes? (Juvenal)
>

Spamhaus contact needed

[Jason Baugher]

Sorry to clutter up this list with an email issue, but hopefully someone is
here from Spamhaus that can contact me off-list. I have a customer whose IP
keeps getting listed in the CBL, and even after doing packet captures of
everything in and out of their network, I still can't find a reason for it.

Thanks

Re: /27 the new /24

[Jason Baugher]

This thread, while originally interesting and helpful, seems to have
degraded to a contest to see who can be the most arrogant, condescending
and insulting. Congrats.
On Oct 8, 2015 6:25 PM, "James Jun"  wrote:

> On Thu, Oct 08, 2015 at 03:45:38PM -0700, Mike wrote:
> >
> > NO, THERE IS NOT. We operate in rural and underserved areas and WE DO
> > NOT HAVE realistic choices. Can you see me from your ivory tower?
>
> Who is your upstream provider?
>
> I think you're confused on how the IP transit industry works.
>
> If you want choices in your transit providers, you should get a transport
> circuit (dark, wave or EPL) to a nearby carrier hotel/data center.  Once
> you do that, you will suddenly find that virtually almost everyone in the
> competitive IP transit market will provide you with dual-stacked IPv4/IPv6
> service.
>
> If you are buying DIA circuit from some $isp to your rural location that
> you call "head-end" and are expecting to receive a competitive service,
> and support for IPv6, well, then your expectations are either unreasonable,
> ignorant or both.
>
> Best,
> James
>

Re: /27 the new /24

[Jason Baugher]

Are you suggesting that the Tier 1 and 2's that I connect to are not
filtering out anything shorter than /24? My expectation is that they are
dropping shorter than /24, just like I am.

Correct me if I'm wrong, but every *NOG BGP best practices document I've
read has advocated dropping all prefixes shorter than /24 at ingress and
egress.

On Fri, Oct 2, 2015 at 11:34 AM, William Herrin  wrote:

> On Fri, Oct 2, 2015 at 11:55 AM, Suresh Ramasubramanian
>  wrote:
> > Besides which more than one provider filters by a minimum prefix length
> > per /8 - wasn't  Swisscom or someone similar doing that?  So multi
> > homing with even a /24 is somewhat patchy in terms of effectiveness
>
> Hi Suresh,
>
> That hasn't been true for something like a decade. Anybody who filters
> anything shorter than /24 without also taking a default route (or the
> equivalent) is not fully connected to the Internet.
>
> Regards,
> Bill Herrin
>
>
>
> --
> William Herrin  her...@dirtside.com  b...@herrin.us
> Owner, Dirtside Systems . Web: 
>

Re: /27 the new /24

[Jason Baugher]

Bill, I see where I went wrong now that I went back and re-read your
comment. I was conflating "longer" and "shorter". Thanks for your patience
on this trying Friday.

On Fri, Oct 2, 2015 at 12:06 PM, William Herrin <b...@herrin.us> wrote:

>
> On Oct 2, 2015 12:47 PM, "Jason Baugher" <ja...@thebaughers.com> wrote:
> >
> > Are you suggesting that the Tier 1 and 2's that I connect to are not
> filtering out anything shorter than /24? My expectation is that they are
> dropping shorter than /24, just like I am.
>
> You mean longer. A /16 is shorter than /24. A /28 is longer. More 1 bits
> in a row.
>
> -Bill
>

Re: /27 the new /24

[Jason Baugher]

My incorrect verbiage aside, what did you think about the question I asked?

On Fri, Oct 2, 2015 at 12:06 PM, William Herrin <b...@herrin.us> wrote:

>
> On Oct 2, 2015 12:47 PM, "Jason Baugher" <ja...@thebaughers.com> wrote:
> >
> > Are you suggesting that the Tier 1 and 2's that I connect to are not
> filtering out anything shorter than /24? My expectation is that they are
> dropping shorter than /24, just like I am.
>
> You mean longer. A /16 is shorter than /24. A /28 is longer. More 1 bits
> in a row.
>
> -Bill
>

Re: UDP clamped on service provider links

[Jason Baugher]

To bring this discussion to specifics, we've been fighting an issue where
our customers are experiencing poor audio quality on SIP calls. The only
carrier between our customers and the hosted VoIP provider is Level3. From
multiple wiresharks, it appears that a certain percentage of UDP packets -
in this case RTP - are getting lost in the Level3 network somewhere. We've
got a ticket open with Level3, but haven't gotten far yet. Has anyone else
seen Level3 or other carriers rate-limiting UDP and breaking these
legitimate services?

On Thu, Jul 30, 2015 at 3:45 PM, John Kristoff j...@cymru.com wrote:

 On Mon, 27 Jul 2015 19:42:46 +0530
 Glen Kent glen.k...@gmail.com wrote:

  Is it true that UDP is often subjected to stiffer rate limits than
  TCP?

 Yes, although I'm not sure how widespread this is in most, if even many
 networks. Probably not very widely deployed today, but restrictions and
 limitations only seem to expand rather than recede.

 I've done this, and not just for UDP, in a university environment.  I
 implemented this at time the Slammer worm came out on all the ingress
 interfaces of user-facing subnets. This was meant as a more general
 solution to capacity collapse rather than strictly as security issue,
 because we were also struggling with capacity filling apps like Napster
 at the time, but Slammer was the tipping point.  To summarize what we
 did for aggregate rates from host subnets (these were generally 100 Mb/s
 IPv4 /24-/25 LANs):

   ICMP:  2 Mb/s
UDP: 10 Mb/s
  MCAST: 10 Mb/s (separate UDP group)
   IGMP:  2 Mb/s
  IPSEC: 10 Mb/s (esp - can't ensure flow control of crypto traffic)
GRE: 10 Mb/s
  Other: 10 Mb/s for everything else except for TCP

 If traffic was staying local within the campus network, limits did not
 apply.  There were no limits for TCP traffic.  We generally did not
 apply limits to well defined and generally well managed server subnets.
 We were aware that certain measurement tools might produce misleading
 results, a trade-off we were willing to accept.

 As far as I could tell, the limits generally worked well and helped
 minimize Slammer and more general problems.  If ISPs could implement a
 similar mechanism, I think this could be a reasonable approach today
 still.  Perhaps more necessary than ever before, but a big part of the
 problem is that the networks where you'd really want to see this sort
 of thing implemented, won't do it.

  Is there a reason why this is often done so? Is this because UDP
  is stateless and any script kiddie could launch a DOS attack with a
  UDP stream?

 State, some form of sender verification and that it and most other
 commonly used protocols besides TCP do not generally react to implicit
 congestion signals (drops usually).

  Given the state of affairs these days how difficult is it going to be
  for somebody to launch a DOS attack with some other protocol?

 There has been ICMP-based attacks and there are, at least in theory if
 not common in practice, others such as IGMP-based attacks.  There have
 been numerous DoS (single D) attacks with TCP-based services precisely
 because of weaknesses or difficulties in managing unexpected TCP
 session behavior.  The potential sending capacity of even a small set
 of hosts from around the globe, UDP, TCP or other protocol, could
 easily overwhelm many points of aggregation.  All it takes is for an
 attacker to coerce that a sufficient subset of hosts to send the
 packets.

 John

Re: UDP clamped on service provider links

[Jason Baugher]

Oh, I'm aware of the function of an NNI. I even accept that a carrier might
feel the need to filter bad traffic. I've certainly done so for things like
the Moon exploit. What I don't like is arbitrary filtering of traffic and
the denial of such filtering by the carrier.

On Thu, Jul 30, 2015 at 10:51 PM, Ca By cb.li...@gmail.com wrote:



 On Thursday, July 30, 2015, Jason Baugher ja...@thebaughers.com wrote:

 Several months ago we had an issue with a customer whose IPSEC tunnels we
 manage. One of the tunnels dropped, and after troubleshooting we were able
 to prove that only udp/500 was being blocked in one direction for one
 specific source and destination IP. Level3 resolved the issue, but claimed
 it was due to a mis-configured NNI between themselves and Charter. Seems
 odd that an NNI mis-config could cause something that specific, doesn't
 it?


 NNI is a peering link.

 Peering links blow up during ddos since they act as a narrow funnel of
 traffic between networks.

 So NNI is exactly where udp ddos filters show up most, at least that is my
 guess



 On Thu, Jul 30, 2015 at 9:44 PM, Tom Sands tsa...@rackspace.com wrote:

  We have similar problems with UDP 500 and being able to keep IPSEC
 tunnels
  up over Level3. It happens quite a bit when there are no signs of TCP or
  ICMP packet loss.
 
  Sent from my iPhone
 
   On Jul 30, 2015, at 9:14 PM, Jason Baugher ja...@thebaughers.com
  wrote:
  
   To bring this discussion to specifics, we've been fighting an issue
 where
   our customers are experiencing poor audio quality on SIP calls. The
 only
   carrier between our customers and the hosted VoIP provider is Level3.
  From
   multiple wiresharks, it appears that a certain percentage of UDP
 packets
  -
   in this case RTP - are getting lost in the Level3 network somewhere.
  We've
   got a ticket open with Level3, but haven't gotten far yet. Has anyone
  else
   seen Level3 or other carriers rate-limiting UDP and breaking these
   legitimate services?
  
   On Thu, Jul 30, 2015 at 3:45 PM, John Kristoff j...@cymru.com
 wrote:
  
   On Mon, 27 Jul 2015 19:42:46 +0530
   Glen Kent glen.k...@gmail.com wrote:
  
   Is it true that UDP is often subjected to stiffer rate limits than
   TCP?
  
   Yes, although I'm not sure how widespread this is in most, if even
 many
   networks. Probably not very widely deployed today, but restrictions
 and
   limitations only seem to expand rather than recede.
  
   I've done this, and not just for UDP, in a university environment.  I
   implemented this at time the Slammer worm came out on all the ingress
   interfaces of user-facing subnets. This was meant as a more general
   solution to capacity collapse rather than strictly as security
 issue,
   because we were also struggling with capacity filling apps like
 Napster
   at the time, but Slammer was the tipping point.  To summarize what we
   did for aggregate rates from host subnets (these were generally 100
 Mb/s
   IPv4 /24-/25 LANs):
  
ICMP:  2 Mb/s
 UDP: 10 Mb/s
   MCAST: 10 Mb/s (separate UDP group)
IGMP:  2 Mb/s
   IPSEC: 10 Mb/s (esp - can't ensure flow control of crypto traffic)
 GRE: 10 Mb/s
   Other: 10 Mb/s for everything else except for TCP
  
   If traffic was staying local within the campus network, limits did
 not
   apply.  There were no limits for TCP traffic.  We generally did not
   apply limits to well defined and generally well managed server
 subnets.
   We were aware that certain measurement tools might produce misleading
   results, a trade-off we were willing to accept.
  
   As far as I could tell, the limits generally worked well and helped
   minimize Slammer and more general problems.  If ISPs could implement
 a
   similar mechanism, I think this could be a reasonable approach today
   still.  Perhaps more necessary than ever before, but a big part of
 the
   problem is that the networks where you'd really want to see this sort
   of thing implemented, won't do it.
  
   Is there a reason why this is often done so? Is this because UDP
   is stateless and any script kiddie could launch a DOS attack with a
   UDP stream?
  
   State, some form of sender verification and that it and most other
   commonly used protocols besides TCP do not generally react to
 implicit
   congestion signals (drops usually).
  
   Given the state of affairs these days how difficult is it going to
 be
   for somebody to launch a DOS attack with some other protocol?
  
   There has been ICMP-based attacks and there are, at least in theory
 if
   not common in practice, others such as IGMP-based attacks.  There
 have
   been numerous DoS (single D) attacks with TCP-based services
 precisely
   because of weaknesses or difficulties in managing unexpected TCP
   session behavior.  The potential sending capacity of even a small set
   of hosts from around the globe, UDP, TCP or other protocol, could
   easily overwhelm many points of aggregation.  All it takes is for an
   attacker

Re: UDP clamped on service provider links

[Jason Baugher]

Several months ago we had an issue with a customer whose IPSEC tunnels we
manage. One of the tunnels dropped, and after troubleshooting we were able
to prove that only udp/500 was being blocked in one direction for one
specific source and destination IP. Level3 resolved the issue, but claimed
it was due to a mis-configured NNI between themselves and Charter. Seems
odd that an NNI mis-config could cause something that specific, doesn't it?

On Thu, Jul 30, 2015 at 9:44 PM, Tom Sands tsa...@rackspace.com wrote:

 We have similar problems with UDP 500 and being able to keep IPSEC tunnels
 up over Level3. It happens quite a bit when there are no signs of TCP or
 ICMP packet loss.

 Sent from my iPhone

  On Jul 30, 2015, at 9:14 PM, Jason Baugher ja...@thebaughers.com
 wrote:
 
  To bring this discussion to specifics, we've been fighting an issue where
  our customers are experiencing poor audio quality on SIP calls. The only
  carrier between our customers and the hosted VoIP provider is Level3.
 From
  multiple wiresharks, it appears that a certain percentage of UDP packets
 -
  in this case RTP - are getting lost in the Level3 network somewhere.
 We've
  got a ticket open with Level3, but haven't gotten far yet. Has anyone
 else
  seen Level3 or other carriers rate-limiting UDP and breaking these
  legitimate services?
 
  On Thu, Jul 30, 2015 at 3:45 PM, John Kristoff j...@cymru.com wrote:
 
  On Mon, 27 Jul 2015 19:42:46 +0530
  Glen Kent glen.k...@gmail.com wrote:
 
  Is it true that UDP is often subjected to stiffer rate limits than
  TCP?
 
  Yes, although I'm not sure how widespread this is in most, if even many
  networks. Probably not very widely deployed today, but restrictions and
  limitations only seem to expand rather than recede.
 
  I've done this, and not just for UDP, in a university environment.  I
  implemented this at time the Slammer worm came out on all the ingress
  interfaces of user-facing subnets. This was meant as a more general
  solution to capacity collapse rather than strictly as security issue,
  because we were also struggling with capacity filling apps like Napster
  at the time, but Slammer was the tipping point.  To summarize what we
  did for aggregate rates from host subnets (these were generally 100 Mb/s
  IPv4 /24-/25 LANs):
 
   ICMP:  2 Mb/s
UDP: 10 Mb/s
  MCAST: 10 Mb/s (separate UDP group)
   IGMP:  2 Mb/s
  IPSEC: 10 Mb/s (esp - can't ensure flow control of crypto traffic)
GRE: 10 Mb/s
  Other: 10 Mb/s for everything else except for TCP
 
  If traffic was staying local within the campus network, limits did not
  apply.  There were no limits for TCP traffic.  We generally did not
  apply limits to well defined and generally well managed server subnets.
  We were aware that certain measurement tools might produce misleading
  results, a trade-off we were willing to accept.
 
  As far as I could tell, the limits generally worked well and helped
  minimize Slammer and more general problems.  If ISPs could implement a
  similar mechanism, I think this could be a reasonable approach today
  still.  Perhaps more necessary than ever before, but a big part of the
  problem is that the networks where you'd really want to see this sort
  of thing implemented, won't do it.
 
  Is there a reason why this is often done so? Is this because UDP
  is stateless and any script kiddie could launch a DOS attack with a
  UDP stream?
 
  State, some form of sender verification and that it and most other
  commonly used protocols besides TCP do not generally react to implicit
  congestion signals (drops usually).
 
  Given the state of affairs these days how difficult is it going to be
  for somebody to launch a DOS attack with some other protocol?
 
  There has been ICMP-based attacks and there are, at least in theory if
  not common in practice, others such as IGMP-based attacks.  There have
  been numerous DoS (single D) attacks with TCP-based services precisely
  because of weaknesses or difficulties in managing unexpected TCP
  session behavior.  The potential sending capacity of even a small set
  of hosts from around the globe, UDP, TCP or other protocol, could
  easily overwhelm many points of aggregation.  All it takes is for an
  attacker to coerce that a sufficient subset of hosts to send the
  packets.
 
  John
 

Re: UDP clamped on service provider links

[Jason Baugher]

In one case, when we were having an issue with a SIP trunk, we re-numbered
our end to another IP in the same subnet. Same path from A to Z, but the
packet loss mysteriously disappeared using the new IP. It sure seems like
they are throttling somewhere.

On Thu, Jul 30, 2015 at 9:15 PM, Matt Hoppes mhop...@indigowireless.com
wrote:

 No. But I've seen Level3 just have really bad packet loss.



  On Jul 30, 2015, at 22:12, Jason Baugher ja...@thebaughers.com wrote:
 
  To bring this discussion to specifics, we've been fighting an issue where
  our customers are experiencing poor audio quality on SIP calls. The only
  carrier between our customers and the hosted VoIP provider is Level3.
 From
  multiple wiresharks, it appears that a certain percentage of UDP packets
 -
  in this case RTP - are getting lost in the Level3 network somewhere.
 We've
  got a ticket open with Level3, but haven't gotten far yet. Has anyone
 else
  seen Level3 or other carriers rate-limiting UDP and breaking these
  legitimate services?
 
  On Thu, Jul 30, 2015 at 3:45 PM, John Kristoff j...@cymru.com wrote:
 
  On Mon, 27 Jul 2015 19:42:46 +0530
  Glen Kent glen.k...@gmail.com wrote:
 
  Is it true that UDP is often subjected to stiffer rate limits than
  TCP?
 
  Yes, although I'm not sure how widespread this is in most, if even many
  networks. Probably not very widely deployed today, but restrictions and
  limitations only seem to expand rather than recede.
 
  I've done this, and not just for UDP, in a university environment.  I
  implemented this at time the Slammer worm came out on all the ingress
  interfaces of user-facing subnets. This was meant as a more general
  solution to capacity collapse rather than strictly as security issue,
  because we were also struggling with capacity filling apps like Napster
  at the time, but Slammer was the tipping point.  To summarize what we
  did for aggregate rates from host subnets (these were generally 100 Mb/s
  IPv4 /24-/25 LANs):
 
   ICMP:  2 Mb/s
UDP: 10 Mb/s
  MCAST: 10 Mb/s (separate UDP group)
   IGMP:  2 Mb/s
  IPSEC: 10 Mb/s (esp - can't ensure flow control of crypto traffic)
GRE: 10 Mb/s
  Other: 10 Mb/s for everything else except for TCP
 
  If traffic was staying local within the campus network, limits did not
  apply.  There were no limits for TCP traffic.  We generally did not
  apply limits to well defined and generally well managed server subnets.
  We were aware that certain measurement tools might produce misleading
  results, a trade-off we were willing to accept.
 
  As far as I could tell, the limits generally worked well and helped
  minimize Slammer and more general problems.  If ISPs could implement a
  similar mechanism, I think this could be a reasonable approach today
  still.  Perhaps more necessary than ever before, but a big part of the
  problem is that the networks where you'd really want to see this sort
  of thing implemented, won't do it.
 
  Is there a reason why this is often done so? Is this because UDP
  is stateless and any script kiddie could launch a DOS attack with a
  UDP stream?
 
  State, some form of sender verification and that it and most other
  commonly used protocols besides TCP do not generally react to implicit
  congestion signals (drops usually).
 
  Given the state of affairs these days how difficult is it going to be
  for somebody to launch a DOS attack with some other protocol?
 
  There has been ICMP-based attacks and there are, at least in theory if
  not common in practice, others such as IGMP-based attacks.  There have
  been numerous DoS (single D) attacks with TCP-based services precisely
  because of weaknesses or difficulties in managing unexpected TCP
  session behavior.  The potential sending capacity of even a small set
  of hosts from around the globe, UDP, TCP or other protocol, could
  easily overwhelm many points of aggregation.  All it takes is for an
  attacker to coerce that a sufficient subset of hosts to send the
  packets.
 
  John
 

Re: BGPMON Alert Questions

[Jason Baugher]

I emailed hostmas...@indosat.com a little over an hour ago, and no response
as yet. Anyone having luck making contact with Indosat themselves?


On Wed, Apr 2, 2014 at 2:33 PM, Andrew (Andy) Ashley
andre...@aware.co.thwrote:

 Hi All,

 I am a network admin for Aware Corporation AS18356 (Thailand), as
 mentioned in the alert.
 We operate a BGPMon PeerMon node on our network, which peers with the
 BGPMon service as a collector.

 It is likely that AS4761 (INDOSAT) has somehow managed to hijack these
 prefixes and CAT (Communications Authority of Thailand AS4651) is not
 filtering them,
 hence they are announced to us and are triggering these BGPMon alerts.

 I have had several mails to our NOC about this already and have responded
 directly to those.
 I suggest contacting Indosat directly to get this resolved.
 AS18356 is a stub AS, so we are not actually advertising these learned
 hijacked prefixes to anyone but BGPMon for data collection purposes.

 Thanks.

 Regards,

 Andrew Ashley

 Office: +27 21 673 6841
 E-mail: andre...@aware.co.th
 Web: www.aware.co.th



 On 2014/04/02, 21:05, Vlade Ristevski vrist...@ramapo.edu wrote:

 I just got the same alert for one of my prefixes one minute ago.
 
 On 4/2/2014 2:59 PM, Frank Bulk wrote:
  I received a similar notification about one of our prefixes also a few
  minutes ago.  I couldn't find a looking glass for AS4761 or AS4651.
 But I
  also couldn't hit the websites for either AS, either.
 
  Frank
 
  -Original Message-
  From: Joseph Jenkins [mailto:j...@breathe-underwater.com]
  Sent: Wednesday, April 02, 2014 1:52 PM
  To: nanog@nanog.org
  Subject: BGPMON Alert Questions
 
  So I setup BGPMON for my prefixes and got an alert about someone in
  Thailand announcing my prefix.  Everything looks fine to me and I've
  checked a bunch of different Looking Glasses and everything announcing
  correctly.
 
  I am assuming I should be contacting the provider about their
  misconfiguration and announcing my prefixes and get them to fix it.  Any
  other recommendations?
 
  Is there a way I can verify what they are announcing just to make sure
 they
  are still doing it?
 
  Here is the alert for reference:
 
  Your prefix:  8.37.93.0/24:
 
  Update time:  2014-04-02 18:26 (UTC)
 
  Detected by #peers:   2
 
  Detected prefix:  8.37.93.0/24
 
  Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
  Provider,ID)
 
  Upstream AS:  AS4651 (THAI-GATEWAY The Communications Authority
 of
  Thailand(CAT),TH)
 
  ASpath:   18356 9931 4651 4761
 
 
 
 
 --
 Vlad
 
 

Re: Level3 and ATT Latency

[Jason Baugher]

Yes, we are seeing the same issues, centering around Chicago. I have a
ticket open with Level3, but I'm assuming they're going to tell me it's
ATT's issue.




On Tue, Nov 5, 2013 at 1:48 PM, Eric Williams ewilli...@connectria.comwrote:

 Is anybody else seeing or having major latency between Level 3 and ATT
 today?  We are multi-homed with Level 3 being one of our ISP's and had to
 divert traffic after seeing these issues.

 http://www.internetpulse.net/

 Eric

Re: Level3 and ATT Latency

[Jason Baugher]

For what it's worth, Level3 finally told us they had a peering issue with
ATT. They ended up re-routing traffic for the time being until they
identify the issue.

Of course, for some reason a peering issue doesn't warrant a Network Event
on their portal...


On Tue, Nov 5, 2013 at 6:00 PM, David Siegrist da...@crmls.org wrote:

 I know we have been dealing with a Level 3, OC192 Fiber cut in PHX today.

 They just got it spliced back up.  Not sure if it is related to your
 latency.

 David

 -Original Message-
 From: Eric Williams [mailto:ewilli...@connectria.com]
 Sent: Tuesday, November 05, 2013 11:49 AM
 To: nanog@nanog.org
 Subject: Level3 and ATT Latency

 Is anybody else seeing or having major latency between Level 3 and ATT
 today?  We are multi-homed with Level 3 being one of our ISP's and had to
 divert traffic after seeing these issues.

 http://www.internetpulse.net/

 Eric

Re: FCC Commits to Opening Up More 5GHz Airwaves

[Jason Baugher]

But how do we KNOW this really came from you? :)


On Wed, Feb 20, 2013 at 2:34 PM, Jay Ashworth j...@baylink.com wrote:

 Oooh.  We're getting even cleverer.  No, this wasn't me either.

 Moderators: please put my address on moderation?

 Cheers,
 -- jr 'yes, this request really came from me :-)' a

 - Original Message -
  From: Jay Ashworth j...@baylink.com
  To: nanog@nanog.org
  Sent: Wednesday, February 20, 2013 2:49:49 PM
  Subject: FCC Commits to Opening Up More 5GHz Airwaves
  Might this solve the 10MB problem discussed on NANOG?
 
  Cheers,
  -- jra
 
  http://www.phonescoop.com/articles/article.php?a=11953
 
  This email was sent via Phone Scoop (www.phonescoop.com). The sender
  thought you might be interested in the page linked above.

 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: Muni fiber: L1 or L2?

[Jason Baugher]

Scott, I've been down this road with Masataka. over the last few days. I
gave up.


On Tue, Feb 12, 2013 at 2:59 PM, Scott Helms khe...@zcorum.com wrote:

 On Tue, Feb 12, 2013 at 3:47 PM, Masataka Ohta 
 mo...@necom830.hpcl.titech.ac.jp wrote:

  Scott Helms wrote:
 
   Numbers?  Examples?
 
  Greenfield SS and PON deployment costs in Japan was already shown.
 

 Japan has one of the highest population densities of major economies in the
 world with an average density of 873 per square mile.  The US on the other
 hand has 89 per square mile.  Canada has an average density of 10 people
 per square mile.  I would also say that Japan's consumer behavior and
 regulatory climate are all significantly different from the North American
 market so making blanket statements is pretty silly.

 If you want to make your case then why don't you, the only Japanese 
 English speaker on this list I know of, extract the math behind the NTT
 papers and present why its cheaper in Japan and we can then see if that
 applies equally in the US  Canada.

 
   This is simply incorrect in many places.  The only
   reasons to run PON are financial, since Ethernet out performs it,
 
  No, the only reason to insist on PON is to make L1 unbundling
  not feasible.
 

 I don't know what conspiracy theory you're ascribing to here, but this is
 incorrect.

 
   are you
   saying that all greenfield PON installs are cheaper done as Ethernet
   without exception?
 
  No, SS is cheaper than PON without exception.
 

 Prove it.


 
  If the initial density of subscribers is high, SS is fine.
 
  If it is not, initially, most electric equipment, OE port,
  fibers, splitters and a large closures containing the splitters
  of PON can not be shared by two or more subscribers, which means
  PON incurs much more material and labor cost for each initial
  subscriber than SS.
 
  Masataka Ohta
 



 --
 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 

Re: Muni fiber: L1 or L2?

[Jason Baugher]

On Sun, Feb 10, 2013 at 2:09 AM, Masataka Ohta 
mo...@necom830.hpcl.titech.ac.jp wrote:

 Jason Baugher wrote:

  You don't have to, as you are not seriously interested in the
  topic.

  I'm shocked that you waste time trying to educate us.

 No, as I said, I'm not trying to educate someone who don't want
 to be educated.


You're not trying to educate anyone at all. You're just stomping your foot
and insisting that you're right rather than have a meaningful discussion.


  You're the one making the assertion, it's not my job to help you make it.

 So, you don't have to be educated.


 Installing more lengthy drop cable, in addition to trunk cable,
  means more labor.
 
  Installing a bulky PON closure with splitter means more labor.
 
  Drops from a splitter vs drops from a splice case for your SS Not
 much
  difference from what I've seen.

 Except for length, size and cost, there is not much difference.

 They all are to have drop cables.


I did some research on what NTT has done on fiber deployment. From what
I've seen, they split things up into feeder, distribution and drop cable,
with the splitter between feeder and distribution. Amazingly enough, that's
what we do as well. Feeder to splitter, then on down the street breaking
off at strategic splice cases where drops go to houses. The only difference
between that and our active infrastructure is the presence of the splitter.

We also do single-stage 32:1 splits. If we ran each drop cable from the
splitter all the way to the house, we would have extremely long drop
cables, and lots of them all bundled together going down the street. We
don't do that, we use mainline distribution cable like I described above.

The last thing I feel that I need to point out is that what works in one
type of area doesn't necessarily work in another. Fiber deployment in a
large urban area is a completely different animal than in a 40-50K
population town in the midwest USA.

Masataka Ohta

Re: Muni fiber: L1 or L2?

[Jason Baugher]

You are seriously saying I should hire a translator to tell me what your
document says? That is hilarious.  How about you point out a reference
written in a language common to North America, since this IS NANOG.

Anyone here doing or know someone doing 4-1 or 8-1 splits, in a typical
American town? I believe most people were talking about areas 5
population.

Our main cost is labor. Fiber, fdh, splitters, etc... are marginal.
On Feb 9, 2013 5:42 AM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
wrote:

 Robert E. Seastrom wrote:

  Let's assume 4:1 concentration with PON.
 
  Why on earth would we assume that when industry standard is 16 or 32?

 That is because additional 4:1 concentration is usually at CO,
 which does not contribute to reduce the number of fibers in a
 trunk cable.

  16 is a safe number.

 Do you mean a splitter in field should be shared by 16
 subscribers?

 Then, with the otherwise same assumptions of my previous mail,
 total extra drop cable length for PON will be 204km, four times
 more than the trunk cable length.

 Thus, it is so obvious that SS is better than PON.

 OTOH, if concentration is 2:1 or less, it is, again, obvious that
 SS is better than PON, because of extra complexity of PON.

 So, 4:1 is the safe number to obfuscate lack of merit of PON.

 If you can read Japanese or FTTH is serious business of you
 worth hiring a translator of your own, you can find average
 number of subscribers sharing a splitter in field is 3.68,
 a little less than 4, from:

 http://itpro.nikkeibp.co.jp/article/COLUMN/20080619/308665/

 Masataka Ohta

Re: Muni fiber: L1 or L2?

[Jason Baugher]

On Feb 9, 2013 6:14 PM, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
wrote:

 Jason Baugher wrote:

  You are seriously saying I should hire a translator to tell me what your
  document says?

 You don't have to, as you are not seriously interested in the
 topic.


If you say so. In your own mind you obviously know far more about this
topic than anyone else. I'm shocked that you waste time trying to educate
us.

 BTW, it is not my document but an article in a famous online
 magazine.


There are many famous online magazines. Some have merit. That one may. Who
knows?

  How about you point out a reference
  written in a language common to North America, since this IS NANOG.

 Feel free to do so.


You're the one making the assertion, it's not my job to help you make it.

  Anyone here doing or know someone doing 4-1 or 8-1 splits, in a typical
  American town? I believe most people were talking about areas 5
  population.

 The figure of 3.68-1 is by NTT.

  Our main cost is labor. Fiber, fdh, splitters, etc... are marginal.

 You never forget labor cost.

 Installing more lengthy drop cable, in addition to trunk cable,
 means more labor.

 Installing a bulky PON closure with splitter means more labor.

Drops from a splitter vs drops from a splice case for your SS Not much
difference from what I've seen.


 Masataka Ohta

Re: Muni fiber: L1 or L2?

[Jason Baugher]

On Fri, Feb 8, 2013 at 2:36 AM, Masataka Ohta 
mo...@necom830.hpcl.titech.ac.jp wrote:

 Jay Ashworth wrote:

  As PON require considerably longer drop cable from a splitters
  to 4 or 8 subscribers, it can not be cheaper than Ethernet,
  unless subscriber density is very high.
 
  Oh, ghod; we're not gonna go here, again, are we?

 That PON is more expensive than SS is the reality of an example
 contained in a document provided by regulatory body (soumu sho)
 of Japanese government.


 http://www.soumu.go.jp/main_sosiki/joho_tsusin/policyreports/chousa/bb_seibi/pdf/041209_2_14.pdf
 .


Sorry, but I can't read Japanese, and the pictures aren't enough to explain
the thrust of the document.

Also, you keep using the acronym SS. Maybe I'm showing ignorance, but
what are you referring to? A little Googling this morning only came up with
SS-WDM PON, which is completely different than the PON vs Active debate
we've been having.



 Assume you have 4000 subscribers and total trunk cable length
 is 51.1Km, which is the PON case with example and trunk cable
 length will be identical regardless of whether you use PON
 or SS.

 The problem of PON is that, to efficiently share a fiber and
 a splitter, they must be shared by many subscribers, which
 means drop cables are longer than those of SS.

 For example, if drop cables of PON are 10m longer in average than
 that of SS, it's total length is 40km, which is *SIGNIFICANT*.

 Just as the last miles matter, the last yards do matter.

  Yes, a PON physical build can be somewhat cheaper, because it multiplexes
  your trunk cabling from 1pr per circuit to as many as 16-32pr per circuit
  on the trunk, allowing you to spec smaller cables.

 That is a negligible part of the cost. Cable cost is not very
 sensitive to the number of fibers in a cable.

 Masataka Ohta

Re: Muni fiber: L1 or L2?

[Jason Baugher]

In a greenfield build, cost difference for plant between PON and active
will be negligible for field-based splitters, non-existent for CO-based
splitters.

If the company already has some fiber in the ground, then depending on
where it is might drastically reduce build costs to use field-based
splitters and PON.

On the CO-side electronics, however... I think it's safe to say that you
can do GPON under $100/port. AE is probably going to run close to
$300/port. That's a pretty big cost difference, and if it were me I'd be
looking pretty hard at a PON deployment for the majority of the customers
along with a certain amount of fiber left over for those who need special
services.


On Thu, Feb 7, 2013 at 12:39 PM, Jay Ashworth j...@baylink.com wrote:

 - Original Message -
  From: Masataka Ohta mo...@necom830.hpcl.titech.ac.jp

  Scott Helms wrote:
   Now, in general for greenfield builds I'd agree except for
   PON, which is in many cases cheaper than an Ethernet build.
 
  As PON require considerably longer drop cable from a splitters
  to 4 or 8 subscribers, it can not be cheaper than Ethernet,
  unless subscriber density is very high.

 Oh, ghod; we're not gonna go here, again, are we?

 Yes, a PON physical build can be somewhat cheaper, because it multiplexes
 your trunk cabling from 1pr per circuit to as many as 16-32pr per circuit
 on the trunk, allowing you to spec smaller cables.

 It does, however, limit you to being able to run PON capable L1 protocols
 over it, which may have *system*-cost implications over the life of the
 plant.  But yes, the initial install *may* be a bit cheaper (depending
 on the tradeoff cost of the splitters vs the larger count fiber and
 the reduced size of patching facilities, and the relative cost of the
 access multiplexers, and...

 Hey, wait!  How did I end up on Scott's side?  :-)

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: Rollup: Small City Municipal Broadband

[Jason Baugher]

On Sun, Feb 3, 2013 at 10:58 AM, Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Sun, Feb 03, 2013 at 12:07:34AM -0500,
 Jean-Francois Mezei wrote:
  When municipality does the buildout, does it just pass homes, or does it
  actually connect every home ?

 I would argue, in a pure dark muni-network, the muni would run the
 fiber into the prem to a patch panel, and stop at that point.  I
 believe for fiber it should be inside the prem, not outside.  The
 same would apply for both residential and commercial.



I'd argue that the demarc needs to be outside. There are certain advantages
to having easy access to the demarcation when troubleshooting, without the
resident needing to be home to provide access. It also simplifies drop
installation, since the details of outdoor drops are quite different than
those of indoor cabling.

The SP of choice can charge the customer for the demarc extension on
installation, at which point the customer owns the extension just like they
do for DSL, T1, etc...

Re: Rollup: Small City Municipal Broadband

[Jason Baugher]

I'm pretty sure they do, although I can't point you to one without doing
some checking. I'm assuming you want something to keep them out of the
network side where the splice tray is, but let them access the customer
side?

Around here, the network side isn't so much locked as just secured with a
screw that takes a security wrench.


On Sun, Feb 3, 2013 at 4:01 PM, Jay Ashworth j...@baylink.com wrote:

 - Original Message -
  From: Jason Baugher ja...@thebaughers.com

  The SP of choice can charge the customer for the demarc extension on
  installation, at which point the customer owns the extension just like
  they do for DSL, T1, etc...

 Except that that means you have to let them into your lock box to unplug
 it.
 Do they make two-layer demarcs for 3-pr optical, like they do for copper?

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: Rollup: Small City Municipal Broadband

[Jason Baugher]

What we've seen is that the RBOC typically has a lot of crap copper in the
ground, in a lot of cases air-core (pre gel-fill) that hasn't held up well.
With the popularity of DSL, they ran out of good pairs to use. As they ran
out of pairs, they eventually had to put in remote terminals to handle any
new voice orders. They knew the future was fiber, at least to the node, so
they had no incentive to build new copper plant, and little incentive to
maintain the existing plant.


On Sun, Feb 3, 2013 at 8:53 PM, Scott Helms khe...@zcorum.com wrote:

 Fletcher,

 Your specific case may vary, but I am most certainly _not_ making stuff
 up.  In many territories, especially outside of major metro areas, you
 cannot order dry pairs.  This has been because of a combination of relaxed
 rules (if you really want I can dig up the NTCA reports on this) and
 because the rules never required the ILEC to add capacity once they were
 used up.


 On Sun, Feb 3, 2013 at 9:29 PM, Fletcher Kittredge fkitt...@gwi.net
 wrote:

 
  In this particular post, your making stuff up.   There are still
  residential focused CLECs and ordering Unbundled Network Elements(UNEs)
  is not more difficult than in the past.   The rules haven't changed.
 
  What is certainly true is that many CLECs have found that it is more
  lucrative to sell to businesses, but I don't think there is a correlation
  with residential getting more difficult.   We used to be 75%/25%
  residential/business and are now 45%/55% business, but that reflects the
  *rapid* growth of the business market.
 
  regards,
  Fletcher
 
  On Sun, Feb 3, 2013 at 3:42 PM, Scott Helms khe...@zcorum.com wrote:
 
  Joe,
 
  I'm assuming from your domain that you're in Canada where yes dry pairs
  are
  still generally available.  I apologize for not making it clear that my
  comment was specifically about the US where dry pairs are nearly
  impossible
  to order today and the CLEC market has almost entirely abandoned the
  residential space. In fact, the only state in the US that I still see
 any
  residentially focused CLECs is Texas which tells me there is something
  about the regulations in that state that makes it more feasible.
 
 
  On Sun, Feb 3, 2013 at 3:32 PM, Joe Abley jab...@hopcount.ca wrote:
 
  
   On 2013-02-03, at 14:39, Scott Helms khe...@zcorum.com wrote:
  
Dry pairs are impossible to order these days for a reason.
  
   Dry pairs are trivial to order round these parts. Generalisations are
   always wrong, no doubt including this one.
  
  
   Joe (putting the N back in NANOG)
 
 
 
 
  --
  Scott Helms
  Vice President of Technology
  ZCorum
  (678) 507-5000
  
  http://twitter.com/kscotthelms
  
 
 
 
 
  --
  Fletcher Kittredge
  GWI
  8 Pomerleau Street
  Biddeford, ME 04005-9457
  207-602-1134




 --
 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 

Re: Fwd: Rollup: Small City Municipal Broadband

[Jason Baugher]

On Feb 2, 2013 3:33 PM, Scott Helms khe...@zcorum.com wrote:

..

 This is not correct.  DOCSIS is an MPEG stream over QAM or QPSK modulation
 and there is nothing about it that is compatible to any flavor of PON.  In
 fact if you look at the various CableLabs standards you'll see DPoE (
 http://www.cablelabs.com/dpoe/specifications/index.html) which lists how a
 DOCSIS system can inter-operate and provision an PON system. If you look
at

Jay may be referring to something I alluded to earlier,  what Calix refers
to as RF overlay. The RF signal from the traditional cable system is
converted to 1550nm and combined onto the PON before the splitter with a
CWDM module. Certain model ONT's split the 1550 back off and convert back
to an RF port.

Re: Muni network ownership and the Fourth

[Jason Baugher]

On Feb 2, 2013 7:56 PM, Jay Ashworth j...@baylink.com wrote:



 Well, I would assume the splitters have to be compatible with the OLT/ONT
 chosen by a prospective L1 client, no?  Or is GPON GPON, which is GPON?


Splitters are passive. They only split light. They care not what
information the light is carrying.

Re: Muni fiber: L1 or L2?

[Jason Baugher]

I disagree. Loss is loss, regardless of where the splitter is placed in the
equation. Distance x loss + splitter insertion loss = total loss for
purposes of link budget calculation.

The reason to push splitters towards the customer end is financial, not
technical.


On Fri, Feb 1, 2013 at 2:29 PM, Scott Helms khe...@zcorum.com wrote:

 Owen,

 You're basing your math off of some incorrect assumptions about PON.  I'm
 actually sympathetic to your goal, but it simply can't work the way you're
 describing it in a PON network.  Also, please don't base logic for open
 access on meet me rooms, this works in colo spaces and carrier hotels but
 doesn't in broadband deployments because of economics.  If you want to
 champion this worthy goal you've got to accept that economics is a huge
 reason why this hasn't happened in the US and is disappearing where it has
 happened globally.


  Bottom line, you've got OLT - FIBER(of length n) - splitter -
  fiber-drops to each house - ONT.
 

 So far you're correct.


 
  All I'm proposing is making n really short and making fiber-drops to
 each
  house really long.
  I'm not proposing changing the fundamental architecture. Yes, I recognize
  this changes the economics and may well make PON less attractive than
 other
  alternatives. I don't care. That's not a primary concern. The question is
  can PON be made to work in this environment? It appears to me that it
 can.
 


 Here is where you're problems start.  The issue is that the signal *prior
 to being split* can go 20km if you're splitting it 32 ways (or less) or
 10km if you're doing a 64 way split. AFTER the splitter you have a MAX
 radius of about 1 mile from the splitter.

 Here is a good document that describes the problem in some detail:

 http://www.ofsoptics.com/press_room/media-pdfs/FTTH-Prism-0909.pdf


 Also, here is a proposed spec that would allow for longer runs post
 splitter with some background on why it can't work in today's GPON
 deployments.


 http://www.ericsson.com/il/res/thecompany/docs/publications/ericsson_review/2008/3_PON.pdf

 --
 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 

Re: Muni fiber: L1 or L2?

[Jason Baugher]

I should clarify: Distance x loss/km + splitter loss. = link loss.


On Fri, Feb 1, 2013 at 3:03 PM, Jason Baugher ja...@thebaughers.com wrote:

 I disagree. Loss is loss, regardless of where the splitter is placed in
 the equation. Distance x loss + splitter insertion loss = total loss for
 purposes of link budget calculation.

 The reason to push splitters towards the customer end is financial, not
 technical.


 On Fri, Feb 1, 2013 at 2:29 PM, Scott Helms khe...@zcorum.com wrote:

 Owen,

 You're basing your math off of some incorrect assumptions about PON.  I'm
 actually sympathetic to your goal, but it simply can't work the way you're
 describing it in a PON network.  Also, please don't base logic for open
 access on meet me rooms, this works in colo spaces and carrier hotels but
 doesn't in broadband deployments because of economics.  If you want to
 champion this worthy goal you've got to accept that economics is a huge
 reason why this hasn't happened in the US and is disappearing where it has
 happened globally.


  Bottom line, you've got OLT - FIBER(of length n) - splitter -
  fiber-drops to each house - ONT.
 

 So far you're correct.


 
  All I'm proposing is making n really short and making fiber-drops to
 each
  house really long.
  I'm not proposing changing the fundamental architecture. Yes, I
 recognize
  this changes the economics and may well make PON less attractive than
 other
  alternatives. I don't care. That's not a primary concern. The question
 is
  can PON be made to work in this environment? It appears to me that it
 can.
 


 Here is where you're problems start.  The issue is that the signal *prior
 to being split* can go 20km if you're splitting it 32 ways (or less) or
 10km if you're doing a 64 way split. AFTER the splitter you have a MAX
 radius of about 1 mile from the splitter.

 Here is a good document that describes the problem in some detail:

 http://www.ofsoptics.com/press_room/media-pdfs/FTTH-Prism-0909.pdf


 Also, here is a proposed spec that would allow for longer runs post
 splitter with some background on why it can't work in today's GPON
 deployments.


 http://www.ericsson.com/il/res/thecompany/docs/publications/ericsson_review/2008/3_PON.pdf

 --
 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 

Re: Muni fiber: L1 or L2?

[Jason Baugher]

It's still a 23dB loss for each customer from the CO to the ONT.

I have an OLT that launches at +5dBm. At 1490nm, I should see about a .26dB
loss per km. My 1x32 splitter is going to add about 16dB more loss.
Assuming we ignore connector losses, and also assume that the customer is
10km away:

CO-based splitter:
+5dBm - 16dB - (10km x .26dB) = -13.6

Splitter at 9km:
+5dBm - (9km x .26dB) - 16dB - (1km x .26dB) = -13.6


If someone can explain why this math would be wrong, I'd love to hear it
and I'd be happy to run it past our vendor to see if they agree.


On Fri, Feb 1, 2013 at 3:16 PM, Owen DeLong o...@delong.com wrote:

 Actually, this is an issue… I should have seen it.


 You have 3 loss components… Power out = (Power in - loss to splitter -
 splitter loss) / nOut - loss-to-customer

 So, if the loss to the splitter is 3db and you have 20db (effective 320db
 on a 16x split) loss on each customer link, that's
 a radically worse proposition than 20db loss to the splitter and 3db loss
 to each customer (which is effectively 48db
 loss on a 16x split).

 It's still do-able, but you either need amplifier(s) or very short
 distances between the customer and the MMR.

 Given this consideration, I think the situation can still be addressed.

 Put the splitters in the B-Box and allow for the possibility that each
 subscriber can be XC to either a splitter or
 an upstream dedicated fiber. The provider side of each splitter would be
 connected to an upstream fiber
 to the MMR.

 So, each B-Box contains however many splitters are required and each
 splitter is connected upstream to a
 single provider, but you can still have multiple competitive providers in
 the MMR.

 This setup could support both PON and Ethernet as well as other future
 technologies.

 Owen

 On Feb 1, 2013, at 1:04 PM, Jason Baugher ja...@thebaughers.com wrote:

 I should clarify: Distance x loss/km + splitter loss. = link loss.


 On Fri, Feb 1, 2013 at 3:03 PM, Jason Baugher ja...@thebaughers.comwrote:

 I disagree. Loss is loss, regardless of where the splitter is placed in
 the equation. Distance x loss + splitter insertion loss = total loss for
 purposes of link budget calculation.

 The reason to push splitters towards the customer end is financial, not
 technical.


 On Fri, Feb 1, 2013 at 2:29 PM, Scott Helms khe...@zcorum.com wrote:

 Owen,

 You're basing your math off of some incorrect assumptions about PON.  I'm
 actually sympathetic to your goal, but it simply can't work the way
 you're
 describing it in a PON network.  Also, please don't base logic for open
 access on meet me rooms, this works in colo spaces and carrier hotels but
 doesn't in broadband deployments because of economics.  If you want to
 champion this worthy goal you've got to accept that economics is a huge
 reason why this hasn't happened in the US and is disappearing where it
 has
 happened globally.


  Bottom line, you've got OLT - FIBER(of length n) - splitter -
  fiber-drops to each house - ONT.
 

 So far you're correct.


 
  All I'm proposing is making n really short and making fiber-drops to
 each
  house really long.
  I'm not proposing changing the fundamental architecture. Yes, I
 recognize
  this changes the economics and may well make PON less attractive than
 other
  alternatives. I don't care. That's not a primary concern. The question
 is
  can PON be made to work in this environment? It appears to me that
 it can.
 


 Here is where you're problems start.  The issue is that the signal *prior
 to being split* can go 20km if you're splitting it 32 ways (or less) or
 10km if you're doing a 64 way split. AFTER the splitter you have a MAX
 radius of about 1 mile from the splitter.

 Here is a good document that describes the problem in some detail:

 http://www.ofsoptics.com/press_room/media-pdfs/FTTH-Prism-0909.pdf


 Also, here is a proposed spec that would allow for longer runs post
 splitter with some background on why it can't work in today's GPON
 deployments.


 http://www.ericsson.com/il/res/thecompany/docs/publications/ericsson_review/2008/3_PON.pdf

 --
 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 

Re: Will wholesale-only muni actually bring the boys to your yard?

[Jason Baugher]

Management has asked us why we can't do RF overlay on our AE system. :)
We've had to explain a few times why that would be too expensive even if it
were available because of the high cost of the amps/splitters/combiners to
insert 1550nm onto every AE fiber.


On Fri, Feb 1, 2013 at 4:14 PM, Frank Bulk (iname.com) frnk...@iname.comwrote:

 What's missing in this dialogue is the video component of an offering.
  Many customers like a triple (or quad) play because the price points are
 reasonable comparable to getting unbundled pricing from more than one
 provider, and they have just throat to choke and bill to pay.

 But few IP TV providers will claim good profitability.  And I don't
 believe any vendor has ActiveE and RFoG going down one strand.

 Frank

 -Original Message-
 From: Jay Ashworth [mailto:j...@baylink.com]
 Sent: Wednesday, January 30, 2013 8:01 PM
 To: NANOG
 Subject: Re: Will wholesale-only muni actually bring the boys to your yard?

 - Original Message -
  From: Jean-Francois Mezei jfmezei_na...@vaxination.ca

 snip

  A good layer 2 deployment can support DHCP or PPPoE and thus be
  compatible with incumbents infrastructure. However, a good layer2
  deployment won't have RFoG support and will prefer IPTV over the data
  channel (the australian model supports multicast). So cable companies
  without IPTV services may be at a disadvantage.

 I think this depends on what handoffs my TE can provide at the customer
 prem.

  In Canada, Rogers (cableco) has announced that they plan to go all
  IPTV instead of conventional TV channels.

 Well, the MythTV people will be happy to hear that.

 Or they would, if the content people would quit holding a gun to the
 heads of the transport people.

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: Will wholesale-only muni actually bring the boys to your yard?

[Jason Baugher]

For us, it would be the economics of the whole thing. When a 16x19.5 EDFA
runs around $20k, it's much more cost effective to combine 1550nm onto 16
PON's than onto 16 AE runs. Unless the equipment costs were to fall
drastically, there's no way it would ever fly.


On Fri, Feb 1, 2013 at 4:48 PM, Frank Bulk (iname.com) frnk...@iname.comwrote:

 IIRC, there is some issue with bleedover of either the forward or return
 (optically modulated) RF wavelength with the data wavelength.  Perhaps with
 better lasers this could be overcome in the future.

 ** **

 Frank

 ** **

 *From:* Jason Baugher [mailto:ja...@thebaughers.com]
 *Sent:* Friday, February 01, 2013 4:38 PM
 *To:* Frank Bulk (iname.com)
 *Cc:* Jay Ashworth; NANOG

 *Subject:* Re: Will wholesale-only muni actually bring the boys to your
 yard?

 ** **

 Management has asked us why we can't do RF overlay on our AE system. :)
 We've had to explain a few times why that would be too expensive even if it
 were available because of the high cost of the amps/splitters/combiners to
 insert 1550nm onto every AE fiber.

 ** **

 On Fri, Feb 1, 2013 at 4:14 PM, Frank Bulk (iname.com) frnk...@iname.com
 wrote:

 What's missing in this dialogue is the video component of an offering.
  Many customers like a triple (or quad) play because the price points are
 reasonable comparable to getting unbundled pricing from more than one
 provider, and they have just throat to choke and bill to pay.

 But few IP TV providers will claim good profitability.  And I don't
 believe any vendor has ActiveE and RFoG going down one strand.

 Frank

 -Original Message-
 From: Jay Ashworth [mailto:j...@baylink.com]
 Sent: Wednesday, January 30, 2013 8:01 PM
 To: NANOG
 Subject: Re: Will wholesale-only muni actually bring the boys to your yard?

 - Original Message -
  From: Jean-Francois Mezei jfmezei_na...@vaxination.ca

 snip

  A good layer 2 deployment can support DHCP or PPPoE and thus be
  compatible with incumbents infrastructure. However, a good layer2
  deployment won't have RFoG support and will prefer IPTV over the data
  channel (the australian model supports multicast). So cable companies
  without IPTV services may be at a disadvantage.

 I think this depends on what handoffs my TE can provide at the customer
 prem.

  In Canada, Rogers (cableco) has announced that they plan to go all
  IPTV instead of conventional TV channels.

 Well, the MythTV people will be happy to hear that.

 Or they would, if the content people would quit holding a gun to the
 heads of the transport people.

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274



 

 ** **

Re: Muni network ownership and the Fourth

[Jason Baugher]

There is much talk of how many fibers can fit in a duct, can be brought
into a colo space, etc... I haven't seen much mention of how much space the
termination in the colo would take, such as splice trays, bulkheads, etc...
Someone earlier mentioned being able to have millions of fibers coming
through a vault, which is true assuming they are just passing through the
vault. When you need to break into one of those 864-fiber cables, the room
for splice cases suddenly becomes a problem.

The other thing I find interesting about this entire thread is the
assumption by most that a government entity would do a good job as a
layer-1 or -2 provider and would be more efficient than a private company.
Governments, including municipalities, are notorious for corruption, fraud,
waste - you name it. Even when government bids out projects to the private
sector these problems are seen.


On Tue, Jan 29, 2013 at 10:36 PM, George Herbert
george.herb...@gmail.comwrote:

 On Tue, Jan 29, 2013 at 8:10 PM, Leo Bicknell bickn...@ufp.org wrote:
  In a message written on Tue, Jan 29, 2013 at 07:46:06PM -0800, Owen
 DeLong wrote:
  Case 2, you move the CO Full problem from the CO to the adjacent
  cable vaults. Even with fiber, a 10,000 strand bundle is not small.
 
  It's also a lot more expensive to pull in 10,000 strands from a few
  blocks away than it is to drop a router in the building with the MMR
  and aggregate those cross-connects into a much smaller number
  of fibers leaving the MMR building.
  [snip]
  But what happens when you fill the cable vaults?
 
  It's really not an issue.  10,000 fibers will fit in a space not
  much larger than my arm.
 
  I have on my desk a 10+ year old cable sample of a Corning 864
  strand cable (36 ribbons of 24 fibers a ribbon).  It is barely
  larger around than my thumb.  Each one terminated into an almost-full
  rack of SC patch panels.
 
  A web page on the cable:
 
 http://catalog.corning.com/CableSystems/en-US/catalog/ProductDetails.aspx?cid=pid=105782vid=106018
 
  My company at the time build a duct bank by building 6x4 conduit,
  installing 3x1.25 innerduct in each conduct, and pulling one of
  those cables in each innerduct.  That's a potential capacity of
  15,525 fibers in a duct bank perhaps 14 wide by 8 tall.
 
  A vault as used for traditional telco or electrical (one big
  enough for a man to go down in) could hold millions of these fibers.
  They were never used, because they were way too big.  There's also
  plenty of experience in this area, telcos have been putting much
  larger copper cables into CO's for a long time.
 
  Were there demand, they could easily put more ribbons in a single
  armored sheeth.  The actual stack of fibers is about 1/2 wide and
  3/8 thick for the 864 strands.  You could extrapolate a single
  10,000 strand cable that would be smaller than the power cables
  going to a typical commercial transformer.
 
  The cost of fiber is terminating it.  Running 864 strands from one
  end of a colo to another inside, compared with running it a block
  down the street isn't significantly different; modulo any construction
  costs.  Obviously if it costs $1M to dig up the street that's bad,
  but for instance if there is already an empty duct down the street
  and it's just pulling cable, the delta is darn near zero.
 
  That's why I think rather than having the muni run colo (which may
  fill), they should just allow providers to drop in their own fiber
  cables, and run a fiber patch only room.  There could then be hundreds
  of private colo providers in a 1km radius of the fiber MMR, generating
  lots of competition for the space/power side of the equation.  If one
  fills up, someone will build another, and it need not be on the same
  square of land

 It's more than just terminating it; the bulk fiber is not free.  And
 it's not the customer end where you see congestion; unless you
 (expensively) splice out in the field at intermediate aggregation
 points, for a say 10,000 customer wire center you have 10,000 x the
 individual cable cross section area at the convergence point.  Which
 you have to provision end-to-end unbroken as splicing is likely to
 screw with your overall cost model in an atrocious way.  Unlike all
 the other media.

 Yes, you can buy some fiber that aggregates smaller bundles, but they
 don't split nicely 100 ways in a manner you can realistically fan out
 from one master bundle at the head end (unless there's a fiber type
 out there I am not aware of, I don't do this part of the stuff all the
 time).

 It's a pain in the ass to provision in a way that you can centralize a
 L1 dark fiber service, because of splices.  If you're providing L2
 then you don't splice, you just run to a pole or ground or vault box
 and terminate there, and have a few 10G or 40G or 100G uplink fibers
 from there to your interchange point wire center.  If you're
 providing L1 then that's an amazingly complex fiber pull / conduit /
 delivered fiber 

Re: Muni network ownership and the Fourth

[Jason Baugher]

Oh, so all the fault belongs to the financial institutions, and there is no
corruption within the government agencies themselves. Right.


On Wed, Jan 30, 2013 at 9:58 AM, joel jaeggli joe...@bogus.com wrote:

 On 1/30/13 6:33 AM, Jason Baugher wrote:

 There is much talk of how many fibers can fit in a duct, can be brought
 into a colo space, etc... I haven't seen much mention of how much space
 the
 termination in the colo would take, such as splice trays, bulkheads,
 etc...
 Someone earlier mentioned being able to have millions of fibers coming
 through a vault, which is true assuming they are just passing through the
 vault. When you need to break into one of those 864-fiber cables, the room
 for splice cases suddenly becomes a problem.

 The other thing I find interesting about this entire thread is the
 assumption by most that a government entity would do a good job as a
 layer-1 or -2 provider and would be more efficient than a private company.
 Governments, including municipalities, are notorious for corruption,
 fraud,
 waste - you name it. Even when government bids out projects to the private
 sector these problems are seen.

  When a municipality issued a bond, bank of america and morgan stanley
 (and bear stearns) conspired to rig the bidding. Something they paid not
 insignficant fines over, though hardly enough to compensate the tax payers
 or municipalities at that bought them at uncompetitive terms.

Re: Muni network ownership and the Fourth

[Jason Baugher]

Ah, I said nothing about involving $BigTelcoCableCo. There are smaller
companies that will do these projects, as long as they make business sense.
Muni's can do things to make it more attractive, such as not charging for
right-of-way, property tax incentives, etc... There's nothing wrong with
the concept of a single entity building out the infrastructure for others
to lease on a wholesale basis, I just don't think that entity should be a
government.


On Wed, Jan 30, 2013 at 9:29 AM, Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Wed, Jan 30, 2013 at 08:33:35AM -0600, Jason
 Baugher wrote:
  There is much talk of how many fibers can fit in a duct, can be brought
  into a colo space, etc... I haven't seen much mention of how much space
 the
  termination in the colo would take, such as splice trays, bulkheads,
 etc...
  Someone earlier mentioned being able to have millions of fibers coming
  through a vault, which is true assuming they are just passing through the
  vault. When you need to break into one of those 864-fiber cables, the
 room
  for splice cases suddenly becomes a problem.

 Corning makes a pre-terminated breakout bay for the 864 cable
 nicknamed the mamu.  It is in essence a 7' rack, which is about
 90% SC patch panels and 10% splice trays.  The cable comes in and
 is fusion spliced to tails already pre-terminated in the rack.  I
 don't know if they now have an LC option, which should be more
 dense.  They are perhaps 1' deep as well, being just patch panels
 in a 2-post rack, so they take up much less space than a cabinet.

 To run some rough numbers, I live in a town with a population of
 44,000 people, grouped into 10,368 households.  It is the size
 that if the MMR were pretty much perfectly centered 10km optics
 should reach all corners of the town, but were it not centered more
 than one MMR would be needed.

 To put that in patch panel racks, 10,368 households * 6 fibers per
 house (3 pair) / 864 per rack = 72 racks of patch panels.  Using a
 relatively generous for 2-post patch panels 20sq feet per rack it
 would be 1,440 sq feet of colo space to house all of the patch
 panels to homes.

 Now, providers coming in would need a similar amount of fiber, so
 basically double that amount.  There would also need to be some
 room for growth.  Were I sizing a physical colo for this town I
 would build a 5,000 square foot space designed to take ~250 fiber
 racks.  That would handle today's needs ( 150 racks) and provide
 years of growth.

 Note also that the room is 100% patch panels and fiber, no electronics.
 There would be no need for chillers and generators and similar
 equipment.  No need for raised floor, or a DC power plant.  The sole
 difficult part would be fiber patch management, a rather elaborate
 overhead tray system would be required.

  The other thing I find interesting about this entire thread is the
  assumption by most that a government entity would do a good job as a
  layer-1 or -2 provider and would be more efficient than a private
 company.
  Governments, including municipalities, are notorious for corruption,
 fraud,
  waste - you name it. Even when government bids out projects to the
 private
  sector these problems are seen.

 There is almost nothing to bid out here in my model.  Today when a
 new subdivision is built the builder contracts out all of the work
 to the telco/cable-co specifications.   That would continue to be
 the case with fiber.  The muni would contract out running the main
 trunk lines to each neighborhood, and the initial building of the
 MMR space.  Once that is done the ongoing effort is a man or two
 that can do patching and testing in the MMR, and occasionally
 contracting out repair work when fiber is cut.

 The real win here is that there aren't 2-5 companies digging up streets
 and yards.  Even if the government is corrupt to the tune of doubling
 every cost that's the same in real dollars as two providers building
 competitive infrastructureadd in a third and this option is still
 cheaper for the end consumer.

 However in my study of government, the more local the less corruption;
 on average.  Local folks know what's going on in their town, and can
 walk over and talk to the mayor.  City budgets tend to be balanced as a
 matter of law in most places.  This would be an entirely local effort.

 Would it be trouble free?  No.  Would it be better than paying money to
 $BigTelcoCableCo who uses their money to argue for higher PUC rates,
 probably!

 --
Leo Bicknell - bickn...@ufp.org - CCIE 3440
 PGP keys at http://www.ufp.org/~bicknell/

Re: Muni network ownership and the Fourth

[Jason Baugher]

Sorry Owen, but I live in Illinois. Government corruption is a way of life
here.




On Wed, Jan 30, 2013 at 2:49 PM, Owen DeLong o...@delong.com wrote:


 On Jan 30, 2013, at 6:33 AM, Jason Baugher ja...@thebaughers.com wrote:

  There is much talk of how many fibers can fit in a duct, can be brought
  into a colo space, etc... I haven't seen much mention of how much space
 the
  termination in the colo would take, such as splice trays, bulkheads,
 etc...
  Someone earlier mentioned being able to have millions of fibers coming
  through a vault, which is true assuming they are just passing through the
  vault. When you need to break into one of those 864-fiber cables, the
 room
  for splice cases suddenly becomes a problem.
 
  The other thing I find interesting about this entire thread is the
  assumption by most that a government entity would do a good job as a
  layer-1 or -2 provider and would be more efficient than a private
 company.
  Governments, including municipalities, are notorious for corruption,
 fraud,
  waste - you name it. Even when government bids out projects to the
 private
  sector these problems are seen.

 I now this is a popular refrain, but in reality, it's not all that
 accurate.

 I have no problem with allowing L1/L2 to be done by private enterprise, so
 long as said private enterprises are required to abide by the following
 rules:

 1.  They are not allowed to sell L3+ services.
 2.  They are not allowed to own any portion of any L3+ service
 provider.
 3.  They must sell their L1/L2 services to any L3+ service provider on
 equal terms.

 Owen

Re: ONT diagnostics (WAS: Re: Muni fiber: L1 or L2?)

[Jason Baugher]

Some in the industry are pushing the idea of reaching deeper into the
customer's network to provide more value, to generate more revenue and more
stickiness. Don't stop at the ONT, use something like TR-069 to manage the
customer's gateway device.


On Wed, Jan 30, 2013 at 7:50 PM, joel jaeggli joe...@bogus.com wrote:

 On 1/30/13 5:01 PM, Jake Khuon wrote:

 On Wed 30 Jan 2013 16:58:28 PST, John Osmon wrote:

 Does anyone make an ONT with a blinky light that you can toggle on/off
 remotely?  It'd be great to say:
 Go look at the it works light.

 If the remote tech can control the light, the end user would have a
 better idea that the upstream provider really *was* in control -- rather
 than trying to placate the caller.



 I don' know of any but that's a great idea.  Sorta like a UID light on a
 server...

 We're totally at the wrong end of the usability specrum  if we even have
 to ask questions like this. you can tell of a cable modem is online or not
 at a glance.


 --
 /*=[ Jake Khuon kh...@neebu.net ]=+
  | Packet Plumber, Network Engineers /| / [~ [~ |) | |  |
  | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| NETWORKS |
  +=**==**
 ===*/

Re: Muni fiber: L1 or L2?

[Jason Baugher]

On Wed, Jan 30, 2013 at 8:52 PM, Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Wed, Jan 30, 2013 at 08:27:27PM -0500, Jay
 Ashworth wrote:
  You're assuming there, I think, that residential customers will have
  mini-GBIC ports on their routers, which has not been my experience.  :-)

 They don't today because there is no demand for such a feature.  My
 point is that if people deployed FTTH in this way, there would be demand
 for such products.  Many of the chipsets inside these boxes already
 support SFP PHY, they just don't put an SFP connector on them to save a
 couple of bucks.  If there was demand vendors would have a product out
 in months not years, probably within $10 of current prices (not counting
 optics).


Calix is producing an Active Ethernet ONT combined with residential gateway
router. I believe it also supports TR-069 for remote management.

One other thing I noticed, most seem to assume a pair of fibers per device.
Assuming 1G connection, you can easily use bi-directional optics such as we
use for Active Ethernet and use a single fiber.

Re: Muni fiber: L1 or L2?

[Jason Baugher]

I can't vouch for these yet, since I haven't used one so far.
http://www.calix.com/systems/p-series/calix_residential_services_gateways.html

It looks to be a Broadband Forum spec, http://en.wikipedia.org/wiki/TR-069.
I'm not using it yet either, but find it interesting.




On Wed, Jan 30, 2013 at 9:59 PM, Jay Ashworth j...@baylink.com wrote:

 - Original Message -
  From: Jason Baugher ja...@thebaughers.com

  Calix is producing an Active Ethernet ONT combined with residential
  gateway router. I believe it also supports TR-069 for remote management.

 I'll check it out.  Thanks.  I assume that's TR-TSY-069, a Telcordia
 standard?

  One other thing I noticed, most seem to assume a pair of fibers per
 device.
  Assuming 1G connection, you can easily use bi-directional optics such as
 we
  use for Active Ethernet and use a single fiber.

 Yeah, but the incremental cost of 3-pr drop fiber is likely only to be
 maybe 10-15% of the build, and reducing the flexibility is gonna need a
 big trade-off for me to buy it; remember, my goal is to allow any prem to
 go Layer 1 to wherem ever they want to; they may want both.

 (L1 to my other locations, in a ring, and L2 up to a provider from my
 hub)

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: Muni fiber: L1 or L2?

[Jason Baugher]

Working in a mixed TDM and IP world, it's such a stark difference between
freely available RFCs and $900 per pop Telcordia docs.



On Wed, Jan 30, 2013 at 10:24 PM, Jay Ashworth j...@baylink.com wrote:

 - Original Message -
  From: Jason Baugher ja...@thebaughers.com

  I can't vouch for these yet, since I haven't used one so far.
 
 http://www.calix.com/systems/p-series/calix_residential_services_gateways.html

 Yeah; see my other reply a few minutes ago.

  It looks to be a Broadband Forum spec,
  http://en.wikipedia.org/wiki/TR-069.
  I'm not using it yet either, but find it interesting.

 I see that it is, and I'm frankly *amazed* that it's gotten industry
 uptake to the point people will quote it on ticklists.  Probably, everyone
 *else* thinks it's a bellcore standard, like I did.  :-)

 Can't wait for Telcordia to try to sue them over the prefix.

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: ONT diagnostics (WAS: Re: Muni fiber: L1 or L2?)

[Jason Baugher]

Why do you always assume we're talking about carriers, or the evil telcos,
RBOC's, etc? I'm talking about small to medium-sized service providers
looking to expand services to compete against the Comcast's and ATT's of
the world that can practically give away Internet because they already own
the infrastructure.

We (by which I mean those small-to-medium SP's) can compete not on price
but on additional value and flexibility.


On Wed, Jan 30, 2013 at 11:42 PM, Randy Bush ra...@psg.com wrote:

  Some in the industry are pushing the idea of reaching deeper into the
  customer's network to provide more value, to generate more revenue and

 how sadly desperate.  crawl up the stack.

 carriers who whine about content going over the top need to get their
 heads out of the somethingorother.  if you choose to be a trucker and
 folk are using your truck to transport gold, damned hard to justify
 whining when you choose to be a trucker.

 randy

Re: why haven't ethernet connectors changed?

[Jason Baugher]

On Fri, Dec 21, 2012 at 2:37 PM, Naslund, Steve snasl...@medline.comwrote:

 I have noticed that too.  However it is not the RJ-45 connector's fault.
 It is the morons that insist on recessing connectors in places where you
 can't get your finger on the tab.  I like the patch cords that have the
 kind of loop/spring thing for a tab that does not catch on everything
 and that way you don't need the boot over the tab.  Another pet peeve of
 mine is connector boots that harden up over time so it is nearly
 impossible to flex the tab to remove the cable.  Also, how about the 48
 port 6500 blades and trying to remove the cables near the blade
 extraction tabs.  G.


 Yes, the tabs you refer to are the best. I have never done business with
this company, but that have a good picture for reference.

http://www.computercablestore.com/10_FT_Booted_Cat5e_Networ_PID49403.aspx

The full boots can be so thick that they won't fit into a high-density
switch. If you're in a cold environment they go from difficult to compress
to damn near impossible. More than once I've used a knife to cut a hardened
boot off a cable so it's usable again.

Jason

Re: Six Strike Rule (Was: William was raided...)

[Jason Baugher]

We don't do content inspection. We don't really want to know what our
customers are doing, and even if we did, there's not enough time in the day
to spend paying attention. When we get complaints from the various
copyright agencies, we warn the customer to stop. When we hit a certain
number of complaints, its bye-bye customer.


On Tue, Dec 4, 2012 at 11:04 AM, Jeroen Massar jer...@unfix.org wrote:

 On 2012-12-04 11:51, Nick B wrote:
  In a related note, I wonder if the six-strike rule would violate the
 ISP's
  safe harbor, as it's clearly content inspection.

 As performed in France, what happens is that some copyright owner
 contacts the ISP that IP address a.b.c.d had accessed/served copyright
 infringing data at date/time dd-mm- HH:mm providing some kind of
 detail on how they figured that out.

 That report is a 'strike' and gets forwarded to the user.

 If that then happens 6 times they are blocked.

 The ISP as such does not do any content inspection.

 It is though assumed that some ISPs simply count bytes and that they do
 some investigation themselves when you reach a certain bandwidth
 threshold (it seems to correlate that copyright infringers are
 downloading a lot more than normal webbrowsing users...)

 Greets,
  Jeroen

Re: William was raided for running a Tor exit node. Please help if you can.

[Jason Baugher]

I can't help but wonder who would send money to same random person based on
a story that may or may not be true. Were these people sucked in by Nigeria
scams as well?

Not only that, but the list of people who proclaimed their innocence only
to be proven guilty is very long. I can't vouch for countries outside of
the USA, but here at least we don't get subpoenas on a whim. They are
usually part of a very long drawn-out investigation, and they usually are
for a very good reason.

Jason

On Fri, Nov 30, 2012 at 4:37 PM, Naslund, Steve snasl...@medline.comwrote:

 OK, I get it.  I think my BS detector is set to high today.  I am just
 really suspicious that this guy that runs an large ISP can't at least
 wait until there are charges before all the uproar.  I think if the cops
 came and seized my home PCs right now I would probably give them the
 time to look at them, realize there is nothing there, and give them back
 to me before freaking out completely.  I would be wondering what was
 going on but probably not raising a defense fund.

 Steve

 -Original Message-
 From: Peter Kristolaitis [mailto:alte...@alter3d.ca]
 Sent: Friday, November 30, 2012 4:21 PM
 To: nanog@nanog.org
 Subject: Re: William was raided for running a Tor exit node. Please help
 if you can.

 I didn't say anything about trying to run away.  That probably won't
 accomplish a whole lot in the long run.   But when all of your bank
 accounts and credit cards are frozen, and your house is a crime scene,
 at least you have the means to rent a hotel room, contact
 family/lawyers, etc.

 And no, I'm not OK with people keeping any money that was donated for a
 specific purpose in excess of what was actually used.  You'd hope that
 he'd be a good guy about it and give back the portion that wasn't used,
 or clearly state that any excess will go to charity or something.
 However, there's no such guarantee (short of doing it through a trust
 fund with his lawyer), and just like any philanthropic venture, it's up
 to each donor choose when/if they'll help out.   It's just like
 Kickstarter -- you hope to get something good out of it, but if it
 bombs, well... you pay your money and you take your chances.

 - Pete



 On 11/30/2012 05:02 PM, Naslund, Steve wrote:
  OK, there must be a lot more paranoid people out there than I thought
  there were.  I personally don't have a runaway kit stashed away.  I
  will get right on that. So when that mouth breather cop won't
  believe you are innocent, your answer is to grab your stuff and go on
  the lamb for awhile?  I am sure he will let you out to go to the bank,

  get your stuff, and leave town.  I think you have seen way to many
 movies.
 
  So if the cops show up at his door tomorrow and say Here's all your
  stuff back, there was no evidence of a crime., you are OK with this
  guys keeping the defense fund?
 
  Steve
 
  -Original Message-
  From: Peter Kristolaitis [mailto:alte...@alter3d.ca]
  Sent: Friday, November 30, 2012 3:53 PM
  To: nanog@nanog.org
  Subject: Re: William was raided for running a Tor exit node. Please
  help if you can.
 
 
  On 11/30/2012 04:01 PM, Naslund, Steve wrote:
  I am a little concerned that this guy keeps a safe deposit box
  with a burner phone and cash around.  Is he a CIA agent? :)
  Anyone who DOESN'T have such things stashed away somewhere is, IMHO,
  incredibly naive and taking on quite a large amount of risk.
 
  The likelihood (and hope) is that you'll never need it.  But on the
  off chance that you get f***ed by the legal system because of some
  power hungry, mouth-breather cop who can't/won't understand that
  you've done nothing wrong -- or worse, that you're easily provably
  within the law, but he believes that you're not and drags you
  through the process anyways -- you'll be very happy that you stashed
  away that old unlocked cell phone, old laptop, change of clothes and
 cash.
 
  I'm a (legal) firearms owner... up here in Canada, where some previous

  governments enacted extreme anti-gun legislation, that pretty much
  means that if I so much as sneeze in a way that a cop doesn't like, I
  can have my life ruined pretty damned fast (not quite, but really
  close).  I wouldn't bet against me having an
  excrement-hitting-the-oscillator stash like this guy does.  ;)
 
  (Note:  I don't mean to imply that all cops are power hungry
  mouth-breathers intent on destroying the lives of citizens.   Most
 cops
  are fundamentally good people and do a great job.  But like every
  other profession, there ARE bad cops out there, and it's within the
  realm of possibility that you'll deal with one of them one day.)
 
  Why would I donate to his legal defense when he has not been charged
  yet?  A little premature, no?
 
  If you think that legal costs in a criminal case only start when
 you've
  been formally charged, you're grossly misinformed.   At what point you
  personally decide to donate is one thing, but implying that someone
  

Re: WAY OT Re: guys != gender neutral

[Jason Baugher]

On 9/28/2012 9:18 AM, Jay Ashworth wrote:

- Original Message -

From: Owen DeLong o...@delong.com

As a form of address. Hey, people is ... well, nearly abrasive.
(Envision a waitron walking up to a mixed table of 10.)


Sure, in that limited context. In such a circumstance, I believe the phrase
ladies and gentlem[ae]n is usually adequate and equally gender neutral.

Yes, cause Hooters waitresses are gonna use that phrasing all day long.  :-)

Cheers,
-- jra

I like it when they call me sweetie. Is that sexist? :)

Re: RFC becomes Visio

[Jason Baugher]

On 9/28/2012 1:08 PM, Joe Maimon wrote:
Just got told by a Lightpath person that in order to do BGP on a 
customer gig circuit to them they would need a visio diagram (of what 
I dont know).


Has anybody else seen this brain damage?

Joe



Regardless of all the other comments here making fun of the request, I 
can somewhat understand why they might do this. Some of the requests I 
have gotten from customers are so misguided and confusing that a simple 
diagram can go far to clear things up. I know it seems crazy to everyone 
here that can set up BGP peering in their sleep, but when you're getting 
a new request from someone who hasn't gotten an ASN yet, and has never 
heard of a routing registry? All they know is a consultant told them 
they needed to do BGP with their ISP?


Jason

Re: guys != gender neutral

[Jason Baugher]

I think people should get the sand out of their crack (notice that both 
genders have a crack, wouldn't want to offend anyone) and quit looking 
for the bogey-man behind every door. If you constantly look for things 
to offend, you'll be constantly offended.


On 9/27/2012 7:36 PM, Jo Rhett wrote:

On Sep 27, 2012, at 11:36 AM, JC Dill wrote:

It's NOT helping to equivocate guys and girls!

*shrug* Sorry you are offended. Some are, most of my friends use those terms 
interchangeably. (I'm referring to friends of the female gender) Apparently 
some on the east coast get offended by this, but that post was to a tight 
audience who I knew well. I use 'boys' and 'guys' interchangeably too, and that 
probably offends someone. It's not sexism :)


I really wish folks would dig a bit deeper into the thesaurus to find appropriate words.  
One can use a variety of gender neutral words with some simple re-writing.  Remember, 
it's perfectly OK to employ singular they as well.

http://en.wikipedia.org/wiki/Singular_they


I completely disagree. Abusing plural words causes confusion when trying to 
discuss topics and be specific about the numbers involved.

Re: IPv6 Ignorance

[Jason Baugher]

On 9/18/2012 11:01 AM, Beeman, Davis wrote:

Orbits may not be important to this calculation, but just doing some quick head 
math, I believe large skyscrapers could already have close to this 
concentration of addresses, if you reduce them down to flat earth surface area. 
 The point here is that breaking out the math based on the surface area of the 
earth is silly, as we do not utilize the surface of the earth in a flat 
manner...

Davis Beeman



On Mon, Sep 17, 2012 at 11:27:04AM -0700, Owen DeLong wrote:


What technology are you planning to deploy that will consume more than 2 
addresses per square cm?

Easy. Think volume (as in: orbit), and think um^3 for a functional
computers ;)

I meant real-world application.

Orbits are limited due to the required combination of speed and altitude. There 
are a limited number of achievable altitudes and collision avoidance also 
creates interesting problems in time-slotting for orbits which are not 
geostationary.

Geostationary orbits are currently limited to one object per degree of earth 
surface, and even at 4x that, you could give every satellite a /48 and still 
not burn through a /32.

Owen



What about network-based objects outside of our orbit? If we're talking 
about IPv6 in the long-term, I think we have to assume we'll have 
networked devices on the moon or at other locations in space.


Jason

Re: IPv6 Ignorance

[Jason Baugher]

On 9/18/2012 11:47 AM, Cutler James R wrote:

On Sep 18, 2012, at 12:38 PM, Jason Baugher ja...@thebaughers.com wrote:

What about network-based objects outside of our orbit? If we're talking about 
IPv6 in the long-term, I think we have to assume we'll have networked devices 
on the moon or at other locations in space.

Jason

Practical considerations (mostly latency issues) tend to minimize real-time 
point-to-point connections in these scenarios.  I would expect that 
messaging/relay gateways would play a significant role in Really-Wide Area 
Networking.  This would move inter-networking largely to an application layer, 
not the network layer. Thus, worrying about Layer 3 addressing limits is 
probably moot and just a fun waste of NANOG list bandwidth.


James R. Cutler
james.cut...@consultant.com

Considering the rather extensive discussion on this list of using 
quantum entanglement as a possible future communications medium that 
would nearly eliminate latency, I don't see how my comment is moot or a 
waste.


Jason

Re: IPv6 Ignorance

[Jason Baugher]

On 9/18/2012 12:07 PM, Cutler James R wrote:

On Sep 18, 2012, at 12:57 PM, Jason Baugher ja...@thebaughers.com wrote:

On 9/18/2012 11:47 AM, Cutler James R wrote:

On Sep 18, 2012, at 12:38 PM, Jason Baugher ja...@thebaughers.com wrote:

What about network-based objects outside of our orbit? If we're talking about 
IPv6 in the long-term, I think we have to assume we'll have networked devices 
on the moon or at other locations in space.

Jason

Practical considerations (mostly latency issues) tend to minimize real-time 
point-to-point connections in these scenarios.  I would expect that 
messaging/relay gateways would play a significant role in Really-Wide Area 
Networking.  This would move inter-networking largely to an application layer, 
not the network layer. Thus, worrying about Layer 3 addressing limits is 
probably moot and just a fun waste of NANOG list bandwidth.


James R. Cutler
james.cut...@consultant.com


Considering the rather extensive discussion on this list of using quantum 
entanglement as a possible future communications medium that would nearly 
eliminate latency, I don't see how my comment is moot or a waste.

Jason

Recent work (http://www.quantum.at/quest) has not yet established success over 
interplanetary distances.  Other recent results from aircraft 
(http://www.extremetech.com/extreme/136312-first-air-to-ground-quantum-network-created-transmits-quantum-crypto-keys)
 show throughput results in relatively small bits per second.  I'll reserve 
retraction for another year or so.

And last time I checked, IPv6 wasn't supposed to be designed to last for 
just another year or so. If we're expecting any kind of longevity out of 
IPv6, we need to expect that technology will solve these problems and 
plan for it. I'd rather not be sitting here 10 years from now wondering 
why I'm dual-stacking IPv7 on top of IPv6 because we didn't plan far 
enough ahead.


Jason

Re: Sprint Outage - Chicago

[Jason Baugher]

On 8/24/2012 11:39 PM, Randy Bush wrote:

You mean outages@...

chris, this is not productive.  outages are a very apt subject for
nanog.

Did anyone ever give any details of the issue? We're a Chicago Sprint 
customer, and never saw a problem. No mention of any issues in Compass 
either.


Jason

Re: Carrier assistance

[Jason Baugher]

What's with the porn lately?

On 7/9/2012 3:13 PM, NIG NOG wrote:
  
Diane spent a few more seconds over by the dresser before turning back around, condom in hand and already unwrapped.

Re: job screening question

[Jason Baugher]

Geez, I'd be happy to find someone with a good attitude, a solid work 
ethic, and the desire and aptitude to learn. :)


Jason

On 7/5/2012 5:18 PM, William Herrin wrote:

On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew derek.and...@usask.ca wrote:

You implement a firewall on which you block all ICMP packets. What
part of the TCP protocol (not IP in general, TCP specifically)
malfunctions as a result?

Isn't MTU discovery on IP and not TCP?

If you want to overthink the question, the failure in the TCP protocol
is that it doesn't adjust the MSS to match the path MTU. It continues
to rely on the incorrect path MTU estimate, sending too-large packets
which will never arrive. This happens because TCP doesn't receive a
notification that the path MTU estimate has changed from the default
because the lower layer PMTUD algorithm never receives the expected
ICMP packet.

This is, incidentally, is a detail I'd love for one of the candidates
to offer in response to that question. Bonus points if you discuss MSS
clamping and RFC 4821.

The less precise answer, path MTU discovery breaks, is just fine.

Regards,
Bill Herrin




--
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: FYI Netflix is down

[Jason Baugher]

Seeing some reports of Pinterest and Instagram down as well. Amazon 
cloud services being implicated.


On 6/29/2012 10:22 PM, Joe Blanchard wrote:

Seems that they are unreachable at the moment. Called and theres a recorded
message stating they are aware of an issue, no details.

-Joe

Re: FYI Netflix is down

[Jason Baugher]

Nature is such a PITA.

On 6/29/2012 10:42 PM, James Laszko wrote:

To further expand:

8:21 PM PDT We are investigating connectivity issues for a number of instances 
in the US-EAST-1 Region.

  8:31 PM PDT We are investigating elevated errors rates for APIs in the 
US-EAST-1 (Northern Virginia) region, as well as connectivity issues to 
instances in a single availability zone.

  8:40 PM PDT We can confirm that a large number of instances in a single 
Availability Zone have lost power due to electrical storms in the area. We are 
actively working to restore power.

-Original Message-
From: Grant Ridder [mailto:shortdudey...@gmail.com]
Sent: Friday, June 29, 2012 8:42 PM
To: Jason Baugher
Cc: nanog@nanog.org
Subject: Re: FYI Netflix is down

From Amazon

Amazon Elastic Compute Cloud (N. Virginia)  (http://status.aws.amazon.com/)
8:21 PM PDT We are investigating connectivity issues for a number of instances 
in the US-EAST-1 Region.
8:31 PM PDT We are investigating elevated errors rates for APIs in the
US-EAST-1 (Northern Virginia) region, as well as connectivity issues to 
instances in a single availability zone.

-Grant

On Fri, Jun 29, 2012 at 10:40 PM, Jason Baugher ja...@thebaughers.comwrote:


Seeing some reports of Pinterest and Instagram down as well. Amazon
cloud services being implicated.


On 6/29/2012 10:22 PM, Joe Blanchard wrote:


Seems that they are unreachable at the moment. Called and theres a
recorded message stating they are aware of an issue, no details.

-Joe

Re: Cogent for ISP bandwidth

[Jason Baugher]

I appreciate the reference to bgp.he.net, I had not used that tool before.

We've worked with Sprint for years, and they have always been excellent 
for reliability and support. We recently picked up Level3, and so far 
they have been very good as well. It's a small thing, maybe, but I like 
that both Sprint and Level3 have nice online tools for change requests, 
trouble tickets, etc... We've been a Lightcore/CenturyLink customer for 
years as well, also very reliable. They don't have the slick online 
tools, but I can usually get a live person in their NOC.


Cogent is being very aggressive with their pricing, and if it weren't 
for the fact that we are geographically challenged and have to pay for 
transport to get to them, we might have already taken them up on it.


Thanks for all the input from everyone.

Jason


5/15/2012 8:00 AM, Faisal Imtiaz wrote:

Let me say it differently.

Take a look at thier AS174  peering relationship, (e.g using  
bgp.he.net), you can see that they (Cogent) are very well connected 
(directly) with all of the major networks. (this is what I meant by, 
they deal with all of the major carriers).


Your experience with traffic is very different from what we have seen, 
while I  can understand that, it can be due to many factors.


Based on AS Peering relationships, it would appear that Major / Most 
of the end user ISP's have them in their mix. I my opinion the Hosting 
providers use Cogent as a way to off load incoming  traffic from the 
more expensive carriers. Cogent performance is very decent if the 
traffic is all on-net ... they typically have issues when traffic is 
crossing their network, i.e. coming in and going out via their peers 
to other networks.


While the Kia and Ferrari example is cute, but when put into the 
context of 'Traffic' or 'Speed limit', then neither has the advantage. 
One might look good driving in a Ferrari.. but I digress packets 
are agnostic of what brand of router they are traveling thru or whose 
network they are transiting.


We are in agreement, that Cogent makes a good backup secondary or 
tertiary in a mix of Ip transit. However having said that it is 
valuable to check the bgp peering relationships of the different 
providers that you have, to make sure that you are choosing providers 
based on actual diversity rather than a perceived one.


Regards.

Faisal Imtiaz
Snappy Internet  Telecom


On 5/15/2012 12:32 AM, Ameen Pishdadi wrote:
Has nothing to do with whether or not they deal with all the major 
carriers , they are a budget provider , always have , always will be. 
Aside from that what matters the most is eye ball user connectivity 
and level3 , ATT, Verizon significantly have more eye balls 
connected directly to there network then cogent , we have cogent and 
level3 and 5 other providers on our Chicago network , with out any 
traffic engineering almost every thing will come in or go out level3, 
we use traffic optimizing equipment to automate our commit levels and 
also do performance based routing adjustments , I literally have to 
put a gun to its head to get a descent amount of traffic out to 
cogent , you may say it's a matter of opinion but statistics don't 
lie, even Telia out performs cogent according to stats , not just 
cause they have a massive eye ball network in Europe.


Ask yourself , who are the majority customers of cogent? Not end user 
ISPs , hosting companies aka content providers, and when there 
selling bandwidth cheaper then it costs to peer then there going to 
keep there costs to the minimum ... Cheaper is cheaper , the saying 
is true , you get what you pay for.


A Kia and Ferrari can both get me from point a to point b, but the 
Ferrari is capable of getting me there way quicker, and yes I'm going 
to pay a premium for it but if I'm going from NYC to San Fran I'd 
definitely feel safer in the Ferrari reliability wise and get there a 
hell of a lot quicker...



But like I said and the other 10 replies nothing wrong with cogent in 
a nice blend of 3 or more other providers ...



Thanks,
Ameen Pishdadi


On May 14, 2012, at 10:49 PM, Faisal Imtiazfai...@snappydsl.net  
wrote:


I often tell folks, Cogent is the 'Heidi Fleiss' of the industry 
.. pretty much everyone of the major carriers / providers deal 
with them.. but no one wants to admit it.


I don't think there is any carrier out there that could be 
considered 'Premium' in terms of quality of service (yeah their are 
a lot of folks who are Premium based on what they charge)...


One can only hedge one's bet for a quality connection by having 
multiple providers (you can mix and match) or go with some one like 
Internap or Tinet (folks who are taking traffic across multiple 
providers at their POP).


Of course your mileage may vary as long as you have alternate 
connectivity, it makes dealing with issues more palatable, whether 
it is Cogent or Level3...


Regards.

Faisal Imtiaz
Snappy Internet   Telecom


On 5/14/2012 10:38 PM, 

Cogent for ISP bandwidth

[Jason Baugher]

The emails on the Outages list reminded me to ask this question...

I've done some searching and haven't been able to find much in the last 
3 years as to their reliability and suitability as an upstream provider. 
For a regional ISP looking for GigE ports in the Chicago/St. Louis area, 
is Cogent a reasonable solution? Our gut feeling is that they don't 
stack up against a Level3 or Sprint, but they are being very aggressive 
with pricing to try and get our business.


Thanks,
Jason

Re: Cogent for ISP bandwidth

[Jason Baugher]

On 5/14/2012 7:30 PM, Jay Ashworth wrote:

- Original Message -

From: Jason Baugherja...@thebaughers.com
I've done some searching and haven't been able to find much in the last
3 years as to their reliability and suitability as an upstream provider.

Really?  That surprises me; people complain about Cogent on here, roughly,
weekly.  :-)
Sorry, been on this list for quite some time, and I even went back to 
the archives. I don't see much there that is specific to Cogent doing a 
bad job. If I go back a few years, I find stuff about Cogent-Telia, 
Cogent-GBX, and even Cogent-HE IPv6 peering.

For a regional ISP looking for GigE ports in the Chicago/St. Louis area,
is Cogent a reasonable solution? Our gut feeling is that they don't
stack up against a Level3 or Sprint, but they are being very aggressive
with pricing to try and get our business.

The implication of everyone's in a BGP mix responses, in case you don't
get it (and I suspect you might not) is that you don't want Cogent to be
your *only* upstream provider.

If you're going to resell the bandwidth as an ISP, best practice says you
should have at least 2 upstreams.  3 or more is better,

This would be a 3rd or possibly a 4th upstream.

Cogent has had a bad habit the last 5 or 10 years of getting into pissing
matches with other carriers about peering, and just cutting them off
(or being cut off)... which of course means that if they're your only
connection to the Internet, then your customers simply can't reach sites
connected to those providers.

So, in short: no matter how agressive they are, they're not the carrier
to have when you're having only one.

Cheers,
-- jra

Re: ICMP Redirects from residential customer subnets?

[Jason Baugher]

I've seen this with fixed wireless base radios that are bridges. We had 
cases where a customer radio would drop offline, so the base radio would 
drop the mac of the customer router from it's table. New ICMP packets 
coming from the network would hit the wireless base radio and be flooded 
out to all the other client radios. Any other customer routers that were 
Linksys WRT54G and running a specific firmware version (can't remember 
the version) that had previously learned the IP of the now-missing 
customer router would redirect the packet back onto the network, 
reducing the TTL by 1. Since the wireless base would then flood the 
packet out again, we would see a storm of traffic that would 
exponentially increase until the TTL hit 0, at which time it would stop.


If I remember right, I was able to cause the Linksys to stop this 
behavior by enabling the multicast filtering feature, although I'm not 
sure why that did it. Since I couldn't run around to customers and 
enable it on each one, I ended up filtering all ICMP from the network 
towards the customers.


I researched the issue at the time and never found anyone else who had 
mentioned it. I didn't even bother to approach Linksys support.


Jason


On 5/9/2012 1:00 PM, Phil wrote:

I've seen this reported as a bug recently with Cisco/Linksys since the device 
is responding to frames for which it isn't the destination MAC when it should 
just discard them like the below case.   Not all consumer gateways do this.

But absolutely agree it is the ARP/MAC age out mismatch issue that is the 
likely culprit.

Phil

On May 9, 2012, at 1:10 PM, Ray Soucyr...@maine.edu  wrote:


This is expected and will happen if the consumer router receives traffic
not destined for it for most consumer devices.

In the Ethernet world, it's usually the result of an active MAC falling out
of the table (e.g. disconnected) before the ARP entry on the router
expires.  The default behavior is to flood the unknown packet out every
port.  On a Cisco switch you would be looking at using something like UUFB
(unknown unicast flood blocking).

You might want to keep an eye on resource usage on your routers if you're
seeing this problem. Without UUFB there is a considerable uptick in ARP and
ICMP traffic caused by this behavior, usually driving up CPU.




On Wed, May 9, 2012 at 10:19 AM, MLm...@kenweb.org  wrote:


Last night I was troubleshooting a strange issue where Apple products (So
far just MacOS and Airports) were losing internet connectivity sporadically.

Originally I thought it was an IPv6 transition technology causing the
problem but the customer couldn't even ping their default GW via v4.

To rule out the customer mistyping/giving us wrong information on what
they were seeing  I attempted to verify IP connectivity from my DHCP server
to them.  I pinged the IP they had retrieved via DHCP earlier.

What I got back were ICMP redirects interspersed with echo replies from
the customer I was pinging.  The redirects were of the form:

Redirect Host(New nexthop: x.y.z.23) The nexthop being an IP of the
customer I was troubleshooting.  Thinking that was very odd I setup an ACL
on the vlan serving that subnet to log ICMP redirects.  What I found was
one IP x.y.z.56 sending redirects to IPs on my network as well as several
IPs outside my network.  As far as I know there is no legitimate reason for
a residential PC or home gateway to send ICMP redirects. There were also a
few dozen other IPs on that subnet sending ICMP redirects.  A majority of
them had 68:7f:74 (Cisco-Linksys) OUIs.  There were also some Belkins and
one ASUStek OUIs.

The 68:7f:74 source MACs were dispersed amongst many customers not all
from the same customer.  Which leads me to believe there is either a bugged
Linksys firmware or an exploited Linksys home gateway causing trouble.

Has anyone ever seen something like this before?

Is there any reason to see ICMP redirects on a single homed residential
subnet? I'm considering adding ICMP redirects to my customer edge ACL
unless there is a legitimate purpose for these packets.


Thanks
-ML








--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Looking for direct # for ATT translations

[Jason Baugher]

Our Central Office has been going around in circles trying to open a 
trouble with ATT regarding the inability to make outbound 800 number 
calls. Anyone have a good number we can use?


Thanks

Fwd: Looking for direct # for ATT translations

[Jason Baugher]

I probably should have been more clear. We're an ILEC in West-Central Illinois 
having trouble
originating 800-number calls to CIC 288 (ATT).

Jason


 Original Message 
Subject:Looking for direct # for ATT translations
Date:   Thu, 22 Mar 2012 15:03:25 -0500
From:   Jason Baugher ja...@thebaughers.com
To: nanog nanog@nanog.org



Our Central Office has been going around in circles trying to open a
trouble with ATT regarding the inability to make outbound 800 number
calls. Anyone have a good number we can use?

Thanks

Re: VLAN Troubles

[Jason Baugher]

+1 on show interface trunk, which will probably tell you that only vlan 
1 is allowed on your trunk interfaces.


I find it easy to forget that a Cisco switch will not pass tagged 
traffic for a vlan if that vlan isn't created on the switch. Even if you 
do something like switchport trunk allow vlan 12 on a trunk port, it 
won't create the vlan on the switch unless you specifically create it or 
you add it to an access port like switchport access vlan 12.


Jason


On 3/6/2012 11:04 AM, Greg T. Grimes wrote:


On the cisco, do a 'show interface trunk'.  Be sure that it thinks 
it's supposed to pass those VLANs.  Make sure Vlans allowed on trunk 
includes the VLAN.  Same for Vlans allowed and active in management 
domain.  Then the important one is Vlans in spanning tree forwarding 
state and not pruned.  If it's not there then it's being pruned.  
Also on your Dell uplink add the following line to the uplink port:


switchport access vlan add 12,22

See what that does for you.

On Tue, 6 Mar 2012, Alan Bryant wrote:


I hope everyone is having a better workday so far than I am.

I am trying to clean up the network for the Hospital I work for, and
part of that is creating two VLAN's for two separate subnets on our
network. Before, it was not separated by VLANs. We are also replacing
our aged Juniper firewall with an ASA.

I'm very new to VLAN's, so I am hoping this is something simple that
you guys can help me out with.

We have two switches that do not seem to be passing VLAN traffic. The
two switches are a Dell Powerconnect 5324  a Cisco 3560G. The Cisco
switch appears to be functioning fine, but the Dell switch is only
passing traffic to the Cisco that is on the default untagged VLAN1.
Our second VLAN is not getting passed to the Cisco at all, I am not
seeing any packets tagged with the particular vlan in Wireshark.

I have Port 1 on the Dell switch connected to port 29 on the Cisco
switch, and port 1 on the Cisco switch connected to the ASA.

I have the following config on the relevant ports on the Cisco switch:

interface GigabitEthernet0/1
description ASA 5505
switchport trunk encapsulation dot1q
switchport mode trunk

interface GigabitEthernet0/29
description Radiology Switch
switchport trunk encapsulation dot1q
switchport mode trunk

Here is the config for the Dell switch:

interface ethernet g1
speed 1000
duplex full
exit
interface ethernet g2
speed 1000
duplex full
exit
interface ethernet g3
speed 1000
duplex full
exit
interface ethernet g4
speed 1000
duplex full
exit
interface ethernet g5
speed 1000
duplex full
exit
interface ethernet g7
speed 1000
duplex full
exit
interface ethernet g9
speed 1000
duplex full
exit
interface ethernet g10
speed 1000
duplex full
exit
interface ethernet g12
speed 1000
duplex full
exit
interface ethernet g14
speed 1000
duplex full
exit
interface ethernet g15
speed 1000
duplex full
exit
port jumbo-frame
interface ethernet g1
switchport mode trunk
exit
interface ethernet g24
switchport mode trunk
exit
vlan database
vlan 12,22
exit
interface range ethernet g(2,4,7,12,14-15)
switchport access vlan 12
exit
interface vlan 12
name Radiology
exit
interface vlan 22
name Guest
exit
interface vlan 1
exit

Anyone have any ideas or pointers? Is there more information that I
need to provide? Vlan1 works just fine, of course. It is Vlan 12 that
is not working. Everything on the Dell switch is communicating with
each other just fine on the same subnet.

Re: Fwd: VLAN Troubles

[Jason Baugher]

There's Heaven, where IT has an unlimited budget and management 
understands the reasoning you state below.


And there's reality, where IT is a cost center, has to beg for every 
penny spent, and often times has to make do with what they have.


Besides, how much fun would it be if everything was clear-cut and easy?

Jason

On 3/6/2012 11:53 AM, david peahi wrote:

-- Forwarded message --
From: david peahidavidpe...@gmail.com
Date: Tue, Mar 6, 2012 at 9:47 AM
Subject: Re: VLAN Troubles
To: Alan Bryanta...@alanbryant.com


Why don't you replace the Dell switches with Cisco 3560s, and that way you
are working with a single implementation of the IEEE 802.1q trunking
standard? I think the very existence of this email thread proves that much
time and effort is wasted in the attempt to seamlessly interoperate devices
from multiple vendors. In this email thread alone I counted 2 CLI's to be
learned, 2 tech support organizations to call, and 2 hardware types to
spare.

David

On Tue, Mar 6, 2012 at 8:07 AM, Alan Bryanta...@alanbryant.com  wrote:


I hope everyone is having a better workday so far than I am.

I am trying to clean up the network for the Hospital I work for, and
part of that is creating two VLAN's for two separate subnets on our
network. Before, it was not separated by VLANs. We are also replacing
our aged Juniper firewall with an ASA.

I'm very new to VLAN's, so I am hoping this is something simple that
you guys can help me out with.

We have two switches that do not seem to be passing VLAN traffic. The
two switches are a Dell Powerconnect 5324  a Cisco 3560G. The Cisco
switch appears to be functioning fine, but the Dell switch is only
passing traffic to the Cisco that is on the default untagged VLAN1.
Our second VLAN is not getting passed to the Cisco at all, I am not
seeing any packets tagged with the particular vlan in Wireshark.

I have Port 1 on the Dell switch connected to port 29 on the Cisco
switch, and port 1 on the Cisco switch connected to the ASA.

I have the following config on the relevant ports on the Cisco switch:

interface GigabitEthernet0/1
  description ASA 5505
  switchport trunk encapsulation dot1q
  switchport mode trunk

interface GigabitEthernet0/29
  description Radiology Switch
  switchport trunk encapsulation dot1q
  switchport mode trunk

Here is the config for the Dell switch:

interface ethernet g1
speed 1000
duplex full
exit
interface ethernet g2
speed 1000
duplex full
exit
interface ethernet g3
speed 1000
duplex full
exit
interface ethernet g4
speed 1000
duplex full
exit
interface ethernet g5
speed 1000
duplex full
exit
interface ethernet g7
speed 1000
duplex full
exit
interface ethernet g9
speed 1000
duplex full
exit
interface ethernet g10
speed 1000
duplex full
exit
interface ethernet g12
speed 1000
duplex full
exit
interface ethernet g14
speed 1000
duplex full
exit
interface ethernet g15
speed 1000
duplex full
exit
port jumbo-frame
interface ethernet g1
switchport mode trunk
exit
interface ethernet g24
switchport mode trunk
exit
vlan database
vlan 12,22
exit
interface range ethernet g(2,4,7,12,14-15)
switchport access vlan 12
exit
interface vlan 12
name Radiology
exit
interface vlan 22
name Guest
exit
interface vlan 1
exit

Anyone have any ideas or pointers? Is there more information that I
need to provide? Vlan1 works just fine, of course. It is Vlan 12 that
is not working. Everything on the Dell switch is communicating with
each other just fine on the same subnet.

Re: Colo Vending Machine

[Jason Baugher]

Better double the size of the colo to accommodate the rows upon rows of 
vending machines filled with all the stuff you would have brought with 
you if you'd planned ahead.

Re: WW: Colo Vending Machine

[Jason Baugher]

Do you guys ride your bike to the colo and show up in shorts and a 
t-shirt? Who goes to the colo without things like their laptop?



On 2/17/2012 4:22 PM, Rodrick Brown wrote:

On Feb 17, 2012, at 1:35 PM, Jay Ashworthj...@baylink.com  wrote:


Please post your top 3 favorite components/parts you'd like to see in a
vending machine at your colo; please be as specific as possible; don't
let vendor specificity scare you off.


atom based 10 laptop with serial interface and cable. $15 day charge would 
rock!

4 Port 10/100/1000 hub. $20?

USB sticks  2/4/8GB

Cage nuts various common sizes.

Vending machine should double as wireless AP with open Internet access $5 
should give you AP code and min 8 hour access time.

Sent from my iPhone.


Cheers,
-- jra
--
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA  http://photo.imageinc.us +1 727 647 1274

Re: Internet mauled by bears

[Jason Baugher]

On 9/22/2011 9:58 AM, JC Dill wrote:

On 20/09/11 7:15 AM, Jason Baugher wrote:


Horses are okay, but you have to tie things to the wire so they can 
see it. They're too dumb to remember where it is, apparently.


This has nothing to do with the horse's ability to see or remember 
where the fence it.  It has to do with the value (both financial and 
emotional) the owner places on the animal, and the ensuing costs if it 
breaks the fence.  Horses can get hurt quite easily, vet bills can run 
into hundreds or thousands of dollars quite quickly.  Most horse 
owners will spend far more than the replacement cost of the animal in 
vet bills and husbandry to heal it when it gets injured, because the 
animal has a member of the household status in their lives and can't 
easily be replaced by a similar animal.  So they flag wire fences to 
help the horse avoid getting hurt.  Then there's liability.  In many 
states, if a horse gets out on the road and gets hit, the horse owner 
is liable for the damages to the car and occupants.  If someone in the 
car is injured or killed (likely if the horse is hit head-on and comes 
thru the windshield) the liability costs can be significant, run into 
millions of dollars.  For this reason, many equestrian insurance 
policies require that electric fencing be flagged.


Other livestock aren't as likely to cause fatal injuries to car 
occupants if they are hit, because the animal's body is lower to the 
road, less likely to come over the hood.


jc



That's interesting to know. It's also interesting to note that other 
animals, with the possible exception of sheep, will not run through an 
electric fence once they know that it is there. Sheep do it intentionally.

Re: Internet mauled by bears

[Jason Baugher]

On 9/20/2011 2:37 AM, Joel jaeggli wrote:

On 9/19/11 18:49 , Richard Barnes wrote:

And if they turn up the voltage on the fence high enough, dinner could be
cooked by the time the crew gets there!

montana experience says:

cows have rather thick skin, sheep come with insulation, and bison will
go through anything that gets in their way including 3 x 6 diameter
corner posts and 4 strands of barbed and 2 hot wires.

horses on the other hand are pansies.

livestock always ends up on the other side of the fence...

In Illinois:

Cows actually train to electric fence (hot wire) fairly well. They don't 
like being shocked too much. Once they get used to the fence, you can 
shut it off and they'll stay in for weeks because they won't even 
attempt it. That said, sometimes you get a cow that just really wants to 
be difficult and will go through anything. That cow is suddenly turned 
into hamburger.


Pigs also train to electric fence well. As tough as their hide is, it 
shocks well.


Sheep are difficult. Other than when they are recently sheared, they 
have a natural protection across 95% of their body. Unless it hits them 
in the head or lower leg, they aren't going to feel it. Even when 
sheared, they are a very stubborn animal. I've seen them standing facing 
a fence, swaying forward and backward, almost like they're trying to 
time the shock pulse. Then they go on through and tear up the wire and 
posts in the process. I've seen 4 strands of wire spaced about 10 inches 
apart and they won't stay in.


Horses are okay, but you have to tie things to the wire so they can see 
it. They're too dumb to remember where it is, apparently.


There is a big range of fence boxes. Some have a long pulse that isn't 
too hot. If you hold one of these, they make your hand and arm muscles 
clench up but they don't hurt too much. The other end of the range have 
a short hot pulse that will jump a good distance and will burn through 
green weeds. These hurt.

On Sep 19, 2011 9:34 PM, Suresh Ramasubramanianops.li...@gmail.com
wrote:

On Tue, Sep 20, 2011 at 12:20 AM, John van Oppen
jvanop...@spectrumnet.us  wrote:

We had a cow br...

Your crews turning up there the next time a cow tries its luck are
guaranteed a steak dinner then.

Re: dynamic or static IPv6 prefixes to residential customers

[Jason Baugher]

On 7/26/2011 12:06 PM, Owen DeLong wrote:

On Jul 26, 2011, at 8:05 AM, Jeroen Massar wrote:


On 2011-07-26 16:58 , JORDI PALET MARTINEZ wrote:

Hi all,

I will like to know, from those deploying IPv6 services to residential
customers, if you are planning to provide static or dynamic IPv6 prefixes.


We (Hurricane Electric) provide statics to all of our customers.


Just to be clear, I'm for static prefix delegation to residential
customers, however I heard that some ISPs are doing dynamic delegations,
the same way as is common today with IPv4.

I don't thin it make sense, as the main reason for doing so in IPv4 was
address exhaustion and legacy oversubscription models such as PPP/dial-up.

You are forgetting the simple fact that you can charge for static
addresses and unblocked connectivity. THAT is the reason for dynamic
addresses, as on the ISP level there are still enough IPv4 addresses and
they can still, even today, ask for more from their RIR.


You can only charge for static addresses as long as your competitors don't.
Hopefullly with IPv6, that model will go the way of the dodo.


Abuse/accounting/etc all become much simpler with static addresses.

But as long as you give those users dynamic addresses, they might not
run a SMTP/HTTP/xxx server on their link as changing IPs is
kind-of-annoying (but doable with the proper DNS setup and low TTLs)


Let's face it, the users that are going to run an SMTP/HTTP/xxx server on their
link are probably the ones that know how to use dyndns or some other mechanism
to cope with the dynamic address issue. The ones that aren't already running
such services with dynamic IPs are probably not significantly more likely to do
so with static.


Thus, you give them dynamic stuff, or only 1 IP address and ask them for
lots of moneys when they want a static address or hey lots more moneys
(in the form of a 'business connection') when they want multiple
addresses routed to their host.


I don't think this will fly with IPv6 since free tunnels are a simple solution 
where
you can get a /48 for free regardless of what your ISP does to you. I think that
this is a temporary problem and that IPv6 will prove to be a game-changer
in this arena.


And don't bother asking for proper reverse setup in a lot of cases
either, let alone delegation of that.


Again, I think other than cable MSOs where they have strong topological
reasons to prevent static addressing, IPv6 will see the return of unfettered
static addressing and multiple addresses as the default for end users.
I realize there is some resistance to the idea of /48s among some residential
providers at this point, but, the majority of them are talking about at least
using /56s or better, so, I don't think /128s are at all likely.


Greets,
Jeroen
Happily using the same static IPv6 /48 for almost a decade ;)


Owen
Happily using the same RIR-direct-assigned /48 at home for almost 4 years.



It's very interesting to hear the majority of you promoting static over 
dynamic. We are just now starting to work with IPv6 now that our 
upstreams are willing to give us dual-stack. We've always been a static 
shop, but sales has been pushing for dynamic for years due to what 
people have mentioned earlier, the ability to up-sell statics to 
customers. We prefer static because of the easy tracking of customers 
for abuse/spam/DMCA complaints and we don't need to worry about DHCP 
servers. It's heartening to see others of the same mindset encouraging 
static for IPv6 allocation.


Jason

Re: OT: Given what you know now, if you were 21 again...

[Jason Baugher]

On 7/13/2011 4:28 PM, Saku Ytti wrote:

On (2011-07-13 14:08 -0700), Larry Stites wrote:


Given what you know now, if you were 21 and just starting into networking /
communications industry which areas of study or specialty would you
prioritize?

Again? Buy AAPL, INTC and MSFT with loan money and study *cough*, finer things
in life.

But in all seriousness, networking like I suppose most professions are not
about knowing one thing and stopping. It's evolving rather rapidly so most
thing you know now are irrelevant in decade or two. What you should learn is
how to learn, how to attack problems and learn to love doing both.


+1

If I had to have a job where I did the same thing every day, year after 
year, I'd stab a pencil in my eye. I love that our industry is 
constantly evolving.


Jason

Re: Spam?

[Jason Baugher]

On 7/12/2011 10:00 AM, Randy Bush wrote:

thanks for the hard work, folk.

Let's work harder

thanks for volunteering.  when will you be flying out to the bay?

randy


I'm with you Randy, I'm disappointed with the complaints I see here. 
People don't seem to show much appreciation.


Jason

Re: Address Assignment Question

[Jason Baugher]

On 6/20/2011 7:44 AM, Steve Richardson wrote:

Hi,

On Mon, Jun 20, 2011 at 8:32 AM, Jared Mauchja...@puck.nether.net  wrote:

On Jun 20, 2011, at 8:30 AM, Bret Clark wrote:


Personally I would charge them for the /24 too, makes users think twice about 
the need for a block that large.

We do charge them for addresses already and cost doesn't come into
play.  We charge for assignments shorter than /28 to discourage IP
hogs.


I would also give them a /64 per lan (alt: broadcast domain) as well to allow 
them to start working with IPv6 for their email.

- Jared

They have inquired about IPv6 already, but it's only gone so far as
that.  I would gladly give them a /64 and be done with it, but my
concern is that they are going to want several /64 subnets for the
same reason and I don't really *think* it's a legitimate reason.  Bear
in mind that legitimate in this context is referring to the
justification itself, not their business model.

Thanks,
steve

Did everyone miss that the customer didn't request a /24, they requested 
a /24s worth in even more dis-contiguous blocks. I can only think of 
one reason why a customer would specifically ask for that. They are 
concerned that they'll get blacklisted. They're hoping if they do, it 
will be a small block of many rather than one entire block.


When customers make strange requests without giving a good explanation, 
I have to assume they're up to something.


Jason

Re: OT: Server Cabinet

[Jason Baugher]

On 5/4/2011 10:07 AM, Chaim Rieger wrote:

Do you have any kids ?
If yes ask them to do it, leave and come back a few hours later


At last, a helpful answer!

Seriously, disregarding all the helpful comments from everyone 
questioning your judgment in trying to move a large cabinet through a 
small door...


   * cut the cabinet into smaller pieces, move through door,
 re-assemble via your preferred method, be it welder, chewing gum
 or duct tape
   * make the door bigger, which would mean that if you decide at some
 point you want to move the cabinet again, you won't have this issue
   * bend the very fabric of space and time itself to place the cabinet
 inside the room without going through the door


I'd pick the second one, but if you go with the third let me know so I 
can watch.


Jason

Re: Amazon diagnosis

[Jason Baugher]

On 5/2/2011 4:11 PM, George Herbert wrote:

On Mon, May 2, 2011 at 2:04 PM, Jeroen van Aartjer...@mompl.net  wrote:

valdis.kletni...@vt.edu wrote:

On Mon, 02 May 2011 12:27:34 PDT, Jeroen van Aart said:


It surprised me because I, perhaps naively, assumed IT workers in general
have a rather broad knowledge

Sorry to break it to you.

That's ok, the past tense in my story testifies to the fact I was already
aware of it. But thanks. ;-)


There was a significant decline in knowledge as the .com era peaked in
the 90s; less CS background required as an entry barrier, the
employment pool grew fast enough that community knowledge
organizations (Usenix, etc) didn't effectively diffuse into the new
community, etc.

The number of people who get computer architecture, ops, clusters,
networking, systems architecture and engineering, etc...  Not good.

Sigh.


Unfortunately we see this when we interview candidates. Even those who 
have certifications generally only know how to do specific things within 
a narrow field. They don't have the base understanding of how things 
work, such as TCP/IP, so when they need to do something a little outside 
of the normal, they flounder.


Jason

Re: Bubba is a 75 year old woman looking to make some extra cash

[Jason Baugher]

We had someone come into a cell site and strip out all the outside 
ground leads. Oddly enough they left the ground bars themselves, which 
would have been much more worthwhile. Maybe they came unprepared and 
only had clippers.


Also, several years ago a building in our area was being renovated, and 
someone snuck in during the night and stripped the wires from the main 
service panel. I wouldn't think the amount of copper there would be 
worth the time, but some people aren't too bright.


We also had a 180' monopole that we replaced, and the crew laid the old 
monopole down on the ground with all the equipment still in place. We 
didn't get to it to remove our antennas for a few weeks, and when we 
did, we found that someone had stripped out 3 runs of 1 5/8 coax from 
inside the tower.


Needless to say, all of our copper reels are locked up to keep them from 
walking off during the night.


I'd think that unless someone could get access to a LOT of copper all at 
one place, and fairly easy to get to, that it wouldn't be worth the time 
and effort.


Jason

On 4/7/2011 1:54 PM, Jeroen van Aart wrote:

Suresh Ramasubramanian wrote:
http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access 



Babushkas can be quite mean, though mostly it's shopping bags that are 
their preferred tools of assault. ;-)


From TA:
The cable is owned by the Georgian railway network. It is heavily 
protected


I don't think that's true, you can't really heavily guard every 
stretch of cable since it spans such a long distance. There will 
always be weak spots.


From TA:
Pulling up unused copper cables for scrap is a common means of making 
money in the former Soviet Union.


This is common in the Netherlands too nowadays and other countries too 
I am sure. Because copper has gone up in price considerably. In the 
Netherlands especially copper lines along railroad tracks are removed, 
disabling alert systems with obvious dangerous results.


Regards,
Jeroen

Re: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?

[Jason Baugher]

On 4/4/2011 1:04 PM, Rich Kulawiec wrote:

On Sat, Apr 02, 2011 at 06:09:22PM -0500, Jason Baugher wrote:

We would NEVER out the customer to the public, even if we felt the
abuse was intentional. My CEO and our lawyers would blow a gasket if
we were to potentially libel a customer.

And this why we (the community) find ourselves where we do, because
nearly everyone has this policy or one quite similar to it.  Until
this changes -- which will require CEOs with spines and lawyers who
craft ToS agreements that stipulate full disclosure in abuse cases --
there will always be one more place for The Bad Guys to go.

Full disclosure in abuse is not necessarily equivalent to full 
disclosure in -suspected- abuse. The earlier comments in this thread 
were more or less demands for disclosure when the vendor had not yet 
been able to speak with the customer to determine if there was indeed 
abuse and if it was intentional.


I suppose theoretically that a ToS could be crafted that would allow the 
vendor to release customer information in the case of ANY suspected 
abuse, but do you really think that would make a difference to The Bad 
Guys?


Jason

Jason

Re: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?

[Jason Baugher]

On 4/4/2011 2:43 PM, valdis.kletni...@vt.edu wrote:

On Mon, 04 Apr 2011 14:30:41 CDT, Jason Baugher said:


I suppose theoretically that a ToS could be crafted that would allow the
vendor to release customer information in the case of ANY suspected
abuse, but do you really think that would make a difference to The Bad
Guys?

A better question - would it make a difference to The Bad Guys if the ToS
included a Name and Shame clause, where if they were terminated for cause the
fact *would* be publicized?

I doubt it. The kind of person who perpetrates mass abuse probably 
doesn't have a conscience.

Re: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?

[Jason Baugher]

I may regret wading into this one

Regarding posting from a Gmail account, I'm also posting from a non-work 
account, for two reasons. One, our company policy is to tag an annoying 
legal disclaimer onto every outbound message, and two, I don't want 
anything I say on this list to come back on the company I work for. I'm 
not authorized to speak for them, so I won't.


When it comes to abuse complaints, we investigate and act to protect our 
customers and our network when we determine that abuse is indeed 
happening. Only after we deal with the immediate threat do we contact 
our customer to let them know. Although there are cases of intentional 
abuse, the majority of the time the customer has no idea what we're 
talking about. They have to get their tech people or an outside support 
company to look into the problem, and then they call us back when they 
have it fixed. Sometimes we work directly with their tech people to help 
them identify the source.


We would NEVER out the customer to the public, even if we felt the 
abuse was intentional. My CEO and our lawyers would blow a gasket if we 
were to potentially libel a customer. There have been plenty of times 
when I was every bit as frustrated as some of the people on this list, 
but to start naming names without proof? Won't happen.


Jason

On 4/1/2011 11:31 AM, Atticus wrote:

Please note, I'm not arguing against fixing the problem. I just think we
should show each other some professional respect, and use some manners.